Re: [OE-core] [PATCH] linux-yocto: enable strict kernel module signing by default
On Sat, Nov 26, 2022 at 10:06:57PM -0500, Bruce Ashfield wrote:
> On Fri, Nov 25, 2022 at 10:54 AM Mikko Rapeli wrote:
> >
> > It's a good default and used in many Linux distributions.
> > Did not test out of tree modules if they do correct things but
> > any such failures should be fixed.
> >
> > One way to verify that kernel module signing also works:
> >
> > root@qemux86-64:~# dmesg|grep X.509
> > [1.298936] Loading compiled-in X.509 certificates
> > [1.328280] Loaded X.509 cert 'Build time autogenerated kernel key:
> > ee1bed6d845358744c764683bf73b4404cc79287'
> >
> > These logs in dmesg show that signing in kernel is enabled and
> > key is found. Then if any kernel modules load, they were
> > signed correctly. Additionally modinfo tool from kmod shows kernel module
> > signing details:
> >
> > root@qemux86-64:~# lsmod
> > Module Size Used by
> > sch_fq_codel 20480 1
> > root@qemux86-64:~# modinfo sch_fq_codel
> > filename:
> > /lib/modules/5.19.9-yocto-standard/kernel/net/sched/sch_fq_codel.ko
> > description:Fair Queue CoDel discipline
> > license:GPL
> > author: Eric Dumazet
> > depends:
> > retpoline: Y
> > intree: Y
> > name: sch_fq_codel
> > vermagic: 5.19.9-yocto-standard SMP preempt mod_unload
> > sig_id: PKCS#7
> > signer: Build time autogenerated kernel key
> > sig_key:2B:2A:BE:7D:B5:92:DC:98:A9:F8:D7:00:A6:73:35:20:10:D8:19:EE
> > sig_hashalgo: sha512
> > signature: 72:6C:E1:78:7C:A7:7B:CC:C4:33:23:6B:95:EC:1B:2A:BD:D9:EC:7A:
> > 85:07:05:B2:70:3C:C9:64:F6:78:8A:01:A0:E3:64:C7:47:BB:5D:0E:
> > 86:BA:C1:DD:40:05:AE:1F:19:D4:F0:98:49:86:CC:61:14:3C:AB:1E:
> > 4A:1C:83:47:1D:FA:6D:E4:83:79:3A:2B:3F:7D:B6:E0:09:AE:B4:01:
> > 07:EE:C9:5B:99:70:4F:49:8A:64:E4:7D:84:AA:37:F5:DB:5F:16:5C:
> > D4:DC:0C:33:73:5D:D9:8D:7E:71:5B:A1:ED:61:81:5E:1C:ED:A2:D8:
> > 76:46:99:B3:78:08:F7:7F:0D:4B:94:26:21:63:47:B0:75:9F:A4:EA:
> > 3D:14:D4:09:CC:59:F3:FC:80:AC:BF:56:1E:8C:73:FD:CB:07:27:C6:
> > 3D:98:4C:E4:C3:9C:C0:AD:90:53:46:8F:AE:66:FE:10:C8:92:7F:BA:
> > 74:C2:B0:E3:6E:47:66:AB:39:25:41:12:66:91:20:27:1A:58:77:75:
> > 4F:C0:3F:F1:8E:5F:AB:0A:BD:8B:62:4F:2B:01:5A:5C:4E:5C:31:39:
> > FB:F4:14:2E:BF:D8:51:4B:C8:D0:E2:0A:20:80:95:05:80:E3:46:75:
> > 43:80:30:63:6F:A4:25:82:59:35:34:E8:6A:DC:FF:93:F8:32:BB:FA:
> > 66:2D:B9:08:75:1A:3A:3A:5D:57:F4:63:85:01:B4:EB:96:1B:CE:6F:
> > 4D:61:FC:AA:6C:39:7F:D6:37:C9:84:0A:84:17:FB:BE:FC:20:CB:EE:
> > 8C:2F:93:92:F6:48:F4:07:50:84:D8:2C:B5:2E:A7:7D:3A:3F:DC:E9:
> > B9:17:EF:47:49:EC:BA:62:1C:C4:C6:58:9C:0C:8D:26:41:6E:1F:C1:
> > 95:A7:8B:57:5D:1D:4B:B4:04:00:F6:68:24:9E:E2:BF:11:EC:05:6C:
> > 83:E8:C6:DB:BB:3D:22:8B:31:BB:99:1A:44:E1:15:71:C3:AA:FA:01:
> > 98:BA:6B:20:26:D6:9C:61:5C:6F:81:29:09:B1:EA:C5:28:15:F3:98:
> > C0:18:FE:08:8B:40:A5:F3:3C:71:4B:C6:41:CD:38:51:79:EA:5D:C9:
> > 13:39:B5:FD:A3:D1:BB:11:94:66:F7:7B:6A:DC:2C:01:5F:AB:73:08:
> > 68:24:32:BE:BC:7A:90:E5:FD:97:17:6C:DD:46:D0:0E:2C:03:31:66:
> > B3:7C:B2:48:E1:E0:1A:63:20:48:4C:D4:55:56:71:04:3B:5F:3B:28:
> > BF:64:6C:52:A9:07:6D:FF:21:E9:06:35:E8:A1:D7:F4:C2:F9:D7:7B:
> > 9D:D2:90:16:2F:68:1E:3F:BE:43:ED:64
> >
> > Failures in signed kernel module loading should show as errors at
> > runtime, for example systemd services, or as oeqa parselogs test
> > failures which detects signature verification error messages from the
> > kernel.
> >
> > Signed-off-by: Mikko Rapeli
> > ---
> > meta/recipes-kernel/linux/linux-yocto.inc | 3 +++
> > 1 file changed, 3 insertions(+)
> >
> > diff --git a/meta/recipes-kernel/linux/linux-yocto.inc
> > b/meta/recipes-kernel/linux/linux-yocto.inc
> > index 091003ed82..bab1f21479 100644
> > --- a/meta/recipes-kernel/linux/linux-yocto.inc
> > +++ b/meta/recipes-kernel/linux/linux-yocto.inc
> > @@ -37,6 +37,9 @@ KERNEL_FEATURES:append = "
> > ${@bb.utils.contains('MACHINE_FEATURES', 'efi', 'cfg/
> > KERNEL_FEATURES:append = " ${@bb.utils.contains('MACHINE_FEATURES',
> > 'numa', 'features/numa/numa.scc', '', d)}"
> > KERNEL_FEATURES:append = " ${@bb.utils.contains('MACHINE_FEATURES',
> > 'vfat', 'cfg/fs/vfat.scc', '', d)}"
> >
> > +# enable module signing by default
> > +KERNEL_FEATURES:append = " features/module-signing/force-signing.scc"
> > +
>
> For the reference kernels, there are a huge amount of use cases, and I
> support a really broad set of deployments.
>
> We can enable this via either a distro or packageconfig, but not like
> this, since disabling it is difficult and requires a :remove. It needs
> to be opt-in.
This signing is purely a kernel interna
[OE-Core][kirkstone][PATCH v2] dbus: upgrade 1.14.0 -> 1.14.4
License-Update: D-Bus changed to dbus.
1.14.4 has contians following CVEs, removing local patches:
CVE-2022-42012: 0001-dbus-marshal-byteswap-Byte-swap-Unix-fd-indexes-if-n.patch
[https://github.com/freedesktop/dbus/commit/3fb065b0752db1e298e4ada52cf4adc414f5e946]
CVE-2022-42011: 0001-dbus-marshal-validate-Validate-length-of-arrays-of-f.patch
[https://github.com/freedesktop/dbus/commit/b9e6a7523085a2cfceaffca7ba1ab4251f12a984]
CVE-2022-42010: 0001-dbus-marshal-validate-Check-brackets-in-signature-ne.patch
[https://github.com/freedesktop/dbus/commit/3e53a785dee8d1432156188a2c4260e4cbc78c4d]
Signed-off-by: Xiangyu Chen
---
Changes in v2:
Added a License-Update line to the commit message.
Added explanation of removing patches in commit message.
---
...eswap-Byte-swap-Unix-fd-indexes-if-n.patch | 76 ---
...idate-Check-brackets-in-signature-ne.patch | 119 --
...idate-Validate-length-of-arrays-of-f.patch | 61 -
.../dbus/{dbus_1.14.0.bb => dbus_1.14.4.bb} | 10 +-
4 files changed, 4 insertions(+), 262 deletions(-)
delete mode 100644
meta/recipes-core/dbus/dbus/0001-dbus-marshal-byteswap-Byte-swap-Unix-fd-indexes-if-n.patch
delete mode 100644
meta/recipes-core/dbus/dbus/0001-dbus-marshal-validate-Check-brackets-in-signature-ne.patch
delete mode 100644
meta/recipes-core/dbus/dbus/0001-dbus-marshal-validate-Validate-length-of-arrays-of-f.patch
rename meta/recipes-core/dbus/{dbus_1.14.0.bb => dbus_1.14.4.bb} (93%)
diff --git
a/meta/recipes-core/dbus/dbus/0001-dbus-marshal-byteswap-Byte-swap-Unix-fd-indexes-if-n.patch
b/meta/recipes-core/dbus/dbus/0001-dbus-marshal-byteswap-Byte-swap-Unix-fd-indexes-if-n.patch
deleted file mode 100644
index 47f4f1e0d3..00
---
a/meta/recipes-core/dbus/dbus/0001-dbus-marshal-byteswap-Byte-swap-Unix-fd-indexes-if-n.patch
+++ /dev/null
@@ -1,76 +0,0 @@
-From 3fb065b0752db1e298e4ada52cf4adc414f5e946 Mon Sep 17 00:00:00 2001
-From: Simon McVittie
-Date: Fri, 30 Sep 2022 13:46:31 +0100
-Subject: [PATCH] dbus-marshal-byteswap: Byte-swap Unix fd indexes if needed
-
-When a D-Bus message includes attached file descriptors, the body of the
-message contains unsigned 32-bit indexes pointing into an out-of-band
-array of file descriptors. Some D-Bus APIs like GLib's GDBus refer to
-these indexes as "handles" for the associated fds (not to be confused
-with a Windows HANDLE, which is a kernel object).
-
-The assertion message removed by this commit is arguably correct up to
-a point: fd-passing is only reasonable on a local machine, and no known
-operating system allows processes of differing endianness even on a
-multi-endian ARM or PowerPC CPU, so it makes little sense for the sender
-to specify a byte-order that differs from the byte-order of the recipient.
-
-However, this doesn't account for the fact that a malicious sender
-doesn't have to restrict itself to only doing things that make sense.
-On a system with untrusted local users, a message sender could crash
-the system dbus-daemon (a denial of service) by sending a message in
-the opposite endianness that contains handles to file descriptors.
-
-Before this commit, if assertions are enabled, attempting to byteswap
-a fd index would cleanly crash the message recipient with an assertion
-failure. If assertions are disabled, attempting to byteswap a fd index
-would silently do nothing without advancing the pointer p, causing the
-message's type and the pointer into its contents to go out of sync, which
-can result in a subsequent crash (the crash demonstrated by fuzzing was
-a use-after-free, but other failure modes might be possible).
-
-In principle we could resolve this by rejecting wrong-endianness messages
-from a local sender, but it's actually simpler and less code to treat
-wrong-endianness messages as valid and byteswap them.
-
-Thanks: Evgeny Vereshchagin
-Fixes: ba7daa60 "unix-fd: add basic marshalling code for unix fds"
-Resolves: https://gitlab.freedesktop.org/dbus/dbus/-/issues/417
-Resolves: CVE-2022-42012
-
-Upstream-Status: Backport from
[https://gitlab.freedesktop.org/dbus/dbus/-/commit/3fb065b0752db1e298e4ada52cf4adc414f5e946]
-
-Signed-off-by: Simon McVittie
-(cherry picked from commit 236f16e444e88a984cf12b09225e0f8efa6c5b44)
-Signed-off-by: Xiangyu Chen
- dbus/dbus-marshal-byteswap.c | 6 +-
- 1 file changed, 1 insertion(+), 5 deletions(-)
-
-diff --git a/dbus/dbus-marshal-byteswap.c b/dbus/dbus-marshal-byteswap.c
-index 27695aaf..7104e9c6 100644
a/dbus/dbus-marshal-byteswap.c
-+++ b/dbus/dbus-marshal-byteswap.c
-@@ -61,6 +61,7 @@ byteswap_body_helper (DBusTypeReader *reader,
- case DBUS_TYPE_BOOLEAN:
- case DBUS_TYPE_INT32:
- case DBUS_TYPE_UINT32:
-+case DBUS_TYPE_UNIX_FD:
- {
- p = _DBUS_ALIGN_ADDRESS (p, 4);
- *((dbus_uint32_t*)p) = DBUS_UINT32_SWAP_LE_BE
(*((dbus_uint32_t*)p));
-@@ -188,11 +189,6 @@ byteswap_body_helper (DBusTypeReader *reader,
-
Re: [OE-Core][kirkstone][PATCH] dbus: upgrade 1.14.0 -> 1.14.4
> -Original Message-
> From: openembedded-core@lists.openembedded.org
> On Behalf Of Xiangyu Chen
> Sent: den 28 november 2022 02:00
> To: openembedded-core@lists.openembedded.org
> Subject: [OE-Core][kirkstone][PATCH] dbus: upgrade 1.14.0 -> 1.14.4
>
> From: Xiangyu Chen
>
> Signed-off-by: Xiangyu Chen
> ---
> ...eswap-Byte-swap-Unix-fd-indexes-if-n.patch | 76 ---
> ...idate-Check-brackets-in-signature-ne.patch | 119 --
> ...idate-Validate-length-of-arrays-of-f.patch | 61 -
> .../dbus/{dbus_1.14.0.bb => dbus_1.14.4.bb} | 10 +-
> 4 files changed, 4 insertions(+), 262 deletions(-)
> delete mode 100644
> meta/recipes-core/dbus/dbus/0001-dbus-marshal-byteswap-Byte-swap-Unix-fd-indexes-if-n.patch
> delete mode 100644
> meta/recipes-core/dbus/dbus/0001-dbus-marshal-validate-Check-brackets-in-signature-ne.patch
> delete mode 100644
> meta/recipes-core/dbus/dbus/0001-dbus-marshal-validate-Validate-length-of-arrays-of-f.patch
> rename meta/recipes-core/dbus/{dbus_1.14.0.bb => dbus_1.14.4.bb} (93%)
>
[cut]
> diff --git a/meta/recipes-core/dbus/dbus_1.14.0.bb
> b/meta/recipes-core/dbus/dbus_1.14.4.bb
> similarity index 93%
> rename from meta/recipes-core/dbus/dbus_1.14.0.bb
> rename to meta/recipes-core/dbus/dbus_1.14.4.bb
> index 484629e987..9684f0c6e2 100644
> --- a/meta/recipes-core/dbus/dbus_1.14.0.bb
> +++ b/meta/recipes-core/dbus/dbus_1.14.4.bb
> @@ -6,19 +6,17 @@ SECTION = "base"
> inherit autotools pkgconfig gettext upstream-version-is-even ptest-gnome
>
> LICENSE = "AFL-2.1 | GPL-2.0-or-later"
> -LIC_FILES_CHKSUM = "file://COPYING;md5=10dded3b58148f3f1fd804b26354af3e \
> -
> file://dbus/dbus.h;beginline=6;endline=20;md5=866739837ccd835350af94dccd6457d8"
> +LIC_FILES_CHKSUM = "file://COPYING;md5=6423dcd74d7be9715b0db247fd889da3 \
> +
> file://dbus/dbus.h;beginline=6;endline=20;md5=866739837ccd835350af94dccd6457d8
> \
> +"
License changes must have an explanation. Add a License-Update line
to the commit message.
>
> SRC_URI = "https://dbus.freedesktop.org/releases/dbus/dbus-${PV}.tar.xz \
> file://run-ptest \
> file://tmpdir.patch \
> file://dbus-1.init \
> -
> file://0001-dbus-marshal-validate-Check-brackets-in-signature-ne.patch \
> -
> file://0001-dbus-marshal-validate-Validate-length-of-arrays-of-f.patch \
> -
> file://0001-dbus-marshal-byteswap-Byte-swap-Unix-fd-indexes-if-n.patch \
The removed patches could also do with an explanation in the commit
message.
> "
>
> -SRC_URI[sha256sum] =
> "ccd7cce37596e0a19558fd6648d1272ab43f011d80c8635aea8fd0bad58aebd4"
> +SRC_URI[sha256sum] =
> "7c0f9b8e5ec0ff2479383e62c0084a3a29af99edf1514e9f659b81b30d4e353e"
>
> EXTRA_OECONF = "--disable-xml-docs \
> --disable-doxygen-docs \
> --
> 2.34.1
//Peter
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#173893):
https://lists.openembedded.org/g/openembedded-core/message/173893
Mute This Topic: https://lists.openembedded.org/mt/95301172/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH v3 1/1] iputils: update to 20221126
> -Original Message-
> From: openembedded-core@lists.openembedded.org
> On Behalf Of Petr Vorel
> Sent: den 27 november 2022 23:23
> To: openembedded-core@lists.openembedded.org
> Cc: Petr Vorel ; Richard Purdie
> ; Daniel Díaz ;
> Khem Raj ; Alexandre Belloni
> ; Changhyeok Bae ;
> Alexander Kanavin
> Subject: [OE-core] [PATCH v3 1/1] iputils: update to 20221126
>
> From: Petr Vorel
>
> This release removed: ninfod, rarpd, rdisc.
> Remove also related, not yet upstreamed patch.
>
> Signed-off-by: Petr Vorel
> ---
> Hi,
>
> changes v2-v3:
> * Remove ninfod related code (Alexandre Belloni):
> ${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'ninfod', '', d)} \
>
> Hope now it's correct (Alexandre Belloni is going to test v2 without
> this line).
>
> Kind regards,
> Petr
>
> .../0001-rarpd-rdisc-Drop-PrivateUsers.patch | 27 ---
> ...putils_20211215.bb => iputils_20221126.bb} | 20 +++---
> 2 files changed, 3 insertions(+), 44 deletions(-)
> delete mode 100644
> meta/recipes-extended/iputils/iputils/0001-rarpd-rdisc-Drop-PrivateUsers.patch
> rename meta/recipes-extended/iputils/{iputils_20211215.bb =>
> iputils_20221126.bb} (64%)
>
> diff --git
> a/meta/recipes-extended/iputils/iputils/0001-rarpd-rdisc-Drop-PrivateUsers.patch
>
> b/meta/recipes-extended/iputils/iputils/0001-rarpd-rdisc-Drop-PrivateUsers.patch
> deleted file mode 100644
> index c61e39dc80..00
> ---
> a/meta/recipes-extended/iputils/iputils/0001-rarpd-rdisc-Drop-PrivateUsers.patch
> +++ /dev/null
> @@ -1,27 +0,0 @@
> -From dfeeb3f1328d09f516edeb6349bd63e3c87f9397 Mon Sep 17 00:00:00 2001
> -From: Alex Kiernan
> -Date: Thu, 13 Feb 2020 06:08:45 +
> -Subject: [PATCH] rarpd:Drop PrivateUsers
> -
> -rarpd cannot gain the necessary capabilities with
> -PrivateUsers enabled.
> -
> -Upstream-Status: Pending
> -Signed-off-by: Alex Kiernan
> -
>
> - systemd/rarpd.service.in | 1 -
> - 1 file changed, 1 deletion(-)
> -
> -diff --git a/systemd/rarpd.service.in b/systemd/rarpd.service.in
> -index e600c10..f5d7621 100644
> a/systemd/rarpd.service.in
> -+++ b/systemd/rarpd.service.in
> -@@ -12,7 +12,6 @@ AmbientCapabilities=CAP_NET_RAW
> - DynamicUser=yes
> - PrivateTmp=yes
> - PrivateDevices=yes
> --PrivateUsers=yes
> - ProtectSystem=strict
> - ProtectHome=yes
> - ProtectControlGroups=yes
> diff --git a/meta/recipes-extended/iputils/iputils_20211215.bb
> b/meta/recipes-extended/iputils/iputils_20221126.bb
> similarity index 64%
> rename from meta/recipes-extended/iputils/iputils_20211215.bb
> rename to meta/recipes-extended/iputils/iputils_20221126.bb
> index 3ddce0be54..ad9c275e0c 100644
> --- a/meta/recipes-extended/iputils/iputils_20211215.bb
> +++ b/meta/recipes-extended/iputils/iputils_20221126.bb
> @@ -11,9 +11,8 @@ LIC_FILES_CHKSUM =
> "file://LICENSE;md5=bb64c89bb0e23b72930d2380894c47a1"
> DEPENDS = "gnutls"
>
> SRC_URI = "git://github.com/iputils/iputils;branch=master;protocol=https \
> - file://0001-rarpd-rdisc-Drop-PrivateUsers.patch \
> "
Since there no longer is any patch, the above can be changed to:
SRC_URI = "git://github.com/iputils/iputils;branch=master;protocol=https"
> -SRCREV = "1d1e7c43210d8af316a41cb2c53d612a4c16f34d"
> +SRCREV = "5ffabc4190cab975c7332645259e286a032e183b"
>
> S = "${WORKDIR}/git"
>
> @@ -23,14 +22,11 @@ UPSTREAM_CHECK_GITTAGREGEX = "(?P20\d+)"
> # breaks the version order.
> CVE_CHECK_IGNORE += "CVE-2000-1213 CVE-2000-1214"
>
> -PACKAGECONFIG ??= "libcap rarpd \
> - ${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'ninfod',
> '', d)} \
> +PACKAGECONFIG ??= "libcap \
> ${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}"
AFAICT after looking at the code, there is no longer any reason to
pass the systemd configuration as there is nothing related to systemd
being installed anymore. I.e., the above can be simplified to:
PACKAGECONFIG ??= "libcap"
and PACKAGECONFIG[systemd] below can be removed too. Unless of course
you are planning to add new systemd services in the not too distant
future, in which case you might as well leave it as it is.
> PACKAGECONFIG[libcap] = "-DUSE_CAP=true, -DUSE_CAP=false
> -DNO_SETCAP_OR_SUID=true, libcap libcap-native"
> PACKAGECONFIG[libidn] = "-DUSE_IDN=true, -DUSE_IDN=false, libidn2"
> PACKAGECONFIG[gettext] = "-DUSE_GETTEXT=true, -DUSE_GETTEXT=false, gettext"
> -PACKAGECONFIG[ninfod] = "-DBUILD_NINFOD=true,-DBUILD_NINFOD=false,"
> -PACKAGECONFIG[rarpd] = "-DBUILD_RARPD=true,-DBUILD_RARPD=false,"
> PACKAGECONFIG[systemd] =
> "-Dsystemdunitdir=${systemd_system_unitdir},,systemd"
> PACKAGECONFIG[docs] = "-DBUILD_HTML_MANS=true
> -DBUILD_MANS=true,-DBUILD_HTML_MANS=false -DBUILD_MANS=false, libxslt"
>
> @@ -43,9 +39,7 @@ ALTERNATIVE_PRIORITY = "100"
> ALTERNATIVE:${PN}-ping = "ping"
> ALTERNATIVE_LINK_NAME[ping] = "${base_bindir}/ping"
>
> -SPLITPKGS = "${PN}-ping ${PN}-arping ${PN}-tracepath ${PN}-clockdiff
> ${PN}-rdis
[OE-Core][kirkstone][PATCH] dbus: upgrade 1.14.0 -> 1.14.4
From: Xiangyu Chen
Signed-off-by: Xiangyu Chen
---
...eswap-Byte-swap-Unix-fd-indexes-if-n.patch | 76 ---
...idate-Check-brackets-in-signature-ne.patch | 119 --
...idate-Validate-length-of-arrays-of-f.patch | 61 -
.../dbus/{dbus_1.14.0.bb => dbus_1.14.4.bb} | 10 +-
4 files changed, 4 insertions(+), 262 deletions(-)
delete mode 100644
meta/recipes-core/dbus/dbus/0001-dbus-marshal-byteswap-Byte-swap-Unix-fd-indexes-if-n.patch
delete mode 100644
meta/recipes-core/dbus/dbus/0001-dbus-marshal-validate-Check-brackets-in-signature-ne.patch
delete mode 100644
meta/recipes-core/dbus/dbus/0001-dbus-marshal-validate-Validate-length-of-arrays-of-f.patch
rename meta/recipes-core/dbus/{dbus_1.14.0.bb => dbus_1.14.4.bb} (93%)
diff --git
a/meta/recipes-core/dbus/dbus/0001-dbus-marshal-byteswap-Byte-swap-Unix-fd-indexes-if-n.patch
b/meta/recipes-core/dbus/dbus/0001-dbus-marshal-byteswap-Byte-swap-Unix-fd-indexes-if-n.patch
deleted file mode 100644
index 47f4f1e0d3..00
---
a/meta/recipes-core/dbus/dbus/0001-dbus-marshal-byteswap-Byte-swap-Unix-fd-indexes-if-n.patch
+++ /dev/null
@@ -1,76 +0,0 @@
-From 3fb065b0752db1e298e4ada52cf4adc414f5e946 Mon Sep 17 00:00:00 2001
-From: Simon McVittie
-Date: Fri, 30 Sep 2022 13:46:31 +0100
-Subject: [PATCH] dbus-marshal-byteswap: Byte-swap Unix fd indexes if needed
-
-When a D-Bus message includes attached file descriptors, the body of the
-message contains unsigned 32-bit indexes pointing into an out-of-band
-array of file descriptors. Some D-Bus APIs like GLib's GDBus refer to
-these indexes as "handles" for the associated fds (not to be confused
-with a Windows HANDLE, which is a kernel object).
-
-The assertion message removed by this commit is arguably correct up to
-a point: fd-passing is only reasonable on a local machine, and no known
-operating system allows processes of differing endianness even on a
-multi-endian ARM or PowerPC CPU, so it makes little sense for the sender
-to specify a byte-order that differs from the byte-order of the recipient.
-
-However, this doesn't account for the fact that a malicious sender
-doesn't have to restrict itself to only doing things that make sense.
-On a system with untrusted local users, a message sender could crash
-the system dbus-daemon (a denial of service) by sending a message in
-the opposite endianness that contains handles to file descriptors.
-
-Before this commit, if assertions are enabled, attempting to byteswap
-a fd index would cleanly crash the message recipient with an assertion
-failure. If assertions are disabled, attempting to byteswap a fd index
-would silently do nothing without advancing the pointer p, causing the
-message's type and the pointer into its contents to go out of sync, which
-can result in a subsequent crash (the crash demonstrated by fuzzing was
-a use-after-free, but other failure modes might be possible).
-
-In principle we could resolve this by rejecting wrong-endianness messages
-from a local sender, but it's actually simpler and less code to treat
-wrong-endianness messages as valid and byteswap them.
-
-Thanks: Evgeny Vereshchagin
-Fixes: ba7daa60 "unix-fd: add basic marshalling code for unix fds"
-Resolves: https://gitlab.freedesktop.org/dbus/dbus/-/issues/417
-Resolves: CVE-2022-42012
-
-Upstream-Status: Backport from
[https://gitlab.freedesktop.org/dbus/dbus/-/commit/3fb065b0752db1e298e4ada52cf4adc414f5e946]
-
-Signed-off-by: Simon McVittie
-(cherry picked from commit 236f16e444e88a984cf12b09225e0f8efa6c5b44)
-Signed-off-by: Xiangyu Chen
- dbus/dbus-marshal-byteswap.c | 6 +-
- 1 file changed, 1 insertion(+), 5 deletions(-)
-
-diff --git a/dbus/dbus-marshal-byteswap.c b/dbus/dbus-marshal-byteswap.c
-index 27695aaf..7104e9c6 100644
a/dbus/dbus-marshal-byteswap.c
-+++ b/dbus/dbus-marshal-byteswap.c
-@@ -61,6 +61,7 @@ byteswap_body_helper (DBusTypeReader *reader,
- case DBUS_TYPE_BOOLEAN:
- case DBUS_TYPE_INT32:
- case DBUS_TYPE_UINT32:
-+case DBUS_TYPE_UNIX_FD:
- {
- p = _DBUS_ALIGN_ADDRESS (p, 4);
- *((dbus_uint32_t*)p) = DBUS_UINT32_SWAP_LE_BE
(*((dbus_uint32_t*)p));
-@@ -188,11 +189,6 @@ byteswap_body_helper (DBusTypeReader *reader,
- }
- break;
-
--case DBUS_TYPE_UNIX_FD:
-- /* fds can only be passed on a local machine, so byte order must
always match */
-- _dbus_assert_not_reached("attempted to byteswap unix fds which
makes no sense");
-- break;
--
- default:
- _dbus_assert_not_reached ("invalid typecode in supposedly-validated
signature");
- break;
---
-2.34.1
-
diff --git
a/meta/recipes-core/dbus/dbus/0001-dbus-marshal-validate-Check-brackets-in-signature-ne.patch
b/meta/recipes-core/dbus/dbus/0001-dbus-marshal-validate-Check-brackets-in-signature-ne.patch
deleted file mode 100644
index f2e14fb8d5..00
---
a/meta/recipes-core/dbus/dbus/
Re: [OE-core] [PATCH 1/3] qemu-helper: depend on unfs3 and pseudo directly
On Fri, 2022-11-25 at 22:15 +0100, Alexander Kanavin wrote: > Dependencies of runqemu belong in qemu-helper; in particular > there is no reason to scatter unfs3 all over the place, and then > require separate steps to make it available (e.g. 'meta-ide-support'). NFS isn't really a dependency of qemu though. The thinking here was that you could boot a real board onto an NFS mount from your local system for development purposes. That is why it was being included as an SDK tool. Perhaps we should just add it to qemu helper as well to simplify the runqemu case? Cheers, Richard -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#173890): https://lists.openembedded.org/g/openembedded-core/message/173890 Mute This Topic: https://lists.openembedded.org/mt/95262050/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH v3 1/1] iputils: update to 20221126
From: Petr Vorel
This release removed: ninfod, rarpd, rdisc.
Remove also related, not yet upstreamed patch.
Signed-off-by: Petr Vorel
---
Hi,
changes v2-v3:
* Remove ninfod related code (Alexandre Belloni):
${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'ninfod', '', d)} \
Hope now it's correct (Alexandre Belloni is going to test v2 without
this line).
Kind regards,
Petr
.../0001-rarpd-rdisc-Drop-PrivateUsers.patch | 27 ---
...putils_20211215.bb => iputils_20221126.bb} | 20 +++---
2 files changed, 3 insertions(+), 44 deletions(-)
delete mode 100644
meta/recipes-extended/iputils/iputils/0001-rarpd-rdisc-Drop-PrivateUsers.patch
rename meta/recipes-extended/iputils/{iputils_20211215.bb =>
iputils_20221126.bb} (64%)
diff --git
a/meta/recipes-extended/iputils/iputils/0001-rarpd-rdisc-Drop-PrivateUsers.patch
b/meta/recipes-extended/iputils/iputils/0001-rarpd-rdisc-Drop-PrivateUsers.patch
deleted file mode 100644
index c61e39dc80..00
---
a/meta/recipes-extended/iputils/iputils/0001-rarpd-rdisc-Drop-PrivateUsers.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From dfeeb3f1328d09f516edeb6349bd63e3c87f9397 Mon Sep 17 00:00:00 2001
-From: Alex Kiernan
-Date: Thu, 13 Feb 2020 06:08:45 +
-Subject: [PATCH] rarpd:Drop PrivateUsers
-
-rarpd cannot gain the necessary capabilities with
-PrivateUsers enabled.
-
-Upstream-Status: Pending
-Signed-off-by: Alex Kiernan
-
- systemd/rarpd.service.in | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/systemd/rarpd.service.in b/systemd/rarpd.service.in
-index e600c10..f5d7621 100644
a/systemd/rarpd.service.in
-+++ b/systemd/rarpd.service.in
-@@ -12,7 +12,6 @@ AmbientCapabilities=CAP_NET_RAW
- DynamicUser=yes
- PrivateTmp=yes
- PrivateDevices=yes
--PrivateUsers=yes
- ProtectSystem=strict
- ProtectHome=yes
- ProtectControlGroups=yes
diff --git a/meta/recipes-extended/iputils/iputils_20211215.bb
b/meta/recipes-extended/iputils/iputils_20221126.bb
similarity index 64%
rename from meta/recipes-extended/iputils/iputils_20211215.bb
rename to meta/recipes-extended/iputils/iputils_20221126.bb
index 3ddce0be54..ad9c275e0c 100644
--- a/meta/recipes-extended/iputils/iputils_20211215.bb
+++ b/meta/recipes-extended/iputils/iputils_20221126.bb
@@ -11,9 +11,8 @@ LIC_FILES_CHKSUM =
"file://LICENSE;md5=bb64c89bb0e23b72930d2380894c47a1"
DEPENDS = "gnutls"
SRC_URI = "git://github.com/iputils/iputils;branch=master;protocol=https \
- file://0001-rarpd-rdisc-Drop-PrivateUsers.patch \
"
-SRCREV = "1d1e7c43210d8af316a41cb2c53d612a4c16f34d"
+SRCREV = "5ffabc4190cab975c7332645259e286a032e183b"
S = "${WORKDIR}/git"
@@ -23,14 +22,11 @@ UPSTREAM_CHECK_GITTAGREGEX = "(?P20\d+)"
# breaks the version order.
CVE_CHECK_IGNORE += "CVE-2000-1213 CVE-2000-1214"
-PACKAGECONFIG ??= "libcap rarpd \
- ${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'ninfod',
'', d)} \
+PACKAGECONFIG ??= "libcap \
${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}"
PACKAGECONFIG[libcap] = "-DUSE_CAP=true, -DUSE_CAP=false
-DNO_SETCAP_OR_SUID=true, libcap libcap-native"
PACKAGECONFIG[libidn] = "-DUSE_IDN=true, -DUSE_IDN=false, libidn2"
PACKAGECONFIG[gettext] = "-DUSE_GETTEXT=true, -DUSE_GETTEXT=false, gettext"
-PACKAGECONFIG[ninfod] = "-DBUILD_NINFOD=true,-DBUILD_NINFOD=false,"
-PACKAGECONFIG[rarpd] = "-DBUILD_RARPD=true,-DBUILD_RARPD=false,"
PACKAGECONFIG[systemd] = "-Dsystemdunitdir=${systemd_system_unitdir},,systemd"
PACKAGECONFIG[docs] = "-DBUILD_HTML_MANS=true
-DBUILD_MANS=true,-DBUILD_HTML_MANS=false -DBUILD_MANS=false, libxslt"
@@ -43,9 +39,7 @@ ALTERNATIVE_PRIORITY = "100"
ALTERNATIVE:${PN}-ping = "ping"
ALTERNATIVE_LINK_NAME[ping] = "${base_bindir}/ping"
-SPLITPKGS = "${PN}-ping ${PN}-arping ${PN}-tracepath ${PN}-clockdiff
${PN}-rdisc \
- ${@bb.utils.contains('PACKAGECONFIG', 'rarpd', '${PN}-rarpd', '',
d)} \
- ${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', '${PN}-ninfod',
'', d)}"
+SPLITPKGS = "${PN}-ping ${PN}-arping ${PN}-tracepath ${PN}-clockdiff"
PACKAGES += "${SPLITPKGS}"
ALLOW_EMPTY:${PN} = "1"
@@ -56,11 +50,3 @@ FILES:${PN}-ping = "${base_bindir}/ping.${BPN}"
FILES:${PN}-arping = "${base_bindir}/arping"
FILES:${PN}-tracepath = "${base_bindir}/tracepath"
FILES:${PN}-clockdiff = "${base_bindir}/clockdiff"
-FILES:${PN}-rarpd = "${base_sbindir}/rarpd
${systemd_system_unitdir}/rarpd@.service"
-FILES:${PN}-rdisc = "${base_sbindir}/rdisc"
-FILES:${PN}-ninfod = "${base_sbindir}/ninfod ${sysconfdir}/init.d/ninfod.sh"
-
-SYSTEMD_PACKAGES = "${@bb.utils.contains('DISTRO_FEATURES', 'ipv6',
'${PN}-ninfod', '', d)} \
-${PN}-rdisc"
-SYSTEMD_SERVICE:${PN}-ninfod = "ninfod.service"
-SYSTEMD_SERVICE:${PN}-rdisc = "rdisc.service"
--
2.38.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#173889):
https://lists.openembedded.org/g/openembedded-core/message/173889
Mute This Topic: https://l
Re: [OE-core] [PATCH v2 1/1] iputils: update to 20221126
On Sun, 27 Nov 2022 at 23:13, Alexandre Belloni
wrote:
>
> On 27/11/2022 22:55:31+0100, Petr Vorel wrote:
> > On Sun, 27 Nov 2022 at 19:42, Alexandre Belloni
> > wrote:
> > >
> > > Hello,
> > >
> > > You should at least build test your patches
> >
> > OK, I'll do. What always discourages me is that unlike Buildroot
> > build, openembedded takes so long.
> >
> > What I usually do:
> > cd ..; git clone git://git.openembedded.org/bitbake.git; cd -
> > . oe-init-build-env
> > bitbake iputils
> >
> > If there is anything I can speedup a build (e.g. using some of host
> > utils to build really just the target) please let me know.
>
> Not really, you'd have to keep your sstate-cache but my guess is that
> your builds are infrequent enough that everything will rebuild anyway.
Yes.
>
> This made me try to understand why you didn't test your patches and I
> didn't realize you are maintaining iputils. Thanks for the help!
Yes, I'm just iputils and ltp maintainer, thus understand the upstream code,
but not much of openembedded (I don't even use it).
>
> >
> > >
> > > On 27/11/2022 16:17:08+0100, Petr Vorel wrote:
> > > > -PACKAGECONFIG ??= "libcap rarpd \
> > > > - ${@bb.utils.contains('DISTRO_FEATURES', 'ipv6',
> > > > 'ninfod', '', d)} \
> > > > +PACKAGECONFIG ??= "libcap \
> > > > + ${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', '',
> > > > d)} \
> > >
> > > This probably doesn't work either
> > Not sure what's wrong on this, but maybe build shows that out.
>
> The whole bb.utils.contains call can be removed because it doesn't do
> anything once you remove the 'ninfod' argument.
>
> I'll send the patch to our CI with the line removed
Thank you! I'll send v3 without this line (so that it can be applied
if your testing is ok):
${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'ninfod', '', d)} \
Kind regards,
Petr
>
>
> --
> Alexandre Belloni, co-owner and COO, Bootlin
> Embedded Linux and Kernel engineering
> https://bootlin.com
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#173888):
https://lists.openembedded.org/g/openembedded-core/message/173888
Mute This Topic: https://lists.openembedded.org/mt/95290165/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH v2 1/1] iputils: update to 20221126
On 27/11/2022 22:55:31+0100, Petr Vorel wrote:
> On Sun, 27 Nov 2022 at 19:42, Alexandre Belloni
> wrote:
> >
> > Hello,
> >
> > You should at least build test your patches
>
> OK, I'll do. What always discourages me is that unlike Buildroot
> build, openembedded takes so long.
>
> What I usually do:
> cd ..; git clone git://git.openembedded.org/bitbake.git; cd -
> . oe-init-build-env
> bitbake iputils
>
> If there is anything I can speedup a build (e.g. using some of host
> utils to build really just the target) please let me know.
Not really, you'd have to keep your sstate-cache but my guess is that
your builds are infrequent enough that everything will rebuild anyway.
This made me try to understand why you didn't test your patches and I
didn't realize you are maintaining iputils. Thanks for the help!
>
> >
> > On 27/11/2022 16:17:08+0100, Petr Vorel wrote:
> > > -PACKAGECONFIG ??= "libcap rarpd \
> > > - ${@bb.utils.contains('DISTRO_FEATURES', 'ipv6',
> > > 'ninfod', '', d)} \
> > > +PACKAGECONFIG ??= "libcap \
> > > + ${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', '',
> > > d)} \
> >
> > This probably doesn't work either
> Not sure what's wrong on this, but maybe build shows that out.
The whole bb.utils.contains call can be removed because it doesn't do
anything once you remove the 'ninfod' argument.
I'll send the patch to our CI with the line removed
--
Alexandre Belloni, co-owner and COO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#173887):
https://lists.openembedded.org/g/openembedded-core/message/173887
Mute This Topic: https://lists.openembedded.org/mt/95290165/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH v2 1/1] iputils: update to 20221126
On Sun, 27 Nov 2022 at 19:42, Alexandre Belloni
wrote:
>
> Hello,
>
> You should at least build test your patches
OK, I'll do. What always discourages me is that unlike Buildroot
build, openembedded takes so long.
What I usually do:
cd ..; git clone git://git.openembedded.org/bitbake.git; cd -
. oe-init-build-env
bitbake iputils
If there is anything I can speedup a build (e.g. using some of host
utils to build really just the target) please let me know.
>
> On 27/11/2022 16:17:08+0100, Petr Vorel wrote:
> > -PACKAGECONFIG ??= "libcap rarpd \
> > - ${@bb.utils.contains('DISTRO_FEATURES', 'ipv6',
> > 'ninfod', '', d)} \
> > +PACKAGECONFIG ??= "libcap \
> > + ${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', '', d)}
> > \
>
> This probably doesn't work either
Not sure what's wrong on this, but maybe build shows that out.
Kind regards,
Petr
>
>
> --
> Alexandre Belloni, co-owner and COO, Bootlin
> Embedded Linux and Kernel engineering
> https://bootlin.com
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#173886):
https://lists.openembedded.org/g/openembedded-core/message/173886
Mute This Topic: https://lists.openembedded.org/mt/95290165/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH RFC] base: Switch to use addpylib directive
Since bitbake now supports an official method to inject python modules,
switch to it.
Anyone using OE_EXTRA_IMPORTS will need to adjust their code accordingly,
probably switching to their own module namespace.
Signed-off-by: Richard Purdie
---
[This patch is an RFC as part of a series on the bitbake-devel list]
meta/classes-global/base.bbclass | 23 ---
meta/conf/layer.conf | 2 ++
meta/lib/oe/__init__.py | 4
3 files changed, 6 insertions(+), 23 deletions(-)
diff --git a/meta/classes-global/base.bbclass b/meta/classes-global/base.bbclass
index c81aa51ef3f..c4ac43c5696 100644
--- a/meta/classes-global/base.bbclass
+++ b/meta/classes-global/base.bbclass
@@ -15,31 +15,8 @@ inherit utils
inherit utility-tasks
inherit logging
-OE_EXTRA_IMPORTS ?= ""
-
-OE_IMPORTS += "os sys time oe.path oe.utils oe.types oe.package
oe.packagegroup oe.sstatesig oe.lsb oe.cachedpath oe.license oe.qa
oe.reproducible oe.rust oe.buildcfg ${OE_EXTRA_IMPORTS}"
-OE_IMPORTS[type] = "list"
-
PACKAGECONFIG_CONFARGS ??= ""
-def oe_import(d):
-import sys
-
-bbpath = [os.path.join(dir, "lib") for dir in
d.getVar("BBPATH").split(":")]
-sys.path[0:0] = [dir for dir in bbpath if dir not in sys.path]
-
-import oe.data
-for toimport in oe.data.typed_value("OE_IMPORTS", d):
-try:
-# Make a python object accessible from the metadata
-bb.utils._context[toimport.split(".", 1)[0]] = __import__(toimport)
-except AttributeError as e:
-bb.error("Error importing OE modules: %s" % str(e))
-return ""
-
-# We need the oe module name space early (before INHERITs get added)
-OE_IMPORTED := "${@oe_import(d)}"
-
inherit metadata_scm
def lsb_distro_identifier(d):
diff --git a/meta/conf/layer.conf b/meta/conf/layer.conf
index 0ce90355baf..0fe05beebf0 100644
--- a/meta/conf/layer.conf
+++ b/meta/conf/layer.conf
@@ -125,3 +125,5 @@ SSTATE_EXCLUDEDEPS_SYSROOT += ".*->autoconf-archive-native"
# Avoid empty path entries
BITBAKEPATH :=
"${@os.path.dirname(bb.utils.which(d.getVar('PATH'),'bitbake'))}"
PATH := "${@'${BITBAKEPATH}:' if '${BITBAKEPATH}' != '' else
''}${HOSTTOOLS_DIR}"
+
+addpylib ${LAYERDIR}/lib oe
diff --git a/meta/lib/oe/__init__.py b/meta/lib/oe/__init__.py
index 92f002d8726..9166420b00e 100644
--- a/meta/lib/oe/__init__.py
+++ b/meta/lib/oe/__init__.py
@@ -6,3 +6,7 @@
from pkgutil import extend_path
__path__ = extend_path(__path__, __name__)
+
+BBIMPORTS = ["os", "sys", "time", "oe.data", "oe.path", "oe.utils",
"oe.types", "oe.package", \
+ "oe.packagegroup", "oe.sstatesig", "oe.lsb", "oe.cachedpath",
"oe.license", \
+ "oe.qa", "oe.reproducible", "oe.rust", "oe.buildcfg"]
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#173885):
https://lists.openembedded.org/g/openembedded-core/message/173885
Mute This Topic: https://lists.openembedded.org/mt/95297771/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [oe-core][PATCHv2] gcr: add recipe for gcr-4, needed to build with gtk4
I would suggest that gtk4 is moved to core. The time has come. Alex On Sun 27. Nov 2022 at 20.38, Markus Volk wrote: > Am So, 27. Nov 2022 um 20:11:34 +0100 schrieb Alexandre Belloni via > lists.openembedded.org bootlin@lists.openembedded.org>: > > stdio: WARNING: Nothing PROVIDES 'gtk4' (but > /home/pokybuild/yocto-worker/a-full/build/meta/recipes-gnome/gcr/ > gcr_4.0.0.bb DEPENDS on or otherwise requires it) > > > mmh, i guess possible solutions would be to move either gtk4 to oe-core or > gcr4 to meta-gnome > > > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#173884): https://lists.openembedded.org/g/openembedded-core/message/173884 Mute This Topic: https://lists.openembedded.org/mt/95287600/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [oe-core][PATCHv2] gcr: add recipe for gcr-4, needed to build with gtk4
Am So, 27. Nov 2022 um 20:11:34 +0100 schrieb Alexandre Belloni via lists.openembedded.org : stdio: WARNING: Nothing PROVIDES 'gtk4' (but /home/pokybuild/yocto-worker/a-full/build/meta/recipes-gnome/gcr/gcr_4.0.0.bb DEPENDS on or otherwise requires it) mmh, i guess possible solutions would be to move either gtk4 to oe-core or gcr4 to meta-gnome -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#173883): https://lists.openembedded.org/g/openembedded-core/message/173883 Mute This Topic: https://lists.openembedded.org/mt/95287600/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [oe-core][PATCHv2] gcr: add recipe for gcr-4, needed to build with gtk4
Hello,
This causes:
stdio: WARNING: Nothing PROVIDES 'gtk4' (but
/home/pokybuild/yocto-worker/a-full/build/meta/recipes-gnome/gcr/gcr_4.0.0.bb
DEPENDS on or otherwise requires it)
stdio: WARNING: Nothing RPROVIDES 'gcr' (but
/home/pokybuild/yocto-worker/a-full/build/meta/recipes-gnome/gcr/gcr_4.0.0.bb
RDEPENDS on or otherwise requires it)
stdio: WARNING: Nothing RPROVIDES 'gcr-dev' (but
/home/pokybuild/yocto-worker/a-full/build/meta/recipes-gnome/gcr/gcr_4.0.0.bb
RDEPENDS on or otherwise requires it)
On 27/11/2022 13:27:44+0100, Markus Volk wrote:
> gcr-3 recipe is still needed for gnome projects that stick to gtk+3, rename
> to gcr3.
>
> Signed-off-by: Markus Volk
> ---
> ...build-fix-one-parallel-build-failure.patch | 0
> ...1d02bb0148ca787ac4aead164d7c8ce2c4d8.patch | 0
> .../gcr/{gcr_3.40.0.bb => gcr3_3.40.0.bb} | 8 ++-
> meta/recipes-gnome/gcr/gcr_4.0.0.bb | 56 +++
> 4 files changed, 62 insertions(+), 2 deletions(-)
> rename meta/recipes-gnome/gcr/{gcr =>
> gcr3}/0001-gcr-meson.build-fix-one-parallel-build-failure.patch (100%)
> rename meta/recipes-gnome/gcr/{gcr =>
> gcr3}/b3ca1d02bb0148ca787ac4aead164d7c8ce2c4d8.patch (100%)
> rename meta/recipes-gnome/gcr/{gcr_3.40.0.bb => gcr3_3.40.0.bb} (87%)
> create mode 100644 meta/recipes-gnome/gcr/gcr_4.0.0.bb
>
> diff --git
> a/meta/recipes-gnome/gcr/gcr/0001-gcr-meson.build-fix-one-parallel-build-failure.patch
>
> b/meta/recipes-gnome/gcr/gcr3/0001-gcr-meson.build-fix-one-parallel-build-failure.patch
> similarity index 100%
> rename from
> meta/recipes-gnome/gcr/gcr/0001-gcr-meson.build-fix-one-parallel-build-failure.patch
> rename to
> meta/recipes-gnome/gcr/gcr3/0001-gcr-meson.build-fix-one-parallel-build-failure.patch
> diff --git
> a/meta/recipes-gnome/gcr/gcr/b3ca1d02bb0148ca787ac4aead164d7c8ce2c4d8.patch
> b/meta/recipes-gnome/gcr/gcr3/b3ca1d02bb0148ca787ac4aead164d7c8ce2c4d8.patch
> similarity index 100%
> rename from
> meta/recipes-gnome/gcr/gcr/b3ca1d02bb0148ca787ac4aead164d7c8ce2c4d8.patch
> rename to
> meta/recipes-gnome/gcr/gcr3/b3ca1d02bb0148ca787ac4aead164d7c8ce2c4d8.patch
> diff --git a/meta/recipes-gnome/gcr/gcr_3.40.0.bb
> b/meta/recipes-gnome/gcr/gcr3_3.40.0.bb
> similarity index 87%
> rename from meta/recipes-gnome/gcr/gcr_3.40.0.bb
> rename to meta/recipes-gnome/gcr/gcr3_3.40.0.bb
> index 917be5938b..5318768db6 100644
> --- a/meta/recipes-gnome/gcr/gcr_3.40.0.bb
> +++ b/meta/recipes-gnome/gcr/gcr3_3.40.0.bb
> @@ -20,11 +20,15 @@ GTKDOC_MESON_OPTION = "gtk_doc"
> inherit gnomebase gtk-icon-cache gtk-doc features_check
> upstream-version-is-even vala gobject-introspection gettext mime mime-xdg
> UPSTREAM_CHECK_REGEX =
> "[^\d\.](?P\d+\.(?!9\d+)(\d*[02468])+(\.\d+)+)\.tar"
>
> -SRC_URI += "file://0001-gcr-meson.build-fix-one-parallel-build-failure.patch
> \
> -file://b3ca1d02bb0148ca787ac4aead164d7c8ce2c4d8.patch"
> +SRC_URI = " \
> +
> https://download.gnome.org/sources/gcr/3.40/gcr-${PV}.tar.xz;name=archive \
> + file://0001-gcr-meson.build-fix-one-parallel-build-failure.patch \
> + file://b3ca1d02bb0148ca787ac4aead164d7c8ce2c4d8.patch"
>
> SRC_URI[archive.sha256sum] =
> "b9d3645a5fd953a54285cc64d4fc046736463dbd4dcc25caf5c7b59bed3027f5"
>
> +S = "${WORKDIR}/gcr-${PV}"
> +
> PACKAGECONFIG ??= " \
> ${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'gtk', '', d)} \
> ${@bb.utils.contains('DISTRO_FEATURES', 'wayland', 'gtk', '', d)} \
> diff --git a/meta/recipes-gnome/gcr/gcr_4.0.0.bb
> b/meta/recipes-gnome/gcr/gcr_4.0.0.bb
> new file mode 100644
> index 00..fafc85e6a3
> --- /dev/null
> +++ b/meta/recipes-gnome/gcr/gcr_4.0.0.bb
> @@ -0,0 +1,56 @@
> +SUMMARY = "A library for bits of crypto UI and parsing etc"
> +DESCRIPTION = "GCR is a library for displaying certificates, and crypto UI, \
> +accessing key stores. It also provides the viewer for crypto files on the \
> +GNOME desktop."
> +HOMEPAGE = "https://gitlab.gnome.org/GNOME/gcr";
> +BUGTRACKER = "https://gitlab.gnome.org/GNOME/gcr/issues";
> +
> +LICENSE = "GPL-2.0-only"
> +LIC_FILES_CHKSUM = "file://COPYING;md5=55ca817ccb7d5b5b66355690e9abc605"
> +
> +DEPENDS = "p11-kit glib-2.0 libgcrypt gnupg-native libsecret \
> + ${@bb.utils.contains('GI_DATA_ENABLED', 'True', 'libxslt-native',
> '', d)}"
> +
> +CACHED_CONFIGUREVARS += "ac_cv_path_GPG='gpg2'"
> +
> +CFLAGS += "-D_GNU_SOURCE"
> +
> +GNOMEBASEBUILDCLASS = "meson"
> +GTKDOC_MESON_OPTION = "gtk_doc"
> +inherit gnomebase gtk-icon-cache gtk-doc features_check
> upstream-version-is-even vala gobject-introspection gettext mime mime-xdg
> +UPSTREAM_CHECK_REGEX =
> "[^\d\.](?P\d+\.(?!9\d+)(\d*[02468])+(\.\d+)+)\.tar"
> +
> +SRC_URI[archive.sha256sum] =
> "c45855924f0ee7bab43e2dd38bfafd2ac815c6e9864341c0161e171173dcec7c"
> +
> +PACKAGECONFIG ??= " \
> + ${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)} \
> + ${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'gtk', '', d)} \
> + ${@bb.utils.con
Re: [OE-core] [PATCH] linux-yocto: enable strict kernel module signing by default
On 27/11/2022 03:34, Bruce Ashfield wrote: On Fri, Nov 25, 2022 at 11:11 AM Jack Mitchell wrote: On 25/11/2022 15:54, Mikko Rapeli wrote: It's a good default and used in many Linux distributions. Did not test out of tree modules if they do correct things but any such failures should be fixed. One way to verify that kernel module signing also works: root@qemux86-64:~# dmesg|grep X.509 [1.298936] Loading compiled-in X.509 certificates [1.328280] Loaded X.509 cert 'Build time autogenerated kernel key: ee1bed6d845358744c764683bf73b4404cc79287' These logs in dmesg show that signing in kernel is enabled and key is found. Then if any kernel modules load, they were signed correctly. Additionally modinfo tool from kmod shows kernel module signing details: Hi Mikko, Do the kernel modules get properly stripped, last time I was looking at this it was skipped when signed and as such root filesystem sizes ballooned with signed modules. oe package.py still does skip stripping for signed modules. I'm sure it is fixable, but we need someone to step up and have a closer look. Richard can probably comment better than I can, but there's a variety of use cases (from SDKs, to debug, to SBOM, etc) that all need to deal with whether binaries are stripped and be able to find the non-stripped executables in order to work properly. So to answer the follow up suggestion of using the kernel's module strip directly .. it also might be feasible, but we need to make sure that all the other uses cases still work. My preference is to do the work in package.py, so that we don't have to worry about the kernel provider and any additional features have code in the same place as a baseline. I agree, if the kernel has the right arguments available for properly stripping the modules without stripping the signed portion then we can set those args manually rather than skipping the strip all together I believe. I also had the same thought with having the kernel do it as I don't know where the stripped information goes and how that would then make it into debug packages. Bruce Regards, Jack. root@qemux86-64:~# lsmod Module Size Used by sch_fq_codel 20480 1 root@qemux86-64:~# modinfo sch_fq_codel filename: /lib/modules/5.19.9-yocto-standard/kernel/net/sched/sch_fq_codel.ko description:Fair Queue CoDel discipline license:GPL author: Eric Dumazet depends: retpoline: Y intree: Y name: sch_fq_codel vermagic: 5.19.9-yocto-standard SMP preempt mod_unload sig_id: PKCS#7 signer: Build time autogenerated kernel key sig_key:2B:2A:BE:7D:B5:92:DC:98:A9:F8:D7:00:A6:73:35:20:10:D8:19:EE sig_hashalgo: sha512 signature: 72:6C:E1:78:7C:A7:7B:CC:C4:33:23:6B:95:EC:1B:2A:BD:D9:EC:7A: 85:07:05:B2:70:3C:C9:64:F6:78:8A:01:A0:E3:64:C7:47:BB:5D:0E: 86:BA:C1:DD:40:05:AE:1F:19:D4:F0:98:49:86:CC:61:14:3C:AB:1E: 4A:1C:83:47:1D:FA:6D:E4:83:79:3A:2B:3F:7D:B6:E0:09:AE:B4:01: 07:EE:C9:5B:99:70:4F:49:8A:64:E4:7D:84:AA:37:F5:DB:5F:16:5C: D4:DC:0C:33:73:5D:D9:8D:7E:71:5B:A1:ED:61:81:5E:1C:ED:A2:D8: 76:46:99:B3:78:08:F7:7F:0D:4B:94:26:21:63:47:B0:75:9F:A4:EA: 3D:14:D4:09:CC:59:F3:FC:80:AC:BF:56:1E:8C:73:FD:CB:07:27:C6: 3D:98:4C:E4:C3:9C:C0:AD:90:53:46:8F:AE:66:FE:10:C8:92:7F:BA: 74:C2:B0:E3:6E:47:66:AB:39:25:41:12:66:91:20:27:1A:58:77:75: 4F:C0:3F:F1:8E:5F:AB:0A:BD:8B:62:4F:2B:01:5A:5C:4E:5C:31:39: FB:F4:14:2E:BF:D8:51:4B:C8:D0:E2:0A:20:80:95:05:80:E3:46:75: 43:80:30:63:6F:A4:25:82:59:35:34:E8:6A:DC:FF:93:F8:32:BB:FA: 66:2D:B9:08:75:1A:3A:3A:5D:57:F4:63:85:01:B4:EB:96:1B:CE:6F: 4D:61:FC:AA:6C:39:7F:D6:37:C9:84:0A:84:17:FB:BE:FC:20:CB:EE: 8C:2F:93:92:F6:48:F4:07:50:84:D8:2C:B5:2E:A7:7D:3A:3F:DC:E9: B9:17:EF:47:49:EC:BA:62:1C:C4:C6:58:9C:0C:8D:26:41:6E:1F:C1: 95:A7:8B:57:5D:1D:4B:B4:04:00:F6:68:24:9E:E2:BF:11:EC:05:6C: 83:E8:C6:DB:BB:3D:22:8B:31:BB:99:1A:44:E1:15:71:C3:AA:FA:01: 98:BA:6B:20:26:D6:9C:61:5C:6F:81:29:09:B1:EA:C5:28:15:F3:98: C0:18:FE:08:8B:40:A5:F3:3C:71:4B:C6:41:CD:38:51:79:EA:5D:C9: 13:39:B5:FD:A3:D1:BB:11:94:66:F7:7B:6A:DC:2C:01:5F:AB:73:08: 68:24:32:BE:BC:7A:90:E5:FD:97:17:6C:DD:46:D0:0E:2C:03:31:66: B3:7C:B2:48:E1:E0:1A:63:20:48:4C:D4:55:56:71:04:3B:5F:3B:28: BF:64:6C:52:A9:07:6D:FF:21:E9:06:35:E8:A1:D7:F4:C2:F9:D7:7B: 9D:D2:90:16:2F:68:1E:3F:BE:43:ED:64 Failures in signed kernel module loading should show as errors at runtime, for example systemd services, or as oeqa parselogs test failures which detects signature verification error messages from the kernel. Signed-off-by: Mikko Rapeli --- meta/
Re: [OE-core] [PATCH v2 1/1] iputils: update to 20221126
Hello,
You should at least build test your patches
On 27/11/2022 16:17:08+0100, Petr Vorel wrote:
> -PACKAGECONFIG ??= "libcap rarpd \
> - ${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'ninfod',
> '', d)} \
> +PACKAGECONFIG ??= "libcap \
> + ${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', '', d)} \
This probably doesn't work either
--
Alexandre Belloni, co-owner and COO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#173880):
https://lists.openembedded.org/g/openembedded-core/message/173880
Mute This Topic: https://lists.openembedded.org/mt/95290165/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH v2 1/1] iputils: update to 20221126
From: Petr Vorel
This release removed: ninfod, rarpd, rdisc.
Remove also related, not yet upstreamed patch.
Signed-off-by: Petr Vorel
---
Changes v1->v2:
* fixes missing " in SPLITPKGS (Alexandre Belloni)
Kind regards,
Petr
.../0001-rarpd-rdisc-Drop-PrivateUsers.patch | 27 ---
...putils_20211215.bb => iputils_20221126.bb} | 21 +++
2 files changed, 4 insertions(+), 44 deletions(-)
delete mode 100644
meta/recipes-extended/iputils/iputils/0001-rarpd-rdisc-Drop-PrivateUsers.patch
rename meta/recipes-extended/iputils/{iputils_20211215.bb =>
iputils_20221126.bb} (66%)
diff --git
a/meta/recipes-extended/iputils/iputils/0001-rarpd-rdisc-Drop-PrivateUsers.patch
b/meta/recipes-extended/iputils/iputils/0001-rarpd-rdisc-Drop-PrivateUsers.patch
deleted file mode 100644
index c61e39dc80..00
---
a/meta/recipes-extended/iputils/iputils/0001-rarpd-rdisc-Drop-PrivateUsers.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From dfeeb3f1328d09f516edeb6349bd63e3c87f9397 Mon Sep 17 00:00:00 2001
-From: Alex Kiernan
-Date: Thu, 13 Feb 2020 06:08:45 +
-Subject: [PATCH] rarpd:Drop PrivateUsers
-
-rarpd cannot gain the necessary capabilities with
-PrivateUsers enabled.
-
-Upstream-Status: Pending
-Signed-off-by: Alex Kiernan
-
- systemd/rarpd.service.in | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/systemd/rarpd.service.in b/systemd/rarpd.service.in
-index e600c10..f5d7621 100644
a/systemd/rarpd.service.in
-+++ b/systemd/rarpd.service.in
-@@ -12,7 +12,6 @@ AmbientCapabilities=CAP_NET_RAW
- DynamicUser=yes
- PrivateTmp=yes
- PrivateDevices=yes
--PrivateUsers=yes
- ProtectSystem=strict
- ProtectHome=yes
- ProtectControlGroups=yes
diff --git a/meta/recipes-extended/iputils/iputils_20211215.bb
b/meta/recipes-extended/iputils/iputils_20221126.bb
similarity index 66%
rename from meta/recipes-extended/iputils/iputils_20211215.bb
rename to meta/recipes-extended/iputils/iputils_20221126.bb
index 3ddce0be54..baff1452b8 100644
--- a/meta/recipes-extended/iputils/iputils_20211215.bb
+++ b/meta/recipes-extended/iputils/iputils_20221126.bb
@@ -11,9 +11,8 @@ LIC_FILES_CHKSUM =
"file://LICENSE;md5=bb64c89bb0e23b72930d2380894c47a1"
DEPENDS = "gnutls"
SRC_URI = "git://github.com/iputils/iputils;branch=master;protocol=https \
- file://0001-rarpd-rdisc-Drop-PrivateUsers.patch \
"
-SRCREV = "1d1e7c43210d8af316a41cb2c53d612a4c16f34d"
+SRCREV = "5ffabc4190cab975c7332645259e286a032e183b"
S = "${WORKDIR}/git"
@@ -23,14 +22,12 @@ UPSTREAM_CHECK_GITTAGREGEX = "(?P20\d+)"
# breaks the version order.
CVE_CHECK_IGNORE += "CVE-2000-1213 CVE-2000-1214"
-PACKAGECONFIG ??= "libcap rarpd \
- ${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'ninfod',
'', d)} \
+PACKAGECONFIG ??= "libcap \
+ ${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', '', d)} \
${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}"
PACKAGECONFIG[libcap] = "-DUSE_CAP=true, -DUSE_CAP=false
-DNO_SETCAP_OR_SUID=true, libcap libcap-native"
PACKAGECONFIG[libidn] = "-DUSE_IDN=true, -DUSE_IDN=false, libidn2"
PACKAGECONFIG[gettext] = "-DUSE_GETTEXT=true, -DUSE_GETTEXT=false, gettext"
-PACKAGECONFIG[ninfod] = "-DBUILD_NINFOD=true,-DBUILD_NINFOD=false,"
-PACKAGECONFIG[rarpd] = "-DBUILD_RARPD=true,-DBUILD_RARPD=false,"
PACKAGECONFIG[systemd] = "-Dsystemdunitdir=${systemd_system_unitdir},,systemd"
PACKAGECONFIG[docs] = "-DBUILD_HTML_MANS=true
-DBUILD_MANS=true,-DBUILD_HTML_MANS=false -DBUILD_MANS=false, libxslt"
@@ -43,9 +40,7 @@ ALTERNATIVE_PRIORITY = "100"
ALTERNATIVE:${PN}-ping = "ping"
ALTERNATIVE_LINK_NAME[ping] = "${base_bindir}/ping"
-SPLITPKGS = "${PN}-ping ${PN}-arping ${PN}-tracepath ${PN}-clockdiff
${PN}-rdisc \
- ${@bb.utils.contains('PACKAGECONFIG', 'rarpd', '${PN}-rarpd', '',
d)} \
- ${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', '${PN}-ninfod',
'', d)}"
+SPLITPKGS = "${PN}-ping ${PN}-arping ${PN}-tracepath ${PN}-clockdiff"
PACKAGES += "${SPLITPKGS}"
ALLOW_EMPTY:${PN} = "1"
@@ -56,11 +51,3 @@ FILES:${PN}-ping = "${base_bindir}/ping.${BPN}"
FILES:${PN}-arping = "${base_bindir}/arping"
FILES:${PN}-tracepath = "${base_bindir}/tracepath"
FILES:${PN}-clockdiff = "${base_bindir}/clockdiff"
-FILES:${PN}-rarpd = "${base_sbindir}/rarpd
${systemd_system_unitdir}/rarpd@.service"
-FILES:${PN}-rdisc = "${base_sbindir}/rdisc"
-FILES:${PN}-ninfod = "${base_sbindir}/ninfod ${sysconfdir}/init.d/ninfod.sh"
-
-SYSTEMD_PACKAGES = "${@bb.utils.contains('DISTRO_FEATURES', 'ipv6',
'${PN}-ninfod', '', d)} \
-${PN}-rdisc"
-SYSTEMD_SERVICE:${PN}-ninfod = "ninfod.service"
-SYSTEMD_SERVICE:${PN}-rdisc = "rdisc.service"
--
2.38.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#173879):
https://lists.openembedded.org/g/openembedded-core/message/173879
Mute This Topic: https://lists.openembedded.org/mt/95290165/21656
Group Owner: openembedded-core+ow.
Re: [OE-core] [PATCH 1/1] iputils: update to 20221126
Hi Alexandre,
...
> > -SPLITPKGS = "${PN}-ping ${PN}-arping ${PN}-tracepath ${PN}-clockdiff
> > ${PN}-rdisc \
> > - ${@bb.utils.contains('PACKAGECONFIG', 'rarpd', '${PN}-rarpd',
> > '', d)} \
> > - ${@bb.utils.contains('DISTRO_FEATURES', 'ipv6',
> > '${PN}-ninfod', '', d)}"
> > +SPLITPKGS = "${PN}-ping ${PN}-arping ${PN}-tracepath ${PN}-clockdiff \
>
> This line can't ever parse.
Thank you! The problem is in previous line which should be:
SPLITPKGS = "${PN}-ping ${PN}-arping ${PN}-tracepath ${PN}-clockdiff"
I'll send v2.
Kind regards,
Petr
>
> > PACKAGES += "${SPLITPKGS}"
...
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#173878):
https://lists.openembedded.org/g/openembedded-core/message/173878
Mute This Topic: https://lists.openembedded.org/mt/95265570/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-Core][kirkstone][PATCH v2] grub2: backport patch to fix CVE-2022-2601 CVE-2022-3775
Backport patch from upstream to solve CVE-2022-2601 CVE-2022-3775 dependency:
font: Fix size overflow in grub_font_get_glyph_internal()
(https://git.savannah.gnu.org/cgit/grub.git/commit/?id=9c76ec09ae08155df27cd237eaea150b4f02f532)
Backport patch from upstream to fix following CVEs:
CVE-2022-2601: font: Fix several integer overflows in
grub_font_construct_glyph()
(https://git.savannah.gnu.org/cgit/grub.git/commit/?id=768e1ef2fc159f6e14e7246e4be09363708ac39e)
CVE-2022-3775: font: Fix an integer underflow in blit_comb()
(https://git.savannah.gnu.org/cgit/grub.git/commit/?id=992c06191babc1e109caf40d6a07ec6fdef427af)
Signed-off-by: Xiangyu Chen
---
Changes in v2:
fix patch fuzz with devtool, tested on my local setup.
---
...erflow-in-grub_font_get_glyph_intern.patch | 115 ++
.../grub/files/CVE-2022-2601.patch| 85 +
.../grub/files/CVE-2022-3775.patch| 95 +++
meta/recipes-bsp/grub/grub2.inc | 3 +
4 files changed, 298 insertions(+)
create mode 100644
meta/recipes-bsp/grub/files/0001-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch
create mode 100644 meta/recipes-bsp/grub/files/CVE-2022-2601.patch
create mode 100644 meta/recipes-bsp/grub/files/CVE-2022-3775.patch
diff --git
a/meta/recipes-bsp/grub/files/0001-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch
b/meta/recipes-bsp/grub/files/0001-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch
new file mode 100644
index 00..efa00a3c6c
--- /dev/null
+++
b/meta/recipes-bsp/grub/files/0001-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch
@@ -0,0 +1,115 @@
+From 1f511ae054fe42dce7aedfbfe0f234fa1e0a7a3e Mon Sep 17 00:00:00 2001
+From: Zhang Boyang
+Date: Fri, 5 Aug 2022 00:51:20 +0800
+Subject: [PATCH] font: Fix size overflow in grub_font_get_glyph_internal()
+
+The length of memory allocation and file read may overflow. This patch
+fixes the problem by using safemath macros.
+
+There is a lot of code repetition like "(x * y + 7) / 8". It is unsafe
+if overflow happens. This patch introduces grub_video_bitmap_calc_1bpp_bufsz().
+It is safe replacement for such code. It has safemath-like prototype.
+
+This patch also introduces grub_cast(value, pointer), it casts value to
+typeof(*pointer) then store the value to *pointer. It returns true when
+overflow occurs or false if there is no overflow. The semantics of arguments
+and return value are designed to be consistent with other safemath macros.
+
+Signed-off-by: Zhang Boyang
+Reviewed-by: Daniel Kiper
+
+Upstream-Status: Backport from
+[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=9c76ec09ae08155df27cd237eaea150b4f02f532]
+
+Signed-off-by: Xiangyu Chen
+
+---
+ grub-core/font/font.c | 17 +
+ include/grub/bitmap.h | 18 ++
+ include/grub/safemath.h | 2 ++
+ 3 files changed, 33 insertions(+), 4 deletions(-)
+
+diff --git a/grub-core/font/font.c b/grub-core/font/font.c
+index d09bb38..876b5b6 100644
+--- a/grub-core/font/font.c
b/grub-core/font/font.c
+@@ -739,7 +739,8 @@ grub_font_get_glyph_internal (grub_font_t font,
grub_uint32_t code)
+ grub_int16_t xoff;
+ grub_int16_t yoff;
+ grub_int16_t dwidth;
+- int len;
++ grub_ssize_t len;
++ grub_size_t sz;
+
+ if (index_entry->glyph)
+ /* Return cached glyph. */
+@@ -766,9 +767,17 @@ grub_font_get_glyph_internal (grub_font_t font,
grub_uint32_t code)
+ return 0;
+ }
+
+- len = (width * height + 7) / 8;
+- glyph = grub_malloc (sizeof (struct grub_font_glyph) + len);
+- if (!glyph)
++ /* Calculate real struct size of current glyph. */
++ if (grub_video_bitmap_calc_1bpp_bufsz (width, height, &len) ||
++grub_add (sizeof (struct grub_font_glyph), len, &sz))
++ {
++remove_font (font);
++return 0;
++ }
++
++ /* Allocate and initialize the glyph struct. */
++ glyph = grub_malloc (sz);
++ if (glyph == NULL)
+ {
+ remove_font (font);
+ return 0;
+diff --git a/include/grub/bitmap.h b/include/grub/bitmap.h
+index 5728f8c..0d9603f 100644
+--- a/include/grub/bitmap.h
b/include/grub/bitmap.h
+@@ -23,6 +23,7 @@
+ #include
+ #include
+ #include
++#include
+
+ struct grub_video_bitmap
+ {
+@@ -79,6 +80,23 @@ grub_video_bitmap_get_height (struct grub_video_bitmap
*bitmap)
+ return bitmap->mode_info.height;
+ }
+
++/*
++ * Calculate and store the size of data buffer of 1bit bitmap in result.
++ * Equivalent to "*result = (width * height + 7) / 8" if no overflow occurs.
++ * Return true when overflow occurs or false if there is no overflow.
++ * This function is intentionally implemented as a macro instead of
++ * an inline function. Although a bit awkward, it preserves data types for
++ * safemath macros and reduces macro side effects as much as possible.
++ *
++ * XXX: Will report false overflow if width * height > UINT64_MAX.
[OE-core][kirkstone 31/31] create-spdx: default share_src for shared sources
From: Konrad Weihmann
if a source is using work-shared but isn't a kernel,
like for instance llvm-source from meta-clang, share_src was
previously undefined leading to a crash of the python code.
Default to WORKDIR and just override it in case the source being
a kernel recipe.
Additionally changes the variable names in the following, as
they imply that it's only about the kernel, which is not the case
in every case
(From OE-Core rev: 34fa68a0b07328c4ed4eef81f8cde80137a91f18)
Signed-off-by: Konrad Weihmann
On-behalf-of: Avnet Embedded
Signed-off-by: Steve Sakoman
---
meta/classes/create-spdx.bbclass | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/meta/classes/create-spdx.bbclass b/meta/classes/create-spdx.bbclass
index e405bd0cfa..212dfe0aa3 100644
--- a/meta/classes/create-spdx.bbclass
+++ b/meta/classes/create-spdx.bbclass
@@ -787,6 +787,7 @@ def spdx_get_src(d):
bb.build.exec_func('do_unpack', d)
# Copy source of kernel to spdx_workdir
if is_work_shared_spdx(d):
+share_src = d.getVar('WORKDIR')
d.setVar('WORKDIR', spdx_workdir)
d.setVar('STAGING_DIR_NATIVE', spdx_sysroot_native)
src_dir = spdx_workdir + "/" + d.getVar('PN')+ "-" +
d.getVar('PV') + "-" + d.getVar('PR')
@@ -794,8 +795,8 @@ def spdx_get_src(d):
if bb.data.inherits_class('kernel',d):
share_src = d.getVar('STAGING_KERNEL_DIR')
cmd_copy_share = "cp -rf " + share_src + "/* " + src_dir + "/"
-cmd_copy_kernel_result = os.popen(cmd_copy_share).read()
-bb.note("cmd_copy_kernel_result = " + cmd_copy_kernel_result)
+cmd_copy_shared_res = os.popen(cmd_copy_share).read()
+bb.note("cmd_copy_shared_result = " + cmd_copy_shared_res)
git_path = src_dir + "/.git"
if os.path.exists(git_path):
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#173876):
https://lists.openembedded.org/g/openembedded-core/message/173876
Mute This Topic: https://lists.openembedded.org/mt/95288739/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 28/31] sanity: Drop data finalize call
From: Richard Purdie
This call was effectively like update_data and no longer did anything
in bitbake. Drop it as it is obsolete.
Signed-off-by: Richard Purdie
Signed-off-by: Alexandre Belloni
(cherry picked from commit d3eb4531aae28a07cb7e52ed5fe1102445d2effd)
Signed-off-by: Steve Sakoman
---
meta/classes/sanity.bbclass | 11 ++-
1 file changed, 2 insertions(+), 9 deletions(-)
diff --git a/meta/classes/sanity.bbclass b/meta/classes/sanity.bbclass
index f2b2e4dfaf..293e405f62 100644
--- a/meta/classes/sanity.bbclass
+++ b/meta/classes/sanity.bbclass
@@ -999,13 +999,6 @@ def check_sanity(sanity_data):
if status.messages != "":
raise_sanity_error(sanity_data.expand(status.messages), sanity_data,
status.network_error)
-# Create a copy of the datastore and finalise it to ensure appends and
-# overrides are set - the datastore has yet to be finalised at ConfigParsed
-def copy_data(e):
-sanity_data = bb.data.createCopy(e.data)
-sanity_data.finalize()
-return sanity_data
-
addhandler config_reparse_eventhandler
config_reparse_eventhandler[eventmask] = "bb.event.ConfigParsed"
python config_reparse_eventhandler() {
@@ -1016,13 +1009,13 @@ addhandler check_sanity_eventhandler
check_sanity_eventhandler[eventmask] = "bb.event.SanityCheck
bb.event.NetworkTest"
python check_sanity_eventhandler() {
if bb.event.getName(e) == "SanityCheck":
-sanity_data = copy_data(e)
+sanity_data = bb.data.createCopy(e.data)
check_sanity(sanity_data)
if e.generateevents:
sanity_data.setVar("SANITY_USE_EVENTS", "1")
bb.event.fire(bb.event.SanityCheckPassed(), e.data)
elif bb.event.getName(e) == "NetworkTest":
-sanity_data = copy_data(e)
+sanity_data = bb.data.createCopy(e.data)
if e.generateevents:
sanity_data.setVar("SANITY_USE_EVENTS", "1")
bb.event.fire(bb.event.NetworkTestFailed() if
check_connectivity(sanity_data) else bb.event.NetworkTestPassed(), e.data)
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#173873):
https://lists.openembedded.org/g/openembedded-core/message/173873
Mute This Topic: https://lists.openembedded.org/mt/95288733/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 30/31] meta-selftest/staticids: add render group for systemd
From: Peter Marko Signed-off-by: Alexandre Belloni (cherry picked from commit 5b761270267063afb0462d1ebf99cabe32ff4e0a) Signed-off-by: Steve Sakoman --- meta-selftest/files/static-group | 1 + 1 file changed, 1 insertion(+) diff --git a/meta-selftest/files/static-group b/meta-selftest/files/static-group index b2e0e2f870..b13dde3218 100644 --- a/meta-selftest/files/static-group +++ b/meta-selftest/files/static-group @@ -23,3 +23,4 @@ _apt:x:523: weston-launch:x:524: weston:x:525: wayland:x:526: +render:x:527: -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#173875): https://lists.openembedded.org/g/openembedded-core/message/173875 Mute This Topic: https://lists.openembedded.org/mt/95288737/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 26/31] rm_work: exclude the SSTATETASKS from the rm_work tasks sinature
From: Jose Quaresma
We can exclude the SSTATETASKS from the rm_work task signature
to avoid running the task when we remove some setscene tasks
from the dependencie chain.
The inject_rm_work handler on the rm_work bbclass triggers the
rm_work task running for any signature change in the dependencie
chain of the task do_build of each recipe.
i.e INHERIT:remove = "create-spdx" will trigger the do_rm_work
when we collect the sstate cache with INHERIT = "create-spdx"
Signed-off-by: Jose Quaresma
Signed-off-by: Alexandre Belloni
(cherry picked from commit 77729bea5b17d65dafb604fd1665c612091b28c7)
Signed-off-by: Steve Sakoman
---
meta/classes/rm_work.bbclass | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta/classes/rm_work.bbclass b/meta/classes/rm_work.bbclass
index 5f12d5aaeb..c2b569903a 100644
--- a/meta/classes/rm_work.bbclass
+++ b/meta/classes/rm_work.bbclass
@@ -106,6 +106,8 @@ do_rm_work () {
fi
done
}
+do_rm_work[vardepsexclude] += "SSTATETASKS"
+
do_rm_work_all () {
:
}
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#173871):
https://lists.openembedded.org/g/openembedded-core/message/173871
Mute This Topic: https://lists.openembedded.org/mt/95288728/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 29/31] systemd: add group render to udev package
From: Peter Marko
>From NEWS for v236:
* The "uaccess" udev tag has been dropped from /dev/kvm and
/dev/dri/renderD*. These devices now have the 0666 permissions by
default (but this may be changed at build-time). /dev/dri/renderD*
will now be owned by the "render" group along with /dev/kfd.
Without the group systemd-udevd startup logs:
/lib/udev/rules.d/50-udev-default.rules:39 Unknown group 'render', ignoring
/lib/udev/rules.d/50-udev-default.rules:40 Unknown group 'render', ignoring
Signed-off-by: Peter Marko
Signed-off-by: Alexandre Belloni
(cherry picked from commit 84efd72d48616405dbe4d73ec95917077144ed09)
Signed-off-by: Steve Sakoman
---
meta/recipes-core/systemd/systemd_250.5.bb | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta/recipes-core/systemd/systemd_250.5.bb
b/meta/recipes-core/systemd/systemd_250.5.bb
index 93cdd6fa16..ab349b7307 100644
--- a/meta/recipes-core/systemd/systemd_250.5.bb
+++ b/meta/recipes-core/systemd/systemd_250.5.bb
@@ -389,11 +389,13 @@ SYSTEMD_PACKAGES = "${@bb.utils.contains('PACKAGECONFIG',
'binfmt', '${PN}-binfm
SYSTEMD_SERVICE:${PN}-binfmt = "systemd-binfmt.service"
USERADD_PACKAGES = "${PN} ${PN}-extra-utils \
+udev \
${@bb.utils.contains('PACKAGECONFIG', 'microhttpd',
'${PN}-journal-gatewayd', '', d)} \
${@bb.utils.contains('PACKAGECONFIG', 'microhttpd',
'${PN}-journal-remote', '', d)} \
${@bb.utils.contains('PACKAGECONFIG', 'journal-upload',
'${PN}-journal-upload', '', d)} \
"
GROUPADD_PARAM:${PN} = "-r systemd-journal;"
+GROUPADD_PARAM:udev = "-r render"
GROUPADD_PARAM:${PN} += "${@bb.utils.contains('PACKAGECONFIG',
'polkit_hostnamed_fallback', '-r systemd-hostname;', '', d)}"
USERADD_PARAM:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'coredump',
'--system -d / -M --shell /sbin/nologin systemd-coredump;', '', d)}"
USERADD_PARAM:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'networkd',
'--system -d / -M --shell /sbin/nologin systemd-network;', '', d)}"
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#173874):
https://lists.openembedded.org/g/openembedded-core/message/173874
Mute This Topic: https://lists.openembedded.org/mt/95288734/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 27/31] sstate: Allow optimisation of do_deploy_archives task dependencies
From: Jose Quaresma
do_deploy_archives tasks don't need their dependencies so we can optimistion
this as we do for some other tasks.
Signed-off-by: Jose Quaresma
Signed-off-by: Alexandre Belloni
(cherry picked from commit 3dd9f6e398844380d3765c54d35afe0d2ccf82e7)
Signed-off-by: Steve Sakoman
---
meta/classes/sstate.bbclass | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/classes/sstate.bbclass b/meta/classes/sstate.bbclass
index 3513269bca..dd6cf12920 100644
--- a/meta/classes/sstate.bbclass
+++ b/meta/classes/sstate.bbclass
@@ -1084,7 +1084,7 @@ def setscene_depvalid(task, taskdependees, notneeded, d,
log=None):
logit("Considering setscene task: %s" % (str(taskdependees[task])), log)
-directtasks = ["do_populate_lic", "do_deploy_source_date_epoch",
"do_shared_workdir", "do_stash_locale", "do_gcc_stash_builddir",
"do_create_spdx"]
+directtasks = ["do_populate_lic", "do_deploy_source_date_epoch",
"do_shared_workdir", "do_stash_locale", "do_gcc_stash_builddir",
"do_create_spdx", "do_deploy_archives"]
def isNativeCross(x):
return x.endswith("-native") or "-cross-" in x or "-crosssdk" in x or
x.endswith("-cross")
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#173872):
https://lists.openembedded.org/g/openembedded-core/message/173872
Mute This Topic: https://lists.openembedded.org/mt/95288730/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 25/31] sstatesig: skip the rm_work task signature
From: Jose Quaresma We can skip the rm_work task signature to avoid running the task when we remove some tasks from the dependencie chain. The inject_rm_work handler on the rm_work bbclass triggers the rm_work task running for any signature change in the dependencie chain of the task do_build of each recipe. i.e INHERIT:remove = "create-spdx" will trigger the do_rm_work when we collect the sstate cache with INHERIT = "create-spdx" Signed-off-by: Jose Quaresma Signed-off-by: Alexandre Belloni (cherry picked from commit 292305700e39d0ebd64763f5032c39ace5005fad) Signed-off-by: Steve Sakoman --- meta/lib/oe/sstatesig.py | 6 ++ 1 file changed, 6 insertions(+) diff --git a/meta/lib/oe/sstatesig.py b/meta/lib/oe/sstatesig.py index de65244932..f5a77bea27 100644 --- a/meta/lib/oe/sstatesig.py +++ b/meta/lib/oe/sstatesig.py @@ -30,6 +30,12 @@ def sstate_rundepfilter(siggen, fn, recipename, task, dep, depname, dataCaches): depmc, _, deptaskname, depmcfn = bb.runqueue.split_tid_mcfn(dep) mc, _ = bb.runqueue.split_mc(fn) +# We can skip the rm_work task signature to avoid running the task +# when we remove some tasks from the dependencie chain +# i.e INHERIT:remove = "create-spdx" will trigger the do_rm_work +if task == "do_rm_work": +return False + # Keep all dependencies between SPDX tasks in the signature. SPDX documents # are linked together by hashes, which means if a dependent document changes, # all downstream documents must be re-written (even if they are "safe" -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#173870): https://lists.openembedded.org/g/openembedded-core/message/173870 Mute This Topic: https://lists.openembedded.org/mt/95288727/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 24/31] gnomebase.bbclass: return the whole version for tarball directory if it is a number
From: Alexander Kanavin
E.g. if version is '43' without any dots, existing code would return ''.
Signed-off-by: Alexander Kanavin
Signed-off-by: Alexandre Belloni
(cherry picked from commit 38c15322bdbb2423973939e861b5ad1ffb5c8b7f)
Signed-off-by: Steve Sakoman
---
meta/classes/gnomebase.bbclass | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/classes/gnomebase.bbclass b/meta/classes/gnomebase.bbclass
index 9a5bd9a232..99ac472080 100644
--- a/meta/classes/gnomebase.bbclass
+++ b/meta/classes/gnomebase.bbclass
@@ -1,5 +1,5 @@
def gnome_verdir(v):
-return ".".join(v.split(".")[:-1])
+return ".".join(v.split(".")[:-1]) or v
GNOME_COMPRESS_TYPE ?= "xz"
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#173869):
https://lists.openembedded.org/g/openembedded-core/message/173869
Mute This Topic: https://lists.openembedded.org/mt/95288720/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 23/31] vala: install vapigen-wrapper into /usr/bin/crosscripts and stage only that
From: Alexander Kanavin
Staging the whole /usr/bin is not correct, as it pulls in also
all the vala's cross binaries, which may be discovered by other recipes
and things will go wrong then.
Signed-off-by: Alexander Kanavin
Signed-off-by: Alexandre Belloni
(cherry picked from commit 52629d9db0344146ff4734632b17bd731e247fd5)
Signed-off-by: Steve Sakoman
---
meta/recipes-devtools/vala/vala.inc | 10 +-
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/meta/recipes-devtools/vala/vala.inc
b/meta/recipes-devtools/vala/vala.inc
index 974baa33f5..d3daee37dc 100644
--- a/meta/recipes-devtools/vala/vala.inc
+++ b/meta/recipes-devtools/vala/vala.inc
@@ -42,20 +42,20 @@ EXTRA_OECONF += " --disable-valadoc"
# Vapigen wrapper needs to be available system-wide, because it will be used
# to build vapi files from all other packages with vala support
do_install:append:class-target() {
-install -d ${D}${bindir}/
-install ${B}/vapigen-wrapper ${D}${bindir}/
+install -d ${D}${bindir_crossscripts}/
+install ${B}/vapigen-wrapper ${D}${bindir_crossscripts}/
}
# Put vapigen wrapper into target sysroot so that it can be used when building
# vapi files.
-SYSROOT_DIRS:append:class-target = " ${bindir}"
+SYSROOT_DIRS += "${bindir_crossscripts}"
SYSROOT_PREPROCESS_FUNCS:append:class-target = " vapigen_sysroot_preprocess"
vapigen_sysroot_preprocess() {
# Tweak the vapigen name in the vapigen pkgconfig file, so that it
picks
# up our wrapper.
sed -i \
- -e "s|vapigen=.*|vapigen=${bindir}/vapigen-wrapper|" \
+ -e "s|vapigen=.*|vapigen=${bindir_crossscripts}/vapigen-wrapper|" \
${SYSROOT_DESTDIR}${libdir}/pkgconfig/vapigen-${SHRT_VER}.pc
}
@@ -64,5 +64,5 @@ SSTATE_SCAN_FILES += "vapigen-wrapper"
PACKAGE_PREPROCESS_FUNCS += "vala_package_preprocess"
vala_package_preprocess () {
- sed -i -e 's:${RECIPE_SYSROOT}::g;' ${PKGD}${bindir}/vapigen-wrapper
+ sed -i -e 's:${RECIPE_SYSROOT}::g;'
${PKGD}${bindir_crossscripts}/vapigen-wrapper
}
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#173868):
https://lists.openembedded.org/g/openembedded-core/message/173868
Mute This Topic: https://lists.openembedded.org/mt/95288719/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 22/31] linux-firmware: don't put the firmware into the sysroot
From: Ross Burton
There's no need to have linux-firmware in the sysroot. The sysroot won't
ever be used anyway as nothing needs the firmware at build-time, but this
saves us building a ~900MB sysroot (~300MB sstate tarball).
Signed-off-by: Ross Burton
Signed-off-by: Alexandre Belloni
(cherry picked from commit 26ed998c4f201c5cacf330f52e51e416afbd300c)
Signed-off-by: Steve Sakoman
---
meta/recipes-kernel/linux-firmware/linux-firmware_20221012.bb | 3 +++
1 file changed, 3 insertions(+)
diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_20221012.bb
b/meta/recipes-kernel/linux-firmware/linux-firmware_20221012.bb
index 6ba59a34c2..c7ecee0d9a 100644
--- a/meta/recipes-kernel/linux-firmware/linux-firmware_20221012.bb
+++ b/meta/recipes-kernel/linux-firmware/linux-firmware_20221012.bb
@@ -1121,3 +1121,6 @@ INSANE_SKIP = "arch"
# Don't warn about already stripped files
INSANE_SKIP:${PN} = "already-stripped"
+
+# No need to put firmware into the sysroot
+SYSROOT_DIRS_IGNORE += "${nonarch_base_libdir}/firmware"
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#173867):
https://lists.openembedded.org/g/openembedded-core/message/173867
Mute This Topic: https://lists.openembedded.org/mt/95288718/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 21/31] qemu-helper-native: Correctly pass program name as argv[0]
From: Joshua Watt
The previous version of this wasn't correctly passing the program name
as argv[0], and was also over-complicated anyway because argv[] is
guaranteed to be terminated with a NULL pointer, so it can be passed
directly to the execv'd process without needing to be copied.
Signed-off-by: Joshua Watt
Signed-off-by: Alexandre Belloni
(cherry picked from commit 6edf38add3c20c44efe0588e2815bb280d22e0c4)
Signed-off-by: Steve Sakoman
---
.../qemu/qemu-helper/qemu-oe-bridge-helper.c | 15 ---
1 file changed, 4 insertions(+), 11 deletions(-)
diff --git a/meta/recipes-devtools/qemu/qemu-helper/qemu-oe-bridge-helper.c
b/meta/recipes-devtools/qemu/qemu-helper/qemu-oe-bridge-helper.c
index cadf2a012a..9434e1d269 100644
--- a/meta/recipes-devtools/qemu/qemu-helper/qemu-oe-bridge-helper.c
+++ b/meta/recipes-devtools/qemu/qemu-helper/qemu-oe-bridge-helper.c
@@ -8,6 +8,7 @@
#include
#include
+#include
void try_program(char const* path, char** args) {
if (access(path, X_OK) == 0) {
@@ -18,22 +19,14 @@ void try_program(char const* path, char** args) {
int main(int argc, char** argv) {
char* var;
-/* Copy arguments so that they are a NULL terminated list, skipping argv[0]
- * since it is this program name */
-char** args = malloc(argc * sizeof(char*));
-for (int i = 0; i < argc - 1; i++) {
-args[i] = argv[i + 1];
-}
-args[argc - 1] = NULL;
-
var = getenv("QEMU_BRIDGE_HELPER");
if (var && var[0] != '\0') {
-execvp(var, args);
+execvp(var, argv);
return 1;
}
-try_program("/usr/libexec/qemu-bridge-helper", args);
-try_program("/usr/lib/qemu/qemu-bridge-helper", args);
+try_program("/usr/libexec/qemu-bridge-helper", argv);
+try_program("/usr/lib/qemu/qemu-bridge-helper", argv);
fprintf(stderr, "No bridge helper found\n");
return 1;
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#173866):
https://lists.openembedded.org/g/openembedded-core/message/173866
Mute This Topic: https://lists.openembedded.org/mt/95288717/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 20/31] qemu-helper-native: Re-write bridge helper as C program
From: Joshua Watt
The bridge helper program is invoked directly from QEMU when it needs to
attach to a network bridge. As such, it is subject to the environment of
QEMU itself. Specifically, if bridging is enabled with direct rendering
acceleration, QEMU is run with an LD_PRELOAD that attempts to preload
several uninative libraries; however /bin/sh doesn't use the uninative
loader which means it can fail to start with an error like:
/bin/sh: symbol lookup error: sysroots-uninative/x86_64-linux/lib/librt.so.1:
undefined symbol: __libc_unwind_link_get, version GLIBC_PRIVATE
Converting the helper program to a C program resolves this problem
because it will now use the uninative loader so the preload doesn't
cause errors.
Signed-off-by: Joshua Watt
Signed-off-by: Alexandre Belloni
(cherry picked from commit f698e98f2f09952b34488b8cf9e73e82bd7aea07)
Signed-off-by: Steve Sakoman
---
.../qemu/qemu-helper-native_1.0.bb| 6 +--
.../qemu/qemu-helper/qemu-oe-bridge-helper| 25 ---
.../qemu/qemu-helper/qemu-oe-bridge-helper.c | 41 +++
3 files changed, 44 insertions(+), 28 deletions(-)
delete mode 100755 meta/recipes-devtools/qemu/qemu-helper/qemu-oe-bridge-helper
create mode 100644
meta/recipes-devtools/qemu/qemu-helper/qemu-oe-bridge-helper.c
diff --git a/meta/recipes-devtools/qemu/qemu-helper-native_1.0.bb
b/meta/recipes-devtools/qemu/qemu-helper-native_1.0.bb
index aa9e499c77..e297586bbb 100644
--- a/meta/recipes-devtools/qemu/qemu-helper-native_1.0.bb
+++ b/meta/recipes-devtools/qemu/qemu-helper-native_1.0.bb
@@ -7,7 +7,7 @@ LIC_FILES_CHKSUM =
"file://${WORKDIR}/tunctl.c;endline=4;md5=ff3a09996bc5fff6bc5
SRC_URI = "\
file://tunctl.c \
-file://qemu-oe-bridge-helper \
+file://qemu-oe-bridge-helper.c \
"
S = "${WORKDIR}"
@@ -16,13 +16,13 @@ inherit native
do_compile() {
${CC} ${CFLAGS} ${LDFLAGS} -Wall tunctl.c -o tunctl
+ ${CC} ${CFLAGS} ${LDFLAGS} -Wall qemu-oe-bridge-helper.c -o
qemu-oe-bridge-helper
}
do_install() {
install -d ${D}${bindir}
install tunctl ${D}${bindir}/
-
-install -m 755 ${WORKDIR}/qemu-oe-bridge-helper ${D}${bindir}/
+ install qemu-oe-bridge-helper ${D}${bindir}/
}
DEPENDS += "qemu-system-native"
diff --git a/meta/recipes-devtools/qemu/qemu-helper/qemu-oe-bridge-helper
b/meta/recipes-devtools/qemu/qemu-helper/qemu-oe-bridge-helper
deleted file mode 100755
index f057d4eef0..00
--- a/meta/recipes-devtools/qemu/qemu-helper/qemu-oe-bridge-helper
+++ /dev/null
@@ -1,25 +0,0 @@
-#! /bin/sh
-# Copyright 2020 Garmin Ltd. or its subsidiaries
-#
-# SPDX-License-Identifier: GPL-2.0
-#
-# Attempts to find and exec the host qemu-bridge-helper program
-
-# If the QEMU_BRIDGE_HELPER variable is set by the user, exec it.
-if [ -n "$QEMU_BRIDGE_HELPER" ]; then
-exec "$QEMU_BRIDGE_HELPER" "$@"
-fi
-
-# Search common paths for the helper program
-BN="qemu-bridge-helper"
-PATHS="/usr/libexec/ /usr/lib/qemu/"
-
-for p in $PATHS; do
-if [ -e "$p/$BN" ]; then
-exec "$p/$BN" "$@"
-fi
-done
-
-echo "$BN not found!" > /dev/stderr
-exit 1
-
diff --git a/meta/recipes-devtools/qemu/qemu-helper/qemu-oe-bridge-helper.c
b/meta/recipes-devtools/qemu/qemu-helper/qemu-oe-bridge-helper.c
new file mode 100644
index 00..cadf2a012a
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu-helper/qemu-oe-bridge-helper.c
@@ -0,0 +1,41 @@
+/*
+ * Copyright 2022 Garmin Ltd. or its subsidiaries
+ *
+ * SPDX-License-Identifier: GPL-2.0
+ *
+ * Attempts to find and exec the host qemu-bridge-helper program
+ */
+
+#include
+#include
+
+void try_program(char const* path, char** args) {
+if (access(path, X_OK) == 0) {
+execv(path, args);
+}
+}
+
+int main(int argc, char** argv) {
+char* var;
+
+/* Copy arguments so that they are a NULL terminated list, skipping argv[0]
+ * since it is this program name */
+char** args = malloc(argc * sizeof(char*));
+for (int i = 0; i < argc - 1; i++) {
+args[i] = argv[i + 1];
+}
+args[argc - 1] = NULL;
+
+var = getenv("QEMU_BRIDGE_HELPER");
+if (var && var[0] != '\0') {
+execvp(var, args);
+return 1;
+}
+
+try_program("/usr/libexec/qemu-bridge-helper", args);
+try_program("/usr/lib/qemu/qemu-bridge-helper", args);
+
+fprintf(stderr, "No bridge helper found\n");
+return 1;
+}
+
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#173865):
https://lists.openembedded.org/g/openembedded-core/message/173865
Mute This Topic: https://lists.openembedded.org/mt/95288716/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 19/31] iso-codes: upgrade 4.11.0 -> 4.12.0
From: Wang Mingyu
Changelog:
=
- ISO 3166-1: Update name for TR. Fixes #38
- Translation updates for ISO 3166-1
- Translation updates for ISO 3166-2. Closes: #1020633
- Translation updates for ISO 3166-3
- Translation updates for ISO 639-2
- Translation updates for ISO 639-3
- Translation updates for ISO 639-5
- Translation updates for ISO 4217
- Translation updates for ISO 15924
Signed-off-by: Wang Mingyu
Signed-off-by: Alexandre Belloni
(cherry picked from commit 99917b4b7d5642b292cb95c770871b95e411dfc5)
Signed-off-by: Steve Sakoman
---
.../iso-codes/{iso-codes_4.11.0.bb => iso-codes_4.12.0.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-support/iso-codes/{iso-codes_4.11.0.bb =>
iso-codes_4.12.0.bb} (94%)
diff --git a/meta/recipes-support/iso-codes/iso-codes_4.11.0.bb
b/meta/recipes-support/iso-codes/iso-codes_4.12.0.bb
similarity index 94%
rename from meta/recipes-support/iso-codes/iso-codes_4.11.0.bb
rename to meta/recipes-support/iso-codes/iso-codes_4.12.0.bb
index be573981b0..ea7c43cdae 100644
--- a/meta/recipes-support/iso-codes/iso-codes_4.11.0.bb
+++ b/meta/recipes-support/iso-codes/iso-codes_4.12.0.bb
@@ -9,7 +9,7 @@ LICENSE = "LGPL-2.1-only"
LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c"
SRC_URI =
"git://salsa.debian.org/iso-codes-team/iso-codes.git;protocol=https;branch=main;"
-SRCREV = "2651d7fe65582263c57385a852b0c6d8a49f6985"
+SRCREV = "5e4dddbd1f8902ab0252ccbb19b783cc0359505a"
# inherit gettext cannot be used, because it adds gettext-native to
BASEDEPENDS which
# are inhibited by allarch
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#173864):
https://lists.openembedded.org/g/openembedded-core/message/173864
Mute This Topic: https://lists.openembedded.org/mt/95288715/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 18/31] babeltrace: upgrade 1.5.8 -> 1.5.11
From: Wang Mingyu
Changelog:
===
* Fix: distutils removed in python 3.12
* Fix: use-after-free with popt 1.19
* configure.ac: Basic fixes for autoconf 2.70
* Add gerrit config for stable-1.5
* port: disable debug-info by default on FreeBSD
* port: add missing includes for FreeBSD compat
* bindings: try importing collections.abc first for forward compatibility
* man: fix typo in babeltrace.1
Signed-off-by: Wang Mingyu
Signed-off-by: Alexandre Belloni
(cherry picked from commit a8f3e4f92f968eb96df11203ff442e6e42634915)
Signed-off-by: Steve Sakoman
---
.../lttng/{babeltrace_1.5.8.bb => babeltrace_1.5.11.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-kernel/lttng/{babeltrace_1.5.8.bb => babeltrace_1.5.11.bb}
(98%)
diff --git a/meta/recipes-kernel/lttng/babeltrace_1.5.8.bb
b/meta/recipes-kernel/lttng/babeltrace_1.5.11.bb
similarity index 98%
rename from meta/recipes-kernel/lttng/babeltrace_1.5.8.bb
rename to meta/recipes-kernel/lttng/babeltrace_1.5.11.bb
index 19601e7d1b..8e2fe4164d 100644
--- a/meta/recipes-kernel/lttng/babeltrace_1.5.8.bb
+++ b/meta/recipes-kernel/lttng/babeltrace_1.5.11.bb
@@ -10,7 +10,7 @@ DEPENDS = "glib-2.0 util-linux popt bison-native flex-native"
SRC_URI = "git://git.efficios.com/babeltrace.git;branch=stable-1.5 \
file://run-ptest \
"
-SRCREV = "054a54ae10b01a271afc4f19496c041b10fb414c"
+SRCREV = "91c00f70884887ff5c4849a8e3d47e311a22ba9d"
UPSTREAM_CHECK_GITTAGREGEX = "v(?P1(\.\d+)+)$"
S = "${WORKDIR}/git"
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#173863):
https://lists.openembedded.org/g/openembedded-core/message/173863
Mute This Topic: https://lists.openembedded.org/mt/95288714/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 17/31] mobile-broadband-provider-info: upgrade 20220725 -> 20221107
From: Wang Mingyu Signed-off-by: Wang Mingyu Signed-off-by: Alexandre Belloni (cherry picked from commit 7e12fa1e6250fc358ba159a6b626458d871f7ccf) Signed-off-by: Steve Sakoman --- .../mobile-broadband-provider-info_git.bb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb b/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb index 2cc92b7b47..e802bcee18 100644 --- a/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb +++ b/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb @@ -5,8 +5,8 @@ SECTION = "network" LICENSE = "PD" LIC_FILES_CHKSUM = "file://COPYING;md5=87964579b2a8ece4bc6744d2dc9a8b04" -SRCREV = "fe19892a8168bf19d81e3bc4ee319bf7f9f058f5" -PV = "20220725" +SRCREV = "22a5de3ef637990ce03141f786fbdb327e9c5a3f" +PV = "20221107" PE = "1" SRC_URI = "git://gitlab.gnome.org/GNOME/mobile-broadband-provider-info.git;protocol=https;branch=main" -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#173862): https://lists.openembedded.org/g/openembedded-core/message/173862 Mute This Topic: https://lists.openembedded.org/mt/95288713/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 16/31] libepoxy: update 1.5.9 -> 1.5.10
From: Alexander Kanavin
Changes since 1.5.9
- Fix for building with MSVC on non-English locale [Seungha Yang]
- Fix build on Android [Caolán McNamara]
- Add the right include paths for EGL and X11 headers [Alex Richardson]
Signed-off-by: Alexander Kanavin
Signed-off-by: Alexandre Belloni
(cherry picked from commit 436cb3c98c582e17e6ed2491cc6598c56976af46)
Signed-off-by: Steve Sakoman
---
.../libepoxy/{libepoxy_1.5.9.bb => libepoxy_1.5.10.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-graphics/libepoxy/{libepoxy_1.5.9.bb =>
libepoxy_1.5.10.bb} (95%)
diff --git a/meta/recipes-graphics/libepoxy/libepoxy_1.5.9.bb
b/meta/recipes-graphics/libepoxy/libepoxy_1.5.10.bb
similarity index 95%
rename from meta/recipes-graphics/libepoxy/libepoxy_1.5.9.bb
rename to meta/recipes-graphics/libepoxy/libepoxy_1.5.10.bb
index 881010b1a3..c3e770dfa8 100644
--- a/meta/recipes-graphics/libepoxy/libepoxy_1.5.9.bb
+++ b/meta/recipes-graphics/libepoxy/libepoxy_1.5.10.bb
@@ -12,7 +12,7 @@ LIC_FILES_CHKSUM =
"file://COPYING;md5=58ef4c80d401e07bd9ee8b6b58cf464b"
SRC_URI = "git://github.com/anholt/libepoxy;branch=master;protocol=https \
file://0001-dispatch_common.h-define-also-EGL_NO_X11.patch \
"
-SRCREV = "ecfa8e0f083084181d36966fa084aca9a6c97d53"
+SRCREV = "c84bc9459357a40e46e2fec0408d04fbdde2c973"
S = "${WORKDIR}/git"
UPSTREAM_CHECK_URI = "https://github.com/anholt/libepoxy/releases";
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#173861):
https://lists.openembedded.org/g/openembedded-core/message/173861
Mute This Topic: https://lists.openembedded.org/mt/95288711/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 15/31] libepoxy: convert to git
From: Alexander Kanavin
Latest version doesn't come with stable tarballs.
Signed-off-by: Alexander Kanavin
Signed-off-by: Alexandre Belloni
(cherry picked from commit 4b6eed2bb323a3c7390ca3ad426afe27e9072bf0)
Signed-off-by: Steve Sakoman
---
meta/recipes-graphics/libepoxy/libepoxy_1.5.9.bb | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-graphics/libepoxy/libepoxy_1.5.9.bb
b/meta/recipes-graphics/libepoxy/libepoxy_1.5.9.bb
index 487fc00360..881010b1a3 100644
--- a/meta/recipes-graphics/libepoxy/libepoxy_1.5.9.bb
+++ b/meta/recipes-graphics/libepoxy/libepoxy_1.5.9.bb
@@ -9,10 +9,11 @@ SECTION = "libs"
LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://COPYING;md5=58ef4c80d401e07bd9ee8b6b58cf464b"
-SRC_URI =
"https://github.com/anholt/${BPN}/releases/download/${PV}/${BP}.tar.xz \
+SRC_URI = "git://github.com/anholt/libepoxy;branch=master;protocol=https \
file://0001-dispatch_common.h-define-also-EGL_NO_X11.patch \
"
-SRC_URI[sha256sum] =
"d168a19a6edfdd9977fef1308ccf516079856a4275cf876de688fb7927e365e4"
+SRCREV = "ecfa8e0f083084181d36966fa084aca9a6c97d53"
+S = "${WORKDIR}/git"
UPSTREAM_CHECK_URI = "https://github.com/anholt/libepoxy/releases";
inherit meson pkgconfig features_check
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#173860):
https://lists.openembedded.org/g/openembedded-core/message/173860
Mute This Topic: https://lists.openembedded.org/mt/95288710/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 14/31] gstreamer1.0: upgrade 1.20.3 -> 1.20.4
From: Alexander Kanavin
The fourth 1.20 bug-fix release (1.20.4) was released on 12 October 2022.
This release only contains bugfixes and it should be safe to upgrade from
1.20.x.
Highlighted bugfixes in 1.20.4
- avaudiodec: fix playback issue with WMA files, would throw an error at EOS
with FFmpeg 5.x
- Fix deadlock when loading gst-editing-services plugin
- Fix input buffering capacity in live mode for aggregator, video/audio
aggregator subclasses, muxers
- glimagesink: fix crash on Android
- subtitle handling and subtitle overlay fixes
- matroska-mux: allow width + height changes for avc3|hev1|vp8|vp9
- rtspsrc: fix control url handling for spec compliant servers and add fallback
for incompliant servers
- WebRTC fixes
- RTP retransmission fixes
- video: fixes for formats with 4x subsampling and horizontal co-sited chroma
(Y41B, YUV9, YVU9 and IYU9)
- macOS build and packaging fixes, in particular fix finding of gio modules on
macOS for https/TLS support
- Fix consuming of the macOS package as a framework in XCode
- Performance improvements
- Miscellaneous bug fixes, memory leak fixes, and other stability and
reliability improvements
Signed-off-by: Alexander Kanavin
Signed-off-by: Alexandre Belloni
(cherry picked from commit 58e4825328dafd7f593d9eb42be5506408627a31)
Signed-off-by: Steve Sakoman
---
...tools_1.20.3.bb => gst-devtools_1.20.4.bb} | 2 +-
...r-APNG-encoder-property-registration.patch | 86 ---
...1.20.3.bb => gstreamer1.0-libav_1.20.4.bb} | 6 +-
...x_1.20.3.bb => gstreamer1.0-omx_1.20.4.bb} | 2 +-
bb => gstreamer1.0-plugins-bad_1.20.4.bb} | 2 +-
...bb => gstreamer1.0-plugins-base_1.20.4.bb} | 2 +-
...bb => gstreamer1.0-plugins-good_1.20.4.bb} | 2 +-
...bb => gstreamer1.0-plugins-ugly_1.20.4.bb} | 2 +-
20.3.bb => gstreamer1.0-python_1.20.4.bb} | 2 +-
bb => gstreamer1.0-rtsp-server_1.20.4.bb} | 2 +-
...1.20.3.bb => gstreamer1.0-vaapi_1.20.4.bb} | 2 +-
...er1.0_1.20.3.bb => gstreamer1.0_1.20.4.bb} | 2 +-
12 files changed, 12 insertions(+), 100 deletions(-)
rename meta/recipes-multimedia/gstreamer/{gst-devtools_1.20.3.bb =>
gst-devtools_1.20.4.bb} (95%)
delete mode 100644
meta/recipes-multimedia/gstreamer/gstreamer1.0-libav/0001-libav-Fix-for-APNG-encoder-property-registration.patch
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-libav_1.20.3.bb =>
gstreamer1.0-libav_1.20.4.bb} (82%)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-omx_1.20.3.bb =>
gstreamer1.0-omx_1.20.4.bb} (95%)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-plugins-bad_1.20.3.bb
=> gstreamer1.0-plugins-bad_1.20.4.bb} (98%)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-plugins-base_1.20.3.bb
=> gstreamer1.0-plugins-base_1.20.4.bb} (97%)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-plugins-good_1.20.3.bb
=> gstreamer1.0-plugins-good_1.20.4.bb} (97%)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-plugins-ugly_1.20.3.bb
=> gstreamer1.0-plugins-ugly_1.20.4.bb} (94%)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-python_1.20.3.bb =>
gstreamer1.0-python_1.20.4.bb} (91%)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-rtsp-server_1.20.3.bb
=> gstreamer1.0-rtsp-server_1.20.4.bb} (90%)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-vaapi_1.20.3.bb =>
gstreamer1.0-vaapi_1.20.4.bb} (95%)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0_1.20.3.bb =>
gstreamer1.0_1.20.4.bb} (97%)
diff --git a/meta/recipes-multimedia/gstreamer/gst-devtools_1.20.3.bb
b/meta/recipes-multimedia/gstreamer/gst-devtools_1.20.4.bb
similarity index 95%
rename from meta/recipes-multimedia/gstreamer/gst-devtools_1.20.3.bb
rename to meta/recipes-multimedia/gstreamer/gst-devtools_1.20.4.bb
index c515e173c8..09b6e5a497 100644
--- a/meta/recipes-multimedia/gstreamer/gst-devtools_1.20.3.bb
+++ b/meta/recipes-multimedia/gstreamer/gst-devtools_1.20.4.bb
@@ -12,7 +12,7 @@ SRC_URI =
"https://gstreamer.freedesktop.org/src/gst-devtools/gst-devtools-${PV}
file://0001-connect-has-a-different-signature-on-musl.patch \
"
-SRC_URI[sha256sum] =
"bbbd45ead703367ea8f4be9b3c082d7b62bef47b240a39083f27844e28758c47"
+SRC_URI[sha256sum] =
"82a293600273f4dd3eed567aae510ca0c7d629c3807788b00e6cdbd1d2459a84"
DEPENDS = "json-glib glib-2.0 glib-2.0-native gstreamer1.0
gstreamer1.0-plugins-base"
RRECOMMENDS:${PN} = "git"
diff --git
a/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav/0001-libav-Fix-for-APNG-encoder-property-registration.patch
b/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav/0001-libav-Fix-for-APNG-encoder-property-registration.patch
deleted file mode 100644
index 526bbb0037..00
---
a/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav/0001-libav-Fix-for-APNG-encoder-property-registration.patch
+++ /dev/null
@@ -1,86 +0,0 @@
-From 78a97c1ec35ada76d83fc67d0549ba56c74d8875 Mon Sep 17 00:00:00 2001
-From: Seungha Yang
-Date: Thu, 7 Jul 2022 22:16:30 +0900
-Subjec
[OE-core][kirkstone 13/31] gdk-pixbuf: upgrade 2.42.9 -> 2.42.10
From: Alexander Kanavin
2.42.10 (stable)
===
- Search for rst2man.py [!145, Matt Turner]
- Update the memory size limit for JPEG images [#216, #218]
- Translation updates
Signed-off-by: Alexander Kanavin
Signed-off-by: Alexandre Belloni
(cherry picked from commit 01e1828f8e5bcb0ad88b89fe783c2973480695bb)
Signed-off-by: Steve Sakoman
---
.../gdk-pixbuf/{gdk-pixbuf_2.42.9.bb => gdk-pixbuf_2.42.10.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-gnome/gdk-pixbuf/{gdk-pixbuf_2.42.9.bb =>
gdk-pixbuf_2.42.10.bb} (98%)
diff --git a/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.9.bb
b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.10.bb
similarity index 98%
rename from meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.9.bb
rename to meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.10.bb
index d33718e3ea..aa44515fbb 100644
--- a/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.9.bb
+++ b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.10.bb
@@ -23,7 +23,7 @@ SRC_URI =
"${GNOME_MIRROR}/${BPN}/${MAJ_VER}/${BPN}-${PV}.tar.xz \
file://0001-Add-use_prebuilt_tools-option.patch \
"
-SRC_URI[sha256sum] =
"28f7958e7bf29a32d4e963556d241d0a41a6786582ff6a5ad11665e0347fc962"
+SRC_URI[sha256sum] =
"ee9b6c75d13ba096907a2e3c6b27b61bcd17f5c7ebeab5a5b439d2f2e39fe44b"
inherit meson pkgconfig gettext pixbufcache ptest-gnome
upstream-version-is-even gobject-introspection gi-docgen lib_package
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#173858):
https://lists.openembedded.org/g/openembedded-core/message/173858
Mute This Topic: https://lists.openembedded.org/mt/95288708/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 12/31] mtd-utils: upgrade 2.1.4 -> 2.1.5
From: Alexander Kanavin Raw short log since the 2.1.4 release: Alex Henrie (1): mkfs.jffs2: fix spelling of --compression-mode parameter in help text Andrew Mellor (1): ubinfo: Fix --vol_id return code for absent volume id Christophe Kerello (1): nandflipbits: fix corrupted oob David Oberhollenzer (1): Release mtd-utils-2.1.5 Enrico Jorns (1): libmtd: do not ignore non-zero eraseblock size when MTD_NO_ERASE is set Frederic Germain (2): .gitignore: add new ubiscan utility Fix warning about unaligned pointer in jffs2reader Khem Raj (1): tests: Remove unused linux/fs.h header from includes Michael Walle (1): mtd-utils: flash_otp_dump make offset optional Mike Frysinger (1): fix test bashism Rafał Miłecki (1): nandwrite: warn about writing 0xff blocks Sascha Hauer (1): mtd-utils: nanddump: fix writing big images on 32bit machines liaohua (1): nor-utils: fix memory leak Signed-off-by: Alexander Kanavin Signed-off-by: Alexandre Belloni (cherry picked from commit a3289c988764e5b864873b4adc7656c101a5b9c0) Signed-off-by: Steve Sakoman --- meta/recipes-devtools/mtd/mtd-utils_git.bb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/recipes-devtools/mtd/mtd-utils_git.bb b/meta/recipes-devtools/mtd/mtd-utils_git.bb index 3318277477..6a4f7b0688 100644 --- a/meta/recipes-devtools/mtd/mtd-utils_git.bb +++ b/meta/recipes-devtools/mtd/mtd-utils_git.bb @@ -11,9 +11,9 @@ inherit autotools pkgconfig update-alternatives DEPENDS = "zlib e2fsprogs util-linux" RDEPENDS:mtd-utils-tests += "bash" -PV = "2.1.4" +PV = "2.1.5" -SRCREV = "c7f1bfa44a84d02061787e2f6093df5cc40b9f5c" +SRCREV = "3f3b4cc6c3120107e7aaa21c6415772a255ac49c" SRC_URI = "git://git.infradead.org/mtd-utils.git;branch=master \ file://add-exclusion-to-mkfs-jffs2-git-2.patch \ " -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#173857): https://lists.openembedded.org/g/openembedded-core/message/173857 Mute This Topic: https://lists.openembedded.org/mt/95288706/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 10/31] libffi: upgrade 3.4.2 -> 3.4.4
From: Alexander Kanavin
3.4.4 Oct-23-2022
Important aarch64 fixes, including support for linux builds
with Link Time Optimization (-flto).
Fix x86 stdcall stack alignment.
Fix x86 Windows msvc assembler compatibility.
Fix moxie and or1k small structure args.
3.4.3 Sep-19-22
All struct args are passed by value, regardless of size, as per ABIs.
Enable static trampolines for Cygwin.
Add support for Loongson's LoongArch64 architecture.
Fix x32 static trampolines.
Fix 32-bit x86 stdcall stack corruption.
Fix ILP32 aarch64 support.
License-Update: copyright years
Signed-off-by: Alexander Kanavin
Signed-off-by: Alexandre Belloni
(cherry picked from commit 5b42ba98ef26a52bad8de1790b402938fec4a160)
Signed-off-by: Steve Sakoman
---
.../0001-arm-sysv-reverted-clang-VFP-mitigation.patch | 6 ++
meta/recipes-support/libffi/libffi/not-win32.patch| 8
.../libffi/{libffi_3.4.2.bb => libffi_3.4.4.bb} | 4 ++--
3 files changed, 8 insertions(+), 10 deletions(-)
rename meta/recipes-support/libffi/{libffi_3.4.2.bb => libffi_3.4.4.bb} (90%)
diff --git
a/meta/recipes-support/libffi/libffi/0001-arm-sysv-reverted-clang-VFP-mitigation.patch
b/meta/recipes-support/libffi/libffi/0001-arm-sysv-reverted-clang-VFP-mitigation.patch
index 4233799501..3ffcb3e128 100644
---
a/meta/recipes-support/libffi/libffi/0001-arm-sysv-reverted-clang-VFP-mitigation.patch
+++
b/meta/recipes-support/libffi/libffi/0001-arm-sysv-reverted-clang-VFP-mitigation.patch
@@ -1,4 +1,4 @@
-From 501a6b55853af549fae72723e74271f2a4ec7cf6 Mon Sep 17 00:00:00 2001
+From 000f1500b693a84880d2da49b77b1113f98dde35 Mon Sep 17 00:00:00 2001
From: Brett Warren
Date: Fri, 27 Nov 2020 15:28:42 +
Subject: [PATCH] arm/sysv: reverted clang VFP mitigation
@@ -13,6 +13,7 @@ has been reverted.
Upstream-Status: Submitted [https://github.com/libffi/libffi/pull/747]
Signed-off-by: Brett Warren
+
---
src/arm/sysv.S | 33 -
1 file changed, 33 deletions(-)
@@ -99,6 +100,3 @@ index fb36213..e4272a1 100644
b call_epilogue
E(ARM_TYPE_INT64)
ldr r1, [r2, #4]
---
-2.25.1
-
diff --git a/meta/recipes-support/libffi/libffi/not-win32.patch
b/meta/recipes-support/libffi/libffi/not-win32.patch
index 62daaf4b38..38f9b0025c 100644
--- a/meta/recipes-support/libffi/libffi/not-win32.patch
+++ b/meta/recipes-support/libffi/libffi/not-win32.patch
@@ -1,4 +1,4 @@
-From 306719369a0d3608b4ff2737de74ae284788a14b Mon Sep 17 00:00:00 2001
+From 20bc4e03442e15965ae3907013e9a177878f0323 Mon Sep 17 00:00:00 2001
From: Ross Burton
Date: Thu, 4 Feb 2016 16:22:50 +
Subject: [PATCH] libffi: ensure sysroot paths are not in libffi.pc
@@ -21,11 +21,11 @@ Signed-off-by: Ross Burton
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
-index b764368..d51ce91 100644
+index 7e8cd98..cf37e88 100644
--- a/configure.ac
+++ b/configure.ac
-@@ -354,7 +354,7 @@ AC_ARG_ENABLE(multi-os-directory,
-
+@@ -405,7 +405,7 @@ AC_ARG_ENABLE(multi-os-directory,
+
# These variables are only ever used when we cross-build to X86_WIN32.
# And we only support this with GCC, so...
-if test "x$GCC" = "xyes"; then
diff --git a/meta/recipes-support/libffi/libffi_3.4.2.bb
b/meta/recipes-support/libffi/libffi_3.4.4.bb
similarity index 90%
rename from meta/recipes-support/libffi/libffi_3.4.2.bb
rename to meta/recipes-support/libffi/libffi_3.4.4.bb
index 71d9518baf..4ceee6f3cc 100644
--- a/meta/recipes-support/libffi/libffi_3.4.2.bb
+++ b/meta/recipes-support/libffi/libffi_3.4.4.bb
@@ -8,13 +8,13 @@ library really only provides the lowest, machine dependent
layer of a fully feat
A layer must exist above `libffi' that handles type conversions for values
passed between the two languages."
LICENSE = "MIT"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=679b5c9bdc79a2b93ee574e193e7a7bc"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=32c0d09a0641daf4903e5d61cc8f23a8"
SRC_URI =
"https://github.com/libffi/libffi/releases/download/v${PV}/${BPN}-${PV}.tar.gz \
file://not-win32.patch \
file://0001-arm-sysv-reverted-clang-VFP-mitigation.patch \
"
-SRC_URI[sha256sum] =
"540fb721619a6aba3bdeef7d940d8e9e0e6d2c193595bc243241b77ff9e93620"
+SRC_URI[sha256sum] =
"d66c56ad259a82cf2a9dfc408b32bf5da52371500b84745f7fb8b645712df676"
UPSTREAM_CHECK_URI = "https://github.com/libffi/libffi/releases/";
UPSTREAM_CHECK_REGEX = "libffi-(?P\d+(\.\d+)+)\.tar"
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#173855):
https://lists.openembedded.org/g/openembedded-core/message/173855
Mute This Topic: https://lists.openembedded.org/mt/95288704/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 11/31] libical: upgrade 3.0.15 -> 3.0.16
From: Alexander Kanavin
Version 3.0.16 is a patch release.
- Fix regressions in 3.0.15 due to improperly tested fuzz fixes
- Fix argument guards in icaltime_as_timet to match documentation and tests.
Signed-off-by: Alexander Kanavin
Signed-off-by: Alexandre Belloni
(cherry picked from commit 77d4557d6f6a1405d03bb5dc7ca23d7ee78c2037)
Signed-off-by: Steve Sakoman
---
.../libical/{libical_3.0.15.bb => libical_3.0.16.bb}| 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-support/libical/{libical_3.0.15.bb => libical_3.0.16.bb}
(96%)
diff --git a/meta/recipes-support/libical/libical_3.0.15.bb
b/meta/recipes-support/libical/libical_3.0.16.bb
similarity index 96%
rename from meta/recipes-support/libical/libical_3.0.15.bb
rename to meta/recipes-support/libical/libical_3.0.16.bb
index f5e9bb9372..c53b7ca375 100644
--- a/meta/recipes-support/libical/libical_3.0.15.bb
+++ b/meta/recipes-support/libical/libical_3.0.16.bb
@@ -15,7 +15,7 @@ SECTION = "libs"
SRC_URI =
"https://github.com/${BPN}/${BPN}/releases/download/v${PV}/${BP}.tar.gz \
file://0001-cmake-Do-not-export-CC-into-gir-compiler.patch \
"
-SRC_URI[sha256sum] =
"019085ba99936f25546d86cb3e34852e5fe2b5a7d5f1cb4423a0cc42e399f629"
+SRC_URI[sha256sum] =
"b44705dd71ca4538c86fb16248483ab4b48978524fb1da5097bd76aa2e0f0c33"
UPSTREAM_CHECK_URI = "https://github.com/libical/libical/releases";
inherit cmake pkgconfig gobject-introspection vala
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#173856):
https://lists.openembedded.org/g/openembedded-core/message/173856
Mute This Topic: https://lists.openembedded.org/mt/95288705/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 09/31] xwayland: upgrade 22.1.4 -> 22.1.5
From: Wang Mingyu
Signed-off-by: Wang Mingyu
Signed-off-by: Alexandre Belloni
(cherry picked from commit 48ca760427f14ae291bf2ebf6f93f8d0fb27e3ab)
Signed-off-by: Steve Sakoman
---
.../xwayland/{xwayland_22.1.4.bb => xwayland_22.1.5.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-graphics/xwayland/{xwayland_22.1.4.bb =>
xwayland_22.1.5.bb} (95%)
diff --git a/meta/recipes-graphics/xwayland/xwayland_22.1.4.bb
b/meta/recipes-graphics/xwayland/xwayland_22.1.5.bb
similarity index 95%
rename from meta/recipes-graphics/xwayland/xwayland_22.1.4.bb
rename to meta/recipes-graphics/xwayland/xwayland_22.1.5.bb
index 8597d07a7d..c1c5407dee 100644
--- a/meta/recipes-graphics/xwayland/xwayland_22.1.4.bb
+++ b/meta/recipes-graphics/xwayland/xwayland_22.1.5.bb
@@ -10,7 +10,7 @@ LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://COPYING;md5=5df87950af51ac2c5822094553ea1880"
SRC_URI = "https://www.x.org/archive/individual/xserver/xwayland-${PV}.tar.xz";
-SRC_URI[sha256sum] =
"5c39bdd77444c3fa7a0e2ef317ae69ddde89a901dc8914dbc8eac39a9313512a"
+SRC_URI[sha256sum] =
"e317ac1f119f8321654921761420901e4abd95585a8c763ce26af3b045ac1672"
UPSTREAM_CHECK_REGEX = "xwayland-(?P\d+(\.(?!90\d)\d+)+)\.tar"
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#173854):
https://lists.openembedded.org/g/openembedded-core/message/173854
Mute This Topic: https://lists.openembedded.org/mt/95288703/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 08/31] xwayland: upgrade 22.1.3 -> 22.1.4
From: Alexander Kanavin
Signed-off-by: Alexander Kanavin
Signed-off-by: Alexandre Belloni
(cherry picked from commit 553c080e0e30c8f6b69b4c5fae72903ee45ef6ae)
Signed-off-by: Steve Sakoman
---
.../xwayland/{xwayland_22.1.3.bb => xwayland_22.1.4.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-graphics/xwayland/{xwayland_22.1.3.bb =>
xwayland_22.1.4.bb} (95%)
diff --git a/meta/recipes-graphics/xwayland/xwayland_22.1.3.bb
b/meta/recipes-graphics/xwayland/xwayland_22.1.4.bb
similarity index 95%
rename from meta/recipes-graphics/xwayland/xwayland_22.1.3.bb
rename to meta/recipes-graphics/xwayland/xwayland_22.1.4.bb
index da1b27525d..8597d07a7d 100644
--- a/meta/recipes-graphics/xwayland/xwayland_22.1.3.bb
+++ b/meta/recipes-graphics/xwayland/xwayland_22.1.4.bb
@@ -10,7 +10,7 @@ LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://COPYING;md5=5df87950af51ac2c5822094553ea1880"
SRC_URI = "https://www.x.org/archive/individual/xserver/xwayland-${PV}.tar.xz";
-SRC_URI[sha256sum] =
"a712eb7bce32cd934df36814b5dd046aa670899c16fe98f2afb003578f86a1c5"
+SRC_URI[sha256sum] =
"5c39bdd77444c3fa7a0e2ef317ae69ddde89a901dc8914dbc8eac39a9313512a"
UPSTREAM_CHECK_REGEX = "xwayland-(?P\d+(\.(?!90\d)\d+)+)\.tar"
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#173853):
https://lists.openembedded.org/g/openembedded-core/message/173853
Mute This Topic: https://lists.openembedded.org/mt/95288701/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 07/31] linux-firmware: upgrade 20220913 -> 20221012
From: Alexander Kanavin
License-Update: copyright years, additional firmwares
Signed-off-by: Alexander Kanavin
Signed-off-by: Alexandre Belloni
(cherry picked from commit 9f658c724b6635e5745f30b25601bcc51a004be4)
Signed-off-by: Steve Sakoman
---
...inux-firmware_20220913.bb => linux-firmware_20221012.bb} | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
rename meta/recipes-kernel/linux-firmware/{linux-firmware_20220913.bb =>
linux-firmware_20221012.bb} (99%)
diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_20220913.bb
b/meta/recipes-kernel/linux-firmware/linux-firmware_20221012.bb
similarity index 99%
rename from meta/recipes-kernel/linux-firmware/linux-firmware_20220913.bb
rename to meta/recipes-kernel/linux-firmware/linux-firmware_20221012.bb
index 8f921e2d0e..6ba59a34c2 100644
--- a/meta/recipes-kernel/linux-firmware/linux-firmware_20220913.bb
+++ b/meta/recipes-kernel/linux-firmware/linux-firmware_20221012.bb
@@ -71,7 +71,7 @@ LIC_FILES_CHKSUM =
"file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \
file://LICENCE.adsp_sst;md5=615c45b91a5a4a9fe046d6ab9a2df728 \
file://LICENCE.agere;md5=af0133de6b4a9b2522defd5f188afd31 \
file://LICENSE.amdgpu;md5=44c1166d052226cb2d6c8d7400090203
\
-
file://LICENSE.amd-ucode;md5=3c5399dc9148d7f0e1f41e34b69cf14f \
+
file://LICENSE.amd-ucode;md5=6ca90c57f7b248de1e25c7f68ffc4698 \
file://LICENSE.amlogic_vdec;md5=dc44f59bf64a81643e500ad3f39a468a \
file://LICENCE.atheros_firmware;md5=30a14c7823beedac9fa39c64fdd01a13 \
file://LICENSE.atmel;md5=aa74ac0c60595dee4d4e239107ea77a3 \
@@ -132,7 +132,7 @@ LIC_FILES_CHKSUM =
"file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \
"
# WHENCE checksum is defined separately to ease overriding it if
# class-devupstream is selected.
-WHENCE_CHKSUM = "98ecc3d3223df7ebdc23b0ec56aafb20"
+WHENCE_CHKSUM = "d6d9d74a344a78028e6b0f1df80db14b"
# These are not common licenses, set NO_GENERIC_LICENSE for them
# so that the license files will be copied from fetched source
@@ -209,7 +209,7 @@ SRC_URI:class-devupstream =
"git://git.kernel.org/pub/scm/linux/kernel/git/firmw
# Pin this to the 20220509 release, override this in local.conf
SRCREV:class-devupstream ?= "b19cbdca78ab2adfd210c91be15a22568e8b8cae"
-SRC_URI[sha256sum] =
"26fd00f2d8e96c4af6f44269a6b893eb857253044f75ad28ef6706a2250cd8e9"
+SRC_URI[sha256sum] =
"e9d174af729511c8cccb60ec4e0b223b3c44b67d813b42d1ab9813acfa667fa5"
inherit allarch
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#173852):
https://lists.openembedded.org/g/openembedded-core/message/173852
Mute This Topic: https://lists.openembedded.org/mt/95288700/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 06/31] go: fix CVE-2022-2880
From: Sakib Sajal
Backport patch to fix CVE-2022-2880.
Signed-off-by: Sakib Sajal
Signed-off-by: Steve Sakoman
---
meta/recipes-devtools/go/go-1.17.13.inc | 1 +
...util-avoid-query-parameter-smuggling.patch | 178 ++
2 files changed, 179 insertions(+)
create mode 100644
meta/recipes-devtools/go/go-1.18/0001-net-http-httputil-avoid-query-parameter-smuggling.patch
diff --git a/meta/recipes-devtools/go/go-1.17.13.inc
b/meta/recipes-devtools/go/go-1.17.13.inc
index b18de66f42..9c467d63b2 100644
--- a/meta/recipes-devtools/go/go-1.17.13.inc
+++ b/meta/recipes-devtools/go/go-1.17.13.inc
@@ -17,6 +17,7 @@ SRC_URI += "\
file://0001-exec.go-do-not-write-linker-flags-into-buildids.patch \
file://0001-src-cmd-dist-buildgo.go-do-not-hardcode-host-compile.patch \
file://CVE-2022-27664.patch \
+file://0001-net-http-httputil-avoid-query-parameter-smuggling.patch \
"
SRC_URI[main.sha256sum] =
"a1a48b23afb206f95e7bbaa9b898d965f90826f6f1d1fc0c1d784ada0cd300fd"
diff --git
a/meta/recipes-devtools/go/go-1.18/0001-net-http-httputil-avoid-query-parameter-smuggling.patch
b/meta/recipes-devtools/go/go-1.18/0001-net-http-httputil-avoid-query-parameter-smuggling.patch
new file mode 100644
index 00..80fba1446e
--- /dev/null
+++
b/meta/recipes-devtools/go/go-1.18/0001-net-http-httputil-avoid-query-parameter-smuggling.patch
@@ -0,0 +1,178 @@
+From c8bdf59453c95528a444a85e1b206c1c09eb20f6 Mon Sep 17 00:00:00 2001
+From: Damien Neil
+Date: Thu, 22 Sep 2022 13:32:00 -0700
+Subject: [PATCH] net/http/httputil: avoid query parameter smuggling
+
+Query parameter smuggling occurs when a proxy's interpretation
+of query parameters differs from that of a downstream server.
+Change ReverseProxy to avoid forwarding ignored query parameters.
+
+Remove unparsable query parameters from the outbound request
+
+ * if req.Form != nil after calling ReverseProxy.Director; and
+ * before calling ReverseProxy.Rewrite.
+
+This change preserves the existing behavior of forwarding the
+raw query untouched if a Director hook does not parse the query
+by calling Request.ParseForm (possibly indirectly).
+
+Fixes #55842
+For #54663
+For CVE-2022-2880
+
+Change-Id: If1621f6b0e73a49d79059dae9e6b256e0ff18ca9
+Reviewed-on: https://go-review.googlesource.com/c/go/+/432976
+Reviewed-by: Roland Shoemaker
+Reviewed-by: Brad Fitzpatrick
+TryBot-Result: Gopher Robot
+Run-TryBot: Damien Neil
+(cherry picked from commit 7c84234142149bd24a4096c6cab691d3593f3431)
+Reviewed-on: https://go-review.googlesource.com/c/go/+/433695
+Reviewed-by: Dmitri Shuralyov
+Reviewed-by: Dmitri Shuralyov
+
+CVE: CVE-2022-2880
+Upstream-Status: Backport [9d2c73a9fd69e45876509bb3bdb2af99bf77da1e]
+
+Signed-off-by: Sakib Sajal
+---
+ src/net/http/httputil/reverseproxy.go | 36 +++
+ src/net/http/httputil/reverseproxy_test.go | 74 ++
+ 2 files changed, 110 insertions(+)
+
+diff --git a/src/net/http/httputil/reverseproxy.go
b/src/net/http/httputil/reverseproxy.go
+index 8b63368..c76eec6 100644
+--- a/src/net/http/httputil/reverseproxy.go
b/src/net/http/httputil/reverseproxy.go
+@@ -249,6 +249,9 @@ func (p *ReverseProxy) ServeHTTP(rw http.ResponseWriter,
req *http.Request) {
+ }
+
+ p.Director(outreq)
++ if outreq.Form != nil {
++ outreq.URL.RawQuery = cleanQueryParams(outreq.URL.RawQuery)
++ }
+ outreq.Close = false
+
+ reqUpType := upgradeType(outreq.Header)
+@@ -628,3 +631,36 @@ func (c switchProtocolCopier) copyToBackend(errc chan<-
error) {
+ _, err := io.Copy(c.backend, c.user)
+ errc <- err
+ }
++
++func cleanQueryParams(s string) string {
++ reencode := func(s string) string {
++ v, _ := url.ParseQuery(s)
++ return v.Encode()
++ }
++ for i := 0; i < len(s); {
++ switch s[i] {
++ case ';':
++ return reencode(s)
++ case '%':
++ if i+2 >= len(s) || !ishex(s[i+1]) || !ishex(s[i+2]) {
++ return reencode(s)
++ }
++ i += 3
++ default:
++ i++
++ }
++ }
++ return s
++}
++
++func ishex(c byte) bool {
++ switch {
++ case '0' <= c && c <= '9':
++ return true
++ case 'a' <= c && c <= 'f':
++ return true
++ case 'A' <= c && c <= 'F':
++ return true
++ }
++ return false
++}
+diff --git a/src/net/http/httputil/reverseproxy_test.go
b/src/net/http/httputil/reverseproxy_test.go
+index 4b6ad77..8c0a4f1 100644
+--- a/src/net/http/httputil/reverseproxy_test.go
b/src/net/http/httputil/reverseproxy_test.go
+@@ -1517,3 +1517,77 @@ func TestJoinURLPath(t *testing.T) {
+ }
+ }
+ }
++
++const (
++ testWantsCleanQuery = true
++ testWantsRawQuery = false
++)
++
++func TestReverseProxyQueryPara
[OE-core][kirkstone 05/31] python3: fix CVE-2022-42919 local privilege escalation via the multiprocessing forkserver start method
From: Vivek Kumbhar
Upstream-Status: Backport from
https://github.com/python/cpython/commit/eae692eed18892309bcc25a2c0f8980038305ea2
Signed-off-by: Vivek Kumbhar
Signed-off-by: Steve Sakoman
---
.../python/python3/CVE-2022-42919.patch | 70 +++
.../recipes-devtools/python/python3_3.10.7.bb | 1 +
2 files changed, 71 insertions(+)
create mode 100644 meta/recipes-devtools/python/python3/CVE-2022-42919.patch
diff --git a/meta/recipes-devtools/python/python3/CVE-2022-42919.patch
b/meta/recipes-devtools/python/python3/CVE-2022-42919.patch
new file mode 100644
index 00..6040724dae
--- /dev/null
+++ b/meta/recipes-devtools/python/python3/CVE-2022-42919.patch
@@ -0,0 +1,70 @@
+From 87ef80926ea0ec960a220af89d8ff4db99417b03 Mon Sep 17 00:00:00 2001
+From: Vivek Kumbhar
+Date: Thu, 24 Nov 2022 17:44:18 +0530
+Subject: [PATCH] CVE-2022-42919
+
+Upstream-Status: Backport
[https://github.com/python/cpython/commit/eae692eed18892309bcc25a2c0f8980038305ea2]
+CVE: CVE-2022-42919
+Signed-off-by: Vivek Kumbhar
+
+[3.10] gh-97514: Don't use Linux abstract sockets for multiprocessing
(GH-98501) (GH-98503)
+
+Linux abstract sockets are insecure as they lack any form of filesystem
+permissions so their use allows anyone on the system to inject code into
+the process.
+
+This removes the default preference for abstract sockets in
+multiprocessing introduced in Python 3.9+ via
+https://github.com/python/cpython/pull/18866 while fixing
+https://github.com/python/cpython/issues/84031.
+
+Explicit use of an abstract socket by a user now generates a
+RuntimeWarning. If we choose to keep this warning, it should be
+backported to the 3.7 and 3.8 branches.
+(cherry picked from commit 49f61068f49747164988ffc5a442d2a63874fc17)
+---
+ Lib/multiprocessing/connection.py | 5 -
+ .../2022-09-07-10-42-00.gh-issue-97514.Yggdsl.rst | 15 +++
+ 2 files changed, 15 insertions(+), 5 deletions(-)
+ create mode 100644
Misc/NEWS.d/next/Security/2022-09-07-10-42-00.gh-issue-97514.Yggdsl.rst
+
+diff --git a/Lib/multiprocessing/connection.py
b/Lib/multiprocessing/connection.py
+index 510e4b5..8e2facf 100644
+--- a/Lib/multiprocessing/connection.py
b/Lib/multiprocessing/connection.py
+@@ -73,11 +73,6 @@ def arbitrary_address(family):
+ if family == 'AF_INET':
+ return ('localhost', 0)
+ elif family == 'AF_UNIX':
+-# Prefer abstract sockets if possible to avoid problems with the
address
+-# size. When coding portable applications, some implementations have
+-# sun_path as short as 92 bytes in the sockaddr_un struct.
+-if util.abstract_sockets_supported:
+-return f"\0listener-{os.getpid()}-{next(_mmap_counter)}"
+ return tempfile.mktemp(prefix='listener-', dir=util.get_temp_dir())
+ elif family == 'AF_PIPE':
+ return tempfile.mktemp(prefix=r'\\.\pipe\pyc-%d-%d-' %
+diff --git
a/Misc/NEWS.d/next/Security/2022-09-07-10-42-00.gh-issue-97514.Yggdsl.rst
b/Misc/NEWS.d/next/Security/2022-09-07-10-42-00.gh-issue-97514.Yggdsl.rst
+new file mode 100644
+index 000..02d95b5
+--- /dev/null
b/Misc/NEWS.d/next/Security/2022-09-07-10-42-00.gh-issue-97514.Yggdsl.rst
+@@ -0,0 +1,15 @@
++On Linux the :mod:`multiprocessing` module returns to using filesystem backed
++unix domain sockets for communication with the *forkserver* process instead of
++the Linux abstract socket namespace. Only code that chooses to use the
++:ref:`"forkserver" start method ` is affected.
++
++Abstract sockets have no permissions and could allow any user on the system in
++the same `network namespace
++`_ (often the
++whole system) to inject code into the multiprocessing *forkserver* process.
++This was a potential privilege escalation. Filesystem based socket permissions
++restrict this to the *forkserver* process user as was the default in Python
3.8
++and earlier.
++
++This prevents Linux `CVE-2022-42919
++`_.
+--
+2.25.1
+
diff --git a/meta/recipes-devtools/python/python3_3.10.7.bb
b/meta/recipes-devtools/python/python3_3.10.7.bb
index 404a582135..2d230793ef 100644
--- a/meta/recipes-devtools/python/python3_3.10.7.bb
+++ b/meta/recipes-devtools/python/python3_3.10.7.bb
@@ -35,6 +35,7 @@ SRC_URI =
"http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \
file://0001-setup.py-Do-not-detect-multiarch-paths-when-cross-co.patch \
file://deterministic_imports.patch \
file://0001-Avoid-shebang-overflow-on-python-config.py.patch \
+ file://CVE-2022-42919.patch \
"
SRC_URI:append:class-native = " \
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#173850):
https://lists.openembedded.org/g/openembedded-core/message/173850
Mute This Topic: https://lists.openembedded.org/mt/95288696/
[OE-core][kirkstone 04/31] ffmpeg: fix for CVE-2022-3965
From: Narpat Mali
A vulnerability classified as problematic was found in ffmpeg. This
vulnerability affects the function
smc_encode_stream of the file libavcodec/smcenc.c of the component QuickTime
Graphics Video Encoder. The
manipulation of the argument y_size leads to out-of-bounds read. The attack can
be initiated remotely.
The name of the patch is 13c13109759090b7f7182480d075e13b36ed8edd. It is
recommended to apply a patch to
fix this issue. The identifier of this vulnerability is VDB-213544.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2022-3965
Upstream Fix:
https://github.com/FFmpeg/FFmpeg/commit/13c13109759090b7f7182480d075e13b36ed8edd
Signed-off-by: Narpat Mali
Signed-off-by: Steve Sakoman
---
...c-stop-accessing-out-of-bounds-frame.patch | 108 ++
.../recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb | 1 +
2 files changed, 109 insertions(+)
create mode 100644
meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-smcenc-stop-accessing-out-of-bounds-frame.patch
diff --git
a/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-smcenc-stop-accessing-out-of-bounds-frame.patch
b/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-smcenc-stop-accessing-out-of-bounds-frame.patch
new file mode 100644
index 00..923fc6a9c1
--- /dev/null
+++
b/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-smcenc-stop-accessing-out-of-bounds-frame.patch
@@ -0,0 +1,108 @@
+From 13c13109759090b7f7182480d075e13b36ed8edd Mon Sep 17 00:00:00 2001
+From: Paul B Mahol
+Date: Sat, 12 Nov 2022 15:19:21 +0100
+Subject: [PATCH] avcodec/smcenc: stop accessing out of bounds frame
+
+Upstream-Status: Backport
[https://github.com/FFmpeg/FFmpeg/commit/13c13109759090b7f7182480d075e13b36ed8edd]
+
+Signed-off-by:
+
+---
+ libavcodec/smcenc.c | 18 ++
+ 1 file changed, 14 insertions(+), 4 deletions(-)
+
+diff --git a/libavcodec/smcenc.c b/libavcodec/smcenc.c
+index f3d26a4e8d..33549b8ab4 100644
+--- a/libavcodec/smcenc.c
b/libavcodec/smcenc.c
+@@ -61,6 +61,7 @@ typedef struct SMCContext {
+ { \
+ row_ptr += stride * 4; \
+ pixel_ptr = row_ptr; \
++cur_y += 4; \
+ } \
+ } \
+ }
+@@ -117,6 +118,7 @@ static void smc_encode_stream(SMCContext *s, const AVFrame
*frame,
+ const uint8_t *prev_pixels = (const uint8_t *)s->prev_frame->data[0];
+ uint8_t *distinct_values = s->distinct_values;
+ const uint8_t *pixel_ptr, *row_ptr;
++const int height = frame->height;
+ const int width = frame->width;
+ uint8_t block_values[16];
+ int block_counter = 0;
+@@ -125,13 +127,14 @@ static void smc_encode_stream(SMCContext *s, const
AVFrame *frame,
+ int color_octet_index = 0;
+ int color_table_index; /* indexes to color pair, quad, or octet tables */
+ int total_blocks;
++int cur_y = 0;
+
+ memset(s->color_pairs, 0, sizeof(s->color_pairs));
+ memset(s->color_quads, 0, sizeof(s->color_quads));
+ memset(s->color_octets, 0, sizeof(s->color_octets));
+
+ /* Number of 4x4 blocks in frame. */
+-total_blocks = ((frame->width + 3) / 4) * ((frame->height + 3) / 4);
++total_blocks = ((width + 3) / 4) * ((height + 3) / 4);
+
+ pixel_ptr = row_ptr = src_pixels;
+
+@@ -145,11 +148,13 @@ static void smc_encode_stream(SMCContext *s, const
AVFrame *frame,
+ int cache_index;
+ int distinct = 0;
+ int blocks = 0;
++int frame_y = cur_y;
+
+ while (prev_pixels && s->key_frame == 0 && block_counter +
inter_skip_blocks < total_blocks) {
++const int y_size = FFMIN(4, height - cur_y);
+ int compare = 0;
+
+-for (int y = 0; y < 4; y++) {
++for (int y = 0; y < y_size; y++) {
+ const ptrdiff_t offset = pixel_ptr - src_pixels;
+ const uint8_t *prev_pixel_ptr = prev_pixels + offset;
+
+@@ -170,8 +175,10 @@ static void smc_encode_stream(SMCContext *s, const
AVFrame *frame,
+
+ pixel_ptr = xpixel_ptr;
+ row_ptr = xrow_ptr;
++cur_y = frame_y;
+
+ while (block_counter > 0 && block_counter + intra_skip_blocks <
total_blocks) {
++const int y_size = FFMIN(4, height - cur_y);
+ const ptrdiff_t offset = pixel_ptr - src_pixels;
+ const int sy = offset / stride;
+ const int sx = offset % stride;
+@@ -180,7 +187,7 @@ static void smc_encode_stream(SMCContext *s, const AVFrame
*frame,
+ const uint8_t *old_pixel_ptr = src_pixels + nx + ny * stride;
+ int compare = 0;
+
+-for (int y = 0; y < 4; y++) {
++for (int y = 0; y < y_size; y++) {
+ compare |= memcmp(old_pixel_ptr + y * stride, pixel_ptr + y *
stride, 4);
+ if (compare)
+ break;
+@@ -197,9 +204,11 @@ static void smc_encode_stream(SMCContext *s, const
AVFrame *frame,
+
+ pixel_ptr = xpixel_ptr;
+ row_ptr = xrow_ptr;
++cur_y = f
[OE-core][kirkstone 03/31] ffmpeg: fix for CVE-2022-3964
From: Narpat Mali
A vulnerability classified as problematic has been found in ffmpeg. This
affects an unknown part of the file
libavcodec/rpzaenc.c of the component QuickTime RPZA Video Encoder. The
manipulation of the argument y_size
leads to out-of-bounds read. It is possible to initiate the attack remotely.
The name of the patch is
92f9b28ed84a77138105475beba16c146bdaf984. It is recommended to apply a patch to
fix this issue. The associated
identifier of this vulnerability is VDB-213543.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2022-3964
Upstream Fix:
https://github.com/FFmpeg/FFmpeg/commit/92f9b28ed84a77138105475beba16c146bdaf984
Signed-off-by: Narpat Mali
Signed-off-by: Steve Sakoman
---
...c-stop-accessing-out-of-bounds-frame.patch | 89 +++
.../recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb | 2 +
2 files changed, 91 insertions(+)
create mode 100644
meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch
diff --git
a/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch
b/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch
new file mode 100644
index 00..2775a81cc8
--- /dev/null
+++
b/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch
@@ -0,0 +1,89 @@
+From 92f9b28ed84a77138105475beba16c146bdaf984 Mon Sep 17 00:00:00 2001
+From: Paul B Mahol
+Date: Sat, 12 Nov 2022 16:12:00 +0100
+Subject: [PATCH] avcodec/rpzaenc: stop accessing out of bounds frame
+
+Upstream-Status: Backport
[https://github.com/FFmpeg/FFmpeg/commit/92f9b28ed84a77138105475beba16c146bdaf984]
+
+Signed-off-by:
+
+---
+ libavcodec/rpzaenc.c | 22 +++---
+ 1 file changed, 15 insertions(+), 7 deletions(-)
+
+diff --git a/libavcodec/rpzaenc.c b/libavcodec/rpzaenc.c
+index d710eb4f82..4ced9523e2 100644
+--- a/libavcodec/rpzaenc.c
b/libavcodec/rpzaenc.c
+@@ -205,7 +205,7 @@ static void get_max_component_diff(const BlockInfo *bi,
const uint16_t *block_pt
+
+ // loop thru and compare pixels
+ for (y = 0; y < bi->block_height; y++) {
+-for (x = 0; x < bi->block_width; x++){
++for (x = 0; x < bi->block_width; x++) {
+ // TODO: optimize
+ min_r = FFMIN(R(block_ptr[x]), min_r);
+ min_g = FFMIN(G(block_ptr[x]), min_g);
+@@ -278,7 +278,7 @@ static int leastsquares(const uint16_t *block_ptr, const
BlockInfo *bi,
+ return -1;
+
+ for (i = 0; i < bi->block_height; i++) {
+-for (j = 0; j < bi->block_width; j++){
++for (j = 0; j < bi->block_width; j++) {
+ x = GET_CHAN(block_ptr[j], xchannel);
+ y = GET_CHAN(block_ptr[j], ychannel);
+ sumx += x;
+@@ -325,7 +325,7 @@ static int calc_lsq_max_fit_error(const uint16_t
*block_ptr, const BlockInfo *bi
+ int max_err = 0;
+
+ for (i = 0; i < bi->block_height; i++) {
+-for (j = 0; j < bi->block_width; j++){
++for (j = 0; j < bi->block_width; j++) {
+ int x_inc, lin_y, lin_x;
+ x = GET_CHAN(block_ptr[j], xchannel);
+ y = GET_CHAN(block_ptr[j], ychannel);
+@@ -420,7 +420,9 @@ static void update_block_in_prev_frame(const uint16_t
*src_pixels,
+uint16_t *dest_pixels,
+const BlockInfo *bi, int block_counter)
+ {
+-for (int y = 0; y < 4; y++) {
++const int y_size = FFMIN(4, bi->image_height - bi->row * 4);
++
++for (int y = 0; y < y_size; y++) {
+ memcpy(dest_pixels, src_pixels, 8);
+ dest_pixels += bi->rowstride;
+ src_pixels += bi->rowstride;
+@@ -730,14 +732,15 @@ post_skip :
+
+ if (err > s->sixteen_color_thresh) { // DO SIXTEEN COLOR BLOCK
+ uint16_t *row_ptr;
+-int rgb555;
++int y_size, rgb555;
+
+ block_offset = get_block_info(&bi, block_counter);
+
+ row_ptr = &src_pixels[block_offset];
++y_size = FFMIN(4, bi.image_height - bi.row * 4);
+
+-for (int y = 0; y < 4; y++) {
+-for (int x = 0; x < 4; x++){
++for (int y = 0; y < y_size; y++) {
++for (int x = 0; x < 4; x++) {
+ rgb555 = row_ptr[x] & ~0x8000;
+
+ put_bits(&s->pb, 16, rgb555);
+@@ -745,6 +748,11 @@ post_skip :
+ row_ptr += bi.rowstride;
+ }
+
++for (int y = y_size; y < 4; y++) {
++for (int x = 0; x < 4; x++)
++put_bits(&s->pb, 16, 0);
++}
++
+ block_counter++;
+ } else { // FOUR COLOR BLOCK
+ block_counter += encode_four_color_block(min_color, max_color,
+--
+2.34.1
+
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpe
[OE-core][kirkstone 02/31] bash: backport patch to fix CVE-2022-3715
From: Xiangyu Chen
CVE Reference: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2022-3715
Signed-off-by: Xiangyu Chen
Signed-off-by: Steve Sakoman
---
.../bash/bash/CVE-2022-3715.patch | 33 +++
meta/recipes-extended/bash/bash_5.1.16.bb | 1 +
2 files changed, 34 insertions(+)
create mode 100644 meta/recipes-extended/bash/bash/CVE-2022-3715.patch
diff --git a/meta/recipes-extended/bash/bash/CVE-2022-3715.patch
b/meta/recipes-extended/bash/bash/CVE-2022-3715.patch
new file mode 100644
index 00..44f4d91949
--- /dev/null
+++ b/meta/recipes-extended/bash/bash/CVE-2022-3715.patch
@@ -0,0 +1,33 @@
+From 15d2428d5d3df8dd826008baf51579ab7750d8b2 Mon Sep 17 00:00:00 2001
+From: Xiangyu Chen
+Date: Wed, 23 Nov 2022 11:17:01 +0800
+Subject: [OE-Core][kirkstone][PATCH] bash: heap-buffer-overflow in
+ valid_parameter_transform CVE-2022-3715
+
+Reference:https://bugzilla.redhat.com/show_bug.cgi?id=2126720
+
+CVE: CVE-2022-3715
+Upstream-Status: Backport from
+[https://git.savannah.gnu.org/cgit/bash.git/diff/subst.c?h=bash-5.2-testing&id=9cef6d01181525de119832d2b6a925899cdec08e]
+
+Signed-off-by: Xiangyu Chen
+---
+ subst.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/subst.c b/subst.c
+index 2b76256..38ee9ac 100644
+--- a/subst.c
b/subst.c
+@@ -7962,7 +7962,7 @@ parameter_brace_transform (varname, value, ind, xform,
rtype, quoted, pflags, fl
+ return ((char *)NULL);
+ }
+
+- if (valid_parameter_transform (xform) == 0)
++ if (xform[0] == 0 || valid_parameter_transform (xform) == 0)
+ {
+ this_command_name = oname;
+ #if 0 /* TAG: bash-5.2 Martin Schulte 10/2020 */
+--
+2.34.1
+
diff --git a/meta/recipes-extended/bash/bash_5.1.16.bb
b/meta/recipes-extended/bash/bash_5.1.16.bb
index d046faa4e5..11c2314fbf 100644
--- a/meta/recipes-extended/bash/bash_5.1.16.bb
+++ b/meta/recipes-extended/bash/bash_5.1.16.bb
@@ -15,6 +15,7 @@ SRC_URI = "${GNU_MIRROR}/bash/${BP}.tar.gz;name=tarball \
file://use_aclocal.patch \
file://makerace.patch \
file://makerace2.patch \
+ file://CVE-2022-3715.patch \
"
SRC_URI[tarball.sha256sum] =
"5bac17218d3911834520dad13cd1f85ab944e1c09ae1aba55906be1f8192f558"
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#173847):
https://lists.openembedded.org/g/openembedded-core/message/173847
Mute This Topic: https://lists.openembedded.org/mt/95288693/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 01/31] libsndfile1: Backport fix for CVE-2021-4156
From: Martin Jansa
CVE: CVE-2021-4156
Signed-off-by: Martin Jansa
Signed-off-by: Steve Sakoman
---
...flac-Fix-improper-buffer-reusing-732.patch | 29 +++
.../libsndfile/libsndfile1_1.0.31.bb | 1 +
2 files changed, 30 insertions(+)
create mode 100644
meta/recipes-multimedia/libsndfile/libsndfile1/0001-flac-Fix-improper-buffer-reusing-732.patch
diff --git
a/meta/recipes-multimedia/libsndfile/libsndfile1/0001-flac-Fix-improper-buffer-reusing-732.patch
b/meta/recipes-multimedia/libsndfile/libsndfile1/0001-flac-Fix-improper-buffer-reusing-732.patch
new file mode 100644
index 00..ede696180a
--- /dev/null
+++
b/meta/recipes-multimedia/libsndfile/libsndfile1/0001-flac-Fix-improper-buffer-reusing-732.patch
@@ -0,0 +1,29 @@
+From 9e4e9224c39195bde8ec14d1295944f713adb79a Mon Sep 17 00:00:00 2001
+From: yuan
+Date: Tue, 20 Apr 2021 16:16:32 +0800
+Subject: [PATCH] flac: Fix improper buffer reusing (#732)
+
+Upstream-Status: Backport
[https://github.com/libsndfile/libsndfile/commit/ced91d7b971be6173b604154c39279ce90ad87cc]
+CVE: CVE-2021-4156
+
+Signed-off-by: Martin Jansa
+---
+ src/flac.c | 4
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/flac.c b/src/flac.c
+index 64d0172e..e3320450 100644
+--- a/src/flac.c
b/src/flac.c
+@@ -948,7 +948,11 @@ flac_read_loop (SF_PRIVATE *psf, unsigned len)
+ /* Decode some more. */
+ while (pflac->pos < pflac->len)
+ { if (FLAC__stream_decoder_process_single (pflac->fsd) == 0)
++ { psf_log_printf (psf,
"FLAC__stream_decoder_process_single returned false\n") ;
++ /* Current frame is busted, so NULL the pointer. */
++ pflac->frame = NULL ;
+ break ;
++ } ;
+ state = FLAC__stream_decoder_get_state (pflac->fsd) ;
+ if (state >= FLAC__STREAM_DECODER_END_OF_STREAM)
+ { psf_log_printf (psf, "FLAC__stream_decoder_get_state
returned %s\n", FLAC__StreamDecoderStateString [state]) ;
diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.31.bb
b/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.31.bb
index ea14fe29cb..f6ea585e34 100644
--- a/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.31.bb
+++ b/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.31.bb
@@ -10,6 +10,7 @@ LICENSE = "LGPL-2.1-only"
SRC_URI =
"https://github.com/libsndfile/libsndfile/releases/download/${PV}/libsndfile-${PV}.tar.bz2
\
file://noopus.patch \
+ file://0001-flac-Fix-improper-buffer-reusing-732.patch \
"
UPSTREAM_CHECK_URI = "https://github.com/libsndfile/libsndfile/releases/";
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#173846):
https://lists.openembedded.org/g/openembedded-core/message/173846
Mute This Topic: https://lists.openembedded.org/mt/95288692/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 00/31] Patch review
Please review this set of patches for kirkstone and have comments back by
end of day Tuesday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4543
The following changes since commit da2c64b3158c58eb0a484d3acbdf0419df2d34e8:
wic: make ext2/3/4 images reproducible (2022-11-17 07:23:06 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Alexander Kanavin (11):
linux-firmware: upgrade 20220913 -> 20221012
xwayland: upgrade 22.1.3 -> 22.1.4
libffi: upgrade 3.4.2 -> 3.4.4
libical: upgrade 3.0.15 -> 3.0.16
mtd-utils: upgrade 2.1.4 -> 2.1.5
gdk-pixbuf: upgrade 2.42.9 -> 2.42.10
gstreamer1.0: upgrade 1.20.3 -> 1.20.4
libepoxy: convert to git
libepoxy: update 1.5.9 -> 1.5.10
vala: install vapigen-wrapper into /usr/bin/crosscripts and stage only
that
gnomebase.bbclass: return the whole version for tarball directory if
it is a number
Jose Quaresma (3):
sstatesig: skip the rm_work task signature
rm_work: exclude the SSTATETASKS from the rm_work tasks sinature
sstate: Allow optimisation of do_deploy_archives task dependencies
Joshua Watt (2):
qemu-helper-native: Re-write bridge helper as C program
qemu-helper-native: Correctly pass program name as argv[0]
Konrad Weihmann (1):
create-spdx: default share_src for shared sources
Martin Jansa (1):
libsndfile1: Backport fix for CVE-2021-4156
Narpat Mali (2):
ffmpeg: fix for CVE-2022-3964
ffmpeg: fix for CVE-2022-3965
Peter Marko (2):
systemd: add group render to udev package
meta-selftest/staticids: add render group for systemd
Richard Purdie (1):
sanity: Drop data finalize call
Ross Burton (1):
linux-firmware: don't put the firmware into the sysroot
Sakib Sajal (1):
go: fix CVE-2022-2880
Vivek Kumbhar (1):
python3: fix CVE-2022-42919 local privilege escalation via the
multiprocessing forkserver start method
Wang Mingyu (4):
xwayland: upgrade 22.1.4 -> 22.1.5
mobile-broadband-provider-info: upgrade 20220725 -> 20221107
babeltrace: upgrade 1.5.8 -> 1.5.11
iso-codes: upgrade 4.11.0 -> 4.12.0
Xiangyu Chen (1):
bash: backport patch to fix CVE-2022-3715
meta-selftest/files/static-group | 1 +
meta/classes/create-spdx.bbclass | 5 +-
meta/classes/gnomebase.bbclass| 2 +-
meta/classes/rm_work.bbclass | 2 +
meta/classes/sanity.bbclass | 11 +-
meta/classes/sstate.bbclass | 2 +-
meta/lib/oe/sstatesig.py | 6 +
.../mobile-broadband-provider-info_git.bb | 4 +-
meta/recipes-core/systemd/systemd_250.5.bb| 2 +
meta/recipes-devtools/go/go-1.17.13.inc | 1 +
...util-avoid-query-parameter-smuggling.patch | 178 ++
meta/recipes-devtools/mtd/mtd-utils_git.bb| 4 +-
.../python/python3/CVE-2022-42919.patch | 70 +++
.../recipes-devtools/python/python3_3.10.7.bb | 1 +
.../qemu/qemu-helper-native_1.0.bb| 6 +-
.../qemu/qemu-helper/qemu-oe-bridge-helper| 25 ---
.../qemu/qemu-helper/qemu-oe-bridge-helper.c | 34
meta/recipes-devtools/vala/vala.inc | 10 +-
.../bash/bash/CVE-2022-3715.patch | 33
meta/recipes-extended/bash/bash_5.1.16.bb | 1 +
...pixbuf_2.42.9.bb => gdk-pixbuf_2.42.10.bb} | 2 +-
.../{libepoxy_1.5.9.bb => libepoxy_1.5.10.bb} | 5 +-
...{xwayland_22.1.3.bb => xwayland_22.1.5.bb} | 2 +-
...20220913.bb => linux-firmware_20221012.bb} | 9 +-
...beltrace_1.5.8.bb => babeltrace_1.5.11.bb} | 2 +-
...c-stop-accessing-out-of-bounds-frame.patch | 89 +
...c-stop-accessing-out-of-bounds-frame.patch | 108 +++
.../recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb | 3 +
...tools_1.20.3.bb => gst-devtools_1.20.4.bb} | 2 +-
...r-APNG-encoder-property-registration.patch | 86 -
...1.20.3.bb => gstreamer1.0-libav_1.20.4.bb} | 6 +-
...x_1.20.3.bb => gstreamer1.0-omx_1.20.4.bb} | 2 +-
bb => gstreamer1.0-plugins-bad_1.20.4.bb} | 2 +-
...bb => gstreamer1.0-plugins-base_1.20.4.bb} | 2 +-
...bb => gstreamer1.0-plugins-good_1.20.4.bb} | 2 +-
...bb => gstreamer1.0-plugins-ugly_1.20.4.bb} | 2 +-
20.3.bb => gstreamer1.0-python_1.20.4.bb} | 2 +-
bb => gstreamer1.0-rtsp-server_1.20.4.bb} | 2 +-
...1.20.3.bb => gstreamer1.0-vaapi_1.20.4.bb} | 2 +-
...er1.0_1.20.3.bb => gstreamer1.0_1.20.4.bb} | 2 +-
...flac-Fix-improper-buffer-reusing-732.patch | 29 +++
.../libsndfile/libsndfile1_1.0.31.bb | 1 +
...so-codes_4.11.0.bb => iso-codes_4.12.0.bb} | 2 +-
...m-sysv-reverted-clang-VFP-mitigation.patch | 6 +-
.../libffi/libffi/not-win32.patch | 8 +-
.../{libffi_3.4.2.bb => libffi_3.4.4.bb} | 4 +-
.../{libical_3.0.15.bb => libical_3.0.16.bb} | 2 +-
47 files
[OE-Core][master][langdale][kirkstone][PATCH v2] rng-tools: backport patch to adjust jitterentropy library to timeout/fail on long delay
Backport patch from upstream[1] to adjust jitter to timeout on init after 5
seconds in the event it takes
to long to gether jitter entropy.This also fix rng-tools take full cpu usage
with whole cores on ARM platforms.
[1]
https://github.com/nhorman/rng-tools/pull/171/commits/c29424f10a0dcbd18ac25607fa1c81c18a960e81
Signed-off-by: Xiangyu Chen
---
Changes in v2:
* add libgcc in RDEPENDS flag to solve testing failed in
core-image-full-cmdline
---
...ropy-library-to-timeout-fail-on-long.patch | 144 ++
.../rng-tools/rng-tools_6.15.bb | 2 +
2 files changed, 146 insertions(+)
create mode 100644
meta/recipes-support/rng-tools/rng-tools/0001-Adjust-jitterentropy-library-to-timeout-fail-on-long.patch
diff --git
a/meta/recipes-support/rng-tools/rng-tools/0001-Adjust-jitterentropy-library-to-timeout-fail-on-long.patch
b/meta/recipes-support/rng-tools/rng-tools/0001-Adjust-jitterentropy-library-to-timeout-fail-on-long.patch
new file mode 100644
index 00..d70c6587aa
--- /dev/null
+++
b/meta/recipes-support/rng-tools/rng-tools/0001-Adjust-jitterentropy-library-to-timeout-fail-on-long.patch
@@ -0,0 +1,144 @@
+From 3f1d6e53985e40cbe4c7380ce503ca2778d4cd9d Mon Sep 17 00:00:00 2001
+From: Neil Horman
+Date: Mon, 16 May 2022 13:38:54 -0400
+Subject: [PATCH] Adjust jitterentropy library to timeout/fail on long delay
+
+When running rngd -l its possible, on platforms that have low jitter
+entropy to block for long periods of time. Adjust jitter to timeout on
+init after 5 seconds in the event it takes to long to gether jitter
+entropy
+
+Also while we're at it, I might have a build solution for the presence
+of internal timers. When jitterentropy is built without internal
+timers, jent_notime_init is defined publically, but when it is built
+with timers, its declared as a static symbol, preenting resolution, so
+we can test to see if the function exists. If it does we _don't_ have
+notime support. The logic is a bit backwards, but i think it works
+
+Upstream-Status: Backport from
+[https://github.com/nhorman/rng-tools/pull/171/commits/c29424f10a0dcbd18ac25607fa1c81c18a960e81]
+
+Signed-off-by: Xiangyu Chen
+---
+ configure.ac | 6 ++---
+ rngd_jitter.c | 61 +++
+ 2 files changed, 50 insertions(+), 17 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 40008ca..2e12308 100644
+--- a/configure.ac
b/configure.ac
+@@ -94,9 +94,9 @@ AS_IF(
+ AC_SEARCH_LIBS(jent_version,jitterentropy,
+ [AM_CONDITIONAL([JITTER], [true])
+ AC_DEFINE([HAVE_JITTER],1,[Enable JITTER])
+- AC_CHECK_LIB(jitterentropy,
jent_entropy_switch_notime_impl,
+- [AC_DEFINE([HAVE_JITTER_NOTIME],1,[Enable
JITTER_NOTIME])],
+- [],-lpthread)],
++ AC_CHECK_LIB(jitterentropy, jent_notime_init,
++ [],
++ [AC_DEFINE([HAVE_JITTER_NOTIME],1, [Enable
JITTER_NOTIME])],-lpthread)],
+ AC_MSG_NOTICE([No Jitterentropy library
found]),-lpthread)
+ ], [AC_MSG_NOTICE([Disabling JITTER entropy source])]
+ )
+diff --git a/rngd_jitter.c b/rngd_jitter.c
+index d1b17ba..3647b7f 100644
+--- a/rngd_jitter.c
b/rngd_jitter.c
+@@ -400,6 +400,8 @@ int init_jitter_entropy_source(struct rng *ent_src)
+ int entflags = 0;
+ int ret;
+ int core_id = 0;
++ struct timespec base, now;
++ int rc;
+
+ signal(SIGUSR1, jitter_thread_exit_signal);
+
+@@ -508,6 +510,10 @@ int init_jitter_entropy_source(struct rng *ent_src)
+ CPU_FREE(cpus);
+ cpus = NULL;
+
++ flags = fcntl(pipefds[0], F_GETFL, 0);
++ flags |= O_NONBLOCK;
++ fcntl(pipefds[0], F_SETFL, flags);
++
+ if (ent_src->rng_options[JITTER_OPT_USE_AES].int_val) {
+ /*
+* Temporarily disable aes so we don't try to use it during init
+@@ -516,32 +522,59 @@ int init_jitter_entropy_source(struct rng *ent_src)
+ message_entsrc(ent_src,LOG_CONS|LOG_INFO, "Initializing AES
buffer\n");
+ aes_buf = malloc(tdata[0].buf_sz);
+ ent_src->rng_options[JITTER_OPT_USE_AES].int_val = 0;
+- if (xread_jitter(key, AES_BLOCK, ent_src)) {
+- message_entsrc(ent_src,LOG_CONS|LOG_INFO, "Unable to
obtain AES key, disabling AES in JITTER source\n");
+- } else if (xread_jitter(iv_buf, CHUNK_SIZE, ent_src)) {
+- message_entsrc(ent_src,LOG_CONS|LOG_INFO, "Unable to
obtain iv_buffer, disabling AES in JITTER source\n");
++ clock_gettime(CLOCK_REALTIME, &base);
++ do {
++ rc = xread_jitter(key, AES_BLOCK, ent_src);
++ clock_gettime(CLOCK_REALTIME, &now);
++ } while (rc && ((now.tv
[OE-core] OE-core CVE metrics for langdale on Sun 27 Nov 2022 03:30:01 AM HST
Branch: langdale New this week: 1 CVEs CVE-2022-4055 (CVSS3: 7.4 HIGH): xdg-utils https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4055 * Removed this week: 5 CVEs CVE-2022-2879 (CVSS3: 7.5 HIGH): go https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2879 * CVE-2022-2880 (CVSS3: 7.5 HIGH): go https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2880 * CVE-2022-41715 (CVSS3: 7.5 HIGH): go https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41715 * CVE-2022-41716 (CVSS3: 7.5 HIGH): go https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41716 * CVE-2022-43680 (CVSS3: 7.5 HIGH): expat:expat-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-43680 * Full list: Found 8 unpatched CVEs CVE-2022-3872 (CVSS3: 8.6 HIGH): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3872 * CVE-2022-39253 (CVSS3: 5.5 MEDIUM): git https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-39253 * CVE-2022-39260 (CVSS3: 8.8 HIGH): git https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-39260 * CVE-2022-39377 (CVSS3: 9.8 CRITICAL): sysstat https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-39377 * CVE-2022-3970 (CVSS3: 9.8 CRITICAL): tiff https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3970 * CVE-2022-4055 (CVSS3: 7.4 HIGH): xdg-utils https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4055 * CVE-2022-42919 (CVSS3: 7.8 HIGH): python3:python3-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-42919 * CVE-2022-45061 (CVSS3: 7.5 HIGH): python3:python3-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-45061 * For further information see: https://autobuilder.yocto.io/pub/non-release/patchmetrics/ -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#173843): https://lists.openembedded.org/g/openembedded-core/message/173843 Mute This Topic: https://lists.openembedded.org/mt/95288366/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-Core][master][kirkstone][PATCH] rng-tools: backport patch to adjust jitterentropy library to timeout/fail on long delay
On 11/25/22 19:39, Alexandre Belloni wrote: CAUTION: This email comes from a non Wind River email account! Do not click links or open attachments unless you recognize the sender and know the content is safe. On 25/11/2022 18:08:12+0800, Xiangyu Chen wrote: On 11/15/22 16:18, Xiangyu Chen wrote: Backport patch from upstream[1] to adjust jitter to timeout on init after 5 seconds in the event it takes to long to gether jitter entropy.This also fix rng-tools take full cpu usage with whole cores on ARM platforms. [1] https://github.com/nhorman/rng-tools/pull/171/commits/c29424f10a0dcbd18ac25607fa1c81c18a960e81 Signed-off-by: Xiangyu Chen Friendly ping, thanks. I believe this is the cause of this error: https://autobuilder.yoctoproject.org/typhoon/#/builders/101/builds/5017/steps/13/logs/stdio I have verified on my local setup, this issue happens on core-image-full-cmdline image due to missing libgcc_s.so, error as below, that's also explain why I didn't see it in a normal sato image when I sent this patch. Nov 27 11:23:02 qemux86 systemd[1]: Started Hardware RNG Entropy Gatherer Daemon. Nov 27 11:23:03 qemux86 rngd[191]: Initializing available sources Nov 27 11:23:03 qemux86 rngd[191]: [hwrng ]: Initialized Nov 27 11:23:03 qemux86 rngd[191]: [rdrand]: Enabling RDRAND rng support Nov 27 11:23:03 qemux86 rngd[191]: [rdrand]: Initialized Nov 27 11:23:08 qemux86 rngd[191]: [jitter]: Initializing AES buffer Nov 27 11:23:13 qemux86 rngd[191]: [jitter]: Unable to obtain AES key, disabling JITTER source Nov 27 11:23:13 qemux86 rngd[191]: libgcc_s.so.1 must be installed for pthread_exit to work Nov 27 11:23:13 qemux86 systemd[1]: rng-tools.service: Main process exited, code=killed, status=6/ABRT Nov 27 11:23:13 qemux86 systemd[1]: rng-tools.service: Failed with result 'signal'. I will send a V2 patch later. thanks. --- ...ropy-library-to-timeout-fail-on-long.patch | 144 ++ .../rng-tools/rng-tools_6.15.bb | 1 + 2 files changed, 145 insertions(+) create mode 100644 meta/recipes-support/rng-tools/rng-tools/0001-Adjust-jitterentropy-library-to-timeout-fail-on-long.patch diff --git a/meta/recipes-support/rng-tools/rng-tools/0001-Adjust-jitterentropy-library-to-timeout-fail-on-long.patch b/meta/recipes-support/rng-tools/rng-tools/0001-Adjust-jitterentropy-library-to-timeout-fail-on-long.patch new file mode 100644 index 00..d70c6587aa --- /dev/null +++ b/meta/recipes-support/rng-tools/rng-tools/0001-Adjust-jitterentropy-library-to-timeout-fail-on-long.patch @@ -0,0 +1,144 @@ +From 3f1d6e53985e40cbe4c7380ce503ca2778d4cd9d Mon Sep 17 00:00:00 2001 +From: Neil Horman +Date: Mon, 16 May 2022 13:38:54 -0400 +Subject: [PATCH] Adjust jitterentropy library to timeout/fail on long delay + +When running rngd -l its possible, on platforms that have low jitter +entropy to block for long periods of time. Adjust jitter to timeout on +init after 5 seconds in the event it takes to long to gether jitter +entropy + +Also while we're at it, I might have a build solution for the presence +of internal timers. When jitterentropy is built without internal +timers, jent_notime_init is defined publically, but when it is built +with timers, its declared as a static symbol, preenting resolution, so +we can test to see if the function exists. If it does we _don't_ have +notime support. The logic is a bit backwards, but i think it works + +Upstream-Status: Backport from +[https://github.com/nhorman/rng-tools/pull/171/commits/c29424f10a0dcbd18ac25607fa1c81c18a960e81] + +Signed-off-by: Xiangyu Chen +--- + configure.ac | 6 ++--- + rngd_jitter.c | 61 +++ + 2 files changed, 50 insertions(+), 17 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 40008ca..2e12308 100644 +--- a/configure.ac b/configure.ac +@@ -94,9 +94,9 @@ AS_IF( + AC_SEARCH_LIBS(jent_version,jitterentropy, + [AM_CONDITIONAL([JITTER], [true]) + AC_DEFINE([HAVE_JITTER],1,[Enable JITTER]) +- AC_CHECK_LIB(jitterentropy, jent_entropy_switch_notime_impl, +- [AC_DEFINE([HAVE_JITTER_NOTIME],1,[Enable JITTER_NOTIME])], +- [],-lpthread)], ++ AC_CHECK_LIB(jitterentropy, jent_notime_init, ++ [], ++ [AC_DEFINE([HAVE_JITTER_NOTIME],1, [Enable JITTER_NOTIME])],-lpthread)], + AC_MSG_NOTICE([No Jitterentropy library found]),-lpthread) + ], [AC_MSG_NOTICE([Disabling JITTER entropy source])] + ) +diff --git a/rngd_jitter.c b/rngd_jitter.c +index d1b17ba..3647b7f 100644 +--- a/rngd_jitter.c b/rngd_jitter.c +@@ -400,6 +400,8 @@ int init_jitter_entropy_source(struct rng *ent_src) + int entflags = 0; + int ret; + int core_id = 0; ++ struct timespec base, now; ++ int rc; + + signal(SIGUSR1, jitter_
[OE-core] OE-core CVE metrics for kirkstone on Sun 27 Nov 2022 03:00:01 AM HST
Branch: kirkstone New this week: 0 CVEs Removed this week: 0 CVEs Full list: Found 26 unpatched CVEs CVE-2021-35937 (CVSS3: 6.4 MEDIUM): rpm:rpm-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35937 * CVE-2021-35938 (CVSS3: 7.8 HIGH): rpm:rpm-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35938 * CVE-2021-35939 (CVSS3: 7.8 HIGH): rpm:rpm-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35939 * CVE-2021-36369 (CVSS3: 7.5 HIGH): dropbear https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36369 * CVE-2022-2868 (CVSS3: 8.1 HIGH): tiff https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2868 * CVE-2022-2879 (CVSS3: 7.5 HIGH): go https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2879 * CVE-2022-2880 (CVSS3: 7.5 HIGH): go https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2880 * CVE-2022-3550 (CVSS3: 8.8 HIGH): xserver-xorg https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3550 * CVE-2022-3551 (CVSS3: 6.5 MEDIUM): xserver-xorg https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3551 * CVE-2022-3553 (CVSS3: 6.5 MEDIUM): xserver-xorg https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3553 * CVE-2022-3570 (CVSS3: 5.5 MEDIUM): tiff https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3570 * CVE-2022-3597 (CVSS3: 6.5 MEDIUM): tiff https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3597 * CVE-2022-3598 (CVSS3: 6.5 MEDIUM): tiff https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3598 * CVE-2022-3599 (CVSS3: 6.5 MEDIUM): tiff https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3599 * CVE-2022-3626 (CVSS3: 6.5 MEDIUM): tiff https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3626 * CVE-2022-3627 (CVSS3: 6.5 MEDIUM): tiff https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3627 * CVE-2022-3872 (CVSS3: 8.6 HIGH): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3872 * CVE-2022-39377 (CVSS3: 9.8 CRITICAL): sysstat https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-39377 * CVE-2022-3970 (CVSS3: 9.8 CRITICAL): tiff https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3970 * CVE-2022-4055 (CVSS3: 7.4 HIGH): xdg-utils https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4055 * CVE-2022-41715 (CVSS3: 7.5 HIGH): go https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41715 * CVE-2022-41716 (CVSS3: 7.5 HIGH): go https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41716 * CVE-2022-42915 (CVSS3: 9.8 CRITICAL): curl:curl-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-42915 * CVE-2022-42916 (CVSS3: 7.5 HIGH): curl:curl-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-42916 * CVE-2022-42919 (CVSS3: 7.8 HIGH): python3:python3-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-42919 * CVE-2022-45061 (CVSS3: 7.5 HIGH): python3:python3-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-45061 * For further information see: https://autobuilder.yocto.io/pub/non-release/patchmetrics/ -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#173841): https://lists.openembedded.org/g/openembedded-core/message/173841 Mute This Topic: https://lists.openembedded.org/mt/95288032/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] OE-core CVE metrics for dunfell on Sun 27 Nov 2022 02:30:01 AM HST
Branch: dunfell New this week: 1 CVEs CVE-2022-4055 (CVSS3: 7.4 HIGH): xdg-utils https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4055 * Removed this week: 0 CVEs Full list: Found 103 unpatched CVEs CVE-2020-15469 (CVSS3: 2.3 LOW): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15469 * CVE-2020-15705 (CVSS3: 6.4 MEDIUM): grub:grub-efi:grub-efi-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15705 * CVE-2020-15859 (CVSS3: 3.3 LOW): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15859 * CVE-2020-17380 (CVSS3: 6.3 MEDIUM): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17380 * CVE-2020-25742 (CVSS3: 3.2 LOW): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25742 * CVE-2020-25743 (CVSS3: 3.2 LOW): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25743 * CVE-2020-27749 (CVSS3: 6.7 MEDIUM): grub:grub-efi:grub-efi-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27749 * CVE-2020-27918 (CVSS3: 7.8 HIGH): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27918 * CVE-2020-29510 (CVSS3: 5.6 MEDIUM): go:go-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29510 * CVE-2020-29623 (CVSS3: 3.3 LOW): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29623 * CVE-2020-35503 (CVSS3: 6.0 MEDIUM): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35503 * CVE-2020-35504 (CVSS3: 6.0 MEDIUM): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35504 * CVE-2020-35505 (CVSS3: 4.4 MEDIUM): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35505 * CVE-2020-35506 (CVSS3: 6.7 MEDIUM): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35506 * CVE-2020-9948 (CVSS3: 8.8 HIGH): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9948 * CVE-2020-9951 (CVSS3: 8.8 HIGH): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9951 * CVE-2020-9952 (CVSS3: 7.1 HIGH): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9952 * CVE-2021-1765 (CVSS3: 6.5 MEDIUM): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1765 * CVE-2021-1789 (CVSS3: 8.8 HIGH): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1789 * CVE-2021-1799 (CVSS3: 6.5 MEDIUM): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1799 * CVE-2021-1801 (CVSS3: 6.5 MEDIUM): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1801 * CVE-2021-1870 (CVSS3: 9.8 CRITICAL): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1870 * CVE-2021-20225 (CVSS3: 6.7 MEDIUM): grub:grub-efi:grub-efi-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20225 * CVE-2021-20233 (CVSS3: 8.2 HIGH): grub:grub-efi:grub-efi-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20233 * CVE-2021-20269 (CVSS3: 5.5 MEDIUM): kexec-tools https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20269 * CVE-2021-20295 (CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20295 * CVE-2021-27097 (CVSS3: 7.8 HIGH): u-boot https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27097 * CVE-2021-27138 (CVSS3: 7.8 HIGH): u-boot https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27138 * CVE-2021-31879 (CVSS3: 6.1 MEDIUM): wget https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31879 * CVE-2021-33194 (CVSS3: 7.5 HIGH): go:go-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33194 * CVE-2021-33195 (CVSS3: 7.3 HIGH): go:go-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33195 * CVE-2021-33198 (CVSS3: 7.5 HIGH): go:go-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33198 * CVE-2021-3409 (CVSS3: 5.7 MEDIUM): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3409 * CVE-2021-3418 (CVSS3: 6.4 MEDIUM): grub:grub-efi:grub-efi-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3418 * CVE-2021-3445 (CVSS3: 7.5 HIGH): libdnf https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3445 * CVE-2021-3507 (CVSS3: 6.1 MEDIUM): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3507 * CVE-2021-3521 (CVSS3: 4.7 MEDIUM): rpm:rpm-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3521 * CVE-2021-35937 (CVSS3: 6.4 MEDIUM): rpm:rpm-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35937 * CVE-2021-35938 (CVSS3: 7.8 HIGH): rpm:rpm-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35938 * CVE-2021-35939 (C
[oe-core][PATCHv2] gcr: add recipe for gcr-4, needed to build with gtk4
gcr-3 recipe is still needed for gnome projects that stick to gtk+3, rename to
gcr3.
Signed-off-by: Markus Volk
---
...build-fix-one-parallel-build-failure.patch | 0
...1d02bb0148ca787ac4aead164d7c8ce2c4d8.patch | 0
.../gcr/{gcr_3.40.0.bb => gcr3_3.40.0.bb} | 8 ++-
meta/recipes-gnome/gcr/gcr_4.0.0.bb | 56 +++
4 files changed, 62 insertions(+), 2 deletions(-)
rename meta/recipes-gnome/gcr/{gcr =>
gcr3}/0001-gcr-meson.build-fix-one-parallel-build-failure.patch (100%)
rename meta/recipes-gnome/gcr/{gcr =>
gcr3}/b3ca1d02bb0148ca787ac4aead164d7c8ce2c4d8.patch (100%)
rename meta/recipes-gnome/gcr/{gcr_3.40.0.bb => gcr3_3.40.0.bb} (87%)
create mode 100644 meta/recipes-gnome/gcr/gcr_4.0.0.bb
diff --git
a/meta/recipes-gnome/gcr/gcr/0001-gcr-meson.build-fix-one-parallel-build-failure.patch
b/meta/recipes-gnome/gcr/gcr3/0001-gcr-meson.build-fix-one-parallel-build-failure.patch
similarity index 100%
rename from
meta/recipes-gnome/gcr/gcr/0001-gcr-meson.build-fix-one-parallel-build-failure.patch
rename to
meta/recipes-gnome/gcr/gcr3/0001-gcr-meson.build-fix-one-parallel-build-failure.patch
diff --git
a/meta/recipes-gnome/gcr/gcr/b3ca1d02bb0148ca787ac4aead164d7c8ce2c4d8.patch
b/meta/recipes-gnome/gcr/gcr3/b3ca1d02bb0148ca787ac4aead164d7c8ce2c4d8.patch
similarity index 100%
rename from
meta/recipes-gnome/gcr/gcr/b3ca1d02bb0148ca787ac4aead164d7c8ce2c4d8.patch
rename to
meta/recipes-gnome/gcr/gcr3/b3ca1d02bb0148ca787ac4aead164d7c8ce2c4d8.patch
diff --git a/meta/recipes-gnome/gcr/gcr_3.40.0.bb
b/meta/recipes-gnome/gcr/gcr3_3.40.0.bb
similarity index 87%
rename from meta/recipes-gnome/gcr/gcr_3.40.0.bb
rename to meta/recipes-gnome/gcr/gcr3_3.40.0.bb
index 917be5938b..5318768db6 100644
--- a/meta/recipes-gnome/gcr/gcr_3.40.0.bb
+++ b/meta/recipes-gnome/gcr/gcr3_3.40.0.bb
@@ -20,11 +20,15 @@ GTKDOC_MESON_OPTION = "gtk_doc"
inherit gnomebase gtk-icon-cache gtk-doc features_check
upstream-version-is-even vala gobject-introspection gettext mime mime-xdg
UPSTREAM_CHECK_REGEX =
"[^\d\.](?P\d+\.(?!9\d+)(\d*[02468])+(\.\d+)+)\.tar"
-SRC_URI += "file://0001-gcr-meson.build-fix-one-parallel-build-failure.patch \
-file://b3ca1d02bb0148ca787ac4aead164d7c8ce2c4d8.patch"
+SRC_URI = " \
+
https://download.gnome.org/sources/gcr/3.40/gcr-${PV}.tar.xz;name=archive \
+ file://0001-gcr-meson.build-fix-one-parallel-build-failure.patch \
+ file://b3ca1d02bb0148ca787ac4aead164d7c8ce2c4d8.patch"
SRC_URI[archive.sha256sum] =
"b9d3645a5fd953a54285cc64d4fc046736463dbd4dcc25caf5c7b59bed3027f5"
+S = "${WORKDIR}/gcr-${PV}"
+
PACKAGECONFIG ??= " \
${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'gtk', '', d)} \
${@bb.utils.contains('DISTRO_FEATURES', 'wayland', 'gtk', '', d)} \
diff --git a/meta/recipes-gnome/gcr/gcr_4.0.0.bb
b/meta/recipes-gnome/gcr/gcr_4.0.0.bb
new file mode 100644
index 00..fafc85e6a3
--- /dev/null
+++ b/meta/recipes-gnome/gcr/gcr_4.0.0.bb
@@ -0,0 +1,56 @@
+SUMMARY = "A library for bits of crypto UI and parsing etc"
+DESCRIPTION = "GCR is a library for displaying certificates, and crypto UI, \
+accessing key stores. It also provides the viewer for crypto files on the \
+GNOME desktop."
+HOMEPAGE = "https://gitlab.gnome.org/GNOME/gcr";
+BUGTRACKER = "https://gitlab.gnome.org/GNOME/gcr/issues";
+
+LICENSE = "GPL-2.0-only"
+LIC_FILES_CHKSUM = "file://COPYING;md5=55ca817ccb7d5b5b66355690e9abc605"
+
+DEPENDS = "p11-kit glib-2.0 libgcrypt gnupg-native libsecret \
+ ${@bb.utils.contains('GI_DATA_ENABLED', 'True', 'libxslt-native',
'', d)}"
+
+CACHED_CONFIGUREVARS += "ac_cv_path_GPG='gpg2'"
+
+CFLAGS += "-D_GNU_SOURCE"
+
+GNOMEBASEBUILDCLASS = "meson"
+GTKDOC_MESON_OPTION = "gtk_doc"
+inherit gnomebase gtk-icon-cache gtk-doc features_check
upstream-version-is-even vala gobject-introspection gettext mime mime-xdg
+UPSTREAM_CHECK_REGEX =
"[^\d\.](?P\d+\.(?!9\d+)(\d*[02468])+(\.\d+)+)\.tar"
+
+SRC_URI[archive.sha256sum] =
"c45855924f0ee7bab43e2dd38bfafd2ac815c6e9864341c0161e171173dcec7c"
+
+PACKAGECONFIG ??= " \
+ ${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)} \
+ ${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'gtk', '', d)} \
+ ${@bb.utils.contains('DISTRO_FEATURES', 'wayland', 'gtk', '', d)} \
+"
+PACKAGECONFIG[gtk] = "-Dgtk4=true,-Dgtk4=false,gtk4"
+PACKAGECONFIG[ssh_agent] = "-Dssh_agent=true,-Dssh_agent=false,,openssh"
+#'Use systemd socket activation for server programs'
+PACKAGECONFIG[systemd] = "-Dsystemd=enabled,-Dsystemd=disabled,systemd"
+
+FILES:${PN} += " \
+${datadir}/dbus-1 \
+${datadir}/gcr-4 \
+"
+
+# http://errors.yoctoproject.org/Errors/Details/20229/
+ARM_INSTRUCTION_SET:armv4 = "arm"
+ARM_INSTRUCTION_SET:armv5 = "arm"
+ARM_INSTRUCTION_SET:armv6 = "arm"
+
+EXTRA_OEMESON += "--cross-file ${WORKDIR}/meson-${PN}.cross"
+do_write_config:append() {
+cat >${WORKDIR}/meson-${PN}.cross <
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
[OE-core] OE-core CVE metrics for master on Sun 27 Nov 2022 02:00:01 AM HST
Branch: master New this week: 0 CVEs Removed this week: 0 CVEs Full list: Found 4 unpatched CVEs CVE-2022-3872 (CVSS3: 8.6 HIGH): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3872 * CVE-2022-3970 (CVSS3: 9.8 CRITICAL): tiff https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3970 * CVE-2022-4055 (CVSS3: 7.4 HIGH): xdg-utils https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4055 * CVE-2022-45061 (CVSS3: 7.5 HIGH): python3:python3-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-45061 * For further information see: https://autobuilder.yocto.io/pub/non-release/patchmetrics/ -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#173838): https://lists.openembedded.org/g/openembedded-core/message/173838 Mute This Topic: https://lists.openembedded.org/mt/95287326/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
