Re: [OE-core] [mickledore][PATCH] binutils: Fix CVE-2023-39128
Hi Sanjana, Thank-you for this patch. But, i feel this is not the right way to patch this vulnerability. No doubts the patch is released for binutils-gdb, but that is because the sources are merged. However, in our systems, the command gdb comes from gdb package and not from bintuils-gdb. Additional confirmation can also be obtained from bintuils configuration where we are disabling gdb from bintuils. So even after patching the vulnerability will exists as it not patched in gdb and where it is patched, the gdb is diasbled. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#187478): https://lists.openembedded.org/g/openembedded-core/message/187478 Mute This Topic: https://lists.openembedded.org/mt/101235381/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][mickledore][PATCH] gdb: Fix CVE-2023-39128
From: Siddharth Doshi Note: The Fix needs to be pushed in gdb rather than bintuils-gdb as we are disabling gdb in binutils configure. Upstream-Status: Backport from [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=033bc52bb6190393c8eed80925fa78cc35b40c6d] CVE: CVE-2023-39128 Signed-off-by: Siddharth Doshi --- meta/recipes-devtools/gdb/gdb.inc | 1 + .../gdb/gdb/0009-CVE-2023-39128.patch | 75 +++ 2 files changed, 76 insertions(+) create mode 100644 meta/recipes-devtools/gdb/gdb/0009-CVE-2023-39128.patch diff --git a/meta/recipes-devtools/gdb/gdb.inc b/meta/recipes-devtools/gdb/gdb.inc index e986b1a1f9..2437a96ae7 100644 --- a/meta/recipes-devtools/gdb/gdb.inc +++ b/meta/recipes-devtools/gdb/gdb.inc @@ -14,6 +14,7 @@ SRC_URI = "${GNU_MIRROR}/gdb/gdb-${PV}.tar.xz \ file://0007-Fix-invalid-sigprocmask-call.patch \ file://0008-Define-alignof-using-_Alignof-when-using-C11-or-newe.patch \ file://add-missing-ldflags.patch \ + file://0009-CVE-2023-39128.patch \ " SRC_URI[sha256sum] = "fd5bebb7be1833abdb6e023c2f498a354498281df9d05523d8915babeb893f0a" diff --git a/meta/recipes-devtools/gdb/gdb/0009-CVE-2023-39128.patch b/meta/recipes-devtools/gdb/gdb/0009-CVE-2023-39128.patch new file mode 100644 index 00..88e39eaa59 --- /dev/null +++ b/meta/recipes-devtools/gdb/gdb/0009-CVE-2023-39128.patch @@ -0,0 +1,75 @@ +From 033bc52bb6190393c8eed80925fa78cc35b40c6d Mon Sep 17 00:00:00 2001 +From: Tom Tromey +Date: Wed, 16 Aug 2023 11:29:19 -0600 +Subject: [PATCH] Avoid buffer overflow in ada_decode + +A bug report pointed out a buffer overflow in ada_decode, which Keith +helpfully analyzed. ada_decode had a logic error when the input was +all digits. While this isn't valid -- and would probably only appear +in fuzzer tests -- it still should be handled properly. + +This patch adds a missing bounds check. Tested with the self-tests in +an asan build. + +Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=30639 +Reviewed-by: Keith Seitz + +Upstream-Status: Backport from [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=033bc52bb6190393c8eed80925fa78cc35b40c6d] +CVE: CVE-2023-39128 +Signed-off-by: Siddharth Doshi +--- + gdb/ada-lang.c | 19 ++- + 1 file changed, 18 insertions(+), 1 deletion(-) + +diff --git a/gdb/ada-lang.c b/gdb/ada-lang.c +index 40f8591..06ac46b 100644 +--- a/gdb/ada-lang.c b/gdb/ada-lang.c +@@ -57,6 +57,7 @@ + #include "cli/cli-utils.h" + #include "gdbsupport/function-view.h" + #include "gdbsupport/byte-vector.h" ++#include "gdbsupport/selftest.h" + #include + #include "ada-exp.h" + #include "charset.h" +@@ -1388,7 +1389,7 @@ ada_decode (const char *encoded, bool wrap, bool operators) + i -= 1; + if (i > 1 && encoded[i] == '_' && encoded[i - 1] == '_') + len0 = i - 1; +- else if (encoded[i] == '$') ++ else if (i >= 0 && encoded[i] == '$') + len0 = i; + } + +@@ -1585,6 +1586,18 @@ ada_decode (const char *encoded, bool wrap, bool operators) + return decoded; + } + ++#ifdef GDB_SELF_TEST ++ ++static void ++ada_decode_tests () ++{ ++ /* This isn't valid, but used to cause a crash. PR gdb/30639. The ++ result does not really matter very much. */ ++ SELF_CHECK (ada_decode ("44") == "44"); ++} ++ ++#endif ++ + /* Table for keeping permanent unique copies of decoded names. Once +allocated, names in this table are never released. While this is a +storage leak, it should not be significant unless there are massive +@@ -14084,4 +14097,8 @@ DWARF attribute."), + gdb::observers::new_objfile.attach (ada_new_objfile_observer, "ada-lang"); + gdb::observers::free_objfile.attach (ada_free_objfile_observer, "ada-lang"); + gdb::observers::inferior_exit.attach (ada_inferior_exit, "ada-lang"); ++ ++#ifdef GDB_SELF_TEST ++ selftests::register_test ("ada-decode", ada_decode_tests); ++#endif + } +-- +2.25.1 + -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#187479): https://lists.openembedded.org/g/openembedded-core/message/187479 Mute This Topic: https://lists.openembedded.org/mt/101288288/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone][PATCH] sysklogd: fix integration with systemd-journald
From: Changqing Li Fix an issue with early log messages being lost when running in systemd. Signed-off-by: Changqing Li Signed-off-by: Steve Sakoman --- ...KillMode-process-is-not-recommended-.patch | 33 ...-messages-lost-when-running-in-syste.patch | 75 +++ .../sysklogd/sysklogd_2.3.0.bb| 2 + 3 files changed, 110 insertions(+) create mode 100644 meta/recipes-extended/sysklogd/files/0001-syslogd.service-KillMode-process-is-not-recommended-.patch create mode 100644 meta/recipes-extended/sysklogd/files/0002-Fix-62-early-log-messages-lost-when-running-in-syste.patch diff --git a/meta/recipes-extended/sysklogd/files/0001-syslogd.service-KillMode-process-is-not-recommended-.patch b/meta/recipes-extended/sysklogd/files/0001-syslogd.service-KillMode-process-is-not-recommended-.patch new file mode 100644 index 00..6c7e7cea44 --- /dev/null +++ b/meta/recipes-extended/sysklogd/files/0001-syslogd.service-KillMode-process-is-not-recommended-.patch @@ -0,0 +1,33 @@ +From b732dd0001c66f3ff1e0aef919c84ca9f0f81252 Mon Sep 17 00:00:00 2001 +From: Joachim Wiberg +Date: Sat, 22 Apr 2023 07:40:24 +0200 +Subject: [PATCH 1/2] syslogd.service: KillMode=process is not recommended, + drop + +The default 'control-group' ensures all processes started by sysklogd +are stopped when the service is stopped, this is what we want. + +Signed-off-by: Joachim Wiberg + +Upstream-Status: Backport [https://github.com/troglobit/sysklogd/commit/c82c004de7e25e770039cba5d6a34c30dd548533] + +Signed-off-by: Changqing Li +--- + syslogd.service.in | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/syslogd.service.in b/syslogd.service.in +index 91e080a..d614c5f 100644 +--- a/syslogd.service.in b/syslogd.service.in +@@ -9,7 +9,6 @@ EnvironmentFile=-@SYSCONFDIR@/default/syslogd + ExecStart=@SBINDIR@/syslogd -F -p /run/systemd/journal/syslog $SYSLOGD_OPTS + StandardOutput=null + Restart=on-failure +-KillMode=process + + [Install] + WantedBy=multi-user.target +-- +2.25.1 + diff --git a/meta/recipes-extended/sysklogd/files/0002-Fix-62-early-log-messages-lost-when-running-in-syste.patch b/meta/recipes-extended/sysklogd/files/0002-Fix-62-early-log-messages-lost-when-running-in-syste.patch new file mode 100644 index 00..78ae57eeeb --- /dev/null +++ b/meta/recipes-extended/sysklogd/files/0002-Fix-62-early-log-messages-lost-when-running-in-syste.patch @@ -0,0 +1,75 @@ +From ba8156eab79784ef816958327e701923890e98f7 Mon Sep 17 00:00:00 2001 +From: Joachim Wiberg +Date: Sat, 22 Apr 2023 08:27:57 +0200 +Subject: [PATCH 2/2] Fix #62: early log messages lost when running in systemd + +This is a follow-up to d7576c7 which initially added support for running +in systemd based systems. Since the unit file sources the syslog.socket +we have /run/systemd/journal/syslog open already on descriptor 3. All +we need to do is verify that's the mode syslogd runs in. + +Signed-off-by: Joachim Wiberg + +Upstream-Status: Backport [https://github.com/troglobit/sysklogd/commit/7ec64e5f9c1bc284792d028647fb36ef3e64dff7] + +Signed-off-by: Changqing Li +--- + src/syslogd.c | 21 +++-- + syslogd.service.in | 2 +- + 2 files changed, 16 insertions(+), 7 deletions(-) + +diff --git a/src/syslogd.c b/src/syslogd.c +index fa4303f..e96ca9a 100644 +--- a/src/syslogd.c b/src/syslogd.c +@@ -162,6 +162,7 @@ voiduntty(void); + static void parsemsg(const char *from, char *msg); + static int opensys(const char *file); + static void printsys(char *msg); ++static void unix_cb(int sd, void *arg); + static void logmsg(struct buf_msg *buffer); + static void fprintlog_first(struct filed *f, struct buf_msg *buffer); + static void fprintlog_successive(struct filed *f, int flags); +@@ -436,12 +437,20 @@ int main(int argc, char *argv[]) + .pe_serv = "syslog", + }); + +- /* Default to _PATH_LOG for the UNIX domain socket */ +- if (!pflag) +- addpeer(&(struct peer) { +- .pe_name = _PATH_LOG, +- .pe_mode = 0666, +- }); ++ /* Figure out where to read system log messages from */ ++ if (!pflag) { ++ /* Do we run under systemd-journald (Requires=syslog.socket)? */ ++ if (fcntl(3, F_GETFD) != -1) { ++ if (socket_register(3, NULL, unix_cb, NULL) == -1) ++ err(1, "failed registering syslog.socket (3)"); ++ } else { ++ /* Default to _PATH_LOG for the UNIX domain socket */ ++ addpeer(&(struct peer) { ++ .pe_name = _PATH_LOG, ++ .pe_mode = 0666, ++ }); ++ } ++ } + + if (!Foreground && !Debug) { + ppid = waitdaemon(30); +diff --git a/syslogd.service.in b/syslogd.ser
Re: [OE-core] [kirkstone][PATCH] sysklogd: fix integration with systemd-journald
opps. Please ignore this. Sent by mistake. Apologies for the error. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#187481): https://lists.openembedded.org/g/openembedded-core/message/187481 Mute This Topic: https://lists.openembedded.org/mt/101288296/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone][PATCH] gdb: Fix CVE-2023-39128
From: Siddharth Doshi Note: The Fix needs to be pushed in gdb rather than bintuils-gdb as we are disabling gdb in binutils configure. Upstream-Status: Backport from [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=033bc52bb6190393c8eed80925fa78cc35b40c6d] CVE: CVE-2023-39128 Signed-off-by: Siddharth Doshi --- meta/recipes-devtools/gdb/gdb.inc | 1 + .../gdb/gdb/0011-CVE-2023-39128.patch | 75 +++ 2 files changed, 76 insertions(+) create mode 100644 meta/recipes-devtools/gdb/gdb/0011-CVE-2023-39128.patch diff --git a/meta/recipes-devtools/gdb/gdb.inc b/meta/recipes-devtools/gdb/gdb.inc index 649ee28727..099bd2d8f5 100644 --- a/meta/recipes-devtools/gdb/gdb.inc +++ b/meta/recipes-devtools/gdb/gdb.inc @@ -14,5 +14,6 @@ SRC_URI = "${GNU_MIRROR}/gdb/gdb-${PV}.tar.xz \ file://0008-resolve-restrict-keyword-conflict.patch \ file://0009-Fix-invalid-sigprocmask-call.patch \ file://0010-gdbserver-ctrl-c-handling.patch \ + file://0011-CVE-2023-39128.patch \ " SRC_URI[sha256sum] = "1497c36a71881b8671a9a84a0ee40faab788ca30d7ba19d8463c3cc787152e32" diff --git a/meta/recipes-devtools/gdb/gdb/0011-CVE-2023-39128.patch b/meta/recipes-devtools/gdb/gdb/0011-CVE-2023-39128.patch new file mode 100644 index 00..53b49cb21d --- /dev/null +++ b/meta/recipes-devtools/gdb/gdb/0011-CVE-2023-39128.patch @@ -0,0 +1,75 @@ +From 033bc52bb6190393c8eed80925fa78cc35b40c6d Mon Sep 17 00:00:00 2001 +From: Tom Tromey +Date: Wed, 16 Aug 2023 11:29:19 -0600 +Subject: [PATCH] Avoid buffer overflow in ada_decode + +A bug report pointed out a buffer overflow in ada_decode, which Keith +helpfully analyzed. ada_decode had a logic error when the input was +all digits. While this isn't valid -- and would probably only appear +in fuzzer tests -- it still should be handled properly. + +This patch adds a missing bounds check. Tested with the self-tests in +an asan build. + +Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=30639 +Reviewed-by: Keith Seitz + +Upstream-Status: Backport from [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=033bc52bb6190393c8eed80925fa78cc35b40c6d] +CVE: CVE-2023-39128 +Signed-off-by: Siddharth Doshi +--- + gdb/ada-lang.c | 19 ++- + 1 file changed, 18 insertions(+), 1 deletion(-) + +diff --git a/gdb/ada-lang.c b/gdb/ada-lang.c +index 70a2b44..f682302 100644 +--- a/gdb/ada-lang.c b/gdb/ada-lang.c +@@ -57,6 +57,7 @@ + #include "cli/cli-utils.h" + #include "gdbsupport/function-view.h" + #include "gdbsupport/byte-vector.h" ++#include "gdbsupport/selftest.h" + #include + #include "ada-exp.h" + +@@ -1057,7 +1058,7 @@ ada_decode (const char *encoded, bool wrap) + i -= 1; + if (i > 1 && encoded[i] == '_' && encoded[i - 1] == '_') + len0 = i - 1; +- else if (encoded[i] == '$') ++ else if (i >= 0 && encoded[i] == '$') + len0 = i; + } + +@@ -1225,6 +1226,18 @@ ada_decode (const char *encoded, bool wrap) + return decoded; + } + ++#ifdef GDB_SELF_TEST ++ ++static void ++ada_decode_tests () ++{ ++ /* This isn't valid, but used to cause a crash. PR gdb/30639. The ++ result does not really matter very much. */ ++ SELF_CHECK (ada_decode ("44") == "44"); ++} ++ ++#endif ++ + /* Table for keeping permanent unique copies of decoded names. Once +allocated, names in this table are never released. While this is a +storage leak, it should not be significant unless there are massive +@@ -13497,4 +13510,8 @@ DWARF attribute."), + gdb::observers::new_objfile.attach (ada_new_objfile_observer, "ada-lang"); + gdb::observers::free_objfile.attach (ada_free_objfile_observer, "ada-lang"); + gdb::observers::inferior_exit.attach (ada_inferior_exit, "ada-lang"); ++ ++#ifdef GDB_SELF_TEST ++ selftests::register_test ("ada-decode", ada_decode_tests); ++#endif + } +-- +2.35.7 + -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#187482): https://lists.openembedded.org/g/openembedded-core/message/187482 Mute This Topic: https://lists.openembedded.org/mt/101288329/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [yocto-security] [OE-core] OE-core CVE metrics for master on Sun 10 Sep 2023 01:00:01 AM HST
On 10 Sep 2023, at 16:54, Marta Rybczynska via lists.yoctoproject.org wrote: > On Sun, 10 Sept 2023, 17:14 Khem Raj, wrote: > On Sun, Sep 10, 2023 at 4:18 AM Steve Sakoman wrote: > > > > Branch: master > > > > New this week: 10 CVEs > > CVE-2022-3563 (CVSS3: 5.7 MEDIUM): bluez5 > > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3563 * > > CVE-2022-3637 (CVSS3: 5.5 MEDIUM): bluez5 > > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3637 * > > These two are addressed in the 5.69 release which is already in > master. So I wonder how the CVE scanner missed it. > > The NVD entry does not include any version numbers, so all bluez versions are > matched as vulnerable. Have you mailed them? Can do it if you haven't. I mailed them last week when I noticed this. Ironically this was my fault: these were listed as kernel issues so got the CPE changed to refer to bluez instead of the kernel. :) Ross -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#187483): https://lists.openembedded.org/g/openembedded-core/message/187483 Mute This Topic: https://lists.openembedded.org/mt/101288676/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 0/1] libxcrypt-compat: Remove libcrypt.so to fix conflict with libcrypt
The following changes since commit 03d37854b1dacbecd2c522821c59ef01d9bd305c: build-appliance-image: Update to master head revision (2023-09-10 09:03:42 +0100) are available in the Git repository at: https://git.openembedded.org/openembedded-core-contrib rbt/crypt https://git.openembedded.org/openembedded-core-contrib/log/?h=rbt/crypt Robert Yang (1): libxcrypt-compat: Remove libcrypt.so to fix conflict with libcrypt meta/recipes-core/libxcrypt/libxcrypt-compat_4.4.36.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- 2.39.0 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#187484): https://lists.openembedded.org/g/openembedded-core/message/187484 Mute This Topic: https://lists.openembedded.org/mt/101288924/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 1/1] libxcrypt-compat: Remove libcrypt.so to fix conflict with libcrypt
Fixed: IMAGE_INSTALL:append = " libxcrypt-compat" $ bitbake -cpopulate_sdk file /usr/lib/libcrypt.so from install of libxcrypt-compat-dev-4.4.33-r0.0.aarch64 conflicts with file from package libcrypt-dev-4.4.33-r0.2.aarch64 Remove libcrypt.so like other files to fix the error. Signed-off-by: Robert Yang --- meta/recipes-core/libxcrypt/libxcrypt-compat_4.4.36.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-core/libxcrypt/libxcrypt-compat_4.4.36.bb b/meta/recipes-core/libxcrypt/libxcrypt-compat_4.4.36.bb index ec9f9f4fa3..d5546ce9ba 100644 --- a/meta/recipes-core/libxcrypt/libxcrypt-compat_4.4.36.bb +++ b/meta/recipes-core/libxcrypt/libxcrypt-compat_4.4.36.bb @@ -13,6 +13,6 @@ API = "--enable-obsolete-api" do_install:append () { rm -rf ${D}${includedir} rm -rf ${D}${libdir}/pkgconfig + rm -rf ${D}${libdir}/libcrypt.so rm -rf ${D}${datadir} } - -- 2.39.0 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#187485): https://lists.openembedded.org/g/openembedded-core/message/187485 Mute This Topic: https://lists.openembedded.org/mt/101288925/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 1/3] packagegroup-core-x11-xserver: add modesetting driver to default XSERVER
From: Ross Burton On modern systems, both real and virtual hardware, the modesetting driver is preferred over the dumb framebuffer driver as it is more functional and is essentially the default Xorg video driver. Signed-off-by: Ross Burton --- .../packagegroups/packagegroup-core-x11-xserver.bb | 5 - 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/meta/recipes-graphics/packagegroups/packagegroup-core-x11-xserver.bb b/meta/recipes-graphics/packagegroups/packagegroup-core-x11-xserver.bb index 3bb308fbba4..b1087859311 100644 --- a/meta/recipes-graphics/packagegroups/packagegroup-core-x11-xserver.bb +++ b/meta/recipes-graphics/packagegroups/packagegroup-core-x11-xserver.bb @@ -11,7 +11,10 @@ inherit packagegroup features_check # rdepends on XSERVER REQUIRED_DISTRO_FEATURES = "x11" -XSERVER ?= "xserver-xorg xf86-video-fbdev" +XSERVER ?= "xserver-xorg \ +xf86-video-fbdev \ +xf86-video-modesetting \ +" XSERVERCODECS ?= "" RDEPENDS:${PN} = "\ -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#187486): https://lists.openembedded.org/g/openembedded-core/message/187486 Mute This Topic: https://lists.openembedded.org/mt/101289849/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 2/3] beaglebone-yocto: remove redundant XSERVER assignment
From: Ross Burton The default XSERVER value is good enough for this BSP, so we don't need to set it explicitly. Signed-off-by: Ross Burton --- meta-yocto-bsp/conf/machine/beaglebone-yocto.conf | 3 --- 1 file changed, 3 deletions(-) diff --git a/meta-yocto-bsp/conf/machine/beaglebone-yocto.conf b/meta-yocto-bsp/conf/machine/beaglebone-yocto.conf index 362f6e040e7..8b67cefef70 100644 --- a/meta-yocto-bsp/conf/machine/beaglebone-yocto.conf +++ b/meta-yocto-bsp/conf/machine/beaglebone-yocto.conf @@ -3,9 +3,6 @@ #@DESCRIPTION: Reference machine configuration for http://beagleboard.org/bone and http://beagleboard.org/black boards PREFERRED_PROVIDER_virtual/xserver ?= "xserver-xorg" -XSERVER ?= "xserver-xorg \ - xf86-video-modesetting \ - " MACHINE_EXTRA_RRECOMMENDS = "kernel-modules kernel-devicetree" -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#187487): https://lists.openembedded.org/g/openembedded-core/message/187487 Mute This Topic: https://lists.openembedded.org/mt/101289850/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 3/3] machine/qemu*: add modesetting drivers to XSERVER
From: Ross Burton The modesetting driver works well in qemu, so install it by default. The plain framebuffer has been buggy in recent 6.4 kernels, a sign that it's not getting much testing. The Xorg modesetting driver that can use more powerful virtualised hardware is much better. We override the default XSERVER because we want to pull in the GLX extension to exercise that. Signed-off-by: Ross Burton --- meta/conf/machine/include/qemu.inc | 1 + 1 file changed, 1 insertion(+) diff --git a/meta/conf/machine/include/qemu.inc b/meta/conf/machine/include/qemu.inc index 0d71bcbbad0..14feb867906 100644 --- a/meta/conf/machine/include/qemu.inc +++ b/meta/conf/machine/include/qemu.inc @@ -8,6 +8,7 @@ PREFERRED_PROVIDER_virtual/libgles3 ?= "mesa" XSERVER ?= "xserver-xorg \ ${@bb.utils.contains('DISTRO_FEATURES', 'opengl', 'mesa-driver-swrast xserver-xorg-extension-glx', '', d)} \ xf86-video-fbdev \ +xf86-video-modesetting \ " MACHINE_FEATURES = "alsa bluetooth usbgadget screen vfat" -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#187488): https://lists.openembedded.org/g/openembedded-core/message/187488 Mute This Topic: https://lists.openembedded.org/mt/101289851/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core][PATCH v6 12/12] docs: cover devtool ide
Hi Andrian Many thanks for the documentation patch! Copying the docs@ mailing list... On 10.09.23 at 17:52, Adrian Freihofer wrote: Signed-off-by: Adrian Freihofer --- documentation/sdk-manual/extensible.rst | 97 - 1 file changed, 96 insertions(+), 1 deletion(-) diff --git a/documentation/sdk-manual/extensible.rst b/documentation/sdk-manual/extensible.rst index 9e08e57a4e7..d05d4e36aa7 100644 --- a/documentation/sdk-manual/extensible.rst +++ b/documentation/sdk-manual/extensible.rst @@ -237,7 +237,7 @@ all the commands. devtool quick reference. -Three ``devtool`` subcommands provide entry-points into +Four ``devtool`` subcommands provide entry-points into development: - *devtool add*: Assists in adding new software to be built. @@ -245,6 +245,8 @@ development: - *devtool modify*: Sets up an environment to enable you to modify the source of an existing component. +- *devtool ide*: Generates a configuration for an IDE. + - *devtool upgrade*: Updates an existing recipe so that you can build it for an updated set of source files. @@ -632,6 +634,99 @@ command: proceed with your work. If you do use this command, realize that the source tree is preserved. +Use ``devtool ide`` to generate an configuration for the IDE s/an configuration/a configuration/ + + +``devtool ide`` automatically configures the IDE for cross-compiling and remote debugging. +The IDE is configured to call for example cmake directly. This has several advantages. +First of all it is much faster than using e.g. ``devtool build``. But it also allows to +use the very good integration of build tools like cmake or gdb with VSCode directly. For consistency with the other parts of the manual, it would be better to use: * CMake or ``cmake`` * GDB or ``gdb`` + +Two different use cases are supported: + +- Generate the IDE configuration for a workspace created by ``devtool modify``. + +- Generate the IDE configuration for using a cross-toolchain as provided by + ``bitbake meta-ide-support build-sysroots``. + +Assuming the development environment is set up correctly and a workspace has been created +for the recipe using ``devtool modify recipe``, the following command can create the +configuration for VSCode in the recipe workspace: You should have "::" at the end of the line here. That's how a blockquote is introduced. + + $ devtool ide recipe core-image-minimal --target root@192.168.7.2 + +What this command does exactly depends on the recipe or the build tool used by the recipe. +Currently, only CMake and Meson are supported natively. + +For a recipe which inherits cmake it does: + +- Prepare the SDK by calling bitbake core-image-minimal, gdb-cross, qemu-native... ``bitbake core-image-minimal``, ``gdb-cross``, ``qemu-native``. + +- Generate a cmake-preset with configures cmake to use exactly the same environent and + the same cmake-cache configuration as used by ``bitbake recipe``. The cmake-preset referres + to the per-recipe-sysroot of the recipe. + + Currently Configure, Build and Test presets are supported. Test presets execute the test + binaries with Qemu. Missing ":" before the bullet list? + +- Generates a helper script to handle the do_install with pseudo s/the do_install/``do_install``/? + +- Generates some helper scripts to start the gdbserver on the target device s/the gdbserver/``gdbserver``/? + +- Generates the ``.vscode`` folder containing the following files: + + - c_ccp_properties.json: configure the code navigation + + - extensions.json: Recommend the extensions which are used. + + - launch.json: Provide a configuration for remote debugging with gdb-cross and gdbserver. +The debug-symbols are searched in the build-folder, the per-recipe-sysroot and the rootfs-dbg +folder which is provided by the image. + + - settings.json: confgure the indexer to ignore the build folders + + - tasks.json: Provide some helpers for running + +- do_install and ``devtool deploy-target`` + +- start the gdbserver via ssh You also need double backquotes in the filenames above. + +For a recipe which inherits meson a similar configuration is generated. +Because there is nothing like a meson-preset a wrapper script for meson is generated. + +For some special recipes and use cases a per-recipe-sysroot based SDK is not suitable. +Therefore devtool ide also supports setting up the shared sysroots environment and generating +a IDE configurations referring to the shared sysroots. Recipes leading to a shared sysroot +are for example meta-ide-support or shared-sysroots. Also passing none as a recipe name leads +to a shared sysroot SDK. Same here, "::" at the end of the line. Don't hesitate to submit a V2 of this one, and ping me when your code patches are merged. Thanks again for your help with the documentation! Ch
[OE-core] [PATCH 2/2] openssh: improve banner ptest failure logging
Log the input and output banner files. Output seems to contain more lines than input which fails the test but it's not clear what is in there from the ssh command stderr. So print them out to dig deeper into the root cause. Upstream rejected previous logging patch so they will likely do the same for this: https://github.com/openssh/openssh-portable/pull/437 Reference: https://bugzilla.yoctoproject.org/show_bug.cgi?id=15178 Signed-off-by: Mikko Rapeli --- ...h-log-input-and-output-files-on-erro.patch | 61 +++ .../openssh/openssh_9.4p1.bb | 1 + 2 files changed, 62 insertions(+) create mode 100644 meta/recipes-connectivity/openssh/openssh/0001-regress-banner.sh-log-input-and-output-files-on-erro.patch diff --git a/meta/recipes-connectivity/openssh/openssh/0001-regress-banner.sh-log-input-and-output-files-on-erro.patch b/meta/recipes-connectivity/openssh/openssh/0001-regress-banner.sh-log-input-and-output-files-on-erro.patch new file mode 100644 index 00..2c14014fed --- /dev/null +++ b/meta/recipes-connectivity/openssh/openssh/0001-regress-banner.sh-log-input-and-output-files-on-erro.patch @@ -0,0 +1,61 @@ +From f5a4dacc987ca548fc86577c2dba121c86da3c34 Mon Sep 17 00:00:00 2001 +From: Mikko Rapeli +Date: Mon, 11 Sep 2023 09:55:21 +0100 +Subject: [PATCH] regress/banner.sh: log input and output files on error + +Some test environments like yocto with qemu are seeing these +tests failing. There may be additional error messages in the +stderr of ssh cloent command. busybox cmp shows this error when +first input file has less new line characters then second +input file: + +cmp: EOF on /usr/lib/openssh/ptest/regress/banner.in + +Logging the full banner.out will show what other error messages +are captured in addition of the expected banner. + +Full log of a failing banner test runs is: + +run test banner.sh ... +test banner: missing banner file +test banner: size 0 +cmp: EOF on /usr/lib/openssh/ptest/regress/banner.in +banner size 0 mismatch +test banner: size 10 +test banner: size 100 +cmp: EOF on /usr/lib/openssh/ptest/regress/banner.in +banner size 100 mismatch +test banner: size 1000 +test banner: size 1 +test banner: size 10 +test banner: suppress banner (-q) +FAIL: banner +return value: 1 + +See: https://bugzilla.yoctoproject.org/show_bug.cgi?id=15178 + +Signed-off-by: Mikko Rapeli +--- + regress/banner.sh | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +Upstream-Status: Denied [https://github.com/openssh/openssh-portable/pull/437] + +diff --git a/regress/banner.sh b/regress/banner.sh +index a84feb5a..de84957a 100644 +--- a/regress/banner.sh b/regress/banner.sh +@@ -32,7 +32,9 @@ for s in 0 10 100 1000 1 10 ; do + verbose "test $tid: size $s" + ( ${SSH} -F $OBJ/ssh_proxy otherhost true 2>$OBJ/banner.out && \ + cmp $OBJ/banner.in $OBJ/banner.out ) || \ +- fail "banner size $s mismatch" ++ ( verbose "Contents of $OBJ/banner.in:"; cat $OBJ/banner.in; \ ++verbose "Contents of $OBJ/banner.out:"; cat $OBJ/banner.out; \ ++fail "banner size $s mismatch" ) + done + + trace "test suppress banner (-q)" +-- +2.34.1 + diff --git a/meta/recipes-connectivity/openssh/openssh_9.4p1.bb b/meta/recipes-connectivity/openssh/openssh_9.4p1.bb index 2c85780e4d..1cf6937038 100644 --- a/meta/recipes-connectivity/openssh/openssh_9.4p1.bb +++ b/meta/recipes-connectivity/openssh/openssh_9.4p1.bb @@ -25,6 +25,7 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar file://sshd_check_keys \ file://add-test-support-for-busybox.patch \ file://0001-openssh-regress-Makefile-print-logs-if-test-fails.patch \ + file://0001-regress-banner.sh-log-input-and-output-files-on-erro.patch \ " SRC_URI[sha256sum] = "3608fd9088db2163ceb3e600c85ab79d0de3d221e59192ea1923e23263866a85" -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#187491): https://lists.openembedded.org/g/openembedded-core/message/187491 Mute This Topic: https://lists.openembedded.org/mt/101292700/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 1/2] openssh: update Upstream-Status to Denied in test logging patch
Upstream rejected the change: https://github.com/openssh/openssh-portable/pull/437 Signed-off-by: Mikko Rapeli --- ...0001-openssh-regress-Makefile-print-logs-if-test-fails.patch | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-connectivity/openssh/openssh/0001-openssh-regress-Makefile-print-logs-if-test-fails.patch b/meta/recipes-connectivity/openssh/openssh/0001-openssh-regress-Makefile-print-logs-if-test-fails.patch index baa68dc6ff..3355ac4f23 100644 --- a/meta/recipes-connectivity/openssh/openssh/0001-openssh-regress-Makefile-print-logs-if-test-fails.patch +++ b/meta/recipes-connectivity/openssh/openssh/0001-openssh-regress-Makefile-print-logs-if-test-fails.patch @@ -14,7 +14,7 @@ Signed-off-by: Mikko Rapeli regress/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -Upstream-Status: Submitted [https://github.com/openssh/openssh-portable/pull/437] +Upstream-Status: Denied [https://github.com/openssh/openssh-portable/pull/437] diff --git a/regress/Makefile b/regress/Makefile index d80bf59..a972dff 100644 -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#187490): https://lists.openembedded.org/g/openembedded-core/message/187490 Mute This Topic: https://lists.openembedded.org/mt/101292699/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH 16/17] build-sysroots.bb: run tasks one after the other
On Thu, 7 Sept 2023 at 14:04, Richard Purdie wrote: > See meta/conf/distro/include/no-static-libs.inc which does things like: > > meta/conf/distro/include/no-static-libs.inc:DISABLE_STATIC:pn-openssl-native > = "" > meta/conf/distro/include/no-static-libs.inc:DISABLE_STATIC:pn-nativesdk-openssl > = "" > > I wasn't sure how easy the shadow patch would be, that is hopefully the > main tricky part. sqlite-native used to be built allowing static for > pseudo iirc but I don't think we need to do that there any more. I poked around at passing options from the shadow recipe, but couldn't arrive at a working combination. libtool and automake insert too many abstraction layers on the way to the linker invocation. So there has to be a custom, most likely non-upstreamable patch for Makefile.am files all over the place, which I think is worse than manually unrolling setscene dependencies. Alex -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#187492): https://lists.openembedded.org/g/openembedded-core/message/187492 Mute This Topic: https://lists.openembedded.org/mt/101197363/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH 2/2] openssh: improve banner ptest failure logging
We can probably output the logs from run-ptest as upstream suggested? That'd avoid having to carry a rejected patch, even if it can be removed (maybe) after the issue is fixed. Alex On Mon, 11 Sept 2023 at 15:40, Mikko Rapeli wrote: > > Log the input and output banner files. Output seems to > contain more lines than input which fails the test but > it's not clear what is in there from the ssh command > stderr. So print them out to dig deeper into the root > cause. > > Upstream rejected previous logging patch so they will likely > do the same for this: > https://github.com/openssh/openssh-portable/pull/437 > > Reference: https://bugzilla.yoctoproject.org/show_bug.cgi?id=15178 > > Signed-off-by: Mikko Rapeli > --- > ...h-log-input-and-output-files-on-erro.patch | 61 +++ > .../openssh/openssh_9.4p1.bb | 1 + > 2 files changed, 62 insertions(+) > create mode 100644 > meta/recipes-connectivity/openssh/openssh/0001-regress-banner.sh-log-input-and-output-files-on-erro.patch > > diff --git > a/meta/recipes-connectivity/openssh/openssh/0001-regress-banner.sh-log-input-and-output-files-on-erro.patch > > b/meta/recipes-connectivity/openssh/openssh/0001-regress-banner.sh-log-input-and-output-files-on-erro.patch > new file mode 100644 > index 00..2c14014fed > --- /dev/null > +++ > b/meta/recipes-connectivity/openssh/openssh/0001-regress-banner.sh-log-input-and-output-files-on-erro.patch > @@ -0,0 +1,61 @@ > +From f5a4dacc987ca548fc86577c2dba121c86da3c34 Mon Sep 17 00:00:00 2001 > +From: Mikko Rapeli > +Date: Mon, 11 Sep 2023 09:55:21 +0100 > +Subject: [PATCH] regress/banner.sh: log input and output files on error > + > +Some test environments like yocto with qemu are seeing these > +tests failing. There may be additional error messages in the > +stderr of ssh cloent command. busybox cmp shows this error when > +first input file has less new line characters then second > +input file: > + > +cmp: EOF on /usr/lib/openssh/ptest/regress/banner.in > + > +Logging the full banner.out will show what other error messages > +are captured in addition of the expected banner. > + > +Full log of a failing banner test runs is: > + > +run test banner.sh ... > +test banner: missing banner file > +test banner: size 0 > +cmp: EOF on /usr/lib/openssh/ptest/regress/banner.in > +banner size 0 mismatch > +test banner: size 10 > +test banner: size 100 > +cmp: EOF on /usr/lib/openssh/ptest/regress/banner.in > +banner size 100 mismatch > +test banner: size 1000 > +test banner: size 1 > +test banner: size 10 > +test banner: suppress banner (-q) > +FAIL: banner > +return value: 1 > + > +See: https://bugzilla.yoctoproject.org/show_bug.cgi?id=15178 > + > +Signed-off-by: Mikko Rapeli > +--- > + regress/banner.sh | 4 +++- > + 1 file changed, 3 insertions(+), 1 deletion(-) > + > +Upstream-Status: Denied > [https://github.com/openssh/openssh-portable/pull/437] > + > +diff --git a/regress/banner.sh b/regress/banner.sh > +index a84feb5a..de84957a 100644 > +--- a/regress/banner.sh > b/regress/banner.sh > +@@ -32,7 +32,9 @@ for s in 0 10 100 1000 1 10 ; do > + verbose "test $tid: size $s" > + ( ${SSH} -F $OBJ/ssh_proxy otherhost true 2>$OBJ/banner.out && \ > + cmp $OBJ/banner.in $OBJ/banner.out ) || \ > +- fail "banner size $s mismatch" > ++ ( verbose "Contents of $OBJ/banner.in:"; cat $OBJ/banner.in; \ > ++verbose "Contents of $OBJ/banner.out:"; cat > $OBJ/banner.out; \ > ++fail "banner size $s mismatch" ) > + done > + > + trace "test suppress banner (-q)" > +-- > +2.34.1 > + > diff --git a/meta/recipes-connectivity/openssh/openssh_9.4p1.bb > b/meta/recipes-connectivity/openssh/openssh_9.4p1.bb > index 2c85780e4d..1cf6937038 100644 > --- a/meta/recipes-connectivity/openssh/openssh_9.4p1.bb > +++ b/meta/recipes-connectivity/openssh/openssh_9.4p1.bb > @@ -25,6 +25,7 @@ SRC_URI = > "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar > file://sshd_check_keys \ > file://add-test-support-for-busybox.patch \ > > file://0001-openssh-regress-Makefile-print-logs-if-test-fails.patch \ > + > file://0001-regress-banner.sh-log-input-and-output-files-on-erro.patch \ > " > SRC_URI[sha256sum] = > "3608fd9088db2163ceb3e600c85ab79d0de3d221e59192ea1923e23263866a85" > > -- > 2.34.1 > > > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#187493): https://lists.openembedded.org/g/openembedded-core/message/187493 Mute This Topic: https://lists.openembedded.org/mt/101292700/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] cargo-c-native: fix version check
Signed-off-by: Alexander Kanavin --- meta/recipes-devtools/rust/cargo-c-native_0.9.18.bb | 1 + 1 file changed, 1 insertion(+) diff --git a/meta/recipes-devtools/rust/cargo-c-native_0.9.18.bb b/meta/recipes-devtools/rust/cargo-c-native_0.9.18.bb index 4f34f50ca90..44423b7aa87 100644 --- a/meta/recipes-devtools/rust/cargo-c-native_0.9.18.bb +++ b/meta/recipes-devtools/rust/cargo-c-native_0.9.18.bb @@ -11,6 +11,7 @@ SRC_URI = " \ git://github.com/lu-zero/cargo-c.git;branch=master;protocol=https \ file://0001-Add-Cargo.lock-file.patch \ " +UPSTREAM_CHECK_GITTAGREGEX = "v(?P.*)" SRCREV = "4eaf39ebbbc9ab8f092adf487d5b53435511d619" S = "${WORKDIR}/git" -- 2.30.2 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#187494): https://lists.openembedded.org/g/openembedded-core/message/187494 Mute This Topic: https://lists.openembedded.org/mt/101295319/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] bitbake.conf: Add IMAGE_BASENAME to SDK_NAME
When SPDX manifests are enabled for OE-Core, it hightlights that the SDK_NAME default isn't working well. Add IMAGE_BASENAME to it to help avoid conflicts between outut files. I suspect the defaults aren't working well and most distros are already overriding this. Signed-off-by: Richard Purdie --- meta/conf/bitbake.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/conf/bitbake.conf b/meta/conf/bitbake.conf index 69e854ecedc..8b264618745 100644 --- a/meta/conf/bitbake.conf +++ b/meta/conf/bitbake.conf @@ -459,7 +459,7 @@ PKGDATA_DIR_SDK = "${TMPDIR}/pkgdata/${SDK_SYS}" ## SDK_NAME_PREFIX ?= "oecore" -SDK_NAME = "${SDK_NAME_PREFIX}-${SDK_ARCH}-${TUNE_PKGARCH}" +SDK_NAME = "${SDK_NAME_PREFIX}-${IMAGE_BASENAME}-${SDK_ARCH}-${TUNE_PKGARCH}" SDKPATH = "/usr/local/oe-sdk-hardcoded-buildpath" SDKPATHNATIVE = "${SDKPATH}/sysroots/${SDK_SYS}" # The path to default to installing the SDK to -- 2.39.2 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#187495): https://lists.openembedded.org/g/openembedded-core/message/187495 Mute This Topic: https://lists.openembedded.org/mt/101295654/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] gettext: Add missing dependency on gawk autoconf
Needed for additional tests e.g. autopoint-1 which are otherwise skipped Make locale-base-de-de and locale-base-fr-fw rdep unconditional as musl-locales do provide these locales Signed-off-by: Khem Raj --- meta/recipes-core/gettext/gettext_0.22.bb | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/meta/recipes-core/gettext/gettext_0.22.bb b/meta/recipes-core/gettext/gettext_0.22.bb index 71e84521b0d..f5290ac0e44 100644 --- a/meta/recipes-core/gettext/gettext_0.22.bb +++ b/meta/recipes-core/gettext/gettext_0.22.bb @@ -182,7 +182,7 @@ do_install_ptest() { fi } -RDEPENDS:${PN}-ptest += "make xz bash" +RDEPENDS:${PN}-ptest += "make xz bash gawk autoconf locale-base-de-de locale-base-fr-fr" RDEPENDS:${PN}-ptest:append:libc-glibc = "\ glibc-gconv-big5 \ glibc-charmap-big5 \ @@ -202,8 +202,6 @@ RDEPENDS:${PN}-ptest:append:libc-glibc = "\ glibc-charmap-euc-jp \ glibc-gconv-gb18030 \ glibc-charmap-gb18030 \ -locale-base-de-de \ -locale-base-fr-fr \ " RRECOMMENDS:${PN}-ptest:append:libc-glibc = "\ -- 2.42.0 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#187496): https://lists.openembedded.org/g/openembedded-core/message/187496 Mute This Topic: https://lists.openembedded.org/mt/101297747/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] vim: Upgrade 9.0.1664 -> 9.0.1894
This includes multiple CVE fixes. The license change is due to changes in maintainership, the license itself is unchanged. Signed-off-by: Richard Purdie --- meta/recipes-support/vim/vim.inc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc index 8a399cd8028..5f55f590e65 100644 --- a/meta/recipes-support/vim/vim.inc +++ b/meta/recipes-support/vim/vim.inc @@ -10,7 +10,7 @@ DEPENDS = "ncurses gettext-native" RSUGGESTS:${PN} = "diffutils" LICENSE = "Vim" -LIC_FILES_CHKSUM = "file://LICENSE;md5=6b30ea4fa660c483b619924bc709ef99" +LIC_FILES_CHKSUM = "file://LICENSE;md5=d1a651ab770b45d41c0f8cb5a8ca930e" SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \ file://disable_acl_header_check.patch \ @@ -19,8 +19,8 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \ file://no-path-adjust.patch \ " -PV .= ".1664" -SRCREV = "8154e642aa476e1a5d3de66c34e8289845b2b797" +PV .= ".1894" +SRCREV = "e5f7cd0a60d0eeab84f7aeb35c13d3af7e50072e" # Do not consider .z in x.y.z, as that is updated with every commit UPSTREAM_CHECK_GITTAGREGEX = "(?P\d+\.\d+)\.0" -- 2.39.2 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#187497): https://lists.openembedded.org/g/openembedded-core/message/187497 Mute This Topic: https://lists.openembedded.org/mt/101302151/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell][PATCH] gdb: Fix CVE-2023-39128
From: Siddharth Doshi Note: The Fix needs to be pushed in gdb rather than bintuils-gdb as we are disabling gdb in binutils configure. Upstream-Status: Backport from [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=033bc52bb6190393c8eed80925fa78cc35b40c6d] CVE: CVE-2023-39128 Signed-off-by: Siddharth Doshi --- meta/recipes-devtools/gdb/gdb-9.1.inc | 1 + .../gdb/gdb/0012-CVE-2023-39128.patch | 75 +++ 2 files changed, 76 insertions(+) create mode 100644 meta/recipes-devtools/gdb/gdb/0012-CVE-2023-39128.patch diff --git a/meta/recipes-devtools/gdb/gdb-9.1.inc b/meta/recipes-devtools/gdb/gdb-9.1.inc index d019e6b384..212c554cf1 100644 --- a/meta/recipes-devtools/gdb/gdb-9.1.inc +++ b/meta/recipes-devtools/gdb/gdb-9.1.inc @@ -16,6 +16,7 @@ SRC_URI = "${GNU_MIRROR}/gdb/gdb-${PV}.tar.xz \ file://0009-resolve-restrict-keyword-conflict.patch \ file://0010-Fix-invalid-sigprocmask-call.patch \ file://0011-gdbserver-ctrl-c-handling.patch \ + file://0012-CVE-2023-39128.patch \ " SRC_URI[md5sum] = "f7e9f6236c425097d9e5f18a6ac40655" SRC_URI[sha256sum] = "699e0ec832fdd2f21c8266171ea5bf44024bd05164fdf064e4d10cc4cf0d1737" diff --git a/meta/recipes-devtools/gdb/gdb/0012-CVE-2023-39128.patch b/meta/recipes-devtools/gdb/gdb/0012-CVE-2023-39128.patch new file mode 100644 index 00..6445455bde --- /dev/null +++ b/meta/recipes-devtools/gdb/gdb/0012-CVE-2023-39128.patch @@ -0,0 +1,75 @@ +From 033bc52bb6190393c8eed80925fa78cc35b40c6d Mon Sep 17 00:00:00 2001 +From: Tom Tromey +Date: Wed, 16 Aug 2023 11:29:19 -0600 +Subject: [PATCH] Avoid buffer overflow in ada_decode + +A bug report pointed out a buffer overflow in ada_decode, which Keith +helpfully analyzed. ada_decode had a logic error when the input was +all digits. While this isn't valid -- and would probably only appear +in fuzzer tests -- it still should be handled properly. + +This patch adds a missing bounds check. Tested with the self-tests in +an asan build. + +Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=30639 +Reviewed-by: Keith Seitz + +Upstream-Status: Backport from [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=033bc52bb6190393c8eed80925fa78cc35b40c6d] +CVE: CVE-2023-39128 +Signed-off-by: Siddharth Doshi +--- + gdb/ada-lang.c | 19 ++- + 1 file changed, 18 insertions(+), 1 deletion(-) + +diff --git a/gdb/ada-lang.c b/gdb/ada-lang.c +index 0c2d4fc..40852b6 100644 +--- a/gdb/ada-lang.c b/gdb/ada-lang.c +@@ -56,6 +56,7 @@ + #include "cli/cli-utils.h" + #include "gdbsupport/function-view.h" + #include "gdbsupport/byte-vector.h" ++#include "gdbsupport/selftest.h" + #include + + /* Define whether or not the C operator '/' truncates towards zero for +@@ -1184,7 +1185,7 @@ ada_decode (const char *encoded) + i -= 1; + if (i > 1 && encoded[i] == '_' && encoded[i - 1] == '_') + len0 = i - 1; +- else if (encoded[i] == '$') ++ else if (i >= 0 && encoded[i] == '$') + len0 = i; + } + +@@ -1350,6 +1351,18 @@ Suppress: + + } + ++#ifdef GDB_SELF_TEST ++ ++static void ++ada_decode_tests () ++{ ++ /* This isn't valid, but used to cause a crash. PR gdb/30639. The ++ result does not really matter very much. */ ++ SELF_CHECK (ada_decode ("44") == "44"); ++} ++ ++#endif ++ + /* Table for keeping permanent unique copies of decoded names. Once +allocated, names in this table are never released. While this is a +storage leak, it should not be significant unless there are massive +@@ -14345,4 +14358,8 @@ DWARF attribute."), + gdb::observers::new_objfile.attach (ada_new_objfile_observer); + gdb::observers::free_objfile.attach (ada_free_objfile_observer); + gdb::observers::inferior_exit.attach (ada_inferior_exit); ++ ++#ifdef GDB_SELF_TEST ++ selftests::register_test ("ada-decode", ada_decode_tests); ++#endif + } +-- +2.24.4 + -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#187498): https://lists.openembedded.org/g/openembedded-core/message/187498 Mute This Topic: https://lists.openembedded.org/mt/101310159/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-