Re: [OE-core] [PATCH 4/4] package_rpm.bbclass: Support compression override
On 10/20/23 16:00, Richard Purdie wrote: As far as I could tell when we looked at this, the rpm world was moving over to zstd so adding in conditional xz support for a limited use case probably just creates a maintenance headache going forward as it isn't something we test or plan to test? I now submitted a v2 for your consideration, but assuming it still introduces a maintenance challenge for YP, we will look into other means to work around the issue. -Niko -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#189598): https://lists.openembedded.org/g/openembedded-core/message/189598 Mute This Topic: https://lists.openembedded.org/mt/102080114/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCHv2 4/4] package_rpm.bbclass: Allow compression mode override
From: Niko Mauno Commit 4a4d5f78a6962dda5f63e9891825c80a8a87bf66 ("package_rpm: use zstd instead of xz") changed the rpm package compressor from 'xz' to 'zstd' which results in decompression failure with BusyBox-provided 'rpm2cpio' applet and 'rpm' applet when given the '-i' (Install package) option: rpm2cpio: no gzip/bzip2/xz magic Introduce a variable which makes it possible to use a different compression mode, making it possible to override the default value for example like RPMBUILD_COMPMODE = "${@'w6T%d.xzdio' % int(d.getVar('XZ_THREADS'))}" to enable rpm decompression without including the full rpm package in the resulting root filesystem. Signed-off-by: Niko Mauno --- meta/classes-global/package_rpm.bbclass | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/meta/classes-global/package_rpm.bbclass b/meta/classes-global/package_rpm.bbclass index 246106ea4f..5d35962aff 100644 --- a/meta/classes-global/package_rpm.bbclass +++ b/meta/classes-global/package_rpm.bbclass @@ -10,6 +10,7 @@ IMAGE_PKGTYPE ?= "rpm" RPM = "rpm" RPMBUILD = "rpmbuild" +RPMBUILD_COMPMODE ?= "${@'w19T%d.zstdio' % int(d.getVar('ZSTD_THREADS'))}" PKGWRITEDIRRPM = "${WORKDIR}/deploy-rpms" @@ -659,6 +660,7 @@ python do_package_rpm () { # Setup the rpmbuild arguments... rpmbuild = d.getVar('RPMBUILD') +rpmbuild_compmode = d.getVar('RPMBUILD_COMPMODE') # Too many places in dnf stack assume that arch-independent packages are "noarch". # Let's not fight against this. @@ -682,8 +684,8 @@ python do_package_rpm () { cmd = cmd + " --define '_use_internal_dependency_generator 0'" cmd = cmd + " --define '_binaries_in_noarch_packages_terminate_build 0'" cmd = cmd + " --define '_build_id_links none'" -cmd = cmd + " --define '_binary_payload w19T%d.zstdio'" % int(d.getVar("ZSTD_THREADS")) -cmd = cmd + " --define '_source_payload w19T%d.zstdio'" % int(d.getVar("ZSTD_THREADS")) +cmd = cmd + " --define '_source_payload %s'" % rpmbuild_compmode +cmd = cmd + " --define '_binary_payload %s'" % rpmbuild_compmode cmd = cmd + " --define 'clamp_mtime_to_source_date_epoch 1'" cmd = cmd + " --define 'use_source_date_epoch_as_buildtime 1'" cmd = cmd + " --define '_buildhost reproducible'" -- 2.39.2 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#189597): https://lists.openembedded.org/g/openembedded-core/message/189597 Mute This Topic: https://lists.openembedded.org/mt/102102142/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCHv2 3/4] package_rpm.bbclass: Remove unused definitions
From: Niko Mauno Some local variables defined in do_package_rpm() are not referenced, so remove such dead code lines. Signed-off-by: Niko Mauno --- meta/classes-global/package_rpm.bbclass | 4 1 file changed, 4 deletions(-) diff --git a/meta/classes-global/package_rpm.bbclass b/meta/classes-global/package_rpm.bbclass index 402fa5c4e8..246106ea4f 100644 --- a/meta/classes-global/package_rpm.bbclass +++ b/meta/classes-global/package_rpm.bbclass @@ -633,7 +633,6 @@ python do_package_rpm () { workdir = d.getVar('WORKDIR') tmpdir = d.getVar('TMPDIR') pkgd = d.getVar('PKGD') -pkgdest = d.getVar('PKGDEST') if not workdir or not pkgd or not tmpdir: bb.error("Variables incorrectly set, unable to package") return @@ -660,8 +659,6 @@ python do_package_rpm () { # Setup the rpmbuild arguments... rpmbuild = d.getVar('RPMBUILD') -targetsys = d.getVar('TARGET_SYS') -targetvendor = d.getVar('HOST_VENDOR') # Too many places in dnf stack assume that arch-independent packages are "noarch". # Let's not fight against this. @@ -669,7 +666,6 @@ python do_package_rpm () { if package_arch == "all": package_arch = "noarch" -sdkpkgsuffix = (d.getVar('SDKPKGSUFFIX') or "nativesdk").replace("-", "_") d.setVar('PACKAGE_ARCH_EXTEND', package_arch) pkgwritedir = d.expand('${PKGWRITEDIRRPM}/${PACKAGE_ARCH_EXTEND}') d.setVar('RPM_PKGWRITEDIR', pkgwritedir) -- 2.39.2 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#189596): https://lists.openembedded.org/g/openembedded-core/message/189596 Mute This Topic: https://lists.openembedded.org/mt/102102139/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCHv2 2/4] package_rpm.bbclass: Minor cosmetic and style fixes
From: Niko Mauno Add the missing conventional space characters around bitbake variable assignment operators. Also fix a typo on a comment line. Signed-off-by: Niko Mauno --- meta/classes-global/package_rpm.bbclass | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/meta/classes-global/package_rpm.bbclass b/meta/classes-global/package_rpm.bbclass index 992446a033..402fa5c4e8 100644 --- a/meta/classes-global/package_rpm.bbclass +++ b/meta/classes-global/package_rpm.bbclass @@ -8,12 +8,12 @@ inherit package IMAGE_PKGTYPE ?= "rpm" -RPM="rpm" -RPMBUILD="rpmbuild" +RPM = "rpm" +RPMBUILD = "rpmbuild" PKGWRITEDIRRPM = "${WORKDIR}/deploy-rpms" -# Maintaining the perfile dependencies has singificant overhead when writing the +# Maintaining the perfile dependencies has significant overhead when writing the # packages. When set, this value merges them for efficiency. MERGEPERFILEDEPS = "1" -- 2.39.2 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#189595): https://lists.openembedded.org/g/openembedded-core/message/189595 Mute This Topic: https://lists.openembedded.org/mt/102102138/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCHv2 1/4] package_rpm.bbclass: Fix some pycodestyle issues
From: Niko Mauno Fix following subset of observations reported by version 2.10.0 of pycodestyle utility: meta/classes-global/package_rpm.bbclass:65:46: E231 missing whitespace after ',' meta/classes-global/package_rpm.bbclass:66:46: E231 missing whitespace after ',' meta/classes-global/package_rpm.bbclass:107:19: E231 missing whitespace after ',' meta/classes-global/package_rpm.bbclass:109:69: E202 whitespace before ')' meta/classes-global/package_rpm.bbclass:122:103: W291 trailing whitespace meta/classes-global/package_rpm.bbclass:194:74: W291 trailing whitespace meta/classes-global/package_rpm.bbclass:448:16: E713 test for membership should be 'not in' meta/classes-global/package_rpm.bbclass:450:16: E713 test for membership should be 'not in' meta/classes-global/package_rpm.bbclass:520:1: W293 blank line contains whitespace meta/classes-global/package_rpm.bbclass:521:15: E231 missing whitespace after ',' meta/classes-global/package_rpm.bbclass:542:12: E713 test for membership should be 'not in' meta/classes-global/package_rpm.bbclass:544:12: E713 test for membership should be 'not in' meta/classes-global/package_rpm.bbclass:647:67: W291 trailing whitespace Signed-off-by: Niko Mauno --- meta/classes-global/package_rpm.bbclass | 26 - 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/meta/classes-global/package_rpm.bbclass b/meta/classes-global/package_rpm.bbclass index 85d0bd7fce..992446a033 100644 --- a/meta/classes-global/package_rpm.bbclass +++ b/meta/classes-global/package_rpm.bbclass @@ -62,8 +62,8 @@ def write_rpm_perfiledata(srcname, d): for dep in depends_dict: ver = depends_dict[dep] if dep and ver: -ver = ver.replace("(","") -ver = ver.replace(")","") +ver = ver.replace("(", "") +ver = ver.replace(")", "") outfile.write(dep + " " + ver + " ") else: outfile.write(dep + " ") @@ -104,9 +104,9 @@ python write_specfile () { import oe.packagedata # append information for logs and patches to %prep -def add_prep(d,spec_files_bottom): +def add_prep(d, spec_files_bottom): if d.getVarFlag('ARCHIVER_MODE', 'srpm') == '1' and bb.data.inherits_class('archiver', d): -spec_files_bottom.append('%%prep -n %s' % d.getVar('PN') ) +spec_files_bottom.append('%%prep -n %s' % d.getVar('PN')) spec_files_bottom.append('%s' % "echo \"include logs and patches, Please check them in SOURCES\"") spec_files_bottom.append('') @@ -119,7 +119,7 @@ python write_specfile () { source_list = os.listdir(ar_outdir) source_number = 0 for source in source_list: -# do_deploy_archives may have already run (from sstate) meaning a .src.rpm may already +# do_deploy_archives may have already run (from sstate) meaning a .src.rpm may already # exist in ARCHIVER_OUTDIR so skip if present. if source.endswith(".src.rpm"): continue @@ -191,7 +191,7 @@ python write_specfile () { def walk_files(walkpath, target, conffiles, dirfiles): # We can race against the ipk/deb backends which create CONTROL or DEBIAN directories -# when packaging. We just ignore these files which are created in +# when packaging. We just ignore these files which are created in # packages-split/ and not package/ # We have the odd situation where the CONTROL/DEBIAN directory can be removed in the middle of # of the walk, the isdir() test would then fail and the walk code would assume its a file @@ -445,9 +445,9 @@ python write_specfile () { rprovides = bb.utils.explode_dep_versions2(splitrprovides) rreplaces = bb.utils.explode_dep_versions2(splitrreplaces) for dep in rreplaces: -if not dep in robsoletes: +if dep not in robsoletes: robsoletes[dep] = rreplaces[dep] -if not dep in rprovides: +if dep not in rprovides: rprovides[dep] = rreplaces[dep] splitrobsoletes = bb.utils.join_deps(robsoletes, commasep=False) splitrprovides = bb.utils.join_deps(rprovides, commasep=False) @@ -517,8 +517,8 @@ python write_specfile () { spec_files_bottom.append('') del localdata - -add_prep(d,spec_files_bottom) + +add_prep(d, spec_files_bottom) spec_preamble_top.append('Summary: %s' % srcsummary) spec_preamble_top.append('Name: %s' % srcname) spec_preamble_top.append('Version: %s' % srcversion) @@ -539,9 +539,9 @@ python write_specfile () { rprovides = bb.utils.explode_dep_versions2(srcrprovides) rreplaces = bb.utils.explode_dep_versions2(srcrrep
[OE-core][kirkstone 6/6] vim: Upgrade 9.0.2009 -> 9.0.2048
From: Siddharth Doshi This includes CVE fix for CVE-2023-5535. Signed-off-by: Siddharth Doshi Signed-off-by: Steve Sakoman --- meta/recipes-support/vim/vim.inc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc index 5e06866692..58025828f2 100644 --- a/meta/recipes-support/vim/vim.inc +++ b/meta/recipes-support/vim/vim.inc @@ -19,8 +19,8 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \ file://no-path-adjust.patch \ " -PV .= ".2009" -SRCREV = "54844857fd6933fa4f6678e47610c4b9c9f7a091" +PV .= ".2048" +SRCREV = "982ef16059bd163a77271107020defde0740bbd6" # Do not consider .z in x.y.z, as that is updated with every commit UPSTREAM_CHECK_GITTAGREGEX = "(?P\d+\.\d+)\.0" -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#189593): https://lists.openembedded.org/g/openembedded-core/message/189593 Mute This Topic: https://lists.openembedded.org/mt/102101677/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 5/6] libx11: Security Fix for CVE-2023-43785, CVE-2023-43786 and CVE-2023-43787
From: Siddharth Doshi CVE's Fixed: CVE-2023-43785: libX11: out-of-bounds memory access in _XkbReadKeySyms() CVE-2023-43786: libX11: stack exhaustion from infinite recursion in PutSubImage() CVE-2023-43787: libX11: integer overflow in XCreateImage() leading to a heap overflow Signed-off-by: Siddharth Doshi Signed-off-by: Steve Sakoman --- .../xorg-lib/libx11/CVE-2023-43785.patch | 62 ++ .../xorg-lib/libx11/CVE-2023-43786-0001.patch | 41 .../xorg-lib/libx11/CVE-2023-43786-0002.patch | 45 + .../xorg-lib/libx11/CVE-2023-43786-0003.patch | 51 +++ .../xorg-lib/libx11/CVE-2023-43787.patch | 63 +++ .../xorg-lib/libx11_1.7.3.1.bb| 5 ++ 6 files changed, 267 insertions(+) create mode 100644 meta/recipes-graphics/xorg-lib/libx11/CVE-2023-43785.patch create mode 100644 meta/recipes-graphics/xorg-lib/libx11/CVE-2023-43786-0001.patch create mode 100644 meta/recipes-graphics/xorg-lib/libx11/CVE-2023-43786-0002.patch create mode 100644 meta/recipes-graphics/xorg-lib/libx11/CVE-2023-43786-0003.patch create mode 100644 meta/recipes-graphics/xorg-lib/libx11/CVE-2023-43787.patch diff --git a/meta/recipes-graphics/xorg-lib/libx11/CVE-2023-43785.patch b/meta/recipes-graphics/xorg-lib/libx11/CVE-2023-43785.patch new file mode 100644 index 00..64f8776cc9 --- /dev/null +++ b/meta/recipes-graphics/xorg-lib/libx11/CVE-2023-43785.patch @@ -0,0 +1,62 @@ +From 6858d468d9ca55fb4c5fd70b223dbc78a3358a7f Mon Sep 17 00:00:00 2001 +From: Alan Coopersmith +Date: Sun, 17 Sep 2023 14:19:40 -0700 +Subject: [PATCH] CVE-2023-43785: out-of-bounds memory access in + _XkbReadKeySyms() + +Make sure we allocate enough memory in the first place, and +also handle error returns from _XkbReadBufferCopyKeySyms() when +it detects out-of-bounds issues. + +Reported-by: Gregory James DUCK +Signed-off-by: Alan Coopersmith + +Upstream-Status: Backport from [https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/6858d468d9ca55fb4c5fd70b223dbc78a3358a7f] +CVE: CVE-2023-43785 +Signed-off-by: Siddharth Doshi +--- + src/xkb/XKBGetMap.c | 14 +- + 1 file changed, 9 insertions(+), 5 deletions(-) + +diff --git a/src/xkb/XKBGetMap.c b/src/xkb/XKBGetMap.c +index 2891d21..31199e4 100644 +--- a/src/xkb/XKBGetMap.c b/src/xkb/XKBGetMap.c +@@ -182,7 +182,8 @@ _XkbReadKeySyms(XkbReadBufferPtr buf, XkbDescPtr xkb, xkbGetMapReply *rep) + if (offset + newMap->nSyms >= map->size_syms) { + register int sz; + +-sz = map->size_syms + 128; ++sz = offset + newMap->nSyms; ++sz = ((sz + (unsigned) 128) / 128) * 128; + _XkbResizeArray(map->syms, map->size_syms, sz, KeySym); + if (map->syms == NULL) { + map->size_syms = 0; +@@ -191,8 +192,9 @@ _XkbReadKeySyms(XkbReadBufferPtr buf, XkbDescPtr xkb, xkbGetMapReply *rep) + map->size_syms = sz; + } + if (newMap->nSyms > 0) { +-_XkbReadBufferCopyKeySyms(buf, (KeySym *) &map->syms[offset], +- newMap->nSyms); ++if (_XkbReadBufferCopyKeySyms(buf, (KeySym *) &map->syms[offset], ++ newMap->nSyms) == 0) ++return BadLength; + offset += newMap->nSyms; + } + else { +@@ -222,8 +224,10 @@ _XkbReadKeySyms(XkbReadBufferPtr buf, XkbDescPtr xkb, xkbGetMapReply *rep) + newSyms = XkbResizeKeySyms(xkb, i + rep->firstKeySym, tmp); + if (newSyms == NULL) + return BadAlloc; +-if (newMap->nSyms > 0) +-_XkbReadBufferCopyKeySyms(buf, newSyms, newMap->nSyms); ++if (newMap->nSyms > 0) { ++if (_XkbReadBufferCopyKeySyms(buf, newSyms, newMap->nSyms) == 0) ++return BadLength; ++} + else + newSyms[0] = NoSymbol; + oldMap->kt_index[0] = newMap->ktIndex[0]; +-- +2.35.7 + diff --git a/meta/recipes-graphics/xorg-lib/libx11/CVE-2023-43786-0001.patch b/meta/recipes-graphics/xorg-lib/libx11/CVE-2023-43786-0001.patch new file mode 100644 index 00..db5b7067aa --- /dev/null +++ b/meta/recipes-graphics/xorg-lib/libx11/CVE-2023-43786-0001.patch @@ -0,0 +1,41 @@ +From 204c3393c4c90a29ed6bef64e43849536e863a86 Mon Sep 17 00:00:00 2001 +From: Alan Coopersmith +Date: Thu, 7 Sep 2023 15:54:30 -0700 +Subject: [PATCH] CVE-2023-43786: stack exhaustion from infinite recursion in + PutSubImage() + +When splitting a single line of pixels into chunks to send to the +X server, be sure to take into account the number of bits per pixel, +so we don't just loop forever trying to send more pixels than fit in +the given request size and not breaking them down into a small enough +chunk to fix. + +Fixes: "almost complete rewrite" (Dec. 12, 198
[OE-core][kirkstone 4/6] linux-firmware: upgrade 20230625 -> 20230804
From: Meenali Gupta License-Update: additional firmwares upgrade include fix for CVE-2023-20569 CVE-2022-40982 CVE-2023-20593 Changelog: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/ References: https://nvd.nist.gov/vuln/detail/CVE-2023-20569 https://nvd.nist.gov/vuln/detail/CVE-2022-40982 https://nvd.nist.gov/vuln/detail/CVE-2023-20593 Signed-off-by: Meenali Gupta Signed-off-by: Steve Sakoman --- ...{linux-firmware_20230625.bb => linux-firmware_20230804.bb} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename meta/recipes-kernel/linux-firmware/{linux-firmware_20230625.bb => linux-firmware_20230804.bb} (99%) diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_20230625.bb b/meta/recipes-kernel/linux-firmware/linux-firmware_20230804.bb similarity index 99% rename from meta/recipes-kernel/linux-firmware/linux-firmware_20230625.bb rename to meta/recipes-kernel/linux-firmware/linux-firmware_20230804.bb index 6765226b9d..4defab434d 100644 --- a/meta/recipes-kernel/linux-firmware/linux-firmware_20230625.bb +++ b/meta/recipes-kernel/linux-firmware/linux-firmware_20230804.bb @@ -134,7 +134,7 @@ LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \ " # WHENCE checksum is defined separately to ease overriding it if # class-devupstream is selected. -WHENCE_CHKSUM = "57bf874056926f12aec2405d3fc390d9" +WHENCE_CHKSUM = "41f9a48bf27971b126a36f9344594dcd" # These are not common licenses, set NO_GENERIC_LICENSE for them # so that the license files will be copied from fetched source @@ -212,7 +212,7 @@ SRC_URI:class-devupstream = "git://git.kernel.org/pub/scm/linux/kernel/git/firmw # Pin this to the 20220509 release, override this in local.conf SRCREV:class-devupstream ?= "b19cbdca78ab2adfd210c91be15a22568e8b8cae" -SRC_URI[sha256sum] = "87597111c0d4b71b31e53cb85a92c386921b84c825a402db8c82e0e86015500d" +SRC_URI[sha256sum] = "88d46c543847ee3b03404d4941d91c92974690ee1f6fdcbee9cef3e5f97db688" inherit allarch -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#189591): https://lists.openembedded.org/g/openembedded-core/message/189591 Mute This Topic: https://lists.openembedded.org/mt/102101674/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 3/6] zlib: patch CVE-2023-45853
From: Peter Marko Backport commit merged to develop branch from PR linked in NVD report: * https://nvd.nist.gov/vuln/detail/CVE-2023-45853 * https://github.com/madler/zlib/pull/843 Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- .../zlib/zlib/CVE-2023-45853.patch| 42 +++ meta/recipes-core/zlib/zlib_1.2.11.bb | 1 + 2 files changed, 43 insertions(+) create mode 100644 meta/recipes-core/zlib/zlib/CVE-2023-45853.patch diff --git a/meta/recipes-core/zlib/zlib/CVE-2023-45853.patch b/meta/recipes-core/zlib/zlib/CVE-2023-45853.patch new file mode 100644 index 00..ba3709249b --- /dev/null +++ b/meta/recipes-core/zlib/zlib/CVE-2023-45853.patch @@ -0,0 +1,42 @@ +From 73331a6a0481067628f065ffe87bb1d8f787d10c Mon Sep 17 00:00:00 2001 +From: Hans Wennborg +Date: Fri, 18 Aug 2023 11:05:33 +0200 +Subject: [PATCH] Reject overflows of zip header fields in minizip. + +This checks the lengths of the file name, extra field, and comment +that would be put in the zip headers, and rejects them if they are +too long. They are each limited to 65535 bytes in length by the zip +format. This also avoids possible buffer overflows if the provided +fields are too long. + +CVE: CVE-2023-45853 +Upstream-Status: Backport [https://github.com/madler/zlib/commit/73331a6a0481067628f065ffe87bb1d8f787d10c] + +Signed-off-by: Peter Marko + +--- + contrib/minizip/zip.c | 11 +++ + 1 file changed, 11 insertions(+) + +diff --git a/contrib/minizip/zip.c b/contrib/minizip/zip.c +index 3d3d4cadd..0446109b2 100644 +--- a/contrib/minizip/zip.c b/contrib/minizip/zip.c +@@ -1043,6 +1043,17 @@ extern int ZEXPORT zipOpenNewFileInZip4_64(zipFile file, const char* filename, c + return ZIP_PARAMERROR; + #endif + ++// The filename and comment length must fit in 16 bits. ++if ((filename!=NULL) && (strlen(filename)>0x)) ++return ZIP_PARAMERROR; ++if ((comment!=NULL) && (strlen(comment)>0x)) ++return ZIP_PARAMERROR; ++// The extra field length must fit in 16 bits. If the member also requires ++// a Zip64 extra block, that will also need to fit within that 16-bit ++// length, but that will be checked for later. ++if ((size_extrafield_local>0x) || (size_extrafield_global>0x)) ++return ZIP_PARAMERROR; ++ + zi = (zip64_internal*)file; + + if (zi->in_opened_file_inzip == 1) diff --git a/meta/recipes-core/zlib/zlib_1.2.11.bb b/meta/recipes-core/zlib/zlib_1.2.11.bb index f768b41988..d75474dcb6 100644 --- a/meta/recipes-core/zlib/zlib_1.2.11.bb +++ b/meta/recipes-core/zlib/zlib_1.2.11.bb @@ -12,6 +12,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/libpng/${BPN}/${PV}/${BPN}-${PV}.tar.xz \ file://CVE-2018-25032.patch \ file://run-ptest \ file://CVE-2022-37434.patch \ + file://CVE-2023-45853.patch \ " UPSTREAM_CHECK_URI = "http://zlib.net/"; -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#189590): https://lists.openembedded.org/g/openembedded-core/message/189590 Mute This Topic: https://lists.openembedded.org/mt/102101672/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 2/6] gawk: backport Debian patch to fix CVE-2023-4156
From: Vijay Anusuri Upstream-Status: Backport [https://git.launchpad.net/ubuntu/+source/gawk/tree/debian/patches?h=ubuntu/jammy-security & https://git.savannah.gnu.org/gitweb/?p=gawk.git;a=commitdiff;h=e709eb829448ce040087a3fc5481db6bfcaae212] Signed-off-by: Vijay Anusuri Signed-off-by: Steve Sakoman --- .../gawk/gawk/CVE-2023-4156.patch | 28 +++ meta/recipes-extended/gawk/gawk_5.1.1.bb | 1 + 2 files changed, 29 insertions(+) create mode 100644 meta/recipes-extended/gawk/gawk/CVE-2023-4156.patch diff --git a/meta/recipes-extended/gawk/gawk/CVE-2023-4156.patch b/meta/recipes-extended/gawk/gawk/CVE-2023-4156.patch new file mode 100644 index 00..bc157d6afb --- /dev/null +++ b/meta/recipes-extended/gawk/gawk/CVE-2023-4156.patch @@ -0,0 +1,28 @@ +From e709eb829448ce040087a3fc5481db6bfcaae212 Mon Sep 17 00:00:00 2001 +From: "Arnold D. Robbins" +Date: Wed, 3 Aug 2022 13:00:54 +0300 +Subject: [PATCH] Smal bug fix in builtin.c. + +Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/gawk/tree/debian/patches/CVE-2023-4156.patch?h=ubuntu/jammy-security +Upstream commit https://git.savannah.gnu.org/gitweb/?p=gawk.git;a=commitdiff;h=e709eb829448ce040087a3fc5481db6bfcaae212] +CVE: CVE-2023-4156 +Signed-off-by: Vijay Anusuri +--- + ChangeLog | 6 ++ + builtin.c | 5 - + 2 files changed, 10 insertions(+), 1 deletion(-) + +--- gawk-5.1.0.orig/builtin.c gawk-5.1.0/builtin.c +@@ -957,7 +957,10 @@ check_pos: + s1++; + n0--; + } +- if (val >= num_args) { ++ // val could be less than zero if someone provides a field width ++ // so large that it causes integer overflow. Mainly fuzzers do this, ++ // but let's try to be good anyway. ++ if (val < 0 || val >= num_args) { + toofew = true; + break; + } diff --git a/meta/recipes-extended/gawk/gawk_5.1.1.bb b/meta/recipes-extended/gawk/gawk_5.1.1.bb index fe339805d0..0b0d0897bc 100644 --- a/meta/recipes-extended/gawk/gawk_5.1.1.bb +++ b/meta/recipes-extended/gawk/gawk_5.1.1.bb @@ -18,6 +18,7 @@ PACKAGECONFIG[mpfr] = "--with-mpfr,--without-mpfr, mpfr" SRC_URI = "${GNU_MIRROR}/gawk/gawk-${PV}.tar.gz \ file://remove-sensitive-tests.patch \ file://run-ptest \ + file://CVE-2023-4156.patch \ " SRC_URI[sha256sum] = "6168d8d1dc8f74bd17d9dc22fa9634c49070f232343b744901da15fb4f06bffd" -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#189589): https://lists.openembedded.org/g/openembedded-core/message/189589 Mute This Topic: https://lists.openembedded.org/mt/102101671/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 1/6] qemu: ignore RHEL specific CVE-2023-2680
From: Lee Chee Yang Signed-off-by: Lee Chee Yang Signed-off-by: Steve Sakoman --- meta/recipes-devtools/qemu/qemu.inc | 4 1 file changed, 4 insertions(+) diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc index 5526eacb96..83bd5d7e67 100644 --- a/meta/recipes-devtools/qemu/qemu.inc +++ b/meta/recipes-devtools/qemu/qemu.inc @@ -125,6 +125,10 @@ CVE_CHECK_IGNORE += "CVE-2018-18438" # this bug related to windows specific. CVE_CHECK_IGNORE += "CVE-2023-0664" +# As per https://bugzilla.redhat.com/show_bug.cgi?id=2203387 +# RHEL specific issue +CVE_CHECK_IGNORE += "CVE-2023-2680" + COMPATIBLE_HOST:mipsarchn32 = "null" COMPATIBLE_HOST:mipsarchn64 = "null" COMPATIBLE_HOST:riscv32 = "null" -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#189588): https://lists.openembedded.org/g/openembedded-core/message/189588 Mute This Topic: https://lists.openembedded.org/mt/102101670/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 0/6] Patch review
Please review this set of changes for kirkstone and have comments back by end of day Tuesday, October 24 Passed a-full on autobuilder: https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6084 The following changes since commit 5570e49791b770271f176a4deeb5f6f1a028cb4a: uboot-extlinux-config.bbclass: fix missed override syntax migration (2023-10-17 12:19:37 -1000) are available in the Git repository at: https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut Lee Chee Yang (1): qemu: ignore RHEL specific CVE-2023-2680 Meenali Gupta (1): linux-firmware: upgrade 20230625 -> 20230804 Peter Marko (1): zlib: patch CVE-2023-45853 Siddharth Doshi (2): libx11: Security Fix for CVE-2023-43785, CVE-2023-43786 and CVE-2023-43787 vim: Upgrade 9.0.2009 -> 9.0.2048 Vijay Anusuri (1): gawk: backport Debian patch to fix CVE-2023-4156 .../zlib/zlib/CVE-2023-45853.patch| 42 + meta/recipes-core/zlib/zlib_1.2.11.bb | 1 + meta/recipes-devtools/qemu/qemu.inc | 4 ++ .../gawk/gawk/CVE-2023-4156.patch | 28 + meta/recipes-extended/gawk/gawk_5.1.1.bb | 1 + .../xorg-lib/libx11/CVE-2023-43785.patch | 62 ++ .../xorg-lib/libx11/CVE-2023-43786-0001.patch | 41 .../xorg-lib/libx11/CVE-2023-43786-0002.patch | 45 + .../xorg-lib/libx11/CVE-2023-43786-0003.patch | 51 +++ .../xorg-lib/libx11/CVE-2023-43787.patch | 63 +++ .../xorg-lib/libx11_1.7.3.1.bb| 5 ++ ...20230625.bb => linux-firmware_20230804.bb} | 4 +- meta/recipes-support/vim/vim.inc | 4 +- 13 files changed, 347 insertions(+), 4 deletions(-) create mode 100644 meta/recipes-core/zlib/zlib/CVE-2023-45853.patch create mode 100644 meta/recipes-extended/gawk/gawk/CVE-2023-4156.patch create mode 100644 meta/recipes-graphics/xorg-lib/libx11/CVE-2023-43785.patch create mode 100644 meta/recipes-graphics/xorg-lib/libx11/CVE-2023-43786-0001.patch create mode 100644 meta/recipes-graphics/xorg-lib/libx11/CVE-2023-43786-0002.patch create mode 100644 meta/recipes-graphics/xorg-lib/libx11/CVE-2023-43786-0003.patch create mode 100644 meta/recipes-graphics/xorg-lib/libx11/CVE-2023-43787.patch rename meta/recipes-kernel/linux-firmware/{linux-firmware_20230625.bb => linux-firmware_20230804.bb} (99%) -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#189587): https://lists.openembedded.org/g/openembedded-core/message/189587 Mute This Topic: https://lists.openembedded.org/mt/102101667/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH 2/2] selftest/sstatetests: add a test for CDN sstate cache
Right, I omitted the printdiff tests and that created a conflict with master. I resent a version that's rebased directly on that. Alex On Sat, 21 Oct 2023 at 00:58, Alexandre Belloni wrote: > > Hello Alex, > > This doesn't apply cleanly, it seems the context is from another series. > > On 20/10/2023 19:12:32+0200, Alexander Kanavin wrote: > > Specifically, the test checks that everything needed for building > > standard oe-core images for x86_64 and arm64 is available from > > the cache (with minor exceptions). Going forward, a complete > > world check could be enabled and additional configurations, > > but that requires improvements to performance of hash equivalence > > server in particular. > > > > Signed-off-by: Alexander Kanavin > > --- > > meta/lib/oeqa/selftest/cases/sstatetests.py | 47 + > > 1 file changed, 47 insertions(+) > > > > diff --git a/meta/lib/oeqa/selftest/cases/sstatetests.py > > b/meta/lib/oeqa/selftest/cases/sstatetests.py > > index 6ef339897bf..e392d6a1a63 100644 > > --- a/meta/lib/oeqa/selftest/cases/sstatetests.py > > +++ b/meta/lib/oeqa/selftest/cases/sstatetests.py > > @@ -14,6 +14,7 @@ import re > > > > from oeqa.utils.commands import runCmd, bitbake, get_bb_var, > > create_temp_layer, get_bb_vars > > from oeqa.selftest.case import OESelftestTestCase > > +from oeqa.core.decorator import OETestTag > > > > import oe > > import bb.siggen > > @@ -879,3 +880,49 @@ expected_sametmp_output, expected_difftmp_output) > > INHERIT += "base-do-configure-modified" > > """, > > expected_sametmp_output, expected_difftmp_output) > > + > > +@OETestTag("yocto-mirrors") > > +class SStateMirrors(SStateBase): > > +def check_bb_output(self, output, exceptions): > > +in_tasks = False > > +missing_objects = [] > > +for l in output.splitlines(): > > +if "The differences between the current build and any cached > > tasks start at the following tasks" in l: > > +in_tasks = True > > +continue > > +if "Writing task signature files" in l: > > +in_tasks = False > > +continue > > +if in_tasks: > > +recipe_task = l.split("/")[-1] > > +recipe, task = recipe_task.split(":") > > +for e in exceptions: > > +if e[0] in recipe and task == e[1]: > > +break > > +else: > > +missing_objects.append(recipe_task) > > +self.assertTrue(len(missing_objects) == 0, "Missing objects in the > > cache:\n{}".format("\n".join(missing_objects))) > > + > > + > > +def run_test_cdn_mirror(self, machine, targets, exceptions): > > +exceptions = exceptions + [[t, "do_deploy_source_date_epoch"] for > > t in targets.split()] > > +exceptions = exceptions + [[t, "do_image_qa"] for t in > > targets.split()] > > +self.config_sstate(True) > > +self.append_config(""" > > +MACHINE = "{}" > > +BB_HASHSERVE_UPSTREAM = "hashserv.yocto.io:8687" > > +SSTATE_MIRRORS ?= "file://.* > > http://cdn.jsdelivr.net/yocto/sstate/all/PATH;downloadfilename=PATH"; > > +""".format(machine)) > > +result = bitbake("-S printdiff {}".format(targets)) > > +self.check_bb_output(result.output, exceptions) > > + > > +def test_cdn_mirror_qemux86_64(self): > > +# Example: > > +# exceptions = [ ["packagegroup-core-sdk","do_package"] ] > > +exceptions = [] > > +self.run_test_cdn_mirror("qemux86-64", "core-image-minimal > > core-image-full-cmdline core-image-weston core-image-sato-sdk", exceptions) > > + > > +def test_cdn_mirror_qemuarm64(self): > > +exceptions = [] > > +# core-image-weston isn't produced for arm64 currently > > +self.run_test_cdn_mirror("qemuarm64", "core-image-minimal > > core-image-full-cmdline core-image-sato-sdk", exceptions) > > -- > > 2.39.2 > > > > > > > > > > > > -- > Alexandre Belloni, co-owner and COO, Bootlin > Embedded Linux and Kernel engineering > https://bootlin.com -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#189586): https://lists.openembedded.org/g/openembedded-core/message/189586 Mute This Topic: https://lists.openembedded.org/mt/102085736/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 1/2] lib/oe/sstatesig.py: dump locked.sigs.inc only when explicitly asked via -S lockedsigs
This was writing out locked-sigs.inc into cwd with every 'bitbake -S' invocation. When the intent is only to to get task stamps (-S none), or print the difference between them (-S printdiff), the file is unnecessary clutter. A couple of selftests/scripts were however relying on this, so they're adjusted to explicitly request the file. eSDK code calls dump_lockedsigs() separately via oe.copy_buildsystem.generate_locked_sigs() and so isn't affected. Signed-off-by: Alexander Kanavin --- meta/lib/oe/sstatesig.py | 7 --- meta/lib/oeqa/selftest/cases/archiver.py | 2 +- meta/lib/oeqa/selftest/cases/signing.py | 2 +- scripts/lib/checklayer/__init__.py | 2 +- 4 files changed, 7 insertions(+), 6 deletions(-) diff --git a/meta/lib/oe/sstatesig.py b/meta/lib/oe/sstatesig.py index 42e13a8c800..e250f51c124 100644 --- a/meta/lib/oe/sstatesig.py +++ b/meta/lib/oe/sstatesig.py @@ -142,9 +142,10 @@ class SignatureGeneratorOEBasicHashMixIn(object): super().set_taskdata(data[3:]) def dump_sigs(self, dataCache, options): -sigfile = os.getcwd() + "/locked-sigs.inc" -bb.plain("Writing locked sigs to %s" % sigfile) -self.dump_lockedsigs(sigfile) +if 'lockedsigs' in options: +sigfile = os.getcwd() + "/locked-sigs.inc" +bb.plain("Writing locked sigs to %s" % sigfile) +self.dump_lockedsigs(sigfile) return super(bb.siggen.SignatureGeneratorBasicHash, self).dump_sigs(dataCache, options) diff --git a/meta/lib/oeqa/selftest/cases/archiver.py b/meta/lib/oeqa/selftest/cases/archiver.py index 3fa59fff510..3cb888c5067 100644 --- a/meta/lib/oeqa/selftest/cases/archiver.py +++ b/meta/lib/oeqa/selftest/cases/archiver.py @@ -141,7 +141,7 @@ class Archiver(OESelftestTestCase): pn = 'gcc-source-%s' % get_bb_vars(['PV'], 'gcc')['PV'] # Generate the tasks signatures -bitbake('mc:mc1:%s mc:mc2:%s -c %s -S none' % (pn, pn, task)) +bitbake('mc:mc1:%s mc:mc2:%s -c %s -S lockedsigs' % (pn, pn, task)) # Check the tasks signatures # To be machine agnostic the tasks needs to generate the same signature for each machine diff --git a/meta/lib/oeqa/selftest/cases/signing.py b/meta/lib/oeqa/selftest/cases/signing.py index 322e753ed3b..18cce0ba258 100644 --- a/meta/lib/oeqa/selftest/cases/signing.py +++ b/meta/lib/oeqa/selftest/cases/signing.py @@ -191,7 +191,7 @@ class LockedSignatures(OESelftestTestCase): bitbake(test_recipe) # Generate locked sigs include file -bitbake('-S none %s' % test_recipe) +bitbake('-S lockedsigs %s' % test_recipe) feature = 'require %s\n' % locked_sigs_file feature += 'SIGGEN_LOCKEDSIGS_TASKSIG_CHECK = "warn"\n' diff --git a/scripts/lib/checklayer/__init__.py b/scripts/lib/checklayer/__init__.py index 0a0db2f02ac..8271ed7fe3b 100644 --- a/scripts/lib/checklayer/__init__.py +++ b/scripts/lib/checklayer/__init__.py @@ -307,7 +307,7 @@ def get_signatures(builddir, failsafe=False, machine=None, extravars=None): cmd += 'bitbake ' if failsafe: cmd += '-k ' -cmd += '-S none world' +cmd += '-S lockedsigs world' sigs_file = os.path.join(builddir, 'locked-sigs.inc') if os.path.exists(sigs_file): os.unlink(sigs_file) -- 2.39.2 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#189584): https://lists.openembedded.org/g/openembedded-core/message/189584 Mute This Topic: https://lists.openembedded.org/mt/102085735/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 2/2] selftest/sstatetests: add a test for CDN sstate cache
Specifically, the test checks that everything needed for building standard oe-core images for x86_64 and arm64 is available from the cache (with minor exceptions). Going forward, a complete world check could be enabled and additional configurations, but that requires improvements to performance of hash equivalence server in particular. Signed-off-by: Alexander Kanavin --- meta/lib/oeqa/selftest/cases/sstatetests.py | 47 + 1 file changed, 47 insertions(+) diff --git a/meta/lib/oeqa/selftest/cases/sstatetests.py b/meta/lib/oeqa/selftest/cases/sstatetests.py index bdad9088d37..1b470453c6e 100644 --- a/meta/lib/oeqa/selftest/cases/sstatetests.py +++ b/meta/lib/oeqa/selftest/cases/sstatetests.py @@ -14,6 +14,7 @@ import re from oeqa.utils.commands import runCmd, bitbake, get_bb_var, create_temp_layer, get_bb_vars from oeqa.selftest.case import OESelftestTestCase +from oeqa.core.decorator import OETestTag import oe import bb.siggen @@ -773,3 +774,49 @@ addtask tmptask2 before do_tmptask1 latestfiles = sorted(filedates.keys(), key=lambda f: filedates[f])[-2:] bb.siggen.compare_sigfiles(latestfiles[-2], latestfiles[-1], recursecb) self.assertEqual(recursecb_count,1) + +@OETestTag("yocto-mirrors") +class SStateMirrors(SStateBase): +def check_bb_output(self, output, exceptions): +in_tasks = False +missing_objects = [] +for l in output.splitlines(): +if "The differences between the current build and any cached tasks start at the following tasks" in l: +in_tasks = True +continue +if "Writing task signature files" in l: +in_tasks = False +continue +if in_tasks: +recipe_task = l.split("/")[-1] +recipe, task = recipe_task.split(":") +for e in exceptions: +if e[0] in recipe and task == e[1]: +break +else: +missing_objects.append(recipe_task) +self.assertTrue(len(missing_objects) == 0, "Missing objects in the cache:\n{}".format("\n".join(missing_objects))) + + +def run_test_cdn_mirror(self, machine, targets, exceptions): +exceptions = exceptions + [[t, "do_deploy_source_date_epoch"] for t in targets.split()] +exceptions = exceptions + [[t, "do_image_qa"] for t in targets.split()] +self.config_sstate(True) +self.append_config(""" +MACHINE = "{}" +BB_HASHSERVE_UPSTREAM = "hashserv.yocto.io:8687" +SSTATE_MIRRORS ?= "file://.* http://cdn.jsdelivr.net/yocto/sstate/all/PATH;downloadfilename=PATH"; +""".format(machine)) +result = bitbake("-S printdiff {}".format(targets)) +self.check_bb_output(result.output, exceptions) + +def test_cdn_mirror_qemux86_64(self): +# Example: +# exceptions = [ ["packagegroup-core-sdk","do_package"] ] +exceptions = [] +self.run_test_cdn_mirror("qemux86-64", "core-image-minimal core-image-full-cmdline core-image-weston core-image-sato-sdk", exceptions) + +def test_cdn_mirror_qemuarm64(self): +exceptions = [] +# core-image-weston isn't produced for arm64 currently +self.run_test_cdn_mirror("qemuarm64", "core-image-minimal core-image-full-cmdline core-image-sato-sdk", exceptions) -- 2.39.2 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#189585): https://lists.openembedded.org/g/openembedded-core/message/189585 Mute This Topic: https://lists.openembedded.org/mt/102099416/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH 1/2] lib/oe/sstatesig.py: dump locked.sigs.inc only when explicitly asked via -S lockedsigs
On Sat, 2023-10-21 at 13:44 +0200, Alexandre Belloni via lists.openembedded.org wrote: > https://autobuilder.yoctoproject.org/typhoon/#/builders/69/builds/7980/steps/24/logs/stdio It depends on one of the autobuilder-helper patches which is master- next there. The hard part is these patches are "flag day" ones :/. Cheers, Richard -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#189583): https://lists.openembedded.org/g/openembedded-core/message/189583 Mute This Topic: https://lists.openembedded.org/mt/102085735/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH 1/2] lib/oe/sstatesig.py: dump locked.sigs.inc only when explicitly asked via -S lockedsigs
https://autobuilder.yoctoproject.org/typhoon/#/builders/69/builds/7980/steps/24/logs/stdio On 20/10/2023 19:12:31+0200, Alexander Kanavin wrote: > This was writing out locked-sigs.inc into cwd with every > 'bitbake -S' invocation. When the intent is only to to get task > stamps (-S none), or print the difference between them (-S printdiff), > the file is unnecessary clutter. > > A couple of selftests/scripts were however relying on this, so they're > adjusted to explicitly request the file. > > eSDK code calls dump_lockedsigs() separately via > oe.copy_buildsystem.generate_locked_sigs() and so isn't affected. > > Signed-off-by: Alexander Kanavin > --- > meta/lib/oe/sstatesig.py | 7 --- > meta/lib/oeqa/selftest/cases/archiver.py | 2 +- > meta/lib/oeqa/selftest/cases/signing.py | 2 +- > scripts/lib/checklayer/__init__.py | 2 +- > 4 files changed, 7 insertions(+), 6 deletions(-) > > diff --git a/meta/lib/oe/sstatesig.py b/meta/lib/oe/sstatesig.py > index 42e13a8c800..e250f51c124 100644 > --- a/meta/lib/oe/sstatesig.py > +++ b/meta/lib/oe/sstatesig.py > @@ -142,9 +142,10 @@ class SignatureGeneratorOEBasicHashMixIn(object): > super().set_taskdata(data[3:]) > > def dump_sigs(self, dataCache, options): > -sigfile = os.getcwd() + "/locked-sigs.inc" > -bb.plain("Writing locked sigs to %s" % sigfile) > -self.dump_lockedsigs(sigfile) > +if 'lockedsigs' in options: > +sigfile = os.getcwd() + "/locked-sigs.inc" > +bb.plain("Writing locked sigs to %s" % sigfile) > +self.dump_lockedsigs(sigfile) > return super(bb.siggen.SignatureGeneratorBasicHash, > self).dump_sigs(dataCache, options) > > > diff --git a/meta/lib/oeqa/selftest/cases/archiver.py > b/meta/lib/oeqa/selftest/cases/archiver.py > index 3fa59fff510..3cb888c5067 100644 > --- a/meta/lib/oeqa/selftest/cases/archiver.py > +++ b/meta/lib/oeqa/selftest/cases/archiver.py > @@ -141,7 +141,7 @@ class Archiver(OESelftestTestCase): > pn = 'gcc-source-%s' % get_bb_vars(['PV'], 'gcc')['PV'] > > # Generate the tasks signatures > -bitbake('mc:mc1:%s mc:mc2:%s -c %s -S none' % (pn, pn, task)) > +bitbake('mc:mc1:%s mc:mc2:%s -c %s -S lockedsigs' % (pn, pn, task)) > > # Check the tasks signatures > # To be machine agnostic the tasks needs to generate the same > signature for each machine > diff --git a/meta/lib/oeqa/selftest/cases/signing.py > b/meta/lib/oeqa/selftest/cases/signing.py > index 322e753ed3b..18cce0ba258 100644 > --- a/meta/lib/oeqa/selftest/cases/signing.py > +++ b/meta/lib/oeqa/selftest/cases/signing.py > @@ -191,7 +191,7 @@ class LockedSignatures(OESelftestTestCase): > > bitbake(test_recipe) > # Generate locked sigs include file > -bitbake('-S none %s' % test_recipe) > +bitbake('-S lockedsigs %s' % test_recipe) > > feature = 'require %s\n' % locked_sigs_file > feature += 'SIGGEN_LOCKEDSIGS_TASKSIG_CHECK = "warn"\n' > diff --git a/scripts/lib/checklayer/__init__.py > b/scripts/lib/checklayer/__init__.py > index 0a0db2f02ac..8271ed7fe3b 100644 > --- a/scripts/lib/checklayer/__init__.py > +++ b/scripts/lib/checklayer/__init__.py > @@ -307,7 +307,7 @@ def get_signatures(builddir, failsafe=False, > machine=None, extravars=None): > cmd += 'bitbake ' > if failsafe: > cmd += '-k ' > -cmd += '-S none world' > +cmd += '-S lockedsigs world' > sigs_file = os.path.join(builddir, 'locked-sigs.inc') > if os.path.exists(sigs_file): > os.unlink(sigs_file) > -- > 2.39.2 > > > > -- Alexandre Belloni, co-owner and COO, Bootlin Embedded Linux and Kernel engineering https://bootlin.com -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#189582): https://lists.openembedded.org/g/openembedded-core/message/189582 Mute This Topic: https://lists.openembedded.org/mt/102085735/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-