Re: [OE-core] [PATCH 4/4] package_rpm.bbclass: Support compression override
On 10/20/23 16:00, Richard Purdie wrote: As far as I could tell when we looked at this, the rpm world was moving over to zstd so adding in conditional xz support for a limited use case probably just creates a maintenance headache going forward as it isn't something we test or plan to test? I now submitted a v2 for your consideration, but assuming it still introduces a maintenance challenge for YP, we will look into other means to work around the issue. -Niko -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#189598): https://lists.openembedded.org/g/openembedded-core/message/189598 Mute This Topic: https://lists.openembedded.org/mt/102080114/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCHv2 4/4] package_rpm.bbclass: Allow compression mode override
From: Niko Mauno
Commit 4a4d5f78a6962dda5f63e9891825c80a8a87bf66 ("package_rpm: use zstd
instead of xz") changed the rpm package compressor from 'xz' to 'zstd'
which results in decompression failure with BusyBox-provided 'rpm2cpio'
applet and 'rpm' applet when given the '-i' (Install package) option:
rpm2cpio: no gzip/bzip2/xz magic
Introduce a variable which makes it possible to use a different
compression mode, making it possible to override the default value for
example like
RPMBUILD_COMPMODE = "${@'w6T%d.xzdio' % int(d.getVar('XZ_THREADS'))}"
to enable rpm decompression without including the full rpm package in
the resulting root filesystem.
Signed-off-by: Niko Mauno
---
meta/classes-global/package_rpm.bbclass | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/meta/classes-global/package_rpm.bbclass
b/meta/classes-global/package_rpm.bbclass
index 246106ea4f..5d35962aff 100644
--- a/meta/classes-global/package_rpm.bbclass
+++ b/meta/classes-global/package_rpm.bbclass
@@ -10,6 +10,7 @@ IMAGE_PKGTYPE ?= "rpm"
RPM = "rpm"
RPMBUILD = "rpmbuild"
+RPMBUILD_COMPMODE ?= "${@'w19T%d.zstdio' % int(d.getVar('ZSTD_THREADS'))}"
PKGWRITEDIRRPM = "${WORKDIR}/deploy-rpms"
@@ -659,6 +660,7 @@ python do_package_rpm () {
# Setup the rpmbuild arguments...
rpmbuild = d.getVar('RPMBUILD')
+rpmbuild_compmode = d.getVar('RPMBUILD_COMPMODE')
# Too many places in dnf stack assume that arch-independent packages are
"noarch".
# Let's not fight against this.
@@ -682,8 +684,8 @@ python do_package_rpm () {
cmd = cmd + " --define '_use_internal_dependency_generator 0'"
cmd = cmd + " --define '_binaries_in_noarch_packages_terminate_build 0'"
cmd = cmd + " --define '_build_id_links none'"
-cmd = cmd + " --define '_binary_payload w19T%d.zstdio'" %
int(d.getVar("ZSTD_THREADS"))
-cmd = cmd + " --define '_source_payload w19T%d.zstdio'" %
int(d.getVar("ZSTD_THREADS"))
+cmd = cmd + " --define '_source_payload %s'" % rpmbuild_compmode
+cmd = cmd + " --define '_binary_payload %s'" % rpmbuild_compmode
cmd = cmd + " --define 'clamp_mtime_to_source_date_epoch 1'"
cmd = cmd + " --define 'use_source_date_epoch_as_buildtime 1'"
cmd = cmd + " --define '_buildhost reproducible'"
--
2.39.2
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#189597):
https://lists.openembedded.org/g/openembedded-core/message/189597
Mute This Topic: https://lists.openembedded.org/mt/102102142/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCHv2 3/4] package_rpm.bbclass: Remove unused definitions
From: Niko Mauno
Some local variables defined in do_package_rpm() are not referenced, so
remove such dead code lines.
Signed-off-by: Niko Mauno
---
meta/classes-global/package_rpm.bbclass | 4
1 file changed, 4 deletions(-)
diff --git a/meta/classes-global/package_rpm.bbclass
b/meta/classes-global/package_rpm.bbclass
index 402fa5c4e8..246106ea4f 100644
--- a/meta/classes-global/package_rpm.bbclass
+++ b/meta/classes-global/package_rpm.bbclass
@@ -633,7 +633,6 @@ python do_package_rpm () {
workdir = d.getVar('WORKDIR')
tmpdir = d.getVar('TMPDIR')
pkgd = d.getVar('PKGD')
-pkgdest = d.getVar('PKGDEST')
if not workdir or not pkgd or not tmpdir:
bb.error("Variables incorrectly set, unable to package")
return
@@ -660,8 +659,6 @@ python do_package_rpm () {
# Setup the rpmbuild arguments...
rpmbuild = d.getVar('RPMBUILD')
-targetsys = d.getVar('TARGET_SYS')
-targetvendor = d.getVar('HOST_VENDOR')
# Too many places in dnf stack assume that arch-independent packages are
"noarch".
# Let's not fight against this.
@@ -669,7 +666,6 @@ python do_package_rpm () {
if package_arch == "all":
package_arch = "noarch"
-sdkpkgsuffix = (d.getVar('SDKPKGSUFFIX') or "nativesdk").replace("-", "_")
d.setVar('PACKAGE_ARCH_EXTEND', package_arch)
pkgwritedir = d.expand('${PKGWRITEDIRRPM}/${PACKAGE_ARCH_EXTEND}')
d.setVar('RPM_PKGWRITEDIR', pkgwritedir)
--
2.39.2
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#189596):
https://lists.openembedded.org/g/openembedded-core/message/189596
Mute This Topic: https://lists.openembedded.org/mt/102102139/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCHv2 2/4] package_rpm.bbclass: Minor cosmetic and style fixes
From: Niko Mauno
Add the missing conventional space characters around bitbake variable
assignment operators. Also fix a typo on a comment line.
Signed-off-by: Niko Mauno
---
meta/classes-global/package_rpm.bbclass | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/meta/classes-global/package_rpm.bbclass
b/meta/classes-global/package_rpm.bbclass
index 992446a033..402fa5c4e8 100644
--- a/meta/classes-global/package_rpm.bbclass
+++ b/meta/classes-global/package_rpm.bbclass
@@ -8,12 +8,12 @@ inherit package
IMAGE_PKGTYPE ?= "rpm"
-RPM="rpm"
-RPMBUILD="rpmbuild"
+RPM = "rpm"
+RPMBUILD = "rpmbuild"
PKGWRITEDIRRPM = "${WORKDIR}/deploy-rpms"
-# Maintaining the perfile dependencies has singificant overhead when writing
the
+# Maintaining the perfile dependencies has significant overhead when writing
the
# packages. When set, this value merges them for efficiency.
MERGEPERFILEDEPS = "1"
--
2.39.2
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#189595):
https://lists.openembedded.org/g/openembedded-core/message/189595
Mute This Topic: https://lists.openembedded.org/mt/102102138/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCHv2 1/4] package_rpm.bbclass: Fix some pycodestyle issues
From: Niko Mauno
Fix following subset of observations reported by version 2.10.0 of
pycodestyle utility:
meta/classes-global/package_rpm.bbclass:65:46: E231 missing whitespace after
','
meta/classes-global/package_rpm.bbclass:66:46: E231 missing whitespace after
','
meta/classes-global/package_rpm.bbclass:107:19: E231 missing whitespace after
','
meta/classes-global/package_rpm.bbclass:109:69: E202 whitespace before ')'
meta/classes-global/package_rpm.bbclass:122:103: W291 trailing whitespace
meta/classes-global/package_rpm.bbclass:194:74: W291 trailing whitespace
meta/classes-global/package_rpm.bbclass:448:16: E713 test for membership
should be 'not in'
meta/classes-global/package_rpm.bbclass:450:16: E713 test for membership
should be 'not in'
meta/classes-global/package_rpm.bbclass:520:1: W293 blank line contains
whitespace
meta/classes-global/package_rpm.bbclass:521:15: E231 missing whitespace after
','
meta/classes-global/package_rpm.bbclass:542:12: E713 test for membership
should be 'not in'
meta/classes-global/package_rpm.bbclass:544:12: E713 test for membership
should be 'not in'
meta/classes-global/package_rpm.bbclass:647:67: W291 trailing whitespace
Signed-off-by: Niko Mauno
---
meta/classes-global/package_rpm.bbclass | 26 -
1 file changed, 13 insertions(+), 13 deletions(-)
diff --git a/meta/classes-global/package_rpm.bbclass
b/meta/classes-global/package_rpm.bbclass
index 85d0bd7fce..992446a033 100644
--- a/meta/classes-global/package_rpm.bbclass
+++ b/meta/classes-global/package_rpm.bbclass
@@ -62,8 +62,8 @@ def write_rpm_perfiledata(srcname, d):
for dep in depends_dict:
ver = depends_dict[dep]
if dep and ver:
-ver = ver.replace("(","")
-ver = ver.replace(")","")
+ver = ver.replace("(", "")
+ver = ver.replace(")", "")
outfile.write(dep + " " + ver + " ")
else:
outfile.write(dep + " ")
@@ -104,9 +104,9 @@ python write_specfile () {
import oe.packagedata
# append information for logs and patches to %prep
-def add_prep(d,spec_files_bottom):
+def add_prep(d, spec_files_bottom):
if d.getVarFlag('ARCHIVER_MODE', 'srpm') == '1' and
bb.data.inherits_class('archiver', d):
-spec_files_bottom.append('%%prep -n %s' % d.getVar('PN') )
+spec_files_bottom.append('%%prep -n %s' % d.getVar('PN'))
spec_files_bottom.append('%s' % "echo \"include logs and patches,
Please check them in SOURCES\"")
spec_files_bottom.append('')
@@ -119,7 +119,7 @@ python write_specfile () {
source_list = os.listdir(ar_outdir)
source_number = 0
for source in source_list:
-# do_deploy_archives may have already run (from sstate)
meaning a .src.rpm may already
+# do_deploy_archives may have already run (from sstate)
meaning a .src.rpm may already
# exist in ARCHIVER_OUTDIR so skip if present.
if source.endswith(".src.rpm"):
continue
@@ -191,7 +191,7 @@ python write_specfile () {
def walk_files(walkpath, target, conffiles, dirfiles):
# We can race against the ipk/deb backends which create CONTROL or
DEBIAN directories
-# when packaging. We just ignore these files which are created in
+# when packaging. We just ignore these files which are created in
# packages-split/ and not package/
# We have the odd situation where the CONTROL/DEBIAN directory can be
removed in the middle of
# of the walk, the isdir() test would then fail and the walk code
would assume its a file
@@ -445,9 +445,9 @@ python write_specfile () {
rprovides = bb.utils.explode_dep_versions2(splitrprovides)
rreplaces = bb.utils.explode_dep_versions2(splitrreplaces)
for dep in rreplaces:
-if not dep in robsoletes:
+if dep not in robsoletes:
robsoletes[dep] = rreplaces[dep]
-if not dep in rprovides:
+if dep not in rprovides:
rprovides[dep] = rreplaces[dep]
splitrobsoletes = bb.utils.join_deps(robsoletes, commasep=False)
splitrprovides = bb.utils.join_deps(rprovides, commasep=False)
@@ -517,8 +517,8 @@ python write_specfile () {
spec_files_bottom.append('')
del localdata
-
-add_prep(d,spec_files_bottom)
+
+add_prep(d, spec_files_bottom)
spec_preamble_top.append('Summary: %s' % srcsummary)
spec_preamble_top.append('Name: %s' % srcname)
spec_preamble_top.append('Version: %s' % srcversion)
@@ -539,9 +539,9 @@ python write_specfile () {
rprovides = bb.utils.explode_dep_versions2(srcrprovides)
rreplaces = bb.utils.explode_dep_versions2(srcrrep
[OE-core][kirkstone 6/6] vim: Upgrade 9.0.2009 -> 9.0.2048
From: Siddharth Doshi This includes CVE fix for CVE-2023-5535. Signed-off-by: Siddharth Doshi Signed-off-by: Steve Sakoman --- meta/recipes-support/vim/vim.inc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc index 5e06866692..58025828f2 100644 --- a/meta/recipes-support/vim/vim.inc +++ b/meta/recipes-support/vim/vim.inc @@ -19,8 +19,8 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \ file://no-path-adjust.patch \ " -PV .= ".2009" -SRCREV = "54844857fd6933fa4f6678e47610c4b9c9f7a091" +PV .= ".2048" +SRCREV = "982ef16059bd163a77271107020defde0740bbd6" # Do not consider .z in x.y.z, as that is updated with every commit UPSTREAM_CHECK_GITTAGREGEX = "(?P\d+\.\d+)\.0" -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#189593): https://lists.openembedded.org/g/openembedded-core/message/189593 Mute This Topic: https://lists.openembedded.org/mt/102101677/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 5/6] libx11: Security Fix for CVE-2023-43785, CVE-2023-43786 and CVE-2023-43787
From: Siddharth Doshi
CVE's Fixed:
CVE-2023-43785: libX11: out-of-bounds memory access in _XkbReadKeySyms()
CVE-2023-43786: libX11: stack exhaustion from infinite recursion in
PutSubImage()
CVE-2023-43787: libX11: integer overflow in XCreateImage() leading to a heap
overflow
Signed-off-by: Siddharth Doshi
Signed-off-by: Steve Sakoman
---
.../xorg-lib/libx11/CVE-2023-43785.patch | 62 ++
.../xorg-lib/libx11/CVE-2023-43786-0001.patch | 41
.../xorg-lib/libx11/CVE-2023-43786-0002.patch | 45 +
.../xorg-lib/libx11/CVE-2023-43786-0003.patch | 51 +++
.../xorg-lib/libx11/CVE-2023-43787.patch | 63 +++
.../xorg-lib/libx11_1.7.3.1.bb| 5 ++
6 files changed, 267 insertions(+)
create mode 100644 meta/recipes-graphics/xorg-lib/libx11/CVE-2023-43785.patch
create mode 100644
meta/recipes-graphics/xorg-lib/libx11/CVE-2023-43786-0001.patch
create mode 100644
meta/recipes-graphics/xorg-lib/libx11/CVE-2023-43786-0002.patch
create mode 100644
meta/recipes-graphics/xorg-lib/libx11/CVE-2023-43786-0003.patch
create mode 100644 meta/recipes-graphics/xorg-lib/libx11/CVE-2023-43787.patch
diff --git a/meta/recipes-graphics/xorg-lib/libx11/CVE-2023-43785.patch
b/meta/recipes-graphics/xorg-lib/libx11/CVE-2023-43785.patch
new file mode 100644
index 00..64f8776cc9
--- /dev/null
+++ b/meta/recipes-graphics/xorg-lib/libx11/CVE-2023-43785.patch
@@ -0,0 +1,62 @@
+From 6858d468d9ca55fb4c5fd70b223dbc78a3358a7f Mon Sep 17 00:00:00 2001
+From: Alan Coopersmith
+Date: Sun, 17 Sep 2023 14:19:40 -0700
+Subject: [PATCH] CVE-2023-43785: out-of-bounds memory access in
+ _XkbReadKeySyms()
+
+Make sure we allocate enough memory in the first place, and
+also handle error returns from _XkbReadBufferCopyKeySyms() when
+it detects out-of-bounds issues.
+
+Reported-by: Gregory James DUCK
+Signed-off-by: Alan Coopersmith
+
+Upstream-Status: Backport from
[https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/6858d468d9ca55fb4c5fd70b223dbc78a3358a7f]
+CVE: CVE-2023-43785
+Signed-off-by: Siddharth Doshi
+---
+ src/xkb/XKBGetMap.c | 14 +-
+ 1 file changed, 9 insertions(+), 5 deletions(-)
+
+diff --git a/src/xkb/XKBGetMap.c b/src/xkb/XKBGetMap.c
+index 2891d21..31199e4 100644
+--- a/src/xkb/XKBGetMap.c
b/src/xkb/XKBGetMap.c
+@@ -182,7 +182,8 @@ _XkbReadKeySyms(XkbReadBufferPtr buf, XkbDescPtr xkb,
xkbGetMapReply *rep)
+ if (offset + newMap->nSyms >= map->size_syms) {
+ register int sz;
+
+-sz = map->size_syms + 128;
++sz = offset + newMap->nSyms;
++sz = ((sz + (unsigned) 128) / 128) * 128;
+ _XkbResizeArray(map->syms, map->size_syms, sz, KeySym);
+ if (map->syms == NULL) {
+ map->size_syms = 0;
+@@ -191,8 +192,9 @@ _XkbReadKeySyms(XkbReadBufferPtr buf, XkbDescPtr xkb,
xkbGetMapReply *rep)
+ map->size_syms = sz;
+ }
+ if (newMap->nSyms > 0) {
+-_XkbReadBufferCopyKeySyms(buf, (KeySym *) &map->syms[offset],
+- newMap->nSyms);
++if (_XkbReadBufferCopyKeySyms(buf, (KeySym *)
&map->syms[offset],
++ newMap->nSyms) == 0)
++return BadLength;
+ offset += newMap->nSyms;
+ }
+ else {
+@@ -222,8 +224,10 @@ _XkbReadKeySyms(XkbReadBufferPtr buf, XkbDescPtr xkb,
xkbGetMapReply *rep)
+ newSyms = XkbResizeKeySyms(xkb, i + rep->firstKeySym, tmp);
+ if (newSyms == NULL)
+ return BadAlloc;
+-if (newMap->nSyms > 0)
+-_XkbReadBufferCopyKeySyms(buf, newSyms, newMap->nSyms);
++if (newMap->nSyms > 0) {
++if (_XkbReadBufferCopyKeySyms(buf, newSyms, newMap->nSyms) ==
0)
++return BadLength;
++}
+ else
+ newSyms[0] = NoSymbol;
+ oldMap->kt_index[0] = newMap->ktIndex[0];
+--
+2.35.7
+
diff --git a/meta/recipes-graphics/xorg-lib/libx11/CVE-2023-43786-0001.patch
b/meta/recipes-graphics/xorg-lib/libx11/CVE-2023-43786-0001.patch
new file mode 100644
index 00..db5b7067aa
--- /dev/null
+++ b/meta/recipes-graphics/xorg-lib/libx11/CVE-2023-43786-0001.patch
@@ -0,0 +1,41 @@
+From 204c3393c4c90a29ed6bef64e43849536e863a86 Mon Sep 17 00:00:00 2001
+From: Alan Coopersmith
+Date: Thu, 7 Sep 2023 15:54:30 -0700
+Subject: [PATCH] CVE-2023-43786: stack exhaustion from infinite recursion in
+ PutSubImage()
+
+When splitting a single line of pixels into chunks to send to the
+X server, be sure to take into account the number of bits per pixel,
+so we don't just loop forever trying to send more pixels than fit in
+the given request size and not breaking them down into a small enough
+chunk to fix.
+
+Fixes: "almost complete rewrite" (Dec. 12, 198
[OE-core][kirkstone 4/6] linux-firmware: upgrade 20230625 -> 20230804
From: Meenali Gupta
License-Update: additional firmwares
upgrade include fix for CVE-2023-20569 CVE-2022-40982 CVE-2023-20593
Changelog:
https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-20569
https://nvd.nist.gov/vuln/detail/CVE-2022-40982
https://nvd.nist.gov/vuln/detail/CVE-2023-20593
Signed-off-by: Meenali Gupta
Signed-off-by: Steve Sakoman
---
...{linux-firmware_20230625.bb => linux-firmware_20230804.bb} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
rename meta/recipes-kernel/linux-firmware/{linux-firmware_20230625.bb =>
linux-firmware_20230804.bb} (99%)
diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_20230625.bb
b/meta/recipes-kernel/linux-firmware/linux-firmware_20230804.bb
similarity index 99%
rename from meta/recipes-kernel/linux-firmware/linux-firmware_20230625.bb
rename to meta/recipes-kernel/linux-firmware/linux-firmware_20230804.bb
index 6765226b9d..4defab434d 100644
--- a/meta/recipes-kernel/linux-firmware/linux-firmware_20230625.bb
+++ b/meta/recipes-kernel/linux-firmware/linux-firmware_20230804.bb
@@ -134,7 +134,7 @@ LIC_FILES_CHKSUM =
"file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \
"
# WHENCE checksum is defined separately to ease overriding it if
# class-devupstream is selected.
-WHENCE_CHKSUM = "57bf874056926f12aec2405d3fc390d9"
+WHENCE_CHKSUM = "41f9a48bf27971b126a36f9344594dcd"
# These are not common licenses, set NO_GENERIC_LICENSE for them
# so that the license files will be copied from fetched source
@@ -212,7 +212,7 @@ SRC_URI:class-devupstream =
"git://git.kernel.org/pub/scm/linux/kernel/git/firmw
# Pin this to the 20220509 release, override this in local.conf
SRCREV:class-devupstream ?= "b19cbdca78ab2adfd210c91be15a22568e8b8cae"
-SRC_URI[sha256sum] =
"87597111c0d4b71b31e53cb85a92c386921b84c825a402db8c82e0e86015500d"
+SRC_URI[sha256sum] =
"88d46c543847ee3b03404d4941d91c92974690ee1f6fdcbee9cef3e5f97db688"
inherit allarch
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#189591):
https://lists.openembedded.org/g/openembedded-core/message/189591
Mute This Topic: https://lists.openembedded.org/mt/102101674/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 3/6] zlib: patch CVE-2023-45853
From: Peter Marko
Backport commit merged to develop branch from PR linked in NVD report:
* https://nvd.nist.gov/vuln/detail/CVE-2023-45853
* https://github.com/madler/zlib/pull/843
Signed-off-by: Peter Marko
Signed-off-by: Steve Sakoman
---
.../zlib/zlib/CVE-2023-45853.patch| 42 +++
meta/recipes-core/zlib/zlib_1.2.11.bb | 1 +
2 files changed, 43 insertions(+)
create mode 100644 meta/recipes-core/zlib/zlib/CVE-2023-45853.patch
diff --git a/meta/recipes-core/zlib/zlib/CVE-2023-45853.patch
b/meta/recipes-core/zlib/zlib/CVE-2023-45853.patch
new file mode 100644
index 00..ba3709249b
--- /dev/null
+++ b/meta/recipes-core/zlib/zlib/CVE-2023-45853.patch
@@ -0,0 +1,42 @@
+From 73331a6a0481067628f065ffe87bb1d8f787d10c Mon Sep 17 00:00:00 2001
+From: Hans Wennborg
+Date: Fri, 18 Aug 2023 11:05:33 +0200
+Subject: [PATCH] Reject overflows of zip header fields in minizip.
+
+This checks the lengths of the file name, extra field, and comment
+that would be put in the zip headers, and rejects them if they are
+too long. They are each limited to 65535 bytes in length by the zip
+format. This also avoids possible buffer overflows if the provided
+fields are too long.
+
+CVE: CVE-2023-45853
+Upstream-Status: Backport
[https://github.com/madler/zlib/commit/73331a6a0481067628f065ffe87bb1d8f787d10c]
+
+Signed-off-by: Peter Marko
+
+---
+ contrib/minizip/zip.c | 11 +++
+ 1 file changed, 11 insertions(+)
+
+diff --git a/contrib/minizip/zip.c b/contrib/minizip/zip.c
+index 3d3d4cadd..0446109b2 100644
+--- a/contrib/minizip/zip.c
b/contrib/minizip/zip.c
+@@ -1043,6 +1043,17 @@ extern int ZEXPORT zipOpenNewFileInZip4_64(zipFile
file, const char* filename, c
+ return ZIP_PARAMERROR;
+ #endif
+
++// The filename and comment length must fit in 16 bits.
++if ((filename!=NULL) && (strlen(filename)>0x))
++return ZIP_PARAMERROR;
++if ((comment!=NULL) && (strlen(comment)>0x))
++return ZIP_PARAMERROR;
++// The extra field length must fit in 16 bits. If the member also requires
++// a Zip64 extra block, that will also need to fit within that 16-bit
++// length, but that will be checked for later.
++if ((size_extrafield_local>0x) || (size_extrafield_global>0x))
++return ZIP_PARAMERROR;
++
+ zi = (zip64_internal*)file;
+
+ if (zi->in_opened_file_inzip == 1)
diff --git a/meta/recipes-core/zlib/zlib_1.2.11.bb
b/meta/recipes-core/zlib/zlib_1.2.11.bb
index f768b41988..d75474dcb6 100644
--- a/meta/recipes-core/zlib/zlib_1.2.11.bb
+++ b/meta/recipes-core/zlib/zlib_1.2.11.bb
@@ -12,6 +12,7 @@ SRC_URI =
"${SOURCEFORGE_MIRROR}/libpng/${BPN}/${PV}/${BPN}-${PV}.tar.xz \
file://CVE-2018-25032.patch \
file://run-ptest \
file://CVE-2022-37434.patch \
+ file://CVE-2023-45853.patch \
"
UPSTREAM_CHECK_URI = "http://zlib.net/";
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#189590):
https://lists.openembedded.org/g/openembedded-core/message/189590
Mute This Topic: https://lists.openembedded.org/mt/102101672/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 2/6] gawk: backport Debian patch to fix CVE-2023-4156
From: Vijay Anusuri
Upstream-Status: Backport
[https://git.launchpad.net/ubuntu/+source/gawk/tree/debian/patches?h=ubuntu/jammy-security
&
https://git.savannah.gnu.org/gitweb/?p=gawk.git;a=commitdiff;h=e709eb829448ce040087a3fc5481db6bfcaae212]
Signed-off-by: Vijay Anusuri
Signed-off-by: Steve Sakoman
---
.../gawk/gawk/CVE-2023-4156.patch | 28 +++
meta/recipes-extended/gawk/gawk_5.1.1.bb | 1 +
2 files changed, 29 insertions(+)
create mode 100644 meta/recipes-extended/gawk/gawk/CVE-2023-4156.patch
diff --git a/meta/recipes-extended/gawk/gawk/CVE-2023-4156.patch
b/meta/recipes-extended/gawk/gawk/CVE-2023-4156.patch
new file mode 100644
index 00..bc157d6afb
--- /dev/null
+++ b/meta/recipes-extended/gawk/gawk/CVE-2023-4156.patch
@@ -0,0 +1,28 @@
+From e709eb829448ce040087a3fc5481db6bfcaae212 Mon Sep 17 00:00:00 2001
+From: "Arnold D. Robbins"
+Date: Wed, 3 Aug 2022 13:00:54 +0300
+Subject: [PATCH] Smal bug fix in builtin.c.
+
+Upstream-Status: Backport [import from ubuntu
https://git.launchpad.net/ubuntu/+source/gawk/tree/debian/patches/CVE-2023-4156.patch?h=ubuntu/jammy-security
+Upstream commit
https://git.savannah.gnu.org/gitweb/?p=gawk.git;a=commitdiff;h=e709eb829448ce040087a3fc5481db6bfcaae212]
+CVE: CVE-2023-4156
+Signed-off-by: Vijay Anusuri
+---
+ ChangeLog | 6 ++
+ builtin.c | 5 -
+ 2 files changed, 10 insertions(+), 1 deletion(-)
+
+--- gawk-5.1.0.orig/builtin.c
gawk-5.1.0/builtin.c
+@@ -957,7 +957,10 @@ check_pos:
+ s1++;
+ n0--;
+ }
+- if (val >= num_args) {
++ // val could be less than zero if someone
provides a field width
++ // so large that it causes integer overflow.
Mainly fuzzers do this,
++ // but let's try to be good anyway.
++ if (val < 0 || val >= num_args) {
+ toofew = true;
+ break;
+ }
diff --git a/meta/recipes-extended/gawk/gawk_5.1.1.bb
b/meta/recipes-extended/gawk/gawk_5.1.1.bb
index fe339805d0..0b0d0897bc 100644
--- a/meta/recipes-extended/gawk/gawk_5.1.1.bb
+++ b/meta/recipes-extended/gawk/gawk_5.1.1.bb
@@ -18,6 +18,7 @@ PACKAGECONFIG[mpfr] = "--with-mpfr,--without-mpfr, mpfr"
SRC_URI = "${GNU_MIRROR}/gawk/gawk-${PV}.tar.gz \
file://remove-sensitive-tests.patch \
file://run-ptest \
+ file://CVE-2023-4156.patch \
"
SRC_URI[sha256sum] =
"6168d8d1dc8f74bd17d9dc22fa9634c49070f232343b744901da15fb4f06bffd"
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#189589):
https://lists.openembedded.org/g/openembedded-core/message/189589
Mute This Topic: https://lists.openembedded.org/mt/102101671/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 1/6] qemu: ignore RHEL specific CVE-2023-2680
From: Lee Chee Yang Signed-off-by: Lee Chee Yang Signed-off-by: Steve Sakoman --- meta/recipes-devtools/qemu/qemu.inc | 4 1 file changed, 4 insertions(+) diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc index 5526eacb96..83bd5d7e67 100644 --- a/meta/recipes-devtools/qemu/qemu.inc +++ b/meta/recipes-devtools/qemu/qemu.inc @@ -125,6 +125,10 @@ CVE_CHECK_IGNORE += "CVE-2018-18438" # this bug related to windows specific. CVE_CHECK_IGNORE += "CVE-2023-0664" +# As per https://bugzilla.redhat.com/show_bug.cgi?id=2203387 +# RHEL specific issue +CVE_CHECK_IGNORE += "CVE-2023-2680" + COMPATIBLE_HOST:mipsarchn32 = "null" COMPATIBLE_HOST:mipsarchn64 = "null" COMPATIBLE_HOST:riscv32 = "null" -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#189588): https://lists.openembedded.org/g/openembedded-core/message/189588 Mute This Topic: https://lists.openembedded.org/mt/102101670/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 0/6] Patch review
Please review this set of changes for kirkstone and have comments back by
end of day Tuesday, October 24
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6084
The following changes since commit 5570e49791b770271f176a4deeb5f6f1a028cb4a:
uboot-extlinux-config.bbclass: fix missed override syntax migration
(2023-10-17 12:19:37 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Lee Chee Yang (1):
qemu: ignore RHEL specific CVE-2023-2680
Meenali Gupta (1):
linux-firmware: upgrade 20230625 -> 20230804
Peter Marko (1):
zlib: patch CVE-2023-45853
Siddharth Doshi (2):
libx11: Security Fix for CVE-2023-43785, CVE-2023-43786 and
CVE-2023-43787
vim: Upgrade 9.0.2009 -> 9.0.2048
Vijay Anusuri (1):
gawk: backport Debian patch to fix CVE-2023-4156
.../zlib/zlib/CVE-2023-45853.patch| 42 +
meta/recipes-core/zlib/zlib_1.2.11.bb | 1 +
meta/recipes-devtools/qemu/qemu.inc | 4 ++
.../gawk/gawk/CVE-2023-4156.patch | 28 +
meta/recipes-extended/gawk/gawk_5.1.1.bb | 1 +
.../xorg-lib/libx11/CVE-2023-43785.patch | 62 ++
.../xorg-lib/libx11/CVE-2023-43786-0001.patch | 41
.../xorg-lib/libx11/CVE-2023-43786-0002.patch | 45 +
.../xorg-lib/libx11/CVE-2023-43786-0003.patch | 51 +++
.../xorg-lib/libx11/CVE-2023-43787.patch | 63 +++
.../xorg-lib/libx11_1.7.3.1.bb| 5 ++
...20230625.bb => linux-firmware_20230804.bb} | 4 +-
meta/recipes-support/vim/vim.inc | 4 +-
13 files changed, 347 insertions(+), 4 deletions(-)
create mode 100644 meta/recipes-core/zlib/zlib/CVE-2023-45853.patch
create mode 100644 meta/recipes-extended/gawk/gawk/CVE-2023-4156.patch
create mode 100644 meta/recipes-graphics/xorg-lib/libx11/CVE-2023-43785.patch
create mode 100644
meta/recipes-graphics/xorg-lib/libx11/CVE-2023-43786-0001.patch
create mode 100644
meta/recipes-graphics/xorg-lib/libx11/CVE-2023-43786-0002.patch
create mode 100644
meta/recipes-graphics/xorg-lib/libx11/CVE-2023-43786-0003.patch
create mode 100644 meta/recipes-graphics/xorg-lib/libx11/CVE-2023-43787.patch
rename meta/recipes-kernel/linux-firmware/{linux-firmware_20230625.bb =>
linux-firmware_20230804.bb} (99%)
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#189587):
https://lists.openembedded.org/g/openembedded-core/message/189587
Mute This Topic: https://lists.openembedded.org/mt/102101667/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH 2/2] selftest/sstatetests: add a test for CDN sstate cache
Right, I omitted the printdiff tests and that created a conflict with
master. I resent a version that's rebased directly on that.
Alex
On Sat, 21 Oct 2023 at 00:58, Alexandre Belloni
wrote:
>
> Hello Alex,
>
> This doesn't apply cleanly, it seems the context is from another series.
>
> On 20/10/2023 19:12:32+0200, Alexander Kanavin wrote:
> > Specifically, the test checks that everything needed for building
> > standard oe-core images for x86_64 and arm64 is available from
> > the cache (with minor exceptions). Going forward, a complete
> > world check could be enabled and additional configurations,
> > but that requires improvements to performance of hash equivalence
> > server in particular.
> >
> > Signed-off-by: Alexander Kanavin
> > ---
> > meta/lib/oeqa/selftest/cases/sstatetests.py | 47 +
> > 1 file changed, 47 insertions(+)
> >
> > diff --git a/meta/lib/oeqa/selftest/cases/sstatetests.py
> > b/meta/lib/oeqa/selftest/cases/sstatetests.py
> > index 6ef339897bf..e392d6a1a63 100644
> > --- a/meta/lib/oeqa/selftest/cases/sstatetests.py
> > +++ b/meta/lib/oeqa/selftest/cases/sstatetests.py
> > @@ -14,6 +14,7 @@ import re
> >
> > from oeqa.utils.commands import runCmd, bitbake, get_bb_var,
> > create_temp_layer, get_bb_vars
> > from oeqa.selftest.case import OESelftestTestCase
> > +from oeqa.core.decorator import OETestTag
> >
> > import oe
> > import bb.siggen
> > @@ -879,3 +880,49 @@ expected_sametmp_output, expected_difftmp_output)
> > INHERIT += "base-do-configure-modified"
> > """,
> > expected_sametmp_output, expected_difftmp_output)
> > +
> > +@OETestTag("yocto-mirrors")
> > +class SStateMirrors(SStateBase):
> > +def check_bb_output(self, output, exceptions):
> > +in_tasks = False
> > +missing_objects = []
> > +for l in output.splitlines():
> > +if "The differences between the current build and any cached
> > tasks start at the following tasks" in l:
> > +in_tasks = True
> > +continue
> > +if "Writing task signature files" in l:
> > +in_tasks = False
> > +continue
> > +if in_tasks:
> > +recipe_task = l.split("/")[-1]
> > +recipe, task = recipe_task.split(":")
> > +for e in exceptions:
> > +if e[0] in recipe and task == e[1]:
> > +break
> > +else:
> > +missing_objects.append(recipe_task)
> > +self.assertTrue(len(missing_objects) == 0, "Missing objects in the
> > cache:\n{}".format("\n".join(missing_objects)))
> > +
> > +
> > +def run_test_cdn_mirror(self, machine, targets, exceptions):
> > +exceptions = exceptions + [[t, "do_deploy_source_date_epoch"] for
> > t in targets.split()]
> > +exceptions = exceptions + [[t, "do_image_qa"] for t in
> > targets.split()]
> > +self.config_sstate(True)
> > +self.append_config("""
> > +MACHINE = "{}"
> > +BB_HASHSERVE_UPSTREAM = "hashserv.yocto.io:8687"
> > +SSTATE_MIRRORS ?= "file://.*
> > http://cdn.jsdelivr.net/yocto/sstate/all/PATH;downloadfilename=PATH";
> > +""".format(machine))
> > +result = bitbake("-S printdiff {}".format(targets))
> > +self.check_bb_output(result.output, exceptions)
> > +
> > +def test_cdn_mirror_qemux86_64(self):
> > +# Example:
> > +# exceptions = [ ["packagegroup-core-sdk","do_package"] ]
> > +exceptions = []
> > +self.run_test_cdn_mirror("qemux86-64", "core-image-minimal
> > core-image-full-cmdline core-image-weston core-image-sato-sdk", exceptions)
> > +
> > +def test_cdn_mirror_qemuarm64(self):
> > +exceptions = []
> > +# core-image-weston isn't produced for arm64 currently
> > +self.run_test_cdn_mirror("qemuarm64", "core-image-minimal
> > core-image-full-cmdline core-image-sato-sdk", exceptions)
> > --
> > 2.39.2
> >
>
> >
> >
> >
>
>
> --
> Alexandre Belloni, co-owner and COO, Bootlin
> Embedded Linux and Kernel engineering
> https://bootlin.com
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#189586):
https://lists.openembedded.org/g/openembedded-core/message/189586
Mute This Topic: https://lists.openembedded.org/mt/102085736/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 1/2] lib/oe/sstatesig.py: dump locked.sigs.inc only when explicitly asked via -S lockedsigs
This was writing out locked-sigs.inc into cwd with every
'bitbake -S' invocation. When the intent is only to to get task
stamps (-S none), or print the difference between them (-S printdiff),
the file is unnecessary clutter.
A couple of selftests/scripts were however relying on this, so they're
adjusted to explicitly request the file.
eSDK code calls dump_lockedsigs() separately via
oe.copy_buildsystem.generate_locked_sigs() and so isn't affected.
Signed-off-by: Alexander Kanavin
---
meta/lib/oe/sstatesig.py | 7 ---
meta/lib/oeqa/selftest/cases/archiver.py | 2 +-
meta/lib/oeqa/selftest/cases/signing.py | 2 +-
scripts/lib/checklayer/__init__.py | 2 +-
4 files changed, 7 insertions(+), 6 deletions(-)
diff --git a/meta/lib/oe/sstatesig.py b/meta/lib/oe/sstatesig.py
index 42e13a8c800..e250f51c124 100644
--- a/meta/lib/oe/sstatesig.py
+++ b/meta/lib/oe/sstatesig.py
@@ -142,9 +142,10 @@ class SignatureGeneratorOEBasicHashMixIn(object):
super().set_taskdata(data[3:])
def dump_sigs(self, dataCache, options):
-sigfile = os.getcwd() + "/locked-sigs.inc"
-bb.plain("Writing locked sigs to %s" % sigfile)
-self.dump_lockedsigs(sigfile)
+if 'lockedsigs' in options:
+sigfile = os.getcwd() + "/locked-sigs.inc"
+bb.plain("Writing locked sigs to %s" % sigfile)
+self.dump_lockedsigs(sigfile)
return super(bb.siggen.SignatureGeneratorBasicHash,
self).dump_sigs(dataCache, options)
diff --git a/meta/lib/oeqa/selftest/cases/archiver.py
b/meta/lib/oeqa/selftest/cases/archiver.py
index 3fa59fff510..3cb888c5067 100644
--- a/meta/lib/oeqa/selftest/cases/archiver.py
+++ b/meta/lib/oeqa/selftest/cases/archiver.py
@@ -141,7 +141,7 @@ class Archiver(OESelftestTestCase):
pn = 'gcc-source-%s' % get_bb_vars(['PV'], 'gcc')['PV']
# Generate the tasks signatures
-bitbake('mc:mc1:%s mc:mc2:%s -c %s -S none' % (pn, pn, task))
+bitbake('mc:mc1:%s mc:mc2:%s -c %s -S lockedsigs' % (pn, pn, task))
# Check the tasks signatures
# To be machine agnostic the tasks needs to generate the same
signature for each machine
diff --git a/meta/lib/oeqa/selftest/cases/signing.py
b/meta/lib/oeqa/selftest/cases/signing.py
index 322e753ed3b..18cce0ba258 100644
--- a/meta/lib/oeqa/selftest/cases/signing.py
+++ b/meta/lib/oeqa/selftest/cases/signing.py
@@ -191,7 +191,7 @@ class LockedSignatures(OESelftestTestCase):
bitbake(test_recipe)
# Generate locked sigs include file
-bitbake('-S none %s' % test_recipe)
+bitbake('-S lockedsigs %s' % test_recipe)
feature = 'require %s\n' % locked_sigs_file
feature += 'SIGGEN_LOCKEDSIGS_TASKSIG_CHECK = "warn"\n'
diff --git a/scripts/lib/checklayer/__init__.py
b/scripts/lib/checklayer/__init__.py
index 0a0db2f02ac..8271ed7fe3b 100644
--- a/scripts/lib/checklayer/__init__.py
+++ b/scripts/lib/checklayer/__init__.py
@@ -307,7 +307,7 @@ def get_signatures(builddir, failsafe=False, machine=None,
extravars=None):
cmd += 'bitbake '
if failsafe:
cmd += '-k '
-cmd += '-S none world'
+cmd += '-S lockedsigs world'
sigs_file = os.path.join(builddir, 'locked-sigs.inc')
if os.path.exists(sigs_file):
os.unlink(sigs_file)
--
2.39.2
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#189584):
https://lists.openembedded.org/g/openembedded-core/message/189584
Mute This Topic: https://lists.openembedded.org/mt/102085735/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 2/2] selftest/sstatetests: add a test for CDN sstate cache
Specifically, the test checks that everything needed for building
standard oe-core images for x86_64 and arm64 is available from
the cache (with minor exceptions). Going forward, a complete
world check could be enabled and additional configurations,
but that requires improvements to performance of hash equivalence
server in particular.
Signed-off-by: Alexander Kanavin
---
meta/lib/oeqa/selftest/cases/sstatetests.py | 47 +
1 file changed, 47 insertions(+)
diff --git a/meta/lib/oeqa/selftest/cases/sstatetests.py
b/meta/lib/oeqa/selftest/cases/sstatetests.py
index bdad9088d37..1b470453c6e 100644
--- a/meta/lib/oeqa/selftest/cases/sstatetests.py
+++ b/meta/lib/oeqa/selftest/cases/sstatetests.py
@@ -14,6 +14,7 @@ import re
from oeqa.utils.commands import runCmd, bitbake, get_bb_var,
create_temp_layer, get_bb_vars
from oeqa.selftest.case import OESelftestTestCase
+from oeqa.core.decorator import OETestTag
import oe
import bb.siggen
@@ -773,3 +774,49 @@ addtask tmptask2 before do_tmptask1
latestfiles = sorted(filedates.keys(), key=lambda f:
filedates[f])[-2:]
bb.siggen.compare_sigfiles(latestfiles[-2], latestfiles[-1],
recursecb)
self.assertEqual(recursecb_count,1)
+
+@OETestTag("yocto-mirrors")
+class SStateMirrors(SStateBase):
+def check_bb_output(self, output, exceptions):
+in_tasks = False
+missing_objects = []
+for l in output.splitlines():
+if "The differences between the current build and any cached tasks
start at the following tasks" in l:
+in_tasks = True
+continue
+if "Writing task signature files" in l:
+in_tasks = False
+continue
+if in_tasks:
+recipe_task = l.split("/")[-1]
+recipe, task = recipe_task.split(":")
+for e in exceptions:
+if e[0] in recipe and task == e[1]:
+break
+else:
+missing_objects.append(recipe_task)
+self.assertTrue(len(missing_objects) == 0, "Missing objects in the
cache:\n{}".format("\n".join(missing_objects)))
+
+
+def run_test_cdn_mirror(self, machine, targets, exceptions):
+exceptions = exceptions + [[t, "do_deploy_source_date_epoch"] for t in
targets.split()]
+exceptions = exceptions + [[t, "do_image_qa"] for t in targets.split()]
+self.config_sstate(True)
+self.append_config("""
+MACHINE = "{}"
+BB_HASHSERVE_UPSTREAM = "hashserv.yocto.io:8687"
+SSTATE_MIRRORS ?= "file://.*
http://cdn.jsdelivr.net/yocto/sstate/all/PATH;downloadfilename=PATH";
+""".format(machine))
+result = bitbake("-S printdiff {}".format(targets))
+self.check_bb_output(result.output, exceptions)
+
+def test_cdn_mirror_qemux86_64(self):
+# Example:
+# exceptions = [ ["packagegroup-core-sdk","do_package"] ]
+exceptions = []
+self.run_test_cdn_mirror("qemux86-64", "core-image-minimal
core-image-full-cmdline core-image-weston core-image-sato-sdk", exceptions)
+
+def test_cdn_mirror_qemuarm64(self):
+exceptions = []
+# core-image-weston isn't produced for arm64 currently
+self.run_test_cdn_mirror("qemuarm64", "core-image-minimal
core-image-full-cmdline core-image-sato-sdk", exceptions)
--
2.39.2
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#189585):
https://lists.openembedded.org/g/openembedded-core/message/189585
Mute This Topic: https://lists.openembedded.org/mt/102099416/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH 1/2] lib/oe/sstatesig.py: dump locked.sigs.inc only when explicitly asked via -S lockedsigs
On Sat, 2023-10-21 at 13:44 +0200, Alexandre Belloni via lists.openembedded.org wrote: > https://autobuilder.yoctoproject.org/typhoon/#/builders/69/builds/7980/steps/24/logs/stdio It depends on one of the autobuilder-helper patches which is master- next there. The hard part is these patches are "flag day" ones :/. Cheers, Richard -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#189583): https://lists.openembedded.org/g/openembedded-core/message/189583 Mute This Topic: https://lists.openembedded.org/mt/102085735/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH 1/2] lib/oe/sstatesig.py: dump locked.sigs.inc only when explicitly asked via -S lockedsigs
https://autobuilder.yoctoproject.org/typhoon/#/builders/69/builds/7980/steps/24/logs/stdio
On 20/10/2023 19:12:31+0200, Alexander Kanavin wrote:
> This was writing out locked-sigs.inc into cwd with every
> 'bitbake -S' invocation. When the intent is only to to get task
> stamps (-S none), or print the difference between them (-S printdiff),
> the file is unnecessary clutter.
>
> A couple of selftests/scripts were however relying on this, so they're
> adjusted to explicitly request the file.
>
> eSDK code calls dump_lockedsigs() separately via
> oe.copy_buildsystem.generate_locked_sigs() and so isn't affected.
>
> Signed-off-by: Alexander Kanavin
> ---
> meta/lib/oe/sstatesig.py | 7 ---
> meta/lib/oeqa/selftest/cases/archiver.py | 2 +-
> meta/lib/oeqa/selftest/cases/signing.py | 2 +-
> scripts/lib/checklayer/__init__.py | 2 +-
> 4 files changed, 7 insertions(+), 6 deletions(-)
>
> diff --git a/meta/lib/oe/sstatesig.py b/meta/lib/oe/sstatesig.py
> index 42e13a8c800..e250f51c124 100644
> --- a/meta/lib/oe/sstatesig.py
> +++ b/meta/lib/oe/sstatesig.py
> @@ -142,9 +142,10 @@ class SignatureGeneratorOEBasicHashMixIn(object):
> super().set_taskdata(data[3:])
>
> def dump_sigs(self, dataCache, options):
> -sigfile = os.getcwd() + "/locked-sigs.inc"
> -bb.plain("Writing locked sigs to %s" % sigfile)
> -self.dump_lockedsigs(sigfile)
> +if 'lockedsigs' in options:
> +sigfile = os.getcwd() + "/locked-sigs.inc"
> +bb.plain("Writing locked sigs to %s" % sigfile)
> +self.dump_lockedsigs(sigfile)
> return super(bb.siggen.SignatureGeneratorBasicHash,
> self).dump_sigs(dataCache, options)
>
>
> diff --git a/meta/lib/oeqa/selftest/cases/archiver.py
> b/meta/lib/oeqa/selftest/cases/archiver.py
> index 3fa59fff510..3cb888c5067 100644
> --- a/meta/lib/oeqa/selftest/cases/archiver.py
> +++ b/meta/lib/oeqa/selftest/cases/archiver.py
> @@ -141,7 +141,7 @@ class Archiver(OESelftestTestCase):
> pn = 'gcc-source-%s' % get_bb_vars(['PV'], 'gcc')['PV']
>
> # Generate the tasks signatures
> -bitbake('mc:mc1:%s mc:mc2:%s -c %s -S none' % (pn, pn, task))
> +bitbake('mc:mc1:%s mc:mc2:%s -c %s -S lockedsigs' % (pn, pn, task))
>
> # Check the tasks signatures
> # To be machine agnostic the tasks needs to generate the same
> signature for each machine
> diff --git a/meta/lib/oeqa/selftest/cases/signing.py
> b/meta/lib/oeqa/selftest/cases/signing.py
> index 322e753ed3b..18cce0ba258 100644
> --- a/meta/lib/oeqa/selftest/cases/signing.py
> +++ b/meta/lib/oeqa/selftest/cases/signing.py
> @@ -191,7 +191,7 @@ class LockedSignatures(OESelftestTestCase):
>
> bitbake(test_recipe)
> # Generate locked sigs include file
> -bitbake('-S none %s' % test_recipe)
> +bitbake('-S lockedsigs %s' % test_recipe)
>
> feature = 'require %s\n' % locked_sigs_file
> feature += 'SIGGEN_LOCKEDSIGS_TASKSIG_CHECK = "warn"\n'
> diff --git a/scripts/lib/checklayer/__init__.py
> b/scripts/lib/checklayer/__init__.py
> index 0a0db2f02ac..8271ed7fe3b 100644
> --- a/scripts/lib/checklayer/__init__.py
> +++ b/scripts/lib/checklayer/__init__.py
> @@ -307,7 +307,7 @@ def get_signatures(builddir, failsafe=False,
> machine=None, extravars=None):
> cmd += 'bitbake '
> if failsafe:
> cmd += '-k '
> -cmd += '-S none world'
> +cmd += '-S lockedsigs world'
> sigs_file = os.path.join(builddir, 'locked-sigs.inc')
> if os.path.exists(sigs_file):
> os.unlink(sigs_file)
> --
> 2.39.2
>
>
>
>
--
Alexandre Belloni, co-owner and COO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#189582):
https://lists.openembedded.org/g/openembedded-core/message/189582
Mute This Topic: https://lists.openembedded.org/mt/102085735/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
