date:20231024

Re: [OE-Core][PATCH v2 0/4] recipetool: Add handler to create go recipes

2023-10-24 Thread Vyacheslav Yurkov


Hey Lukas

On 24.10.2023 08:33, Lukas Funke wrote:


- I placed the correct URL into SRC_URI, but do_go_vendor still 
failed with following stacktrace:


File: 
'/home/uvv/projects/yocto-lorch-mapro/openembedded-core/meta/classes/go-vendor.bbclass', 
lineno: 86, function: do_go_vendor

  0082:    # path = github.com/foo/bar
  0083:    # version = v1.2.3
  0084:
  0085:    p = destsuffix[len(default_destsuffix)+1:]
  *** 0086:    path, version = p.split('@')
  0087:
  0088:    subdir = fetcher.ud[url].parm.get('go_subdir')
  0089:    subdir = "" if not subdir else subdir
  0090:
Exception: ValueError: not enough values to unpack (expected 2, got 1)

The reason is that my go.mod name does not have a version component. 
If I understood the convention https://go.dev/ref/mod#introduction, 
it's not a required component, so this should be taken into account.


This error could happen if your dependencies don't have a version. 
I've never seen this in my experiments. Maybe check your go.mod file 
for the missing version info. 


I debugged it a bit and see that the error is actually caused by my URL 
modification. The URL that works for me looks like

SRC_URI = git://git@${GO_IMPORT}.git;...

The parsing expects the version after "@", which is not right anymore.

Slava

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#189638): 
https://lists.openembedded.org/g/openembedded-core/message/189638
Mute This Topic: https://lists.openembedded.org/mt/102017388/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-Core][PATCH v2 0/4] recipetool: Add handler to create go recipes

2023-10-24 Thread Vyacheslav Yurkov


On 24.10.2023 08:19, Lukas Funke wrote:




- Could please clarify where does the version from go.mod hide? Is 
it taken directly from go.mod? I'm trying to understand what should 
be the workflow when a module version should be bumped up in the 
go.mod. Will that be reflected in the recipe in any way?


No, currently the go-version doesn't play a role ATM. Except one 
case when you have a go.mod file with go < 1.17. These go.mod files 
don't include indirect dependencies.




Still trying to wrap my head around... When there's no version at 
parsing stage, how this will affect reproducibility? If it's not 
known, then whenever the version is bumped up in go.mod, a manual 
'clean all' will be required? (It's probably the same as now though).


Maybe I don't understand the problem: Is it required for the go module 
to have the *same* version as the golang package in yocto? In my 
understanding, when the golang version is greater-equal to the go.mod 
version we're good?


I think I mixed up with revisions here a bit. What I meant is how the 
bitbake would know if versions of dependent components in go.mod have 
been updated.
The easy answer I guess is that the revision of the main recipe (that 
contains go.mod) needs to be updated for that, and I hope that bitbake 
would refetch new versions from go.mod, but I didn't check it yet.
The more complicated scenario, what if I use a devtool workflow? Will 
the fetcher be able to reparse go.mod in this case?


Slava

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#189639): 
https://lists.openembedded.org/g/openembedded-core/message/189639
Mute This Topic: https://lists.openembedded.org/mt/102017388/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-Core][PATCH v2 0/4] recipetool: Add handler to create go recipes

2023-10-24 Thread Lukas Funke


On 24.10.2023 09:12, Vyacheslav Yurkov wrote:

Hey Lukas

On 24.10.2023 08:33, Lukas Funke wrote:


- I placed the correct URL into SRC_URI, but do_go_vendor still 
failed with following stacktrace:


File: 
'/home/uvv/projects/yocto-lorch-mapro/openembedded-core/meta/classes/go-vendor.bbclass', lineno: 86, function: do_go_vendor

  0082:    # path = github.com/foo/bar
  0083:    # version = v1.2.3
  0084:
  0085:    p = destsuffix[len(default_destsuffix)+1:]
  *** 0086:    path, version = p.split('@')
  0087:
  0088:    subdir = fetcher.ud[url].parm.get('go_subdir')
  0089:    subdir = "" if not subdir else subdir
  0090:
Exception: ValueError: not enough values to unpack (expected 2, got 1)

The reason is that my go.mod name does not have a version component. 
If I understood the convention https://go.dev/ref/mod#introduction, 
it's not a required component, so this should be taken into account.


This error could happen if your dependencies don't have a version. 
I've never seen this in my experiments. Maybe check your go.mod file 
for the missing version info. 


I debugged it a bit and see that the error is actually caused by my URL 
modification. The URL that works for me looks like

SRC_URI = git://git@${GO_IMPORT}.git;...

The parsing expects the version after "@", which is not right anymore.


The problem here is to distiguish between the actual project SRC_URI and 
it's dependencies. This is currently done by comparing the SRC_URI entry 
to the GO_IMPORT variable. If they match then it's not a dependency. But 
you are correct: this can be solved in a more general manner. Good 
catch. I'll try to fix it in the next version.




Slava



-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#189640): 
https://lists.openembedded.org/g/openembedded-core/message/189640
Mute This Topic: https://lists.openembedded.org/mt/102017388/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH 3/3] selftest/sstatetests: add a test for CDN sstate cache

2023-10-24 Thread Luca Ceresoli via lists.openembedded.org

Hello Alex,

On Mon, 23 Oct 2023 13:06:18 +0200
"Alexander Kanavin"  wrote:

> Specifically, the test checks that everything needed for building
> standard oe-core images for x86_64 and arm64 is available from
> the cache (with minor exceptions). Going forward, a complete
> world check could be enabled and additional configurations,
> but that requires improvements to performance of hash equivalence
> server in particular.
> 
> Signed-off-by: Alexander Kanavin 

This is triggering:

AssertionError: False is not true : Missing objects in the cache:
weston_12.0.2.bb:do_package_write_ipk
weston_12.0.2.bb:do_package_write_deb

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6091/steps/23/logs/stdio

Luca

-- 
Luca Ceresoli, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#189641): 
https://lists.openembedded.org/g/openembedded-core/message/189641
Mute This Topic: https://lists.openembedded.org/mt/102132786/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH V5] kbd:Add ptest support

2023-10-24 Thread Alexander Kanavin

On Tue, 24 Oct 2023 at 06:12, qi...@fujitsu.com  wrote:
>
> Hi，Alex
>
> As you said, it is not-that-elegant bit of code.
> But DATADIR is used as a part of CPPFLAGS for compiling c files in tests,
> such as libkeymap/libkeymap-test01.c, libkbdfile/libkbdfile-test13.c and 
> others.
> sample:
>
> libkeymap/libkeymap-test01.c: f = fopen(DATADIR 
> "/data/libkeymap/charset-keymap0.map", "r"); libkeymap/libkeymap-test09.c:   
> setenv("LOADKEYS_INCLUDE_PATH", DATADIR "/data/libkeymap", 1);

I see, thanks. I would suggest that Makefile.am is patched with a
dedicated patch that sets DATADIR to ptest directory on target (you
can mark it Inappropriate), so that the change is robust (sed
expressions are prone to silent regressions, and), and happens before
actual build, so no 'make clean' is needed.

Alex

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#189642): 
https://lists.openembedded.org/g/openembedded-core/message/189642
Mute This Topic: https://lists.openembedded.org/mt/102128673/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] SECURITY.md: Add file

2023-10-24 Thread Richard Purdie

Add a SECURITY.md file with hints for security researchers and other
parties who might report potential security vulnerabilities.

Signed-off-by: Richard Purdie 
---
 SECURITY.md | 13 +
 1 file changed, 13 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 000..7ccecc1
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,13 @@
+How to Report a Potential Vulnerability?
+
+
+If you would like to report a public issue (for example, one with a released
+CVE number), please report it using the
+[https://bugzilla.yoctoproject.org/enter_bug.cgi?product=Security Security 
Bugzilla].
+If you have a patch ready, submit it following the same procedure as any other
+patch as described in README.md.
+
+If you are dealing with a not-yet released or urgent issue, please send a
+message to security AT yoctoproject DOT org, including as many details as
+possible: the layer or software module affected, the recipe and its version,
+and any example code, if available.
-- 
2.39.2


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#189643): 
https://lists.openembedded.org/g/openembedded-core/message/189643
Mute This Topic: https://lists.openembedded.org/mt/102156262/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH 4/4] package_rpm.bbclass: Support compression override

2023-10-24 Thread Niko Mauno via lists.openembedded.org

On 20.10.2023 19.34, Khem Raj wrote:
> it seems you are quite sensitive to size, I wonder if opkg backend is
> better suited for your usecase than rpm.

Hi Khem, thanks for the idea. We used opkg a few years ago, however
certain technical reasons were in favor of rpm which we have used since.
Perhaps we have a bit different view, smaller image means for us
spending less time building, booting and flashing firmware (i.e. not
just disk space consumption alone).

-Niko

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#189644): 
https://lists.openembedded.org/g/openembedded-core/message/189644
Mute This Topic: https://lists.openembedded.org/mt/102080114/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][PATCH] patchtest-send-results: improve subject line

2023-10-24 Thread Trevor Gamblin

Pull the actual email's subject line from the .mbox file and use that in
patchtest's test results response, so that it's clearer which patch it
is replying to.

Signed-off-by: Trevor Gamblin 
---
 scripts/patchtest-send-results | 7 ++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/scripts/patchtest-send-results b/scripts/patchtest-send-results
index 15ee5b077fc..bb4604aeaf1 100755
--- a/scripts/patchtest-send-results
+++ b/scripts/patchtest-send-results
@@ -53,7 +53,12 @@ with open(result_file, "r") as f:
 testresult = f.read()
 
 reply_contents = greeting + testresult + suggestions
-subject_line = f"Patchtest results for {result_basename}"
+
+# we know these patch files will only contain a single patch, so only
+# worry about the first element for getting the subject
+mbox = mailbox.mbox(args.patch)
+mbox_subject = mbox[0]['subject']
+subject_line = f"Patchtest results for {mbox_subject}"
 
 if "FAIL" in testresult:
 ses_client = boto3.client('ses', region_name='us-west-2')
-- 
2.41.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#189645): 
https://lists.openembedded.org/g/openembedded-core/message/189645
Mute This Topic: https://lists.openembedded.org/mt/102157318/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [RESEND PATCH 2/2] oeqa/selftest/devtool: remove spaces on empty line

2023-10-24 Thread Julien Stephan

Signed-off-by: Julien Stephan 
---
 meta/lib/oeqa/selftest/cases/devtool.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/lib/oeqa/selftest/cases/devtool.py 
b/meta/lib/oeqa/selftest/cases/devtool.py
index c36b1efa78b..b5c488be8e8 100644
--- a/meta/lib/oeqa/selftest/cases/devtool.py
+++ b/meta/lib/oeqa/selftest/cases/devtool.py
@@ -575,7 +575,7 @@ class DevtoolAddTests(DevtoolBase):
 checkvars['S'] = '${WORKDIR}/MarkupSafe-%s' % testver
 checkvars['SRC_URI'] = url
 self._test_recipe_contents(recipefile, checkvars, [])
-
+
 def test_devtool_add_fetch_git(self):
 tempdir = tempfile.mkdtemp(prefix='devtoolqa')
 self.track_for_cleanup(tempdir)
--
2.41.0

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#189647): 
https://lists.openembedded.org/g/openembedded-core/message/189647
Mute This Topic: https://lists.openembedded.org/mt/102158568/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [RESEND PATCH 1/2] oeqa/selftest/devtool: abort if a local workspace already exist

2023-10-24 Thread Julien Stephan

if user run devtool selftests with a local workspacelayer
the tests fail with various error such as:

- devtool.DevtoolAddTests.test_devtool_add just hangs
- devtool.DevtoolModifyTests.* fail with the following error:

 ERROR: Found duplicated BBFILE_COLLECTIONS 'workspacelayer', check 
bblayers.conf or layer.conf to fix it.
 Found duplicated BBFILE_COLLECTIONS 'workspacelayer', check bblayers.conf or 
layer.conf to fix it.

Check if a workspacelayer exists, warn the user and abort the tests

Signed-off-by: Julien Stephan 
---
 meta/lib/oeqa/selftest/cases/devtool.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/meta/lib/oeqa/selftest/cases/devtool.py 
b/meta/lib/oeqa/selftest/cases/devtool.py
index b577f6d62a1..c36b1efa78b 100644
--- a/meta/lib/oeqa/selftest/cases/devtool.py
+++ b/meta/lib/oeqa/selftest/cases/devtool.py
@@ -27,6 +27,9 @@ def setUpModule():
 corecopydir = os.path.join(templayerdir, 'core-copy')
 bblayers_conf = os.path.join(os.environ['BUILDDIR'], 'conf', 
'bblayers.conf')
 edited_layers = []
+# make sure user doesn't have a local workspace
+result = runCmd('bitbake-layers show-layers')
+assert "workspacelayer" not in result.output, "Devtool test suite cannot 
be run with a local workspace directory"

 # We need to take a copy of the meta layer so we can modify it and not
 # have any races against other tests that might be running in parallel
--
2.41.0

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#189646): 
https://lists.openembedded.org/g/openembedded-core/message/189646
Mute This Topic: https://lists.openembedded.org/mt/102158567/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH v3 1/4] scripts:recipetool:create_buildsys_python: prefix created recipes with python3-

2023-10-24 Thread Julien Stephan

By convention, all python recipes start with "python3-" so update
create_buildsys_python to do this

This rule doesn't apply for packages already starting with "python"

Update recipetool's selftest accordingly

Signed-off-by: Julien Stephan 
---
 meta/lib/oeqa/selftest/cases/recipetool.py   | 4 ++--
 scripts/lib/recipetool/create_buildsys_python.py | 5 +
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/meta/lib/oeqa/selftest/cases/recipetool.py 
b/meta/lib/oeqa/selftest/cases/recipetool.py
index 48661bee6f2..d3aea74228f 100644
--- a/meta/lib/oeqa/selftest/cases/recipetool.py
+++ b/meta/lib/oeqa/selftest/cases/recipetool.py
@@ -445,7 +445,7 @@ class RecipetoolCreateTests(RecipetoolBase):
 # Basic test to see if github URL mangling works
 temprecipe = os.path.join(self.tempdir, 'recipe')
 os.makedirs(temprecipe)
-recipefile = os.path.join(temprecipe, 'meson_git.bb')
+recipefile = os.path.join(temprecipe, 'python3-meson_git.bb')
 srcuri = 'https://github.com/mesonbuild/meson;rev=0.32.0'
 result = runCmd(['recipetool', 'create', '-o', temprecipe, srcuri])
 self.assertTrue(os.path.isfile(recipefile))
@@ -479,7 +479,7 @@ class RecipetoolCreateTests(RecipetoolBase):
 temprecipe = os.path.join(self.tempdir, 'recipe')
 os.makedirs(temprecipe)
 pv = '0.32.0'
-recipefile = os.path.join(temprecipe, 'meson_%s.bb' % pv)
+recipefile = os.path.join(temprecipe, 'python3-meson_%s.bb' % pv)
 srcuri = 
'https://github.com/mesonbuild/meson/releases/download/%s/meson-%s.tar.gz' % 
(pv, pv)
 result = runCmd('recipetool create -o %s %s' % (temprecipe, srcuri))
 self.assertTrue(os.path.isfile(recipefile))
diff --git a/scripts/lib/recipetool/create_buildsys_python.py 
b/scripts/lib/recipetool/create_buildsys_python.py
index 321d0ba257d..502e1dfbc3d 100644
--- a/scripts/lib/recipetool/create_buildsys_python.py
+++ b/scripts/lib/recipetool/create_buildsys_python.py
@@ -297,6 +297,11 @@ class PythonRecipeHandler(RecipeHandler):
 value = ' '.join(str(v) for v in values if v)
 
 bbvar = self.bbvar_map[field]
+if bbvar == "PN":
+# by convention python recipes start with "python3-"
+if not value.startswith('python'):
+value = 'python3-' + value
+
 if bbvar not in extravalues and value:
 extravalues[bbvar] = value
 
-- 
2.42.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#189649): 
https://lists.openembedded.org/g/openembedded-core/message/189649
Mute This Topic: https://lists.openembedded.org/mt/102158954/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH v3 2/4] scripts:recipetool:create_buildsys_python: refactor code for futur PEP517 addition

2023-10-24 Thread Julien Stephan

In order to prepare the support for pyproject.toml (PEP517 [1]) enabled
projects, refactor the code and move setup.py specific code into a
specific class in order to allow sharing the PythonRecipeHandler class

No functionnal changes expected

[1]: https://peps.python.org/pep-0517/#source-tree

Signed-off-by: Julien Stephan 
---
 .../lib/recipetool/create_buildsys_python.py  | 748 +-
 1 file changed, 385 insertions(+), 363 deletions(-)

diff --git a/scripts/lib/recipetool/create_buildsys_python.py 
b/scripts/lib/recipetool/create_buildsys_python.py
index 502e1dfbc3d..69f6f5ca511 100644
--- a/scripts/lib/recipetool/create_buildsys_python.py
+++ b/scripts/lib/recipetool/create_buildsys_python.py
@@ -37,63 +37,8 @@ class PythonRecipeHandler(RecipeHandler):
 assume_provided = ['builtins', 'os.path']
 # Assumes that the host python3 builtin_module_names is sane for target too
 assume_provided = assume_provided + list(sys.builtin_module_names)
+excluded_fields = []
 
-bbvar_map = {
-'Name': 'PN',
-'Version': 'PV',
-'Home-page': 'HOMEPAGE',
-'Summary': 'SUMMARY',
-'Description': 'DESCRIPTION',
-'License': 'LICENSE',
-'Requires': 'RDEPENDS:${PN}',
-'Provides': 'RPROVIDES:${PN}',
-'Obsoletes': 'RREPLACES:${PN}',
-}
-# PN/PV are already set by recipetool core & desc can be extremely long
-excluded_fields = [
-'Description',
-]
-setup_parse_map = {
-'Url': 'Home-page',
-'Classifiers': 'Classifier',
-'Description': 'Summary',
-}
-setuparg_map = {
-'Home-page': 'url',
-'Classifier': 'classifiers',
-'Summary': 'description',
-'Description': 'long-description',
-}
-# Values which are lists, used by the setup.py argument based metadata
-# extraction method, to determine how to process the setup.py output.
-setuparg_list_fields = [
-'Classifier',
-'Requires',
-'Provides',
-'Obsoletes',
-'Platform',
-'Supported-Platform',
-]
-setuparg_multi_line_values = ['Description']
-replacements = [
-('License', r' +$', ''),
-('License', r'^ +', ''),
-('License', r' ', '-'),
-('License', r'^GNU-', ''),
-('License', r'-[Ll]icen[cs]e(,?-[Vv]ersion)?', ''),
-('License', r'^UNKNOWN$', ''),
-
-# Remove currently unhandled version numbers from these variables
-('Requires', r' *\([^)]*\)', ''),
-('Provides', r' *\([^)]*\)', ''),
-('Obsoletes', r' *\([^)]*\)', ''),
-('Install-requires', r'^([^><= ]+).*', r'\1'),
-('Extras-require', r'^([^><= ]+).*', r'\1'),
-('Tests-require', r'^([^><= ]+).*', r'\1'),
-
-# Remove unhandled dependency on particular features (e.g. foo[PDF])
-('Install-requires', r'\[[^\]]+\]$', ''),
-]
 
 classifier_license_map = {
 'License :: OSI Approved :: Academic Free License (AFL)': 'AFL',
@@ -166,122 +111,34 @@ class PythonRecipeHandler(RecipeHandler):
 def __init__(self):
 pass
 
-def process(self, srctree, classes, lines_before, lines_after, handled, 
extravalues):
-if 'buildsystem' in handled:
-return False
-
-# Check for non-zero size setup.py files
-setupfiles = RecipeHandler.checkfiles(srctree, ['setup.py'])
-for fn in setupfiles:
-if os.path.getsize(fn):
-break
-else:
-return False
-
-# setup.py is always parsed to get at certain required information, 
such as
-# distutils vs setuptools
-#
-# If egg info is available, we use it for both its PKG-INFO metadata
-# and for its requires.txt for install_requires.
-# If PKG-INFO is available but no egg info is, we use that for 
metadata in preference to
-# the parsed setup.py, but use the install_requires info from the
-# parsed setup.py.
-
-setupscript = os.path.join(srctree, 'setup.py')
-try:
-setup_info, uses_setuptools, setup_non_literals, extensions = 
self.parse_setup_py(setupscript)
-except Exception:
-logger.exception("Failed to parse setup.py")
-setup_info, uses_setuptools, setup_non_literals, extensions = {}, 
True, [], []
-
-egginfo = glob.glob(os.path.join(srctree, '*.egg-info'))
-if egginfo:
-info = self.get_pkginfo(os.path.join(egginfo[0], 'PKG-INFO'))
-requires_txt = os.path.join(egginfo[0], 'requires.txt')
-if os.path.exists(requires_txt):
-with codecs.open(requires_txt) as f:
-inst_req = []
-extras_req = collections.defaultdict(list)
-current_feature = None
-for line in f.readlines():
-line = line.rstrip()
-if not line:
-

[OE-core] [PATCH v3 4/4] oeqa/selftest/recipetool: add selftest for PEP-517 recipe creation

2023-10-24 Thread Julien Stephan

 Add 3 tests to check the creation of PEP-517 project using the 3
 backends supported by bitbake:
  - setuptools.build_meta
  - poetry.core.masonry.api
  - flit_core.buildapi

Theses tests requires the tomllib python module, so skip theses tests
if module is not present. tomllib module is part of python starting from 3.11

Signed-off-by: Julien Stephan 
---
 meta/lib/oeqa/selftest/cases/recipetool.py | 102 +
 1 file changed, 102 insertions(+)

diff --git a/meta/lib/oeqa/selftest/cases/recipetool.py 
b/meta/lib/oeqa/selftest/cases/recipetool.py
index d3aea74228f..8e0fc995f7e 100644
--- a/meta/lib/oeqa/selftest/cases/recipetool.py
+++ b/meta/lib/oeqa/selftest/cases/recipetool.py
@@ -474,6 +474,108 @@ class RecipetoolCreateTests(RecipetoolBase):
 inherits = ['setuptools3']
 self._test_recipe_contents(recipefile, checkvars, inherits)
 
+def test_recipetool_create_python3_pep517_setuptools_build_meta(self):
+# This test require python 3.11 or above for the tomllib module
+# or tomli module to be installed
+try:
+import tomllib
+except ImportError:
+try:
+import tomli
+except ImportError:
+self.skipTest('Test requires python 3.11 or above for tomllib 
module or tomli module')
+
+# Test creating python3 package from tarball (using 
setuptools.build_meta class)
+temprecipe = os.path.join(self.tempdir, 'recipe')
+os.makedirs(temprecipe)
+pn = 'webcolors'
+pv = '1.13'
+recipefile = os.path.join(temprecipe, 'python3-%s_%s.bb' % (pn, pv))
+srcuri = 
'https://files.pythonhosted.org/packages/a1/fb/f95560c6a5d4469d9c49e24cf1b5d4d21ffab5608251c6020a965fb7791c/%s-%s.tar.gz'
 % (pn, pv)
+result = runCmd('recipetool create -o %s %s' % (temprecipe, srcuri))
+self.assertTrue(os.path.isfile(recipefile))
+checkvars = {}
+checkvars['SUMMARY'] = 'A library for working with the color formats 
defined by HTML and CSS.'
+checkvars['LICENSE'] = set(['BSD-3-Clause'])
+checkvars['LIC_FILES_CHKSUM'] = 
'file://LICENSE;md5=702b1ef12cf66832a88f24c8f2ee9c19'
+checkvars['SRC_URI'] = 
'https://files.pythonhosted.org/packages/a1/fb/f95560c6a5d4469d9c49e24cf1b5d4d21ffab5608251c6020a965fb7791c/webcolors-${PV}.tar.gz'
+checkvars['SRC_URI[md5sum]'] = 'c9be30c5b0cf1cad32e4cbacbb2229e9'
+checkvars['SRC_URI[sha1sum]'] = 
'c90b84fb65eed9b4c9dea7f08c657bfac0e820a5'
+checkvars['SRC_URI[sha256sum]'] = 
'c225b674c83fa923be93d235330ce0300373d02885cef23238813b0d5668304a'
+checkvars['SRC_URI[sha384sum]'] = 
'45652af349660f19f68d01361dd5bda287789e5ea63608f52a8cea526ac04465614db2ea236103fb8456b1fcaea96ed7'
+checkvars['SRC_URI[sha512sum]'] = 
'074aaf135ac6b0025b88b731d1d6dfa4c539b4fff7195658cc58a4326bb9f0449a231685d312b4a1ec48ca535a838bfa5c680787fe0e61473a2a092c448937d0'
+inherits = ['python_setuptools_build_meta']
+
+self._test_recipe_contents(recipefile, checkvars, inherits)
+
+def test_recipetool_create_python3_pep517_poetry_core_masonry_api(self):
+# This test require python 3.11 or above for the tomllib module
+# or tomli module to be installed
+try:
+import tomllib
+except ImportError:
+try:
+import tomli
+except ImportError:
+self.skipTest('Test requires python 3.11 or above for tomllib 
module or tomli module')
+
+# Test creating python3 package from tarball (using 
poetry.core.masonry.api class)
+temprecipe = os.path.join(self.tempdir, 'recipe')
+os.makedirs(temprecipe)
+pn = 'iso8601'
+pv = '2.1.0'
+recipefile = os.path.join(temprecipe, 'python3-%s_%s.bb' % (pn, pv))
+srcuri = 
'https://files.pythonhosted.org/packages/b9/f3/ef59cee614d5e0accf6fd0cbba025b93b272e626ca89fb70a3e9187c5d15/%s-%s.tar.gz'
 % (pn, pv)
+result = runCmd('recipetool create -o %s %s' % (temprecipe, srcuri))
+self.assertTrue(os.path.isfile(recipefile))
+checkvars = {}
+checkvars['SUMMARY'] = 'Simple module to parse ISO 8601 dates'
+checkvars['LICENSE'] = set(['MIT'])
+checkvars['LIC_FILES_CHKSUM'] = 
'file://LICENSE;md5=aab31f2ef7ba214a5a341eaa47a7f367'
+checkvars['SRC_URI'] = 
'https://files.pythonhosted.org/packages/b9/f3/ef59cee614d5e0accf6fd0cbba025b93b272e626ca89fb70a3e9187c5d15/iso8601-${PV}.tar.gz'
+checkvars['SRC_URI[md5sum]'] = '6e33910eba87066b3be7fcf3d59d16b5'
+checkvars['SRC_URI[sha1sum]'] = 
'efd225b2c9fa7d9e4a1ec6ad94f3295cee982e61'
+checkvars['SRC_URI[sha256sum]'] = 
'6b1d3829ee8921c4301998c909f7829fa9ed3cbdac0d3b16af2d743aed1ba8df'
+checkvars['SRC_URI[sha384sum]'] = 
'255002433fe65c19adfd6b91494271b613cb25ef6a35ac77436de1e03d60cc07bf89fd716451b917f1435e4384860ef6'
+checkvars['SRC_URI[sha512sum]'] = 
'db57ab2a25ef

[OE-core] [PATCH v3 3/4] scripts:recipetool:create_buildsys_python: add PEP517 support

2023-10-24 Thread Julien Stephan

Add basic support for PEP517 [1] for the 3 following backends that are
supported by bitbake:
  - setuptools.build_meta
  - poetry.core.masonry.api
  - flit_core.buildapi

If a pyproject.toml file is found, use it to create the recipe,
otherwise fallback to the old setup.py method.

Some projects can declare a minimal pyproject.toml file, and put all
the metadata in setup.py/setup.cfg/requirements.txt .. theses cases
are not handled. If a pyproject.toml file is found, assumes it has all
necessary metadata.

As for the old setup.py method, version numbers for dependencies are not
handled.

Some features may be missing, such as the extra dependencies.

[YOCTO #14737]

[1]: https://peps.python.org/pep-0517/

Signed-off-by: Julien Stephan 
---
 .../lib/recipetool/create_buildsys_python.py  | 268 +-
 1 file changed, 267 insertions(+), 1 deletion(-)

diff --git a/scripts/lib/recipetool/create_buildsys_python.py 
b/scripts/lib/recipetool/create_buildsys_python.py
index 69f6f5ca511..9e7f22c0db0 100644
--- a/scripts/lib/recipetool/create_buildsys_python.py
+++ b/scripts/lib/recipetool/create_buildsys_python.py
@@ -656,6 +656,270 @@ class PythonSetupPyRecipeHandler(PythonRecipeHandler):
 
 handled.append('buildsystem')
 
+class PythonPyprojectTomlRecipeHandler(PythonRecipeHandler):
+"""Base class to support PEP517 and PEP518
+
+PEP517 https://peps.python.org/pep-0517/#source-trees
+PEP518 https://peps.python.org/pep-0518/#build-system-table
+"""
+# bitbake currently support the 3 following backends
+build_backend_map = {
+"setuptools.build_meta": "python_setuptools_build_meta",
+"poetry.core.masonry.api": "python_poetry_core",
+"flit_core.buildapi": "python_flit_core",
+}
+
+# setuptools.build_meta and flit declare project metadata into the 
"project" section of pyproject.toml
+# according to PEP-621: 
https://packaging.python.org/en/latest/specifications/declaring-project-metadata/#declaring-project-metadata
+# while poetry uses the "tool.poetry" section according to its official 
documentation: https://python-poetry.org/docs/pyproject/
+# keys from "project" and "tool.poetry" sections are almost the same 
except for the  HOMEPAGE which is "homepage" for tool.poetry
+# and "Homepage" for "project" section. So keep both
+bbvar_map = {
+"name": "PN",
+"version": "PV",
+"Homepage": "HOMEPAGE",
+"homepage": "HOMEPAGE",
+"description": "SUMMARY",
+"license": "LICENSE",
+"dependencies": "RDEPENDS:${PN}",
+"requires": "DEPENDS",
+}
+
+replacements = [
+("license", r" +$", ""),
+("license", r"^ +", ""),
+("license", r" ", "-"),
+("license", r"^GNU-", ""),
+("license", r"-[Ll]icen[cs]e(,?-[Vv]ersion)?", ""),
+("license", r"^UNKNOWN$", ""),
+# Remove currently unhandled version numbers from these variables
+("requires", r"\[[^\]]+\]$", ""),
+("requires", r"^([^><= ]+).*", r"\1"),
+("dependencies", r"\[[^\]]+\]$", ""),
+("dependencies", r"^([^><= ]+).*", r"\1"),
+]
+
+excluded_native_pkgdeps = [
+# already provided by python_setuptools_build_meta.bbclass
+"python3-setuptools-native",
+"python3-wheel-native",
+# already provided by python_poetry_core.bbclass
+"python3-poetry-core-native",
+# already provided by python_flit_core.bbclass
+"python3-flit-core-native",
+]
+
+# add here a list of known and often used packages and the corresponding 
bitbake package
+known_deps_map = {
+"setuptools": "python3-setuptools",
+"wheel": "python3-wheel",
+"poetry-core": "python3-poetry-core",
+"flit_core": "python3-flit-core",
+"setuptools-scm": "python3-setuptools-scm",
+}
+
+def __init__(self):
+pass
+
+def process(self, srctree, classes, lines_before, lines_after, handled, 
extravalues):
+info = {}
+
+if 'buildsystem' in handled:
+return False
+
+# Check for non-zero size setup.py files
+setupfiles = RecipeHandler.checkfiles(srctree, ["pyproject.toml"])
+for fn in setupfiles:
+if os.path.getsize(fn):
+break
+else:
+return False
+
+setupscript = os.path.join(srctree, "pyproject.toml")
+
+try:
+try:
+import tomllib
+except ImportError:
+try:
+import tomli as tomllib
+except ImportError:
+logger.exception("Neither 'tomllib' nor 'tomli' could be 
imported. Please use python3.11 or above or install tomli module")
+return False
+except Exception:
+logger.exception("Failed to parse pyproject.toml")
+return False
+
+with open(setupscript, "rb") as

[OE-core] [PATCH v3 0/4] devtool/recipetool: add support of PEP-517

2023-10-24 Thread Julien Stephan

Hello all,

This series adds basic support for PEP-517 in recipetool/devtool, plus somes
others fixes.

Recipetool/devtool selftest passed locally

Missing features:
- extra or optionnal dependencies are not handled
- version number for dependencies are not handled (issue already present
  for the legacy setuptool)
- some projects can declare a minimal pyproject.toml file, and put all
  the metadata in setup.py/setup.cfg/requirements.txt .. theses cases
  are not handled. If a pyproject.toml file is found, assumes it has all
  necessary metadata.

Changes from v2:
- try to use tomllib from python core (since 3.11) and if not available,
  try to import tomli (instead of toml, as tomllib and tomli have both the
  same api)
- improve support for poetry: poetry looks for metadata into the
  "tools.poetry" section instead of the "project" section
- add the selftests for the 3 supported backends. Skip the tests if
  tomliib (python > 3.11) or tomli is not installed
- fix self test failing with the new "python3-" prefix added to
  recipetool for python recipes

Julien Stephan (4):
  scripts:recipetool:create_buildsys_python: prefix created recipes with
python3-
  scripts:recipetool:create_buildsys_python: refactor code for futur
PEP517 addition
  scripts:recipetool:create_buildsys_python: add PEP517 support
  oeqa/selftest/recipetool: add selftest for PEP-517 recipe creation

 meta/lib/oeqa/selftest/cases/recipetool.py|  106 +-
 .../lib/recipetool/create_buildsys_python.py  | 1017 +++--
 2 files changed, 759 insertions(+), 364 deletions(-)

--
2.42.0

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#189648): 
https://lists.openembedded.org/g/openembedded-core/message/189648
Mute This Topic: https://lists.openembedded.org/mt/102158953/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] Yocto Project Status 24 October 2023 (WW43)

2023-10-24 Thread Neal Caidin

Current Dev Position: YP 4.3 M4 (Feature Freeze)

Next Deadline: 2nd October 2023 YP 4.3 M4 build date

Next Team Meetings:

Bug Triage meeting Thursday October 26th 7:30 am PDT (
https://zoom.us/j/454367603?pwd=ZGxoa2ZXL3FkM3Y0bFd5aVpHVVZ6dz09)
-

Weekly Project Engineering Sync Tuesday October 24th at 8 am PDT (
https://zoom.us/j/990892712?pwd=cHU1MjhoM2x6ck81bkcrYjRrcmJsUT09)

Twitch - See https://www.twitch.tv/theyoctojester

Key Status/Updates:

The YP 4.3 (M4) rc2 is in QA.
-

For the 4.3 release, the 6.5 serial port issues caused the rc1 build to
fail. That combined with a serious patchtest behavior meant we rebuilt and
submitted an rc2 to QA. There were several abandoned builds due to
infrastructure issues. We are now using the upstream kernel serial fix.
-

Our release branch (nanbield) and master have now diverged to keep the
patch backlog under control so development patches are merging to master.
-

Patchtest work is progressing and we’re nearly at the point where it
will be replying live to emails on list. Examples of the responses can be
seen on our test mailing list: https://lists.yoctoproject.org/g/test-list
-

Source mirroring and reproducibility testing for meta-openembedded are
now available on the project autobuilder.
-

The project is now strongly suggesting source code repositories have a
SECURITY.md file to ensure users know what to do if they encounter a
security issue. We are trying to ensure all key project repositories
contain these. Patches are welcome and we’re encouraging all maintainers to
follow this best practice.
-

The layer index has seen development work to ensure it uses secure
components, can handle changes in practice (such as main branches), can
illustrate Yocto Project Compatible status and that the errors/warnings
generated from builds are under control. Thanks Tim!
-

After consultation and discussions the project is now about to document
its security processes to complete the work in this area. Please watch the
mailing lists such as the architecture list if you have an interest in this
area.

Ways to contribute:

As people are likely aware, the project has a number of components which
are either unmaintained, or have people with little to no time trying to
keep them alive. These components include: patchtest, layerindex, devtool,
toaster, wic, oeqa, autobuilder, CROPs containers, pseudo and more. Many
have open bugs. Help is welcome in trying to better look after these
components!
-

There are bugs identified as possible for newcomers to the project:
https://wiki.yoctoproject.org/wiki/Newcomers
-

There are bugs that are currently unassigned for YP 4.3. See:

https://wiki.yoctoproject.org/wiki/Bug_Triage#Medium.2B_4.3_Unassigned_Enhancements.2FBugs
-

We’d welcome new maintainers for recipes in OE-Core. Please see the list
at:

http://git.yoctoproject.org/cgit.cgi/poky/tree/meta/conf/distro/include/maintainers.inc
and discuss with the existing maintainer, or ask on the OE-Core mailing
list. We will likely move a chunk of these to “Unassigned” soon to help
facilitate this.
-

Help is very much welcome in trying to resolve our autobuilder
intermittent issues. You can see the list of failures we’re continuing to
see by searching for the “AB-INT” tag in bugzilla:
https://bugzilla.yoctoproject.org/buglist.cgi?quicksearch=AB-INT.
-

Help us resolve CVE issues: CVE metrics

We have a growing number of bugs in bugzilla, any help with them is
appreciated.

YP 4.3 Milestone Dates:

YP 4.3 M3 was released.
-

YP 4.3 M4 build date 2023/10/02
-

YP 4.3 M4 Release date 2023/10/27

YP 5.0 Milestone Dates:

YP 5.0 M1 build date 2023/12/04
-

YP 5.0 M1 Release date 2023/12/15
-

YP 5.0 M2 build date 2024/01/15
-

YP 5.0 M2 Release date 2024/01/24
-

YP 5.0 M3 build date 2024/02/19
-

YP 5.0 M3 Release date 2024/03/01
-

YP 5.0 M4 build date 2024/04/01
-

YP 5.0 M4 Release date 2024/04/30

Upcoming dot releases:

YP 3.1.29 build date 2023/10/30
-

YP 3.1.29 Release date 2023/11/10
-

YP 4.0.14 build date 2023/11/06
-

YP 4.0.14 Release date 2023/11/17
-

YP 4.2.4 build date 2023/11/13
-

YP 4.2.4 Release date 2023/11/24
-

YP 4.3.1 build date 2023/11/27
-

YP 4.3.1 Release date 2023/12/08
-

YP 3.1.30 build date 2023/12/11
-

YP 3.1.30 Release date 2023/12/22
-

YP 4.0.15 build date 2023/12/18
-

YP 4.0.15 Release date 2023/12/29
-

YP 4.3.2 build date 2024/01/08
-

YP 4.3.2 Release date 2024/01/19
-

YP 3.1.31 build date 2024/01/22
-

YP 3.1.31 Release date 2024/02/02
-

YP 4.0.

Re: [OE-core] [PATCH 4/4] package_rpm.bbclass: Support compression override

2023-10-24 Thread Khem Raj

On Tue, Oct 24, 2023 at 5:49 AM Niko Mauno  wrote:
>
> On 20.10.2023 19.34, Khem Raj wrote:
>  > it seems you are quite sensitive to size, I wonder if opkg backend is
>  > better suited for your usecase than rpm.
>
> Hi Khem, thanks for the idea. We used opkg a few years ago, however
> certain technical reasons were in favor of rpm which we have used since.
> Perhaps we have a bit different view, smaller image means for us
> spending less time building, booting and flashing firmware (i.e. not
> just disk space consumption alone).

Using xz certainly is slower than using zstd so it certainly will regress on
your first consideration about build time. booting is perhaps not
impacted unless
compressed file system is used and you are changing the compression
type for that.
flashing again is subjective, if you carry package metadata into
images it might matter
otherwise I would think your images with opkg or rpm should be about
the same size if you
include packager into your image then opkg might be slightly smaller.

>
> -Niko

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#189654): 
https://lists.openembedded.org/g/openembedded-core/message/189654
Mute This Topic: https://lists.openembedded.org/mt/102080114/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][master][mickledore][PATCH] openssl: Upgrade 3.1.3 -> 3.1.4

2023-10-24 Thread Peter Marko via lists.openembedded.org

From: Peter Marko 

https://github.com/openssl/openssl/blob/openssl-3.1/NEWS.md#major-changes-between-openssl-313-and-openssl-314-24-oct-2023

Major changes between OpenSSL 3.1.3 and OpenSSL 3.1.4 [24 Oct 2023]
* Mitigate incorrect resize handling for symmetric cipher keys and IVs. 
(CVE-2023-5363)

Signed-off-by: Peter Marko 
---
 .../openssl/{openssl_3.1.3.bb => openssl_3.1.4.bb}  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-connectivity/openssl/{openssl_3.1.3.bb => 
openssl_3.1.4.bb} (99%)

diff --git a/meta/recipes-connectivity/openssl/openssl_3.1.3.bb 
b/meta/recipes-connectivity/openssl/openssl_3.1.4.bb
similarity index 99%
rename from meta/recipes-connectivity/openssl/openssl_3.1.3.bb
rename to meta/recipes-connectivity/openssl/openssl_3.1.4.bb
index 9fd8a205c6..01d477f506 100644
--- a/meta/recipes-connectivity/openssl/openssl_3.1.3.bb
+++ b/meta/recipes-connectivity/openssl/openssl_3.1.4.bb
@@ -18,7 +18,7 @@ SRC_URI:append:class-nativesdk = " \
file://environment.d-openssl.sh \
"
 
-SRC_URI[sha256sum] = 
"f0316a2ebd89e7f2352976445458689f80302093788c466692fb2a188b2eacf6"
+SRC_URI[sha256sum] = 
"840af5366ab9b522bde525826be3ef0fb0af81c6a9ebd84caa600fea1731eee3"
 
 inherit lib_package multilib_header multilib_script ptest perlnative manpages
 MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
-- 
2.30.2


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#189655): 
https://lists.openembedded.org/g/openembedded-core/message/189655
Mute This Topic: https://lists.openembedded.org/mt/102163365/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][PATCH] patchtest: disable merge test

2023-10-24 Thread Trevor Gamblin

Disable the merge-on-head test until patchtest properly handles merging
of series subsets and accounts for patches that are rapidly merged (i.e.
before patchtest is run).

Signed-off-by: Trevor Gamblin 
---
 meta/lib/patchtest/tests/test_mbox_merge.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/lib/patchtest/tests/test_mbox_merge.py 
b/meta/lib/patchtest/tests/test_mbox_merge.py
index f69d57c71b1..535026209f7 100644
--- a/meta/lib/patchtest/tests/test_mbox_merge.py
+++ b/meta/lib/patchtest/tests/test_mbox_merge.py
@@ -18,6 +18,7 @@ def headlog():
 
 class Merge(base.Base):
 def test_series_merge_on_head(self):
+self.skip("Merge test is disabled for now")
 if PatchTestInput.repo.branch != "master":
 self.skip("Skipping merge test since patch is not intended for 
master branch. Target detected is %s" % PatchTestInput.repo.branch)
 if not PatchTestInput.repo.ismerged:
-- 
2.41.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#189656): 
https://lists.openembedded.org/g/openembedded-core/message/189656
Mute This Topic: https://lists.openembedded.org/mt/102163783/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone][PATCH] openssl: Upgrade 3.0.11 -> 3.0.12

2023-10-24 Thread Peter Marko via lists.openembedded.org

From: Peter Marko 

https://github.com/openssl/openssl/blob/openssl-3.0/NEWS.md#major-changes-between-openssl-3011-and-openssl-3012-24-oct-2023

Major changes between OpenSSL 3.0.11 and OpenSSL 3.0.12 [24 Oct 2023]
* Mitigate incorrect resize handling for symmetric cipher keys and IVs. 
(CVE-2023-5363)

Signed-off-by: Peter Marko 
---
 .../openssl/{openssl_3.0.11.bb => openssl_3.0.12.bb}| 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-connectivity/openssl/{openssl_3.0.11.bb => 
openssl_3.0.12.bb} (99%)

diff --git a/meta/recipes-connectivity/openssl/openssl_3.0.11.bb 
b/meta/recipes-connectivity/openssl/openssl_3.0.12.bb
similarity index 99%
rename from meta/recipes-connectivity/openssl/openssl_3.0.11.bb
rename to meta/recipes-connectivity/openssl/openssl_3.0.12.bb
index 22eaa3af33..d8c9b073a2 100644
--- a/meta/recipes-connectivity/openssl/openssl_3.0.11.bb
+++ b/meta/recipes-connectivity/openssl/openssl_3.0.12.bb
@@ -18,7 +18,7 @@ SRC_URI:append:class-nativesdk = " \
file://environment.d-openssl.sh \
"
 
-SRC_URI[sha256sum] = 
"b3425d3bb4a2218d0697eb41f7fc0cdede016ed19ca49d168b78e8d947887f55"
+SRC_URI[sha256sum] = 
"f93c9e8edde5e9166119de31755fc87b4aa34863662f67ddfcba14d0b6b69b61"
 
 inherit lib_package multilib_header multilib_script ptest perlnative
 MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
-- 
2.30.2


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#189657): 
https://lists.openembedded.org/g/openembedded-core/message/189657
Mute This Topic: https://lists.openembedded.org/mt/102166581/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] kernel.bbclass: Use strip utility used for kernel build in do_package

2023-10-24 Thread Khem Raj

os.environ does not pass this down to runstrip() function and in
strip_execs() its using STRIP bitbake variable to find the strip utility
to use. Since there might be a trailing whitespace in KERNEL_STRIP
remove that otherwise python is not able to launch it.
e.g.

FileNotFoundError: [Errno 2] No such file or directory: 
'riscv64-yoe-linux-strip '

This is more evident when STRIP and KERNEL_STRIP are different utilities
e.g. when using clang as default toolchain but using gcc+binutils only for
kernel build.

Signed-off-by: Khem Raj 
Cc: Bruce Ashfield 
---
 meta/classes-recipe/kernel.bbclass | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/classes-recipe/kernel.bbclass 
b/meta/classes-recipe/kernel.bbclass
index 2ec9ea2091e..16b85dbca48 100644
--- a/meta/classes-recipe/kernel.bbclass
+++ b/meta/classes-recipe/kernel.bbclass
@@ -336,7 +336,7 @@ kernel_do_transform_bundled_initramfs() {
 do_transform_bundled_initramfs[dirs] = "${B}"
 
 python do_package:prepend () {
-os.environ['STRIP'] = d.getVar('KERNEL_STRIP')
+d.setVar('STRIP',  d.getVar('KERNEL_STRIP').strip())
 }
 
 python do_devshell:prepend () {
-- 
2.42.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#189658): 
https://lists.openembedded.org/g/openembedded-core/message/189658
Mute This Topic: https://lists.openembedded.org/mt/102167569/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH] kernel.bbclass: Use strip utility used for kernel build in do_package

2023-10-24 Thread Bruce Ashfield

On Tue, Oct 24, 2023 at 6:07 PM Khem Raj  wrote:
>
> os.environ does not pass this down to runstrip() function and in
> strip_execs() its using STRIP bitbake variable to find the strip utility
> to use. Since there might be a trailing whitespace in KERNEL_STRIP
> remove that otherwise python is not able to launch it.
> e.g.
>
> FileNotFoundError: [Errno 2] No such file or directory: 
> 'riscv64-yoe-linux-strip '
>
> This is more evident when STRIP and KERNEL_STRIP are different utilities
> e.g. when using clang as default toolchain but using gcc+binutils only for
> kernel build.
>
> Signed-off-by: Khem Raj 
> Cc: Bruce Ashfield 
> ---
>  meta/classes-recipe/kernel.bbclass | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/meta/classes-recipe/kernel.bbclass 
> b/meta/classes-recipe/kernel.bbclass
> index 2ec9ea2091e..16b85dbca48 100644
> --- a/meta/classes-recipe/kernel.bbclass
> +++ b/meta/classes-recipe/kernel.bbclass
> @@ -336,7 +336,7 @@ kernel_do_transform_bundled_initramfs() {
>  do_transform_bundled_initramfs[dirs] = "${B}"
>
>  python do_package:prepend () {
> -os.environ['STRIP'] = d.getVar('KERNEL_STRIP')
> +d.setVar('STRIP',  d.getVar('KERNEL_STRIP').strip())

Looks fine to me.

I can't say that I know the mechanics if every setVar'd variable makes it into
the environment to be available for the build process .. but since it is working
for you, I assume it does :)

Bruce

>  }
>
>  python do_devshell:prepend () {
> --
> 2.42.0
>


-- 
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#189659): 
https://lists.openembedded.org/g/openembedded-core/message/189659
Mute This Topic: https://lists.openembedded.org/mt/102167569/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 0/6] Patch review

2023-10-24 Thread Steve Sakoman

Please review this set of patches for dunfell and have comments back by
end of day Thursday, October 26

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6098

with the exception of a known intermittent reproducibility issue with the
vim-common package.

The following changes since commit 6b4a583169ae40a8d51e7ffa33785409b5111a81:

  systemd: Backport systemd-resolved: use hostname for certificate validation 
in DoT (2023-10-16 05:07:13 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Ashish Sharma (1):
  binutils: Backport fix CVE-2023-25588

Meenali Gupta (1):
  linux-firmware: upgrade 20230625 -> 20230804

Richard Purdie (1):
  resulttool/report: Avoid divide by zero

Siddharth Doshi (1):
  vim: Upgrade 9.0.2009 -> 9.0.2048

Steve Sakoman (2):
  patch.py: Use shlex instead of deprecated pipe
  cve-exclusion_5.4.inc: update for 5.4.257

 meta/lib/oe/patch.py  |   6 +-
 .../binutils/binutils-2.34.inc|   1 +
 .../binutils/binutils/CVE-2023-25588.patch| 146 
 ...20230625.bb => linux-firmware_20230804.bb} |   4 +-
 .../linux/cve-exclusion_5.4.inc   | 207 +++---
 meta/recipes-support/vim/vim.inc  |   4 +-
 scripts/lib/resulttool/report.py  |   5 +-
 7 files changed, 338 insertions(+), 35 deletions(-)
 create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2023-25588.patch
 rename meta/recipes-kernel/linux-firmware/{linux-firmware_20230625.bb => 
linux-firmware_20230804.bb} (99%)

-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#189660): 
https://lists.openembedded.org/g/openembedded-core/message/189660
Mute This Topic: https://lists.openembedded.org/mt/102171446/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 1/6] binutils: Backport fix CVE-2023-25588

2023-10-24 Thread Steve Sakoman

From: Ashish Sharma 

Upstream-Status: Backport from 
[https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=d12f8998d2d086f0a6606589e5aedb7147e6f2f1]
CVE: CVE-2023-25588
Signed-off-by: Ashish Sharma 
Signed-off-by: Steve Sakoman 
---
 .../binutils/binutils-2.34.inc|   1 +
 .../binutils/binutils/CVE-2023-25588.patch| 146 ++
 2 files changed, 147 insertions(+)
 create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2023-25588.patch

diff --git a/meta/recipes-devtools/binutils/binutils-2.34.inc 
b/meta/recipes-devtools/binutils/binutils-2.34.inc
index 713e428a3e..a9a2bf332f 100644
--- a/meta/recipes-devtools/binutils/binutils-2.34.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.34.inc
@@ -53,5 +53,6 @@ SRC_URI = "\
  file://CVE-2020-16593.patch \
  file://0001-CVE-2021-45078.patch \
  file://CVE-2022-38533.patch \
+ file://CVE-2023-25588.patch \
 "
 S  = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2023-25588.patch 
b/meta/recipes-devtools/binutils/binutils/CVE-2023-25588.patch
new file mode 100644
index 00..065d8e47f0
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2023-25588.patch
@@ -0,0 +1,146 @@
+From d12f8998d2d086f0a6606589e5aedb7147e6f2f1 Mon Sep 17 00:00:00 2001
+From: Alan Modra 
+Date: Fri, 14 Oct 2022 10:30:21 +1030
+Subject: [PATCH] PR29677, Field `the_bfd` of `asymbol` is uninitialised
+
+Besides not initialising the_bfd of synthetic symbols, counting
+symbols when sizing didn't match symbols created if there were any
+dynsyms named "".  We don't want synthetic symbols without names
+anyway, so get rid of them.  Also, simplify and correct sanity checks.
+
+   PR 29677
+   * mach-o.c (bfd_mach_o_get_synthetic_symtab): Rewrite.
+---
+Upstream-Status: Backport from 
[https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=d12f8998d2d086f0a6606589e5aedb7147e6f2f1]
+CVE: CVE-2023-25588
+Signed-off-by: Ashish Sharma 
+
+ bfd/mach-o.c | 72 ++--
+ 1 file changed, 31 insertions(+), 41 deletions(-)
+
+diff --git a/bfd/mach-o.c b/bfd/mach-o.c
+index acb35e7f0c6..5279343768c 100644
+--- a/bfd/mach-o.c
 b/bfd/mach-o.c
+@@ -938,11 +938,9 @@ bfd_mach_o_get_synthetic_symtab (bfd *abfd,
+   bfd_mach_o_symtab_command *symtab = mdata->symtab;
+   asymbol *s;
+   char * s_start;
+-  char * s_end;
+   unsigned long count, i, j, n;
+   size_t size;
+   char *names;
+-  char *nul_name;
+   const char stub [] = "$stub";
+ 
+   *ret = NULL;
+@@ -955,27 +953,27 @@ bfd_mach_o_get_synthetic_symtab (bfd *abfd,
+   /* We need to allocate a bfd symbol for every indirect symbol and to
+  allocate the memory for its name.  */
+   count = dysymtab->nindirectsyms;
+-  size = count * sizeof (asymbol) + 1;
+-
++  size = 0;
+   for (j = 0; j < count; j++)
+ {
+-  const char * strng;
+   unsigned int isym = dysymtab->indirect_syms[j];
++  const char *str;
+ 
+   /* Some indirect symbols are anonymous.  */
+-  if (isym < symtab->nsyms && (strng = symtab->symbols[isym].symbol.name))
+-  /* PR 17512: file: f5b8eeba.  */
+-  size += strnlen (strng, symtab->strsize - (strng - symtab->strtab)) + 
sizeof (stub);
++  if (isym < symtab->nsyms
++&& (str = symtab->symbols[isym].symbol.name) != NULL)
++  {
++/* PR 17512: file: f5b8eeba.  */
++size += strnlen (str, symtab->strsize - (str - symtab->strtab));
++size += sizeof (stub);
++  }
+ }
+ 
+-  s_start = bfd_malloc (size);
++  s_start = bfd_malloc (size + count * sizeof (asymbol));
+   s = *ret = (asymbol *) s_start;
+   if (s == NULL)
+ return -1;
+   names = (char *) (s + count);
+-  nul_name = names;
+-  *names++ = 0;
+-  s_end = s_start + size;
+ 
+   n = 0;
+   for (i = 0; i < mdata->nsects; i++)
+@@ -997,47 +995,39 @@ bfd_mach_o_get_synthetic_symtab (bfd *abfd,
+ entry_size = bfd_mach_o_section_get_entry_size (abfd, sec);
+ 
+ /* PR 17512: file: 08e15eec.  */
+-if (first >= count || last >= count || first > last)
++if (first >= count || last > count || first > last)
+   goto fail;
+ 
+ for (j = first; j < last; j++)
+   {
+ unsigned int isym = dysymtab->indirect_syms[j];
+-
+-/* PR 17512: file: 04d64d9b.  */
+-if (((char *) s) + sizeof (* s) > s_end)
+-  goto fail;
+-
+-s->flags = BSF_GLOBAL | BSF_SYNTHETIC;
+-s->section = sec->bfdsection;
+-s->value = addr - sec->addr;
+-s->udata.p = NULL;
++const char *str;
++size_t len;
+ 
+ if (isym < symtab->nsyms
+-&& symtab->symbols[isym].symbol.name)
++&& (str = symtab->symbols[isym].symbol.name) != NULL)
+   {
+-const char *sym = symtab->symbols[isym].symbol.name;
+-size_t len;
+-
+-s->name = names;
+-

[OE-core][dunfell 2/6] vim: Upgrade 9.0.2009 -> 9.0.2048

2023-10-24 Thread Steve Sakoman

From: Siddharth Doshi 

This includes CVE fix for CVE-2023-5535.

Signed-off-by: Siddharth Doshi 
Signed-off-by: Steve Sakoman 
---
 meta/recipes-support/vim/vim.inc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc
index 51247cbe0a..d8e88af22e 100644
--- a/meta/recipes-support/vim/vim.inc
+++ b/meta/recipes-support/vim/vim.inc
@@ -19,8 +19,8 @@ SRC_URI = 
"git://github.com/vim/vim.git;branch=master;protocol=https \
file://no-path-adjust.patch \
"
 
-PV .= ".2009"
-SRCREV = "54844857fd6933fa4f6678e47610c4b9c9f7a091"
+PV .= ".2048"
+SRCREV = "982ef16059bd163a77271107020defde0740bbd6"
 
 # Remove when 8.3 is out
 UPSTREAM_VERSION_UNKNOWN = "1"
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#189662): 
https://lists.openembedded.org/g/openembedded-core/message/189662
Mute This Topic: https://lists.openembedded.org/mt/102171449/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 3/6] linux-firmware: upgrade 20230625 -> 20230804

2023-10-24 Thread Steve Sakoman

From: Meenali Gupta 

License-Update: additional firmwares

upgrade include fix for CVE-2023-20569 CVE-2022-40982 CVE-2023-20593

Changelog:
  
https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/

References:
  https://nvd.nist.gov/vuln/detail/CVE-2023-20569
  https://nvd.nist.gov/vuln/detail/CVE-2022-40982
  https://nvd.nist.gov/vuln/detail/CVE-2023-20593

Signed-off-by: Meenali Gupta 
Signed-off-by: Steve Sakoman 
(cherry picked from commit d3f1448246c9711f4f23f2e12c664e0ba3ae3f02)
Signed-off-by: Steve Sakoman 
---
 ...{linux-firmware_20230625.bb => linux-firmware_20230804.bb} | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename meta/recipes-kernel/linux-firmware/{linux-firmware_20230625.bb => 
linux-firmware_20230804.bb} (99%)

diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_20230625.bb 
b/meta/recipes-kernel/linux-firmware/linux-firmware_20230804.bb
similarity index 99%
rename from meta/recipes-kernel/linux-firmware/linux-firmware_20230625.bb
rename to meta/recipes-kernel/linux-firmware/linux-firmware_20230804.bb
index 7fe7e51240..507a003224 100644
--- a/meta/recipes-kernel/linux-firmware/linux-firmware_20230625.bb
+++ b/meta/recipes-kernel/linux-firmware/linux-firmware_20230804.bb
@@ -134,7 +134,7 @@ LIC_FILES_CHKSUM = 
"file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \
 "
 # WHENCE checksum is defined separately to ease overriding it if
 # class-devupstream is selected.
-WHENCE_CHKSUM  = "57bf874056926f12aec2405d3fc390d9"
+WHENCE_CHKSUM  = "41f9a48bf27971b126a36f9344594dcd"
 
 # These are not common licenses, set NO_GENERIC_LICENSE for them
 # so that the license files will be copied from fetched source
@@ -212,7 +212,7 @@ SRC_URI:class-devupstream = 
"git://git.kernel.org/pub/scm/linux/kernel/git/firmw
 # Pin this to the 20220509 release, override this in local.conf
 SRCREV:class-devupstream ?= "b19cbdca78ab2adfd210c91be15a22568e8b8cae"
 
-SRC_URI[sha256sum] = 
"87597111c0d4b71b31e53cb85a92c386921b84c825a402db8c82e0e86015500d"
+SRC_URI[sha256sum] = 
"88d46c543847ee3b03404d4941d91c92974690ee1f6fdcbee9cef3e5f97db688"
 
 inherit allarch
 
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#189663): 
https://lists.openembedded.org/g/openembedded-core/message/189663
Mute This Topic: https://lists.openembedded.org/mt/102171450/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 4/6] resulttool/report: Avoid divide by zero

2023-10-24 Thread Steve Sakoman

From: Richard Purdie 

Avoid a divide by zero traceback if unfortunate test counts are encountered.

Signed-off-by: Richard Purdie 
(cherry picked from commit c5aeea53dfacb53dedb8445cb3523dc3a8cb6dca)
Signed-off-by: Steve Sakoman 
---
 scripts/lib/resulttool/report.py | 5 -
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/scripts/lib/resulttool/report.py b/scripts/lib/resulttool/report.py
index f0ca50ebe2..a349510ab8 100644
--- a/scripts/lib/resulttool/report.py
+++ b/scripts/lib/resulttool/report.py
@@ -176,7 +176,10 @@ class ResultsTextReport(object):
 vals['sort'] = line['testseries'] + "_" + line['result_id']
 vals['failed_testcases'] = line['failed_testcases']
 for k in cols:
-vals[k] = "%d (%s%%)" % (line[k], format(line[k] / 
total_tested * 100, '.0f'))
+if total_tested:
+vals[k] = "%d (%s%%)" % (line[k], format(line[k] / 
total_tested * 100, '.0f'))
+else:
+vals[k] = "0 (0%)"
 for k in maxlen:
 if k in vals and len(vals[k]) > maxlen[k]:
 maxlen[k] = len(vals[k])
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#189664): 
https://lists.openembedded.org/g/openembedded-core/message/189664
Mute This Topic: https://lists.openembedded.org/mt/102171451/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 5/6] patch.py: Use shlex instead of deprecated pipe

2023-10-24 Thread Steve Sakoman

The pipe library is deprecated in Python 3.11 and will be removed in
Python 3.13.  pipe.quote is just an import of shlex.quote anyway.

Clean up imports while we're at it.

Signed-off-by: Ola x Nilsson 
Signed-off-by: Luca Ceresoli 
(cherry picked from commit 5f33c7b99a991c380d1813da8248ba5470ca4d4e)
Signed-off-by: Steve Sakoman 
---
 meta/lib/oe/patch.py | 6 --
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/meta/lib/oe/patch.py b/meta/lib/oe/patch.py
index 7cd8436da5..feb6ee7082 100644
--- a/meta/lib/oe/patch.py
+++ b/meta/lib/oe/patch.py
@@ -2,6 +2,9 @@
 # SPDX-License-Identifier: GPL-2.0-only
 #
 
+import os
+import shlex
+import subprocess
 import oe.path
 import oe.types
 
@@ -24,7 +27,6 @@ class CmdError(bb.BBHandledException):
 
 
 def runcmd(args, dir = None):
-import pipes
 import subprocess
 
 if dir:
@@ -35,7 +37,7 @@ def runcmd(args, dir = None):
 # print("cwd: %s -> %s" % (olddir, dir))
 
 try:
-args = [ pipes.quote(str(arg)) for arg in args ]
+args = [ shlex.quote(str(arg)) for arg in args ]
 cmd = " ".join(args)
 # print("cmd: %s" % cmd)
 (exitstatus, output) = subprocess.getstatusoutput(cmd)
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#189665): 
https://lists.openembedded.org/g/openembedded-core/message/189665
Mute This Topic: https://lists.openembedded.org/mt/102171452/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 6/6] cve-exclusion_5.4.inc: update for 5.4.257

2023-10-24 Thread Steve Sakoman

Signed-off-by: Steve Sakoman 
---
 .../linux/cve-exclusion_5.4.inc   | 207 +++---
 1 file changed, 179 insertions(+), 28 deletions(-)

diff --git a/meta/recipes-kernel/linux/cve-exclusion_5.4.inc 
b/meta/recipes-kernel/linux/cve-exclusion_5.4.inc
index 28e66d6f4f..4c17b701df 100644
--- a/meta/recipes-kernel/linux/cve-exclusion_5.4.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_5.4.inc
@@ -1,9 +1,9 @@
 
 # Auto-generated CVE metadata, DO NOT EDIT BY HAND.
-# Generated at 2023-08-25 15:56:12.313882 for version 5.4.251
+# Generated at 2023-10-24 06:03:05.289306 for version 5.4.257
 
 python check_kernel_cve_status_version() {
-this_version = "5.4.251"
+this_version = "5.4.257"
 kernel_version = d.getVar("LINUX_VERSION")
 if kernel_version != this_version:
 bb.warn("Kernel CVE status needs updating: generated for %s but kernel 
is %s" % (this_version, kernel_version))
@@ -4832,6 +4832,9 @@ CVE_CHECK_WHITELIST += "CVE-2020-27194"
 # cpe-stable-backport: Backported in 5.4.23
 CVE_CHECK_WHITELIST += "CVE-2020-2732"
 
+# cpe-stable-backport: Backported in 5.4.25
+CVE_CHECK_WHITELIST += "CVE-2020-27418"
+
 # cpe-stable-backport: Backported in 5.4.75
 CVE_CHECK_WHITELIST += "CVE-2020-27673"
 
@@ -4966,6 +4969,9 @@ CVE_CHECK_WHITELIST += "CVE-2020-36558"
 # cpe-stable-backport: Backported in 5.4.86
 CVE_CHECK_WHITELIST += "CVE-2020-36694"
 
+# cpe-stable-backport: Backported in 5.4.62
+CVE_CHECK_WHITELIST += "CVE-2020-36766"
+
 # cpe-stable-backport: Backported in 5.4.143
 CVE_CHECK_WHITELIST += "CVE-2020-3702"
 
@@ -6408,7 +6414,8 @@ CVE_CHECK_WHITELIST += "CVE-2022-40768"
 # cpe-stable-backport: Backported in 5.4.213
 CVE_CHECK_WHITELIST += "CVE-2022-4095"
 
-# CVE-2022-40982 has no known resolution
+# cpe-stable-backport: Backported in 5.4.252
+CVE_CHECK_WHITELIST += "CVE-2022-40982"
 
 # cpe-stable-backport: Backported in 5.4.229
 CVE_CHECK_WHITELIST += "CVE-2022-41218"
@@ -6489,9 +6496,9 @@ CVE_CHECK_WHITELIST += "CVE-2022-4382"
 # fixed-version: only affects 5.11rc1 onwards
 CVE_CHECK_WHITELIST += "CVE-2022-43945"
 
-# CVE-2022-44032 has no known resolution
+# CVE-2022-44032 needs backporting (fixed from 6.4rc1)
 
-# CVE-2022-44033 has no known resolution
+# CVE-2022-44033 needs backporting (fixed from 6.4rc1)
 
 # CVE-2022-44034 has no known resolution
 
@@ -6504,14 +6511,17 @@ CVE_CHECK_WHITELIST += "CVE-2022-45869"
 
 # CVE-2022-45885 has no known resolution
 
-# CVE-2022-45886 has no known resolution
+# cpe-stable-backport: Backported in 5.4.246
+CVE_CHECK_WHITELIST += "CVE-2022-45886"
 
-# CVE-2022-45887 has no known resolution
+# cpe-stable-backport: Backported in 5.4.246
+CVE_CHECK_WHITELIST += "CVE-2022-45887"
 
 # fixed-version: only affects 5.14rc1 onwards
 CVE_CHECK_WHITELIST += "CVE-2022-45888"
 
-# CVE-2022-45919 has no known resolution
+# cpe-stable-backport: Backported in 5.4.246
+CVE_CHECK_WHITELIST += "CVE-2022-45919"
 
 # cpe-stable-backport: Backported in 5.4.229
 CVE_CHECK_WHITELIST += "CVE-2022-45934"
@@ -6586,7 +6596,8 @@ CVE_CHECK_WHITELIST += "CVE-2023-0047"
 # fixed-version: only affects 6.0rc1 onwards
 CVE_CHECK_WHITELIST += "CVE-2023-0122"
 
-# CVE-2023-0160 has no known resolution
+# cpe-stable-backport: Backported in 5.4.243
+CVE_CHECK_WHITELIST += "CVE-2023-0160"
 
 # fixed-version: only affects 5.5rc1 onwards
 CVE_CHECK_WHITELIST += "CVE-2023-0179"
@@ -6661,12 +6672,14 @@ CVE_CHECK_WHITELIST += "CVE-2023-1192"
 
 # CVE-2023-1193 has no known resolution
 
-# CVE-2023-1194 has no known resolution
+# fixed-version: only affects 5.15rc1 onwards
+CVE_CHECK_WHITELIST += "CVE-2023-1194"
 
 # fixed-version: only affects 5.16rc1 onwards
 CVE_CHECK_WHITELIST += "CVE-2023-1195"
 
-# CVE-2023-1206 needs backporting (fixed from 6.5rc4)
+# cpe-stable-backport: Backported in 5.4.253
+CVE_CHECK_WHITELIST += "CVE-2023-1206"
 
 # CVE-2023-1249 needs backporting (fixed from 5.18rc1)
 
@@ -6695,7 +6708,8 @@ CVE_CHECK_WHITELIST += "CVE-2023-1513"
 # fixed-version: only affects 5.19rc1 onwards
 CVE_CHECK_WHITELIST += "CVE-2023-1583"
 
-# CVE-2023-1611 needs backporting (fixed from 6.3rc5)
+# cpe-stable-backport: Backported in 5.4.253
+CVE_CHECK_WHITELIST += "CVE-2023-1611"
 
 # cpe-stable-backport: Backported in 5.4.189
 CVE_CHECK_WHITELIST += "CVE-2023-1637"
@@ -6744,9 +6758,10 @@ CVE_CHECK_WHITELIST += "CVE-2023-2008"
 # fixed-version: only affects 5.12rc1 onwards
 CVE_CHECK_WHITELIST += "CVE-2023-2019"
 
-# CVE-2023-20569 has no known resolution
+# cpe-stable-backport: Backported in 5.4.252
+CVE_CHECK_WHITELIST += "CVE-2023-20569"
 
-# CVE-2023-20588 has no known resolution
+# CVE-2023-20588 needs backporting (fixed from 6.5rc6)
 
 # cpe-stable-backport: Backported in 5.4.250
 CVE_CHECK_WHITELIST += "CVE-2023-20593"
@@ -6772,7 +6787,8 @@ CVE_CHECK_WHITELIST += "CVE-2023-2124"
 # fixed-version: only affects 5.16rc1 onwards
 CVE_CHECK_WHITELIST += "CVE-2023-21255"
 
-# CVE-2023-21264 needs backporting (fixed from 6.4rc5)
+# fixed-version: only affects

[OE-core] [PATCH v2] cve-check: Classify patched CVEs into 3 statuses

2023-10-24 Thread Matsunaga-Shinji

CVEs that are currently considered "Patched" are classified into the following 
3 statuses:
1. "Patched"  - means that a patch file that fixed the vulnerability has 
been applied
2. "Not affected" - means that the package version (PV) is not affected by the 
vulnerability
3. "Undecidable"  - means that versions cannot be compared to determine if they 
are affected by the vulnerability

Signed-off-by: Shinji Matsunaga 
Signed-off-by: Shunsuke Tokumoto 
---

Changes for v2:
   - Fix the status "Out of range" to "Not affected"

 meta/classes/cve-check.bbclass | 55 +++---
 1 file changed, 38 insertions(+), 17 deletions(-)

diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index b55f4299da..502db324df 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -185,10 +185,10 @@ python do_cve_check () {
 patched_cves = get_patched_cves(d)
 except FileNotFoundError:
 bb.fatal("Failure in searching patches")
-ignored, patched, unpatched, status = check_cves(d, patched_cves)
-if patched or unpatched or (d.getVar("CVE_CHECK_COVERAGE") == "1" 
and status):
-cve_data = get_cve_info(d, patched + unpatched + ignored)
-cve_write_data(d, patched, unpatched, ignored, cve_data, 
status)
+ignored, patched, unpatched, not_affected, undecidable, status = 
check_cves(d, patched_cves)
+if patched or unpatched or not_affected or undecidable or 
(d.getVar("CVE_CHECK_COVERAGE") == "1" and status):
+cve_data = get_cve_info(d, patched + unpatched + ignored + 
not_affected + undecidable)
+cve_write_data(d, patched, unpatched, ignored, not_affected, 
undecidable, cve_data, status)
 else:
 bb.note("No CVE database found, skipping CVE check")
 
@@ -308,13 +308,13 @@ def check_cves(d, patched_cves):
 products = d.getVar("CVE_PRODUCT").split()
 # If this has been unset then we're not scanning for CVEs here (for 
example, image recipes)
 if not products:
-return ([], [], [], [])
+return ([], [], [], [], [], [])
 pv = d.getVar("CVE_VERSION").split("+git")[0]
 
 # If the recipe has been skipped/ignored we return empty lists
 if pn in d.getVar("CVE_CHECK_SKIP_RECIPE").split():
 bb.note("Recipe has been skipped by cve-check")
-return ([], [], [], [])
+return ([], [], [], [], [], [])
 
 # Convert CVE_STATUS into ignored CVEs and check validity
 cve_ignore = []
@@ -328,6 +328,8 @@ def check_cves(d, patched_cves):
 conn = sqlite3.connect(db_file, uri=True)
 
 # For each of the known product names (e.g. curl has CPEs using curl and 
libcurl)...
+cves_not_affected = []
+cves_undecidable = []
 for product in products:
 cves_in_product = False
 if ":" in product:
@@ -355,6 +357,7 @@ def check_cves(d, patched_cves):
 
 vulnerable = False
 ignored = False
+undecidable = False
 
 product_cursor = conn.execute("SELECT * FROM PRODUCTS WHERE ID IS 
? AND PRODUCT IS ? AND VENDOR LIKE ?", (cve, product, vendor))
 for row in product_cursor:
@@ -376,7 +379,7 @@ def check_cves(d, patched_cves):
 except:
 bb.warn("%s: Failed to compare %s %s %s for %s" %
 (product, pv, operator_start, 
version_start, cve))
-vulnerable_start = False
+undecidable = True
 else:
 vulnerable_start = False
 
@@ -387,10 +390,15 @@ def check_cves(d, patched_cves):
 except:
 bb.warn("%s: Failed to compare %s %s %s for %s" %
 (product, pv, operator_end, version_end, 
cve))
-vulnerable_end = False
+undecidable = True
 else:
 vulnerable_end = False
 
+if undecidable:
+bb.note("%s-%s is undecidable to %s" % (pn, real_pv, 
cve))
+cves_undecidable.append(cve)
+break
+
 if operator_start and operator_end:
 vulnerable = vulnerable_start and vulnerable_end
 else:
@@ -406,9 +414,9 @@ def check_cves(d, patched_cves):
 break
 product_cursor.close()
 
-if not vulnerable:
+if not undecidable and not vulnerable:
 bb.note("%s-%s is not vulnerable to %s" % (pn, real_pv, cve))
-patched_cves.add(cve)
+cves_not_affected.append(cve)
 cve_cursor.close()
 
 if not cves_in_product:
@@ -420,7 +428,7 @@ def check_cves(d, patched_cves):
 if not cves_in

[OE-core] OpenEmbedded Happy Hour October 25 9pm/2100 UTC

2023-10-24 Thread Denys Dmytriyenko

All,

You are cordially invited to the next OpenEmbedded Happy Hour on October 25 
for Asia/Pacific timezones @ 2100/9pm UTC (5pm ET / 2pm PT):

https://www.openembedded.org/wiki/Calendar
https://www.openembedded.org/wiki/Happy_Hours
https://www.timeanddate.com/worldclock/fixedtime.html?msg=OpenEmbedded+Happy+Hour+October+25&iso=20231025T21

Best regards,
Denys Dmytriyenko
OpenEmbedded Board of Directors

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#189668): 
https://lists.openembedded.org/g/openembedded-core/message/189668
Mute This Topic: https://lists.openembedded.org/mt/102173053/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] CVE work synchronization proposal

2023-10-24 Thread Marta Rybczynska

On Fri, Oct 20, 2023 at 4:18 PM Michael Opdenacker
 wrote:
>
> Hi Marta
>
> On 20.10.23 at 10:36, Marta Rybczynska wrote:
> > Hello everyone,
> > We have a constant flow of work on pending CVEs. During my discussion
> > with multiple people, there is a common need for synchronization of
> > this work to avoid duplication or forgotten fixes.
> >
> > We have a decision on the tooling to make: do we want to create a
> > Bugzilla entry for each new open CVE? An alternative is to use a wiki
> > page (this has been prototyped by Ross) with heavy scripting to
> > automate the tedious part.
> >
> > Today I propose you to use a special wiki page and the following procedure:
> >
> > On the wiki page, always add all additional information after a ; sign
> > to allow scripting. The first part of each line (until ";" ) will be
> > auto-generated. The second part contains information about the issue,
> > like who is investigating or what the situation is.
> >
> > There is a separate list for each branch, as we realize that people
> > concentrate on various branches.
> >
> > Workflow:
> >
> > * Mark name of a person preparing a patch for each branch
> > * If you have additional information (like a link to a patch), add it
> > to the record
> > * If a patch is posted to the mailing list, post a link to it (this
> > will be automated)
> > * When a patch reaches the "next" branch, mark it too (this will be
> > automated too)
> > * When the patch reaches the final branch, the line of the CVE is
> > automatically removed (this is already automated)
> > * The list is (re)generated every day
> >
> >
> > Please have a look at the procedure proposal and how the tracking
> > might look like:
> >
> > https://wiki.yoctoproject.org/wiki/Synchronization_CVEs
>
>
> This looks very useful. Thanks!
> If I understand correctly, the fact that the beginning of each line is
> generated automatically is a way to make sure nobody with Wiki write
> rights can hide a vulnerability by removing it from the list, right?
>
Hello Michael,
The auto-generation has multiple benefits:
* no removing by error or any other reason, while the vulnerability is
still there -> it will be re-added the next day
* less time spent to review the list

Regards,
Marta

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#189669): 
https://lists.openembedded.org/g/openembedded-core/message/189669
Mute This Topic: https://lists.openembedded.org/mt/102077364/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH v2] cve-check: Classify patched CVEs into 3 statuses

2023-10-24 Thread Andrej Valek


Hi all,

Do we really need a new "not_affected" state? I guess the ignore state 
is exactly designed for those purposes.


Regards,
Andrej

On 25.10.2023 07:13, Matsunaga-Shinji wrote:

CVEs that are currently considered "Patched" are classified into the following 
3 statuses:
1. "Patched"  - means that a patch file that fixed the vulnerability has 
been applied
2. "Not affected" - means that the package version (PV) is not affected by the 
vulnerability
3. "Undecidable"  - means that versions cannot be compared to determine if they 
are affected by the vulnerability

Signed-off-by: Shinji Matsunaga 
Signed-off-by: Shunsuke Tokumoto 
---

Changes for v2:
- Fix the status "Out of range" to "Not affected"

  meta/classes/cve-check.bbclass | 55 +++---
  1 file changed, 38 insertions(+), 17 deletions(-)

diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index b55f4299da..502db324df 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -185,10 +185,10 @@ python do_cve_check () {
  patched_cves = get_patched_cves(d)
  except FileNotFoundError:
  bb.fatal("Failure in searching patches")
-ignored, patched, unpatched, status = check_cves(d, patched_cves)
-if patched or unpatched or (d.getVar("CVE_CHECK_COVERAGE") == "1" 
and status):
-cve_data = get_cve_info(d, patched + unpatched + ignored)
-cve_write_data(d, patched, unpatched, ignored, cve_data, 
status)
+ignored, patched, unpatched, not_affected, undecidable, status = 
check_cves(d, patched_cves)
+if patched or unpatched or not_affected or undecidable or 
(d.getVar("CVE_CHECK_COVERAGE") == "1" and status):
+cve_data = get_cve_info(d, patched + unpatched + ignored + 
not_affected + undecidable)
+cve_write_data(d, patched, unpatched, ignored, not_affected, 
undecidable, cve_data, status)
  else:
  bb.note("No CVE database found, skipping CVE check")
  
@@ -308,13 +308,13 @@ def check_cves(d, patched_cves):

  products = d.getVar("CVE_PRODUCT").split()
  # If this has been unset then we're not scanning for CVEs here (for 
example, image recipes)
  if not products:
-return ([], [], [], [])
+return ([], [], [], [], [], [])
  pv = d.getVar("CVE_VERSION").split("+git")[0]
  
  # If the recipe has been skipped/ignored we return empty lists

  if pn in d.getVar("CVE_CHECK_SKIP_RECIPE").split():
  bb.note("Recipe has been skipped by cve-check")
-return ([], [], [], [])
+return ([], [], [], [], [], [])
  
  # Convert CVE_STATUS into ignored CVEs and check validity

  cve_ignore = []
@@ -328,6 +328,8 @@ def check_cves(d, patched_cves):
  conn = sqlite3.connect(db_file, uri=True)
  
  # For each of the known product names (e.g. curl has CPEs using curl and libcurl)...

+cves_not_affected = []
+cves_undecidable = []
  for product in products:
  cves_in_product = False
  if ":" in product:
@@ -355,6 +357,7 @@ def check_cves(d, patched_cves):
  
  vulnerable = False

  ignored = False
+undecidable = False
  
  product_cursor = conn.execute("SELECT * FROM PRODUCTS WHERE ID IS ? AND PRODUCT IS ? AND VENDOR LIKE ?", (cve, product, vendor))

  for row in product_cursor:
@@ -376,7 +379,7 @@ def check_cves(d, patched_cves):
  except:
  bb.warn("%s: Failed to compare %s %s %s for %s" %
  (product, pv, operator_start, 
version_start, cve))
-vulnerable_start = False
+undecidable = True
  else:
  vulnerable_start = False
  
@@ -387,10 +390,15 @@ def check_cves(d, patched_cves):

  except:
  bb.warn("%s: Failed to compare %s %s %s for %s" %
  (product, pv, operator_end, version_end, 
cve))
-vulnerable_end = False
+undecidable = True
  else:
  vulnerable_end = False
  
+if undecidable:

+bb.note("%s-%s is undecidable to %s" % (pn, real_pv, 
cve))
+cves_undecidable.append(cve)
+break
+
  if operator_start and operator_end:
  vulnerable = vulnerable_start and vulnerable_end
  else:
@@ -406,9 +414,9 @@ def check_cves(d, patched_cves):
  break
  product_cursor.close()
  
-if not vulnerable:

+if not undecidable and not vulnerable:
  bb.note("%s-%s is not vulnerable to %s

Re: [OE-Core][PATCH v2 0/4] recipetool: Add handler to create go recipes

Re: [OE-Core][PATCH v2 0/4] recipetool: Add handler to create go recipes

Re: [OE-Core][PATCH v2 0/4] recipetool: Add handler to create go recipes

Re: [OE-core] [PATCH 3/3] selftest/sstatetests: add a test for CDN sstate cache

Re: [OE-core] [PATCH V5] kbd:Add ptest support

[OE-core] [PATCH] SECURITY.md: Add file

Re: [OE-core] [PATCH 4/4] package_rpm.bbclass: Support compression override

[OE-core][PATCH] patchtest-send-results: improve subject line

[OE-core] [RESEND PATCH 2/2] oeqa/selftest/devtool: remove spaces on empty line

[OE-core] [RESEND PATCH 1/2] oeqa/selftest/devtool: abort if a local workspace already exist

[OE-core] [PATCH v3 1/4] scripts:recipetool:create_buildsys_python: prefix created recipes with python3-

[OE-core] [PATCH v3 2/4] scripts:recipetool:create_buildsys_python: refactor code for futur PEP517 addition

[OE-core] [PATCH v3 4/4] oeqa/selftest/recipetool: add selftest for PEP-517 recipe creation

[OE-core] [PATCH v3 3/4] scripts:recipetool:create_buildsys_python: add PEP517 support

[OE-core] [PATCH v3 0/4] devtool/recipetool: add support of PEP-517

[OE-core] Yocto Project Status 24 October 2023 (WW43)

Re: [OE-core] [PATCH 4/4] package_rpm.bbclass: Support compression override

[OE-core][master][mickledore][PATCH] openssl: Upgrade 3.1.3 -> 3.1.4

[OE-core][PATCH] patchtest: disable merge test

[OE-core][kirkstone][PATCH] openssl: Upgrade 3.0.11 -> 3.0.12

[OE-core] [PATCH] kernel.bbclass: Use strip utility used for kernel build in do_package

Re: [OE-core] [PATCH] kernel.bbclass: Use strip utility used for kernel build in do_package

[OE-core][dunfell 0/6] Patch review

[OE-core][dunfell 1/6] binutils: Backport fix CVE-2023-25588

[OE-core][dunfell 2/6] vim: Upgrade 9.0.2009 -> 9.0.2048

[OE-core][dunfell 3/6] linux-firmware: upgrade 20230625 -> 20230804

[OE-core][dunfell 4/6] resulttool/report: Avoid divide by zero

[OE-core][dunfell 5/6] patch.py: Use shlex instead of deprecated pipe

[OE-core][dunfell 6/6] cve-exclusion_5.4.inc: update for 5.4.257

[OE-core] [PATCH v2] cve-check: Classify patched CVEs into 3 statuses

[OE-core] OpenEmbedded Happy Hour October 25 9pm/2100 UTC

Re: [OE-core] CVE work synchronization proposal

Re: [OE-core] [PATCH v2] cve-check: Classify patched CVEs into 3 statuses

33 matches

Site Navigation

Mail list logo

Footer information