[OE-core][dunfell][PATCH] avahi: backport Debian patches to fix multiple CVE's

[Vijay Anusuri via lists.openembedded.org]

From: Vijay Anusuri 

import patches from ubuntu to fix
 CVE-2023-1981
 CVE-2023-38469
 CVE-2023-38470
 CVE-2023-38471
 CVE-2023-38472
 CVE-2023-38473

Upstream-Status: Backport [import from ubuntu 
https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches?h=ubuntu/focal-security
Upstream commit
https://github.com/lathiat/avahi/commit/a2696da2f2c50ac43b6c4903f72290d5c3fa9f6f
&
https://github.com/lathiat/avahi/commit/a337a1ba7d15853fb56deef1f464529af6e3a1cf
&
https://github.com/lathiat/avahi/commit/c6cab87df290448a63323c8ca759baa516166237
&
https://github.com/lathiat/avahi/commit/94cb6489114636940ac683515417990b55b5d66c
&
https://github.com/lathiat/avahi/commit/20dec84b2480821704258bc908e7b2bd2e883b24
&
https://github.com/lathiat/avahi/commit/894f085f402e023a98cbb6f5a3d117bd88d93b09
&
https://github.com/lathiat/avahi/commit/b675f70739f404342f7f78635d6e2dcd85a13460
&
https://github.com/lathiat/avahi/commit/b024ae5749f4aeba03478e6391687c3c9c8dee40
&
https://github.com/lathiat/avahi/commit/b448c9f771bada14ae8de175695a9729f8646797]

Signed-off-by: Vijay Anusuri 
---
 meta/recipes-connectivity/avahi/avahi.inc |   9 ++
 .../avahi/files/CVE-2023-1981.patch   |  60 ++
 .../avahi/files/CVE-2023-38469-1.patch|  48 
 .../avahi/files/CVE-2023-38469-2.patch|  65 +++
 .../avahi/files/CVE-2023-38470-1.patch|  57 +
 .../avahi/files/CVE-2023-38470-2.patch|  53 +
 .../avahi/files/CVE-2023-38471-1.patch|  73 
 .../avahi/files/CVE-2023-38471-2.patch|  52 +
 .../avahi/files/CVE-2023-38472.patch  |  45 
 .../avahi/files/CVE-2023-38473.patch  | 109 ++
 10 files changed, 571 insertions(+)
 create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2023-1981.patch
 create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2023-38469-1.patch
 create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2023-38469-2.patch
 create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2023-38470-1.patch
 create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2023-38470-2.patch
 create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2023-38471-1.patch
 create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2023-38471-2.patch
 create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2023-38472.patch
 create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2023-38473.patch

diff --git a/meta/recipes-connectivity/avahi/avahi.inc 
b/meta/recipes-connectivity/avahi/avahi.inc
index 25bb41b738..e1dfc7a861 100644
--- a/meta/recipes-connectivity/avahi/avahi.inc
+++ b/meta/recipes-connectivity/avahi/avahi.inc
@@ -22,6 +22,15 @@ LIC_FILES_CHKSUM = 
"file://LICENSE;md5=2d5025d4aa3495befef8f17206a5b0a1 \
 SRC_URI = 
"https://github.com/lathiat/avahi/releases/download/v${PV}/avahi-${PV}.tar.gz \
file://fix-CVE-2017-6519.patch \
file://CVE-2021-3468.patch \
+   file://CVE-2023-1981.patch \
+   file://CVE-2023-38469-1.patch \
+   file://CVE-2023-38469-2.patch \
+   file://CVE-2023-38470-1.patch \
+   file://CVE-2023-38470-2.patch \
+   file://CVE-2023-38471-1.patch \
+   file://CVE-2023-38471-2.patch \
+   file://CVE-2023-38472.patch \
+   file://CVE-2023-38473.patch \
"
 
 UPSTREAM_CHECK_URI = "https://github.com/lathiat/avahi/releases/";
diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-1981.patch 
b/meta/recipes-connectivity/avahi/files/CVE-2023-1981.patch
new file mode 100644
index 00..1209864402
--- /dev/null
+++ b/meta/recipes-connectivity/avahi/files/CVE-2023-1981.patch
@@ -0,0 +1,60 @@
+Backport of:
+
+From a2696da2f2c50ac43b6c4903f72290d5c3fa9f6f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= 
+Date: Thu, 17 Nov 2022 01:51:53 +0100
+Subject: [PATCH] Emit error if requested service is not found
+
+It currently just crashes instead of replying with error. Check return
+value and emit error instead of passing NULL pointer to reply.
+
+Fixes #375
+
+Upstream-Status: Backport [import from ubuntu 
https://git.launchpad.net/ubuntu/+source/avahi/tree/debian/patches/CVE-2023-1981.patch?h=ubuntu/focal-security
+Upstream commit 
https://github.com/lathiat/avahi/commit/a2696da2f2c50ac43b6c4903f72290d5c3fa9f6f]
+CVE: CVE-2023-1981
+Signed-off-by: Vijay Anusuri 
+---
+ avahi-daemon/dbus-protocol.c | 20 ++--
+ 1 file changed, 14 insertions(+), 6 deletions(-)
+
+--- a/avahi-daemon/dbus-protocol.c
 b/avahi-daemon/dbus-protocol.c
+@@ -391,10 +391,14 @@ static DBusHandlerResult msg_server_impl
+ }
+ 
+ t = avahi_alternative_host_name(n);
+-avahi_dbus_respond_string(c, m, t);
+-avahi_free(t);
+-
+-return DBUS_HANDLER_RESULT_HANDLED;
++if (t) {
++avahi_dbus_respond_string(c, m, t);
++avahi_free(t);
++
++return DBUS_HANDL

[OE-core] [PATCH v9 3/3] image.bbclass: Add glib-2.0/schemas to MULTILIBRE_ALLOW_REP

[Khem Raj]

This helps in allowing duplicate files for glib-2.0 schemas

Fixes
ERROR: core-image-sato-1.0-r0 do_rootfs: Multilib check error: duplicate files 
/mnt/b/yoe/master/build/tmp/work/qemux86_64-yoe-linux/core-image-sato/1.0/multilib/lib32/usr/share/glib-2.0/schemas/gschemas.compiled
 /mnt/b/yo
e/master/build/tmp/work/qemux86_64-yoe-linux/core-image-sato/1.0/rootfs/usr/share/glib-2.0/schemas/gschemas.compiled
 is not the same

[YOCTO #15291]

Signed-off-by: Khem Raj 
Cc: Ross Burton 
---
v9: Rebased

 meta/classes-recipe/image.bbclass | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/classes-recipe/image.bbclass 
b/meta/classes-recipe/image.bbclass
index 7231fad940d..ace0441adbd 100644
--- a/meta/classes-recipe/image.bbclass
+++ b/meta/classes-recipe/image.bbclass
@@ -609,7 +609,7 @@ python create_symlinks() {
 bb.note("Skipping symlink, source does not exist: %s -> %s" % 
(dst, src))
 }
 
-MULTILIBRE_ALLOW_REP =. 
"${base_bindir}|${base_sbindir}|${bindir}|${sbindir}|${libexecdir}|${sysconfdir}|${nonarch_base_libdir}/udev|/lib/modules/[^/]*/modules.*|"
+MULTILIBRE_ALLOW_REP =. 
"${datadir}/glib-2.0/schemas|{base_bindir}|${base_sbindir}|${bindir}|${sbindir}|${libexecdir}|${sysconfdir}|${nonarch_base_libdir}/udev|/lib/modules/[^/]*/modules.*|"
 MULTILIB_CHECK_FILE = "${WORKDIR}/multilib_check.py"
 MULTILIB_TEMP_ROOTFS = "${WORKDIR}/multilib"
 
-- 
2.43.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#191020): 
https://lists.openembedded.org/g/openembedded-core/message/191020
Mute This Topic: https://lists.openembedded.org/mt/102744806/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH v9 2/3] vte: Upgrade to 0.74.1

[Khem Raj]

* Inherit systemd class
* Add packageconfig for fribidi support

(From OE-Core rev: 6c952b332cc07aa0babec8bc2839b3701f308d54)

Signed-off-by: Khem Raj 
Signed-off-by: Alexandre Belloni 
---
v9: Rebased

 meta/recipes-support/vte/{vte_0.74.0.bb => vte_0.74.1.bb} | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)
 rename meta/recipes-support/vte/{vte_0.74.0.bb => vte_0.74.1.bb} (89%)

diff --git a/meta/recipes-support/vte/vte_0.74.0.bb 
b/meta/recipes-support/vte/vte_0.74.1.bb
similarity index 89%
rename from meta/recipes-support/vte/vte_0.74.0.bb
rename to meta/recipes-support/vte/vte_0.74.1.bb
index 21203adcf79..8a7054a13cd 100644
--- a/meta/recipes-support/vte/vte_0.74.0.bb
+++ b/meta/recipes-support/vte/vte_0.74.1.bb
@@ -16,10 +16,10 @@ DEPENDS = "glib-2.0 glib-2.0-native gtk+3 libpcre2 
libxml2-native gperf-native i
 GIR_MESON_OPTION = 'gir'
 GIDOCGEN_MESON_OPTION = "docs"
 
-inherit gnomebase gi-docgen features_check upstream-version-is-even 
gobject-introspection vala
+inherit gnomebase gi-docgen features_check upstream-version-is-even 
gobject-introspection systemd vala
 
 SRC_URI += "file://0001-Add-W_EXITCODE-macro-for-non-glibc-systems.patch"
-SRC_URI[archive.sha256sum] = 
"9ae08f777952ba793221152d360550451580f42d3b570e3341ebb6841984c76b"
+SRC_URI[archive.sha256sum] = 
"2328c3f1c998350a18e0e513348e9fc581d57ea4e7b89aedf11e0e3c65042b4f"
 
 ANY_OF_DISTRO_FEATURES = "${GTK3DISTROFEATURES}"
 
@@ -31,6 +31,7 @@ PACKAGECONFIG ??= " \
${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)} \
${@bb.utils.contains('DISTRO_FEATURES', 'opengl', 'gtk4', '', d)} \
 "
+PACKAGECONFIG[fribidi] = "-Dfribidi=true,-Dfribidi=false,fribidi"
 PACKAGECONFIG[gtk4] = "-Dgtk4=true,-Dgtk4=false,gtk4"
 PACKAGECONFIG[gnutls] = "-Dgnutls=true,-Dgnutls=false,gnutls"
 PACKAGECONFIG[systemd] = "-D_systemd=true,-D_systemd=false,systemd"
-- 
2.43.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#191019): 
https://lists.openembedded.org/g/openembedded-core/message/191019
Mute This Topic: https://lists.openembedded.org/mt/102744804/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH v9 1/3] vte: upgrade 2.72.2 -> 2.74.0

[Khem Raj]

From: Markus Volk 

Rework recipe

- remove legacy of the autotools buildsystem
- remove BBCLASSEXTEND
- build vapi dependent on gi-data
- docs require gir, add a EXTRA_OEMESON:append to avoid fail in
  a combination where docs=true and gir=false
- gtk+3 and gtk4 are requested by default-> add gtk4 depending
  on DISTRO_FEATURE
- install systemd support files depending on DISTRO_FEATURE
- update 0001-Add-W_EXITCODE-macro-for-non-glibc-systems.patch

(From OE-Core rev: f9ddacafbdcf0539a8d5eecfa981194b401f1062)

Signed-off-by: Markus Volk 
Signed-off-by: Khem Raj 
Signed-off-by: Alexandre Belloni 
---
v9: Rebased

 ...EXITCODE-macro-for-non-glibc-systems.patch | 35 ---
 .../vte/{vte_0.72.2.bb => vte_0.74.0.bb}  | 29 ++-
 2 files changed, 25 insertions(+), 39 deletions(-)
 rename meta/recipes-support/vte/{vte_0.72.2.bb => vte_0.74.0.bb} (66%)

diff --git 
a/meta/recipes-support/vte/vte/0001-Add-W_EXITCODE-macro-for-non-glibc-systems.patch
 
b/meta/recipes-support/vte/vte/0001-Add-W_EXITCODE-macro-for-non-glibc-systems.patch
index b4100fc381e..8934d5f80a6 100644
--- 
a/meta/recipes-support/vte/vte/0001-Add-W_EXITCODE-macro-for-non-glibc-systems.patch
+++ 
b/meta/recipes-support/vte/vte/0001-Add-W_EXITCODE-macro-for-non-glibc-systems.patch
@@ -11,32 +11,25 @@ Upstream-Status: Submitted [1]
 Signed-off-by: Andreas Müller 
 
 [1] https://gitlab.gnome.org/GNOME/vte/issues/72
-
 ---
- src/missing.hh | 4 
- src/widget.cc  | 1 +
- 2 files changed, 5 insertions(+)
+ src/widget.cc  | 4 +++
+ 1 files changed, 4 insertions(+)
 
 a/src/missing.hh
-+++ b/src/missing.hh
-@@ -24,6 +24,10 @@
- #define NSIG (8 * sizeof(sigset_t))
- #endif
+diff --git a/src/widget.cc b/src/widget.cc
+index 07f7cabf..31a77f68 100644
+--- a/src/widget.cc
 b/src/widget.cc
+@@ -16,6 +16,10 @@
+  * along with this library.  If not, see .
+  */
  
 +#ifndef W_EXITCODE
 +#define W_EXITCODE(ret, sig) ((ret) << 8 | (sig))
 +#endif
 +
- #ifndef HAVE_FDWALK
- int fdwalk(int (*cb)(void* data, int fd),
-void* data);
 a/src/widget.cc
-+++ b/src/widget.cc
-@@ -21,6 +21,7 @@
- #include "widget.hh"
- 
- #include  // for W_EXITCODE
-+#include "missing.hh" // for W_EXITCODE on non-glibc systems
+ #include "config.h"
  
- #include 
- #include 
+ #include "widget.hh"
+-- 
+2.42.0
+
diff --git a/meta/recipes-support/vte/vte_0.72.2.bb 
b/meta/recipes-support/vte/vte_0.74.0.bb
similarity index 66%
rename from meta/recipes-support/vte/vte_0.72.2.bb
rename to meta/recipes-support/vte/vte_0.74.0.bb
index 44e71491f62..21203adcf79 100644
--- a/meta/recipes-support/vte/vte_0.72.2.bb
+++ b/meta/recipes-support/vte/vte_0.74.0.bb
@@ -16,32 +16,27 @@ DEPENDS = "glib-2.0 glib-2.0-native gtk+3 libpcre2 
libxml2-native gperf-native i
 GIR_MESON_OPTION = 'gir'
 GIDOCGEN_MESON_OPTION = "docs"
 
-inherit gnomebase gi-docgen features_check upstream-version-is-even 
gobject-introspection
+inherit gnomebase gi-docgen features_check upstream-version-is-even 
gobject-introspection vala
 
-# vapigen.m4 is required when vala is not present (but the one from vala 
should be used normally)
 SRC_URI += "file://0001-Add-W_EXITCODE-macro-for-non-glibc-systems.patch"
-SRC_URI[archive.sha256sum] = 
"f7966fd185a6981f53964162b71cfef7e606495155d6f5827b72aa0dd6741c9e"
+SRC_URI[archive.sha256sum] = 
"9ae08f777952ba793221152d360550451580f42d3b570e3341ebb6841984c76b"
 
 ANY_OF_DISTRO_FEATURES = "${GTK3DISTROFEATURES}"
 
-# Help g-ir-scanner find the .so for linking
-do_compile:prepend() {
-export GIR_EXTRA_LIBS_PATH="${B}/src/.libs"
-}
+EXTRA_OEMESON += "${@bb.utils.contains('GI_DATA_ENABLED', 'True', 
'-Dvapi=true', '-Dvapi=false', d)}"
+EXTRA_OEMESON:append = " ${@bb.utils.contains('GI_DATA_ENABLED', 'False', 
'-Ddocs=false', '', d)}"
 
-# Package additional files
-FILES:${PN}-dev += "${datadir}/vala/vapi/*"
-
-PACKAGECONFIG ??= "gnutls"
-PACKAGECONFIG[vala] = "-Dvapi=true,-Dvapi=false,vala-native vala"
+PACKAGECONFIG ??= " \
+   gnutls \
+   ${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)} \
+   ${@bb.utils.contains('DISTRO_FEATURES', 'opengl', 'gtk4', '', d)} \
+"
+PACKAGECONFIG[gtk4] = "-Dgtk4=true,-Dgtk4=false,gtk4"
 PACKAGECONFIG[gnutls] = "-Dgnutls=true,-Dgnutls=false,gnutls"
 PACKAGECONFIG[systemd] = "-D_systemd=true,-D_systemd=false,systemd"
-# vala requires gir
-PACKAGECONFIG:remove:class-native = "vala"
-
-CFLAGS += "-D_GNU_SOURCE"
 
 PACKAGES =+ "libvte ${PN}-prompt"
+FILES:${PN} +="${systemd_user_unitdir}"
 FILES:libvte = "${libdir}/*.so.* ${libdir}/girepository-1.0/*"
 FILES:${PN}-prompt = " \
 ${sysconfdir}/profile.d \
@@ -49,5 +44,3 @@ FILES:${PN}-prompt = " \
 "
 
 FILES:${PN}-dev += "${datadir}/glade/"
-
-BBCLASSEXTEND = "native nativesdk"
-- 
2.43.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#191018): 
https://lists.openembedded.org/g/openembedded-core/message/191018
Mute This Topic: https://lists.openembedded.org/mt/1

Patchtest results for [OE-core][kirkstone][PATCH] openssl: fix CVE-2023-5678 Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow

[Patchtest]

Thank you for your submission. Patchtest identified one
or more issues with the patch. Please see the log below for
more information:

---
Testing patch 
/home/patchtest/share/mboxes/kirkstone-openssl-fix-CVE-2023-5678-Generating-excessively-long-X9.42-DH-keys-or-checking-excessively-long-X9.42-DH-keys-or-parameters-may-be-very-slow.patch

FAIL: test commit message presence: Please include a commit message on your 
patch explaining the change (test_mbox.TestMbox.test_commit_message_presence)
FAIL: test shortlog length: Edit shortlog so that it is 90 characters or less 
(currently 161 characters) (test_mbox.TestMbox.test_shortlog_length)

PASS: pretest src uri left files 
(test_metadata.TestMetadata.pretest_src_uri_left_files)
PASS: test CVE tag format (test_patch.TestPatch.test_cve_tag_format)
PASS: test Signed-off-by presence 
(test_mbox.TestMbox.test_signed_off_by_presence)
PASS: test Signed-off-by presence 
(test_patch.TestPatch.test_signed_off_by_presence)
PASS: test Upstream-Status presence 
(test_patch.TestPatch.test_upstream_status_presence_format)
PASS: test author valid (test_mbox.TestMbox.test_author_valid)
PASS: test lic files chksum modified not mentioned 
(test_metadata.TestMetadata.test_lic_files_chksum_modified_not_mentioned)
PASS: test max line length (test_metadata.TestMetadata.test_max_line_length)
PASS: test mbox format (test_mbox.TestMbox.test_mbox_format)
PASS: test non-AUH upgrade (test_mbox.TestMbox.test_non_auh_upgrade)
PASS: test shortlog format (test_mbox.TestMbox.test_shortlog_format)
PASS: test src uri left files 
(test_metadata.TestMetadata.test_src_uri_left_files)

SKIP: pretest pylint: No python related patches, skipping test 
(test_python_pylint.PyLint.pretest_pylint)
SKIP: test bugzilla entry format: No bug ID found 
(test_mbox.TestMbox.test_bugzilla_entry_format)
SKIP: test lic files chksum presence: No added recipes, skipping test 
(test_metadata.TestMetadata.test_lic_files_chksum_presence)
SKIP: test license presence: No added recipes, skipping test 
(test_metadata.TestMetadata.test_license_presence)
SKIP: test pylint: No python related patches, skipping test 
(test_python_pylint.PyLint.test_pylint)
SKIP: test series merge on head: Merge test is disabled for now 
(test_mbox.TestMbox.test_series_merge_on_head)
SKIP: test summary presence: No added recipes, skipping test 
(test_metadata.TestMetadata.test_summary_presence)
SKIP: test target mailing list: Series merged, no reason to check other mailing 
lists (test_mbox.TestMbox.test_target_mailing_list)

---

Please address the issues identified and
submit a new revision of the patch, or alternatively, reply to this
email with an explanation of why the patch should be accepted. If you
believe these results are due to an error in patchtest, please submit a
bug at https://bugzilla.yoctoproject.org/ (use the 'Patchtest' category
under 'Yocto Project Subprojects'). For more information on specific
failures, see: https://wiki.yoctoproject.org/wiki/Patchtest. Thank
you!

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#191017): 
https://lists.openembedded.org/g/openembedded-core/message/191017
Mute This Topic: https://lists.openembedded.org/mt/102744712/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone][PATCH] openssl: fix CVE-2023-5678 Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow

[vkumbhar via lists.openembedded.org]

Signed-off-by: Vivek Kumbhar 
---
 .../openssl/openssl/CVE-2023-5678.patch   | 180 ++
 .../openssl/openssl_3.0.12.bb |   1 +
 2 files changed, 181 insertions(+)
 create mode 100644 
meta/recipes-connectivity/openssl/openssl/CVE-2023-5678.patch

diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2023-5678.patch 
b/meta/recipes-connectivity/openssl/openssl/CVE-2023-5678.patch
new file mode 100644
index 00..796a4f8be9
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/CVE-2023-5678.patch
@@ -0,0 +1,180 @@
+From db925ae2e65d0d925adef429afc37f75bd1c2017 Mon Sep 17 00:00:00 2001
+From: Richard Levitte 
+Date: Fri, 20 Oct 2023 09:18:19 +0200
+Subject: [PATCH] Make DH_check_pub_key() and DH_generate_key() safer yet
+
+We already check for an excessively large P in DH_generate_key(), but not in
+DH_check_pub_key(), and none of them check for an excessively large Q.
+
+This change adds all the missing excessive size checks of P and Q.
+
+It's to be noted that behaviours surrounding excessively sized P and Q
+differ.  DH_check() raises an error on the excessively sized P, but only
+sets a flag for the excessively sized Q.  This behaviour is mimicked in
+DH_check_pub_key().
+
+Reviewed-by: Tomas Mraz 
+Reviewed-by: Matt Caswell 
+Reviewed-by: Hugo Landau 
+(Merged from https://github.com/openssl/openssl/pull/22518)
+
+(cherry picked from commit ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6)
+
+Upstream-Status: Backport 
[https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017]
+CVE: CVE-2023-5678
+Signed-off-by: Vivek Kumbhar 
+---
+ crypto/dh/dh_check.c| 12 
+ crypto/dh/dh_err.c  |  3 ++-
+ crypto/dh/dh_key.c  | 12 
+ crypto/err/openssl.txt  |  1 +
+ include/crypto/dherr.h  |  2 +-
+ include/openssl/dh.h|  6 +++---
+ include/openssl/dherr.h |  3 ++-
+ 7 files changed, 33 insertions(+), 6 deletions(-)
+
+diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c
+index 7ba2bea..e20eb62 100644
+--- a/crypto/dh/dh_check.c
 b/crypto/dh/dh_check.c
+@@ -249,6 +249,18 @@ int DH_check_pub_key_ex(const DH *dh, const BIGNUM 
*pub_key)
+  */
+ int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
+ {
++/* Don't do any checks at all with an excessively large modulus */
++if (BN_num_bits(dh->params.p) > OPENSSL_DH_CHECK_MAX_MODULUS_BITS) {
++ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_LARGE);
++*ret = DH_MODULUS_TOO_LARGE | DH_CHECK_PUBKEY_INVALID;
++return 0;
++}
++
++if (dh->params.q != NULL && BN_ucmp(dh->params.p, dh->params.q) < 0) {
++*ret |= DH_CHECK_INVALID_Q_VALUE | DH_CHECK_PUBKEY_INVALID;
++return 1;
++}
++
+ return ossl_ffc_validate_public_key(&dh->params, pub_key, ret);
+ }
+
+diff --git a/crypto/dh/dh_err.c b/crypto/dh/dh_err.c
+index 4152397..f76ac0d 100644
+--- a/crypto/dh/dh_err.c
 b/crypto/dh/dh_err.c
+@@ -1,6 +1,6 @@
+ /*
+  * Generated by util/mkerr.pl DO NOT EDIT
+- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
++ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+  *
+  * Licensed under the Apache License 2.0 (the "License").  You may not use
+  * this file except in compliance with the License.  You can obtain a copy
+@@ -54,6 +54,7 @@ static const ERR_STRING_DATA DH_str_reasons[] = {
+ {ERR_PACK(ERR_LIB_DH, 0, DH_R_PARAMETER_ENCODING_ERROR),
+ "parameter encoding error"},
+ {ERR_PACK(ERR_LIB_DH, 0, DH_R_PEER_KEY_ERROR), "peer key error"},
++{ERR_PACK(ERR_LIB_DH, 0, DH_R_Q_TOO_LARGE), "q too large"},
+ {ERR_PACK(ERR_LIB_DH, 0, DH_R_SHARED_INFO_ERROR), "shared info error"},
+ {ERR_PACK(ERR_LIB_DH, 0, DH_R_UNABLE_TO_CHECK_GENERATOR),
+ "unable to check generator"},
+diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
+index d84ea99..afc49f5 100644
+--- a/crypto/dh/dh_key.c
 b/crypto/dh/dh_key.c
+@@ -49,6 +49,12 @@ int ossl_dh_compute_key(unsigned char *key, const BIGNUM 
*pub_key, DH *dh)
+ goto err;
+ }
+
++if (dh->params.q != NULL
++&& BN_num_bits(dh->params.q) > OPENSSL_DH_MAX_MODULUS_BITS) {
++ERR_raise(ERR_LIB_DH, DH_R_Q_TOO_LARGE);
++goto err;
++}
++
+ if (BN_num_bits(dh->params.p) < DH_MIN_MODULUS_BITS) {
+ ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_SMALL);
+ return 0;
+@@ -267,6 +273,12 @@ static int generate_key(DH *dh)
+ return 0;
+ }
+
++if (dh->params.q != NULL
++&& BN_num_bits(dh->params.q) > OPENSSL_DH_MAX_MODULUS_BITS) {
++ERR_raise(ERR_LIB_DH, DH_R_Q_TOO_LARGE);
++return 0;
++}
++
+ if (BN_num_bits(dh->params.p) < DH_MIN_MODULUS_BITS) {
+ ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_SMALL);
+ return 0;
+diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
+index e51504b..36de321 100644
+--- a/crypto/err/openssl.txt
 b/crypto/err/openssl.txt
+@@ -500,6 +500,7 @@ DH_R_N

[OE-core][kirkstone 16/16] libxcrypt: fixed some build error for nativesdk with mingw

[Steve Sakoman]

From: Wenlin Kang 

Steps to reproduce
  1) add layer meta-mingw
  2) add line in local.conf
 SDKMACHINE = "x86_64-mingw32"
  3) bitbake nativesdk-libxcrypt

Fixed:
1. .symver error
  | {standard input}: Assembler messages:
  | {standard input}:4: Error: unknown pseudo-op: `.symver'

2. pedantic error
  | ../git/lib/crypt.c:316:24: error: ISO C does not allow extra ';' outside of 
a function [-Werror=pedantic]
  |   316 | SYMVER_crypt_gensalt_rn;
  |   |

3. conversion error
  | ../git/lib/util-get-random-bytes.c: In function '_crypt_get_random_bytes':
  | ../git/lib/util-get-random-bytes.c:140:42: error: conversion from 'size_t' 
{aka 'long long unsigned int'} to 'unsigned int' may change value 
[-Werror=conversion]
  |   140 |   ssize_t nread = read (fd, buf, buflen);

Signed-off-by: Wenlin Kang 
Signed-off-by: Steve Sakoman 
---
 .../0001-Fix-for-compilation-on-Windows.patch | 37 +++
 ...dom-bytes.c-fixed-conversion-error-w.patch | 47 +++
 meta/recipes-core/libxcrypt/libxcrypt.inc |  4 ++
 3 files changed, 88 insertions(+)
 create mode 100644 
meta/recipes-core/libxcrypt/files/0001-Fix-for-compilation-on-Windows.patch
 create mode 100644 
meta/recipes-core/libxcrypt/files/0001-lib-util-get-random-bytes.c-fixed-conversion-error-w.patch

diff --git 
a/meta/recipes-core/libxcrypt/files/0001-Fix-for-compilation-on-Windows.patch 
b/meta/recipes-core/libxcrypt/files/0001-Fix-for-compilation-on-Windows.patch
new file mode 100644
index 00..5760ee09cc
--- /dev/null
+++ 
b/meta/recipes-core/libxcrypt/files/0001-Fix-for-compilation-on-Windows.patch
@@ -0,0 +1,37 @@
+From a507b628a5a5d4e4f1cf0f0a9a72967470ee7624 Mon Sep 17 00:00:00 2001
+From: Brecht Sanders 
+Date: Fri, 3 Feb 2023 08:44:49 +0100
+Subject: [PATCH] Fix for compilation on Windows
+
+This fix allows the library to build on Windows (at least with MinGW-w64).
+
+`.symver` is only supported for ELF format but Windows uses COFF/PE.
+
+Workaround dummy define of `symver_set()`
+
+Upstream-Status: Backport 
[https://github.com/besser82/libxcrypt/commit/a507b628a5a5d4e4f1cf0f0a9a72967470ee7624]
+
+Signed-off-by: Wenlin Kang 
+---
+ lib/crypt-port.h | 5 +
+ 1 file changed, 5 insertions(+)
+
+diff --git a/lib/crypt-port.h b/lib/crypt-port.h
+index f06ca24..a707939 100644
+--- a/lib/crypt-port.h
 b/lib/crypt-port.h
+@@ -201,6 +201,11 @@ extern size_t strcpy_or_abort (void *dst, size_t d_size, 
const void *src);
+   __asm__(".globl _" extstr);   \
+   __asm__(".set _" extstr ", _" #intname)
+ 
++#elif defined _WIN32
++
++/* .symver is only supported for ELF format, Windows uses COFF/PE */
++# define symver_set(extstr, intname, version, mode)
++
+ #elif defined __GNUC__ && __GNUC__ >= 3
+ 
+ # define _strong_alias(name, aliasname) \
+-- 
+2.34.1
+
diff --git 
a/meta/recipes-core/libxcrypt/files/0001-lib-util-get-random-bytes.c-fixed-conversion-error-w.patch
 
b/meta/recipes-core/libxcrypt/files/0001-lib-util-get-random-bytes.c-fixed-conversion-error-w.patch
new file mode 100644
index 00..3846f76674
--- /dev/null
+++ 
b/meta/recipes-core/libxcrypt/files/0001-lib-util-get-random-bytes.c-fixed-conversion-error-w.patch
@@ -0,0 +1,47 @@
+From ff99091eb8a6b9e6edc567f6d2552183fbaacec3 Mon Sep 17 00:00:00 2001
+From: Wenlin Kang 
+Date: Mon, 6 Nov 2023 14:43:28 +0800
+Subject: [PATCH] lib/util-get-random-bytes.c: fixed conversion error with
+ mingw
+
+With x86_64-w64-mingw32-gcc. get below error:
+| ../git/lib/util-get-random-bytes.c: In function '_crypt_get_random_bytes':
+| ../git/lib/util-get-random-bytes.c:140:42: error: conversion from 'size_t' 
{aka 'long long unsigned int'} to 'unsigned int' may change value 
[-Werror=conversion]
+|   140 |   ssize_t nread = read (fd, buf, buflen);
+|   |  ^~
+
+In util-get-random-bytes.c, has get_random_bytes(void *buf, size_t buflen),
+but in mingw-w64-mingw-w64/mingw-w64-headers/crt/io.h, read() has "unsigned 
int"
+read(int _FileHandle,void *_DstBuf,unsigned int _MaxCharCount), and has:
+ #ifdef _WIN64
+   __MINGW_EXTENSION typedef unsigned __int64 size_t;
+ #else
+   typedef unsigned int size_t;
+ #endif /* _WIN64 */
+
+Upstream-Status: Pending
+
+Signed-off-by: Wenlin Kang 
+---
+ lib/util-get-random-bytes.c | 4 
+ 1 file changed, 4 insertions(+)
+
+diff --git a/lib/util-get-random-bytes.c b/lib/util-get-random-bytes.c
+index 79816db..68cd378 100644
+--- a/lib/util-get-random-bytes.c
 b/lib/util-get-random-bytes.c
+@@ -137,7 +137,11 @@ get_random_bytes(void *buf, size_t buflen)
+ dev_urandom_doesnt_work = true;
+   else
+ {
++#ifdef _WIN64
++  ssize_t nread = read (fd, buf, (unsigned int)buflen);
++#else
+   ssize_t nread = read (fd, buf, buflen);
++#endif
+   if (nread < 0 || (size_t)nread < buflen)
+ dev_urandom_doesnt_work = true;
+ 
+-- 
+2.25.1
+
diff --git a/meta/recipes-core/libxcrypt/libxcrypt.inc 
b/meta

[OE-core][kirkstone 15/16] goarch: Move Go architecture mapping to a library

[Steve Sakoman]

From: Peter Marko 

Other spaces uses the Go architecture definitions as their own (for
example, container arches are defined to be Go arches). To make it
easier for other places to use this mapping, move the code that does the
translation of OpenEmbedded arches to Go arches to a library.

(From oe-core rev: 3e86f72fc2e1cc2e5ea4b4499722d736941167ce)

This commit together with meta-virtualization commit
115f6367f37095415f289fb6981cda9608ac72ff
broke meta-virtualization master used with
meta-lts-mixins kirkstone/go which is our primary
usecase for having kirkstone/go mixin layer

Manually crafted since cherry-pick had too many conflicts:
* different path to classes
* additional architecture loongarch64
* different way how to import library

Signed-off-by: Peter Marko 
Cc: Joshua Watt 
Cc: Bruce Ashfield 
Cc: Jose Quaresma 
Signed-off-by: Steve Sakoman 
---
 meta/classes/base.bbclass   |  2 +-
 meta/classes/goarch.bbclass | 27 +++
 meta/lib/oe/go.py   | 32 
 3 files changed, 36 insertions(+), 25 deletions(-)
 create mode 100644 meta/lib/oe/go.py

diff --git a/meta/classes/base.bbclass b/meta/classes/base.bbclass
index b15c5839b6..ee26ee5597 100644
--- a/meta/classes/base.bbclass
+++ b/meta/classes/base.bbclass
@@ -12,7 +12,7 @@ inherit logging
 
 OE_EXTRA_IMPORTS ?= ""
 
-OE_IMPORTS += "os sys time oe.path oe.utils oe.types oe.package 
oe.packagegroup oe.sstatesig oe.lsb oe.cachedpath oe.license oe.qa 
oe.reproducible oe.rust ${OE_EXTRA_IMPORTS}"
+OE_IMPORTS += "os sys time oe.path oe.utils oe.types oe.package 
oe.packagegroup oe.sstatesig oe.lsb oe.cachedpath oe.license oe.qa 
oe.reproducible oe.rust oe.go ${OE_EXTRA_IMPORTS}"
 OE_IMPORTS[type] = "list"
 
 PACKAGECONFIG_CONFARGS ??= ""
diff --git a/meta/classes/goarch.bbclass b/meta/classes/goarch.bbclass
index 92fec16b82..394c0c5d84 100644
--- a/meta/classes/goarch.bbclass
+++ b/meta/classes/goarch.bbclass
@@ -61,31 +61,10 @@ SECURITY_NOPIE_CFLAGS ??= ""
 CCACHE_DISABLE ?= "1"
 
 def go_map_arch(a, d):
-import re
-if re.match('i.86', a):
-return '386'
-elif a == 'x86_64':
-return 'amd64'
-elif re.match('arm.*', a):
-return 'arm'
-elif re.match('aarch64.*', a):
-return 'arm64'
-elif re.match('mips64el.*', a):
-return 'mips64le'
-elif re.match('mips64.*', a):
-return 'mips64'
-elif a == 'mips':
-return 'mips'
-elif a == 'mipsel':
-return 'mipsle'
-elif re.match('p(pc|owerpc)(64le)', a):
-return 'ppc64le'
-elif re.match('p(pc|owerpc)(64)', a):
-return 'ppc64'
-elif a == 'riscv64':
-return 'riscv64'
-else:
+arch = oe.go.map_arch(a)
+if not arch:
 raise bb.parse.SkipRecipe("Unsupported CPU architecture: %s" % a)
+return arch
 
 def go_map_arm(a, d):
 if a.startswith("arm"):
diff --git a/meta/lib/oe/go.py b/meta/lib/oe/go.py
new file mode 100644
index 00..9996057f12
--- /dev/null
+++ b/meta/lib/oe/go.py
@@ -0,0 +1,32 @@
+#
+# Copyright OpenEmbedded Contributors
+#
+# SPDX-License-Identifier: MIT
+#
+
+import re
+
+def map_arch(a):
+if re.match('i.86', a):
+return '386'
+elif a == 'x86_64':
+return 'amd64'
+elif re.match('arm.*', a):
+return 'arm'
+elif re.match('aarch64.*', a):
+return 'arm64'
+elif re.match('mips64el.*', a):
+return 'mips64le'
+elif re.match('mips64.*', a):
+return 'mips64'
+elif a == 'mips':
+return 'mips'
+elif a == 'mipsel':
+return 'mipsle'
+elif re.match('p(pc|owerpc)(64le)', a):
+return 'ppc64le'
+elif re.match('p(pc|owerpc)(64)', a):
+return 'ppc64'
+elif a == 'riscv64':
+return 'riscv64'
+return ''
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#191014): 
https://lists.openembedded.org/g/openembedded-core/message/191014
Mute This Topic: https://lists.openembedded.org/mt/102742416/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone 14/16] go: Fix issue in DNS resolver

[Steve Sakoman]

From: Chaitanya Vadrevu 

This change adds a patch that is a partial backport of an upstream
commit[1].

It fixes a bug in go's DNS resolver that was causing a docker issue
where the first "docker pull" always fails after system boot if docker
daemon is started before networking is completely up.

[1] https://github.com/golang/go/commit/d52883f443e1d564b0300acdd382af1769bf0477

Signed-off-by: Chaitanya Vadrevu 
Signed-off-by: Steve Sakoman 
---
 meta/recipes-devtools/go/go-1.17.13.inc   |  1 +
 ...Fix-issue-with-DNS-not-being-updated.patch | 51 +++
 2 files changed, 52 insertions(+)
 create mode 100644 
meta/recipes-devtools/go/go-1.20/0010-net-Fix-issue-with-DNS-not-being-updated.patch

diff --git a/meta/recipes-devtools/go/go-1.17.13.inc 
b/meta/recipes-devtools/go/go-1.17.13.inc
index a0974629fb..330f571d22 100644
--- a/meta/recipes-devtools/go/go-1.17.13.inc
+++ b/meta/recipes-devtools/go/go-1.17.13.inc
@@ -16,6 +16,7 @@ SRC_URI += "\
 file://0009-Revert-cmd-go-make-sure-CC-and-CXX-are-absolute.patch \
 file://0001-exec.go-do-not-write-linker-flags-into-buildids.patch \
 file://0001-src-cmd-dist-buildgo.go-do-not-hardcode-host-compile.patch \
+file://0010-net-Fix-issue-with-DNS-not-being-updated.patch  \
 file://CVE-2022-27664.patch \
 file://0001-net-http-httputil-avoid-query-parameter-smuggling.patch \
 file://CVE-2022-41715.patch \
diff --git 
a/meta/recipes-devtools/go/go-1.20/0010-net-Fix-issue-with-DNS-not-being-updated.patch
 
b/meta/recipes-devtools/go/go-1.20/0010-net-Fix-issue-with-DNS-not-being-updated.patch
new file mode 100644
index 00..6ead518843
--- /dev/null
+++ 
b/meta/recipes-devtools/go/go-1.20/0010-net-Fix-issue-with-DNS-not-being-updated.patch
@@ -0,0 +1,51 @@
+From 20176b390e28daa86b4552965cb7bd9181983c4d Mon Sep 17 00:00:00 2001
+From: Chaitanya Vadrevu 
+Date: Mon, 6 Nov 2023 20:11:19 -0600
+Subject: [PATCH] net: Fix issue with DNS not being updated
+
+When dns requests are made, go's native DNS resolver only reads
+/etc/resolv.conf if the previous request is older than 5 seconds.
+
+On first network call, an initialization code runs that is
+supposed to initialize DNS data and set lastChecked time. There is a bug
+in this code that causes /etc/resolv.conf to not be read during
+initialization and the DNS data from program startup ends up being used
+until the next 5 seconds. This means that if /etc/resolv.conf changed
+between program startup and the first network call, old DNS data is
+still used until the next 5 seconds.
+
+This causes "docker pull" to fail the first time if docker daemon is
+started before networking is up.
+
+Upstream commit d52883f443e1d564b0300acdd382af1769bf0477 made lot of
+improvements to DNS resolver to fix some issues which also fixes this
+issue.
+This patch picks the relevant changes from it to fix this particular
+issue.
+
+Upstream-Status: Backport 
[https://github.com/golang/go/commit/d52883f443e1d564b0300acdd382af1769bf0477]
+
+Signed-off-by: Chaitanya Vadrevu 
+---
+ src/net/dnsclient_unix.go | 5 +
+ 1 file changed, 1 insertion(+), 4 deletions(-)
+
+diff --git a/src/net/dnsclient_unix.go b/src/net/dnsclient_unix.go
+index 6dfd4af..520ffe6 100644
+--- a/src/net/dnsclient_unix.go
 b/src/net/dnsclient_unix.go
+@@ -337,10 +337,7 @@ var resolvConf resolverConfig
+ func (conf *resolverConfig) init() {
+   // Set dnsConfig and lastChecked so we don't parse
+   // resolv.conf twice the first time.
+-  conf.dnsConfig = systemConf().resolv
+-  if conf.dnsConfig == nil {
+-  conf.dnsConfig = dnsReadConfig("/etc/resolv.conf")
+-  }
++  conf.dnsConfig = dnsReadConfig("/etc/resolv.conf")
+   conf.lastChecked = time.Now()
+ 
+   // Prepare ch so that only one update of resolverConfig may
+-- 
+2.34.1
+
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#191013): 
https://lists.openembedded.org/g/openembedded-core/message/191013
Mute This Topic: https://lists.openembedded.org/mt/102742415/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone 13/16] sudo: upgrade 1.9.13p3 -> 1.9.15p2

[Steve Sakoman]

From: Soumya Sambu 

License-update: file removed upstream

Drop patch as issue fixed upstream.

Changelog:
===
1.9.15p2
 * Fixed a bug on BSD systems where sudo would not restore the
   terminal settings on exit if the terminal had parity enabled.
   GitHub issue #326.

1.9.15p1
 * Fixed a bug introduced in sudo 1.9.15 that prevented LDAP-based
   sudoers from being able to read the ldap.conf file.
   GitHub issue #325.

1.9.15
 * Fixed an undefined symbol problem on older versions of macOS
   when "intercept" or "log_subcmds" are enabled in sudoers.
   GitHub issue #276.
 * Fixed "make check" failure related to getpwent(3) wrapping
   on NetBSD.
 * Fixed the warning message for "sudo -l command" when the command
   is not permitted.  There was a missing space between "list" and
   the actual command due to changes in sudo 1.9.14.
 * Fixed a bug where output could go to the wrong terminal if
   "use_pty" is enabled (the default) and the standard input, output
   or error is redirected to a different terminal.  Bug #1056.
 * The visudo utility will no longer create an empty file when the
   specified sudoers file does not exist and the user exits the
   editor without making any changes.  GitHub issue #294.
 * The AIX and Solaris sudo packages on www.sudo.ws now support
   "log_subcmds" and "intercept" with both 32-bit and 64-bit
   binaries.  Previously, they only worked when running binaries
   with the same word size as the sudo binary.  GitHub issue #289.
 * The sudoers source is now logged in the JSON event log.  This
   makes it possible to tell which rule resulted in a match.
 * Running "sudo -ll command" now produces verbose output that
   includes matching rule as well as the path to the sudoers file
   the matching rule came from.  For LDAP sudoers, the name of the
   matching sudoRole is printed instead.
 * The embedded copy of zlib has been updated to version 1.3.
 * The sudoers plugin has been modified to make it more resilient
   to ROWHAMMER attacks on authentication and policy matching.
   This addresses CVE-2023-42465.
 * The sudoers plugin now constructs the user time stamp file path
   name using the user-ID instead of the user name.  This avoids a
   potential problem with user names that contain a path separator
   ('/') being interpreted as part of the path name.  A similar
   issue in sudo-rs has been assigned CVE-2023-42456.
 * A path separator ('/') in a user, group or host name is now
   replaced with an underbar character ('_') when expanding escapes
   in @include and @includedir directives as well as the "iolog_file"
   and "iolog_dir" sudoers Default settings.
 * The "intercept_verify" sudoers option is now only applied when
   the "intercept" option is set in sudoers.  Previously, it was
   also applied when "log_subcmds" was enabled.  Sudo 1.9.14
   contained an incorrect fix for this.  Bug #1058.
 * Changes to terminal settings are now performed atomically, where
   possible.  If the command is being run in a pseudo-terminal and
   the user's terminal is already in raw mode, sudo will not change
   the user's terminal settings.  This prevents concurrent sudo
   processes from restoring the terminal settings to the wrong values.
   GitHub issue #312.
 * Reverted a change from sudo 1.9.4 that resulted in PAM session
   modules being called with the environment of the command to be
   run instead of the environment of the invoking user.
   GitHub issue #318.
 * New Indonesian translation from translationproject.org.
 * The sudo_logsrvd server will now raise its open file descriptor
   limit to the maximum allowed value when it starts up.  Each
   connection can require up to nine open file descriptors so the
   default soft limit may be too low.
 * Better log message when rejecting a command if the "intercept"
   option is enabled and the "intercept_allow_setid" option is
   disabled.  Previously, "command not allowed" would be logged and
   the user had no way of knowing what the actual problem was.
 * Sudo will now log the invoking user's environment as "submitenv"
   in the JSON logs.  The command's environment ("runenv") is no
   longer logged for commands rejected by the sudoers file or an
   approval plugin.

1.9.14p3
 * Fixed a crash with Python 3.12 when the sudo Python plugin is
   unloaded.  This only affects "make check" for the Python plugin.
 * Adapted the sudo Python plugin test output to match Python 3.12.

1.9.14p2
 * Fixed a crash on Linux systems introduced in version 1.9.14 when
   running a command with a NULL argv[0] if "log_subcmds" or
   "intercept" is enabled in sudoers.
 * Fixed a problem with "stair-stepped" output when piping or
   redirecting the output of a sudo command that takes user input.
 * Fixed a bug introduced in sudo 1.9.14 that affects matching
   sudoers rules containing a Runas_Spec with an empty Runas user.
   These rules should only match when sudo's -g option is used but
   were matching even without the -g option.  GitHub is

[OE-core][kirkstone 12/16] go: ignore CVE-2023-45283 and CVE-2023-45284

[Steve Sakoman]

From: Peter Marko 

These CVEs affect path handling on Windows.

Signed-off-by: Peter Marko 
Signed-off-by: Steve Sakoman 
---
 meta/recipes-devtools/go/go-1.17.13.inc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-devtools/go/go-1.17.13.inc 
b/meta/recipes-devtools/go/go-1.17.13.inc
index 461819d80f..a0974629fb 100644
--- a/meta/recipes-devtools/go/go-1.17.13.inc
+++ b/meta/recipes-devtools/go/go-1.17.13.inc
@@ -54,5 +54,5 @@ SRC_URI[main.sha256sum] = 
"a1a48b23afb206f95e7bbaa9b898d965f90826f6f1d1fc0c1d784
 # https://github.com/golang/go/issues/30999#issuecomment-910470358
 CVE_CHECK_IGNORE += "CVE-2021-29923"
 
-# This is specific to Microsoft Windows
-CVE_CHECK_IGNORE += "CVE-2022-41716"
+# This are specific to Microsoft Windows
+CVE_CHECK_IGNORE += "CVE-2022-41716 CVE-2023-45283 CVE-2023-45284"
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#191011): 
https://lists.openembedded.org/g/openembedded-core/message/191011
Mute This Topic: https://lists.openembedded.org/mt/102742412/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone 11/16] ghostscript: ignore GhostPCL CVE-2023-38560

[Steve Sakoman]

From: Lee Chee Yang 

issue in GhostPCL.
GhostPCL not part of this GhostScript recipe.

Signed-off-by: Lee Chee Yang 
Signed-off-by: Steve Sakoman 
---
 meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb 
b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
index 4c4c22cf39..7f4050755c 100644
--- a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
+++ b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
@@ -23,6 +23,9 @@ UPSTREAM_CHECK_REGEX = "(?P\d+(\.\d+)+)\.tar"
 # however we use an external jpeg which doesn't have the issue.
 CVE_CHECK_IGNORE += "CVE-2013-6629"
 
+# Issue in the GhostPCL. GhostPCL not part of this GhostScript recipe.
+CVE_CHECK_IGNORE += "CVE-2023-38560"
+
 def gs_verdir(v):
 return "".join(v.split("."))
 
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#191010): 
https://lists.openembedded.org/g/openembedded-core/message/191010
Mute This Topic: https://lists.openembedded.org/mt/102742407/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone 10/16] binutils: Fix CVE-2022-48064

[Steve Sakoman]

From: Deepthi Hemraj 

Signed-off-by: Deepthi Hemraj 
Signed-off-by: Steve Sakoman 
---
 .../binutils/binutils-2.38.inc|  1 +
 .../binutils/0034-CVE-2022-48064.patch| 57 +++
 2 files changed, 58 insertions(+)
 create mode 100644 
meta/recipes-devtools/binutils/binutils/0034-CVE-2022-48064.patch

diff --git a/meta/recipes-devtools/binutils/binutils-2.38.inc 
b/meta/recipes-devtools/binutils/binutils-2.38.inc
index dc29141812..3787063cba 100644
--- a/meta/recipes-devtools/binutils/binutils-2.38.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.38.inc
@@ -68,5 +68,6 @@ SRC_URI = "\
  file://CVE-2022-48063.patch \
  file://0032-CVE-2022-47010.patch \
  file://0033-CVE-2022-47007.patch \
+ file://0034-CVE-2022-48064.patch \
 "
 S  = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/0034-CVE-2022-48064.patch 
b/meta/recipes-devtools/binutils/binutils/0034-CVE-2022-48064.patch
new file mode 100644
index 00..b0840366c7
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0034-CVE-2022-48064.patch
@@ -0,0 +1,57 @@
+From: Alan Modra 
+Date: Tue, 20 Dec 2022 13:17:03 + (+1030)
+Subject: PR29922, SHT_NOBITS section avoids section size sanity check
+X-Git-Tag: binutils-2_40~202
+X-Git-Url: 
https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=8f2c64de86bc3d7556121fe296dd679000283931
+
+PR29922, SHT_NOBITS section avoids section size sanity check
+
+   PR 29922
+   * dwarf2.c (find_debug_info): Ignore sections without
+   SEC_HAS_CONTENTS.
+
+Upstream-Status: Backport 
[https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=8f2c64de86bc3d7556121fe296dd679000283931]
+
+CVE: CVE-2022-48064
+
+Signed-off-by: Deepthi Hemraj 
+
+---
+
+diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c
+index 95f45708e9d..0cd8152ee6e 100644
+--- a/bfd/dwarf2.c
 b/bfd/dwarf2.c
+@@ -4831,16 +4831,19 @@ find_debug_info (bfd *abfd, const struct 
dwarf_debug_section *debug_sections,
+ {
+   look = debug_sections[debug_info].uncompressed_name;
+   msec = bfd_get_section_by_name (abfd, look);
+-  if (msec != NULL)
++  /* Testing SEC_HAS_CONTENTS is an anti-fuzzer measure.  Of
++   course debug sections always have contents.  */
++  if (msec != NULL && (msec->flags & SEC_HAS_CONTENTS) != 0)
+   return msec;
+ 
+   look = debug_sections[debug_info].compressed_name;
+   msec = bfd_get_section_by_name (abfd, look);
+-  if (msec != NULL)
++  if (msec != NULL && (msec->flags & SEC_HAS_CONTENTS) != 0)
+ return msec;
+ 
+   for (msec = abfd->sections; msec != NULL; msec = msec->next)
+-  if (startswith (msec->name, GNU_LINKONCE_INFO))
++  if ((msec->flags & SEC_HAS_CONTENTS) != 0
++  && startswith (msec->name, GNU_LINKONCE_INFO))
+ return msec;
+ 
+   return NULL;
+@@ -4848,6 +4851,9 @@ find_debug_info (bfd *abfd, const struct 
dwarf_debug_section *debug_sections,
+ 
+   for (msec = after_sec->next; msec != NULL; msec = msec->next)
+ {
++  if ((msec->flags & SEC_HAS_CONTENTS) == 0)
++  continue;
++
+   look = debug_sections[debug_info].uncompressed_name;
+   if (strcmp (msec->name, look) == 0)
+   return msec;
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#191009): 
https://lists.openembedded.org/g/openembedded-core/message/191009
Mute This Topic: https://lists.openembedded.org/mt/102742406/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone 05/16] avahi: fix CVE-2023-38470

[Steve Sakoman]

From: Meenali Gupta 

A vulnerability was found in Avahi. A reachable assertion exists
in the avahi_escape_label() function.

Signed-off-by: Meenali Gupta 
Signed-off-by: Steve Sakoman 
---
 meta/recipes-connectivity/avahi/avahi_0.8.bb  |  1 +
 .../avahi/files/CVE-2023-38470.patch  | 59 +++
 2 files changed, 60 insertions(+)
 create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2023-38470.patch

diff --git a/meta/recipes-connectivity/avahi/avahi_0.8.bb 
b/meta/recipes-connectivity/avahi/avahi_0.8.bb
index ac04b42614..a2ad9058d6 100644
--- a/meta/recipes-connectivity/avahi/avahi_0.8.bb
+++ b/meta/recipes-connectivity/avahi/avahi_0.8.bb
@@ -27,6 +27,7 @@ SRC_URI = 
"https://github.com/lathiat/avahi/releases/download/v${PV}/avahi-${PV}
file://handle-hup.patch \
file://local-ping.patch \
file://CVE-2023-38471.patch \
+   file://CVE-2023-38470.patch \
"
 
 UPSTREAM_CHECK_URI = "https://github.com/lathiat/avahi/releases/";
diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38470.patch 
b/meta/recipes-connectivity/avahi/files/CVE-2023-38470.patch
new file mode 100644
index 00..5cf9af6fd6
--- /dev/null
+++ b/meta/recipes-connectivity/avahi/files/CVE-2023-38470.patch
@@ -0,0 +1,59 @@
+From 26806dbde54c5b40a2bf108d334ba59ec9d242d6 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= 
+Date: Tue, 11 Apr 2023 15:29:59 +0200
+Subject: [PATCH]Ensure each label is at least one byte long
+
+The only allowed exception is single dot, where it should return empty
+string.
+
+Fixes #454.
+
+Upstream-Status: Backport 
[https://github.com/lathiat/avahi/commit/94cb6489114636940ac683515417990b55b5d66c]
+CVE: CVE-2023-38470
+
+Signed-off-by: Meenali Gupta 
+---
+ avahi-common/domain-test.c | 14 ++
+ avahi-common/domain.c  |  2 +-
+ 2 files changed, 15 insertions(+), 1 deletion(-)
+
+diff --git a/avahi-common/domain-test.c b/avahi-common/domain-test.c
+index cf763ec..3acc1c1 100644
+--- a/avahi-common/domain-test.c
 b/avahi-common/domain-test.c
+@@ -45,6 +45,20 @@ int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char 
*argv[]) {
+ printf("%s\n", s = avahi_normalize_name_strdup("foo\\..f oo."));
+ avahi_free(s);
+
++printf("%s\n", s = avahi_normalize_name_strdup("."));
++avahi_free(s);
++
++s = avahi_normalize_name_strdup(",.=.}.=.?-.}.=.?.?.}.}.?.?.?.z.?.?.}.}."
++  "}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.=.=.?.?.}.}.?.?.}.}.}"
++  ".?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.=.=.?.?.}.}.?.?.?.zM.?`"
++  "?.}.}.}.?.?.?.r.=.?.}.=.?.?.}.?.?.?.}.=.?.?.}??.}.}.?.?."
++  "?.z.?.?.}.}.}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM.?`?.}.}.}."
++  "??.?.zM.?`?.}.}.}.?.?.?.r.=.?.}.=.?.?.}.?.?.?.}.=.?.?.}?"
++  "?.}.}.?.?.?.z.?.?.}.}.}.?.?.?.r.=.=.}.=.?.}}.}.?.?.?.zM."
++  "?`?.}.}.}.?.?.?.r.=.=.?.?`.?.?}.}.}.?.?.?.r.=.?.}.=.?.?."
++  "}.?.?.?.}.=.?.?.}");
++assert(s == NULL);
++
+ printf("%i\n", avahi_domain_equal("\\065aa 
bbb\\.\\046cc.cc.dee.fff.", "Aaa BBB\\.\\.cc.cc.dee.fff"));
+ printf("%i\n", avahi_domain_equal("A", "a"));
+
+diff --git a/avahi-common/domain.c b/avahi-common/domain.c
+index 3b1ab68..e66d241 100644
+--- a/avahi-common/domain.c
 b/avahi-common/domain.c
+@@ -201,7 +201,7 @@ char *avahi_normalize_name(const char *s, char *ret_s, 
size_t size) {
+ }
+
+ if (!empty) {
+-if (size < 1)
++if (size < 2)
+ return NULL;
+
+ *(r++) = '.';
+--
+2.40.0
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#191004): 
https://lists.openembedded.org/g/openembedded-core/message/191004
Mute This Topic: https://lists.openembedded.org/mt/102742400/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone 09/16] binutils: Fix CVE-2022-47007

[Steve Sakoman]

From: Deepthi Hemraj 

Signed-off-by: Deepthi Hemraj 
Signed-off-by: Steve Sakoman 
---
 .../binutils/binutils-2.38.inc|  1 +
 .../binutils/0033-CVE-2022-47007.patch| 34 +++
 2 files changed, 35 insertions(+)
 create mode 100644 
meta/recipes-devtools/binutils/binutils/0033-CVE-2022-47007.patch

diff --git a/meta/recipes-devtools/binutils/binutils-2.38.inc 
b/meta/recipes-devtools/binutils/binutils-2.38.inc
index 43cc97f1ef..dc29141812 100644
--- a/meta/recipes-devtools/binutils/binutils-2.38.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.38.inc
@@ -67,5 +67,6 @@ SRC_URI = "\
  file://0031-CVE-2022-47695.patch \
  file://CVE-2022-48063.patch \
  file://0032-CVE-2022-47010.patch \
+ file://0033-CVE-2022-47007.patch \
 "
 S  = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/0033-CVE-2022-47007.patch 
b/meta/recipes-devtools/binutils/binutils/0033-CVE-2022-47007.patch
new file mode 100644
index 00..cc6dfe684b
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0033-CVE-2022-47007.patch
@@ -0,0 +1,34 @@
+From: Alan Modra 
+Date: Thu, 16 Jun 2022 23:30:41 + (+0930)
+Subject: PR29254, memory leak in stab_demangle_v3_arg
+X-Git-Tag: binutils-2_39~237
+X-Git-Url: 
https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=0ebc886149c22aceaf8ed74267821a59ca9d03eb
+
+PR29254, memory leak in stab_demangle_v3_arg
+
+   PR 29254
+   * stabs.c (stab_demangle_v3_arg): Free dt on failure path.
+
+Upstream-Status: Backport 
[https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=0ebc886149c22aceaf8ed74267821a59ca9d03eb]
+
+CVE: CVE-2022-47007
+
+Signed-off-by: Deepthi Hemraj 
+---
+
+diff --git a/binutils/stabs.c b/binutils/stabs.c
+index 2b5241637c1..796ff85b86a 100644
+--- a/binutils/stabs.c
 b/binutils/stabs.c
+@@ -5467,7 +5467,10 @@ stab_demangle_v3_arg (void *dhandle, struct stab_handle 
*info,
+ dc->u.s_binary.right,
+ &varargs);
+   if (pargs == NULL)
+-return NULL;
++{
++  free (dt);
++  return NULL;
++}
+
+   return debug_make_function_type (dhandle, dt, pargs, varargs);
+   }
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#191008): 
https://lists.openembedded.org/g/openembedded-core/message/191008
Mute This Topic: https://lists.openembedded.org/mt/102742404/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone 08/16] avahi: fix CVE-2023-38473

[Steve Sakoman]

From: Meenali Gupta 

A vulnerability was found in Avahi. A reachable assertion
exists in the avahi_alternative_host_name() function.

Signed-off-by: Meenali Gupta 
Signed-off-by: Steve Sakoman 
---
 meta/recipes-connectivity/avahi/avahi_0.8.bb  |   1 +
 .../avahi/files/CVE-2023-38473.patch  | 108 ++
 2 files changed, 109 insertions(+)
 create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2023-38473.patch

diff --git a/meta/recipes-connectivity/avahi/avahi_0.8.bb 
b/meta/recipes-connectivity/avahi/avahi_0.8.bb
index 23801a7e54..af5284a252 100644
--- a/meta/recipes-connectivity/avahi/avahi_0.8.bb
+++ b/meta/recipes-connectivity/avahi/avahi_0.8.bb
@@ -30,6 +30,7 @@ SRC_URI = 
"https://github.com/lathiat/avahi/releases/download/v${PV}/avahi-${PV}
file://CVE-2023-38470.patch \
file://CVE-2023-38469.patch \
file://CVE-2023-38472.patch \
+   file://CVE-2023-38473.patch \
"
 
 UPSTREAM_CHECK_URI = "https://github.com/lathiat/avahi/releases/";
diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38473.patch 
b/meta/recipes-connectivity/avahi/files/CVE-2023-38473.patch
new file mode 100644
index 00..8a372a072a
--- /dev/null
+++ b/meta/recipes-connectivity/avahi/files/CVE-2023-38473.patch
@@ -0,0 +1,108 @@
+From b448c9f771bada14ae8de175695a9729f8646797 Mon Sep 17 00:00:00 2001
+From: Michal Sekletar 
+Date: Wed, 11 Oct 2023 17:45:44 +0200
+Subject: [PATCH]common: derive alternative host name from its
+ unescaped version
+
+Normalization of input makes sure we don't have to deal with special
+cases like unescaped dot at the end of label.
+
+Upstream-Status: Backport 
[https://github.com/lathiat/avahi/commit/b448c9f771bada14ae8de175695a9729f8646797]
+CVE: CVE-2023-38473
+
+Signed-off-by: Meenali Gupta 
+---
+ avahi-common/alternative-test.c |  3 +++
+ avahi-common/alternative.c  | 27 +++
+ 2 files changed, 22 insertions(+), 8 deletions(-)
+
+diff --git a/avahi-common/alternative-test.c b/avahi-common/alternative-test.c
+index 9255435..681fc15 100644
+--- a/avahi-common/alternative-test.c
 b/avahi-common/alternative-test.c
+@@ -31,6 +31,9 @@ int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char 
*argv[]) {
+ const char* const test_strings[] = {
+ "XXX",
+ "Xüüü",
++").",
++"\\.",
++"",
+ "gurke",
+ "-",
+ " #",
+diff --git a/avahi-common/alternative.c b/avahi-common/alternative.c
+index b3d39f0..a094e6d 100644
+--- a/avahi-common/alternative.c
 b/avahi-common/alternative.c
+@@ -49,15 +49,20 @@ static void drop_incomplete_utf8(char *c) {
+ }
+
+ char *avahi_alternative_host_name(const char *s) {
++char label[AVAHI_LABEL_MAX], alternative[AVAHI_LABEL_MAX*4+1];
++char *alt, *r, *ret;
+ const char *e;
+-char *r;
++size_t len;
+
+ assert(s);
+
+ if (!avahi_is_valid_host_name(s))
+ return NULL;
+
+-if ((e = strrchr(s, '-'))) {
++if (!avahi_unescape_label(&s, label, sizeof(label)))
++return NULL;
++
++if ((e = strrchr(label, '-'))) {
+ const char *p;
+
+ e++;
+@@ -74,19 +79,18 @@ char *avahi_alternative_host_name(const char *s) {
+
+ if (e) {
+ char *c, *m;
+-size_t l;
+ int n;
+
+ n = atoi(e)+1;
+ if (!(m = avahi_strdup_printf("%i", n)))
+ return NULL;
+
+-l = e-s-1;
++len = e-label-1;
+
+-if (l >= AVAHI_LABEL_MAX-1-strlen(m)-1)
+-l = AVAHI_LABEL_MAX-1-strlen(m)-1;
++if (len >= AVAHI_LABEL_MAX-1-strlen(m)-1)
++len = AVAHI_LABEL_MAX-1-strlen(m)-1;
+
+-if (!(c = avahi_strndup(s, l))) {
++if (!(c = avahi_strndup(label, len))) {
+ avahi_free(m);
+ return NULL;
+ }
+@@ -100,7 +104,7 @@ char *avahi_alternative_host_name(const char *s) {
+ } else {
+ char *c;
+
+-if (!(c = avahi_strndup(s, AVAHI_LABEL_MAX-1-2)))
++if (!(c = avahi_strndup(label, AVAHI_LABEL_MAX-1-2)))
+ return NULL;
+
+ drop_incomplete_utf8(c);
+@@ -109,6 +113,13 @@ char *avahi_alternative_host_name(const char *s) {
+ avahi_free(c);
+ }
+
++alt = alternative;
++len = sizeof(alternative);
++ret = avahi_escape_label(r, strlen(r), &alt, &len);
++
++avahi_free(r);
++r = avahi_strdup(ret);
++
+ assert(avahi_is_valid_host_name(r));
+
+ return r;
+--
+2.40.0
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#191007): 
https://lists.openembedded.org/g/openembedded-core/message/191007
Mute This Topic: https://lists.openembedded.org/mt/102742403/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: ht

[OE-core][kirkstone 07/16] avahi: fix CVE-2023-38472

[Steve Sakoman]

From: Meenali Gupta 

A vulnerability was found in Avahi. A reachable assertion
exists in the avahi_rdata_parse() function.

Signed-off-by: Meenali Gupta 
Signed-off-by: Steve Sakoman 
---
 meta/recipes-connectivity/avahi/avahi_0.8.bb  |  1 +
 .../avahi/files/CVE-2023-38472.patch  | 46 +++
 2 files changed, 47 insertions(+)
 create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2023-38472.patch

diff --git a/meta/recipes-connectivity/avahi/avahi_0.8.bb 
b/meta/recipes-connectivity/avahi/avahi_0.8.bb
index c733f94e42..23801a7e54 100644
--- a/meta/recipes-connectivity/avahi/avahi_0.8.bb
+++ b/meta/recipes-connectivity/avahi/avahi_0.8.bb
@@ -29,6 +29,7 @@ SRC_URI = 
"https://github.com/lathiat/avahi/releases/download/v${PV}/avahi-${PV}
file://CVE-2023-38471.patch \
file://CVE-2023-38470.patch \
file://CVE-2023-38469.patch \
+   file://CVE-2023-38472.patch \
"
 
 UPSTREAM_CHECK_URI = "https://github.com/lathiat/avahi/releases/";
diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38472.patch 
b/meta/recipes-connectivity/avahi/files/CVE-2023-38472.patch
new file mode 100644
index 00..2f172622c9
--- /dev/null
+++ b/meta/recipes-connectivity/avahi/files/CVE-2023-38472.patch
@@ -0,0 +1,46 @@
+From 4e2537500dd0a1333845482f1f4147ef906030dd Mon Sep 17 00:00:00 2001
+From: Michal Sekletar 
+Date: Thu, 19 Oct 2023 17:36:44 +0200
+Subject: [PATCH]core: make sure there is rdata to process before
+ parsing it
+
+Fixes #452
+
+Upstream-Status: Backport 
[https://github.com/lathiat/avahi/commit/b024ae5749f4aeba03478e6391687c3c9c8dee40]
+CVE: CVE-2023-38472
+
+Signed-off-by: Meenali Gupta 
+---
+ avahi-client/client-test.c  | 3 +++
+ avahi-daemon/dbus-entry-group.c | 2 +-
+ 2 files changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/avahi-client/client-test.c b/avahi-client/client-test.c
+index 7d04a6a..57750a4 100644
+--- a/avahi-client/client-test.c
 b/avahi-client/client-test.c
+@@ -258,6 +258,9 @@ int main (AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char 
*argv[]) {
+ printf("%s\n", avahi_strerror(avahi_entry_group_add_service (group, 
AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "Lathiat's Site", "_http._tcp", NULL, 
NULL, 80, "foo=bar", NULL)));
+ printf("add_record: %d\n", avahi_entry_group_add_record (group, 
AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "TestX", 0x01, 0x10, 120, "\5booya", 
6));
+
++error = avahi_entry_group_add_record (group, AVAHI_IF_UNSPEC, 
AVAHI_PROTO_UNSPEC, 0, "TestX", 0x01, 0x10, 120, "", 0);
++assert(error != AVAHI_OK);
++
+ avahi_entry_group_commit (group);
+
+ domain = avahi_domain_browser_new (avahi, AVAHI_IF_UNSPEC, 
AVAHI_PROTO_UNSPEC, NULL, AVAHI_DOMAIN_BROWSER_BROWSE, 0, 
avahi_domain_browser_callback, (char*) "omghai3u");
+diff --git a/avahi-daemon/dbus-entry-group.c b/avahi-daemon/dbus-entry-group.c
+index 4e879a5..aa23d4b 100644
+--- a/avahi-daemon/dbus-entry-group.c
 b/avahi-daemon/dbus-entry-group.c
+@@ -340,7 +340,7 @@ DBusHandlerResult 
avahi_dbus_msg_entry_group_impl(DBusConnection *c, DBusMessage
+ if (!(r = avahi_record_new_full (name, clazz, type, ttl)))
+ return avahi_dbus_respond_error(c, m, AVAHI_ERR_NO_MEMORY, NULL);
+
+-if (avahi_rdata_parse (r, rdata, size) < 0) {
++if (!rdata || avahi_rdata_parse (r, rdata, size) < 0) {
+ avahi_record_unref (r);
+ return avahi_dbus_respond_error(c, m, AVAHI_ERR_INVALID_RDATA, 
NULL);
+ }
+--
+2.40.0
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#191006): 
https://lists.openembedded.org/g/openembedded-core/message/191006
Mute This Topic: https://lists.openembedded.org/mt/102742402/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone 06/16] avahi: fix CVE-2023-38469

[Steve Sakoman]

From: Meenali Gupta 

A vulnerability was found in Avahi, where a reachable assertion
exists in avahi_dns_packet_append_record.

Signed-off-by: Meenali Gupta 
Signed-off-by: Steve Sakoman 
---
 meta/recipes-connectivity/avahi/avahi_0.8.bb  |  1 +
 .../avahi/files/CVE-2023-38469.patch  | 47 +++
 2 files changed, 48 insertions(+)
 create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2023-38469.patch

diff --git a/meta/recipes-connectivity/avahi/avahi_0.8.bb 
b/meta/recipes-connectivity/avahi/avahi_0.8.bb
index a2ad9058d6..c733f94e42 100644
--- a/meta/recipes-connectivity/avahi/avahi_0.8.bb
+++ b/meta/recipes-connectivity/avahi/avahi_0.8.bb
@@ -28,6 +28,7 @@ SRC_URI = 
"https://github.com/lathiat/avahi/releases/download/v${PV}/avahi-${PV}
file://local-ping.patch \
file://CVE-2023-38471.patch \
file://CVE-2023-38470.patch \
+   file://CVE-2023-38469.patch \
"
 
 UPSTREAM_CHECK_URI = "https://github.com/lathiat/avahi/releases/";
diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38469.patch 
b/meta/recipes-connectivity/avahi/files/CVE-2023-38469.patch
new file mode 100644
index 00..f0f6c4bf7b
--- /dev/null
+++ b/meta/recipes-connectivity/avahi/files/CVE-2023-38469.patch
@@ -0,0 +1,47 @@
+From a337a1ba7d15853fb56deef1f464529af6e3a1cf Mon Sep 17 00:00:00 2001
+From: Evgeny Vereshchagin 
+Date: Mon, 23 Oct 2023 20:29:31 +
+Subject: [PATCH]core: reject overly long TXT resource records
+Closes https://github.com/lathiat/avahi/issues/455
+
+Upstream-Status: Backport 
[https://github.com/lathiat/avahi/pull/500/commits/a337a1ba7d15853fb56deef1f464529af6e3a1cf]
+CVE: CVE-2023-38469
+
+Signed-off-by: Meenali Gupta 
+---
+ avahi-core/rr.c | 9 -
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/avahi-core/rr.c b/avahi-core/rr.c
+index 7fa0bee..b03a24c 100644
+--- a/avahi-core/rr.c
 b/avahi-core/rr.c
+@@ -32,6 +32,7 @@
+ #include 
+ #include 
+
++#include "dns.h"
+ #include "rr.h"
+ #include "log.h"
+ #include "util.h"
+@@ -688,11 +689,17 @@ int avahi_record_is_valid(AvahiRecord *r) {
+ case AVAHI_DNS_TYPE_TXT: {
+
+ AvahiStringList *strlst;
++size_t used = 0;
+
+-for (strlst = r->data.txt.string_list; strlst; strlst = 
strlst->next)
++for (strlst = r->data.txt.string_list; strlst; strlst = 
strlst->next) {
+ if (strlst->size > 255 || strlst->size <= 0)
+ return 0;
+
++used += 1+strlst->size;
++if (used > AVAHI_DNS_RDATA_MAX)
++return 0;
++}
++
+ return 1;
+ }
+ }
+--
+2.40.0
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#191005): 
https://lists.openembedded.org/g/openembedded-core/message/191005
Mute This Topic: https://lists.openembedded.org/mt/102742401/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone 04/16] avahi: fix CVE-2023-38471

[Steve Sakoman]

From: Meenali Gupta 

A vulnerability was found in Avahi. A reachable assertion exists
in the dbus_set_host_name function.

Signed-off-by: Meenali Gupta 
Signed-off-by: Steve Sakoman 
---
 meta/recipes-connectivity/avahi/avahi_0.8.bb  |  1 +
 .../avahi/files/CVE-2023-38471.patch  | 73 +++
 2 files changed, 74 insertions(+)
 create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2023-38471.patch

diff --git a/meta/recipes-connectivity/avahi/avahi_0.8.bb 
b/meta/recipes-connectivity/avahi/avahi_0.8.bb
index b5c966c102..ac04b42614 100644
--- a/meta/recipes-connectivity/avahi/avahi_0.8.bb
+++ b/meta/recipes-connectivity/avahi/avahi_0.8.bb
@@ -26,6 +26,7 @@ SRC_URI = 
"https://github.com/lathiat/avahi/releases/download/v${PV}/avahi-${PV}
file://0001-Fix-opening-etc-resolv.conf-error.patch \
file://handle-hup.patch \
file://local-ping.patch \
+   file://CVE-2023-38471.patch \
"
 
 UPSTREAM_CHECK_URI = "https://github.com/lathiat/avahi/releases/";
diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38471.patch 
b/meta/recipes-connectivity/avahi/files/CVE-2023-38471.patch
new file mode 100644
index 00..40b61b71dd
--- /dev/null
+++ b/meta/recipes-connectivity/avahi/files/CVE-2023-38471.patch
@@ -0,0 +1,73 @@
+From 9cd4ea89b3ac89b7bb0196fda1aa88cd51b106b6 Mon Sep 17 00:00:00 2001
+From: Michal Sekletar 
+Date: Mon, 23 Oct 2023 13:38:35 +0200
+Subject: [PATCH] core: extract host name using avahi_unescape_label()
+
+Previously we could create invalid escape sequence when we split the
+string on dot. For example, from valid host name "foo\\.bar" we have
+created invalid name "foo\\" and tried to set that as the host name
+which crashed the daemon.
+
+Fixes #453
+
+Upstream-Status: Backport 
[https://github.com/lathiat/avahi/commit/894f085f402e023a98cbb6f5a3d117bd88d93b09]
+CVE: CVE-2023-38471
+
+Signed-off-by: Meenali Gupta 
+---
+ avahi-core/server.c | 27 +--
+ 1 file changed, 21 insertions(+), 6 deletions(-)
+
+diff --git a/avahi-core/server.c b/avahi-core/server.c
+index e507750..40f1d68 100644
+--- a/avahi-core/server.c
 b/avahi-core/server.c
+@@ -1295,7 +1295,11 @@ static void update_fqdn(AvahiServer *s) {
+ }
+
+ int avahi_server_set_host_name(AvahiServer *s, const char *host_name) {
+-char *hn = NULL;
++char label_escaped[AVAHI_LABEL_MAX*4+1];
++char label[AVAHI_LABEL_MAX];
++char *hn = NULL, *h;
++size_t len;
++
+ assert(s);
+
+ AVAHI_CHECK_VALIDITY(s, !host_name || 
avahi_is_valid_host_name(host_name), AVAHI_ERR_INVALID_HOST_NAME);
+@@ -1305,17 +1309,28 @@ int avahi_server_set_host_name(AvahiServer *s, const 
char *host_name) {
+ else
+ hn = avahi_normalize_name_strdup(host_name);
+
+-hn[strcspn(hn, ".")] = 0;
++h = hn;
++if (!avahi_unescape_label((const char **)&hn, label, sizeof(label))) {
++avahi_free(h);
++return AVAHI_ERR_INVALID_HOST_NAME;
++}
++
++avahi_free(h);
++
++h = label_escaped;
++len = sizeof(label_escaped);
++if (!avahi_escape_label(label, strlen(label), &h, &len))
++return AVAHI_ERR_INVALID_HOST_NAME;
+
+-if (avahi_domain_equal(s->host_name, hn) && s->state != 
AVAHI_SERVER_COLLISION) {
+-avahi_free(hn);
++if (avahi_domain_equal(s->host_name, label_escaped) && s->state != 
AVAHI_SERVER_COLLISION)
+ return avahi_server_set_errno(s, AVAHI_ERR_NO_CHANGE);
+-}
+
+ withdraw_host_rrs(s);
+
+ avahi_free(s->host_name);
+-s->host_name = hn;
++s->host_name = avahi_strdup(label_escaped);
++if (!s->host_name)
++return AVAHI_ERR_NO_MEMORY;
+
+ update_fqdn(s);
+
+--
+2.40.0
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#191003): 
https://lists.openembedded.org/g/openembedded-core/message/191003
Mute This Topic: https://lists.openembedded.org/mt/102742399/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone 03/16] qemu 6.2.0: Fix CVE-2023-1544

[Steve Sakoman]

From: Niranjan Pradhan 

Upstream Repository: https://gitlab.com/qemu-project/qemu.git

Bug Details: https://nvd.nist.gov/vuln/detail/CVE-2023-1544
Type: Security Fix
CVE: CVE-2023-1544
Score: 6.3
Patch: https://gitlab.com/qemu-project/qemu/-/commit/85fc35afa93c

Signed-off-by: Niranjan Pradhan 
Signed-off-by: Steve Sakoman 
---
 meta/recipes-devtools/qemu/qemu.inc   |  1 +
 .../qemu/qemu/CVE-2023-1544.patch | 70 +++
 2 files changed, 71 insertions(+)
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2023-1544.patch

diff --git a/meta/recipes-devtools/qemu/qemu.inc 
b/meta/recipes-devtools/qemu/qemu.inc
index 83bd5d7e67..c8e4e2e6f3 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -101,6 +101,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
   file://CVE-2023-3354.patch \
   file://CVE-2023-3180.patch \
   file://CVE-2021-3638.patch \
+  file://CVE-2023-1544.patch \
"
 UPSTREAM_CHECK_REGEX = "qemu-(?P\d+(\.\d+)+)\.tar"
 
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2023-1544.patch 
b/meta/recipes-devtools/qemu/qemu/CVE-2023-1544.patch
new file mode 100644
index 00..b4781e1c18
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2023-1544.patch
@@ -0,0 +1,70 @@
+From e7d6e37675e422cfab2fe8c6bd411d2097228760 Mon Sep 17 00:00:00 2001
+From: Yuval Shaia 
+Date: Wed, 1 Mar 2023 16:29:26 +0200
+Subject: [PATCH] hw/pvrdma: Protect against buggy or malicious guest driver
+
+Guest driver allocates and initialize page tables to be used as a ring
+of descriptors for CQ and async events.
+The page table that represents the ring, along with the number of pages
+in the page table is passed to the device.
+Currently our device supports only one page table for a ring.
+
+Let's make sure that the number of page table entries the driver
+reports, do not exceeds the one page table size.
+
+CVE: CVE-2023-1544
+Upstream-Status: Backport 
[https://gitlab.com/qemu-project/qemu/-/commit/85fc35afa93c]
+
+Reported-by: Soul Chen 
+Signed-off-by: Yuval Shaia 
+Fixes: CVE-2023-1544
+Message-ID: <20230301142926.18686-1-yuval.shaia...@gmail.com>
+Signed-off-by: Thomas Huth 
+(cherry picked from commit 85fc35afa93c7320d1641d344d0c5dfbe341d087)
+Signed-off-by: Niranjan Pradhan 
+---
+ hw/rdma/vmw/pvrdma_main.c | 16 +++-
+ 1 file changed, 15 insertions(+), 1 deletion(-)
+
+diff --git a/hw/rdma/vmw/pvrdma_main.c b/hw/rdma/vmw/pvrdma_main.c
+index 4fc6712025..55b338046e 100644
+--- a/hw/rdma/vmw/pvrdma_main.c
 b/hw/rdma/vmw/pvrdma_main.c
+@@ -91,19 +91,33 @@ static int init_dev_ring(PvrdmaRing *ring, PvrdmaRingState 
**ring_state,
+  dma_addr_t dir_addr, uint32_t num_pages)
+ {
+ uint64_t *dir, *tbl;
+-int rc = 0;
++int max_pages, rc = 0;
+ 
+ if (!num_pages) {
+ rdma_error_report("Ring pages count must be strictly positive");
+ return -EINVAL;
+ }
+ 
++/*
++ * Make sure we can satisfy the requested number of pages in a single
++ * TARGET_PAGE_SIZE sized page table (taking into account that first entry
++ * is reserved for ring-state)
++ */
++max_pages = TARGET_PAGE_SIZE / sizeof(dma_addr_t) - 1;
++if (num_pages > max_pages) {
++rdma_error_report("Maximum pages on a single directory must not 
exceed %d\n",
++  max_pages);
++return -EINVAL;
++}
++
+ dir = rdma_pci_dma_map(pci_dev, dir_addr, TARGET_PAGE_SIZE);
+ if (!dir) {
+ rdma_error_report("Failed to map to page directory (ring %s)", name);
+ rc = -ENOMEM;
+ goto out;
+ }
++
++/* We support only one page table for a ring */
+ tbl = rdma_pci_dma_map(pci_dev, dir[0], TARGET_PAGE_SIZE);
+ if (!tbl) {
+ rdma_error_report("Failed to map to page table (ring %s)", name);
+-- 
+2.35.6
+
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#191002): 
https://lists.openembedded.org/g/openembedded-core/message/191002
Mute This Topic: https://lists.openembedded.org/mt/102742398/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone 02/16] grub: fix CVE-2023-4692

[Steve Sakoman]

From: Yogita Urade 

An out-of-bounds write flaw was found in grub2's NTFS filesystem driver.
This issue may allow an attacker to present a specially crafted NTFS
filesystem image, leading to grub's heap metadata corruption. In some
circumstances, the attack may also corrupt the UEFI firmware heap metadata.
As a result, arbitrary code execution and secure boot protection bypass
may be achieved.

References:
https://nvd.nist.gov/vuln/detail/CVE-2023-4692
https://bugzilla.redhat.com/show_bug.cgi?id=2236613

Signed-off-by: Yogita Urade 
Signed-off-by: Steve Sakoman 
---
 .../grub/files/CVE-2023-4692.patch| 97 +++
 meta/recipes-bsp/grub/grub2.inc   |  1 +
 2 files changed, 98 insertions(+)
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2023-4692.patch

diff --git a/meta/recipes-bsp/grub/files/CVE-2023-4692.patch 
b/meta/recipes-bsp/grub/files/CVE-2023-4692.patch
new file mode 100644
index 00..4780e35b7a
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/CVE-2023-4692.patch
@@ -0,0 +1,97 @@
+From  43651027d24e62a7a463254165e1e46e42aecdea Mon Sep 17 00:00:00 2001
+From: Maxim Suhanov 
+Date: Thu, 16 Nov 2023 07:21:50 +
+Subject: [PATCH] fs/ntfs: Fix an OOB write when parsing the $ATTRIBUTE_LIST
+ attribute for the $MFT file
+
+When parsing an extremely fragmented $MFT file, i.e., the file described
+using the $ATTRIBUTE_LIST attribute, current NTFS code will reuse a buffer
+containing bytes read from the underlying drive to store sector numbers,
+which are consumed later to read data from these sectors into another buffer.
+
+These sectors numbers, two 32-bit integers, are always stored at predefined
+offsets, 0x10 and 0x14, relative to first byte of the selected entry within
+the $ATTRIBUTE_LIST attribute. Usually, this won't cause any problem.
+
+However, when parsing a specially-crafted file system image, this may cause
+the NTFS code to write these integers beyond the buffer boundary, likely
+causing the GRUB memory allocator to misbehave or fail. These integers contain
+values which are controlled by on-disk structures of the NTFS file system.
+
+Such modification and resulting misbehavior may touch a memory range not
+assigned to the GRUB and owned by firmware or another EFI application/driver.
+
+This fix introduces checks to ensure that these sector numbers are never
+written beyond the boundary.
+
+Fixes: CVE-2023-4692
+
+Reported-by: Maxim Suhanov 
+Signed-off-by: Maxim Suhanov 
+Reviewed-by: Daniel Kiper 
+
+CVE: CVE-2023-4692
+Upstream-Status: Backport 
[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=43651027d24e62a7a463254165e1e46e42aecdea]
+
+Signed-off-by: Yogita Urade 
+---
+ grub-core/fs/ntfs.c | 18 +-
+ 1 file changed, 17 insertions(+), 1 deletion(-)
+
+diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c
+index 2f34f76..6009e49 100644
+--- a/grub-core/fs/ntfs.c
 b/grub-core/fs/ntfs.c
+@@ -184,7 +184,7 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr)
+ }
+   if (at->attr_end)
+ {
+-  grub_uint8_t *pa;
++  grub_uint8_t *pa, *pa_end;
+
+   at->emft_buf = grub_malloc (at->mft->data->mft_size << 
GRUB_NTFS_BLK_SHR);
+   if (at->emft_buf == NULL)
+@@ -209,11 +209,13 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr)
+   }
+ at->attr_nxt = at->edat_buf;
+ at->attr_end = at->edat_buf + u32at (pa, 0x30);
++pa_end = at->edat_buf + n;
+   }
+   else
+   {
+ at->attr_nxt = at->attr_end + u16at (pa, 0x14);
+ at->attr_end = at->attr_end + u32at (pa, 4);
++pa_end = at->mft->buf + (at->mft->data->mft_size << 
GRUB_NTFS_BLK_SHR);
+   }
+   at->flags |= GRUB_NTFS_AF_ALST;
+   while (at->attr_nxt < at->attr_end)
+@@ -230,6 +232,13 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr)
+ at->flags |= GRUB_NTFS_AF_GPOS;
+ at->attr_cur = at->attr_nxt;
+ pa = at->attr_cur;
++
++if ((pa >= pa_end) || (pa_end - pa < 0x18))
++  {
++grub_error (GRUB_ERR_BAD_FS, "can\'t parse attribute list");
++return NULL;
++  }
++
+ grub_set_unaligned32 ((char *) pa + 0x10,
+   grub_cpu_to_le32 (at->mft->data->mft_start));
+ grub_set_unaligned32 ((char *) pa + 0x14,
+@@ -240,6 +249,13 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr)
+   {
+ if (*pa != attr)
+   break;
++
++  if ((pa >= pa_end) || (pa_end - pa < 0x18))
++{
++grub_error (GRUB_ERR_BAD_FS, "can\'t parse attribute list");
++return NULL;
++  }
++
+ if (read_attr
+ (at, pa + 0x10,
+  u32at (pa, 0x10) * (at->mft->data->mft_size << 
GRUB_NTFS_BLK_SHR),
+--
+2.40.0
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index c14fe315d3..aaee8a1e03 100644
--- a/meta/recipes-bsp

[OE-core][kirkstone 01/16] tiff: Backport fix for CVE-2023-41175

[Steve Sakoman]

From: Vijay Anusuri 

Upstream-Status: Backport 
[https://gitlab.com/libtiff/libtiff/-/commit/6e2dac5f904496d127c92ddc4e56eccfca25c2ee]

Reference: https://security-tracker.debian.org/tracker/CVE-2023-41175

Signed-off-by: Vijay Anusuri 
Signed-off-by: Steve Sakoman 
---
 .../libtiff/tiff/CVE-2023-41175.patch | 69 +++
 meta/recipes-multimedia/libtiff/tiff_4.3.0.bb |  1 +
 2 files changed, 70 insertions(+)
 create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-41175.patch

diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2023-41175.patch 
b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-41175.patch
new file mode 100644
index 00..06645bed68
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-41175.patch
@@ -0,0 +1,69 @@
+From 6e2dac5f904496d127c92ddc4e56eccfca25c2ee Mon Sep 17 00:00:00 2001
+From: Arie Haenel 
+Date: Wed, 19 Jul 2023 19:40:01 +
+Subject: [PATCH] raw2tiff: fix integer overflow and bypass of the check (fixes 
#592)
+
+Upstream-Status: Backport 
[https://gitlab.com/libtiff/libtiff/-/commit/6e2dac5f904496d127c92ddc4e56eccfca25c2ee]
+CVE: CVE-2023-41175
+Signed-off-by: Vijay Anusuri 
+---
+ tools/raw2tiff.c | 29 +
+ 1 file changed, 29 insertions(+)
+
+diff --git a/tools/raw2tiff.c b/tools/raw2tiff.c
+index dfee715..253c023 100644
+--- a/tools/raw2tiff.c
 b/tools/raw2tiff.c
+@@ -36,6 +36,7 @@
+ #include 
+ #include 
+ #include 
++#include 
+ 
+ #ifdef HAVE_UNISTD_H
+ # include 
+@@ -101,6 +102,7 @@ main(int argc, char* argv[])
+   int fd;
+   char*outfilename = NULL;
+   TIFF*out;
++  uint32_t temp_limit_check = 0; /* temp for integer overflow 
checking*/
+ 
+   uint32_t row, col, band;
+   int c;
+@@ -212,6 +214,33 @@ main(int argc, char* argv[])
+   if (guessSize(fd, dtype, hdr_size, nbands, swab, &width, &length) < 0)
+   return EXIT_FAILURE;
+ 
++  /* check for integer overflow in */
++  /* hdr_size + (*width) * (*length) * nbands * depth */
++
++  if ((width == 0) || (length == 0) ){
++  fprintf(stderr, "Too large nbands value specified.\n");
++  return (EXIT_FAILURE);
++  }
++
++  temp_limit_check = nbands * depth;
++
++  if ( !temp_limit_check || length > ( UINT_MAX / temp_limit_check ) )  {
++  fprintf(stderr, "Too large length size specified.\n");
++  return (EXIT_FAILURE);
++  }
++  temp_limit_check = temp_limit_check * length;
++
++  if ( !temp_limit_check || width > ( UINT_MAX / temp_limit_check ) )  {
++  fprintf(stderr, "Too large width size specified.\n");
++  return (EXIT_FAILURE);
++  }
++  temp_limit_check = temp_limit_check * width;
++
++  if ( !temp_limit_check || hdr_size > ( UINT_MAX - temp_limit_check ) )  
{
++  fprintf(stderr, "Too large header size specified.\n");
++  return (EXIT_FAILURE);
++  }
++
+   if (outfilename == NULL)
+   outfilename = argv[optind+1];
+   out = TIFFOpen(outfilename, "w");
+-- 
+2.25.1
+
diff --git a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb 
b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
index e925b7d652..11e3818c69 100644
--- a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
+++ b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
@@ -46,6 +46,7 @@ SRC_URI = 
"http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
file://CVE-2022-40090.patch \
file://CVE-2023-1916.patch \
file://CVE-2023-40745.patch \
+   file://CVE-2023-41175.patch \
"
 
 SRC_URI[sha256sum] = 
"0e46e5acb087ce7d1ac53cf4f56a09b221537fc86dfc5daaad1c2e89e1b37ac8"
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#191000): 
https://lists.openembedded.org/g/openembedded-core/message/191000
Mute This Topic: https://lists.openembedded.org/mt/102742396/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone 00/16] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Thursday, November 23

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6227

The following changes since commit 4bb6373e5f4a1330a063d1afe855d6c24d5461e7:

  python3-jinja2: Fixed ptest result output as per the standard (2023-11-08 
04:10:02 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Chaitanya Vadrevu (1):
  go: Fix issue in DNS resolver

Deepthi Hemraj (2):
  binutils: Fix CVE-2022-47007
  binutils: Fix CVE-2022-48064

Lee Chee Yang (1):
  ghostscript: ignore GhostPCL CVE-2023-38560

Meenali Gupta (5):
  avahi: fix CVE-2023-38471
  avahi: fix CVE-2023-38470
  avahi: fix CVE-2023-38469
  avahi: fix CVE-2023-38472
  avahi: fix CVE-2023-38473

Niranjan Pradhan (1):
  qemu 6.2.0: Fix CVE-2023-1544

Peter Marko (2):
  go: ignore CVE-2023-45283 and CVE-2023-45284
  goarch: Move Go architecture mapping to a library

Soumya Sambu (1):
  sudo: upgrade 1.9.13p3 -> 1.9.15p2

Vijay Anusuri (1):
  tiff: Backport fix for CVE-2023-41175

Wenlin Kang (1):
  libxcrypt: fixed some build error for nativesdk with mingw

Yogita Urade (1):
  grub: fix CVE-2023-4692

 meta/classes/base.bbclass |   2 +-
 meta/classes/goarch.bbclass   |  27 +
 meta/lib/oe/go.py |  32 ++
 .../grub/files/CVE-2023-4692.patch|  97 
 meta/recipes-bsp/grub/grub2.inc   |   1 +
 meta/recipes-connectivity/avahi/avahi_0.8.bb  |   5 +
 .../avahi/files/CVE-2023-38469.patch  |  47 
 .../avahi/files/CVE-2023-38470.patch  |  59 ++
 .../avahi/files/CVE-2023-38471.patch  |  73 
 .../avahi/files/CVE-2023-38472.patch  |  46 
 .../avahi/files/CVE-2023-38473.patch  | 108 ++
 .../0001-Fix-for-compilation-on-Windows.patch |  37 ++
 ...dom-bytes.c-fixed-conversion-error-w.patch |  47 
 meta/recipes-core/libxcrypt/libxcrypt.inc |   4 +
 .../binutils/binutils-2.38.inc|   2 +
 .../binutils/0033-CVE-2022-47007.patch|  34 ++
 .../binutils/0034-CVE-2022-48064.patch|  57 +
 meta/recipes-devtools/go/go-1.17.13.inc   |   5 +-
 ...Fix-issue-with-DNS-not-being-updated.patch |  51 +
 meta/recipes-devtools/qemu/qemu.inc   |   1 +
 .../qemu/qemu/CVE-2023-1544.patch |  70 
 .../ghostscript/ghostscript_9.55.0.bb |   3 +
 ...me.c-correctly-include-header-for-ou.patch |  25 
 meta/recipes-extended/sudo/sudo.inc   |   5 +-
 .../{sudo_1.9.13p3.bb => sudo_1.9.15p2.bb}|   3 +-
 .../libtiff/tiff/CVE-2023-41175.patch |  69 +++
 meta/recipes-multimedia/libtiff/tiff_4.3.0.bb |   1 +
 27 files changed, 854 insertions(+), 57 deletions(-)
 create mode 100644 meta/lib/oe/go.py
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2023-4692.patch
 create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2023-38469.patch
 create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2023-38470.patch
 create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2023-38471.patch
 create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2023-38472.patch
 create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2023-38473.patch
 create mode 100644 
meta/recipes-core/libxcrypt/files/0001-Fix-for-compilation-on-Windows.patch
 create mode 100644 
meta/recipes-core/libxcrypt/files/0001-lib-util-get-random-bytes.c-fixed-conversion-error-w.patch
 create mode 100644 
meta/recipes-devtools/binutils/binutils/0033-CVE-2022-47007.patch
 create mode 100644 
meta/recipes-devtools/binutils/binutils/0034-CVE-2022-48064.patch
 create mode 100644 
meta/recipes-devtools/go/go-1.20/0010-net-Fix-issue-with-DNS-not-being-updated.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2023-1544.patch
 delete mode 100644 
meta/recipes-extended/sudo/files/0001-lib-util-mksigname.c-correctly-include-header-for-ou.patch
 rename meta/recipes-extended/sudo/{sudo_1.9.13p3.bb => sudo_1.9.15p2.bb} (92%)
 create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-41175.patch

-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190999): 
https://lists.openembedded.org/g/openembedded-core/message/190999
Mute This Topic: https://lists.openembedded.org/mt/102742395/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] rust: rust package split

[Sundeep KOKKONDA via lists.openembedded.org]

The 'rustdoc' is moved to a separate 'rust-rustdoc' package. This is a 
workaround to make rust build is reproducible.

Signed-off-by: Sundeep KOKKONDA 
---
 meta/lib/oeqa/selftest/cases/reproducible.py | 2 +-
 meta/recipes-devtools/rust/rust_1.70.0.bb| 4 +++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/meta/lib/oeqa/selftest/cases/reproducible.py 
b/meta/lib/oeqa/selftest/cases/reproducible.py
index 029b6af331..14ccb0b24d 100644
--- a/meta/lib/oeqa/selftest/cases/reproducible.py
+++ b/meta/lib/oeqa/selftest/cases/reproducible.py
@@ -16,7 +16,7 @@ import os
 import datetime
 
 exclude_packages = [
-   'rust',
+   'rust-rustdoc',
'rust-dbg'
]
 
diff --git a/meta/recipes-devtools/rust/rust_1.70.0.bb 
b/meta/recipes-devtools/rust/rust_1.70.0.bb
index 16d433910f..a7efd2f7f0 100644
--- a/meta/recipes-devtools/rust/rust_1.70.0.bb
+++ b/meta/recipes-devtools/rust/rust_1.70.0.bb
@@ -232,9 +232,11 @@ do_test_compile () {
 
 ALLOW_EMPTY:${PN} = "1"
 
-PACKAGES =+ "${PN}-tools-clippy ${PN}-tools-rustfmt"
+PACKAGES =+ "${PN}-rustdoc ${PN}-tools-clippy ${PN}-tools-rustfmt"
+FILES:${PN}-rustdoc = "${bindir}/rustdoc"
 FILES:${PN}-tools-clippy = "${bindir}/cargo-clippy ${bindir}/clippy-driver"
 FILES:${PN}-tools-rustfmt = "${bindir}/rustfmt"
+RDEPENDS:${PN}-rustdoc = "${PN}"
 RDEPENDS:${PN}-tools-clippy = "${PN}"
 RDEPENDS:${PN}-tools-rustfmt = "${PN}"
 
-- 
2.42.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190998): 
https://lists.openembedded.org/g/openembedded-core/message/190998
Mute This Topic: https://lists.openembedded.org/mt/102742230/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH] uki: Add support for building Unified Kernel Images

[Dmitry Baryshkov]

On Tue, 21 Nov 2023 at 16:44, Erik Schilling  wrote:
>
> > > +BBCLASSEXTEND += "native"
> >
> > We've long avoided a systemd-native recipe as the meaning can be easily
> > confused and I'm not thrilled to be adding one now.
> >
> > Perhaps this should be as a separate systemd-tools-native recipe to
> > make it clear this isn't full systemd?
>
> There is another catch: ukify depends on sbsign for some options. Here,
> this dependency is not expressed as RDEPENDS on the systemd
> components but only on the uki class. That of course gets around the
> meta-security-core dependency for systemd, but not sure how pretty that
> is.
>
> So we got:
> * python3-pefile in meta-python
> * sbsigntool in meta-signing-key [meta-security-core]
>
> It looks like we have these options:
>
> 1. Add the systemd-tools (or however we call it) recipe and the uki
>class in meta-signing-key or friends.
>
>This might become a bit icky with different systemd recipes scattered
>over different repos...
>
> 2. Do not put a RDEPENDS += "sbsigntool" into the systemd-tools recipe.
>Move python3-pefile to oe-core.
>
>This means that some ukify options will fail. Users will need to add
>[R]DEPENDS on their recipes if they want signing. This would allow
>adding the systemd-tools recipe in oe-core while adding the rest in
>meta-security-core.
>
> 3. Also move the signing tools to oe-core.
>
>Next to the python module, this also requires to move sbsigntool
>to oe-core... In the end it allows to set the RDEPENDS in
>systemd-tools.
>
> I got no particular strong feeling on any of those outcomes... Any
> opinions? 🤔

My vote would be or #3 (the cleanest way), then #2. #1 is out of
question from my point of view: there are perfect usecases for
uki.bbclass, which do not involve signing. Adding dependency on
meta-security-core looks like an overkill in this case.

-- 
With best wishes
Dmitry

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190997): 
https://lists.openembedded.org/g/openembedded-core/message/190997
Mute This Topic: https://lists.openembedded.org/mt/101106095/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH] uki: Add support for building Unified Kernel Images

[Dmitry Baryshkov]

On Mon, 20 Nov 2023 at 15:26, Bruce Ashfield  wrote:
>
> On Mon, Nov 20, 2023 at 7:49 AM Dmitry Baryshkov  wrote:
> >
> > On Thu, 7 Sept 2023 at 01:29, Alejandro Hernandez Samaniego
> >  wrote:
> > >
> > >
> > > On 9/2/23 00:53, Richard Purdie wrote:
> > > > On Fri, 2023-09-01 at 23:32 +, Michelle Lin wrote:
> > > >> Currently, there is not a class to support the building of unified 
> > > >> kernel
> > > >> images. Adding a uki.bbclass to support the creation of UKIs. This 
> > > >> class calls
> > > >> the systemd Ukify tool, which will combine the kernel/initrd/stub 
> > > >> components to
> > > >> build the UKI. To sign the UKI (i.e. SecureBoot, TPM PCR signing), the 
> > > >> keys/cert
> > > >> files are to be specified in a separate configuration file, and the 
> > > >> path to the
> > > >> file is passed to the Ukify tool. UKIs are supported by UEFI and can 
> > > >> improve
> > > >> security through predicted TPM PCR states, and reduce the build burden 
> > > >> due to
> > > >> its single PE binary format.
> > > >>
> > > >> Signed-off-by: Michelle Lin 
> > > >> ---
> > > >>   meta/classes/uki.bbclass | 140 
> > > >> +++
> > > >>   meta/recipes-core/systemd/systemd_254.bb |  23 
> > > >>   2 files changed, 163 insertions(+)
> > > >>   create mode 100644 meta/classes/uki.bbclass
> > > >>
> > > >> diff --git a/meta/classes/uki.bbclass b/meta/classes/uki.bbclass
> > > >> new file mode 100644
> > > >> index 00..2eff387c75
> > > >> --- /dev/null
> > > >> +++ b/meta/classes/uki.bbclass
> > > >> @@ -0,0 +1,140 @@
> > > >> +#
> > > >> +# Unified kernel image (UKI) class
> > > >> +#
> > > >> +#
> > > >> +# This bbclass is designed to repack an Overlake image as a UKI, to 
> > > >> be booted on a qemuarm64 with SecureBoot
> > > >> +# signing and embedded with TPM PCR measurements.
> > > >> +#
> > > >> +# The UKI is composed by:
> > > >> +#   - an UEFI stub
> > > >> +# The linux kernel can generate a UEFI stub, however the one from 
> > > >> systemd-boot can fetch
> > > >> +# the command line from a separate section of the EFI 
> > > >> application, avoiding the need to
> > > >> +# rebuild the kernel.
> > > >> +#   - the kernel
> > > >> +#   - an initramfs
> > > >> +#   - other metadata (e.g. PCR measurements)
> > > >> +#
> > > >> +#
> > > >> +#
> > > >> +
> > > >> +# List build time dependencies
> > > >> +DEPENDS += "systemd-native \
> > > >> +sbsigntool-native \
> > > >> +virtual/${TARGET_PREFIX}binutils \
> > > >> +"
> > > >> +
> > > >> +REQUIRED_DISTRO_FEATURES += "usrmerge systemd"
> > > >> +
> > > >> +inherit features_check
> > > >> +require ../conf/image-uefi.conf
> > > >> +
> > > >> +INITRD_IMAGE ?= "core-image-minimal-initramfs"
> > > >> +
> > > >> +INITRD_LIVE ?= "${@ ('${DEPLOY_DIR_IMAGE}/' + 
> > > >> d.getVar('INITRD_IMAGE') + '-${MACHINE}.cpio.gz') if 
> > > >> d.getVar('INITRD_IMAGE') else ''}"
> > > >> +
> > > >> +UKI_CONFIG_FILE ?= "${WORKDIR}/core-image-minimal-uki.conf"
> > > >> +UKI_FILENAME ?= "${@ 'UKI.signed.efi' if d.getVar('UKI_CONFIG_FILE') 
> > > >> else 'UKI.unsigned.efi'}"
> > > >> +
> > > >> +do_uki[depends] += " \
> > > >> +systemd-boot:do_deploy \
> > > >> +virtual/kernel:do_deploy \
> > > >> + "
> > > >> +
> > > >> +# INITRD_IMAGE is added to INITRD_LIVE, which we use to create our 
> > > >> initrd, so depend on it if it is set
> > > >> +# So we want to generate the initrd image if INITRD_IMAGE exists
> > > >> +do_uki[depends] += "${@ '${INITRD_IMAGE}:do_image_complete' if 
> > > >> d.getVar('INITRD_IMAGE') else ''}"
> > > >> +
> > > >> +# ensure that the build directory is empty everytime we generate a 
> > > >> newly-created uki
> > > >> +do_uki[cleandirs] = "${B}"
> > > >> +# influence the build directory at the start of the builds
> > > >> +do_uki[dirs] = "${B}"
> > > >> +
> > > >> +# we want to allow specifying files in SRC_URI, such as for signing 
> > > >> the UKI
> > > >> +python () {
> > > >> +d.delVarFlag("do_fetch","noexec")
> > > >> +d.delVarFlag("do_unpack","noexec")
> > > >> +}
> > > >> +
> > > >> +# main task
> > > >> +python do_uki() {
> > > >> +import glob
> > > >> +import subprocess
> > > >> +
> > > >> +# Construct the ukify command
> > > >> +ukify_cmd = ("ukify build")
> > > >> +
> > > >> +# Handle the creation of an initrd image by reading and 
> > > >> concatenating multiple cpio files.
> > > >> +# If the INITRD_LIVE variable is defined and not empty, it opens 
> > > >> the necessary files, reads their contents,
> > > >> +# and constructs a list.
> > > >> +if d.getVar('INITRD_LIVE'):
> > > >> +initrd_list = ""
> > > >> +for cpio in d.getVar('INITRD_LIVE').split():
> > > >> +# get a list of initrds
> > > >> +initrd_list += cpio + ' '
> > > >> +
> > > >> +ukify_cmd += " --initrd=%s" % initrd_list
> > > >> + 

Re: [OE-core][PATCH] libxcrypt: fixed some build error for nativesdk with mingw

[Khem Raj]

On Tue, Nov 21, 2023 at 2:42 PM Richard Purdie
 wrote:
>
> On Tue, 2023-11-21 at 01:41 -0800, wenlin.k...@windriver.com via
> lists.openembedded.org wrote:
> > From: Wenlin Kang 
> >
> > Steps to reproduce
> >   1) add layer meta-mingw
> >   2) add line in local.conf
> >  SDKMACHINE = "x86_64-mingw32"
> >   3) bitbake nativesdk-libxcrypt
> >
> > Fixed:
> > 1. pedantic error
> >   | ../git/lib/crypt.c:316:24: error: ISO C does not allow extra ';' 
> > outside of a function [-Werror=pedantic]
> >   |   316 | SYMVER_crypt_gensalt_rn;
> >   |   |
> >
> > 2. conversion error
> >   | ../git/lib/util-get-random-bytes.c: In function 
> > '_crypt_get_random_bytes':
> >   | ../git/lib/util-get-random-bytes.c:140:42: error: conversion from 
> > 'size_t' {aka 'long long unsigned int'} to 'unsigned int' may change value 
> > [-Werror=conversion]
> >   |   140 |   ssize_t nread = read (fd, buf, buflen);
> >
> > Signed-off-by: Wenlin Kang 
> > ---
> >  ...dom-bytes.c-fixed-conversion-error-w.patch | 47 +++
> >  meta/recipes-core/libxcrypt/libxcrypt.inc |  6 ++-
> >  2 files changed, 52 insertions(+), 1 deletion(-)
> >  create mode 100644 
> > meta/recipes-core/libxcrypt/files/0001-lib-util-get-random-bytes.c-fixed-conversion-error-w.patch
> >
> > diff --git 
> > a/meta/recipes-core/libxcrypt/files/0001-lib-util-get-random-bytes.c-fixed-conversion-error-w.patch
> >  
> > b/meta/recipes-core/libxcrypt/files/0001-lib-util-get-random-bytes.c-fixed-conversion-error-w.patch
> > new file mode 100644
> > index 00..3846f76674
> > --- /dev/null
> > +++ 
> > b/meta/recipes-core/libxcrypt/files/0001-lib-util-get-random-bytes.c-fixed-conversion-error-w.patch
> > @@ -0,0 +1,47 @@
> > +From ff99091eb8a6b9e6edc567f6d2552183fbaacec3 Mon Sep 17 00:00:00 2001
> > +From: Wenlin Kang 
> > +Date: Mon, 6 Nov 2023 14:43:28 +0800
> > +Subject: [PATCH] lib/util-get-random-bytes.c: fixed conversion error with
> > + mingw
> > +
> > +With x86_64-w64-mingw32-gcc. get below error:
> > +| ../git/lib/util-get-random-bytes.c: In function 
> > '_crypt_get_random_bytes':
> > +| ../git/lib/util-get-random-bytes.c:140:42: error: conversion from 
> > 'size_t' {aka 'long long unsigned int'} to 'unsigned int' may change value 
> > [-Werror=conversion]
> > +|   140 |   ssize_t nread = read (fd, buf, buflen);
> > +|   |  ^~
> > +
> > +In util-get-random-bytes.c, has get_random_bytes(void *buf, size_t buflen),
> > +but in mingw-w64-mingw-w64/mingw-w64-headers/crt/io.h, read() has 
> > "unsigned int"
> > +read(int _FileHandle,void *_DstBuf,unsigned int _MaxCharCount), and has:
> > + #ifdef _WIN64
> > +   __MINGW_EXTENSION typedef unsigned __int64 size_t;
> > + #else
> > +   typedef unsigned int size_t;
> > + #endif /* _WIN64 */
> > +
> > +Upstream-Status: Pending
> > +
> > +Signed-off-by: Wenlin Kang 
> > +---
> > + lib/util-get-random-bytes.c | 4 
> > + 1 file changed, 4 insertions(+)
> > +
> > +diff --git a/lib/util-get-random-bytes.c b/lib/util-get-random-bytes.c
> > +index 79816db..68cd378 100644
> > +--- a/lib/util-get-random-bytes.c
> >  b/lib/util-get-random-bytes.c
> > +@@ -137,7 +137,11 @@ get_random_bytes(void *buf, size_t buflen)
> > + dev_urandom_doesnt_work = true;
> > +   else
> > + {
> > ++#ifdef _WIN64
> > ++  ssize_t nread = read (fd, buf, (unsigned int)buflen);
> > ++#else
> > +   ssize_t nread = read (fd, buf, buflen);
> > ++#endif
> > +   if (nread < 0 || (size_t)nread < buflen)
> > + dev_urandom_doesnt_work = true;
> > +
> > +--
> > +2.25.1
> > +
> > diff --git a/meta/recipes-core/libxcrypt/libxcrypt.inc 
> > b/meta/recipes-core/libxcrypt/libxcrypt.inc
> > index ba93d91aef..b93d56b4dc 100644
> > --- a/meta/recipes-core/libxcrypt/libxcrypt.inc
> > +++ b/meta/recipes-core/libxcrypt/libxcrypt.inc
> > @@ -13,7 +13,9 @@ SRC_URI = 
> > "git://github.com/besser82/libxcrypt.git;branch=${SRCBRANCH};protocol=
> >  SRCREV = "f531a36aa916a22ef2ce7d270ba381e264250cbf"
> >  SRCBRANCH ?= "master"
> >
> > -SRC_URI += "file://fix_cflags_handling.patch"
> > +SRC_URI += "file://fix_cflags_handling.patch \
> > +
> > file://0001-lib-util-get-random-bytes.c-fixed-conversion-error-w.patch \
> > + "
> >
> >  PROVIDES = "virtual/crypt"
> >
> > @@ -26,4 +28,6 @@ CPPFLAGS:append:class-nativesdk = " -Wno-error"
> >  API = "--disable-obsolete-api"
> >  EXTRA_OECONF += "${API}"
> >
> > +CFLAGS:append:class-nativesdk = " -Wno-pedantic"
> > +
> >  BBCLASSEXTEND = "native nativesdk"
>
> Should this go to meta-mingw instead of OE-Core? Shouldn't something be
> submitted upstream? This certainly isn't the kind of patch we want to
> carry.
>

yeah I tend to agree, even though they are backports but the nature of
fixes is very
windows specific

> Cheers,
>
> Richard
>
> 
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190995): 
https://lists.openembe

Re: [OE-core][PATCH] libxcrypt: fixed some build error for nativesdk with mingw

[Richard Purdie]

On Tue, 2023-11-21 at 01:41 -0800, wenlin.k...@windriver.com via
lists.openembedded.org wrote:
> From: Wenlin Kang 
> 
> Steps to reproduce
>   1) add layer meta-mingw
>   2) add line in local.conf
>  SDKMACHINE = "x86_64-mingw32"
>   3) bitbake nativesdk-libxcrypt
> 
> Fixed:
> 1. pedantic error
>   | ../git/lib/crypt.c:316:24: error: ISO C does not allow extra ';' outside 
> of a function [-Werror=pedantic]
>   |   316 | SYMVER_crypt_gensalt_rn;
>   |   |
> 
> 2. conversion error
>   | ../git/lib/util-get-random-bytes.c: In function '_crypt_get_random_bytes':
>   | ../git/lib/util-get-random-bytes.c:140:42: error: conversion from 
> 'size_t' {aka 'long long unsigned int'} to 'unsigned int' may change value 
> [-Werror=conversion]
>   |   140 |   ssize_t nread = read (fd, buf, buflen);
> 
> Signed-off-by: Wenlin Kang 
> ---
>  ...dom-bytes.c-fixed-conversion-error-w.patch | 47 +++
>  meta/recipes-core/libxcrypt/libxcrypt.inc |  6 ++-
>  2 files changed, 52 insertions(+), 1 deletion(-)
>  create mode 100644 
> meta/recipes-core/libxcrypt/files/0001-lib-util-get-random-bytes.c-fixed-conversion-error-w.patch
> 
> diff --git 
> a/meta/recipes-core/libxcrypt/files/0001-lib-util-get-random-bytes.c-fixed-conversion-error-w.patch
>  
> b/meta/recipes-core/libxcrypt/files/0001-lib-util-get-random-bytes.c-fixed-conversion-error-w.patch
> new file mode 100644
> index 00..3846f76674
> --- /dev/null
> +++ 
> b/meta/recipes-core/libxcrypt/files/0001-lib-util-get-random-bytes.c-fixed-conversion-error-w.patch
> @@ -0,0 +1,47 @@
> +From ff99091eb8a6b9e6edc567f6d2552183fbaacec3 Mon Sep 17 00:00:00 2001
> +From: Wenlin Kang 
> +Date: Mon, 6 Nov 2023 14:43:28 +0800
> +Subject: [PATCH] lib/util-get-random-bytes.c: fixed conversion error with
> + mingw
> +
> +With x86_64-w64-mingw32-gcc. get below error:
> +| ../git/lib/util-get-random-bytes.c: In function '_crypt_get_random_bytes':
> +| ../git/lib/util-get-random-bytes.c:140:42: error: conversion from 'size_t' 
> {aka 'long long unsigned int'} to 'unsigned int' may change value 
> [-Werror=conversion]
> +|   140 |   ssize_t nread = read (fd, buf, buflen);
> +|   |  ^~
> +
> +In util-get-random-bytes.c, has get_random_bytes(void *buf, size_t buflen),
> +but in mingw-w64-mingw-w64/mingw-w64-headers/crt/io.h, read() has "unsigned 
> int"
> +read(int _FileHandle,void *_DstBuf,unsigned int _MaxCharCount), and has:
> + #ifdef _WIN64
> +   __MINGW_EXTENSION typedef unsigned __int64 size_t;
> + #else
> +   typedef unsigned int size_t;
> + #endif /* _WIN64 */
> +
> +Upstream-Status: Pending
> +
> +Signed-off-by: Wenlin Kang 
> +---
> + lib/util-get-random-bytes.c | 4 
> + 1 file changed, 4 insertions(+)
> +
> +diff --git a/lib/util-get-random-bytes.c b/lib/util-get-random-bytes.c
> +index 79816db..68cd378 100644
> +--- a/lib/util-get-random-bytes.c
>  b/lib/util-get-random-bytes.c
> +@@ -137,7 +137,11 @@ get_random_bytes(void *buf, size_t buflen)
> + dev_urandom_doesnt_work = true;
> +   else
> + {
> ++#ifdef _WIN64
> ++  ssize_t nread = read (fd, buf, (unsigned int)buflen);
> ++#else
> +   ssize_t nread = read (fd, buf, buflen);
> ++#endif
> +   if (nread < 0 || (size_t)nread < buflen)
> + dev_urandom_doesnt_work = true;
> + 
> +-- 
> +2.25.1
> +
> diff --git a/meta/recipes-core/libxcrypt/libxcrypt.inc 
> b/meta/recipes-core/libxcrypt/libxcrypt.inc
> index ba93d91aef..b93d56b4dc 100644
> --- a/meta/recipes-core/libxcrypt/libxcrypt.inc
> +++ b/meta/recipes-core/libxcrypt/libxcrypt.inc
> @@ -13,7 +13,9 @@ SRC_URI = 
> "git://github.com/besser82/libxcrypt.git;branch=${SRCBRANCH};protocol=
>  SRCREV = "f531a36aa916a22ef2ce7d270ba381e264250cbf"
>  SRCBRANCH ?= "master"
>  
> -SRC_URI += "file://fix_cflags_handling.patch"
> +SRC_URI += "file://fix_cflags_handling.patch \
> +
> file://0001-lib-util-get-random-bytes.c-fixed-conversion-error-w.patch \
> + "
>  
>  PROVIDES = "virtual/crypt"
>  
> @@ -26,4 +28,6 @@ CPPFLAGS:append:class-nativesdk = " -Wno-error"
>  API = "--disable-obsolete-api"
>  EXTRA_OECONF += "${API}"
>  
> +CFLAGS:append:class-nativesdk = " -Wno-pedantic"
> +
>  BBCLASSEXTEND = "native nativesdk"

Should this go to meta-mingw instead of OE-Core? Shouldn't something be
submitted upstream? This certainly isn't the kind of patch we want to
carry.

Cheers,

Richard

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190994): 
https://lists.openembedded.org/g/openembedded-core/message/190994
Mute This Topic: https://lists.openembedded.org/mt/102725680/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH v2] python3-poetry-core: upgrade 1.7.0 -> 1.8.1

[Tim Orling]

https://github.com/python-poetry/poetry-core/blob/1.8.1/CHANGELOG.md#181---2023-10-31
https://github.com/python-poetry/poetry-core/blob/1.8.1/CHANGELOG.md#180---2023-10-31

License-Update: add vendored fastjsonschema (BSD-3-Clause)
License-Update: drop vendored attr,attrs,jsonschema,pyrsistent (no change to 
LICENSEs)

Signed-off-by: Tim Orling 
---
Changes in v2:
  * _Actually_ add BSD-3-Clause to LICENSE
  * Clarify that LICENSE remains valid after dropping vendored packages

 ...poetry-core_1.7.0.bb => python3-poetry-core_1.8.1.bb} | 9 +++--
 1 file changed, 3 insertions(+), 6 deletions(-)
 rename meta/recipes-devtools/python/{python3-poetry-core_1.7.0.bb => 
python3-poetry-core_1.8.1.bb} (71%)

diff --git a/meta/recipes-devtools/python/python3-poetry-core_1.7.0.bb 
b/meta/recipes-devtools/python/python3-poetry-core_1.8.1.bb
similarity index 71%
rename from meta/recipes-devtools/python/python3-poetry-core_1.7.0.bb
rename to meta/recipes-devtools/python/python3-poetry-core_1.8.1.bb
index 40b6355f4b7..fcb6d30ee00 100644
--- a/meta/recipes-devtools/python/python3-poetry-core_1.7.0.bb
+++ b/meta/recipes-devtools/python/python3-poetry-core_1.8.1.bb
@@ -4,21 +4,18 @@ HOMEPAGE = "https://github.com/python-poetry/poetry-core";
 BUGTRACKER = "https://github.com/python-poetry/poetry-core";
 CHANGELOG = 
"https://github.com/python-poetry/poetry-core/blob/master/CHANGELOG.md";
 
-LICENSE = "Apache-2.0 & BSD-2-Clause & MIT"
+LICENSE = "Apache-2.0 & BSD-2-Clause & BSD-3-Clause & MIT"
 LIC_FILES_CHKSUM = "\
 file://LICENSE;md5=78c39cfd009863ae44237a7ab1f9cedc \
-
file://src/poetry/core/_vendor/attr/_version_info.py;beginline=1;endline=1;md5=b2dccaa94b3629a08bfb4f983cad6f89
 \
-
file://src/poetry/core/_vendor/attrs/LICENSE;md5=5e55731824cf9205cfabeab9a0600887
 \
-
file://src/poetry/core/_vendor/jsonschema/COPYING;md5=7a60a81c146ec25599a3e1dabb8610a8
 \
+
file://src/poetry/core/_vendor/fastjsonschema/LICENSE;md5=18950e8362b69c0c617b42b8bd8e7532
 \
 
file://src/poetry/core/_vendor/lark/LICENSE;md5=fcfbf1e2ecc0f37acbb5871aa0267500
 \
 
file://src/poetry/core/_vendor/packaging/LICENSE;md5=faadaedca9251a90b205c9167578ce91
 \
 
file://src/poetry/core/_vendor/packaging/LICENSE.APACHE;md5=2ee41112a44fe7014dce33e26468ba93
 \
 
file://src/poetry/core/_vendor/packaging/LICENSE.BSD;md5=7bef9bf4a8e4263634d0597e7ba100b8
 \
-
file://src/poetry/core/_vendor/pyrsistent/LICENSE.mit;md5=b695eb9c6e7a6fb1b1bc2d193c42776e
 \
 
file://src/poetry/core/_vendor/tomli/LICENSE;md5=f0879d17df0110d1aa8c8c9f46f5
 \
 "
 
-SRC_URI[sha256sum] = 
"8f679b83bd9c820082637beca1204124d5d2a786e4818da47ec8acefd0353b74"
+SRC_URI[sha256sum] = 
"67a76c671da2a70e55047cddda83566035b701f7e463b32a2abfeac6e2a16376"
 
 inherit python_poetry_core pypi
 PYPI_ARCHIVE_NAME = "poetry_core-${PV}.${PYPI_PACKAGE_EXT}"
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190993): 
https://lists.openembedded.org/g/openembedded-core/message/190993
Mute This Topic: https://lists.openembedded.org/mt/102738572/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH] rust-llvm: remove python3native dependency

[Ross Burton]

On 21 Nov 2023, at 20:50, Khem Raj  wrote:
>> +# Forcibly disable the detection of these packages as otherwise
>> +# it will look at the host Python install
>> +EXTRA_OECMAKE += "\
>> +-DPY_PYGMENTS_FOUND=OFF \
>> +-DPY_PYGMENTS_LEXERS_C_CPP_FOUND=OFF \
>> +-DPY_YAML_FOUND=OFF \
> 
> is this a full list. or the one that was detected on your build host
> installation?

The full list.

Ross

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190992): 
https://lists.openembedded.org/g/openembedded-core/message/190992
Mute This Topic: https://lists.openembedded.org/mt/102728697/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH] python3-poetry-core: upgrade 1.7.0 -> 1.8.1

[Richard Purdie]

On Mon, 2023-11-20 at 13:01 -0800, Tim Orling wrote:
> https://github.com/python-poetry/poetry-core/blob/1.8.1/CHANGELOG.md#181---2023-10-31
> https://github.com/python-poetry/poetry-core/blob/1.8.1/CHANGELOG.md#180---2023-10-31
> 
> License-Update: add vendored fastjsonschema (BSD-3-Clause)

Does this mean we need to add BSD-3-Clause to LICENSE?

> License-Update: drop vendored attr,attrs,jsonschema,pyrsistent

Does this mean anything should be removed from LICENSE?

Cheers,

Richard

> 
> Signed-off-by: Tim Orling 
> ---
> 
> Tested by building python3-rdflib and python3-iso8601 for qemux86-64
> 
>  ...3-poetry-core_1.7.0.bb => python3-poetry-core_1.8.1.bb} | 7 ++-
>  1 file changed, 2 insertions(+), 5 deletions(-)
>  rename meta/recipes-devtools/python/{python3-poetry-core_1.7.0.bb => 
> python3-poetry-core_1.8.1.bb} (73%)
> 
> diff --git a/meta/recipes-devtools/python/python3-poetry-core_1.7.0.bb 
> b/meta/recipes-devtools/python/python3-poetry-core_1.8.1.bb
> similarity index 73%
> rename from meta/recipes-devtools/python/python3-poetry-core_1.7.0.bb
> rename to meta/recipes-devtools/python/python3-poetry-core_1.8.1.bb
> index 40b6355f4b7..ccfa3312747 100644
> --- a/meta/recipes-devtools/python/python3-poetry-core_1.7.0.bb
> +++ b/meta/recipes-devtools/python/python3-poetry-core_1.8.1.bb
> @@ -7,18 +7,15 @@ CHANGELOG = 
> "https://github.com/python-poetry/poetry-core/blob/master/CHANGELOG.
>  LICENSE = "Apache-2.0 & BSD-2-Clause & MIT"
>  LIC_FILES_CHKSUM = "\
>  file://LICENSE;md5=78c39cfd009863ae44237a7ab1f9cedc \
> -
> file://src/poetry/core/_vendor/attr/_version_info.py;beginline=1;endline=1;md5=b2dccaa94b3629a08bfb4f983cad6f89
>  \
> -
> file://src/poetry/core/_vendor/attrs/LICENSE;md5=5e55731824cf9205cfabeab9a0600887
>  \
> -
> file://src/poetry/core/_vendor/jsonschema/COPYING;md5=7a60a81c146ec25599a3e1dabb8610a8
>  \
> +
> file://src/poetry/core/_vendor/fastjsonschema/LICENSE;md5=18950e8362b69c0c617b42b8bd8e7532
>  \
>  
> file://src/poetry/core/_vendor/lark/LICENSE;md5=fcfbf1e2ecc0f37acbb5871aa0267500
>  \
>  
> file://src/poetry/core/_vendor/packaging/LICENSE;md5=faadaedca9251a90b205c9167578ce91
>  \
>  
> file://src/poetry/core/_vendor/packaging/LICENSE.APACHE;md5=2ee41112a44fe7014dce33e26468ba93
>  \
>  
> file://src/poetry/core/_vendor/packaging/LICENSE.BSD;md5=7bef9bf4a8e4263634d0597e7ba100b8
>  \
> -
> file://src/poetry/core/_vendor/pyrsistent/LICENSE.mit;md5=b695eb9c6e7a6fb1b1bc2d193c42776e
>  \
>  
> file://src/poetry/core/_vendor/tomli/LICENSE;md5=f0879d17df0110d1aa8c8c9f46f5
>  \
>  "
>  
> -SRC_URI[sha256sum] = 
> "8f679b83bd9c820082637beca1204124d5d2a786e4818da47ec8acefd0353b74"
> +SRC_URI[sha256sum] = 
> "67a76c671da2a70e55047cddda83566035b701f7e463b32a2abfeac6e2a16376"
>  
>  inherit python_poetry_core pypi
>  PYPI_ARCHIVE_NAME = "poetry_core-${PV}.${PYPI_PACKAGE_EXT}"


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190991): 
https://lists.openembedded.org/g/openembedded-core/message/190991
Mute This Topic: https://lists.openembedded.org/mt/102715826/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH] rust-llvm: remove python3native dependency

[Khem Raj]

On Tue, Nov 21, 2023 at 6:06 AM Ross Burton  wrote:
>
> From: Ross Burton 
>
> LLVM doesn't actually need a native Python3 as the host Python is
> sufficient, but as it then looks at the host for optional Python
> dependencies explicitly disable their detection so that rust-llvm
> remains deterministic.  As this is a minimal LLVM for Rust, we don't
> need the optviewer tool.
>
> Signed-off-by: Ross Burton 
> ---
>  meta/recipes-devtools/rust/rust-llvm_1.70.0.bb | 11 ++-
>  1 file changed, 10 insertions(+), 1 deletion(-)
>
> diff --git a/meta/recipes-devtools/rust/rust-llvm_1.70.0.bb 
> b/meta/recipes-devtools/rust/rust-llvm_1.70.0.bb
> index 09e4c65be38..57bbe79cdf1 100644
> --- a/meta/recipes-devtools/rust/rust-llvm_1.70.0.bb
> +++ b/meta/recipes-devtools/rust/rust-llvm_1.70.0.bb
> @@ -16,7 +16,7 @@ S = "${RUSTSRC}/src/llvm-project/llvm"
>
>  LIC_FILES_CHKSUM = "file://LICENSE.TXT;md5=8a15a0759ef07f2682d2ba4b893c9afe"
>
> -inherit cmake python3native
> +inherit cmake
>
>  DEPENDS += "ninja-native rust-llvm-native"
>
> @@ -47,6 +47,15 @@ EXTRA_OECMAKE = " \
>  -DLLVM_TARGET_ARCH=${TARGET_ARCH} \
>  -DCMAKE_INSTALL_PREFIX:PATH=${libdir}/llvm-rust \
>  "
> +
> +# Forcibly disable the detection of these packages as otherwise
> +# it will look at the host Python install
> +EXTRA_OECMAKE += "\
> +-DPY_PYGMENTS_FOUND=OFF \
> +-DPY_PYGMENTS_LEXERS_C_CPP_FOUND=OFF \
> +-DPY_YAML_FOUND=OFF \

is this a full list. or the one that was detected on your build host
installation?

> +"
> +
>  EXTRA_OECMAKE:append:class-target = "\
>  -DLLVM_BUILD_TOOLS=OFF \
>  -DLLVM_TABLEGEN=${STAGING_LIBDIR_NATIVE}/llvm-rust/bin/llvm-tblgen \
> --
> 2.34.1
>
>
> 
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190990): 
https://lists.openembedded.org/g/openembedded-core/message/190990
Mute This Topic: https://lists.openembedded.org/mt/102728697/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-Core] [PATCH 1/1] classes: Fix sed command line for passwd-expire

[Adam Johnston]

From: Adam Johnston 

A previous commit tried to add the --follow-symlinks option to
the perform_passwd_expire function in useradd_base.bbclass, however it used
a single -.

This is interpreted as --file=ollow-symlinks which results in...

sed: couldn't open file ollow-symlinks: No such file or directory

and...

ERROR: : passwd --expire operation did not succeed.

Fix by adding the missing -

(From OE-Core rev: 4d6c63a56c50536806b21cbe72416d8f1b84f589)

Signed-off-by:  Adam Johnston 
---
 meta/classes/useradd_base.bbclass | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/classes/useradd_base.bbclass 
b/meta/classes/useradd_base.bbclass
index f1a7a9695d..5e1c699118 100644
--- a/meta/classes/useradd_base.bbclass
+++ b/meta/classes/useradd_base.bbclass
@@ -160,7 +160,7 @@ perform_passwd_expire () {
local username=`echo "$opts" | awk '{ print $NF }'`
local user_exists="`grep "^$username:" $rootdir/etc/passwd || true`"
if test "x$user_exists" != "x"; then
-   eval flock -x $rootdir${sysconfdir} -c \"$PSEUDO sed 
-follow-symlinks -i \''s/^\('$username':[^:]*\):[^:]*:/\1:0:/'\' 
$rootdir/etc/shadow \" || true
+   eval flock -x $rootdir${sysconfdir} -c \"$PSEUDO sed 
--follow-symlinks -i \''s/^\('$username':[^:]*\):[^:]*:/\1:0:/'\' 
$rootdir/etc/shadow \" || true
local passwd_lastchanged="`grep "^$username:" 
$rootdir/etc/shadow | cut -d: -f3`"
if test "x$passwd_lastchanged" != "x0"; then
bbfatal "${PN}: passwd --expire operation did not 
succeed."

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190989): 
https://lists.openembedded.org/g/openembedded-core/message/190989
Mute This Topic: https://lists.openembedded.org/mt/102734769/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-Core] [PATCH 0/1] classes: Fix sed command line for passwd-expire

[Adam Johnston]

From: Adam Johnston 

Fixes a regression in passwd-expire, caused by a typo/syntax error when
the follow-symlinks option was added to useradd_base.bbclass

Adam Johnston (1):
  classes: Fix sed command line for passwd-expire

 meta/classes/useradd_base.bbclass | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190988): 
https://lists.openembedded.org/g/openembedded-core/message/190988
Mute This Topic: https://lists.openembedded.org/mt/102734768/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] shared-mime-info: embed PV in the filename

[Ross Burton]

From: Ross Burton 

As this recipe tracks the release tags we can embed the PV in the
filename.

Signed-off-by: Ross Burton 
---
 .../{shared-mime-info_git.bb => shared-mime-info_2.4.bb}| 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-support/shared-mime-info/{shared-mime-info_git.bb => 
shared-mime-info_2.4.bb} (98%)

diff --git a/meta/recipes-support/shared-mime-info/shared-mime-info_git.bb 
b/meta/recipes-support/shared-mime-info/shared-mime-info_2.4.bb
similarity index 98%
rename from meta/recipes-support/shared-mime-info/shared-mime-info_git.bb
rename to meta/recipes-support/shared-mime-info/shared-mime-info_2.4.bb
index 937428221ef..5ba40236096 100644
--- a/meta/recipes-support/shared-mime-info/shared-mime-info_git.bb
+++ b/meta/recipes-support/shared-mime-info/shared-mime-info_2.4.bb
@@ -10,7 +10,7 @@ DEPENDS = "libxml2 itstool-native glib-2.0 
shared-mime-info-native xmlto-native"
 
 SRC_URI = 
"git://gitlab.freedesktop.org/xdg/shared-mime-info.git;protocol=https;branch=master"
 SRCREV = "9a6d6b8e963935f145f3a1ef446552de6996dada"
-PV = "2.4"
+
 S = "${WORKDIR}/git"
 
 inherit meson pkgconfig gettext python3native mime
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190987): 
https://lists.openembedded.org/g/openembedded-core/message/190987
Mute This Topic: https://lists.openembedded.org/mt/102731088/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] Yocto Project Status 21 November 2023 (WW47)

[Neal Caidin]

Current Dev Position: YP 5.0 M1

Next Deadline: 4th December 2023 YP 5.0 M1 build

Next Team Meetings:

   -

   Bug Triage meeting Thursday November 23, 7:30 am PDT (
   https://zoom.us/j/454367603?pwd=ZGxoa2ZXL3FkM3Y0bFd5aVpHVVZ6dz09)
   -

   Weekly Project Engineering Sync Tuesday November 21st at 8 am PDT (
   https://zoom.us/j/990892712?pwd=cHU1MjhoM2x6ck81bkcrYjRrcmJsUT09)
   
   -

   Twitch -  See https://www.twitch.tv/theyoctojester


Key Status/Updates:

   -

   YP 4.0.14 and YP 3.1.29 were released
   -

   YP 4.2.4  has passed QA and under discussion pending release
   -

   Toaster news:
   -

  Testing for toaster is now starting to be enabled on the autobuilder
  although not all tests are currently passing and there are host specific
  issues.
  -

  The ability to view existing builds is being extended to allow
  debugging use of toaster even if the original build didn’t use it
  -

   In support of the above, BB_DEFAULT_EVENTLOG is being proposed as
   enabled by default in bitbake.conf so that an event log is stored for all
   builds. This could be useful for debugging outside of toaster in other
   tools too. There is a small performance/disk footprint overhead but this
   should be offset by the useful debug data.
   -

   The length of builds (world and oe-selftest) continues to be a concern.
   -

   When running the first nanbield stable series builds, our LTS maintainer
   remarked on being unable to get successful green builds. We did make
   significant improvements on the intermittent issues prior to release but
   clearly not enough unfortunately. Troubling issues include:
   -

  https://bugzilla.yoctoproject.org/show_bug.cgi?id=15005 - parsing
  failure on ubuntu2004/debian11 systems, maybe python/pthreads
related with
  host python
  -

  https://bugzilla.yoctoproject.org/show_bug.cgi?id=15166 - debuginfod
  issues (Ross has some debugging improvements pending)
  -

  Devtool “initial_rev” race issue, an example failure:
  
https://autobuilder.yoctoproject.org/typhoon/#/builders/87/builds/6082/steps/14/logs/stdio
  -

  several intermittent ptest issues
  -

   There have been several fixes for meta-openembedded reproducibility
   issues and fixes for mirroring/CVE reporting on stable release branches,
   thanks Yoann.


Ways to contribute:

   -

   As people are likely aware, the project has a number of components which
   are either unmaintained, or have people with little to no time trying to
   keep them alive. These components include: devtool, toaster, wic, oeqa,
   autobuilder, CROPs containers, pseudo and more. Many have open bugs. Help
   is welcome in trying to better look after these components!
   -

   There are bugs identified as possible for newcomers to the project:
   https://wiki.yoctoproject.org/wiki/Newcomers
   -

   There are bugs that are currently unassigned for YP 4.3. See:
   
https://wiki.yoctoproject.org/wiki/Bug_Triage#Medium.2B_4.3_Unassigned_Enhancements.2FBugs
   -

   We’d welcome new maintainers for recipes in OE-Core. Please see the list
   at:
   
http://git.yoctoproject.org/cgit.cgi/poky/tree/meta/conf/distro/include/maintainers.inc
   and discuss with the existing maintainer, or ask on the OE-Core mailing
   list. We will likely move a chunk of these to “Unassigned” soon to help
   facilitate this.
   -

   Help is very much welcome in trying to resolve our autobuilder
   intermittent issues. You can see the list of failures we’re continuing to
   see by searching for the “AB-INT” tag in bugzilla:
   https://bugzilla.yoctoproject.org/buglist.cgi?quicksearch=AB-INT.
   -

   Help us resolve CVE issues: CVE metrics
   
   -

   We have a growing number of bugs in bugzilla, any help with them is
   appreciated.


YP 5.0 Milestone Dates:

   -

   YP 5.0 M1 build date 2023/12/04
   -

   YP 5.0 M1 Release date 2023/12/15
   -

   YP 5.0 M2 build date  2024/01/15
   -

   YP 5.0 M2 Release date 2024/01/24
   -

   YP 5.0 M3 build date  2024/02/19
   -

   YP 5.0 M3 Release date 2024/03/01
   -

   YP 5.0 M4 build date  2024/04/01
   -

   YP 5.0 M4 Release date 2024/04/30


Upcoming dot releases:

   -

   YP 3.1.29 build date 2023/10/30
   -

   YP 3.1.29 Release date 2023/11/10
   -

   YP 4.0.14 build date 2023/11/06
   -

   YP 4.0.14 Release date 2023/11/17
   -

   YP 4.2.4 build date 2023/11/13
   -

   YP 4.2.4 Release date 2023/11/24
   -

   YP 4.3.1 build date 2023/11/27
   -

   YP 4.3.1 Release date 2023/12/08
   -

   YP 3.1.30 build date 2023/12/11
   -

   YP 3.1.30 Release date 2023/12/22
   -

   YP 4.0.15 build date 2023/12/18
   -

   YP 4.0.15 Release date 2023/12/29
   -

   YP 4.3.2 build date 2024/01/08
   -

   YP 4.3.2 Release date 2024/01/19
   -

   YP 3.1.31 build date 2024/01/22
   -

   YP 3.1.31 Release date 2024/02/02
   -

   YP 4.0.16 build da

Re: [OE-core] [PATCH] uki: Add support for building Unified Kernel Images

[Erik Schilling]

> > +BBCLASSEXTEND += "native"
>
> We've long avoided a systemd-native recipe as the meaning can be easily
> confused and I'm not thrilled to be adding one now.
>
> Perhaps this should be as a separate systemd-tools-native recipe to
> make it clear this isn't full systemd?

There is another catch: ukify depends on sbsign for some options. Here,
this dependency is not expressed as RDEPENDS on the systemd
components but only on the uki class. That of course gets around the
meta-security-core dependency for systemd, but not sure how pretty that
is.

So we got:
* python3-pefile in meta-python
* sbsigntool in meta-signing-key [meta-security-core]

It looks like we have these options:

1. Add the systemd-tools (or however we call it) recipe and the uki
   class in meta-signing-key or friends.

   This might become a bit icky with different systemd recipes scattered
   over different repos...

2. Do not put a RDEPENDS += "sbsigntool" into the systemd-tools recipe.
   Move python3-pefile to oe-core.

   This means that some ukify options will fail. Users will need to add
   [R]DEPENDS on their recipes if they want signing. This would allow
   adding the systemd-tools recipe in oe-core while adding the rest in
   meta-security-core.

3. Also move the signing tools to oe-core.

   Next to the python module, this also requires to move sbsigntool
   to oe-core... In the end it allows to set the RDEPENDS in
   systemd-tools.

I got no particular strong feeling on any of those outcomes... Any
opinions? 🤔

- Erik


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190984): 
https://lists.openembedded.org/g/openembedded-core/message/190984
Mute This Topic: https://lists.openembedded.org/mt/101106095/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] lib/oe/patch: ensure os.chdir restoring always happens

[Ross Burton]

From: Ross Burton 

If we chdir(), do the chdir back to the original directory in a finally
block so they always run.

Signed-off-by: Ross Burton 
---
 meta/lib/oe/patch.py | 7 ---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/meta/lib/oe/patch.py b/meta/lib/oe/patch.py
index ff9afc9df9f..9b480b2b285 100644
--- a/meta/lib/oe/patch.py
+++ b/meta/lib/oe/patch.py
@@ -772,8 +772,9 @@ class NOOPResolver(Resolver):
 self.patchset.Push()
 except Exception:
 import sys
-os.chdir(olddir)
 raise
+finally:
+os.chdir(olddir)
 
 # Patch resolver which relies on the user doing all the work involved in the
 # resolution, with the exception of refreshing the remote copy of the patch
@@ -833,9 +834,9 @@ class UserResolver(Resolver):
 # User did not fix the problem.  Abort.
 raise PatchError("Patch application failed, and 
user did not fix and refresh the patch.")
 except Exception:
-os.chdir(olddir)
 raise
-os.chdir(olddir)
+finally:
+os.chdir(olddir)
 
 
 def patch_path(url, fetch, workdir, expand=True):
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190983): 
https://lists.openembedded.org/g/openembedded-core/message/190983
Mute This Topic: https://lists.openembedded.org/mt/102728700/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] rust-llvm: remove python3native dependency

[Ross Burton]

From: Ross Burton 

LLVM doesn't actually need a native Python3 as the host Python is
sufficient, but as it then looks at the host for optional Python
dependencies explicitly disable their detection so that rust-llvm
remains deterministic.  As this is a minimal LLVM for Rust, we don't
need the optviewer tool.

Signed-off-by: Ross Burton 
---
 meta/recipes-devtools/rust/rust-llvm_1.70.0.bb | 11 ++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/meta/recipes-devtools/rust/rust-llvm_1.70.0.bb 
b/meta/recipes-devtools/rust/rust-llvm_1.70.0.bb
index 09e4c65be38..57bbe79cdf1 100644
--- a/meta/recipes-devtools/rust/rust-llvm_1.70.0.bb
+++ b/meta/recipes-devtools/rust/rust-llvm_1.70.0.bb
@@ -16,7 +16,7 @@ S = "${RUSTSRC}/src/llvm-project/llvm"
 
 LIC_FILES_CHKSUM = "file://LICENSE.TXT;md5=8a15a0759ef07f2682d2ba4b893c9afe"
 
-inherit cmake python3native
+inherit cmake
 
 DEPENDS += "ninja-native rust-llvm-native"
 
@@ -47,6 +47,15 @@ EXTRA_OECMAKE = " \
 -DLLVM_TARGET_ARCH=${TARGET_ARCH} \
 -DCMAKE_INSTALL_PREFIX:PATH=${libdir}/llvm-rust \
 "
+
+# Forcibly disable the detection of these packages as otherwise
+# it will look at the host Python install
+EXTRA_OECMAKE += "\
+-DPY_PYGMENTS_FOUND=OFF \
+-DPY_PYGMENTS_LEXERS_C_CPP_FOUND=OFF \
+-DPY_YAML_FOUND=OFF \
+"
+
 EXTRA_OECMAKE:append:class-target = "\
 -DLLVM_BUILD_TOOLS=OFF \
 -DLLVM_TABLEGEN=${STAGING_LIBDIR_NATIVE}/llvm-rust/bin/llvm-tblgen \
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190982): 
https://lists.openembedded.org/g/openembedded-core/message/190982
Mute This Topic: https://lists.openembedded.org/mt/102728697/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] vim: use upstream generated .po files

[Steve Sakoman]

A previous commit attempted to fix reproducibility errors by forcing
regeneration of .po files. Unfortunately this triggered a different
type of reproducibility issue.

Work around this by adjusting the timestamps of the troublesome .po
files so they are not regenerated and we use the shipped upstream
versions of the files.

The shipped version of ru.cp1251.po doesn't seem to have been created
with the vim tooling and specifies CP1251 instead of cp1251, fix that.

Signed-off-by: Steve Sakoman 
---
 meta/recipes-support/vim/vim.inc | 6 --
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc
index 38212a1fa6..888f8f0e5a 100644
--- a/meta/recipes-support/vim/vim.inc
+++ b/meta/recipes-support/vim/vim.inc
@@ -40,8 +40,10 @@ do_configure () {
 cd src
 rm -f auto/*
 touch auto/config.mk
-# git timestamps aren't reliable and we want to consistently regenerate 
these generated files
-rm -f po/cs.cp1250.po po/ja.euc-jp.po po/ja.sjis.po po/ko.po 
po/pl.UTF-8.po po/pl.cp1250.po po/ru.cp1251.po po/sk.cp1250.po po/uk.cp1251.po 
po/zh_CN.po po/zh_CN.cp936.po po/zh_TW.po
+# git timestamps aren't reliable, so touch the shipped .po files so they 
aren't regenerated
+touch -c po/cs.cp1250.po po/ja.euc-jp.po po/ja.sjis.po po/ko.po 
po/pl.UTF-8.po po/pl.cp1250.po po/ru.cp1251.po po/sk.cp1250.po po/uk.cp1251.po 
po/zh_CN.po po/zh_CN.cp936.po po/zh_TW.po
+# ru.cp1251.po uses CP1251 rather than cp1251, fix that
+sed -i -e s/CP1251/cp1251/ po/ru.cp1251.po
 aclocal
 autoconf
 cd ..
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190981): 
https://lists.openembedded.org/g/openembedded-core/message/190981
Mute This Topic: https://lists.openembedded.org/mt/102728496/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core][master][PATCH] ptest-packagelists: Add sdbus-c++

[Alexander Kanavin]

And it's already in corresponding list as well in meta-oe/confi/include/

Alex

On Tue, 21 Nov 2023 at 14:28, Vyacheslav Yurkov  wrote:
>
> On 21.11.2023 14:24, Alexander Kanavin wrote:
> > On Tue, 21 Nov 2023 at 14:22, Poonam Jadhav  wrote:
> >
> >
> >> Add sdbus-c++ in ptest-packagelists to run ptest
> > sdbus-c++ is not in oe-core, and so cannot be added. You need to add
> > it to the list via .bbappend or a custom image recipe.
> >
> > Alex
>
> It's in meta-oe. Please resend it to
> openembedded-de...@lists.openembedded.org
>
> Slava

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190980): 
https://lists.openembedded.org/g/openembedded-core/message/190980
Mute This Topic: https://lists.openembedded.org/mt/102727832/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core][master][PATCH] ptest-packagelists: Add sdbus-c++

[Vyacheslav Yurkov]

On 21.11.2023 14:24, Alexander Kanavin wrote:

On Tue, 21 Nov 2023 at 14:22, Poonam Jadhav  wrote:



Add sdbus-c++ in ptest-packagelists to run ptest

sdbus-c++ is not in oe-core, and so cannot be added. You need to add
it to the list via .bbappend or a custom image recipe.

Alex


It's in meta-oe. Please resend it to 
openembedded-de...@lists.openembedded.org


Slava

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190979): 
https://lists.openembedded.org/g/openembedded-core/message/190979
Mute This Topic: https://lists.openembedded.org/mt/102727832/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] kernel-arch: use ccache only for compiler

[Javier Tia]

Attempting to use it with other tools is not beneficial, only with the
compiler. Confirmation from ccache's maintainer [1].

[1] https://github.com/ccache/ccache/discussions/1346#discussioncomment-7616180

Signed-off-by: Javier Tia 
---
 meta/classes-recipe/kernel-arch.bbclass | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/meta/classes-recipe/kernel-arch.bbclass 
b/meta/classes-recipe/kernel-arch.bbclass
index 6a50bbfd42..404f2e7061 100644
--- a/meta/classes-recipe/kernel-arch.bbclass
+++ b/meta/classes-recipe/kernel-arch.bbclass
@@ -74,8 +74,8 @@ TARGET_STRIP_KERNEL_ARCH ?= ""
 HOST_STRIP_KERNEL_ARCH ?= "${TARGET_STRIP_KERNEL_ARCH}"

 KERNEL_CC = "${CCACHE}${HOST_PREFIX}gcc ${HOST_CC_KERNEL_ARCH} -fuse-ld=bfd 
${DEBUG_PREFIX_MAP} -fdebug-prefix-map=${STAGING_KERNEL_DIR}=${KERNEL_SRC_PATH} 
-fdebug-prefix-map=${STAGING_KERNEL_BUILDDIR}=${KERNEL_SRC_PATH}"
-KERNEL_LD = "${CCACHE}${HOST_PREFIX}ld.bfd ${HOST_LD_KERNEL_ARCH}"
-KERNEL_AR = "${CCACHE}${HOST_PREFIX}ar ${HOST_AR_KERNEL_ARCH}"
-KERNEL_OBJCOPY = "${CCACHE}${HOST_PREFIX}objcopy ${HOST_OBJCOPY_KERNEL_ARCH}"
+KERNEL_LD = "${HOST_PREFIX}ld.bfd ${HOST_LD_KERNEL_ARCH}"
+KERNEL_AR = "${HOST_PREFIX}ar ${HOST_AR_KERNEL_ARCH}"
+KERNEL_OBJCOPY = "${HOST_PREFIX}objcopy ${HOST_OBJCOPY_KERNEL_ARCH}"
 KERNEL_STRIP = "${HOST_PREFIX}strip ${HOST_STRIP_KERNEL_ARCH}"
 TOOLCHAIN ?= "gcc"
-- 
2.42.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190978): 
https://lists.openembedded.org/g/openembedded-core/message/190978
Mute This Topic: https://lists.openembedded.org/mt/102727941/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core][kirkstone][PATCH] ptest-packagelists: Add sdbus-c++ ptest

[Alexander Kanavin]

Same comment as for the master patch.

Alex

On Tue, 21 Nov 2023 at 14:24, Poonam Jadhav  wrote:
>
> From: Poonam Jadhav 
>
> Add sdbus-c++-ptest in ptest-packagelists to run ptest
>
> Signed-off-by: Poonam Jadhav 
> ---
>  meta/conf/distro/include/ptest-packagelists.inc | 1 +
>  1 file changed, 1 insertion(+)
>
> diff --git a/meta/conf/distro/include/ptest-packagelists.inc 
> b/meta/conf/distro/include/ptest-packagelists.inc
> index 5c6a30635f..f8047b27ed 100644
> --- a/meta/conf/distro/include/ptest-packagelists.inc
> +++ b/meta/conf/distro/include/ptest-packagelists.inc
> @@ -65,6 +65,7 @@ PTESTS_FAST = "\
>  python3-webcolors-ptest \
>  qemu-ptest \
>  quilt-ptest \
> +sdbus-c++-ptest \
>  sed-ptest \
>  slang-ptest \
>  wayland-ptest \
> --
> 2.25.1
>
>
> 
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190977): 
https://lists.openembedded.org/g/openembedded-core/message/190977
Mute This Topic: https://lists.openembedded.org/mt/102727878/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core][master][PATCH] ptest-packagelists: Add sdbus-c++

[Alexander Kanavin]

On Tue, 21 Nov 2023 at 14:22, Poonam Jadhav  wrote:


> Add sdbus-c++ in ptest-packagelists to run ptest

sdbus-c++ is not in oe-core, and so cannot be added. You need to add
it to the list via .bbappend or a custom image recipe.

Alex

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190976): 
https://lists.openembedded.org/g/openembedded-core/message/190976
Mute This Topic: https://lists.openembedded.org/mt/102727832/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone][PATCH] ptest-packagelists: Add sdbus-c++ ptest

[Poonam Jadhav]

From: Poonam Jadhav 

Add sdbus-c++-ptest in ptest-packagelists to run ptest

Signed-off-by: Poonam Jadhav 
---
 meta/conf/distro/include/ptest-packagelists.inc | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/conf/distro/include/ptest-packagelists.inc 
b/meta/conf/distro/include/ptest-packagelists.inc
index 5c6a30635f..f8047b27ed 100644
--- a/meta/conf/distro/include/ptest-packagelists.inc
+++ b/meta/conf/distro/include/ptest-packagelists.inc
@@ -65,6 +65,7 @@ PTESTS_FAST = "\
 python3-webcolors-ptest \
 qemu-ptest \
 quilt-ptest \
+sdbus-c++-ptest \
 sed-ptest \
 slang-ptest \
 wayland-ptest \
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190975): 
https://lists.openembedded.org/g/openembedded-core/message/190975
Mute This Topic: https://lists.openembedded.org/mt/102727878/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][master][PATCH] ptest-packagelists: Add sdbus-c++

[Poonam Jadhav]

From: Poonam Jadhav 

Add sdbus-c++ in ptest-packagelists to run ptest

Signed-off-by: Poonam Jadhav 
---
 meta/conf/distro/include/ptest-packagelists.inc | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/conf/distro/include/ptest-packagelists.inc 
b/meta/conf/distro/include/ptest-packagelists.inc
index 7ca23cb4f0..c75164da16 100644
--- a/meta/conf/distro/include/ptest-packagelists.inc
+++ b/meta/conf/distro/include/ptest-packagelists.inc
@@ -72,6 +72,7 @@ PTESTS_FAST = "\
 python3-webcolors \
 qemu \
 quilt \
+sdbus-c++ \
 sed \
 slang \
 wayland \
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190974): 
https://lists.openembedded.org/g/openembedded-core/message/190974
Mute This Topic: https://lists.openembedded.org/mt/102727832/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH v2] oeqa/selftest/debuginfod: improve selftest

[Ross Burton]

From: Ross Burton 

This test was occasionally failing for no obvious reason, so refactor
and improve:

- While waiting for the daemon, check that it is still running and
  explicitly timeout after 10s when making the HTTP call.

- While waiting for the daemon to be ready, log the current state of the
  daemon so we can tell if we're timing out as it is still scanning.

- This was in fact the cause of the intermittant failures, because the
  TMPDIR is reused between tests and may contain a large number of
  packages. Do the tests in an isolated TMPDIR to hopefully mitigate this
  issue and increase the timeout to two minutes.

- Decorate the test using runqemu as such so that can be skipped in
  environments without runqemu

- Add a second test that doesn't use runqemu or images, which is faster
  but less realistic.

Signed-off-by: Ross Burton 
---
 meta/lib/oeqa/selftest/cases/debuginfod.py | 124 +++--
 1 file changed, 88 insertions(+), 36 deletions(-)

diff --git a/meta/lib/oeqa/selftest/cases/debuginfod.py 
b/meta/lib/oeqa/selftest/cases/debuginfod.py
index 37f51760fbc..505b4be8373 100644
--- a/meta/lib/oeqa/selftest/cases/debuginfod.py
+++ b/meta/lib/oeqa/selftest/cases/debuginfod.py
@@ -6,7 +6,11 @@
 import os
 import socketserver
 import subprocess
+import time
+import urllib
+import pathlib
 
+from oeqa.core.decorator import OETestTag
 from oeqa.selftest.case import OESelftestTestCase
 from oeqa.utils.commands import bitbake, get_bb_var, runqemu
 
@@ -21,39 +25,54 @@ class Debuginfod(OESelftestTestCase):
 Request the metrics endpoint periodically and wait for there to be no
 busy scanning threads.
 
-Returns True if debuginfod is ready, False if we timed out
+Returns if debuginfod is ready, raises an exception if not within the
+timeout.
 """
-import time, urllib
 
-# Wait a minute
-countdown = 6
-delay = 10
+# Wait two minutes
+countdown = 24
+delay = 5
+latest = None
 
 while countdown:
+self.logger.info("waiting...")
 time.sleep(delay)
+
+self.logger.info("polling server")
+if self.debuginfod.poll():
+self.logger.info("server dead")
+self.debuginfod.communicate()
+self.fail("debuginfod terminated unexpectedly")
+self.logger.info("server alive")
+
 try:
-with urllib.request.urlopen("http://localhost:%d/metrics"; % 
port) as f:
-lines = f.read().decode("ascii").splitlines()
-if "thread_busy{role=\"scan\"} 0" in lines:
-return True
+with urllib.request.urlopen("http://localhost:%d/metrics"; % 
port, timeout=10) as f:
+for line in f.read().decode("ascii").splitlines():
+key, value = line.rsplit(" ", 1)
+if key == "thread_busy{role=\"scan\"}":
+latest = int(value)
+self.logger.info("Waiting for %d scan jobs to 
finish" % latest)
+if latest == 0:
+return
 except urllib.error.URLError as e:
+# TODO: how to catch just timeouts?
 self.logger.error(e)
+
 countdown -= 1
-return False
 
+raise TimeoutError("Cannot connect debuginfod, still %d scan jobs 
running" % latest)
 
-def test_debuginfod(self):
-self.write_config(
-"""
-DISTRO_FEATURES:append = " debuginfod"
-CORE_IMAGE_EXTRA_INSTALL += "elfutils"
-"""
-)
-bitbake("core-image-minimal elfutils-native:do_addto_recipe_sysroot")
+def start_debuginfod(self):
+# We assume that the caller has already bitbake'd 
elfutils-native:do_addto_recipe_sysroot
+
+# Save some useful paths for later
+native_sysroot = pathlib.Path(get_bb_var("RECIPE_SYSROOT_NATIVE", 
"elfutils-native"))
+native_bindir = native_sysroot / "usr" / "bin"
+self.debuginfod = native_bindir / "debuginfod"
+self.debuginfod_find = native_bindir / "debuginfod-find"
 
-native_sysroot = get_bb_var("RECIPE_SYSROOT_NATIVE", "elfutils-native")
 cmd = [
-os.path.join(native_sysroot, "usr", "bin", "debuginfod"),
+self.debuginfod,
 "--verbose",
 # In-memory database, this is a one-shot test
 "--database=:memory:",
@@ -76,31 +95,64 @@ CORE_IMAGE_EXTRA_INSTALL += "elfutils"
 else:
 self.fail("Unknown package class %s" % format)
 
-# Find a free port
+# Find a free port. Racey but the window is small.
 with socketserver.TCPServer(("localhost", 0), None) as s:
-port = s.server_address[1]
-cmd.append("--port=%d" % port)
+self.port = s.server_address[1]
+ 

Re: [OE-core] [PATCH] package: split strip cmd when ccache is used

[Javier Tia]

On 11/20/23 10:06, Martin Jansa wrote:


It was already removed from KERNEL_STRIP in:
https://git.openembedded.org/openembedded-core/commit/?id=41f019afc41f800b622c46a6d7cf1beffc97716a
 




Oh, great! Submitting a difference change as CCACHE need to be removed 
from the rest of tooling like LD and AR. Keeping only the compiler.


Thanks,
» Javier Tia 🖋


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190972): 
https://lists.openembedded.org/g/openembedded-core/message/190972
Mute This Topic: https://lists.openembedded.org/mt/102291706/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] binutils: Fix CVE-2022-47007

[Hemraj, Deepthi via lists.openembedded.org]

From: Deepthi Hemraj 

Signed-off-by: Deepthi Hemraj 
---
 .../binutils/binutils-2.41.inc|  1 +
 .../binutils/0016-CVE-2022-47007.patch| 35 +++
 2 files changed, 36 insertions(+)
 create mode 100644 
meta/recipes-devtools/binutils/binutils/0016-CVE-2022-47007.patch

diff --git a/meta/recipes-devtools/binutils/binutils-2.41.inc 
b/meta/recipes-devtools/binutils/binutils-2.41.inc
index b4934c02a8..bba87abba2 100644
--- a/meta/recipes-devtools/binutils/binutils-2.41.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.41.inc
@@ -34,5 +34,6 @@ SRC_URI = "\
  file://0013-Define-alignof-using-_Alignof-when-using-C11-or-newe.patch \
  file://0014-Remove-duplicate-pe-dll.o-entry-deom-targ_extra_ofil.patch \
  file://0015-gprofng-Fix-build-with-64bit-file-offset-on-32bit-ma.patch \
+ file://0016-CVE-2022-47007.patch \
 "
 S  = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/0016-CVE-2022-47007.patch 
b/meta/recipes-devtools/binutils/binutils/0016-CVE-2022-47007.patch
new file mode 100644
index 00..75ad6ad3ba
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0016-CVE-2022-47007.patch
@@ -0,0 +1,35 @@
+From: Alan Modra 
+Date: Thu, 16 Jun 2022 23:30:41 + (+0930)
+Subject: PR29254, memory leak in stab_demangle_v3_arg
+X-Git-Tag: binutils-2_39~237
+X-Git-Url: 
https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=0ebc886149c22aceaf8ed74267821a59ca9d03eb
+
+PR29254, memory leak in stab_demangle_v3_arg
+
+   PR 29254
+   * stabs.c (stab_demangle_v3_arg): Free dt on failure path.
+
+Upstream-Status: Backport 
[https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=0ebc886149c22aceaf8ed74267821a59ca9d03eb]
+
+CVE: CVE-2022-47007
+
+Signed-off-by: Deepthi Hemraj 
+
+---
+
+diff --git a/binutils/stabs.c b/binutils/stabs.c
+index 2b5241637c1..796ff85b86a 100644
+--- a/binutils/stabs.c
 b/binutils/stabs.c
+@@ -5467,7 +5467,10 @@ stab_demangle_v3_arg (void *dhandle, struct stab_handle 
*info,
+ dc->u.s_binary.right,
+ &varargs);
+   if (pargs == NULL)
+-return NULL;
++{
++  free (dt);
++  return NULL;
++}
+ 
+   return debug_make_function_type (dhandle, dt, pargs, varargs);
+   }
-- 
2.42.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190971): 
https://lists.openembedded.org/g/openembedded-core/message/190971
Mute This Topic: https://lists.openembedded.org/mt/102726758/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [kirkstone][PATCH V2 2/2] binutils: Fix CVE-2022-48064

[Hemraj, Deepthi via lists.openembedded.org]

From: Deepthi Hemraj 

Signed-off-by: Deepthi Hemraj 
---
 .../binutils/binutils-2.38.inc|  1 +
 .../binutils/0034-CVE-2022-48064.patch| 57 +++
 2 files changed, 58 insertions(+)
 create mode 100644 
meta/recipes-devtools/binutils/binutils/0034-CVE-2022-48064.patch

diff --git a/meta/recipes-devtools/binutils/binutils-2.38.inc 
b/meta/recipes-devtools/binutils/binutils-2.38.inc
index dc29141812..3787063cba 100644
--- a/meta/recipes-devtools/binutils/binutils-2.38.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.38.inc
@@ -68,5 +68,6 @@ SRC_URI = "\
  file://CVE-2022-48063.patch \
  file://0032-CVE-2022-47010.patch \
  file://0033-CVE-2022-47007.patch \
+ file://0034-CVE-2022-48064.patch \
 "
 S  = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/0034-CVE-2022-48064.patch 
b/meta/recipes-devtools/binutils/binutils/0034-CVE-2022-48064.patch
new file mode 100644
index 00..b0840366c7
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0034-CVE-2022-48064.patch
@@ -0,0 +1,57 @@
+From: Alan Modra 
+Date: Tue, 20 Dec 2022 13:17:03 + (+1030)
+Subject: PR29922, SHT_NOBITS section avoids section size sanity check
+X-Git-Tag: binutils-2_40~202
+X-Git-Url: 
https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=8f2c64de86bc3d7556121fe296dd679000283931
+
+PR29922, SHT_NOBITS section avoids section size sanity check
+
+   PR 29922
+   * dwarf2.c (find_debug_info): Ignore sections without
+   SEC_HAS_CONTENTS.
+
+Upstream-Status: Backport 
[https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=8f2c64de86bc3d7556121fe296dd679000283931]
+
+CVE: CVE-2022-48064
+
+Signed-off-by: Deepthi Hemraj 
+
+---
+
+diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c
+index 95f45708e9d..0cd8152ee6e 100644
+--- a/bfd/dwarf2.c
 b/bfd/dwarf2.c
+@@ -4831,16 +4831,19 @@ find_debug_info (bfd *abfd, const struct 
dwarf_debug_section *debug_sections,
+ {
+   look = debug_sections[debug_info].uncompressed_name;
+   msec = bfd_get_section_by_name (abfd, look);
+-  if (msec != NULL)
++  /* Testing SEC_HAS_CONTENTS is an anti-fuzzer measure.  Of
++   course debug sections always have contents.  */
++  if (msec != NULL && (msec->flags & SEC_HAS_CONTENTS) != 0)
+   return msec;
+ 
+   look = debug_sections[debug_info].compressed_name;
+   msec = bfd_get_section_by_name (abfd, look);
+-  if (msec != NULL)
++  if (msec != NULL && (msec->flags & SEC_HAS_CONTENTS) != 0)
+ return msec;
+ 
+   for (msec = abfd->sections; msec != NULL; msec = msec->next)
+-  if (startswith (msec->name, GNU_LINKONCE_INFO))
++  if ((msec->flags & SEC_HAS_CONTENTS) != 0
++  && startswith (msec->name, GNU_LINKONCE_INFO))
+ return msec;
+ 
+   return NULL;
+@@ -4848,6 +4851,9 @@ find_debug_info (bfd *abfd, const struct 
dwarf_debug_section *debug_sections,
+ 
+   for (msec = after_sec->next; msec != NULL; msec = msec->next)
+ {
++  if ((msec->flags & SEC_HAS_CONTENTS) == 0)
++  continue;
++
+   look = debug_sections[debug_info].uncompressed_name;
+   if (strcmp (msec->name, look) == 0)
+   return msec;
-- 
2.42.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190970): 
https://lists.openembedded.org/g/openembedded-core/message/190970
Mute This Topic: https://lists.openembedded.org/mt/102726708/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [kirkstone][PATCH V2 1/2] binutils: Fix CVE-2022-47007

[Hemraj, Deepthi via lists.openembedded.org]

From: Deepthi Hemraj 

Signed-off-by: Deepthi Hemraj 
---
 .../binutils/binutils-2.38.inc|  1 +
 .../binutils/0033-CVE-2022-47007.patch| 34 +++
 2 files changed, 35 insertions(+)
 create mode 100644 
meta/recipes-devtools/binutils/binutils/0033-CVE-2022-47007.patch

diff --git a/meta/recipes-devtools/binutils/binutils-2.38.inc 
b/meta/recipes-devtools/binutils/binutils-2.38.inc
index 43cc97f1ef..dc29141812 100644
--- a/meta/recipes-devtools/binutils/binutils-2.38.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.38.inc
@@ -67,5 +67,6 @@ SRC_URI = "\
  file://0031-CVE-2022-47695.patch \
  file://CVE-2022-48063.patch \
  file://0032-CVE-2022-47010.patch \
+ file://0033-CVE-2022-47007.patch \
 "
 S  = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/0033-CVE-2022-47007.patch 
b/meta/recipes-devtools/binutils/binutils/0033-CVE-2022-47007.patch
new file mode 100644
index 00..cc6dfe684b
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0033-CVE-2022-47007.patch
@@ -0,0 +1,34 @@
+From: Alan Modra 
+Date: Thu, 16 Jun 2022 23:30:41 + (+0930)
+Subject: PR29254, memory leak in stab_demangle_v3_arg
+X-Git-Tag: binutils-2_39~237
+X-Git-Url: 
https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=0ebc886149c22aceaf8ed74267821a59ca9d03eb
+
+PR29254, memory leak in stab_demangle_v3_arg
+
+   PR 29254
+   * stabs.c (stab_demangle_v3_arg): Free dt on failure path.
+
+Upstream-Status: Backport 
[https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=0ebc886149c22aceaf8ed74267821a59ca9d03eb]
+
+CVE: CVE-2022-47007
+
+Signed-off-by: Deepthi Hemraj 
+---
+
+diff --git a/binutils/stabs.c b/binutils/stabs.c
+index 2b5241637c1..796ff85b86a 100644
+--- a/binutils/stabs.c
 b/binutils/stabs.c
+@@ -5467,7 +5467,10 @@ stab_demangle_v3_arg (void *dhandle, struct stab_handle 
*info,
+ dc->u.s_binary.right,
+ &varargs);
+   if (pargs == NULL)
+-return NULL;
++{
++  free (dt);
++  return NULL;
++}
+
+   return debug_make_function_type (dhandle, dt, pargs, varargs);
+   }
-- 
2.42.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190969): 
https://lists.openembedded.org/g/openembedded-core/message/190969
Mute This Topic: https://lists.openembedded.org/mt/102726707/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [kirkstone][PATCH] binutils: Fix CVE-2022-48064

[Hemraj, Deepthi via lists.openembedded.org]

From: Deepthi Hemraj 

Signed-off-by: Deepthi Hemraj 
---
 .../binutils/binutils-2.38.inc|  1 +
 .../binutils/0034-CVE-2022-48064.patch| 57 +++
 2 files changed, 58 insertions(+)
 create mode 100644 
meta/recipes-devtools/binutils/binutils/0034-CVE-2022-48064.patch

diff --git a/meta/recipes-devtools/binutils/binutils-2.38.inc 
b/meta/recipes-devtools/binutils/binutils-2.38.inc
index dc29141812..3787063cba 100644
--- a/meta/recipes-devtools/binutils/binutils-2.38.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.38.inc
@@ -68,5 +68,6 @@ SRC_URI = "\
  file://CVE-2022-48063.patch \
  file://0032-CVE-2022-47010.patch \
  file://0033-CVE-2022-47007.patch \
+ file://0034-CVE-2022-48064.patch \
 "
 S  = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/0034-CVE-2022-48064.patch 
b/meta/recipes-devtools/binutils/binutils/0034-CVE-2022-48064.patch
new file mode 100644
index 00..b0840366c7
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0034-CVE-2022-48064.patch
@@ -0,0 +1,57 @@
+From: Alan Modra 
+Date: Tue, 20 Dec 2022 13:17:03 + (+1030)
+Subject: PR29922, SHT_NOBITS section avoids section size sanity check
+X-Git-Tag: binutils-2_40~202
+X-Git-Url: 
https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=8f2c64de86bc3d7556121fe296dd679000283931
+
+PR29922, SHT_NOBITS section avoids section size sanity check
+
+   PR 29922
+   * dwarf2.c (find_debug_info): Ignore sections without
+   SEC_HAS_CONTENTS.
+
+Upstream-Status: Backport 
[https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=8f2c64de86bc3d7556121fe296dd679000283931]
+
+CVE: CVE-2022-48064
+
+Signed-off-by: Deepthi Hemraj 
+
+---
+
+diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c
+index 95f45708e9d..0cd8152ee6e 100644
+--- a/bfd/dwarf2.c
 b/bfd/dwarf2.c
+@@ -4831,16 +4831,19 @@ find_debug_info (bfd *abfd, const struct 
dwarf_debug_section *debug_sections,
+ {
+   look = debug_sections[debug_info].uncompressed_name;
+   msec = bfd_get_section_by_name (abfd, look);
+-  if (msec != NULL)
++  /* Testing SEC_HAS_CONTENTS is an anti-fuzzer measure.  Of
++   course debug sections always have contents.  */
++  if (msec != NULL && (msec->flags & SEC_HAS_CONTENTS) != 0)
+   return msec;
+ 
+   look = debug_sections[debug_info].compressed_name;
+   msec = bfd_get_section_by_name (abfd, look);
+-  if (msec != NULL)
++  if (msec != NULL && (msec->flags & SEC_HAS_CONTENTS) != 0)
+ return msec;
+ 
+   for (msec = abfd->sections; msec != NULL; msec = msec->next)
+-  if (startswith (msec->name, GNU_LINKONCE_INFO))
++  if ((msec->flags & SEC_HAS_CONTENTS) != 0
++  && startswith (msec->name, GNU_LINKONCE_INFO))
+ return msec;
+ 
+   return NULL;
+@@ -4848,6 +4851,9 @@ find_debug_info (bfd *abfd, const struct 
dwarf_debug_section *debug_sections,
+ 
+   for (msec = after_sec->next; msec != NULL; msec = msec->next)
+ {
++  if ((msec->flags & SEC_HAS_CONTENTS) == 0)
++  continue;
++
+   look = debug_sections[debug_info].uncompressed_name;
+   if (strcmp (msec->name, look) == 0)
+   return msec;
-- 
2.42.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190968): 
https://lists.openembedded.org/g/openembedded-core/message/190968
Mute This Topic: https://lists.openembedded.org/mt/102726684/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] oeqa/selftest/debuginfod: improve selftest

[Ross Burton]

From: Ross Burton 

This test was occasionally failing for no obvious reason, so refactor
and improve:

- While waiting for the daemon, check that it is still running and
  explicitly timeout after 10s when making the HTTP call.

- While waiting for the daemon to be ready, log the current state of the
  daemon so we can tell if we're timing out as it is still scanning.

- This was in fact the cause of the intermittant failures, because the
  TMPDIR is reused between tests and may contain a large number of
  packages. Do the tests in an isolated TMPDIR to hopefully mitigate this
  issue.

- Decorate the test using runqemu as such so that can be skipped in
  environments without runqemu

- Add a second test that doesn't use runqemu or images, which is faster
  but less realistic.

Signed-off-by: Ross Burton 
---
 meta/lib/oeqa/selftest/cases/debuginfod.py | 122 +++--
 1 file changed, 87 insertions(+), 35 deletions(-)

diff --git a/meta/lib/oeqa/selftest/cases/debuginfod.py 
b/meta/lib/oeqa/selftest/cases/debuginfod.py
index 37f51760fbc..d0a8941aa06 100644
--- a/meta/lib/oeqa/selftest/cases/debuginfod.py
+++ b/meta/lib/oeqa/selftest/cases/debuginfod.py
@@ -6,7 +6,11 @@
 import os
 import socketserver
 import subprocess
+import time
+import urllib
+import pathlib
 
+from oeqa.core.decorator import OETestTag
 from oeqa.selftest.case import OESelftestTestCase
 from oeqa.utils.commands import bitbake, get_bb_var, runqemu
 
@@ -21,39 +25,54 @@ class Debuginfod(OESelftestTestCase):
 Request the metrics endpoint periodically and wait for there to be no
 busy scanning threads.
 
-Returns True if debuginfod is ready, False if we timed out
+Returns if debuginfod is ready, raises an exception if not within the
+timeout.
 """
-import time, urllib
 
 # Wait a minute
-countdown = 6
-delay = 10
+countdown = 12
+delay = 5
+latest = None
 
 while countdown:
+self.logger.info("waiting...")
 time.sleep(delay)
+
+self.logger.info("polling server")
+if self.debuginfod.poll():
+self.logger.info("server dead")
+self.debuginfod.communicate()
+self.fail("debuginfod terminated unexpectedly")
+self.logger.info("server alive")
+
 try:
-with urllib.request.urlopen("http://localhost:%d/metrics"; % 
port) as f:
-lines = f.read().decode("ascii").splitlines()
-if "thread_busy{role=\"scan\"} 0" in lines:
-return True
+with urllib.request.urlopen("http://localhost:%d/metrics"; % 
port, timeout=10) as f:
+for line in f.read().decode("ascii").splitlines():
+key, value = line.rsplit(" ", 1)
+if key == "thread_busy{role=\"scan\"}":
+latest = int(value)
+self.logger.info("Waiting for %d scan jobs to 
finish" % latest)
+if latest == 0:
+return
 except urllib.error.URLError as e:
+# TODO: how to catch just timeouts?
 self.logger.error(e)
+
 countdown -= 1
-return False
 
+raise TimeoutError("Cannot connect debuginfod, still %d scan jobs 
running" % latest)
 
-def test_debuginfod(self):
-self.write_config(
-"""
-DISTRO_FEATURES:append = " debuginfod"
-CORE_IMAGE_EXTRA_INSTALL += "elfutils"
-"""
-)
-bitbake("core-image-minimal elfutils-native:do_addto_recipe_sysroot")
+def start_debuginfod(self):
+# We assume that the caller has already bitbake'd 
elfutils-native:do_addto_recipe_sysroot
+
+# Save some useful paths for later
+native_sysroot = pathlib.Path(get_bb_var("RECIPE_SYSROOT_NATIVE", 
"elfutils-native"))
+native_bindir = native_sysroot / "usr" / "bin"
+self.debuginfod = native_bindir / "debuginfod"
+self.debuginfod_find = native_bindir / "debuginfod-find"
 
-native_sysroot = get_bb_var("RECIPE_SYSROOT_NATIVE", "elfutils-native")
 cmd = [
-os.path.join(native_sysroot, "usr", "bin", "debuginfod"),
+self.debuginfod,
 "--verbose",
 # In-memory database, this is a one-shot test
 "--database=:memory:",
@@ -76,31 +95,64 @@ CORE_IMAGE_EXTRA_INSTALL += "elfutils"
 else:
 self.fail("Unknown package class %s" % format)
 
-# Find a free port
+# Find a free port. Racey but the window is small.
 with socketserver.TCPServer(("localhost", 0), None) as s:
-port = s.server_address[1]
-cmd.append("--port=%d" % port)
+self.port = s.server_address[1]
+cmd.append("--port=%d" % self.port)
+
+self.logger.info(f

Re: [OE-core] [PATCH 2/2] cmake.bbclass: optionally support qemu

[Alexander Kanavin]

On Tue, 21 Nov 2023 at 12:12, Jose Quaresma  wrote:
>> I was using it for running Unit Tests on the host before I deployed
>> them to the target device as ptest. This worked well. It is well
>> integrated with cmake and therefore also with IDEs. So I thought that
>> there are certain use cases where it would be nice to have it opt-in.
>>
>> meson offers qemu-user as well (because of gobject). So if qemu-user is
>> not usable there will be other challenges as well.
>>
>> There is also a MACHINE_FEATURE which allows to support it for ARCHs
>> where it works well but not for ARCHs where qemu-user is known to be
>> broken.
>>
>> I think it would be a nice optional feature.
>
>
> I agree without any doubt on that part.
>
> But I believe this doesn't work for applications that are using the fork 
> system call.
> So consider this will also break any ptest using fork, giving the wrong 
> impression the test is failing.

I think this needs to be double checked. I find it odd that qemu
usermode would fail on such a basic thing, and it would not show up
anywhere in places where it's used in core (not just g-i - all the
various postinst utilities for generating indexes etc.).

Alex

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190965): 
https://lists.openembedded.org/g/openembedded-core/message/190965
Mute This Topic: https://lists.openembedded.org/mt/102708283/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH 2/2] cmake.bbclass: optionally support qemu

[Jose Quaresma]

 escreveu no dia segunda, 20/11/2023 à(s) 18:41:

> > >
> > > Are you sure this works in the majority of scenarios?
> > > Last time I worked on this qemu user mode failed to run
> > > multithreading applications.
> > >
> >
> >
> > Sorry, I was wrong above.
> > The issue was not multithreading but with the fork system call.
> >
>
> Hi Jose
>
> I was using it for running Unit Tests on the host before I deployed
> them to the target device as ptest. This worked well. It is well
> integrated with cmake and therefore also with IDEs. So I thought that
> there are certain use cases where it would be nice to have it opt-in.
>
> meson offers qemu-user as well (because of gobject). So if qemu-user is
> not usable there will be other challenges as well.
>
> There is also a MACHINE_FEATURE which allows to support it for ARCHs
> where it works well but not for ARCHs where qemu-user is known to be
> broken.
>
> I think it would be a nice optional feature.
>

I agree without any doubt on that part.

But I believe this doesn't work for applications that are using the fork
system call.
So consider this will also break any ptest using fork, giving the
wrong impression the test is failing.

Here is my attempt to add support in meson to run the ptest at build time.
https://lists.openembedded.org/g/openembedded-core/topic/89289917

Jose


>
> Regards,
> Adrian
>


-- 
Best regards,

José Quaresma

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190964): 
https://lists.openembedded.org/g/openembedded-core/message/190964
Mute This Topic: https://lists.openembedded.org/mt/102708283/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [Kirkstone] joe editor broken with current ncurses

[Alexander Kanavin]

I think bumping to 6.4 is the best option. Unfortunately stable branch
policy prevents that going into oe-core.

Note that the various date-versioned patchlevels are all development
snapshots. We used to think they're actual releases and ship them, but
it's finally been corrected in master.

Alex

On Tue, 21 Nov 2023 at 11:23,  wrote:
>
> Hello,
>
> I'm currently facing some problems with seem to originate from version bump 
> of ncurses done in May this year. The problem manifests itself in 
> applications using ncurses rendering garbage and "destroying" the terminal. 
> I.e. you need to issue a terminal reset afterwards to make it usable again. 
> The editor joe is affected, but according to other reports tmux as well.
>
> It seems like this problem is known. E.g. the Gentoo bugtracker has some 
> entries that analyse the problem, see here:
> https://bugs.gentoo.org/904247
> https://bugs.gentoo.org/904263
>
> Gentoo currently provides two ncurses version in their repo, 6.4_p20230401 
> and 6.4_p20230527, where the latter one is masked because of this issue.
>
> It appears that openembedded-core/kirkstone suffers from the same problem 
> (even though only A 6.3 version of ncurses is used). I'm currently using 
> commit 56503e3e80603de3b69acef2f6d32836bc9e5e5d of the layer (from end of 
> October, so faily recent).
>
> As a test I have reverted the following commits:
> 4d79b1cc4178ba88830bab59a45163bbddf586ce (ncurses: fix CVE-2023-29491)
> 862c1b109cf8f31522a250cc9ff4146fe526450c (ncurses: update to patchlevel 
> 20220423)
>
> This restore functionality of joe, but of course leaves the system vulnerable 
> to the corresponding CVEs. I'm not sure on how to proceed here. joe is a 
> commonly used editor on our systems and I really don't want to leave it in a 
> broken state (as some developers in our team depend on it). At the same time 
> I don't want to leave known CVEs unpatched.
>
> I'm thinking about bumping ncurses to the (apparently unaffected?) 6.4 
> version that Gentoo currently ships and put the .bb in our custom layer for 
> the time being. I don't know how well that would work though.
>
> Are there any plans for a version bump in the Kirkstone branch?
>
> With best wishes,
> Tobias
> 
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190963): 
https://lists.openembedded.org/g/openembedded-core/message/190963
Mute This Topic: https://lists.openembedded.org/mt/102726054/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [Kirkstone] joe editor broken with current ncurses

[tobias . jakobi]

Hello,

I'm currently facing some problems with seem to originate from version bump of 
ncurses done in May this year. The problem manifests itself in applications 
using ncurses rendering garbage and "destroying" the terminal. I.e. you need to 
issue a terminal reset afterwards to make it usable again. The editor joe is 
affected, but according to other reports tmux as well.

It seems like this problem is known. E.g. the Gentoo bugtracker has some 
entries that analyse the problem, see here:
https://bugs.gentoo.org/904247
https://bugs.gentoo.org/904263

Gentoo currently provides two ncurses version in their repo, 6.4_p20230401 and 
6.4_p20230527, where the latter one is masked because of this issue.

It appears that openembedded-core/kirkstone suffers from the same problem (even 
though only A 6.3 version of ncurses is used). I'm currently using commit 
56503e3e80603de3b69acef2f6d32836bc9e5e5d of the layer (from end of October, so 
faily recent).

As a test I have reverted the following commits:
4d79b1cc4178ba88830bab59a45163bbddf586ce (ncurses: fix CVE-2023-29491)
862c1b109cf8f31522a250cc9ff4146fe526450c (ncurses: update to patchlevel 
20220423)

This restore functionality of joe, but of course leaves the system vulnerable 
to the corresponding CVEs. I'm not sure on how to proceed here. joe is a 
commonly used editor on our systems and I really don't want to leave it in a 
broken state (as some developers in our team depend on it). At the same time I 
don't want to leave known CVEs unpatched.

I'm thinking about bumping ncurses to the (apparently unaffected?) 6.4 version 
that Gentoo currently ships and put the .bb in our custom layer for the time 
being. I don't know how well that would work though.

Are there any plans for a version bump in the Kirkstone branch?

With best wishes,
Tobias

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190962): 
https://lists.openembedded.org/g/openembedded-core/message/190962
Mute This Topic: https://lists.openembedded.org/mt/102726054/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][PATCH] libxcrypt: fixed some build error for nativesdk with mingw

[wenlin.k...@windriver.com via lists.openembedded.org]

From: Wenlin Kang 

Steps to reproduce
  1) add layer meta-mingw
  2) add line in local.conf
 SDKMACHINE = "x86_64-mingw32"
  3) bitbake nativesdk-libxcrypt

Fixed:
1. pedantic error
  | ../git/lib/crypt.c:316:24: error: ISO C does not allow extra ';' outside of 
a function [-Werror=pedantic]
  |   316 | SYMVER_crypt_gensalt_rn;
  |   |

2. conversion error
  | ../git/lib/util-get-random-bytes.c: In function '_crypt_get_random_bytes':
  | ../git/lib/util-get-random-bytes.c:140:42: error: conversion from 'size_t' 
{aka 'long long unsigned int'} to 'unsigned int' may change value 
[-Werror=conversion]
  |   140 |   ssize_t nread = read (fd, buf, buflen);

Signed-off-by: Wenlin Kang 
---
 ...dom-bytes.c-fixed-conversion-error-w.patch | 47 +++
 meta/recipes-core/libxcrypt/libxcrypt.inc |  6 ++-
 2 files changed, 52 insertions(+), 1 deletion(-)
 create mode 100644 
meta/recipes-core/libxcrypt/files/0001-lib-util-get-random-bytes.c-fixed-conversion-error-w.patch

diff --git 
a/meta/recipes-core/libxcrypt/files/0001-lib-util-get-random-bytes.c-fixed-conversion-error-w.patch
 
b/meta/recipes-core/libxcrypt/files/0001-lib-util-get-random-bytes.c-fixed-conversion-error-w.patch
new file mode 100644
index 00..3846f76674
--- /dev/null
+++ 
b/meta/recipes-core/libxcrypt/files/0001-lib-util-get-random-bytes.c-fixed-conversion-error-w.patch
@@ -0,0 +1,47 @@
+From ff99091eb8a6b9e6edc567f6d2552183fbaacec3 Mon Sep 17 00:00:00 2001
+From: Wenlin Kang 
+Date: Mon, 6 Nov 2023 14:43:28 +0800
+Subject: [PATCH] lib/util-get-random-bytes.c: fixed conversion error with
+ mingw
+
+With x86_64-w64-mingw32-gcc. get below error:
+| ../git/lib/util-get-random-bytes.c: In function '_crypt_get_random_bytes':
+| ../git/lib/util-get-random-bytes.c:140:42: error: conversion from 'size_t' 
{aka 'long long unsigned int'} to 'unsigned int' may change value 
[-Werror=conversion]
+|   140 |   ssize_t nread = read (fd, buf, buflen);
+|   |  ^~
+
+In util-get-random-bytes.c, has get_random_bytes(void *buf, size_t buflen),
+but in mingw-w64-mingw-w64/mingw-w64-headers/crt/io.h, read() has "unsigned 
int"
+read(int _FileHandle,void *_DstBuf,unsigned int _MaxCharCount), and has:
+ #ifdef _WIN64
+   __MINGW_EXTENSION typedef unsigned __int64 size_t;
+ #else
+   typedef unsigned int size_t;
+ #endif /* _WIN64 */
+
+Upstream-Status: Pending
+
+Signed-off-by: Wenlin Kang 
+---
+ lib/util-get-random-bytes.c | 4 
+ 1 file changed, 4 insertions(+)
+
+diff --git a/lib/util-get-random-bytes.c b/lib/util-get-random-bytes.c
+index 79816db..68cd378 100644
+--- a/lib/util-get-random-bytes.c
 b/lib/util-get-random-bytes.c
+@@ -137,7 +137,11 @@ get_random_bytes(void *buf, size_t buflen)
+ dev_urandom_doesnt_work = true;
+   else
+ {
++#ifdef _WIN64
++  ssize_t nread = read (fd, buf, (unsigned int)buflen);
++#else
+   ssize_t nread = read (fd, buf, buflen);
++#endif
+   if (nread < 0 || (size_t)nread < buflen)
+ dev_urandom_doesnt_work = true;
+ 
+-- 
+2.25.1
+
diff --git a/meta/recipes-core/libxcrypt/libxcrypt.inc 
b/meta/recipes-core/libxcrypt/libxcrypt.inc
index ba93d91aef..b93d56b4dc 100644
--- a/meta/recipes-core/libxcrypt/libxcrypt.inc
+++ b/meta/recipes-core/libxcrypt/libxcrypt.inc
@@ -13,7 +13,9 @@ SRC_URI = 
"git://github.com/besser82/libxcrypt.git;branch=${SRCBRANCH};protocol=
 SRCREV = "f531a36aa916a22ef2ce7d270ba381e264250cbf"
 SRCBRANCH ?= "master"
 
-SRC_URI += "file://fix_cflags_handling.patch"
+SRC_URI += "file://fix_cflags_handling.patch \
+
file://0001-lib-util-get-random-bytes.c-fixed-conversion-error-w.patch \
+   "
 
 PROVIDES = "virtual/crypt"
 
@@ -26,4 +28,6 @@ CPPFLAGS:append:class-nativesdk = " -Wno-error"
 API = "--disable-obsolete-api"
 EXTRA_OECONF += "${API}"
 
+CFLAGS:append:class-nativesdk = " -Wno-pedantic"
+
 BBCLASSEXTEND = "native nativesdk"
-- 
2.39.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190961): 
https://lists.openembedded.org/g/openembedded-core/message/190961
Mute This Topic: https://lists.openembedded.org/mt/102725680/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone][PATCH] libxcrypt: fixed some build error for nativesdk with mingw

[wenlin.k...@windriver.com via lists.openembedded.org]

From: Wenlin Kang 

Steps to reproduce
  1) add layer meta-mingw
  2) add line in local.conf
 SDKMACHINE = "x86_64-mingw32"
  3) bitbake nativesdk-libxcrypt

Fixed:
1. .symver error
  | {standard input}: Assembler messages:
  | {standard input}:4: Error: unknown pseudo-op: `.symver'

2. pedantic error
  | ../git/lib/crypt.c:316:24: error: ISO C does not allow extra ';' outside of 
a function [-Werror=pedantic]
  |   316 | SYMVER_crypt_gensalt_rn;
  |   |

3. conversion error
  | ../git/lib/util-get-random-bytes.c: In function '_crypt_get_random_bytes':
  | ../git/lib/util-get-random-bytes.c:140:42: error: conversion from 'size_t' 
{aka 'long long unsigned int'} to 'unsigned int' may change value 
[-Werror=conversion]
  |   140 |   ssize_t nread = read (fd, buf, buflen);

Signed-off-by: Wenlin Kang 
---
 .../0001-Fix-for-compilation-on-Windows.patch | 37 +++
 ...dom-bytes.c-fixed-conversion-error-w.patch | 47 +++
 meta/recipes-core/libxcrypt/libxcrypt.inc |  4 ++
 3 files changed, 88 insertions(+)
 create mode 100644 
meta/recipes-core/libxcrypt/files/0001-Fix-for-compilation-on-Windows.patch
 create mode 100644 
meta/recipes-core/libxcrypt/files/0001-lib-util-get-random-bytes.c-fixed-conversion-error-w.patch

diff --git 
a/meta/recipes-core/libxcrypt/files/0001-Fix-for-compilation-on-Windows.patch 
b/meta/recipes-core/libxcrypt/files/0001-Fix-for-compilation-on-Windows.patch
new file mode 100644
index 00..5760ee09cc
--- /dev/null
+++ 
b/meta/recipes-core/libxcrypt/files/0001-Fix-for-compilation-on-Windows.patch
@@ -0,0 +1,37 @@
+From a507b628a5a5d4e4f1cf0f0a9a72967470ee7624 Mon Sep 17 00:00:00 2001
+From: Brecht Sanders 
+Date: Fri, 3 Feb 2023 08:44:49 +0100
+Subject: [PATCH] Fix for compilation on Windows
+
+This fix allows the library to build on Windows (at least with MinGW-w64).
+
+`.symver` is only supported for ELF format but Windows uses COFF/PE.
+
+Workaround dummy define of `symver_set()`
+
+Upstream-Status: Backport 
[https://github.com/besser82/libxcrypt/commit/a507b628a5a5d4e4f1cf0f0a9a72967470ee7624]
+
+Signed-off-by: Wenlin Kang 
+---
+ lib/crypt-port.h | 5 +
+ 1 file changed, 5 insertions(+)
+
+diff --git a/lib/crypt-port.h b/lib/crypt-port.h
+index f06ca24..a707939 100644
+--- a/lib/crypt-port.h
 b/lib/crypt-port.h
+@@ -201,6 +201,11 @@ extern size_t strcpy_or_abort (void *dst, size_t d_size, 
const void *src);
+   __asm__(".globl _" extstr);   \
+   __asm__(".set _" extstr ", _" #intname)
+ 
++#elif defined _WIN32
++
++/* .symver is only supported for ELF format, Windows uses COFF/PE */
++# define symver_set(extstr, intname, version, mode)
++
+ #elif defined __GNUC__ && __GNUC__ >= 3
+ 
+ # define _strong_alias(name, aliasname) \
+-- 
+2.34.1
+
diff --git 
a/meta/recipes-core/libxcrypt/files/0001-lib-util-get-random-bytes.c-fixed-conversion-error-w.patch
 
b/meta/recipes-core/libxcrypt/files/0001-lib-util-get-random-bytes.c-fixed-conversion-error-w.patch
new file mode 100644
index 00..3846f76674
--- /dev/null
+++ 
b/meta/recipes-core/libxcrypt/files/0001-lib-util-get-random-bytes.c-fixed-conversion-error-w.patch
@@ -0,0 +1,47 @@
+From ff99091eb8a6b9e6edc567f6d2552183fbaacec3 Mon Sep 17 00:00:00 2001
+From: Wenlin Kang 
+Date: Mon, 6 Nov 2023 14:43:28 +0800
+Subject: [PATCH] lib/util-get-random-bytes.c: fixed conversion error with
+ mingw
+
+With x86_64-w64-mingw32-gcc. get below error:
+| ../git/lib/util-get-random-bytes.c: In function '_crypt_get_random_bytes':
+| ../git/lib/util-get-random-bytes.c:140:42: error: conversion from 'size_t' 
{aka 'long long unsigned int'} to 'unsigned int' may change value 
[-Werror=conversion]
+|   140 |   ssize_t nread = read (fd, buf, buflen);
+|   |  ^~
+
+In util-get-random-bytes.c, has get_random_bytes(void *buf, size_t buflen),
+but in mingw-w64-mingw-w64/mingw-w64-headers/crt/io.h, read() has "unsigned 
int"
+read(int _FileHandle,void *_DstBuf,unsigned int _MaxCharCount), and has:
+ #ifdef _WIN64
+   __MINGW_EXTENSION typedef unsigned __int64 size_t;
+ #else
+   typedef unsigned int size_t;
+ #endif /* _WIN64 */
+
+Upstream-Status: Pending
+
+Signed-off-by: Wenlin Kang 
+---
+ lib/util-get-random-bytes.c | 4 
+ 1 file changed, 4 insertions(+)
+
+diff --git a/lib/util-get-random-bytes.c b/lib/util-get-random-bytes.c
+index 79816db..68cd378 100644
+--- a/lib/util-get-random-bytes.c
 b/lib/util-get-random-bytes.c
+@@ -137,7 +137,11 @@ get_random_bytes(void *buf, size_t buflen)
+ dev_urandom_doesnt_work = true;
+   else
+ {
++#ifdef _WIN64
++  ssize_t nread = read (fd, buf, (unsigned int)buflen);
++#else
+   ssize_t nread = read (fd, buf, buflen);
++#endif
+   if (nread < 0 || (size_t)nread < buflen)
+ dev_urandom_doesnt_work = true;
+ 
+-- 
+2.25.1
+
diff --git a/meta/recipes-core/libxcrypt/libxcrypt.inc 
b/meta/recipes-core/libxcrypt/libxcr

Re: [OE-core] [PATCH v8 3/8] image-combined-dbg: make this the default

[Enguerrand de Ribaucourt]

While the debug-only rootfs is not usable by itself, changing the way it's 
currently combined (from the doc) could produce unintended side effects.
Check out this post for explanations: 
https://lists.openembedded.org/g/openembedded-core/message/190490

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190959): 
https://lists.openembedded.org/g/openembedded-core/message/190959
Mute This Topic: https://lists.openembedded.org/mt/102316026/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [hardknott] [PATCH 1/2] libtirpc: add support for configuring and building with --enable-gssapi

[Anuj Mittal]

Is this for hardknott? That release isn't maintained anymore.

Thanks,

Anuj

On Mon, 2023-11-20 at 23:24 +0200, Stefan Ghinea via
lists.openembedded.org wrote:
> nfs-utils with gss and svcgss has libtirpc configured with gssapi
> option
> as a dependency.
> 
> Signed-off-by: Stefan Ghinea 
> ---
>  meta/recipes-extended/libtirpc/libtirpc_1.3.1.bb | 6 +-
>  1 file changed, 5 insertions(+), 1 deletion(-)
> 
> diff --git a/meta/recipes-extended/libtirpc/libtirpc_1.3.1.bb
> b/meta/recipes-extended/libtirpc/libtirpc_1.3.1.bb
> index 32fb651130..5ae91b6df3 100644
> --- a/meta/recipes-extended/libtirpc/libtirpc_1.3.1.bb
> +++ b/meta/recipes-extended/libtirpc/libtirpc_1.3.1.bb
> @@ -18,7 +18,11 @@ SRC_URI[sha256sum] =
> "245895caf066bec5e3d4375942c8cb4366adad184c29c618d97f724ea3
>  
>  inherit autotools pkgconfig
>  
> -EXTRA_OECONF = "--disable-gssapi"
> +PACKAGECONFIG ??= "\
> +    ${@bb.utils.filter('DISTRO_FEATURES', 'krb5', d)} \
> +"
> +# krb5 is available in meta-oe
> +PACKAGECONFIG[krb5] = "--enable-gssapi,--disable-gssapi,krb5"
>  
>  do_install_append() {
> chown root:root ${D}${sysconfdir}/netconfig
> 
> 
> 


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190958): 
https://lists.openembedded.org/g/openembedded-core/message/190958
Mute This Topic: https://lists.openembedded.org/mt/102716185/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH] vscode: add minimal configuration

[Enguerrand de Ribaucourt]

Hello Adrian,

It's a nice idea to have VSCode settings for users who want to edit poky for 
the reasons you mention!
I think it would be nice to have such a configuration as a reference in the 
vscode-bitbake documentation as well. You could event contribute it yourself if 
you wish 
https://github.com/yoctoproject/vscode-bitbake/blob/staging/client/README.md

A few suggestions follow.
Best Regards,

>
> It is essential to configure VSCode indexer plugins to ignore the build
> folder of bitbake. Otherwise, the indexer plugins run with 100% CPU load
> until an OOM exception occurs. In practice, this makes VSCode more or
> less unusable for working with Yocto until a file like the one added by
> this commit is deployed before VSCode starts. From the user's point of
> view, it is not obvious why the system runs at 100% CPU load and
> eventually crashes.
> 
> It is even more misleading that VSCode starts the indexers immediately,
> but does not stop or reconfigure them when the ignore list is updated.
> In practice, this means that every time the ignore list is changed,
> VSCode immediately starts indexing the build folder until the OOM
> exception stops it. Depending on the system's OOM handler, the entire
> build machine may crash.
> Particularly annoying is the Python plugin that ignores the general
> ignore list and requires an extra ignore section.
> 
> The settings are suitable for workflows like bitbake, devtool modify,
> devtool reset. The settings are not intended to work on the source code
> of a recipe. It is assumed that a separate instance of VSCode is used
> per workspace folder. These per workspace instances can have different
> settings depending on the details of the sources that come with the
> recipe.
> 
> VSCode can change the contents of the .vscode folder, which often leads
> to a dirty git status. Normally, these changes are not added to git.
> Otherwise, -f can be used to add them explicitly. It is not perfect if
> the folder is listed in .gitignore. But it is also not better if it is
> not.
Yes exactly. However I tend to not have the .vscode in .gitignore since it's 
actually versioned. 
> 
> Signed-off-by: Adrian Freihofer 
> ---
>  .gitignore|  2 ++
>  .vscode/settings.json | 32 
>  2 files changed, 34 insertions(+)
>  create mode 100644 .vscode/settings.json
> 
> diff --git a/.gitignore b/.gitignore
> index 8f48d452da..f6ce090b5f 100644
> --- a/.gitignore
> +++ b/.gitignore
> @@ -36,3 +36,5 @@ _toaster_clones/
>  downloads/
>  sstate-cache/
>  toaster.sqlite
> +.vscode/
> +vscode-bitbake-build/
> diff --git a/.vscode/settings.json b/.vscode/settings.json
> new file mode 100644
> index 00..517a86d1bf
> --- /dev/null
> +++ b/.vscode/settings.json
> @@ -0,0 +1,32 @@
> +{
> +"files.watcherExclude": {
> +"**/.git/**": true,
> +"**/cache/**": true,
> +"**/tmp*/**": true,
> +"**/downloads/**": true,
> +"**/sstate-cache/**": true,
> +"**/vscode-bitbake-build/**": true,
vscode-bitbake-build looks to be a build folder generated by the vscode-bitbake 
extension? However the newer versions will have a configurable build directory. 
Usually, users will probably use the default build directory created by 
oe-init-build-env which is just `build`. I suggest to rather ignore that one?
> +"**/workspace/sources/**": true,
> +"**/workspace/attic/**": true
> +},
> +"files.exclude": {
> +"**/.git/**": true,
> +"**/cache/**": true,
> +"**/tmp*/**": true,
> +"**/downloads/**": true,
> +"**/sstate-cache/**": true,
> +"**/vscode-bitbake-build/**": true,
> +"**/workspace/sources/**": true,
> +"**/workspace/attic/**": true
I personally like to browse into the build tree through VSCode. The 
files.exclude settings would remove all the build tree from the explorer so it 
would break my use case. The build directory does not take a lot of space 
either so I don't think your point is to hide it, but rather you are doing that 
to reduce CPU usage. In my case, the CPU usage comes from the c_cpp extension 
constantly parsing every .c file in the build tree. The files.exclude setting 
does stop this behavior. However, the alternative I employ for this is to 
ignore the build tree in the more specific C_Cpp.files.exclude setting. It 
should have the same effect.

"C_Cpp.files.exclude": {
"**/build": true,
"**/.vscode": true,
"**/.vs": true
},

Once again, the build directory name depends on how eo-init-build-env was 
called.
> +},
> +"python.analysis.exclude": [
> +"**/.git/**",
> +"**/cache/**",
> +"**/tmp*/**",
> +"**/downloads/**",
> +"**/sstate-cache/**",
> +"**/vscode-bitbake-build/**",
You could also consider using the default build directory name here.
> +"**/workspace/sources/**",
> +"**/workspace/attic/**"
> +]
> +

Re: [OE-core] [PATCH 01/11] gstreamer1.0: upgrade 1.22.6 -> 1.22.7

[Alexander Kanavin]

Thanks for this set, much appreciated!

Alex

On Tue, 21 Nov 2023 at 02:34, Anuj Mittal  wrote:
>
> Signed-off-by: Anuj Mittal 
> ---
>  .../{gst-devtools_1.22.6.bb => gst-devtools_1.22.7.bb}  | 2 +-
>  ...streamer1.0-libav_1.22.6.bb => gstreamer1.0-libav_1.22.7.bb} | 2 +-
>  .../{gstreamer1.0-omx_1.22.6.bb => gstreamer1.0-omx_1.22.7.bb}  | 2 +-
>  ...plugins-bad_1.22.6.bb => gstreamer1.0-plugins-bad_1.22.7.bb} | 2 +-
>  ...ugins-base_1.22.6.bb => gstreamer1.0-plugins-base_1.22.7.bb} | 2 +-
>  ...ugins-good_1.22.6.bb => gstreamer1.0-plugins-good_1.22.7.bb} | 2 +-
>  ...ugins-ugly_1.22.6.bb => gstreamer1.0-plugins-ugly_1.22.7.bb} | 2 +-
>  ...reamer1.0-python_1.22.6.bb => gstreamer1.0-python_1.22.7.bb} | 2 +-
>  ...rtsp-server_1.22.6.bb => gstreamer1.0-rtsp-server_1.22.7.bb} | 2 +-
>  ...streamer1.0-vaapi_1.22.6.bb => gstreamer1.0-vaapi_1.22.7.bb} | 2 +-
>  .../{gstreamer1.0_1.22.6.bb => gstreamer1.0_1.22.7.bb}  | 2 +-
>  11 files changed, 11 insertions(+), 11 deletions(-)
>  rename meta/recipes-multimedia/gstreamer/{gst-devtools_1.22.6.bb => 
> gst-devtools_1.22.7.bb} (95%)
>  rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-libav_1.22.6.bb => 
> gstreamer1.0-libav_1.22.7.bb} (91%)
>  rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-omx_1.22.6.bb => 
> gstreamer1.0-omx_1.22.7.bb} (95%)
>  rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-plugins-bad_1.22.6.bb 
> => gstreamer1.0-plugins-bad_1.22.7.bb} (98%)
>  rename 
> meta/recipes-multimedia/gstreamer/{gstreamer1.0-plugins-base_1.22.6.bb => 
> gstreamer1.0-plugins-base_1.22.7.bb} (98%)
>  rename 
> meta/recipes-multimedia/gstreamer/{gstreamer1.0-plugins-good_1.22.6.bb => 
> gstreamer1.0-plugins-good_1.22.7.bb} (97%)
>  rename 
> meta/recipes-multimedia/gstreamer/{gstreamer1.0-plugins-ugly_1.22.6.bb => 
> gstreamer1.0-plugins-ugly_1.22.7.bb} (94%)
>  rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-python_1.22.6.bb => 
> gstreamer1.0-python_1.22.7.bb} (91%)
>  rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-rtsp-server_1.22.6.bb 
> => gstreamer1.0-rtsp-server_1.22.7.bb} (90%)
>  rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-vaapi_1.22.6.bb => 
> gstreamer1.0-vaapi_1.22.7.bb} (95%)
>  rename meta/recipes-multimedia/gstreamer/{gstreamer1.0_1.22.6.bb => 
> gstreamer1.0_1.22.7.bb} (97%)
>
> diff --git a/meta/recipes-multimedia/gstreamer/gst-devtools_1.22.6.bb 
> b/meta/recipes-multimedia/gstreamer/gst-devtools_1.22.7.bb
> similarity index 95%
> rename from meta/recipes-multimedia/gstreamer/gst-devtools_1.22.6.bb
> rename to meta/recipes-multimedia/gstreamer/gst-devtools_1.22.7.bb
> index 90bbd9c7336..b545f020cf8 100644
> --- a/meta/recipes-multimedia/gstreamer/gst-devtools_1.22.6.bb
> +++ b/meta/recipes-multimedia/gstreamer/gst-devtools_1.22.7.bb
> @@ -12,7 +12,7 @@ SRC_URI = 
> "https://gstreamer.freedesktop.org/src/gst-devtools/gst-devtools-${PV}
> file://0001-connect-has-a-different-signature-on-musl.patch \
> "
>
> -SRC_URI[sha256sum] = 
> "8928560efaf16137c30285e718708e5d0bab0777eb4ef8127e0274e120d3d86b"
> +SRC_URI[sha256sum] = 
> "157cf93fb2741cf0c3dea731be3af2ffae703c9f2cd3c0c91b380fbc685eb9f9"
>
>  DEPENDS = "json-glib glib-2.0 glib-2.0-native gstreamer1.0 
> gstreamer1.0-plugins-base"
>  RRECOMMENDS:${PN} = "git"
> diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.22.6.bb 
> b/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.22.7.bb
> similarity index 91%
> rename from meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.22.6.bb
> rename to meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.22.7.bb
> index 8906556b44b..7169223636a 100644
> --- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.22.6.bb
> +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.22.7.bb
> @@ -12,7 +12,7 @@ LIC_FILES_CHKSUM = 
> "file://COPYING;md5=69333daa044cb77e486cc36129f7a770 \
>  "
>
>  SRC_URI = 
> "https://gstreamer.freedesktop.org/src/gst-libav/gst-libav-${PV}.tar.xz";
> -SRC_URI[sha256sum] = 
> "7789e6408388a25f23cbf948cfc5c6230d735bbcd8b7f37f4a01c9e348a1e3a7"
> +SRC_URI[sha256sum] = 
> "1525b917141b895fe5cf618fe8867622b2528278a0286e9f727b5f37317daca1"
>
>  S = "${WORKDIR}/gst-libav-${PV}"
>
> diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.22.6.bb 
> b/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.22.7.bb
> similarity index 95%
> rename from meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.22.6.bb
> rename to meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.22.7.bb
> index 2579aa3d661..ad40cf5513b 100644
> --- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.22.6.bb
> +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.22.7.bb
> @@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = 
> "file://COPYING;md5=4fbd65380cdd255951079008b364516c \
>
>  SRC_URI = 
> "https://gstreamer.freedesktop.org/src/gst-omx/gst-omx-${PV}.tar.xz";
>
> -SRC_URI[sha256sum] = 
> "223833c42518ad7eb1923bb4dd3726809f59a66d6e

Re: [OE-core] Patchtest results for [PATCH] vulkan: upgrade 1.3.261.1 -> 1.3.268.0

[Alexander Kanavin]

Looks like another corner case issue - a new recipe is being added,
which seems to be mistaken for changing a license in existing recipe.

Alex


On Tue, 21 Nov 2023 at 06:48, Patchtest
 wrote:
>
> Thank you for your submission. Patchtest identified one
> or more issues with the patch. Please see the log below for
> more information:
>
> ---
> Testing patch 
> /home/patchtest/share/mboxes/vulkan-upgrade-1.3.261.1---1.3.268.0.patch
>
> FAIL: test lic files chksum modified not mentioned: LIC_FILES_CHKSUM changed 
> without "License-Update:" tag and description in commit message 
> (test_metadata.TestMetadata.test_lic_files_chksum_modified_not_mentioned)
>
> PASS: pretest src uri left files 
> (test_metadata.TestMetadata.pretest_src_uri_left_files)
> PASS: test Signed-off-by presence 
> (test_mbox.TestMbox.test_signed_off_by_presence)
> PASS: test author valid (test_mbox.TestMbox.test_author_valid)
> PASS: test commit message presence 
> (test_mbox.TestMbox.test_commit_message_presence)
> PASS: test lic files chksum presence 
> (test_metadata.TestMetadata.test_lic_files_chksum_presence)
> PASS: test license presence (test_metadata.TestMetadata.test_license_presence)
> PASS: test max line length (test_metadata.TestMetadata.test_max_line_length)
> PASS: test mbox format (test_mbox.TestMbox.test_mbox_format)
> PASS: test non-AUH upgrade (test_mbox.TestMbox.test_non_auh_upgrade)
> PASS: test shortlog format (test_mbox.TestMbox.test_shortlog_format)
> PASS: test shortlog length (test_mbox.TestMbox.test_shortlog_length)
> PASS: test src uri left files 
> (test_metadata.TestMetadata.test_src_uri_left_files)
> PASS: test summary presence (test_metadata.TestMetadata.test_summary_presence)
>
> SKIP: pretest pylint: No python related patches, skipping test 
> (test_python_pylint.PyLint.pretest_pylint)
> SKIP: test CVE tag format: No new CVE patches introduced 
> (test_patch.TestPatch.test_cve_tag_format)
> SKIP: test Signed-off-by presence: No new CVE patches introduced 
> (test_patch.TestPatch.test_signed_off_by_presence)
> SKIP: test Upstream-Status presence: No new CVE patches introduced 
> (test_patch.TestPatch.test_upstream_status_presence_format)
> SKIP: test bugzilla entry format: No bug ID found 
> (test_mbox.TestMbox.test_bugzilla_entry_format)
> SKIP: test pylint: No python related patches, skipping test 
> (test_python_pylint.PyLint.test_pylint)
> SKIP: test series merge on head: Merge test is disabled for now 
> (test_mbox.TestMbox.test_series_merge_on_head)
> SKIP: test target mailing list: Series merged, no reason to check other 
> mailing lists (test_mbox.TestMbox.test_target_mailing_list)
>
> ---
>
> Please address the issues identified and
> submit a new revision of the patch, or alternatively, reply to this
> email with an explanation of why the patch should be accepted. If you
> believe these results are due to an error in patchtest, please submit a
> bug at https://bugzilla.yoctoproject.org/ (use the 'Patchtest' category
> under 'Yocto Project Subprojects'). For more information on specific
> failures, see: https://wiki.yoctoproject.org/wiki/Patchtest. Thank
> you!
>
> 
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190955): 
https://lists.openembedded.org/g/openembedded-core/message/190955
Mute This Topic: https://lists.openembedded.org/mt/102723560/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-