Re: [OE-core] [PATCH 1/2] perl: Add option to prevent COMPLEMENTARY_GLOB from ignoring perl-modules
How are you making the list? I think this might be somewhat sped up,
if you first grep
${WORKDIR}/packages-split/openssl-ptest/usr/lib/openssl/ptest/test/
(and util/perl/OpenSSL/ as well) for "^use " and transform the output
lines into 'perl-module-something'. Then try it on the target in qemu
to see whether something is missing.
Alex
On Wed, 17 Jan 2024 at 23:44, Lyu, William via lists.openembedded.org
wrote:
>
> I have iteratively added the following 45 modules, and I still not at the
> point of covering all perl-module-* dependencies for openssl-test. Should I
> continue on with this effort? Using "perl-module-force-all" is a lot more
> convenient without conflicting with any existing usage of "perl-modules" -
> even including the ones that depends on "perl-modules" having the property of
> being a soft dependency ("perl-modules" RRECOMMENDS all of its packages).
>
> William
>
> List of perl-module-* I have iteratively added up to this point:
>
> perl-module-base
> perl-module-carp
> perl-module-config
> perl-module-constant
> perl-module-cwd
> perl-module-data-dumper
> perl-module-digest-sha
> perl-module-encode
> perl-module-errno
> perl-module-exporter
> perl-module-fcntl
> perl-module-feature
> perl-module-file-basename
> perl-module-file-compare
> perl-module-file-copy
> perl-module-file-glob
> perl-module-filehandle
> perl-module-file-path
> perl-module-file-spec
> perl-module-file-spec-functions
> perl-module-file-temp
> perl-module-findbin
> perl-module-getopt-long
> perl-module-getopt-std
> perl-module-io-select
> perl-module-io-socket
> perl-module-ipc-cmd
> perl-module-ipc-open2
> perl-module-lib
> perl-module-list-util
> perl-module-math-bigint
> perl-module-mime-base64
> perl-module-parent
> perl-module-pod-html
> perl-module-pod-usage
> perl-module-posix
> perl-module-scalar-util
> perl-module-storable
> perl-module-strict
> perl-module-test-harness
> perl-module-test-more
> perl-module-time-local
> perl-module-utf8
> perl-module-vars
> perl-module-warnings
>
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#193965):
https://lists.openembedded.org/g/openembedded-core/message/193965
Mute This Topic: https://lists.openembedded.org/mt/103766391/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-Core][dunfell][PATCH] openssh: Fix CVE-2023-51385
From: Ranjitsinh Rathod
OS command injection might occur if a user name or host name has shell
metacharacters, and this name is referenced by an expansion token in
certain situations. For example, an untrusted Git repository can have a
submodule with shell metacharacters in a user name or host name.
This patch fixes the above issue
Link:
http://archive.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_8.2p1-4ubuntu0.11.debian.tar.xz
Link:
https://github.com/openssh/openssh-portable/commit/7ef3787c84b6b524501211b11a26c742f829af1a
Signed-off-by: Ranjitsinh Rathod
Signed-off-by: Ranjitsinh Rathod
---
.../openssh/openssh/CVE-2023-51385.patch | 95 +++
.../openssh/openssh_8.2p1.bb | 1 +
2 files changed, 96 insertions(+)
create mode 100644
meta/recipes-connectivity/openssh/openssh/CVE-2023-51385.patch
diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2023-51385.patch
b/meta/recipes-connectivity/openssh/openssh/CVE-2023-51385.patch
new file mode 100644
index 00..0ba8c312d0
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh/CVE-2023-51385.patch
@@ -0,0 +1,95 @@
+From 7ef3787c84b6b524501211b11a26c742f829af1a Mon Sep 17 00:00:00 2001
+From: "d...@openbsd.org"
+Date: Mon, 18 Dec 2023 14:47:44 +
+Subject: [PATCH] upstream: ban user/hostnames with most shell metacharacters
+
+This makes ssh(1) refuse user or host names provided on the
+commandline that contain most shell metacharacters.
+
+Some programs that invoke ssh(1) using untrusted data do not filter
+metacharacters in arguments they supply. This could create
+interactions with user-specified ProxyCommand and other directives
+that allow shell injection attacks to occur.
+
+It's a mistake to invoke ssh(1) with arbitrary untrusted arguments,
+but getting this stuff right can be tricky, so this should prevent
+most obvious ways of creating risky situations. It however is not
+and cannot be perfect: ssh(1) has no practical way of interpreting
+what shell quoting rules are in use and how they interact with the
+user's specified ProxyCommand.
+
+To allow configurations that use strange user or hostnames to
+continue to work, this strictness is applied only to names coming
+from the commandline. Names specified using User or Hostname
+directives in ssh_config(5) are not affected.
+
+feedback/ok millert@ markus@ dtucker@ deraadt@
+
+OpenBSD-Commit-ID: 3b487348b5964f3e77b6b4d3da4c3b439e94b2d9
+
+CVE: CVE-2023-51385
+Upstream-Status: Backport
[https://github.com/openssh/openssh-portable/commit/7ef3787c84b6b524501211b11a26c742f829af1a]
+Signed-off-by: Ranjitsinh Rathod
+Comment: Hunks refreshed to apply cleanly
+
+---
+ ssh.c | 41 -
+ 1 file changed, 40 insertions(+), 1 deletion(-)
+
+diff --git a/ssh.c b/ssh.c
+index 35c48e62d18..48d93ddf2a9 100644
+--- a/ssh.c
b/ssh.c
+@@ -583,6 +583,41 @@ set_addrinfo_port(struct addrinfo *addrs
+ }
+ }
+
++static int
++valid_hostname(const char *s)
++{
++ size_t i;
++
++ if (*s == '-')
++ return 0;
++ for (i = 0; s[i] != 0; i++) {
++ if (strchr("'`\"$\\;&<>|(){}", s[i]) != NULL ||
++ isspace((u_char)s[i]) || iscntrl((u_char)s[i]))
++ return 0;
++ }
++ return 1;
++}
++
++static int
++valid_ruser(const char *s)
++{
++ size_t i;
++
++ if (*s == '-')
++ return 0;
++ for (i = 0; s[i] != 0; i++) {
++ if (strchr("'`\";&<>|(){}", s[i]) != NULL)
++ return 0;
++ /* Disallow '-' after whitespace */
++ if (isspace((u_char)s[i]) && s[i + 1] == '-')
++ return 0;
++ /* Disallow \ in last position */
++ if (s[i] == '\\' && s[i + 1] == '\0')
++ return 0;
++ }
++ return 1;
++}
++
+ /*
+ * Main program for the ssh client.
+ */
+@@ -1069,6 +1104,10 @@ main(int ac, char **av)
+ if (!host)
+ usage();
+
++ if (!valid_hostname(host))
++ fatal("hostname contains invalid characters");
++ if (options.user != NULL && !valid_ruser(options.user))
++ fatal("remote username contains invalid characters");
+ host_arg = xstrdup(host);
+
+ /* Initialize the command to execute on remote host. */
diff --git a/meta/recipes-connectivity/openssh/openssh_8.2p1.bb
b/meta/recipes-connectivity/openssh/openssh_8.2p1.bb
index eb3089cd8a..9d6cf7da6c 100644
--- a/meta/recipes-connectivity/openssh/openssh_8.2p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_8.2p1.bb
@@ -40,6 +40,7 @@ SRC_URI =
"http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
file://CVE-2023-38408-11.patch \
file://CVE-2023-38408-12.patch \
file://CVE-2023-48795.patch \
+ file://CVE-2023-51385.patch \
"
SRC_URI[md5sum] = "3076e6413e8dbe56d33848c1054ac091"
SRC_URI[sha256sum] =
[OE-core][PATCH 1/1] tiff: fix CVE-2023-6228
From: Yogita Urade
CVE-2023-6228:
An issue was found in the tiffcp utility distributed by the
libtiff package where a crafted TIFF file on processing may
cause a heap-based buffer overflow leads to an application
crash.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-6228
https://gitlab.com/libtiff/libtiff/-/issues/606
Signed-off-by: Yogita Urade
---
.../libtiff/tiff/CVE-2023-6228.patch | 31 +++
meta/recipes-multimedia/libtiff/tiff_4.6.0.bb | 1 +
2 files changed, 32 insertions(+)
create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-6228.patch
diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2023-6228.patch
b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-6228.patch
new file mode 100644
index 00..2020508fdf
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-6228.patch
@@ -0,0 +1,31 @@
+From 1e7d217a323eac701b134afc4ae39b6bdfdbc96a Mon Sep 17 00:00:00 2001
+From: Su_Laus
+Date: Wed, 17 Jan 2024 06:57:08 +
+Subject: [PATCH] codec of input image is available, independently from codec
+ check of output image and return with error if not.
+
+Fixes #606.
+
+CVE: CVE-2023-6228
+Upstream-Status: Backport
[https://gitlab.com/libtiff/libtiff/-/commit/1e7d217a323eac701b134afc4ae39b6bdfdbc96a]
+
+Signed-off-by: Yogita Urade
+---
+ tools/tiffcp.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/tools/tiffcp.c b/tools/tiffcp.c
+index aff0626..a4f7f6b 100644
+--- a/tools/tiffcp.c
b/tools/tiffcp.c
+@@ -846,6 +846,8 @@ static int tiffcp(TIFF *in, TIFF *out)
+ if (!TIFFIsCODECConfigured(compression))
+ return FALSE;
+ TIFFGetFieldDefaulted(in, TIFFTAG_COMPRESSION, &input_compression);
++if (!TIFFIsCODECConfigured(input_compression))
++ return FALSE;
+ TIFFGetFieldDefaulted(in, TIFFTAG_PHOTOMETRIC, &input_photometric);
+ if (input_compression == COMPRESSION_JPEG)
+ {
+--
+2.40.0
diff --git a/meta/recipes-multimedia/libtiff/tiff_4.6.0.bb
b/meta/recipes-multimedia/libtiff/tiff_4.6.0.bb
index 4c472f8ef6..eb8a096f19 100644
--- a/meta/recipes-multimedia/libtiff/tiff_4.6.0.bb
+++ b/meta/recipes-multimedia/libtiff/tiff_4.6.0.bb
@@ -12,6 +12,7 @@ SRC_URI =
"http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
file://CVE-2023-6277-At-image-reading-compare-data-size-of-some-tags-data.patch
\
file://CVE-2023-6277-At-image-reading-compare-data-size-of-some-tags-data-2.patch
\
file://CVE-2023-6277-Apply-1-suggestion-s-to-1-file-s.patch \
+ file://CVE-2023-6228.patch \
"
SRC_URI[sha256sum] =
"88b3979e6d5c7e32b50d7ec72fb15af724f6ab2cbf7e10880c360a77e4b5d99a"
--
2.40.0
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#193963):
https://lists.openembedded.org/g/openembedded-core/message/193963
Mute This Topic: https://lists.openembedded.org/mt/103803465/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH] uboot-sign: support to load optee-os and TFA images
On Thu, Jan 18, 2024 at 02:19:09AM +, Jamin Lin wrote: > > -Original Message- > > From: Tom Rini > > Sent: Wednesday, January 17, 2024 10:37 PM > > To: Jamin Lin > > Cc: openembedded-core@lists.openembedded.org > > Subject: Re: [PATCH] uboot-sign: support to load optee-os and TFA images > > > > On Tue, Jan 16, 2024 at 07:37:04PM -0800, Jamin Lin wrote: > > > > > Hi Alexander, > > > > > > One more thing, So far, bitman only support hash 256. > > > > What hashing algorithm would you like to be using instead? We can always > > include more and better options with configuration as needed. > > > > -- > > Tom > > Hi Tom > At present, makeimage tool support hash 256, 384 and 512. It also support rsa > 2038, 3072 and 4096. > It would be better if binman support these algorithms. > > I patched uboot-sign.bbclass the original goal is to make yocto support > optee-os and tfa in the old version of u-boot. Right, but it would be best if OE leveraged binman I believe and in turn you made binman support taking the hash algorithm as an input as needed. -- Tom -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193962): https://lists.openembedded.org/g/openembedded-core/message/193962 Mute This Topic: https://lists.openembedded.org/mt/103734859/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 6/6] libtiff: Fix for CVE-2023-6228
From: Vijay Anusuri
Upstream-Status: Backport
[https://gitlab.com/libtiff/libtiff/-/commit/1e7d217a323eac701b134afc4ae39b6bdfdbc96a]
Signed-off-by: Vijay Anusuri
Signed-off-by: Steve Sakoman
---
.../libtiff/files/CVE-2023-6228.patch | 30 +++
meta/recipes-multimedia/libtiff/tiff_4.1.0.bb | 1 +
2 files changed, 31 insertions(+)
create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-6228.patch
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2023-6228.patch
b/meta/recipes-multimedia/libtiff/files/CVE-2023-6228.patch
new file mode 100644
index 00..a777dea9b0
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/files/CVE-2023-6228.patch
@@ -0,0 +1,30 @@
+From 1e7d217a323eac701b134afc4ae39b6bdfdbc96a Mon Sep 17 00:00:00 2001
+From: Su_Laus
+Date: Sat, 9 Sep 2023 15:45:47 +0200
+Subject: [PATCH] Check also if codec of input image is available,
+ independently from codec check of output image and return with error if not.
+ Fixes #606.
+
+Upstream-Status: Backport
[https://gitlab.com/libtiff/libtiff/-/commit/1e7d217a323eac701b134afc4ae39b6bdfdbc96a]
+CVE: CVE-2023-6228
+Signed-off-by: Vijay Anusuri
+---
+ tools/tiffcp.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/tools/tiffcp.c b/tools/tiffcp.c
+index 007bd05..d2f7b66 100644
+--- a/tools/tiffcp.c
b/tools/tiffcp.c
+@@ -628,6 +628,8 @@ tiffcp(TIFF* in, TIFF* out)
+ else
+ CopyField(TIFFTAG_COMPRESSION, compression);
+ TIFFGetFieldDefaulted(in, TIFFTAG_COMPRESSION, &input_compression);
++ if (!TIFFIsCODECConfigured(input_compression))
++ return FALSE;
+ TIFFGetFieldDefaulted(in, TIFFTAG_PHOTOMETRIC, &input_photometric);
+ if (input_compression == COMPRESSION_JPEG) {
+ /* Force conversion to RGB */
+--
+2.25.1
+
diff --git a/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb
b/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb
index 8b130826e3..c739f3a7fa 100644
--- a/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb
+++ b/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb
@@ -48,6 +48,7 @@ SRC_URI =
"http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
file://CVE-2023-40745.patch \
file://CVE-2023-41175.patch \
file://CVE-2022-40090.patch \
+ file://CVE-2023-6228.patch \
"
SRC_URI[md5sum] = "2165e7aba557463acc0664e71a3ed424"
SRC_URI[sha256sum] =
"5d29f32517dadb6dbcd1255ea5bbc93a2b54b94fbf83653b4d65c7d6775b8634"
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#193961):
https://lists.openembedded.org/g/openembedded-core/message/193961
Mute This Topic: https://lists.openembedded.org/mt/103801546/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 5/6] qemu: Backport fix for CVE-2023-2861
From: Vijay Anusuri
Updated 0012-fix-libcap-header-issue-on-some-distro.patch to resolve
patch fuzz caused by the CVE-2023-2861 patch
Upstream-Status: Backport
[https://gitlab.com/qemu-project/qemu/-/commit/a5804fcf7b22fc7d1f9ec794dd284c7d504bd16b
&
https://gitlab.com/qemu-project/qemu/-/commit/f6b0de53fb87ddefed348a39284c8e2f28dc4eda]
Signed-off-by: Vijay Anusuri
Signed-off-by: Steve Sakoman
---
meta/recipes-devtools/qemu/qemu.inc | 2 +
...x-libcap-header-issue-on-some-distro.patch | 9 +-
...e-O_NOATIME-if-we-don-t-have-permiss.patch | 63 +++
.../qemu/qemu/CVE-2023-2861.patch | 178 ++
4 files changed, 249 insertions(+), 3 deletions(-)
create mode 100644
meta/recipes-devtools/qemu/qemu/9pfs-local-ignore-O_NOATIME-if-we-don-t-have-permiss.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2023-2861.patch
diff --git a/meta/recipes-devtools/qemu/qemu.inc
b/meta/recipes-devtools/qemu/qemu.inc
index 4f856c749e..59ff69d51d 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -142,6 +142,8 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
file://CVE-2023-3180.patch \
file://CVE-2020-24165.patch \
file://CVE-2023-5088.patch \
+ file://9pfs-local-ignore-O_NOATIME-if-we-don-t-have-permiss.patch \
+ file://CVE-2023-2861.patch \
"
UPSTREAM_CHECK_REGEX = "qemu-(?P\d+(\.\d+)+)\.tar"
diff --git
a/meta/recipes-devtools/qemu/qemu/0012-fix-libcap-header-issue-on-some-distro.patch
b/meta/recipes-devtools/qemu/qemu/0012-fix-libcap-header-issue-on-some-distro.patch
index 3a7d7bbd33..3789f1edea 100644
---
a/meta/recipes-devtools/qemu/qemu/0012-fix-libcap-header-issue-on-some-distro.patch
+++
b/meta/recipes-devtools/qemu/qemu/0012-fix-libcap-header-issue-on-some-distro.patch
@@ -60,7 +60,7 @@ Signed-off-by: Hongxu Jia
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/fsdev/virtfs-proxy-helper.c b/fsdev/virtfs-proxy-helper.c
-index 6f132c5f..8329950c 100644
+index 300c9765..2823db7d 100644
--- a/fsdev/virtfs-proxy-helper.c
+++ b/fsdev/virtfs-proxy-helper.c
@@ -13,7 +13,6 @@
@@ -71,9 +71,9 @@ index 6f132c5f..8329950c 100644
#include
#include
#include
-@@ -27,7 +26,11 @@
- #include "9p-iov-marshal.h"
+@@ -28,7 +27,11 @@
#include "hw/9pfs/9p-proxy.h"
+ #include "hw/9pfs/9p-util.h"
#include "fsdev/9p-iov-marshal.h"
-
+/*
@@ -84,3 +84,6 @@ index 6f132c5f..8329950c 100644
#define PROGNAME "virtfs-proxy-helper"
#ifndef XFS_SUPER_MAGIC
+--
+2.25.1
+
diff --git
a/meta/recipes-devtools/qemu/qemu/9pfs-local-ignore-O_NOATIME-if-we-don-t-have-permiss.patch
b/meta/recipes-devtools/qemu/qemu/9pfs-local-ignore-O_NOATIME-if-we-don-t-have-permiss.patch
new file mode 100644
index 00..72d9c47bde
--- /dev/null
+++
b/meta/recipes-devtools/qemu/qemu/9pfs-local-ignore-O_NOATIME-if-we-don-t-have-permiss.patch
@@ -0,0 +1,63 @@
+From a5804fcf7b22fc7d1f9ec794dd284c7d504bd16b Mon Sep 17 00:00:00 2001
+From: Omar Sandoval
+Date: Thu, 14 May 2020 08:06:43 +0200
+Subject: [PATCH] 9pfs: local: ignore O_NOATIME if we don't have permissions
+
+QEMU's local 9pfs server passes through O_NOATIME from the client. If
+the QEMU process doesn't have permissions to use O_NOATIME (namely, it
+does not own the file nor have the CAP_FOWNER capability), the open will
+fail. This causes issues when from the client's point of view, it
+believes it has permissions to use O_NOATIME (e.g., a process running as
+root in the virtual machine). Additionally, overlayfs on Linux opens
+files on the lower layer using O_NOATIME, so in this case a 9pfs mount
+can't be used as a lower layer for overlayfs (cf.
+https://github.com/osandov/drgn/blob/dabfe1971951701da13863dbe6d8a1d172ad9650/vmtest/onoatimehack.c
+and https://github.com/NixOS/nixpkgs/issues/54509).
+
+Luckily, O_NOATIME is effectively a hint, and is often ignored by, e.g.,
+network filesystems. open(2) notes that O_NOATIME "may not be effective
+on all filesystems. One example is NFS, where the server maintains the
+access time." This means that we can honor it when possible but fall
+back to ignoring it.
+
+Acked-by: Christian Schoenebeck
+Signed-off-by: Omar Sandoval
+Message-Id:
+Signed-off-by: Greg Kurz
+
+Upstream-Status: Backport
[https://gitlab.com/qemu-project/qemu/-/commit/a5804fcf7b22fc7d1f9ec794dd284c7d504bd16b]
+Signed-off-by: Vijay Anusuri
+---
+ hw/9pfs/9p-util.h | 13 +
+ 1 file changed, 13 insertions(+)
+
+diff --git a/hw/9pfs/9p-util.h b/hw/9pfs/9p-util.h
+index 79ed6b233e5..546f46dc7dc 100644
+--- a/hw/9pfs/9p-util.h
b/hw/9pfs/9p-util.h
+@@ -37,9 +37,22 @@ static inline int openat_file(int dirfd, const char *name,
int flags,
+ {
+ int fd, serrno, ret;
+
++again:
+ fd = openat(dirfd, name, flags | O_NOFOLLOW | O_NOCTTY | O_NONBLOCK,
+ mode);
+ if (fd == -1) {
++if (errno == EPERM && (flags & O_NOATIM
[OE-core][dunfell 4/6] zlib: ignore CVE-2023-6992
From: Peter Marko
This CVE is for iCPE cloudflare:zlib.
Alternative to ignoring would be to limit CVE_PRODUCT, but
historic CVEs already have two - gnu:zlib and zlib:zlib.
So limiting it could miss future CVEs.
Signed-off-by: Peter Marko
Signed-off-by: Steve Sakoman
---
meta/recipes-core/zlib/zlib_1.2.11.bb | 3 +++
1 file changed, 3 insertions(+)
diff --git a/meta/recipes-core/zlib/zlib_1.2.11.bb
b/meta/recipes-core/zlib/zlib_1.2.11.bb
index 910fc2ec17..9355f0556e 100644
--- a/meta/recipes-core/zlib/zlib_1.2.11.bb
+++ b/meta/recipes-core/zlib/zlib_1.2.11.bb
@@ -53,3 +53,6 @@ do_install_append_class-target() {
}
BBCLASSEXTEND = "native nativesdk"
+
+# this CVE is for cloudflare zlib
+CVE_CHECK_WHITELIST += "CVE-2023-6992"
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#193959):
https://lists.openembedded.org/g/openembedded-core/message/193959
Mute This Topic: https://lists.openembedded.org/mt/103801544/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 3/6] libxml2: Fix for CVE-2023-45322
From: Vijay Anusuri
Backport patch for gitlab issue mentioned in NVD CVE report.
* https://gitlab.gnome.org/GNOME/libxml2/-/issues/583
Backport also one of 14 patches for older issue with similar errors
to have clean cherry-pick without patch fuzz.
* https://gitlab.gnome.org/GNOME/libxml2/-/issues/344
The CVE is disputed because the maintainer does not think that
errors after memory allocation failures are not critical enough
to warrant a CVE ID.
This patch will formally fix reported error case, trying to backport
another 13 patches and resolve conflicts would be probably overkill
due to disputed state.
This CVE was ignored on master branch (as diputed).
Signed-off-by: Vijay Anusuri
Signed-off-by: Steve Sakoman
---
.../libxml/libxml2/CVE-2023-45322-1.patch | 50
.../libxml/libxml2/CVE-2023-45322-2.patch | 80 +++
meta/recipes-core/libxml/libxml2_2.9.10.bb| 2 +
3 files changed, 132 insertions(+)
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2023-45322-1.patch
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2023-45322-2.patch
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2023-45322-1.patch
b/meta/recipes-core/libxml/libxml2/CVE-2023-45322-1.patch
new file mode 100644
index 00..182bb29abd
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2023-45322-1.patch
@@ -0,0 +1,50 @@
+From a22bd982bf10291deea8ba0c61bf75b898c604ce Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer
+Date: Wed, 2 Nov 2022 15:44:42 +0100
+Subject: [PATCH] malloc-fail: Fix memory leak in xmlStaticCopyNodeList
+
+Found with libFuzzer, see #344.
+
+Upstream-Status: Backport
[https://gitlab.gnome.org/GNOME/libxml2/-/commit/a22bd982bf10291deea8ba0c61bf75b898c604ce]
+
+Signed-off-by: Peter Marko
+Signed-off-by: Vijay Anusuri
+---
+ tree.c | 7 +--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/tree.c b/tree.c
+index 507869efe..647288ce3 100644
+--- a/tree.c
b/tree.c
+@@ -4461,7 +4461,7 @@ xmlStaticCopyNodeList(xmlNodePtr node, xmlDocPtr doc,
xmlNodePtr parent) {
+ }
+ if (doc->intSubset == NULL) {
+ q = (xmlNodePtr) xmlCopyDtd( (xmlDtdPtr) node );
+- if (q == NULL) return(NULL);
++ if (q == NULL) goto error;
+ q->doc = doc;
+ q->parent = parent;
+ doc->intSubset = (xmlDtdPtr) q;
+@@ -4473,7 +4473,7 @@ xmlStaticCopyNodeList(xmlNodePtr node, xmlDocPtr doc,
xmlNodePtr parent) {
+ } else
+ #endif /* LIBXML_TREE_ENABLED */
+ q = xmlStaticCopyNode(node, doc, parent, 1);
+- if (q == NULL) return(NULL);
++ if (q == NULL) goto error;
+ if (ret == NULL) {
+ q->prev = NULL;
+ ret = p = q;
+@@ -4486,6 +4486,9 @@ xmlStaticCopyNodeList(xmlNodePtr node, xmlDocPtr doc,
xmlNodePtr parent) {
+ node = node->next;
+ }
+ return(ret);
++error:
++xmlFreeNodeList(ret);
++return(NULL);
+ }
+
+ /**
+--
+GitLab
+
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2023-45322-2.patch
b/meta/recipes-core/libxml/libxml2/CVE-2023-45322-2.patch
new file mode 100644
index 00..c7e9681e6a
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2023-45322-2.patch
@@ -0,0 +1,80 @@
+From d39f78069dff496ec865c73aa44d7110e429bce9 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer
+Date: Wed, 23 Aug 2023 20:24:24 +0200
+Subject: [PATCH] tree: Fix copying of DTDs
+
+- Don't create multiple DTD nodes.
+- Fix UAF if malloc fails.
+- Skip DTD nodes if tree module is disabled.
+
+Fixes #583.
+
+CVE: CVE-2023-45322
+Upstream-Status: Backport
[https://gitlab.gnome.org/GNOME/libxml2/-/commit/d39f78069dff496ec865c73aa44d7110e429bce9]
+
+Signed-off-by: Peter Marko
+Signed-off-by: Vijay Anusuri
+---
+ tree.c | 31 ---
+ 1 file changed, 16 insertions(+), 15 deletions(-)
+
+diff --git a/tree.c b/tree.c
+index 6c8a875b9..02c1b5791 100644
+--- a/tree.c
b/tree.c
+@@ -4471,29 +4471,28 @@ xmlNodePtr
+ xmlStaticCopyNodeList(xmlNodePtr node, xmlDocPtr doc, xmlNodePtr parent) {
+ xmlNodePtr ret = NULL;
+ xmlNodePtr p = NULL,q;
++xmlDtdPtr newSubset = NULL;
+
+ while (node != NULL) {
+-#ifdef LIBXML_TREE_ENABLED
+ if (node->type == XML_DTD_NODE ) {
+- if (doc == NULL) {
++#ifdef LIBXML_TREE_ENABLED
++ if ((doc == NULL) || (doc->intSubset != NULL)) {
+ node = node->next;
+ continue;
+ }
+- if (doc->intSubset == NULL) {
+- q = (xmlNodePtr) xmlCopyDtd( (xmlDtdPtr) node );
+- if (q == NULL) goto error;
+- q->doc = doc;
+- q->parent = parent;
+- doc->intSubset = (xmlDtdPtr) q;
+- xmlAddChild(parent, q);
+- } else {
+- q = (xmlNodePtr) doc->intSubset;
+- xmlAddChild(parent, q);
+- }
+- } else
++q = (xmlNodePtr) xmlCopyDtd( (xmlDtdPtr) node );
++
[OE-core][dunfell 1/6] go: Backport fix for CVE-2023-45287
From: Vijay Anusuri
Upstream-Status: Backport
[https://github.com/golang/go/commit/9baafabac9a84813a336f068862207d2bb06d255
&
https://github.com/golang/go/commit/c9d5f60eaa4450ccf1ce878d55b4c6a12843f2f3
&
https://github.com/golang/go/commit/8f676144ad7b7c91adb0c6e1ec89aaa6283c6807
&
https://github.com/golang/go/commit/8a81fdf165facdcefa06531de5af98a4db343035]
Signed-off-by: Vijay Anusuri
Signed-off-by: Steve Sakoman
---
meta/recipes-devtools/go/go-1.14.inc |4 +
.../go/go-1.14/CVE-2023-45287-pre1.patch | 393
.../go/go-1.14/CVE-2023-45287-pre2.patch | 401
.../go/go-1.14/CVE-2023-45287-pre3.patch | 86 +
.../go/go-1.14/CVE-2023-45287.patch | 1697 +
5 files changed, 2581 insertions(+)
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-45287-pre1.patch
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-45287-pre2.patch
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-45287-pre3.patch
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-45287.patch
diff --git a/meta/recipes-devtools/go/go-1.14.inc
b/meta/recipes-devtools/go/go-1.14.inc
index b827a3606d..42a9ac8435 100644
--- a/meta/recipes-devtools/go/go-1.14.inc
+++ b/meta/recipes-devtools/go/go-1.14.inc
@@ -83,6 +83,10 @@ SRC_URI += "\
file://CVE-2023-39318.patch \
file://CVE-2023-39319.patch \
file://CVE-2023-39326.patch \
+file://CVE-2023-45287-pre1.patch \
+file://CVE-2023-45287-pre2.patch \
+file://CVE-2023-45287-pre3.patch \
+file://CVE-2023-45287.patch \
"
SRC_URI_append_libc-musl = "
file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch"
diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2023-45287-pre1.patch
b/meta/recipes-devtools/go/go-1.14/CVE-2023-45287-pre1.patch
new file mode 100644
index 00..4d65180253
--- /dev/null
+++ b/meta/recipes-devtools/go/go-1.14/CVE-2023-45287-pre1.patch
@@ -0,0 +1,393 @@
+From 9baafabac9a84813a336f068862207d2bb06d255 Mon Sep 17 00:00:00 2001
+From: Filippo Valsorda
+Date: Wed, 1 Apr 2020 17:25:40 -0400
+Subject: [PATCH] crypto/rsa: refactor RSA-PSS signing and verification
+
+Cleaned up for readability and consistency.
+
+There is one tiny behavioral change: when PSSSaltLengthEqualsHash is
+used and both hash and opts.Hash were set, hash.Size() was used for the
+salt length instead of opts.Hash.Size(). That's clearly wrong because
+opts.Hash is documented to override hash.
+
+Change-Id: I3e25dad933961eac827c6d2e3bbfe45fc5a6fb0e
+Reviewed-on: https://go-review.googlesource.com/c/go/+/226937
+Run-TryBot: Filippo Valsorda
+TryBot-Result: Gobot Gobot
+Reviewed-by: Katie Hockman
+
+Upstream-Status: Backport
[https://github.com/golang/go/commit/9baafabac9a84813a336f068862207d2bb06d255]
+CVE: CVE-2023-45287 #Dependency Patch1
+Signed-off-by: Vijay Anusuri
+---
+ src/crypto/rsa/pss.go | 173 ++
+ src/crypto/rsa/rsa.go | 9 ++-
+ 2 files changed, 96 insertions(+), 86 deletions(-)
+
+diff --git a/src/crypto/rsa/pss.go b/src/crypto/rsa/pss.go
+index 3ff0c2f4d0076..f9844d87329a8 100644
+--- a/src/crypto/rsa/pss.go
b/src/crypto/rsa/pss.go
+@@ -4,9 +4,7 @@
+
+ package rsa
+
+-// This file implements the PSS signature scheme [1].
+-//
+-// [1]
https://www.emc.com/collateral/white-papers/h11300-pkcs-1v2-2-rsa-cryptography-standard-wp.pdf
++// This file implements the RSASSA-PSS signature scheme according to RFC 8017.
+
+ import (
+ "bytes"
+@@ -17,8 +15,22 @@ import (
+ "math/big"
+ )
+
++// Per RFC 8017, Section 9.1
++//
++// EM = MGF1 xor DB || H( 8*0x00 || mHash || salt ) || 0xbc
++//
++// where
++//
++// DB = PS || 0x01 || salt
++//
++// and PS can be empty so
++//
++// emLen = dbLen + hLen + 1 = psLen + sLen + hLen + 2
++//
++
+ func emsaPSSEncode(mHash []byte, emBits int, salt []byte, hash hash.Hash)
([]byte, error) {
+- // See [1], section 9.1.1
++ // See RFC 8017, Section 9.1.1.
++
+ hLen := hash.Size()
+ sLen := len(salt)
+ emLen := (emBits + 7) / 8
+@@ -30,7 +42,7 @@ func emsaPSSEncode(mHash []byte, emBits int, salt []byte,
hash hash.Hash) ([]byt
+ // 2. Let mHash = Hash(M), an octet string of length hLen.
+
+ if len(mHash) != hLen {
+- return nil, errors.New("crypto/rsa: input must be hashed
message")
++ return nil, errors.New("crypto/rsa: input must be hashed with
given hash")
+ }
+
+ // 3. If emLen < hLen + sLen + 2, output "encoding error" and stop.
+@@ -40,8 +52,9 @@ func emsaPSSEncode(mHash []byte, emBits int, salt []byte,
hash hash.Hash) ([]byt
+ }
+
+ em := make([]byte, emLen)
+- db := em[:emLen-sLen-hLen-2+1+sLen]
+- h := em[emLen-sLen-hLen-2+1+sLen : emLen-1]
++ psLen := emLen - sLen - hLen - 2
++ db := em[:psLen+1+sLen]
++ h := em[psLen+1+sLen : emLen-1]
+
+ // 4. Generate a random octet string salt of length sLen; if sLen = 0,
+
[OE-core][dunfell 2/6] xserver-xorg: Fix for CVE-2023-6377 and CVE-2023-6478
From: Vijay Anusuri
Upstream-Status: Backport
[https://gitlab.freedesktop.org/xorg/xserver/-/commit/0c1a93d319558fe3ab2d94f51d174b4f93810afd
&
https://gitlab.freedesktop.org/xorg/xserver/-/commit/14f480010a93ff962fef66a16412fafff81ad632]
Signed-off-by: Vijay Anusuri
Signed-off-by: Steve Sakoman
---
.../xserver-xorg/CVE-2023-6377.patch | 79 +++
.../xserver-xorg/CVE-2023-6478.patch | 63 +++
.../xorg-xserver/xserver-xorg_1.20.14.bb | 2 +
3 files changed, 144 insertions(+)
create mode 100644
meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-6377.patch
create mode 100644
meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-6478.patch
diff --git
a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-6377.patch
b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-6377.patch
new file mode 100644
index 00..0abd5914fa
--- /dev/null
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-6377.patch
@@ -0,0 +1,79 @@
+From 0c1a93d319558fe3ab2d94f51d174b4f93810afd Mon Sep 17 00:00:00 2001
+From: Peter Hutterer
+Date: Tue, 28 Nov 2023 15:19:04 +1000
+Subject: [PATCH] Xi: allocate enough XkbActions for our buttons
+
+button->xkb_acts is supposed to be an array sufficiently large for all
+our buttons, not just a single XkbActions struct. Allocating
+insufficient memory here means when we memcpy() later in
+XkbSetDeviceInfo we write into memory that wasn't ours to begin with,
+leading to the usual security ooopsiedaisies.
+
+CVE-2023-6377, ZDI-CAN-22412, ZDI-CAN-22413
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+
+Upstream-Status: Backport
[https://gitlab.freedesktop.org/xorg/xserver/-/commit/0c1a93d319558fe3ab2d94f51d174b4f93810afd]
+CVE: CVE-2023-6377
+Signed-off-by: Vijay Anusuri
+---
+ Xi/exevents.c | 12 ++--
+ dix/devices.c | 10 ++
+ 2 files changed, 16 insertions(+), 6 deletions(-)
+
+diff --git a/Xi/exevents.c b/Xi/exevents.c
+index dcd4efb3bc..54ea11a938 100644
+--- a/Xi/exevents.c
b/Xi/exevents.c
+@@ -611,13 +611,13 @@ DeepCopyPointerClasses(DeviceIntPtr from, DeviceIntPtr
to)
+ }
+
+ if (from->button->xkb_acts) {
+-if (!to->button->xkb_acts) {
+-to->button->xkb_acts = calloc(1, sizeof(XkbAction));
+-if (!to->button->xkb_acts)
+-FatalError("[Xi] not enough memory for xkb_acts.\n");
+-}
++size_t maxbuttons = max(to->button->numButtons,
from->button->numButtons);
++to->button->xkb_acts = xnfreallocarray(to->button->xkb_acts,
++ maxbuttons,
++ sizeof(XkbAction));
++memset(to->button->xkb_acts, 0, maxbuttons * sizeof(XkbAction));
+ memcpy(to->button->xkb_acts, from->button->xkb_acts,
+- sizeof(XkbAction));
++ from->button->numButtons * sizeof(XkbAction));
+ }
+ else {
+ free(to->button->xkb_acts);
+diff --git a/dix/devices.c b/dix/devices.c
+index b063128df0..3f3224d626 100644
+--- a/dix/devices.c
b/dix/devices.c
+@@ -2539,6 +2539,8 @@ RecalculateMasterButtons(DeviceIntPtr slave)
+
+ if (master->button && master->button->numButtons != maxbuttons) {
+ int i;
++int last_num_buttons = master->button->numButtons;
++
+ DeviceChangedEvent event = {
+ .header = ET_Internal,
+ .type = ET_DeviceChanged,
+@@ -2549,6 +2551,14 @@ RecalculateMasterButtons(DeviceIntPtr slave)
+ };
+
+ master->button->numButtons = maxbuttons;
++if (last_num_buttons < maxbuttons) {
++master->button->xkb_acts =
xnfreallocarray(master->button->xkb_acts,
++ maxbuttons,
++ sizeof(XkbAction));
++memset(&master->button->xkb_acts[last_num_buttons],
++ 0,
++ (maxbuttons - last_num_buttons) * sizeof(XkbAction));
++}
+
+ memcpy(&event.buttons.names, master->button->labels, maxbuttons *
+sizeof(Atom));
+--
+GitLab
+
diff --git
a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-6478.patch
b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-6478.patch
new file mode 100644
index 00..6392eae3f8
--- /dev/null
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-6478.patch
@@ -0,0 +1,63 @@
+From 14f480010a93ff962fef66a16412fafff81ad632 Mon Sep 17 00:00:00 2001
+From: Peter Hutterer
+Date: Mon, 27 Nov 2023 16:27:49 +1000
+Subject: [PATCH] randr: avoid integer truncation in length check of
+ ProcRRChange*Property
+
+Affected are ProcRRChangeProviderProperty and ProcRRChangeOutputProperty.
+See also xserver@8f454b79 where this same bug was fixed for the core
+protocol a
[OE-core][dunfell 0/6] Patch review
Please review this set of changes for dunfell and have comments back by end of day Friday, January 19 Passed a-full on autobuilder: https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6460 The following changes since commit b3dd6852c0d6b8aa9b36377d7024ac95062e8098: linux-firmware: upgrade 20230804 -> 20231030 (2024-01-04 07:24:12 -1000) are available in the Git repository at: https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut Peter Marko (1): zlib: ignore CVE-2023-6992 Vijay Anusuri (5): go: Backport fix for CVE-2023-45287 xserver-xorg: Fix for CVE-2023-6377 and CVE-2023-6478 libxml2: Fix for CVE-2023-45322 qemu: Backport fix for CVE-2023-2861 libtiff: Fix for CVE-2023-6228 .../libxml/libxml2/CVE-2023-45322-1.patch | 50 + .../libxml/libxml2/CVE-2023-45322-2.patch | 80 + meta/recipes-core/libxml/libxml2_2.9.10.bb|2 + meta/recipes-core/zlib/zlib_1.2.11.bb |3 + meta/recipes-devtools/go/go-1.14.inc |4 + .../go/go-1.14/CVE-2023-45287-pre1.patch | 393 .../go/go-1.14/CVE-2023-45287-pre2.patch | 401 .../go/go-1.14/CVE-2023-45287-pre3.patch | 86 + .../go/go-1.14/CVE-2023-45287.patch | 1697 + meta/recipes-devtools/qemu/qemu.inc |2 + ...x-libcap-header-issue-on-some-distro.patch |9 +- ...e-O_NOATIME-if-we-don-t-have-permiss.patch | 63 + .../qemu/qemu/CVE-2023-2861.patch | 178 ++ .../xserver-xorg/CVE-2023-6377.patch | 79 + .../xserver-xorg/CVE-2023-6478.patch | 63 + .../xorg-xserver/xserver-xorg_1.20.14.bb |2 + .../libtiff/files/CVE-2023-6228.patch | 30 + meta/recipes-multimedia/libtiff/tiff_4.1.0.bb |1 + 18 files changed, 3140 insertions(+), 3 deletions(-) create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2023-45322-1.patch create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2023-45322-2.patch create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-45287-pre1.patch create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-45287-pre2.patch create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-45287-pre3.patch create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-45287.patch create mode 100644 meta/recipes-devtools/qemu/qemu/9pfs-local-ignore-O_NOATIME-if-we-don-t-have-permiss.patch create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2023-2861.patch create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-6377.patch create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-6478.patch create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-6228.patch -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193955): https://lists.openembedded.org/g/openembedded-core/message/193955 Mute This Topic: https://lists.openembedded.org/mt/103801539/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH] uboot-sign: support to load optee-os and TFA images
> -Original Message- > From: Tom Rini > Sent: Wednesday, January 17, 2024 10:37 PM > To: Jamin Lin > Cc: openembedded-core@lists.openembedded.org > Subject: Re: [PATCH] uboot-sign: support to load optee-os and TFA images > > On Tue, Jan 16, 2024 at 07:37:04PM -0800, Jamin Lin wrote: > > > Hi Alexander, > > > > One more thing, So far, bitman only support hash 256. > > What hashing algorithm would you like to be using instead? We can always > include more and better options with configuration as needed. > > -- > Tom Hi Tom At present, makeimage tool support hash 256, 384 and 512. It also support rsa 2038, 3072 and 4096. It would be better if binman support these algorithms. I patched uboot-sign.bbclass the original goal is to make yocto support optee-os and tfa in the old version of u-boot. Thanks -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193954): https://lists.openembedded.org/g/openembedded-core/message/193954 Mute This Topic: https://lists.openembedded.org/mt/103734859/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell][PATCH] openssh: Backport fix for CVE-2023-51385
From: Vijay Anusuri
Upstream-Status: Backport
[https://github.com/openssh/openssh-portable/commit/7ef3787c84b6b524501211b11a26c742f829af1a]
Signed-off-by: Vijay Anusuri
---
.../openssh/openssh/CVE-2023-51385.patch | 96 +++
.../openssh/openssh_8.2p1.bb | 1 +
2 files changed, 97 insertions(+)
create mode 100644
meta/recipes-connectivity/openssh/openssh/CVE-2023-51385.patch
diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2023-51385.patch
b/meta/recipes-connectivity/openssh/openssh/CVE-2023-51385.patch
new file mode 100644
index 00..ae084053f8
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh/CVE-2023-51385.patch
@@ -0,0 +1,96 @@
+From 7ef3787c84b6b524501211b11a26c742f829af1a Mon Sep 17 00:00:00 2001
+From: "d...@openbsd.org"
+Date: Mon, 18 Dec 2023 14:47:44 +
+Subject: [PATCH] upstream: ban user/hostnames with most shell metacharacters
+
+This makes ssh(1) refuse user or host names provided on the
+commandline that contain most shell metacharacters.
+
+Some programs that invoke ssh(1) using untrusted data do not filter
+metacharacters in arguments they supply. This could create
+interactions with user-specified ProxyCommand and other directives
+that allow shell injection attacks to occur.
+
+It's a mistake to invoke ssh(1) with arbitrary untrusted arguments,
+but getting this stuff right can be tricky, so this should prevent
+most obvious ways of creating risky situations. It however is not
+and cannot be perfect: ssh(1) has no practical way of interpreting
+what shell quoting rules are in use and how they interact with the
+user's specified ProxyCommand.
+
+To allow configurations that use strange user or hostnames to
+continue to work, this strictness is applied only to names coming
+from the commandline. Names specified using User or Hostname
+directives in ssh_config(5) are not affected.
+
+feedback/ok millert@ markus@ dtucker@ deraadt@
+
+OpenBSD-Commit-ID: 3b487348b5964f3e77b6b4d3da4c3b439e94b2d9
+
+Upstream-Status: Backport
[https://github.com/openssh/openssh-portable/commit/7ef3787c84b6b524501211b11a26c742f829af1a]
+CVE: CVE-2023-51385
+Signed-off-by: Vijay Anusuri
+---
+ ssh.c | 39 +++
+ 1 file changed, 39 insertions(+)
+
+diff --git a/ssh.c b/ssh.c
+index 15aee56..2cf0b64 100644
+--- a/ssh.c
b/ssh.c
+@@ -583,6 +583,41 @@ set_addrinfo_port(struct addrinfo *addrs, int port)
+ }
+ }
+
++static int
++valid_hostname(const char *s)
++{
++ size_t i;
++
++ if (*s == '-')
++ return 0;
++ for (i = 0; s[i] != 0; i++) {
++ if (strchr("'`\"$\\;&<>|(){}", s[i]) != NULL ||
++ isspace((u_char)s[i]) || iscntrl((u_char)s[i]))
++ return 0;
++ }
++ return 1;
++}
++
++static int
++valid_ruser(const char *s)
++{
++ size_t i;
++
++ if (*s == '-')
++ return 0;
++ for (i = 0; s[i] != 0; i++) {
++ if (strchr("'`\";&<>|(){}", s[i]) != NULL)
++ return 0;
++ /* Disallow '-' after whitespace */
++ if (isspace((u_char)s[i]) && s[i + 1] == '-')
++ return 0;
++ /* Disallow \ in last position */
++ if (s[i] == '\\' && s[i + 1] == '\0')
++ return 0;
++ }
++ return 1;
++}
++
+ /*
+ * Main program for the ssh client.
+ */
+@@ -1067,6 +1102,10 @@ main(int ac, char **av)
+ if (!host)
+ usage();
+
++ if (!valid_hostname(host))
++ fatal("hostname contains invalid characters");
++ if (options.user != NULL && !valid_ruser(options.user))
++ fatal("remote username contains invalid characters");
+ host_arg = xstrdup(host);
+
+ /* Initialize the command to execute on remote host. */
+--
+2.25.1
+
diff --git a/meta/recipes-connectivity/openssh/openssh_8.2p1.bb
b/meta/recipes-connectivity/openssh/openssh_8.2p1.bb
index eb3089cd8a..9d6cf7da6c 100644
--- a/meta/recipes-connectivity/openssh/openssh_8.2p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_8.2p1.bb
@@ -40,6 +40,7 @@ SRC_URI =
"http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
file://CVE-2023-38408-11.patch \
file://CVE-2023-38408-12.patch \
file://CVE-2023-48795.patch \
+ file://CVE-2023-51385.patch \
"
SRC_URI[md5sum] = "3076e6413e8dbe56d33848c1054ac091"
SRC_URI[sha256sum] =
"43925151e6cf6cee1450190c0e9af4dc36b41c12737619edff8bcebdff64e671"
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#193953):
https://lists.openembedded.org/g/openembedded-core/message/193953
Mute This Topic: https://lists.openembedded.org/mt/103801024/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=
[OE-core] [PATCH 1/1] iputils: update to 20240117
Changelog:
* ping
- fix: Restore -i0 (commit: 7a51494, PR: #519, regression from 2a63b94)
* localization
- Updated Turkish and Indonesian
- 100% translated: Chinese (Simplified), Czech, French, Georgian, German,
Korean, Portuguese (Brazil), Turkish, Ukrainian
- > 90% translated: Finnish, Indonesian, Japanese
Signed-off-by: Petr Vorel
---
.../iputils/{iputils_20231222.bb => iputils_20240117.bb}| 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-extended/iputils/{iputils_20231222.bb =>
iputils_20240117.bb} (97%)
diff --git a/meta/recipes-extended/iputils/iputils_20231222.bb
b/meta/recipes-extended/iputils/iputils_20240117.bb
similarity index 97%
rename from meta/recipes-extended/iputils/iputils_20231222.bb
rename to meta/recipes-extended/iputils/iputils_20240117.bb
index e919febd12..5a5e15528e 100644
--- a/meta/recipes-extended/iputils/iputils_20231222.bb
+++ b/meta/recipes-extended/iputils/iputils_20240117.bb
@@ -11,7 +11,7 @@ LIC_FILES_CHKSUM =
"file://LICENSE;md5=627cc07ec86a45951d43e30658bbd819"
DEPENDS = "gnutls"
SRC_URI = "git://github.com/iputils/iputils;branch=master;protocol=https"
-SRCREV = "84cdf26908b4a03b917a5429a6339b7374fcc38b"
+SRCREV = "8372f355bdf7a9b0c79338dd8ef8464c00a5c4e2"
S = "${WORKDIR}/git"
--
2.43.0
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#193952):
https://lists.openembedded.org/g/openembedded-core/message/193952
Mute This Topic: https://lists.openembedded.org/mt/103799300/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] iputils: Update to 20240117
From: Fabio Estevam
Update to the 20240117 release.
Signed-off-by: Fabio Estevam
---
.../iputils/{iputils_20231222.bb => iputils_20240117.bb}| 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-extended/iputils/{iputils_20231222.bb =>
iputils_20240117.bb} (97%)
diff --git a/meta/recipes-extended/iputils/iputils_20231222.bb
b/meta/recipes-extended/iputils/iputils_20240117.bb
similarity index 97%
rename from meta/recipes-extended/iputils/iputils_20231222.bb
rename to meta/recipes-extended/iputils/iputils_20240117.bb
index e919febd12..5a5e15528e 100644
--- a/meta/recipes-extended/iputils/iputils_20231222.bb
+++ b/meta/recipes-extended/iputils/iputils_20240117.bb
@@ -11,7 +11,7 @@ LIC_FILES_CHKSUM =
"file://LICENSE;md5=627cc07ec86a45951d43e30658bbd819"
DEPENDS = "gnutls"
SRC_URI = "git://github.com/iputils/iputils;branch=master;protocol=https"
-SRCREV = "84cdf26908b4a03b917a5429a6339b7374fcc38b"
+SRCREV = "8372f355bdf7a9b0c79338dd8ef8464c00a5c4e2"
S = "${WORKDIR}/git"
--
2.37.3
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#193951):
https://lists.openembedded.org/g/openembedded-core/message/193951
Mute This Topic: https://lists.openembedded.org/mt/103799183/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] libtool: Update further patch status to backport
Three further patches were merged to upstream libtool, update the patch status to Backport. Signed-off-by: Richard Purdie --- .../libtool/0001-ltmain.in-Parse-additional-clang-options.patch | 2 +- .../libtool/0003-libtool.m4-Cleanup-sysroot-trailing.patch | 2 +- ...1-ltmain.in-Handle-prefix-map-compiler-options-correct.patch | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/meta/recipes-devtools/libtool/libtool/0001-ltmain.in-Parse-additional-clang-options.patch b/meta/recipes-devtools/libtool/libtool/0001-ltmain.in-Parse-additional-clang-options.patch index 0dcf963dcca..c52083327c4 100644 --- a/meta/recipes-devtools/libtool/libtool/0001-ltmain.in-Parse-additional-clang-options.patch +++ b/meta/recipes-devtools/libtool/libtool/0001-ltmain.in-Parse-additional-clang-options.patch @@ -7,7 +7,7 @@ ldflags * build-aux/ltmain.in: Handle clang linker options Signed-off-by: Richard Purdie -Upstream-Status: Submitted [https://lists.gnu.org/archive/html/libtool-patches/2024-01/msg00110.html] +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/libtool.git/commit/?id=725646bf095bf5c07c49ae38dd060f95bd95ae3c] --- build-aux/ltmain.in | 4 +++- diff --git a/meta/recipes-devtools/libtool/libtool/0003-libtool.m4-Cleanup-sysroot-trailing.patch b/meta/recipes-devtools/libtool/libtool/0003-libtool.m4-Cleanup-sysroot-trailing.patch index b6175903daf..6d922382ef1 100644 --- a/meta/recipes-devtools/libtool/libtool/0003-libtool.m4-Cleanup-sysroot-trailing.patch +++ b/meta/recipes-devtools/libtool/libtool/0003-libtool.m4-Cleanup-sysroot-trailing.patch @@ -13,7 +13,7 @@ and result in cleaner/consistent output. * m4/libtool.m4: Cleanup sysroot trailing '/' handling -Upstream-Status: Submitted [https://lists.gnu.org/archive/html/libtool-patches/2024-01/msg00111.html] +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/libtool.git/commit/?id=365805327c7b9bbdb0e622b954b6b0d8eaeb3f99] Signed-off-by: Richard Purdie --- diff --git a/meta/recipes-devtools/libtool/libtool/0011-ltmain.in-Handle-prefix-map-compiler-options-correct.patch b/meta/recipes-devtools/libtool/libtool/0011-ltmain.in-Handle-prefix-map-compiler-options-correct.patch index c0627795b45..4c6b6f05b49 100644 --- a/meta/recipes-devtools/libtool/libtool/0011-ltmain.in-Handle-prefix-map-compiler-options-correct.patch +++ b/meta/recipes-devtools/libtool/libtool/0011-ltmain.in-Handle-prefix-map-compiler-options-correct.patch @@ -11,7 +11,7 @@ Signed-off-by: Richard Purdie https://lists.gnu.org/archive/html/libtool-patches/2021-10/msg00019.html https://lists.gnu.org/archive/html/libtool-patches/2024-01/msg00066.html -Upstream-Status: Submitted [https://lists.gnu.org/archive/html/libtool-patches/2024-01/msg00109.html] +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/libtool.git/commit/?id=cdf4bf702f11d17e06569936e8a433a77f791228] --- build-aux/ltmain.in | 3 ++- -- 2.39.2 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193950): https://lists.openembedded.org/g/openembedded-core/message/193950 Mute This Topic: https://lists.openembedded.org/mt/103799166/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH 1/2] perl: Add option to prevent COMPLEMENTARY_GLOB from ignoring perl-modules
I have iteratively added the following 45 modules, and I still not at the point
of covering all perl-module-* dependencies for openssl-test. Should I continue
on with this effort? Using "perl-module-force-all" is a lot more convenient
without conflicting with any existing usage of "perl-modules" - even including
the ones that depends on "perl-modules" having the property of being a soft
dependency ("perl-modules" RRECOMMENDS all of its packages).
William
List of perl-module-* I have iteratively added up to this point:
perl-module-base
perl-module-carp
perl-module-config
perl-module-constant
perl-module-cwd
perl-module-data-dumper
perl-module-digest-sha
perl-module-encode
perl-module-errno
perl-module-exporter
perl-module-fcntl
perl-module-feature
perl-module-file-basename
perl-module-file-compare
perl-module-file-copy
perl-module-file-glob
perl-module-filehandle
perl-module-file-path
perl-module-file-spec
perl-module-file-spec-functions
perl-module-file-temp
perl-module-findbin
perl-module-getopt-long
perl-module-getopt-std
perl-module-io-select
perl-module-io-socket
perl-module-ipc-cmd
perl-module-ipc-open2
perl-module-lib
perl-module-list-util
perl-module-math-bigint
perl-module-mime-base64
perl-module-parent
perl-module-pod-html
perl-module-pod-usage
perl-module-posix
perl-module-scalar-util
perl-module-storable
perl-module-strict
perl-module-test-harness
perl-module-test-more
perl-module-time-local
perl-module-utf8
perl-module-vars
perl-module-warnings
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#193949):
https://lists.openembedded.org/g/openembedded-core/message/193949
Mute This Topic: https://lists.openembedded.org/mt/103766391/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH 2/4] libunwind: merge .inc and .bb
OK, good to know. I mostly use gitk and it doesn't do a good job at following renames, so I thought that was the reason for this file structure. Etienne On Wed, Jan 17, 2024 at 6:26 PM Ross Burton wrote: > > On 17 Jan 2024, at 17:19, Etienne Cordonnier wrote: > > > > Hi Ross, > > I thought the main reason of having .inc files was to have a stable git > > history, since the bb files get constantly renamed with each update? There > > are many recipes using a split .inc file without a need for it, so I > > assumed this is the standard codestyle of poky? Is it not the case? > > It originates from when openembedded had multiple versions for each recipe, > to share logic. > > Some people say that it helps track history, but unless you put _only_ the > checksums in the versioned file then you need to track the renamed file > anyway, and git’s “—follow” option does a reasonable job. I don’t consider > this a sufficient advantage considering the inconvenience of having a recipe > split arbitrarily between two files. > > Ross > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193948): https://lists.openembedded.org/g/openembedded-core/message/193948 Mute This Topic: https://lists.openembedded.org/mt/103787498/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH] classes-global/insane: Add check for "virtual/" in RPROVIDES and RDEPENDS
On 17/01/2024 19:19:28+, Simone Weiß wrote: > I see, the warning is correct and a fix should be applied to meta- > oe/recipes-core/opencl/ocl-icd_2.3.2.bb for this, I will send out a > patch for this as well. Afterwards this should be fixed implicitly. > Just one question: Which branch is tested in the autobuilder for meta- > aws/meta-op? Is it good enough if I just fix it on meta-oes main > branch? Yes, this would be master for this patch. -- Alexandre Belloni, co-owner and COO, Bootlin Embedded Linux and Kernel engineering https://bootlin.com -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193947): https://lists.openembedded.org/g/openembedded-core/message/193947 Mute This Topic: https://lists.openembedded.org/mt/103722088/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH v2] tune-core2: Update qemu cpu to supported model
From: Simone Weiß
Fixes [YOCTO #12388]
QEMUs documentation does recommend to not use n270 and core2duo as
an argument to -cpu anymore. See also the QEMU documentation for this at
[0].
Update therefore the QEMU cpu option for the core2duo tune to Nehalam.
Tested it locally with QEMU and KVM.
[0]:
https://qemu-project.gitlab.io/qemu/system/qemu-cpu-models.html#other-non-recommended-x86-cpus
Signed-off-by: Simone Weiß
---
meta/conf/machine/include/x86/tune-core2.inc | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/meta/conf/machine/include/x86/tune-core2.inc
b/meta/conf/machine/include/x86/tune-core2.inc
index 97b7c1b188..082fd4efc3 100644
--- a/meta/conf/machine/include/x86/tune-core2.inc
+++ b/meta/conf/machine/include/x86/tune-core2.inc
@@ -21,18 +21,18 @@ TUNE_FEATURES:tune-core2-32 = "${TUNE_FEATURES:tune-x86}
core2"
BASE_LIB:tune-core2-32 = "lib"
TUNE_PKGARCH:tune-core2-32 = "core2-32"
PACKAGE_EXTRA_ARCHS:tune-core2-32 = "${PACKAGE_EXTRA_ARCHS:tune-i686} core2-32"
-QEMU_EXTRAOPTIONS_core2-32 = " -cpu n270"
+QEMU_EXTRAOPTIONS_core2-32 = " -cpu Nehalem,check=false"
AVAILTUNES += "core2-64"
TUNE_FEATURES:tune-core2-64 = "${TUNE_FEATURES:tune-x86-64} core2"
BASE_LIB:tune-core2-64 = "lib64"
TUNE_PKGARCH:tune-core2-64 = "core2-64"
PACKAGE_EXTRA_ARCHS:tune-core2-64 = "${PACKAGE_EXTRA_ARCHS:tune-x86-64}
core2-64"
-QEMU_EXTRAOPTIONS_core2-64 = " -cpu core2duo"
+QEMU_EXTRAOPTIONS_core2-64 = " -cpu Nehalem,check=false"
AVAILTUNES += "core2-64-x32"
TUNE_FEATURES:tune-core2-64-x32 = "${TUNE_FEATURES:tune-x86-64-x32} core2"
BASE_LIB:tune-core2-64-x32 = "libx32"
TUNE_PKGARCH:tune-core2-64-x32 = "core2-64-x32"
PACKAGE_EXTRA_ARCHS:tune-core2-64-x32 =
"${PACKAGE_EXTRA_ARCHS:tune-x86-64-x32} core2-64-x32"
-QEMU_EXTRAOPTIONS_core2-64-x32 = " -cpu core2duo"
+QEMU_EXTRAOPTIONS_core2-64-x32 = " -cpu Nehalem,check=false"
--
2.39.2
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#193946):
https://lists.openembedded.org/g/openembedded-core/message/193946
Mute This Topic: https://lists.openembedded.org/mt/103794943/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH] classes-global/insane: Add check for "virtual/" in RPROVIDES and RDEPENDS
Hi,
On Wed, 2024-01-17 at 00:29 +0100, Alexandre Belloni via
lists.openembedded.org wrote:
> Hello,
>
> This causes warnings for meta-aws:
>
> https://autobuilder.yoctoproject.org/typhoon/#/builders/122/builds/3840/steps/12/logs/warnings
>
> On 14/01/2024 17:19:03+, Simone Weiß wrote:
> > From: Simone Weiß
> >
> > Fixes [YOCTO #14538]
> >
> > Recipes shouldn't use "virtual/" in RPROVIDES and RDEPENDS. This
> > was
> > addressed already in recipes in meta-oe and oe-core. Add a test for
> > this in insane.bbclass to ensure no regressions occur.
> >
> > Signed-off-by: Simone Weiß
> > ---
> > meta/classes-global/insane.bbclass | 6 ++
> > 1 file changed, 6 insertions(+)
> >
> > diff --git a/meta/classes-global/insane.bbclass b/meta/classes-
> > global/insane.bbclass
> > index d625fd82f7..9e8e35e0f7 100644
> > --- a/meta/classes-global/insane.bbclass
> > +++ b/meta/classes-global/insane.bbclass
> > @@ -1606,6 +1606,12 @@ python () {
> > if (d.getVar(d.expand('DEPENDS:${PN}'))):
> > oe.qa.handle_error("pkgvarcheck", "recipe uses
> > DEPENDS:${PN}, should use DEPENDS", d)
> >
> > + # virtual/ is meaningless for those variables
> > + for k in ['RDEPENDS', 'RPROVIDES']:
> > + for var in bb.utils.explode_deps(d.getVar(k + ':' + pn) or
> > ""):
> > + if var.startswith("virtual/"):
> > + bb.warn("%s is set to %s, the substring 'virtual/'
> > holds no meaning in this context. It is suggested to use the
> > 'virtual-' instead." % (k, var))
> > +
> > issues = []
> > if (d.getVar('PACKAGES') or "").split():
> > for dep in (d.getVar('QADEPENDS') or "").split():
> > --
> > 2.39.2
> >
>
> >
> >
> >
>
>
>
>
>
I see, the warning is correct and a fix should be applied to meta-
oe/recipes-core/opencl/ocl-icd_2.3.2.bb for this, I will send out a
patch for this as well. Afterwards this should be fixed implicitly.
Just one question: Which branch is tested in the autobuilder for meta-
aws/meta-op? Is it good enough if I just fix it on meta-oes main
branch?
-
Simone
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#193945):
https://lists.openembedded.org/g/openembedded-core/message/193945
Mute This Topic: https://lists.openembedded.org/mt/103722088/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Patchtest results for [v2][oe-core][PATCH 1/1] eudev: modify predictable network if name search
Thank you for your submission. Patchtest identified one or more issues with the patch. Please see the log below for more information: --- Testing patch /home/patchtest/share/mboxes/v2-1-1-eudev-modify-predictable-network-if-name-search.patch FAIL: test Upstream-Status presence: Upstream-Status is Submitted, but it is not mentioned where (test_patch.TestPatch.test_upstream_status_presence_format) PASS: pretest src uri left files (test_metadata.TestMetadata.pretest_src_uri_left_files) PASS: test CVE check ignore (test_metadata.TestMetadata.test_cve_check_ignore) PASS: test CVE tag format (test_patch.TestPatch.test_cve_tag_format) PASS: test Signed-off-by presence (test_mbox.TestMbox.test_signed_off_by_presence) PASS: test Signed-off-by presence (test_patch.TestPatch.test_signed_off_by_presence) PASS: test author valid (test_mbox.TestMbox.test_author_valid) PASS: test commit message presence (test_mbox.TestMbox.test_commit_message_presence) PASS: test lic files chksum modified not mentioned (test_metadata.TestMetadata.test_lic_files_chksum_modified_not_mentioned) PASS: test max line length (test_metadata.TestMetadata.test_max_line_length) PASS: test mbox format (test_mbox.TestMbox.test_mbox_format) PASS: test non-AUH upgrade (test_mbox.TestMbox.test_non_auh_upgrade) PASS: test shortlog format (test_mbox.TestMbox.test_shortlog_format) PASS: test shortlog length (test_mbox.TestMbox.test_shortlog_length) PASS: test src uri left files (test_metadata.TestMetadata.test_src_uri_left_files) SKIP: pretest pylint: No python related patches, skipping test (test_python_pylint.PyLint.pretest_pylint) SKIP: test bugzilla entry format: No bug ID found (test_mbox.TestMbox.test_bugzilla_entry_format) SKIP: test lic files chksum presence: No added recipes, skipping test (test_metadata.TestMetadata.test_lic_files_chksum_presence) SKIP: test license presence: No added recipes, skipping test (test_metadata.TestMetadata.test_license_presence) SKIP: test pylint: No python related patches, skipping test (test_python_pylint.PyLint.test_pylint) SKIP: test series merge on head: Merge test is disabled for now (test_mbox.TestMbox.test_series_merge_on_head) SKIP: test summary presence: No added recipes, skipping test (test_metadata.TestMetadata.test_summary_presence) SKIP: test target mailing list: Series merged, no reason to check other mailing lists (test_mbox.TestMbox.test_target_mailing_list) --- Please address the issues identified and submit a new revision of the patch, or alternatively, reply to this email with an explanation of why the patch should be accepted. If you believe these results are due to an error in patchtest, please submit a bug at https://bugzilla.yoctoproject.org/ (use the 'Patchtest' category under 'Yocto Project Subprojects'). For more information on specific failures, see: https://wiki.yoctoproject.org/wiki/Patchtest. Thank you! -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193944): https://lists.openembedded.org/g/openembedded-core/message/193944 Mute This Topic: https://lists.openembedded.org/mt/103792580/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[v2][oe-core][PATCH 1/1] eudev: modify predictable network if name search
From: Joe Slater
Consider a name based on mac address in addition to
those based on slot or path.
Note that as of this commit predictable naming is
suppressed by eudev, but can be enabled by removing
/etc/udev/rules.d/80-net-name-slot.rules from the
root filesystem.
Signed-off-by: Joe Slater
---
meta/recipes-core/udev/eudev/netifnames.patch | 17 +
meta/recipes-core/udev/eudev_3.2.14.bb| 2 ++
2 files changed, 19 insertions(+)
create mode 100644 meta/recipes-core/udev/eudev/netifnames.patch
diff --git a/meta/recipes-core/udev/eudev/netifnames.patch
b/meta/recipes-core/udev/eudev/netifnames.patch
new file mode 100644
index 00..11c4d92a32
--- /dev/null
+++ b/meta/recipes-core/udev/eudev/netifnames.patch
@@ -0,0 +1,17 @@
+eudev: consider ID_NET_NAME_MAC as an interface name
+
+eudev might not create names based on slot or path.
+
+Upstream-Status: Submitted - github.com/eudev-project/eudev/pull/274
+
+Signed-off-by: Joe Slater
+
+--- a/rules/80-net-name-slot.rules
b/rules/80-net-name-slot.rules
+@@ -10,5 +10,6 @@ ENV{net.ifnames}=="0", GOTO="net_name_sl
+ NAME=="", ENV{ID_NET_NAME_ONBOARD}!="", NAME="$env{ID_NET_NAME_ONBOARD}"
+ NAME=="", ENV{ID_NET_NAME_SLOT}!="", NAME="$env{ID_NET_NAME_SLOT}"
+ NAME=="", ENV{ID_NET_NAME_PATH}!="", NAME="$env{ID_NET_NAME_PATH}"
++NAME=="", ENV{ID_NET_NAME_MAC}!="", NAME="$env{ID_NET_NAME_MAC}"
+
+ LABEL="net_name_slot_end"
diff --git a/meta/recipes-core/udev/eudev_3.2.14.bb
b/meta/recipes-core/udev/eudev_3.2.14.bb
index d0758691bd..ddb3c3340f 100644
--- a/meta/recipes-core/udev/eudev_3.2.14.bb
+++ b/meta/recipes-core/udev/eudev_3.2.14.bb
@@ -10,6 +10,7 @@ DEPENDS = "gperf-native"
PROVIDES = "udev"
SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/${BP}.tar.gz \
+ file://netifnames.patch \
file://init \
file://local.rules \
"
@@ -50,6 +51,7 @@ do_install:append() {
# Use classic network interface naming scheme
touch ${D}${sysconfdir}/udev/rules.d/80-net-name-slot.rules
+
}
do_install:prepend:class-target () {
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#193943):
https://lists.openembedded.org/g/openembedded-core/message/193943
Mute This Topic: https://lists.openembedded.org/mt/103792325/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH 1/4] musl: doesn't support riscv32
On Wed, Jan 17, 2024 at 7:07 AM Ross Burton wrote:
>
> From: Ross Burton
>
> musl doesn't support riscv32, so set COMPATIBLE_HOST appropriately.
>
> Signed-off-by: Ross Burton
> ---
> meta/recipes-core/musl/musl.inc | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/meta/recipes-core/musl/musl.inc b/meta/recipes-core/musl/musl.inc
> index 66468e92ff0..6ca52b186a5 100644
> --- a/meta/recipes-core/musl/musl.inc
> +++ b/meta/recipes-core/musl/musl.inc
> @@ -25,6 +25,9 @@ MIPS_INSTRUCTION_SET = "mips"
> ARM_INSTRUCTION_SET:armv5 = "arm"
> ARM_INSTRUCTION_SET:armv4 = "arm"
>
> +# 1.2.4 doesn't support riscv32
> +COMPATIBLE_HOST:riscv32 = "null"
there is a port in meta-riscv for RV32 which is WIP for upstreaming.
I think it is better to direct folks to use meta-riscv until then
> +
> # Enable out of tree build
> B = "${WORKDIR}/build"
>
> --
> 2.34.1
>
>
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#193942):
https://lists.openembedded.org/g/openembedded-core/message/193942
Mute This Topic: https://lists.openembedded.org/mt/103787497/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH 2/2] openssl: Fix ptest dependencies on perl-module-* being ignored by COMPLEMENTARY_GLOB
Qi, according to the comments in the perl_5.38.2.bb recipe, perl-modules recommends "all the other perl packages" which might include optional packages. I assume leaving optional packages as "runtime recommended" (RRECOMMENDS) - aka. soft dependencies - can reduce the possibility of conflicts. The following patch changed the package_manager to ignore RRECOMMENDS to avoid conflict: https://lists.openembedded.org/g/openembedded-core/message/167303 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193941): https://lists.openembedded.org/g/openembedded-core/message/193941 Mute This Topic: https://lists.openembedded.org/mt/103766390/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH 2/4] libunwind: merge .inc and .bb
On 17 Jan 2024, at 17:19, Etienne Cordonnier wrote: > > Hi Ross, > I thought the main reason of having .inc files was to have a stable git > history, since the bb files get constantly renamed with each update? There > are many recipes using a split .inc file without a need for it, so I assumed > this is the standard codestyle of poky? Is it not the case? It originates from when openembedded had multiple versions for each recipe, to share logic. Some people say that it helps track history, but unless you put _only_ the checksums in the versioned file then you need to track the renamed file anyway, and git’s “—follow” option does a reasonable job. I don’t consider this a sufficient advantage considering the inconvenience of having a recipe split arbitrarily between two files. Ross -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193940): https://lists.openembedded.org/g/openembedded-core/message/193940 Mute This Topic: https://lists.openembedded.org/mt/103787498/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] native.bbclass: base_libdir unique from libdir
Use STAGING_BASE_LIBDIR_NATIVE for the value of base_libdir instead of
STAGING_LIBDIR_NATIVE. This will avoid conflicts between the two
directories.
Signed-off-by: William Hauser
---
meta/classes-recipe/native.bbclass | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/classes-recipe/native.bbclass
b/meta/classes-recipe/native.bbclass
index cfd299d0c8..84a3ec65da 100644
--- a/meta/classes-recipe/native.bbclass
+++ b/meta/classes-recipe/native.bbclass
@@ -77,7 +77,7 @@ exec_prefix = "${STAGING_DIR_NATIVE}${prefix_native}"
bindir = "${STAGING_BINDIR_NATIVE}"
sbindir = "${STAGING_SBINDIR_NATIVE}"
-base_libdir = "${STAGING_LIBDIR_NATIVE}"
+base_libdir = "${STAGING_BASE_LIBDIR_NATIVE}"
libdir = "${STAGING_LIBDIR_NATIVE}"
includedir = "${STAGING_INCDIR_NATIVE}"
sysconfdir = "${STAGING_ETCDIR_NATIVE}"
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#193939):
https://lists.openembedded.org/g/openembedded-core/message/193939
Mute This Topic: https://lists.openembedded.org/mt/103790614/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH 2/4] libunwind: merge .inc and .bb
Hi Ross,
I thought the main reason of having .inc files was to have a stable git
history, since the bb files get constantly renamed with each update? There
are many recipes using a split .inc file without a need for it, so I
assumed this is the standard codestyle of poky? Is it not the case?
Etienne
On Wed, Jan 17, 2024 at 4:07 PM Ross Burton wrote:
> From: Ross Burton
>
> There's no need to these to be split, so merge them together.
>
> Signed-off-by: Ross Burton
> ---
> meta/recipes-support/libunwind/libunwind.inc | 23 ---
> .../libunwind/libunwind_1.6.2.bb | 28 +--
> 2 files changed, 25 insertions(+), 26 deletions(-)
> delete mode 100644 meta/recipes-support/libunwind/libunwind.inc
>
> diff --git a/meta/recipes-support/libunwind/libunwind.inc
> b/meta/recipes-support/libunwind/libunwind.inc
> deleted file mode 100644
> index bf74f9fa3c7..000
> --- a/meta/recipes-support/libunwind/libunwind.inc
> +++ /dev/null
> @@ -1,23 +0,0 @@
> -SUMMARY = "Library for obtaining the call-chain of a program"
> -DESCRIPTION = "a portable and efficient C programming interface (API) to
> determine the call-chain of a program"
> -HOMEPAGE = "
> https://urldefense.proofpoint.com/v2/url?u=http-3A__www.nongnu.org_libunwind&d=DwIFAg&c=ncDTmphkJTvjIDPh0hpF_4vCHvabgGkICC2epckfdiw&r=AhkbNonVuMIGRfPx_Qj9TsRih1DULJTKUkSGa66m67E&m=P8pttzCM0snL4m0mo5VJm8mOnj0IfhCrI_TI3FJlan6TDSqW2WJLwYJEhK9Xwt3l&s=lWmWqF8G-xAViw4gogbniL5C4TmmC_Z-U_7q3yHJJe8&e=
> "
> -LICENSE = "MIT"
> -LIC_FILES_CHKSUM = "file://COPYING;md5=2d80c8ed4062b8339b715f90fa68cc9f"
> -DEPENDS += "libatomic-ops"
> -DEPENDS:append:libc-musl = " libucontext"
> -
> -inherit autotools multilib_header
> -
> -PACKAGECONFIG ??= ""
> -PACKAGECONFIG[lzma] = "--enable-minidebuginfo,--disable-minidebuginfo,xz"
> -PACKAGECONFIG[latexdocs] = "--enable-documentation,
> --disable-documentation, latex2man-native"
> -
> -EXTRA_OECONF:arm = "--enable-debug-frame"
> -EXTRA_OECONF:armeb = "--enable-debug-frame"
> -EXTRA_OECONF:aarch64 = "--enable-debug-frame"
> -
> -do_install:append () {
> - oe_multilib_header libunwind.h
> -}
> -
> -BBCLASSEXTEND = "native"
> diff --git a/meta/recipes-support/libunwind/libunwind_1.6.2.bb
> b/meta/recipes-support/libunwind/libunwind_1.6.2.bb
> index d67862608c1..650e2c9ec40 100644
> --- a/meta/recipes-support/libunwind/libunwind_1.6.2.bb
> +++ b/meta/recipes-support/libunwind/libunwind_1.6.2.bb
> @@ -1,4 +1,10 @@
> -require libunwind.inc
> +SUMMARY = "Library for obtaining the call-chain of a program"
> +DESCRIPTION = "a portable and efficient C programming interface (API) to
> determine the call-chain of a program"
> +HOMEPAGE = "
> https://urldefense.proofpoint.com/v2/url?u=http-3A__www.nongnu.org_libunwind&d=DwIFAg&c=ncDTmphkJTvjIDPh0hpF_4vCHvabgGkICC2epckfdiw&r=AhkbNonVuMIGRfPx_Qj9TsRih1DULJTKUkSGa66m67E&m=P8pttzCM0snL4m0mo5VJm8mOnj0IfhCrI_TI3FJlan6TDSqW2WJLwYJEhK9Xwt3l&s=lWmWqF8G-xAViw4gogbniL5C4TmmC_Z-U_7q3yHJJe8&e=
> "
> +LICENSE = "MIT"
> +LIC_FILES_CHKSUM = "file://COPYING;md5=2d80c8ed4062b8339b715f90fa68cc9f"
> +DEPENDS += "libatomic-ops"
> +DEPENDS:append:libc-musl = " libucontext"
>
> SRC_URI = "
> https://urldefense.proofpoint.com/v2/url?u=http-3A__download.savannah.nongnu.org_releases_libunwind_libunwind-2D-24-257BPV-257D.tar.gz&d=DwIFAg&c=ncDTmphkJTvjIDPh0hpF_4vCHvabgGkICC2epckfdiw&r=AhkbNonVuMIGRfPx_Qj9TsRih1DULJTKUkSGa66m67E&m=P8pttzCM0snL4m0mo5VJm8mOnj0IfhCrI_TI3FJlan6TDSqW2WJLwYJEhK9Xwt3l&s=DzppDAaiQpwcwHtq6BJCCnV8IRnwe8BOlE-V1z_AkfA&e=
> \
> file://0003-x86-Stub-out-x86_local_resume.patch \
> @@ -11,15 +17,31 @@ SRC_URI:append:libc-musl = "
> file://musl-header-conflict.patch"
>
> SRC_URI[sha256sum] =
> "4a6aec666991fb45d0889c44aede8ad6eb108071c3554fcdff671f9c94794976"
>
> +inherit autotools multilib_header
> +
> +COMPATIBLE_HOST:riscv32 = "null"
> +
> +PACKAGECONFIG ??= ""
> +PACKAGECONFIG[lzma] = "--enable-minidebuginfo,--disable-minidebuginfo,xz"
> +PACKAGECONFIG[latexdocs] = "--enable-documentation,
> --disable-documentation, latex2man-native"
> +
> +EXTRA_OECONF:arm = "--enable-debug-frame"
> +EXTRA_OECONF:armeb = "--enable-debug-frame"
> +EXTRA_OECONF:aarch64 = "--enable-debug-frame"
> +
> EXTRA_OECONF:append:libc-musl = " --disable-documentation --disable-tests
> --enable-static"
>
> #
> https://urldefense.proofpoint.com/v2/url?u=http-3A__errors.yoctoproject.org_Errors_Details_20487_&d=DwIFAg&c=ncDTmphkJTvjIDPh0hpF_4vCHvabgGkICC2epckfdiw&r=AhkbNonVuMIGRfPx_Qj9TsRih1DULJTKUkSGa66m67E&m=P8pttzCM0snL4m0mo5VJm8mOnj0IfhCrI_TI3FJlan6TDSqW2WJLwYJEhK9Xwt3l&s=SKDMc7SnpmHxBq9SlFgKMBVybrXAwMHEjQ5vnXg4nAA&e=
> ARM_INSTRUCTION_SET:armv4 = "arm"
> ARM_INSTRUCTION_SET:armv5 = "arm"
>
> -COMPATIBLE_HOST:riscv32 = "null"
> -
> LDFLAGS += "-Wl,-z,relro,-z,now ${@bb.utils.contains('DISTRO_FEATURES',
> 'ld-is-gold', ' -fuse-ld=bfd ', '', d)}"
>
> SECURITY_LDFLAGS:append:libc-musl = " -lssp_nonshared"
> CACHED_CONFIGUREVARS:append:libc-musl = " LDFLAGS='${LDFLAGS} -lucon
Patchtest results for [OE-core][kirkstone 3/7] sqlite3: backport patch for CVE-2023-7104
Thank you for your submission. Patchtest identified one or more issues with the patch. Please see the log below for more information: --- Testing patch /home/patchtest/share/mboxes/kirkstone-3-7-sqlite3-backport-patch-for-CVE-2023-7104.patch FAIL: test CVE check ignore: CVE_CHECK_IGNORE is deprecated and should be replaced by CVE_STATUS (test_metadata.TestMetadata.test_cve_check_ignore) PASS: pretest src uri left files (test_metadata.TestMetadata.pretest_src_uri_left_files) PASS: test CVE tag format (test_patch.TestPatch.test_cve_tag_format) PASS: test Signed-off-by presence (test_mbox.TestMbox.test_signed_off_by_presence) PASS: test Signed-off-by presence (test_patch.TestPatch.test_signed_off_by_presence) PASS: test Upstream-Status presence (test_patch.TestPatch.test_upstream_status_presence_format) PASS: test author valid (test_mbox.TestMbox.test_author_valid) PASS: test commit message presence (test_mbox.TestMbox.test_commit_message_presence) PASS: test lic files chksum modified not mentioned (test_metadata.TestMetadata.test_lic_files_chksum_modified_not_mentioned) PASS: test max line length (test_metadata.TestMetadata.test_max_line_length) PASS: test mbox format (test_mbox.TestMbox.test_mbox_format) PASS: test non-AUH upgrade (test_mbox.TestMbox.test_non_auh_upgrade) PASS: test shortlog format (test_mbox.TestMbox.test_shortlog_format) PASS: test shortlog length (test_mbox.TestMbox.test_shortlog_length) PASS: test src uri left files (test_metadata.TestMetadata.test_src_uri_left_files) SKIP: pretest pylint: No python related patches, skipping test (test_python_pylint.PyLint.pretest_pylint) SKIP: test bugzilla entry format: No bug ID found (test_mbox.TestMbox.test_bugzilla_entry_format) SKIP: test lic files chksum presence: No added recipes, skipping test (test_metadata.TestMetadata.test_lic_files_chksum_presence) SKIP: test license presence: No added recipes, skipping test (test_metadata.TestMetadata.test_license_presence) SKIP: test pylint: No python related patches, skipping test (test_python_pylint.PyLint.test_pylint) SKIP: test series merge on head: Merge test is disabled for now (test_mbox.TestMbox.test_series_merge_on_head) SKIP: test summary presence: No added recipes, skipping test (test_metadata.TestMetadata.test_summary_presence) SKIP: test target mailing list: Series merged, no reason to check other mailing lists (test_mbox.TestMbox.test_target_mailing_list) --- Please address the issues identified and submit a new revision of the patch, or alternatively, reply to this email with an explanation of why the patch should be accepted. If you believe these results are due to an error in patchtest, please submit a bug at https://bugzilla.yoctoproject.org/ (use the 'Patchtest' category under 'Yocto Project Subprojects'). For more information on specific failures, see: https://wiki.yoctoproject.org/wiki/Patchtest. Thank you! -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193935): https://lists.openembedded.org/g/openembedded-core/message/193935 Mute This Topic: https://lists.openembedded.org/mt/103789348/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Patchtest results for [OE-core][kirkstone 4/7] zlib: ignore CVE-2023-6992
Thank you for your submission. Patchtest identified one or more issues with the patch. Please see the log below for more information: --- Testing patch /home/patchtest/share/mboxes/kirkstone-4-7-zlib-ignore-CVE-2023-6992.patch FAIL: test CVE check ignore: CVE_CHECK_IGNORE is deprecated and should be replaced by CVE_STATUS (test_metadata.TestMetadata.test_cve_check_ignore) PASS: pretest src uri left files (test_metadata.TestMetadata.pretest_src_uri_left_files) PASS: test Signed-off-by presence (test_mbox.TestMbox.test_signed_off_by_presence) PASS: test author valid (test_mbox.TestMbox.test_author_valid) PASS: test commit message presence (test_mbox.TestMbox.test_commit_message_presence) PASS: test lic files chksum modified not mentioned (test_metadata.TestMetadata.test_lic_files_chksum_modified_not_mentioned) PASS: test max line length (test_metadata.TestMetadata.test_max_line_length) PASS: test mbox format (test_mbox.TestMbox.test_mbox_format) PASS: test non-AUH upgrade (test_mbox.TestMbox.test_non_auh_upgrade) PASS: test shortlog format (test_mbox.TestMbox.test_shortlog_format) PASS: test shortlog length (test_mbox.TestMbox.test_shortlog_length) PASS: test src uri left files (test_metadata.TestMetadata.test_src_uri_left_files) SKIP: pretest pylint: No python related patches, skipping test (test_python_pylint.PyLint.pretest_pylint) SKIP: test CVE tag format: No new CVE patches introduced (test_patch.TestPatch.test_cve_tag_format) SKIP: test Signed-off-by presence: No new CVE patches introduced (test_patch.TestPatch.test_signed_off_by_presence) SKIP: test Upstream-Status presence: No new CVE patches introduced (test_patch.TestPatch.test_upstream_status_presence_format) SKIP: test bugzilla entry format: No bug ID found (test_mbox.TestMbox.test_bugzilla_entry_format) SKIP: test lic files chksum presence: No added recipes, skipping test (test_metadata.TestMetadata.test_lic_files_chksum_presence) SKIP: test license presence: No added recipes, skipping test (test_metadata.TestMetadata.test_license_presence) SKIP: test pylint: No python related patches, skipping test (test_python_pylint.PyLint.test_pylint) SKIP: test series merge on head: Merge test is disabled for now (test_mbox.TestMbox.test_series_merge_on_head) SKIP: test summary presence: No added recipes, skipping test (test_metadata.TestMetadata.test_summary_presence) SKIP: test target mailing list: Series merged, no reason to check other mailing lists (test_mbox.TestMbox.test_target_mailing_list) --- Please address the issues identified and submit a new revision of the patch, or alternatively, reply to this email with an explanation of why the patch should be accepted. If you believe these results are due to an error in patchtest, please submit a bug at https://bugzilla.yoctoproject.org/ (use the 'Patchtest' category under 'Yocto Project Subprojects'). For more information on specific failures, see: https://wiki.yoctoproject.org/wiki/Patchtest. Thank you! -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193936): https://lists.openembedded.org/g/openembedded-core/message/193936 Mute This Topic: https://lists.openembedded.org/mt/103789349/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Patchtest results for [OE-core][kirkstone 6/7] cpio: upgrade to 2.14
Thank you for your submission. Patchtest identified one or more issues with the patch. Please see the log below for more information: --- Testing patch /home/patchtest/share/mboxes/kirkstone-6-7-cpio-upgrade-to-2.14.patch FAIL: test CVE check ignore: CVE_CHECK_IGNORE is deprecated and should be replaced by CVE_STATUS (test_metadata.TestMetadata.test_cve_check_ignore) FAIL: test CVE tag format: Missing or incorrectly formatted CVE tag in patch file. Correct or include the CVE tag in the patch with format: "CVE: CVE--" (test_patch.TestPatch.test_cve_tag_format) PASS: pretest src uri left files (test_metadata.TestMetadata.pretest_src_uri_left_files) PASS: test Signed-off-by presence (test_mbox.TestMbox.test_signed_off_by_presence) PASS: test Signed-off-by presence (test_patch.TestPatch.test_signed_off_by_presence) PASS: test Upstream-Status presence (test_patch.TestPatch.test_upstream_status_presence_format) PASS: test author valid (test_mbox.TestMbox.test_author_valid) PASS: test bugzilla entry format (test_mbox.TestMbox.test_bugzilla_entry_format) PASS: test commit message presence (test_mbox.TestMbox.test_commit_message_presence) PASS: test lic files chksum modified not mentioned (test_metadata.TestMetadata.test_lic_files_chksum_modified_not_mentioned) PASS: test max line length (test_metadata.TestMetadata.test_max_line_length) PASS: test mbox format (test_mbox.TestMbox.test_mbox_format) PASS: test non-AUH upgrade (test_mbox.TestMbox.test_non_auh_upgrade) PASS: test shortlog format (test_mbox.TestMbox.test_shortlog_format) PASS: test shortlog length (test_mbox.TestMbox.test_shortlog_length) PASS: test src uri left files (test_metadata.TestMetadata.test_src_uri_left_files) SKIP: pretest pylint: No python related patches, skipping test (test_python_pylint.PyLint.pretest_pylint) SKIP: test lic files chksum presence: No added recipes, skipping test (test_metadata.TestMetadata.test_lic_files_chksum_presence) SKIP: test license presence: No added recipes, skipping test (test_metadata.TestMetadata.test_license_presence) SKIP: test pylint: No python related patches, skipping test (test_python_pylint.PyLint.test_pylint) SKIP: test series merge on head: Merge test is disabled for now (test_mbox.TestMbox.test_series_merge_on_head) SKIP: test summary presence: No added recipes, skipping test (test_metadata.TestMetadata.test_summary_presence) SKIP: test target mailing list: Series merged, no reason to check other mailing lists (test_mbox.TestMbox.test_target_mailing_list) --- Please address the issues identified and submit a new revision of the patch, or alternatively, reply to this email with an explanation of why the patch should be accepted. If you believe these results are due to an error in patchtest, please submit a bug at https://bugzilla.yoctoproject.org/ (use the 'Patchtest' category under 'Yocto Project Subprojects'). For more information on specific failures, see: https://wiki.yoctoproject.org/wiki/Patchtest. Thank you! -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193937): https://lists.openembedded.org/g/openembedded-core/message/193937 Mute This Topic: https://lists.openembedded.org/mt/103789350/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Patchtest results for [OE-core][kirkstone 1/7] openssl: Backport fix for CVE-2023-6129
Thank you for your submission. Patchtest identified one or more issues with the patch. Please see the log below for more information: --- Testing patch /home/patchtest/share/mboxes/kirkstone-1-7-openssl-Backport-fix-for-CVE-2023-6129.patch FAIL: test CVE check ignore: CVE_CHECK_IGNORE is deprecated and should be replaced by CVE_STATUS (test_metadata.TestMetadata.test_cve_check_ignore) PASS: pretest src uri left files (test_metadata.TestMetadata.pretest_src_uri_left_files) PASS: test CVE tag format (test_patch.TestPatch.test_cve_tag_format) PASS: test Signed-off-by presence (test_mbox.TestMbox.test_signed_off_by_presence) PASS: test Signed-off-by presence (test_patch.TestPatch.test_signed_off_by_presence) PASS: test Upstream-Status presence (test_patch.TestPatch.test_upstream_status_presence_format) PASS: test author valid (test_mbox.TestMbox.test_author_valid) PASS: test commit message presence (test_mbox.TestMbox.test_commit_message_presence) PASS: test lic files chksum modified not mentioned (test_metadata.TestMetadata.test_lic_files_chksum_modified_not_mentioned) PASS: test max line length (test_metadata.TestMetadata.test_max_line_length) PASS: test mbox format (test_mbox.TestMbox.test_mbox_format) PASS: test non-AUH upgrade (test_mbox.TestMbox.test_non_auh_upgrade) PASS: test shortlog format (test_mbox.TestMbox.test_shortlog_format) PASS: test shortlog length (test_mbox.TestMbox.test_shortlog_length) PASS: test src uri left files (test_metadata.TestMetadata.test_src_uri_left_files) SKIP: pretest pylint: No python related patches, skipping test (test_python_pylint.PyLint.pretest_pylint) SKIP: test bugzilla entry format: No bug ID found (test_mbox.TestMbox.test_bugzilla_entry_format) SKIP: test lic files chksum presence: No added recipes, skipping test (test_metadata.TestMetadata.test_lic_files_chksum_presence) SKIP: test license presence: No added recipes, skipping test (test_metadata.TestMetadata.test_license_presence) SKIP: test pylint: No python related patches, skipping test (test_python_pylint.PyLint.test_pylint) SKIP: test series merge on head: Merge test is disabled for now (test_mbox.TestMbox.test_series_merge_on_head) SKIP: test summary presence: No added recipes, skipping test (test_metadata.TestMetadata.test_summary_presence) SKIP: test target mailing list: Series merged, no reason to check other mailing lists (test_mbox.TestMbox.test_target_mailing_list) --- Please address the issues identified and submit a new revision of the patch, or alternatively, reply to this email with an explanation of why the patch should be accepted. If you believe these results are due to an error in patchtest, please submit a bug at https://bugzilla.yoctoproject.org/ (use the 'Patchtest' category under 'Yocto Project Subprojects'). For more information on specific failures, see: https://wiki.yoctoproject.org/wiki/Patchtest. Thank you! -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193934): https://lists.openembedded.org/g/openembedded-core/message/193934 Mute This Topic: https://lists.openembedded.org/mt/103789346/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [kirkstone][PATCHv2] openssl: fix CVE-2023-6237 Excessive time spent checking invalid RSA public keys
On Wed, Jan 17, 2024 at 1:47 AM Hitendra Prajapati via
lists.openembedded.org
wrote:
>
> Upstream-Status: Backport from
> https://github.com/openssl/openssl/commit/e09fc1d746a4fd15bb5c3d7bbbab950aadd005db
>
> Signed-off-by: Hitendra Prajapati
> ---
> .../openssl/openssl/CVE-2023-6237.patch | 127 ++
> .../openssl/openssl_3.0.12.bb | 3 +-
> 2 files changed, 129 insertions(+), 1 deletion(-)
> create mode 100644
> meta/recipes-connectivity/openssl/openssl/CVE-2023-6237.patch
>
> diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2023-6237.patch
> b/meta/recipes-connectivity/openssl/openssl/CVE-2023-6237.patch
> new file mode 100644
> index 00..621dc6b0ab
> --- /dev/null
> +++ b/meta/recipes-connectivity/openssl/openssl/CVE-2023-6237.patch
> @@ -0,0 +1,127 @@
> +rom e09fc1d746a4fd15bb5c3d7bbbab950aadd005db Mon Sep 17 00:00:00 2001
> +From: Tomas Mraz
> +Date: Fri, 22 Dec 2023 16:25:56 +0100
> +Subject: [PATCH] Limit the execution time of RSA public key check
> +
> +Fixes CVE-2023-6237
> +
> +If a large and incorrect RSA public key is checked with
> +EVP_PKEY_public_check() the computation could take very long time
> +due to no limit being applied to the RSA public key size and
> +unnecessarily high number of Miller-Rabin algorithm rounds
> +used for non-primality check of the modulus.
> +
> +Now the keys larger than 16384 bits (OPENSSL_RSA_MAX_MODULUS_BITS)
> +will fail the check with RSA_R_MODULUS_TOO_LARGE error reason.
> +Also the number of Miller-Rabin rounds was set to 5.
> +
> +Reviewed-by: Neil Horman
> +Reviewed-by: Matt Caswell
> +(Merged from https://github.com/openssl/openssl/pull/23243)
> +
> +Upstream-Status: Backport
> [https://github.com/openssl/openssl/commit/e09fc1d746a4fd15bb5c3d7bbbab950aadd005db]
> +CVE: CVE-2023-6237
> +Signed-off-by: Hitendra Prajapati
> +---
> + crypto/rsa/rsa_sp800_56b_check.c | 8 +++-
> + test/recipes/91-test_pkey_check.t | 2 +-
> + .../91-test_pkey_check_data/rsapub_17k.pem| 48 +++
> + 3 files changed, 56 insertions(+), 2 deletions(-)
> + create mode 100644 test/recipes/91-test_pkey_check_data/rsapub_17k.pem
> +
> +diff --git a/crypto/rsa/rsa_sp800_56b_check.c
> b/crypto/rsa/rsa_sp800_56b_check.c
> +index fc8f19b..bcbdd24 100644
> +--- a/crypto/rsa/rsa_sp800_56b_check.c
> b/crypto/rsa/rsa_sp800_56b_check.c
> +@@ -289,6 +289,11 @@ int ossl_rsa_sp800_56b_check_public(const RSA *rsa)
> + return 0;
> +
> + nbits = BN_num_bits(rsa->n);
> ++if (nbits > OPENSSL_RSA_MAX_MODULUS_BITS) {
> ++ERR_raise(ERR_LIB_RSA, RSA_R_MODULUS_TOO_LARGE);
> ++return 0;
> ++}
> ++
> + #ifdef FIPS_MODULE
> + /*
> + * (Step a): modulus must be 2048 or 3072 (caveat from SP800-56Br1)
> +@@ -324,7 +329,8 @@ int ossl_rsa_sp800_56b_check_public(const RSA *rsa)
> + goto err;
> + }
> +
> +-ret = ossl_bn_miller_rabin_is_prime(rsa->n, 0, ctx, NULL, 1, &status);
> ++/* Highest number of MR rounds from FIPS 186-5 Section B.3 Table B.1 */
> ++ret = ossl_bn_miller_rabin_is_prime(rsa->n, 5, ctx, NULL, 1, &status);
> + #ifdef FIPS_MODULE
> + if (ret != 1 || status != BN_PRIMETEST_COMPOSITE_NOT_POWER_OF_PRIME) {
> + #else
> +diff --git a/test/recipes/91-test_pkey_check.t
> b/test/recipes/91-test_pkey_check.t
> +index dc7cc64..f8088df 100644
> +--- a/test/recipes/91-test_pkey_check.t
> b/test/recipes/91-test_pkey_check.t
> +@@ -70,7 +70,7 @@ push(@positive_tests, (
> + "dhpkey.pem"
> + )) unless disabled("dh");
> +
> +-my @negative_pubtests = ();
> ++my @negative_pubtests = ("rsapub_17k.pem"); # Too big RSA public key
> +
> + push(@negative_pubtests, (
> + "dsapub_noparam.der"
> +diff --git a/test/recipes/91-test_pkey_check_data/rsapub_17k.pem
> b/test/recipes/91-test_pkey_check_data/rsapub_17k.pem
> +new file mode 100644
> +index 000..9a2eaed
> +--- /dev/null
> b/test/recipes/91-test_pkey_check_data/rsapub_17k.pem
> +@@ -0,0 +1,48 @@
> ++-BEGIN PUBLIC KEY-
> ++MIIIbzANBgkqhkiG9w0BAQEFAAOCCFwAMIIIVwKCCE4Ang+cE5H+hg3RbapDAHqR
> ++B9lUnp2MlAwsZxQ/FhYepaR60bFQeumbu7817Eo5YLMObVI99hF1C4u/qcpD4Jph
> ++gZt87/JAYDbP+DIh/5gUXCL9m5Fp4u7mvZaZdnlcftBvR1uKUTCAwc9pZ/Cfr8W2
> ++GzrRODzsNYnk2DcZMfe2vRDuDZRopE+Y+I72rom2SZLxoN547N1daM/M/CL9KVQ/
> ++XMI/YOpJrBI0jI3brMRhLkvLckwies9joufydlGbJkeil9H7/grj3fQZtFkZ2Pkj
> ++b87XDzRVX7wsEpAgPJxskL3jApokCp1kQYKG+Uc3dKM9Ade6IAPK7VKcmbAQTYw2
> ++gZxsc28dtstazmfGz0ACCTSMrmbgWAM3oPL7RRzhrXDWgmYQ0jHefGh8SNTIgtPq
> ++TuHxPYkDMQNaf0LmDGCxqlnf4b5ld3YaU8zZ/RqIRx5v/+w0rJUvU53qY1bYSnL1
> ++vbqKSnN2mip0GYyQ4AUgkS1NBV4rGYU/VTvzEjLfkg02KOtHKandvEoUjmZPzCT0
> ++V2ZhGc8K1UJNGYlIiHqCdwCBoghvly/pYajTkDXyd6BsukzA5H3IkZB1xDgl035j
> ++/0Cr7QeZLEOdi9fPdSSaBT6OmD0WFuZfJF0wMr7ucRhWzPXvSensD9v7MBE7tNfH
> ++SLeTSx8tLt8UeWriiM+0CnkPR1IOqMOxubOyf1eV8NQqEWm5wEQG/0IskbOKnaHa
> ++PqLFJZn/bvyL3XK5OxVIJG3z6bnRDOMS9SzkjqgPdIO8tkySEHVSi/6iuGUltx3Y
> ++Fmq6ye/r34ekyHPbfn6UuTON7joM6SIXb5bHM64x4iMVW
Re: [OE-core] [PATCH] swig: upgrade 4.1.1 -> 4.2.0
On Wed, Jan 17, 2024 at 6:54 AM Alexandre Belloni via
lists.openembedded.org
wrote:
>
> Hello,
>
> This causes failures on the autobuilders:
> https://autobuilder.yoctoproject.org/typhoon/#/builders/117/builds/4241/steps/12/logs/stdio
> https://autobuilder.yoctoproject.org/typhoon/#/builders/64/builds/8438/steps/11/logs/stdio
> https://autobuilder.yoctoproject.org/typhoon/#/builders/45/builds/8470/steps/11/logs/stdio
> https://autobuilder.yoctoproject.org/typhoon/#/builders/40/builds/8446/steps/11/logs/stdio
> https://autobuilder.yoctoproject.org/typhoon/#/builders/52/builds/8314/steps/12/logs/stdio
> https://autobuilder.yoctoproject.org/typhoon/#/builders/108/builds/5592/steps/11/logs/stdio
>
yes I also see this
bindings/python3/../src/capng_swig.i:33: Error: Unknown directive '%except'.
compiling libcap-ng-python which is related to this.
>
> On 15/01/2024 17:27:54+0800, wangmy wrote:
> > From: Wang Mingyu
> >
> > 0001-Use-proc-self-exe-for-swig-swiglib-on-non-Win32-plat.patch
> > 0001-configure-use-pkg-config-for-pcre-detection.patch
> > determinism.patch
> > refreshed for 4.2.0
> >
> > Changelog:
> >
> > -Various template wrapping improvements: template template parameters,
> > variadic templates, partially specialized templates, const template
> > parameters and improved error checking instantiating templates.
> > -Improved decltype() support for expressions.
> > -C++14 auto without trailing return type and C++11 auto variables.
> > -Numerous C++ using declarations improvements.
> > -Numerous fixes for constructors, destructors and assignment operators:
> > implicit, default and deleted and related non-assignable variable
> > wrappers.
> > -STL: std::array and std::map improvements, std::string_view support
> > added.
> > -Various C preprocessor improvements.
> > -Various issues fixed to do with architecture specific long type.
> > -Various Doxygen improvements.
> > -D1/Tango support removed. D2/Phobos is now the supported D version
> > and SWIG now generates code which works with recent D2 releases.
> > -New Javascript generator targeting Node.js binary stable ABI Node-API.
> > -Octave 8.1 support added.
> > -PHP7 support removed, PHP8 is now the supported PHP version.
> > -Python STL container wrappers now use the Python Iterator Protocol.
> > -Python stable ABI support added.
> > -Python 3.12 support added.
> > -Ruby 3.2 and 3.3 support.
> > -Scilab 2023.* support added.
> > -Various minor enhancements for C#, Go, Guile, Javascript, Lua, Ocaml,
> > Perl, PHP, R, Racket, Ruby, Scilab and Tcl.
> > -A number of deprecated features have been removed.
> >
> > Signed-off-by: Wang Mingyu
> > ---
> > ...self-exe-for-swig-swiglib-on-non-Win32-plat.patch | 10 ++
> > ...configure-use-pkg-config-for-pcre-detection.patch | 6 +++---
> > meta/recipes-devtools/swig/swig/determinism.patch| 12 +++-
> > .../swig/{swig_4.1.1.bb => swig_4.2.0.bb}| 2 +-
> > 4 files changed, 21 insertions(+), 9 deletions(-)
> > rename meta/recipes-devtools/swig/{swig_4.1.1.bb => swig_4.2.0.bb} (72%)
> >
> > diff --git
> > a/meta/recipes-devtools/swig/swig/0001-Use-proc-self-exe-for-swig-swiglib-on-non-Win32-plat.patch
> >
> > b/meta/recipes-devtools/swig/swig/0001-Use-proc-self-exe-for-swig-swiglib-on-non-Win32-plat.patch
> > index f27f80ea18..3f9c298430 100644
> > ---
> > a/meta/recipes-devtools/swig/swig/0001-Use-proc-self-exe-for-swig-swiglib-on-non-Win32-plat.patch
> > +++
> > b/meta/recipes-devtools/swig/swig/0001-Use-proc-self-exe-for-swig-swiglib-on-non-Win32-plat.patch
> > @@ -1,4 +1,4 @@
> > -From a4a0440a644c6c5e5da096efe3cf05ba309a284f Mon Sep 17 00:00:00 2001
> > +From ca02368e2fcb469649534e00eeb21a3c86300f1e Mon Sep 17 00:00:00 2001
> > From: "NODA, Kai"
> > Date: Sun, 22 Apr 2012 17:01:02 +0900
> > Subject: [PATCH] Use /proc/self/exe for "swig -swiglib" on non-Win32
> > @@ -10,9 +10,11 @@ Upstream-Status: Submitted
> > http://sourceforge.net/mailarchive/message.php?msg_id=29179733
> >
> > ---
> > - Source/Modules/main.cxx | 24 ++--
> > + Source/Modules/main.cxx | 24 ++--
> > 1 file changed, 22 insertions(+), 2 deletions(-)
> >
> > +diff --git a/Source/Modules/main.cxx b/Source/Modules/main.cxx
> > +index 8a44921..8250dee 100644
> > --- a/Source/Modules/main.cxx
> > +++ b/Source/Modules/main.cxx
> > @@ -25,6 +25,11 @@
> > @@ -27,7 +29,7 @@
> > http://sourceforge.net/mailarchive/message.php?msg_id=29179733
> >
> > // Global variables
> >
> > -@@ -934,9 +939,9 @@ int SWIG_main(int argc, char *argv[], co
> > +@@ -886,9 +891,9 @@ int SWIG_main(int argc, char *argv[], const
> > TargetLanguageModule *tlm) {
> >
> > // Check for SWIG_LIB environment variable
> > if ((c = getenv("SWIG_LIB")) == (char *) 0) {
> > @@ -38,7 +40,7 @@
> > http://sourceforge.net/mailarchive/message.php?msg_id=29179733
> > if (!(GetModuleFileName(0, buf, MAX_PATH) == 0 || (p = strrchr(buf,
> > '\\')) == 0)) {
> >
[OE-core][kirkstone 7/7] pybootchartgui: fix 2 SyntaxWarnings
From: Martin Jansa scripts/pybootchartgui/pybootchartgui/draw.py:820: SyntaxWarning: "is not" with a literal. Did you mean "!="? if (OPTIONS.show_pid or OPTIONS.show_all) and ipid is not 0: scripts/pybootchartgui/pybootchartgui/draw.py:918: SyntaxWarning: "is not" with a literal. Did you mean "!="? if i is not 0: Signed-off-by: Martin Jansa Signed-off-by: Luca Ceresoli (cherry picked from commit 8d996616f0ca57220d939a41ca9ba6d696ea2a4f) Signed-off-by: Jose Quaresma Signed-off-by: Steve Sakoman --- scripts/pybootchartgui/pybootchartgui/draw.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/pybootchartgui/pybootchartgui/draw.py b/scripts/pybootchartgui/pybootchartgui/draw.py index 707e7fe427..ce3af74e2b 100644 --- a/scripts/pybootchartgui/pybootchartgui/draw.py +++ b/scripts/pybootchartgui/pybootchartgui/draw.py @@ -703,7 +703,7 @@ def draw_processes_recursively(ctx, proc, proc_tree, y, proc_h, rect, clip) : cmdString = proc.cmd else: cmdString = '' -if (OPTIONS.show_pid or OPTIONS.show_all) and ipid is not 0: +if (OPTIONS.show_pid or OPTIONS.show_all) and ipid != 0: cmdString = cmdString + " [" + str(ipid // 1000) + "]" if OPTIONS.show_all: if proc.args: @@ -801,7 +801,7 @@ class CumlSample: if self.color is None: i = self.next() % HSV_MAX_MOD h = 0.0 -if i is not 0: +if i != 0: h = (1.0 * i) / HSV_MAX_MOD s = 0.5 v = 1.0 -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193931): https://lists.openembedded.org/g/openembedded-core/message/193931 Mute This Topic: https://lists.openembedded.org/mt/103788791/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 6/7] cpio: upgrade to 2.14
From: Soumya Sambu
This includes fix for CVE-2023-7207.
Drop all submitted patches.
Apply a patch from git to fix the build with clang.
[ YOCTO #11674 ]
$git log --oneline release_2_13..v2.14
4a41909 (HEAD, tag: v2.14) Version 2.14
6f9e5d3 Update NEWS
807b3ea Use GNU ls algorithm for deciding timestamp format
19219d1 Fix integer overflows in timestamp output
ed28f14 Whitespace cleanup
4ab2813 Update version of gnulib
0987d63 Fix appending to archives bigger than 2G
1df0062 Fix combination of --create, --append, --directory
6a94d5e New option --ignore-dirnlink
376d663 Fix 45b0ee2b407913c533f7ded8d6f8cbeec16ff6ca.
beba8c0 Require automake 1.16.5
70fffa7 Update for newer autotools
a1b2f78 Fix calculation of CRC in copy-out mode.
18ea636 Upgrade gnulib
1a61f62 Update copyright years
a1c97c8 Fix wording in the manpage
97fab48 Update copyright years
86dacfe Remove redundant condition check
4d16930 Use inttostr to represent integer values as strings
236684f Fix dynamic string reallocations
dfc801c Fix previous commit
dd96882 Rewrite dynamic string support.
269d204 Improve online version of the documentation.
7dd8ba9 Update gnulib
905907c Update copyright years
4a78d77 Formatting changes in the documentation.
9fe8494 Update copyright years
641d3f4 Minor fix * src/global.c: Remove superfluous declaration of program_name
0c4ffde Fix handling of device numbers (part 2)
df55fb1 Fix handling of device numbers on copy out.
b1c8583 Improve 684b7ac5
684b7ac Fix cpio header verification.
Signed-off-by: Soumya Sambu
Signed-off-by: Steve Sakoman
---
...charset_alias-when-building-for-musl.patch | 30 -
...ove-superfluous-declaration-of-progr.patch | 28 -
...-calculation-of-CRC-in-copy-out-mode.patch | 58 --
...appending-to-archives-bigger-than-2G.patch | 312 --
.../cpio/cpio-2.13/CVE-2021-38185.patch | 581 --
.../cpio/{cpio_2.13.bb => cpio_2.14.bb} | 9 +-
...e-needed-header-for-major-minor-macr.patch | 47 ++
7 files changed, 49 insertions(+), 1016 deletions(-)
delete mode 100644
meta/recipes-extended/cpio/cpio-2.13/0001-Unset-need_charset_alias-when-building-for-musl.patch
delete mode 100644
meta/recipes-extended/cpio/cpio-2.13/0002-src-global.c-Remove-superfluous-declaration-of-progr.patch
delete mode 100644
meta/recipes-extended/cpio/cpio-2.13/0003-Fix-calculation-of-CRC-in-copy-out-mode.patch
delete mode 100644
meta/recipes-extended/cpio/cpio-2.13/0004-Fix-appending-to-archives-bigger-than-2G.patch
delete mode 100644 meta/recipes-extended/cpio/cpio-2.13/CVE-2021-38185.patch
rename meta/recipes-extended/cpio/{cpio_2.13.bb => cpio_2.14.bb} (74%)
create mode 100644
meta/recipes-extended/cpio/files/0001-configure-Include-needed-header-for-major-minor-macr.patch
diff --git
a/meta/recipes-extended/cpio/cpio-2.13/0001-Unset-need_charset_alias-when-building-for-musl.patch
b/meta/recipes-extended/cpio/cpio-2.13/0001-Unset-need_charset_alias-when-building-for-musl.patch
deleted file mode 100644
index 6ae213942c..00
---
a/meta/recipes-extended/cpio/cpio-2.13/0001-Unset-need_charset_alias-when-building-for-musl.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From b9565dc2fe0c4f7daaec91b7e83bc7313dee2f4a Mon Sep 17 00:00:00 2001
-From: Khem Raj
-Date: Mon, 13 Apr 2015 17:02:13 -0700
-Subject: [PATCH] Unset need_charset_alias when building for musl
-
-localcharset uses ac_cv_gnu_library_2_1 from glibc21.m4
-which actually shoudl be fixed in gnulib and then all downstream
-projects will get it eventually. For now we apply the fix to
-coreutils
-
-Upstream-Status: Pending
-
-Signed-off-by: Khem Raj
- lib/gnulib.mk | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-Index: cpio-2.11/gnu/Makefile.am
-===
cpio-2.11.orig/gnu/Makefile.am
-+++ cpio-2.11/gnu/Makefile.am
-@@ -734,7 +734,7 @@ install-exec-localcharset: all-local
- case '$(host_os)' in \
- darwin[56]*) \
- need_charset_alias=true ;; \
-- darwin* | cygwin* | mingw* | pw32* | cegcc*) \
-+ darwin* | cygwin* | mingw* | pw32* | cegcc* | linux-musl*) \
- need_charset_alias=false ;; \
- *) \
- need_charset_alias=true ;; \
diff --git
a/meta/recipes-extended/cpio/cpio-2.13/0002-src-global.c-Remove-superfluous-declaration-of-progr.patch
b/meta/recipes-extended/cpio/cpio-2.13/0002-src-global.c-Remove-superfluous-declaration-of-progr.patch
deleted file mode 100644
index 478324c1c4..00
---
a/meta/recipes-extended/cpio/cpio-2.13/0002-src-global.c-Remove-superfluous-declaration-of-progr.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 33e6cb5a28fab3d99bd6818f8c01e6f33805390f Mon Sep 17 00:00:00 2001
-From: Sergey Poznyakoff
-Date: Mon, 20 Jan 2020 07:45:39 +0200
-Subject: [PATCH] src/global.c: Remove superfluous declaration of program_name
-
-Upstream-Status: Backport (commit 641d3f4)
-Signed-off-by: Richard Leitner
- src/global.c | 3 ---
- 1 file ch
[OE-core][kirkstone 5/7] systemd: fix CVE-2023-7008
From: Hitendra Prajapati Upstream-Status: Backport from https://github.com/systemd/systemd/commit/3b4cc1437b51fcc0b08da8cc3f5d1175eed25eb1 Signed-off-by: Hitendra Prajapati Signed-off-by: Steve Sakoman --- .../systemd/systemd/CVE-2023-7008.patch | 40 +++ meta/recipes-core/systemd/systemd_250.5.bb| 1 + 2 files changed, 41 insertions(+) create mode 100644 meta/recipes-core/systemd/systemd/CVE-2023-7008.patch diff --git a/meta/recipes-core/systemd/systemd/CVE-2023-7008.patch b/meta/recipes-core/systemd/systemd/CVE-2023-7008.patch new file mode 100644 index 00..e2296abc49 --- /dev/null +++ b/meta/recipes-core/systemd/systemd/CVE-2023-7008.patch @@ -0,0 +1,40 @@ +From 3b4cc1437b51fcc0b08da8cc3f5d1175eed25eb1 Mon Sep 17 00:00:00 2001 +From: Michal Sekletar +Date: Wed, 20 Dec 2023 16:44:14 +0100 +Subject: [PATCH] resolved: actually check authenticated flag of SOA + transaction + +Fixes #25676 + +Upstream-Status: Backport [https://github.com/systemd/systemd/commit/3b4cc1437b51fcc0b08da8cc3f5d1175eed25eb1] +CVE: CVE-2023-7008 +Signed-off-by: Hitendra Prajapati +--- + src/resolve/resolved-dns-transaction.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c +index f937f9f7b5..7deb598400 100644 +--- a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c +@@ -2761,7 +2761,7 @@ static int dns_transaction_requires_rrsig(DnsTransaction *t, DnsResourceRecord * + if (r == 0) + continue; + +-return FLAGS_SET(t->answer_query_flags, SD_RESOLVED_AUTHENTICATED); ++return FLAGS_SET(dt->answer_query_flags, SD_RESOLVED_AUTHENTICATED); + } + + return true; +@@ -2788,7 +2788,7 @@ static int dns_transaction_requires_rrsig(DnsTransaction *t, DnsResourceRecord * + /* We found the transaction that was supposed to find the SOA RR for us. It was + * successful, but found no RR for us. This means we are not at a zone cut. In this + * case, we require authentication if the SOA lookup was authenticated too. */ +-return FLAGS_SET(t->answer_query_flags, SD_RESOLVED_AUTHENTICATED); ++return FLAGS_SET(dt->answer_query_flags, SD_RESOLVED_AUTHENTICATED); + } + + return true; +-- +2.25.1 + diff --git a/meta/recipes-core/systemd/systemd_250.5.bb b/meta/recipes-core/systemd/systemd_250.5.bb index c35557471a..889473ee1f 100644 --- a/meta/recipes-core/systemd/systemd_250.5.bb +++ b/meta/recipes-core/systemd/systemd_250.5.bb @@ -32,6 +32,7 @@ SRC_URI += "file://touchscreen.rules \ file://CVE-2022-4415-2.patch \ file://0001-network-remove-only-managed-configs-on-reconfigure-o.patch \ file://0001-nspawn-make-sure-host-root-can-write-to-the-uidmappe.patch \ + file://CVE-2023-7008.patch \ " # patches needed by musl -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193929): https://lists.openembedded.org/g/openembedded-core/message/193929 Mute This Topic: https://lists.openembedded.org/mt/103788786/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 4/7] zlib: ignore CVE-2023-6992
From: Peter Marko
This CVE is for iCPE cloudflare:zlib.
Alternative to ignoring would be to limit CVE_PRODUCT, but
historic CVEs already have two - gnu:zlib and zlib:zlib.
So limiting it could miss future CVEs.
Signed-off-by: Peter Marko
Signed-off-by: Steve Sakoman
---
meta/recipes-core/zlib/zlib_1.2.11.bb | 3 +++
1 file changed, 3 insertions(+)
diff --git a/meta/recipes-core/zlib/zlib_1.2.11.bb
b/meta/recipes-core/zlib/zlib_1.2.11.bb
index d75474dcb6..393ac61e3d 100644
--- a/meta/recipes-core/zlib/zlib_1.2.11.bb
+++ b/meta/recipes-core/zlib/zlib_1.2.11.bb
@@ -54,3 +54,6 @@ do_install:append:class-target() {
}
BBCLASSEXTEND = "native nativesdk"
+
+# this CVE is for cloudflare zlib
+CVE_CHECK_IGNORE += "CVE-2023-6992"
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#193928):
https://lists.openembedded.org/g/openembedded-core/message/193928
Mute This Topic: https://lists.openembedded.org/mt/103788767/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 3/7] sqlite3: backport patch for CVE-2023-7104
From: Peter Marko
Backport https://sqlite.org/src/info/0e4e7a05c4204b47
Signed-off-by: Peter Marko
Signed-off-by: Steve Sakoman
---
.../sqlite/files/CVE-2023-7104.patch | 44 +++
meta/recipes-support/sqlite/sqlite3_3.38.5.bb | 1 +
2 files changed, 45 insertions(+)
create mode 100644 meta/recipes-support/sqlite/files/CVE-2023-7104.patch
diff --git a/meta/recipes-support/sqlite/files/CVE-2023-7104.patch
b/meta/recipes-support/sqlite/files/CVE-2023-7104.patch
new file mode 100644
index 00..25c6ba017c
--- /dev/null
+++ b/meta/recipes-support/sqlite/files/CVE-2023-7104.patch
@@ -0,0 +1,44 @@
+From 09f1652f36c5c4e8a6a640ce887f9ea0f48a7958 Mon Sep 17 00:00:00 2001
+From: dan
+Date: Thu, 7 Sep 2023 13:53:09 +
+Subject: [PATCH] Fix a buffer overread in the sessions extension that could
+ occur when processing a corrupt changeset.
+
+Upstream-Status: Backport [https://sqlite.org/src/info/0e4e7a05c4204b47]
+CVE: CVE-2022-46908
+Signed-off-by: Peter Marko
+---
+ sqlite3.c | 18 +++---
+ 1 file changed, 11 insertions(+), 7 deletions(-)
+
+diff --git a/ext/session/sqlite3session.c b/ext/session/sqlite3session.c
+index 9f862f2465..0491549231 100644
+--- a/sqlite3.c
b/sqlite3.c
+@@ -213482,15 +213482,19 @@ static int sessionReadRecord(
+ }
+ }
+ if( eType==SQLITE_INTEGER || eType==SQLITE_FLOAT ){
+-sqlite3_int64 v = sessionGetI64(aVal);
+-if( eType==SQLITE_INTEGER ){
+- sqlite3VdbeMemSetInt64(apOut[i], v);
++if( (pIn->nData-pIn->iNext)<8 ){
++ rc = SQLITE_CORRUPT_BKPT;
+ }else{
+- double d;
+- memcpy(&d, &v, 8);
+- sqlite3VdbeMemSetDouble(apOut[i], d);
++ sqlite3_int64 v = sessionGetI64(aVal);
++ if( eType==SQLITE_INTEGER ){
++sqlite3VdbeMemSetInt64(apOut[i], v);
++ }else{
++double d;
++memcpy(&d, &v, 8);
++sqlite3VdbeMemSetDouble(apOut[i], d);
++ }
++ pIn->iNext += 8;
+ }
+-pIn->iNext += 8;
+ }
+ }
+ }
diff --git a/meta/recipes-support/sqlite/sqlite3_3.38.5.bb
b/meta/recipes-support/sqlite/sqlite3_3.38.5.bb
index 55cc514412..cece207eae 100644
--- a/meta/recipes-support/sqlite/sqlite3_3.38.5.bb
+++ b/meta/recipes-support/sqlite/sqlite3_3.38.5.bb
@@ -7,6 +7,7 @@ SRC_URI =
"http://www.sqlite.org/2022/sqlite-autoconf-${SQLITE_PV}.tar.gz \
file://0001-sqlite-Increased-the-size-of-loop-variables-in-the-printf-implementation.patch
\
file://CVE-2022-46908.patch \
file://CVE-2023-36191.patch \
+ file://CVE-2023-7104.patch \
"
SRC_URI[sha256sum] =
"5af07de982ba658fd91a03170c945f99c971f6955bc79df3266544373e39869c"
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#193927):
https://lists.openembedded.org/g/openembedded-core/message/193927
Mute This Topic: https://lists.openembedded.org/mt/103788748/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 2/7] Revert "curl: Backport fix CVE-2023-32001"
From: Poonam Jadhav
This reverts commit 5eab65275dc9faa0b9a4371d5bcb6e95cfda61cd.
CVE-2023-32001 has been marked "REJECT" in the NVD CVE List as
there is no safe measure against it.
These CVEs are stored in the NVD, but do not show up in search results.
Link: https://nvd.nist.gov/vuln/detail/CVE-2023-32001
Signed-off-by: Poonam Jadhav poonam.jad...@kpit.com
Signed-off-by: Steve Sakoman
---
.../curl/curl/CVE-2023-32001.patch| 39 ---
meta/recipes-support/curl/curl_7.82.0.bb | 1 -
2 files changed, 40 deletions(-)
delete mode 100644 meta/recipes-support/curl/curl/CVE-2023-32001.patch
diff --git a/meta/recipes-support/curl/curl/CVE-2023-32001.patch
b/meta/recipes-support/curl/curl/CVE-2023-32001.patch
deleted file mode 100644
index 7ea3073755..00
--- a/meta/recipes-support/curl/curl/CVE-2023-32001.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From 0c667188e0c6cda615a036b8a2b4125f2c404dde Mon Sep 17 00:00:00 2001
-From: SaltyMilk
-Date: Mon, 10 Jul 2023 21:43:28 +0200
-Subject: [PATCH] fopen: optimize
-
-Closes #11419
-
-Upstream-Status: Backport
[https://github.com/curl/curl/commit/0c667188e0c6cda615a036b8a2b4125f2c404dde]
-CVE: CVE-2023-32001
-Signed-off-by: Ashish Sharma
-
-
- lib/fopen.c | 12 ++--
- 1 file changed, 6 insertions(+), 6 deletions(-)
-
-diff --git a/lib/fopen.c b/lib/fopen.c
-index c9c9e3d6e73a2..b6e3cadddef65 100644
a/lib/fopen.c
-+++ b/lib/fopen.c
-@@ -56,13 +56,13 @@ CURLcode Curl_fopen(struct Curl_easy *data, const char
*filename,
- int fd = -1;
- *tempname = NULL;
-
-- if(stat(filename, &sb) == -1 || !S_ISREG(sb.st_mode)) {
--/* a non-regular file, fallback to direct fopen() */
--*fh = fopen(filename, FOPEN_WRITETEXT);
--if(*fh)
-- return CURLE_OK;
-+ *fh = fopen(filename, FOPEN_WRITETEXT);
-+ if(!*fh)
- goto fail;
-- }
-+ if(fstat(fileno(*fh), &sb) == -1 || !S_ISREG(sb.st_mode))
-+return CURLE_OK;
-+ fclose(*fh);
-+ *fh = NULL;
-
- result = Curl_rand_hex(data, randsuffix, sizeof(randsuffix));
- if(result)
diff --git a/meta/recipes-support/curl/curl_7.82.0.bb
b/meta/recipes-support/curl/curl_7.82.0.bb
index a36d03f668..9e9ff00bf7 100644
--- a/meta/recipes-support/curl/curl_7.82.0.bb
+++ b/meta/recipes-support/curl/curl_7.82.0.bb
@@ -51,7 +51,6 @@ SRC_URI = "https://curl.se/download/${BP}.tar.xz \
file://CVE-2023-28321.patch \
file://CVE-2023-28322-1.patch \
file://CVE-2023-28322-2.patch \
- file://CVE-2023-32001.patch \
file://CVE-2023-38545.patch \
file://CVE-2023-38546.patch \
file://CVE-2023-46218.patch \
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#193926):
https://lists.openembedded.org/g/openembedded-core/message/193926
Mute This Topic: https://lists.openembedded.org/mt/103788746/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 1/7] openssl: Backport fix for CVE-2023-6129
From: Vivek Kumbhar
Upstream-Status: Backport
[https://github.com/openssl/openssl/commit/8d847a3ffd4f0b17ee33962cf69c36224925b34f]
Signed-off-by: Vivek Kumbhar
Signed-off-by: Steve Sakoman
---
.../openssl/openssl/CVE-2023-6129.patch | 113 ++
.../openssl/openssl_3.0.12.bb | 1 +
2 files changed, 114 insertions(+)
create mode 100644
meta/recipes-connectivity/openssl/openssl/CVE-2023-6129.patch
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2023-6129.patch
b/meta/recipes-connectivity/openssl/openssl/CVE-2023-6129.patch
new file mode 100644
index 00..c5749e1874
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/CVE-2023-6129.patch
@@ -0,0 +1,113 @@
+From 8d847a3ffd4f0b17ee33962cf69c36224925b34f Mon Sep 17 00:00:00 2001
+From: Rohan McLure
+Date: Thu, 4 Jan 2024 10:25:50 +0100
+Subject: [PATCH] poly1305-ppc.pl: Fix vector register clobbering
+
+Fixes CVE-2023-6129
+
+The POLY1305 MAC (message authentication code) implementation in OpenSSL for
+PowerPC CPUs saves the the contents of vector registers in different order
+than they are restored. Thus the contents of some of these vector registers
+is corrupted when returning to the caller. The vulnerable code is used only
+on newer PowerPC processors supporting the PowerISA 2.07 instructions.
+
+Reviewed-by: Matt Caswell
+Reviewed-by: Richard Levitte
+Reviewed-by: Tomas Mraz
+(Merged from https://github.com/openssl/openssl/pull/23200)
+
+Upstream-Status: Backport
[https://github.com/openssl/openssl/commit/8d847a3ffd4f0b17ee33962cf69c36224925b34f]
+CVE: CVE-2023-6129
+Signed-off-by: Vivek Kumbhar
+---
+ crypto/poly1305/asm/poly1305-ppc.pl | 42 ++---
+ 1 file changed, 21 insertions(+), 21 deletions(-)
+
+diff --git a/crypto/poly1305/asm/poly1305-ppc.pl
b/crypto/poly1305/asm/poly1305-ppc.pl
+index 9f86134..2e601bb 100755
+--- a/crypto/poly1305/asm/poly1305-ppc.pl
b/crypto/poly1305/asm/poly1305-ppc.pl
+@@ -744,7 +744,7 @@ ___
+ my $LOCALS= 6*$SIZE_T;
+ my $VSXFRAME = $LOCALS + 6*$SIZE_T;
+$VSXFRAME += 128; # local variables
+- $VSXFRAME += 13*16;# v20-v31 offload
++ $VSXFRAME += 12*16;# v20-v31 offload
+
+ my $BIG_ENDIAN = ($flavour !~ /le/) ? 4 : 0;
+
+@@ -919,12 +919,12 @@ __poly1305_blocks_vsx:
+ addir11,r11,32
+ stvxv22,r10,$sp
+ addir10,r10,32
+- stvxv23,r10,$sp
+- addir10,r10,32
+- stvxv24,r11,$sp
++ stvxv23,r11,$sp
+ addir11,r11,32
+- stvxv25,r10,$sp
++ stvxv24,r10,$sp
+ addir10,r10,32
++ stvxv25,r11,$sp
++ addir11,r11,32
+ stvxv26,r10,$sp
+ addir10,r10,32
+ stvxv27,r11,$sp
+@@ -1153,12 +1153,12 @@ __poly1305_blocks_vsx:
+ addir11,r11,32
+ stvxv22,r10,$sp
+ addir10,r10,32
+- stvxv23,r10,$sp
+- addir10,r10,32
+- stvxv24,r11,$sp
++ stvxv23,r11,$sp
+ addir11,r11,32
+- stvxv25,r10,$sp
++ stvxv24,r10,$sp
+ addir10,r10,32
++ stvxv25,r11,$sp
++ addir11,r11,32
+ stvxv26,r10,$sp
+ addir10,r10,32
+ stvxv27,r11,$sp
+@@ -1899,26 +1899,26 @@ Ldone_vsx:
+ mtspr 256,r12 # restore vrsave
+ lvx v20,r10,$sp
+ addir10,r10,32
+- lvx v21,r10,$sp
+- addir10,r10,32
+- lvx v22,r11,$sp
++ lvx v21,r11,$sp
+ addir11,r11,32
+- lvx v23,r10,$sp
++ lvx v22,r10,$sp
+ addir10,r10,32
+- lvx v24,r11,$sp
++ lvx v23,r11,$sp
+ addir11,r11,32
+- lvx v25,r10,$sp
++ lvx v24,r10,$sp
+ addir10,r10,32
+- lvx v26,r11,$sp
++ lvx v25,r11,$sp
+ addir11,r11,32
+- lvx v27,r10,$sp
++ lvx v26,r10,$sp
+ addir10,r10,32
+- lvx v28,r11,$sp
++ lvx v27,r11,$sp
+ addir11,r11,32
+- lvx v29,r10,$sp
++ lvx v28,r10,$sp
+ addir10,r10,32
+- lvx v30,r11,$sp
+- lvx v31,r10,$sp
++ lvx v29,r11,$sp
++ addir11,r11,32
++ lvx v30,r10,$sp
++ lvx v31,r11,$sp
+ $POPr27,`$VSXFRAME-$SIZE_T*5`($sp)
+ $POPr28,`$VSXFRAME-$SIZE_T*4`($sp)
+ $POPr29,`$VSXFRAME-$SIZE_T*3`($sp)
+--
+2.39.3
diff --git a/meta/recipes-connectivity/openssl/openssl_3.0.12.bb
b/meta/recipes-connectivity/openssl/openssl_3.0.12.bb
index 395cace2ec..4602151d91 100644
--- a/meta/recipes-connectivity/openssl/openssl_3.0.12.bb
+++ b/meta/recipes-connectivity/openssl/openssl_3.0.12.bb
@@ -13,6 +13,7 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz
\
file://afalg.patch \
file://0001-Configure-do-not-tweak-mips-cflags.patch \
file://CVE-2023-5678.patch \
+ file://CVE-2023-6129.patch \
"
SRC
[OE-core][kirkstone 0/7] Patch review
Please reviwe this set of changes for kirkstone and have comments back by
end of day Friday, January 19
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6458
The following changes since commit 8e27f96c0befbbb5cf8a2f7076b7a1ffd79addb6:
linux-firmware: upgrade 20230804 -> 20231030 (2024-01-09 05:50:24 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Hitendra Prajapati (1):
systemd: fix CVE-2023-7008
Martin Jansa (1):
pybootchartgui: fix 2 SyntaxWarnings
Peter Marko (2):
sqlite3: backport patch for CVE-2023-7104
zlib: ignore CVE-2023-6992
Poonam Jadhav (1):
Revert "curl: Backport fix CVE-2023-32001"
Soumya Sambu (1):
cpio: upgrade to 2.14
Vivek Kumbhar (1):
openssl: Backport fix for CVE-2023-6129
.../openssl/openssl/CVE-2023-6129.patch | 113
.../openssl/openssl_3.0.12.bb | 1 +
.../systemd/systemd/CVE-2023-7008.patch | 40 ++
meta/recipes-core/systemd/systemd_250.5.bb| 1 +
meta/recipes-core/zlib/zlib_1.2.11.bb | 3 +
...charset_alias-when-building-for-musl.patch | 30 -
...ove-superfluous-declaration-of-progr.patch | 28 -
...-calculation-of-CRC-in-copy-out-mode.patch | 58 --
...appending-to-archives-bigger-than-2G.patch | 312 --
.../cpio/cpio-2.13/CVE-2021-38185.patch | 581 --
.../cpio/{cpio_2.13.bb => cpio_2.14.bb} | 9 +-
...e-needed-header-for-major-minor-macr.patch | 47 ++
.../curl/curl/CVE-2023-32001.patch| 39 --
meta/recipes-support/curl/curl_7.82.0.bb | 1 -
.../sqlite/files/CVE-2023-7104.patch | 44 ++
meta/recipes-support/sqlite/sqlite3_3.38.5.bb | 1 +
scripts/pybootchartgui/pybootchartgui/draw.py | 4 +-
17 files changed, 254 insertions(+), 1058 deletions(-)
create mode 100644
meta/recipes-connectivity/openssl/openssl/CVE-2023-6129.patch
create mode 100644 meta/recipes-core/systemd/systemd/CVE-2023-7008.patch
delete mode 100644
meta/recipes-extended/cpio/cpio-2.13/0001-Unset-need_charset_alias-when-building-for-musl.patch
delete mode 100644
meta/recipes-extended/cpio/cpio-2.13/0002-src-global.c-Remove-superfluous-declaration-of-progr.patch
delete mode 100644
meta/recipes-extended/cpio/cpio-2.13/0003-Fix-calculation-of-CRC-in-copy-out-mode.patch
delete mode 100644
meta/recipes-extended/cpio/cpio-2.13/0004-Fix-appending-to-archives-bigger-than-2G.patch
delete mode 100644 meta/recipes-extended/cpio/cpio-2.13/CVE-2021-38185.patch
rename meta/recipes-extended/cpio/{cpio_2.13.bb => cpio_2.14.bb} (74%)
create mode 100644
meta/recipes-extended/cpio/files/0001-configure-Include-needed-header-for-major-minor-macr.patch
delete mode 100644 meta/recipes-support/curl/curl/CVE-2023-32001.patch
create mode 100644 meta/recipes-support/sqlite/files/CVE-2023-7104.patch
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#193924):
https://lists.openembedded.org/g/openembedded-core/message/193924
Mute This Topic: https://lists.openembedded.org/mt/103788743/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] Patchtest results for [PATCH 2/4] libunwind: merge .inc and .bb
Thank you for your submission. Patchtest identified one or more issues with the patch. Please see the log below for more information: --- Testing patch /home/patchtest/share/mboxes/2-4-libunwind-merge-.inc-and-.bb.patch FAIL: test lic files chksum modified not mentioned: LIC_FILES_CHKSUM changed without "License-Update:" tag and description in commit message (test_metadata.TestMetadata.test_lic_files_chksum_modified_not_mentioned) PASS: pretest src uri left files (test_metadata.TestMetadata.pretest_src_uri_left_files) PASS: test CVE check ignore (test_metadata.TestMetadata.test_cve_check_ignore) PASS: test Signed-off-by presence (test_mbox.TestMbox.test_signed_off_by_presence) PASS: test author valid (test_mbox.TestMbox.test_author_valid) PASS: test commit message presence (test_mbox.TestMbox.test_commit_message_presence) PASS: test max line length (test_metadata.TestMetadata.test_max_line_length) PASS: test mbox format (test_mbox.TestMbox.test_mbox_format) PASS: test non-AUH upgrade (test_mbox.TestMbox.test_non_auh_upgrade) PASS: test shortlog format (test_mbox.TestMbox.test_shortlog_format) PASS: test shortlog length (test_mbox.TestMbox.test_shortlog_length) PASS: test src uri left files (test_metadata.TestMetadata.test_src_uri_left_files) SKIP: pretest pylint: No python related patches, skipping test (test_python_pylint.PyLint.pretest_pylint) SKIP: test CVE tag format: No new CVE patches introduced (test_patch.TestPatch.test_cve_tag_format) SKIP: test Signed-off-by presence: No new CVE patches introduced (test_patch.TestPatch.test_signed_off_by_presence) SKIP: test Upstream-Status presence: No new CVE patches introduced (test_patch.TestPatch.test_upstream_status_presence_format) SKIP: test bugzilla entry format: No bug ID found (test_mbox.TestMbox.test_bugzilla_entry_format) SKIP: test lic files chksum presence: No added recipes, skipping test (test_metadata.TestMetadata.test_lic_files_chksum_presence) SKIP: test license presence: No added recipes, skipping test (test_metadata.TestMetadata.test_license_presence) SKIP: test pylint: No python related patches, skipping test (test_python_pylint.PyLint.test_pylint) SKIP: test series merge on head: Merge test is disabled for now (test_mbox.TestMbox.test_series_merge_on_head) SKIP: test summary presence: No added recipes, skipping test (test_metadata.TestMetadata.test_summary_presence) SKIP: test target mailing list: Series merged, no reason to check other mailing lists (test_mbox.TestMbox.test_target_mailing_list) --- Please address the issues identified and submit a new revision of the patch, or alternatively, reply to this email with an explanation of why the patch should be accepted. If you believe these results are due to an error in patchtest, please submit a bug at https://bugzilla.yoctoproject.org/ (use the 'Patchtest' category under 'Yocto Project Subprojects'). For more information on specific failures, see: https://wiki.yoctoproject.org/wiki/Patchtest. Thank you! -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193923): https://lists.openembedded.org/g/openembedded-core/message/193923 Mute This Topic: https://lists.openembedded.org/mt/103787923/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 3/4] libunwind: refresh patches
From: Ross Burton
0001-src-Gtrace-remove-unguarded-print-calls.patch has been merged, so
update the Upstream-Status.
0003-x86-Stub-out-x86_local_resume.patch has been hopefully obsoleted by
the use of libucontext, remove.
Split 004-Fix-build-on-mips-musl.patch into two, as there's two
independent issues here.
0006-Fix-for-X32.patch appears to have been fixed with 31738a upstream,
in 1.6.0.
musl-header-conflict.patch was obsoleted by recipe-specific-sysroots,
remove it.
Signed-off-by: Ross Burton
---
...-Gtrace-remove-unguarded-print-calls.patch | 4 +-
.../0003-x86-Stub-out-x86_local_resume.patch | 55 --
.../0004-Fix-build-on-mips-musl.patch | 84 ---
.../libunwind/0006-Fix-for-X32.patch | 29 -
.../libunwind/libunwind/mips-byte-order.patch | 35 ++
.../libunwind/mips-coredump-register.patch| 100 ++
.../libunwind/musl-header-conflict.patch | 44
.../libunwind/libunwind_1.6.2.bb | 6 +-
8 files changed, 139 insertions(+), 218 deletions(-)
delete mode 100644
meta/recipes-support/libunwind/libunwind/0003-x86-Stub-out-x86_local_resume.patch
delete mode 100644
meta/recipes-support/libunwind/libunwind/0004-Fix-build-on-mips-musl.patch
delete mode 100644
meta/recipes-support/libunwind/libunwind/0006-Fix-for-X32.patch
create mode 100644
meta/recipes-support/libunwind/libunwind/mips-byte-order.patch
create mode 100644
meta/recipes-support/libunwind/libunwind/mips-coredump-register.patch
delete mode 100644
meta/recipes-support/libunwind/libunwind/musl-header-conflict.patch
diff --git
a/meta/recipes-support/libunwind/libunwind/0001-src-Gtrace-remove-unguarded-print-calls.patch
b/meta/recipes-support/libunwind/libunwind/0001-src-Gtrace-remove-unguarded-print-calls.patch
index fdadcd3b25a..5840c2b4f62 100644
---
a/meta/recipes-support/libunwind/libunwind/0001-src-Gtrace-remove-unguarded-print-calls.patch
+++
b/meta/recipes-support/libunwind/libunwind/0001-src-Gtrace-remove-unguarded-print-calls.patch
@@ -1,4 +1,4 @@
-From 87d24ee47fd0e0461fca32d17564f21d76cbcb92 Mon Sep 17 00:00:00 2001
+From 9b27fa9bcd5cadd4c841c42710f41a090377e531 Mon Sep 17 00:00:00 2001
From: Ross Burton
Date: Fri, 24 Mar 2023 16:18:44 +
Subject: [PATCH] src/Gtrace: remove unguarded print() calls
@@ -19,7 +19,7 @@ needs to be implemented.
Fixes #482.
-Upstream-Status: Submitted [https://github.com/libunwind/libunwind/pull/483]
+Upstream-Status: Backport [9b27fa9bcd5cadd4c841c42710f41a090377e531]
Signed-off-by: Ross Burton
---
src/arm/Gtrace.c | 4 ++--
diff --git
a/meta/recipes-support/libunwind/libunwind/0003-x86-Stub-out-x86_local_resume.patch
b/meta/recipes-support/libunwind/libunwind/0003-x86-Stub-out-x86_local_resume.patch
deleted file mode 100644
index f02f13f79c1..000
---
a/meta/recipes-support/libunwind/libunwind/0003-x86-Stub-out-x86_local_resume.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-From 0b2243f19d4ea12a2a68478a5aed503947a800af Mon Sep 17 00:00:00 2001
-From: Khem Raj
-Date: Tue, 22 Mar 2016 16:19:29 +
-Subject: [PATCH] x86: Stub out x86_local_resume()
-
-its purpose seems
-to be unwinding across signal handler boundaries, which cannot happen
-in correct programs anyway. Replacing the whole function with
-something like *(volatile char *)0=0; (i.e. crash), gets a working
-libunwind
-
-Upstream-Status: Pending
-Signed-off-by: Khem Raj
-
- src/x86/Gos-linux.c | 26 +-
- 1 file changed, 1 insertion(+), 25 deletions(-)
-
-diff --git a/src/x86/Gos-linux.c b/src/x86/Gos-linux.c
-index d448dce..c25ae0c 100644
a/src/x86/Gos-linux.c
-+++ b/src/x86/Gos-linux.c
-@@ -284,31 +284,7 @@ x86_r_uc_addr (ucontext_t *uc, int reg)
- HIDDEN int
- x86_local_resume (unw_addr_space_t as, unw_cursor_t *cursor, void *arg)
- {
-- struct cursor *c = (struct cursor *) cursor;
-- ucontext_t *uc = c->uc;
--
-- /* Ensure c->pi is up-to-date. On x86, it's relatively common to be
-- missing DWARF unwind info. We don't want to fail in that case,
-- because the frame-chain still would let us do a backtrace at
-- least. */
-- dwarf_make_proc_info (&c->dwarf);
--
-- if (unlikely (c->sigcontext_format != X86_SCF_NONE))
--{
-- struct sigcontext *sc = (struct sigcontext *) c->sigcontext_addr;
--
-- Debug (8, "resuming at ip=%x via sigreturn(%p)\n", c->dwarf.ip, sc);
--#if !defined(__ANDROID__)
-- x86_sigreturn (sc);
--#endif
--}
-- else
--{
-- Debug (8, "resuming at ip=%x via setcontext()\n", c->dwarf.ip);
--#if !defined(__ANDROID__)
-- setcontext (uc);
--#endif
--}
-+ *(volatile char *)0=0;
- return -UNW_EINVAL;
- }
-
diff --git
a/meta/recipes-support/libunwind/libunwind/0004-Fix-build-on-mips-musl.patch
b/meta/recipes-support/libunwind/libunwind/0004-Fix-build-on-mips-musl.patch
deleted file mode 100644
index 124d0e00b19..000
--- a/meta/recipes-support/libunwind/libunwind/0004-Fix-build-on-mips-musl.patch
+
[OE-core] [PATCH 2/4] libunwind: merge .inc and .bb
From: Ross Burton
There's no need to these to be split, so merge them together.
Signed-off-by: Ross Burton
---
meta/recipes-support/libunwind/libunwind.inc | 23 ---
.../libunwind/libunwind_1.6.2.bb | 28 +--
2 files changed, 25 insertions(+), 26 deletions(-)
delete mode 100644 meta/recipes-support/libunwind/libunwind.inc
diff --git a/meta/recipes-support/libunwind/libunwind.inc
b/meta/recipes-support/libunwind/libunwind.inc
deleted file mode 100644
index bf74f9fa3c7..000
--- a/meta/recipes-support/libunwind/libunwind.inc
+++ /dev/null
@@ -1,23 +0,0 @@
-SUMMARY = "Library for obtaining the call-chain of a program"
-DESCRIPTION = "a portable and efficient C programming interface (API) to
determine the call-chain of a program"
-HOMEPAGE = "http://www.nongnu.org/libunwind";
-LICENSE = "MIT"
-LIC_FILES_CHKSUM = "file://COPYING;md5=2d80c8ed4062b8339b715f90fa68cc9f"
-DEPENDS += "libatomic-ops"
-DEPENDS:append:libc-musl = " libucontext"
-
-inherit autotools multilib_header
-
-PACKAGECONFIG ??= ""
-PACKAGECONFIG[lzma] = "--enable-minidebuginfo,--disable-minidebuginfo,xz"
-PACKAGECONFIG[latexdocs] = "--enable-documentation, --disable-documentation,
latex2man-native"
-
-EXTRA_OECONF:arm = "--enable-debug-frame"
-EXTRA_OECONF:armeb = "--enable-debug-frame"
-EXTRA_OECONF:aarch64 = "--enable-debug-frame"
-
-do_install:append () {
- oe_multilib_header libunwind.h
-}
-
-BBCLASSEXTEND = "native"
diff --git a/meta/recipes-support/libunwind/libunwind_1.6.2.bb
b/meta/recipes-support/libunwind/libunwind_1.6.2.bb
index d67862608c1..650e2c9ec40 100644
--- a/meta/recipes-support/libunwind/libunwind_1.6.2.bb
+++ b/meta/recipes-support/libunwind/libunwind_1.6.2.bb
@@ -1,4 +1,10 @@
-require libunwind.inc
+SUMMARY = "Library for obtaining the call-chain of a program"
+DESCRIPTION = "a portable and efficient C programming interface (API) to
determine the call-chain of a program"
+HOMEPAGE = "http://www.nongnu.org/libunwind";
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://COPYING;md5=2d80c8ed4062b8339b715f90fa68cc9f"
+DEPENDS += "libatomic-ops"
+DEPENDS:append:libc-musl = " libucontext"
SRC_URI =
"http://download.savannah.nongnu.org/releases/libunwind/libunwind-${PV}.tar.gz \
file://0003-x86-Stub-out-x86_local_resume.patch \
@@ -11,15 +17,31 @@ SRC_URI:append:libc-musl = "
file://musl-header-conflict.patch"
SRC_URI[sha256sum] =
"4a6aec666991fb45d0889c44aede8ad6eb108071c3554fcdff671f9c94794976"
+inherit autotools multilib_header
+
+COMPATIBLE_HOST:riscv32 = "null"
+
+PACKAGECONFIG ??= ""
+PACKAGECONFIG[lzma] = "--enable-minidebuginfo,--disable-minidebuginfo,xz"
+PACKAGECONFIG[latexdocs] = "--enable-documentation, --disable-documentation,
latex2man-native"
+
+EXTRA_OECONF:arm = "--enable-debug-frame"
+EXTRA_OECONF:armeb = "--enable-debug-frame"
+EXTRA_OECONF:aarch64 = "--enable-debug-frame"
+
EXTRA_OECONF:append:libc-musl = " --disable-documentation --disable-tests
--enable-static"
# http://errors.yoctoproject.org/Errors/Details/20487/
ARM_INSTRUCTION_SET:armv4 = "arm"
ARM_INSTRUCTION_SET:armv5 = "arm"
-COMPATIBLE_HOST:riscv32 = "null"
-
LDFLAGS += "-Wl,-z,relro,-z,now ${@bb.utils.contains('DISTRO_FEATURES',
'ld-is-gold', ' -fuse-ld=bfd ', '', d)}"
SECURITY_LDFLAGS:append:libc-musl = " -lssp_nonshared"
CACHED_CONFIGUREVARS:append:libc-musl = " LDFLAGS='${LDFLAGS} -lucontext'"
+
+do_install:append () {
+ oe_multilib_header libunwind.h
+}
+
+BBCLASSEXTEND = "native"
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#193920):
https://lists.openembedded.org/g/openembedded-core/message/193920
Mute This Topic: https://lists.openembedded.org/mt/103787498/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 4/4] libunwind: clean up configuration
From: Ross Burton Add a PACKAGECONFIG for the support for zlib-compressed debuginfo. There's no need to explicitly enable reading of .debug_frame segments as this is enabled automatically for arm/aarch64. Enable static globally, there's not much to gain by making this musl-specific. Don't disable the tests on musl as they verify that libunwind can link, which is important with external libucontext libraries. No need to disable documentation on musl, as it's already disabled out of the box. Signed-off-by: Ross Burton --- meta/recipes-support/libunwind/libunwind_1.6.2.bb | 7 ++- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/meta/recipes-support/libunwind/libunwind_1.6.2.bb b/meta/recipes-support/libunwind/libunwind_1.6.2.bb index d40a2af26d3..3208785124a 100644 --- a/meta/recipes-support/libunwind/libunwind_1.6.2.bb +++ b/meta/recipes-support/libunwind/libunwind_1.6.2.bb @@ -21,13 +21,10 @@ COMPATIBLE_HOST:riscv32 = "null" PACKAGECONFIG ??= "" PACKAGECONFIG[lzma] = "--enable-minidebuginfo,--disable-minidebuginfo,xz" +PACKAGECONFIG[zlib] = "--enable-zlibdebuginfo,--disable-zlibdebuginfo,zlib" PACKAGECONFIG[latexdocs] = "--enable-documentation, --disable-documentation, latex2man-native" -EXTRA_OECONF:arm = "--enable-debug-frame" -EXTRA_OECONF:armeb = "--enable-debug-frame" -EXTRA_OECONF:aarch64 = "--enable-debug-frame" - -EXTRA_OECONF:append:libc-musl = " --disable-documentation --disable-tests --enable-static" +EXTRA_OECONF = "--enable-static" # http://errors.yoctoproject.org/Errors/Details/20487/ ARM_INSTRUCTION_SET:armv4 = "arm" -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193922): https://lists.openembedded.org/g/openembedded-core/message/193922 Mute This Topic: https://lists.openembedded.org/mt/103787500/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 1/4] musl: doesn't support riscv32
From: Ross Burton
musl doesn't support riscv32, so set COMPATIBLE_HOST appropriately.
Signed-off-by: Ross Burton
---
meta/recipes-core/musl/musl.inc | 3 +++
1 file changed, 3 insertions(+)
diff --git a/meta/recipes-core/musl/musl.inc b/meta/recipes-core/musl/musl.inc
index 66468e92ff0..6ca52b186a5 100644
--- a/meta/recipes-core/musl/musl.inc
+++ b/meta/recipes-core/musl/musl.inc
@@ -25,6 +25,9 @@ MIPS_INSTRUCTION_SET = "mips"
ARM_INSTRUCTION_SET:armv5 = "arm"
ARM_INSTRUCTION_SET:armv4 = "arm"
+# 1.2.4 doesn't support riscv32
+COMPATIBLE_HOST:riscv32 = "null"
+
# Enable out of tree build
B = "${WORKDIR}/build"
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#193919):
https://lists.openembedded.org/g/openembedded-core/message/193919
Mute This Topic: https://lists.openembedded.org/mt/103787497/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 2/2] bitbake-layers: Add test case layers setup for custom references
From: Jermain Horsman
This includes a simple test which creates a layer setup using
custom references, and subsequently modifies the resulting layers
setup using a different custom reference.
Signed-off-by: Jermain Horsman
---
meta/lib/oeqa/selftest/cases/bblayers.py | 53
1 file changed, 53 insertions(+)
diff --git a/meta/lib/oeqa/selftest/cases/bblayers.py
b/meta/lib/oeqa/selftest/cases/bblayers.py
index 8faa060234..bf807badb7 100644
--- a/meta/lib/oeqa/selftest/cases/bblayers.py
+++ b/meta/lib/oeqa/selftest/cases/bblayers.py
@@ -167,3 +167,56 @@ class BitbakeLayers(OESelftestTestCase):
oecoredir = os.listdir(testcheckoutdir)[0]
testcheckoutfile = os.path.join(testcheckoutdir, oecoredir,
"oe-init-build-env")
self.assertTrue(os.path.exists(testcheckoutfile), "File {} not found
in test layer checkout".format(testcheckoutfile))
+
+def test_bitbakelayers_updatelayer(self):
+result = runCmd('bitbake-layers create-layers-setup
{}'.format(self.testlayer_path))
+jsonfile = os.path.join(self.testlayer_path, "setup-layers.json")
+self.validate_layersjson(jsonfile)
+
+import json
+with open(jsonfile) as f:
+data = json.load(f)
+repos = []
+for s in data['sources']:
+repos.append(s)
+
+self.assertTrue(len(repos) > 1, "Not enough repositories available")
+self.validate_layersjson(jsonfile)
+
+test_ref_1 = 'ref_1'
+test_ref_2 = 'ref_2'
+
+# Create a new layers setup using custom references
+result = runCmd('bitbake-layers create-layers-setup
--use-custom-reference {first_repo}:{test_ref} --use-custom-reference
{second_repo}:{test_ref} {path}'
+.format(first_repo=repos[0], second_repo=repos[1],
test_ref=test_ref_1, path=self.testlayer_path))
+self.validate_layersjson(jsonfile)
+
+with open(jsonfile) as f:
+data = json.load(f)
+first_rev_1 = data['sources'][repos[0]]['git-remote']['rev']
+first_desc_1 = data['sources'][repos[0]]['git-remote']['describe']
+second_rev_1 = data['sources'][repos[1]]['git-remote']['rev']
+second_desc_1 = data['sources'][repos[1]]['git-remote']['describe']
+
+self.assertEqual(first_rev_1, test_ref_1, "Revision not set correctly:
'{}'".format(first_rev_1))
+self.assertEqual(first_desc_1, '', "Describe not cleared:
'{}'".format(first_desc_1))
+self.assertEqual(second_rev_1, test_ref_1, "Revision not set
correctly: '{}'".format(second_rev_1))
+self.assertEqual(second_desc_1, '', "Describe not cleared:
'{}'".format(second_desc_1))
+
+# Update one of the repositories in the layers setup using a different
custom reference
+# This should only update the selected repository, everything else
should remain as is
+result = runCmd('bitbake-layers create-layers-setup --update
--use-custom-reference {first_repo}:{test_ref} {path}'
+.format(first_repo=repos[0], test_ref=test_ref_2,
path=self.testlayer_path))
+self.validate_layersjson(jsonfile)
+
+with open(jsonfile) as f:
+data = json.load(f)
+first_rev_2 = data['sources'][repos[0]]['git-remote']['rev']
+first_desc_2 = data['sources'][repos[0]]['git-remote']['describe']
+second_rev_2 = data['sources'][repos[1]]['git-remote']['rev']
+second_desc_2 = data['sources'][repos[1]]['git-remote']['describe']
+
+self.assertEqual(first_rev_2, test_ref_2, "Revision not set correctly:
'{}'".format(first_rev_2))
+self.assertEqual(first_desc_2, '', "Describe not cleared:
'{}'".format(first_desc_2))
+self.assertEqual(second_rev_2, second_rev_1, "Revision should not be
updated: '{}'".format(second_rev_2))
+self.assertEqual(second_desc_2, second_desc_1, "Describe should not be
updated: '{}'".format(second_desc_2))
--
2.43.0.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#193918):
https://lists.openembedded.org/g/openembedded-core/message/193918
Mute This Topic: https://lists.openembedded.org/mt/103787411/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 1/2] bitbake-layers: Add ability to update the reference of repositories
From: Jermain Horsman
This creates a new layers setup with, or, modifies an existing layers
setup using, one or more repositories where the references are provided
by the user.
This is a very minimal implementation, no validation of any reference
is done and it is left to the user to provide a valid value.
Signed-off-by: Jermain Horsman
---
.../bblayers/setupwriters/oe-setup-layers.py | 79 +--
1 file changed, 72 insertions(+), 7 deletions(-)
diff --git a/meta/lib/bblayers/setupwriters/oe-setup-layers.py
b/meta/lib/bblayers/setupwriters/oe-setup-layers.py
index bd71ca1f51..59ca968ff3 100644
--- a/meta/lib/bblayers/setupwriters/oe-setup-layers.py
+++ b/meta/lib/bblayers/setupwriters/oe-setup-layers.py
@@ -31,16 +31,69 @@ class OeSetupLayersWriter():
with open(output, 'w') as f:
json.dump(repos, f, sort_keys=True, indent=4)
+def _read_repo_config(self, json_path):
+with open(json_path) as f:
+json_config = json.load(f)
+
+supported_versions = ["1.0"]
+if json_config["version"] not in supported_versions:
+err = "File {} has version {}, which is not in supported versions:
{}".format(json_path, json_config["version"], supported_versions)
+logger.error(err)
+raise Exception(err)
+
+return json_config
+
+def _modify_repo_config(self, json_config, args):
+sources = json_config['sources']
+for pair in args.custom_references:
+try:
+repo, rev = pair.split(':', maxsplit=1)
+except ValueError:
+err = "Invalid custom reference specified: '{}'. Provide one
using 'REPOSITORY:REFERENCE'.".format(pair)
+logger.error(err)
+raise Exception(err)
+if not repo in sources.keys():
+err = "Repository {} does not exist in setup-layers
config".format(repo)
+logger.error(err)
+raise Exception(err)
+
+layer_remote = json_config['sources'][repo]['git-remote']
+layer_remote['rev'] = rev
+# Clear describe
+layer_remote['describe'] = ''
+
def do_write(self, parent, args):
""" Writes out a python script and a json config that replicate the
directory structure and revisions of the layers in a current build. """
-if not os.path.exists(args.destdir):
-os.makedirs(args.destdir)
-repos = parent.make_repo_config(args.destdir)
-json = {"version":"1.0","sources":repos}
-if not repos:
-raise Exception("Could not determine layer sources")
output = args.output_prefix or "setup-layers"
-output = os.path.join(os.path.abspath(args.destdir),output)
+output = os.path.join(os.path.abspath(args.destdir), output)
+
+if args.update:
+# Modify existing layers setup
+if args.custom_references is None:
+err = "No custom reference specified. Please provide one using
'--use-custom-reference REPOSITORY:REFERENCE'."
+logger.error(err)
+raise Exception(err)
+
+json = self._read_repo_config(output + ".json")
+if not 'sources' in json.keys():
+err = "File {}.json does not contain valid layer
sources.".format(output)
+logger.error(err)
+raise Exception(err)
+
+else:
+# Create new layers setup
+if not os.path.exists(args.destdir):
+os.makedirs(args.destdir)
+repos = parent.make_repo_config(args.destdir)
+json = {"version":"1.0","sources":repos}
+if not repos:
+err = "Could not determine layer sources"
+logger.error(err)
+raise Exception(err)
+
+if args.custom_references is not None:
+self._modify_repo_config(json, args)
+
self._write_json(json, output + ".json")
logger.info('Created {}.json'.format(output))
if not args.json_only:
@@ -50,3 +103,15 @@ class OeSetupLayersWriter():
def register_arguments(self, parser):
parser.add_argument('--json-only', action='store_true',
help='When using the oe-setup-layers writer, write only the layer
configuruation in json format. Otherwise, also a copy of
scripts/oe-setup-layers (from oe-core or poky) is provided, which is a self
contained python script that fetches all the needed layers and sets them to
correct revisions using the data from the json.')
+
+parser.add_argument('--update', '-u',
+action='store_true',
+help=("Instead of writing a new json file, update an existing
layer setup json file with custom references provided via the
'--use-custom-reference' option."
+ "\nThis will only update repositories for which a custom
reference is specified, all other repositores will be left u
Re: [OE-core] [PATCH] swig: upgrade 4.1.1 -> 4.2.0
Hello,
This causes failures on the autobuilders:
https://autobuilder.yoctoproject.org/typhoon/#/builders/117/builds/4241/steps/12/logs/stdio
https://autobuilder.yoctoproject.org/typhoon/#/builders/64/builds/8438/steps/11/logs/stdio
https://autobuilder.yoctoproject.org/typhoon/#/builders/45/builds/8470/steps/11/logs/stdio
https://autobuilder.yoctoproject.org/typhoon/#/builders/40/builds/8446/steps/11/logs/stdio
https://autobuilder.yoctoproject.org/typhoon/#/builders/52/builds/8314/steps/12/logs/stdio
https://autobuilder.yoctoproject.org/typhoon/#/builders/108/builds/5592/steps/11/logs/stdio
On 15/01/2024 17:27:54+0800, wangmy wrote:
> From: Wang Mingyu
>
> 0001-Use-proc-self-exe-for-swig-swiglib-on-non-Win32-plat.patch
> 0001-configure-use-pkg-config-for-pcre-detection.patch
> determinism.patch
> refreshed for 4.2.0
>
> Changelog:
>
> -Various template wrapping improvements: template template parameters,
> variadic templates, partially specialized templates, const template
> parameters and improved error checking instantiating templates.
> -Improved decltype() support for expressions.
> -C++14 auto without trailing return type and C++11 auto variables.
> -Numerous C++ using declarations improvements.
> -Numerous fixes for constructors, destructors and assignment operators:
> implicit, default and deleted and related non-assignable variable
> wrappers.
> -STL: std::array and std::map improvements, std::string_view support
> added.
> -Various C preprocessor improvements.
> -Various issues fixed to do with architecture specific long type.
> -Various Doxygen improvements.
> -D1/Tango support removed. D2/Phobos is now the supported D version
> and SWIG now generates code which works with recent D2 releases.
> -New Javascript generator targeting Node.js binary stable ABI Node-API.
> -Octave 8.1 support added.
> -PHP7 support removed, PHP8 is now the supported PHP version.
> -Python STL container wrappers now use the Python Iterator Protocol.
> -Python stable ABI support added.
> -Python 3.12 support added.
> -Ruby 3.2 and 3.3 support.
> -Scilab 2023.* support added.
> -Various minor enhancements for C#, Go, Guile, Javascript, Lua, Ocaml,
> Perl, PHP, R, Racket, Ruby, Scilab and Tcl.
> -A number of deprecated features have been removed.
>
> Signed-off-by: Wang Mingyu
> ---
> ...self-exe-for-swig-swiglib-on-non-Win32-plat.patch | 10 ++
> ...configure-use-pkg-config-for-pcre-detection.patch | 6 +++---
> meta/recipes-devtools/swig/swig/determinism.patch| 12 +++-
> .../swig/{swig_4.1.1.bb => swig_4.2.0.bb}| 2 +-
> 4 files changed, 21 insertions(+), 9 deletions(-)
> rename meta/recipes-devtools/swig/{swig_4.1.1.bb => swig_4.2.0.bb} (72%)
>
> diff --git
> a/meta/recipes-devtools/swig/swig/0001-Use-proc-self-exe-for-swig-swiglib-on-non-Win32-plat.patch
>
> b/meta/recipes-devtools/swig/swig/0001-Use-proc-self-exe-for-swig-swiglib-on-non-Win32-plat.patch
> index f27f80ea18..3f9c298430 100644
> ---
> a/meta/recipes-devtools/swig/swig/0001-Use-proc-self-exe-for-swig-swiglib-on-non-Win32-plat.patch
> +++
> b/meta/recipes-devtools/swig/swig/0001-Use-proc-self-exe-for-swig-swiglib-on-non-Win32-plat.patch
> @@ -1,4 +1,4 @@
> -From a4a0440a644c6c5e5da096efe3cf05ba309a284f Mon Sep 17 00:00:00 2001
> +From ca02368e2fcb469649534e00eeb21a3c86300f1e Mon Sep 17 00:00:00 2001
> From: "NODA, Kai"
> Date: Sun, 22 Apr 2012 17:01:02 +0900
> Subject: [PATCH] Use /proc/self/exe for "swig -swiglib" on non-Win32
> @@ -10,9 +10,11 @@ Upstream-Status: Submitted
> http://sourceforge.net/mailarchive/message.php?msg_id=29179733
>
> ---
> - Source/Modules/main.cxx | 24 ++--
> + Source/Modules/main.cxx | 24 ++--
> 1 file changed, 22 insertions(+), 2 deletions(-)
>
> +diff --git a/Source/Modules/main.cxx b/Source/Modules/main.cxx
> +index 8a44921..8250dee 100644
> --- a/Source/Modules/main.cxx
> +++ b/Source/Modules/main.cxx
> @@ -25,6 +25,11 @@
> @@ -27,7 +29,7 @@
> http://sourceforge.net/mailarchive/message.php?msg_id=29179733
>
> // Global variables
>
> -@@ -934,9 +939,9 @@ int SWIG_main(int argc, char *argv[], co
> +@@ -886,9 +891,9 @@ int SWIG_main(int argc, char *argv[], const
> TargetLanguageModule *tlm) {
>
> // Check for SWIG_LIB environment variable
> if ((c = getenv("SWIG_LIB")) == (char *) 0) {
> @@ -38,7 +40,7 @@
> http://sourceforge.net/mailarchive/message.php?msg_id=29179733
> if (!(GetModuleFileName(0, buf, MAX_PATH) == 0 || (p = strrchr(buf,
> '\\')) == 0)) {
> *(p + 1) = '\0';
> SwigLib = NewStringf("%sLib", buf); // Native windows installation
> path
> -@@ -946,7 +951,22 @@ int SWIG_main(int argc, char *argv[], co
> +@@ -898,7 +903,22 @@ int SWIG_main(int argc, char *argv[], const
> TargetLanguageModule *tlm) {
> if (Len(SWIG_LIB_WIN_UNIX) > 0)
> SwigLibWinUnix = NewString(SWIG_LIB_WIN_UNIX); // Unix installation
> path using a drive letter (fo
Re: [OE-core] [PATCH] elfutils: upgrade 0.189 -> 0.190
New ptest failures:
https://autobuilder.yoctoproject.org/typhoon/#/builders/81/builds/6163/steps/12/logs/stdio
https://autobuilder.yoctoproject.org/typhoon/#/builders/82/builds/5977/steps/12/logs/stdio
On 15/01/2024 16:57:25+0800, wangmy wrote:
> From: Wang Mingyu
>
> 0001-Add-helper-function-for-basename.patch
> 0001-dso-link-change.patch
> 0001-libasm-may-link-with-libbz2-if-found.patch
> 0001-libelf-elf_end.c-check-data_list.data.d.d_buf-before.patch
> 0001-tests-Makefile.am-compile-test_nlist-with-standard-C.patch
> 0002-Fix-elf_cvt_gunhash-if-dest-and-src-are-same.patch
> 0003-fixheadercheck.patch
> ptest.patch
> refreshed for 0.190.
>
> Changelog:
> ===
> -Switch from real name policy to known identity policy.
> -libelf: Add RELR support.
> -libdw: Recognize .debug_[ct]u_index sections
> -readelf: Support readelf -Ds, --use-dynamic --symbol.
> Support .gdb_index version 9
> -scrlines: New tool that compiles a list of source files associated
> with a specified dwarf/elf file.
> -debuginfod: Schema change for a 60% compression in filename representation,
> which was a large part of the sqlite index; also, more deliberate sqlite
> -wal management during scanning using the --scan-checkpoint option.
> -backends: Various LoongArch updates.
>
> Signed-off-by: Wang Mingyu
> ---
> .../{elfutils_0.189.bb => elfutils_0.190.bb} | 2 +-
> ...001-Add-helper-function-for-basename.patch | 117 --
> .../elfutils/files/0001-dso-link-change.patch | 12 +-
> ...libasm-may-link-with-libbz2-if-found.patch | 6 +-
> ...-check-data_list.data.d.d_buf-before.patch | 6 +-
> ...m-compile-test_nlist-with-standard-C.patch | 6 +-
> ...cvt_gunhash-if-dest-and-src-are-same.patch | 8 +-
> .../elfutils/files/0003-fixheadercheck.patch | 6 +-
> .../elfutils/files/ptest.patch| 10 +-
> 9 files changed, 106 insertions(+), 67 deletions(-)
> rename meta/recipes-devtools/elfutils/{elfutils_0.189.bb =>
> elfutils_0.190.bb} (98%)
>
> diff --git a/meta/recipes-devtools/elfutils/elfutils_0.189.bb
> b/meta/recipes-devtools/elfutils/elfutils_0.190.bb
> similarity index 98%
> rename from meta/recipes-devtools/elfutils/elfutils_0.189.bb
> rename to meta/recipes-devtools/elfutils/elfutils_0.190.bb
> index e9b432e4e9..6753d0ae7d 100644
> --- a/meta/recipes-devtools/elfutils/elfutils_0.189.bb
> +++ b/meta/recipes-devtools/elfutils/elfutils_0.190.bb
> @@ -26,7 +26,7 @@ SRC_URI =
> "https://sourceware.org/elfutils/ftp/${PV}/${BP}.tar.bz2 \
> SRC_URI:append:libc-musl = " \
> file://0003-musl-utils.patch \
> "
> -SRC_URI[sha256sum] =
> "39bd8f1a338e2b7cd4abc3ff11a0eddc6e690f69578a57478d8179b4148708c8"
> +SRC_URI[sha256sum] =
> "8e00a3a9b5f04bc1dc273ae86281d2d26ed412020b391ffcc23198f10231d692"
>
> inherit autotools gettext ptest pkgconfig
>
> diff --git
> a/meta/recipes-devtools/elfutils/files/0001-Add-helper-function-for-basename.patch
>
> b/meta/recipes-devtools/elfutils/files/0001-Add-helper-function-for-basename.patch
> index 3e6033fd75..ebd4576f4a 100644
> ---
> a/meta/recipes-devtools/elfutils/files/0001-Add-helper-function-for-basename.patch
> +++
> b/meta/recipes-devtools/elfutils/files/0001-Add-helper-function-for-basename.patch
> @@ -1,4 +1,4 @@
> -From 666372a5d8d5a23203c70d583904097c9e49c5a0 Mon Sep 17 00:00:00 2001
> +From 61773daf61f01105ec30b32a997681084f513aff Mon Sep 17 00:00:00 2001
> From: Khem Raj
> Date: Sat, 9 Dec 2023 18:23:03 -0800
> Subject: [PATCH] Add helper function for basename
> @@ -12,27 +12,31 @@ libraries which have POSIX implementation only.
> Upstream-Status: Submitted
> [https://sourceware.org/pipermail/elfutils-devel/2023q4/006727.html]
> [1]
> https://git.musl-libc.org/cgit/musl/commit/?id=725e17ed6dff4d0cd22487bb64470881e86a92e7
> Signed-off-by: Khem Raj
> +
> ---
> lib/Makefile.am | 2 +-
> lib/libeu.h | 1 +
> - lib/{libeu.h => xbasename.c} | 31 ++--
> + lib/xbasename.c | 39
> libdw/dwarf_getsrc_file.c| 3 ++-
> libdwfl/core-file.c | 3 ++-
> libdwfl/dwfl_module_getsrc_file.c| 3 ++-
> libdwfl/dwfl_segment_report_module.c | 3 ++-
> - libdwfl/find-debuginfo.c | 7 ---
> + libdwfl/find-debuginfo.c | 7 ++---
> libdwfl/link_map.c | 3 ++-
> libdwfl/linux-kernel-modules.c | 3 ++-
> - src/addr2line.c | 5 +++--
> - src/ar.c | 5 +++--
> - src/nm.c | 4 ++--
> + src/addr2line.c | 5 ++--
> + src/ar.c | 5 ++--
> + src/nm.c | 4 +--
> src/stack.c | 3 ++-
> src/strip.c | 2 +-
> - tests/show-die-info.c| 2 +-
> - tests/varlocs.c | 2 +
Re: [OE-core] [PATCH] python3-wcwidth: upgrade 0.2.12 -> 0.2.13
New ptest failures:
https://autobuilder.yoctoproject.org/typhoon/#/builders/82/builds/5977/steps/12/logs/stdio
https://autobuilder.yoctoproject.org/typhoon/#/builders/81/builds/6163/steps/12/logs/stdio
On 15/01/2024 17:26:40+0800, wangmy wrote:
> From: Wang Mingyu
>
> Changelog:
> Bugfix zero-width support for Hangul Jamo
>
> Signed-off-by: Wang Mingyu
> ---
> .../{python3-wcwidth_0.2.12.bb => python3-wcwidth_0.2.13.bb}| 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
> rename meta/recipes-devtools/python/{python3-wcwidth_0.2.12.bb =>
> python3-wcwidth_0.2.13.bb} (87%)
>
> diff --git a/meta/recipes-devtools/python/python3-wcwidth_0.2.12.bb
> b/meta/recipes-devtools/python/python3-wcwidth_0.2.13.bb
> similarity index 87%
> rename from meta/recipes-devtools/python/python3-wcwidth_0.2.12.bb
> rename to meta/recipes-devtools/python/python3-wcwidth_0.2.13.bb
> index ae845a39a7..320a34a5f5 100644
> --- a/meta/recipes-devtools/python/python3-wcwidth_0.2.12.bb
> +++ b/meta/recipes-devtools/python/python3-wcwidth_0.2.13.bb
> @@ -4,7 +4,7 @@ HOMEPAGE = "https://github.com/jquast/wcwidth";
> LICENSE = "MIT"
> LIC_FILES_CHKSUM = "file://LICENSE;md5=b15979c39a2543892fca8cd86b4b52cb"
>
> -SRC_URI[sha256sum] =
> "f01c104efdf57971bcb756f054dd58ddec5204dd15fa31d6503ea57947d97c02"
> +SRC_URI[sha256sum] =
> "72ea0c06399eb286d978fdedb6923a9eb47e1c486ce63e9b4e64fc18303972b5"
>
> inherit pypi setuptools3 ptest
>
> --
> 2.34.1
>
>
>
>
--
Alexandre Belloni, co-owner and COO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#193914):
https://lists.openembedded.org/g/openembedded-core/message/193914
Mute This Topic: https://lists.openembedded.org/mt/103735720/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH] uboot-sign: support to load optee-os and TFA images
On Tue, Jan 16, 2024 at 07:37:04PM -0800, Jamin Lin wrote: > Hi Alexander, > > One more thing, So far, bitman only support hash 256. What hashing algorithm would you like to be using instead? We can always include more and better options with configuration as needed. -- Tom -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193913): https://lists.openembedded.org/g/openembedded-core/message/193913 Mute This Topic: https://lists.openembedded.org/mt/103734859/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 5/5] libtool: Update patch offsets
Our patches were rather out of sync, update the line offsets to match the current patchset/underlying code. Signed-off-by: Richard Purdie --- ...-trailing-slashes-on-install-command.patch | 4 ++-- ...e-the-with-sysroot-option-to-avoid-c.patch | 19 ++- ...-Add-missing-sysroot-to-library-path.patch | 4 ++-- ...sroot-paths-being-encoded-into-RPATH.patch | 8 ...encode-RATHS-which-match-default-lin.patch | 8 ...r-static-libs-for-internal-compiler-.patch | 4 ++-- ...-sure-autoheader-run-before-autoconf.patch | 2 +- ...-sure-autoheader-run-before-automake.patch | 2 +- ...eproducibility-stop-encoding-hostnam.patch | 4 ++-- .../libtool/dont-depend-on-help2man.patch | 3 ++- 10 files changed, 30 insertions(+), 28 deletions(-) diff --git a/meta/recipes-devtools/libtool/libtool/0001-ltmain.in-Handle-trailing-slashes-on-install-command.patch b/meta/recipes-devtools/libtool/libtool/0001-ltmain.in-Handle-trailing-slashes-on-install-command.patch index 4c4d0547a36..51c0c52da8f 100644 --- a/meta/recipes-devtools/libtool/libtool/0001-ltmain.in-Handle-trailing-slashes-on-install-command.patch +++ b/meta/recipes-devtools/libtool/libtool/0001-ltmain.in-Handle-trailing-slashes-on-install-command.patch @@ -15,10 +15,10 @@ Signed-off-by: Richard Purdie Upstream-Status: Submitted [https://lists.gnu.org/archive/html/libtool-patches/2021-10/msg00010.html] diff --git a/build-aux/ltmain.in b/build-aux/ltmain.in -index 96b37003..3d5dcd0a 100644 +index a5f21a1..f884824 100644 --- a/build-aux/ltmain.in +++ b/build-aux/ltmain.in -@@ -2378,8 +2378,14 @@ func_mode_install () +@@ -2381,8 +2381,14 @@ func_mode_install () func_append dir "$objdir" if test -n "$relink_command"; then diff --git a/meta/recipes-devtools/libtool/libtool/0002-libtool.m4-Rename-the-with-sysroot-option-to-avoid-c.patch b/meta/recipes-devtools/libtool/libtool/0002-libtool.m4-Rename-the-with-sysroot-option-to-avoid-c.patch index 1920e2e6dbf..2126f829537 100644 --- a/meta/recipes-devtools/libtool/libtool/0002-libtool.m4-Rename-the-with-sysroot-option-to-avoid-c.patch +++ b/meta/recipes-devtools/libtool/libtool/0002-libtool.m4-Rename-the-with-sysroot-option-to-avoid-c.patch @@ -84,9 +84,10 @@ Index: libtool-2.4.7/tests/sysroot.at AC_OUTPUT(Makefile) ]]) diff --git a/tests/testsuite b/tests/testsuite +index 24265e4..d388e3e 100755 --- a/tests/testsuite +++ b/tests/testsuite -@@ -48945,7 +48945,7 @@ $at_traceon; } +@@ -48997,7 +48997,7 @@ $at_traceon; } LDFLAGS="$LDFLAGS --sysroot=$sysroot -no-undefined" @@ -95,7 +96,7 @@ diff --git a/tests/testsuite b/tests/testsuite #??? if test PATH = "$shlibpath_var"; then -@@ -49154,7 +49154,7 @@ AM_INIT_AUTOMAKE([foreign]) +@@ -49211,7 +49211,7 @@ AM_INIT_AUTOMAKE([foreign]) AC_PROG_CC AC_CONFIG_SRCDIR([lib2.c]) LT_INIT @@ -104,7 +105,7 @@ diff --git a/tests/testsuite b/tests/testsuite AC_SUBST([sysroot]) AC_OUTPUT(Makefile) _ATEOF -@@ -49342,7 +49342,7 @@ AM_INIT_AUTOMAKE([foreign]) +@@ -49404,7 +49404,7 @@ AM_INIT_AUTOMAKE([foreign]) AC_PROG_CC AC_CONFIG_SRCDIR([prog.c]) LT_INIT @@ -113,7 +114,7 @@ diff --git a/tests/testsuite b/tests/testsuite AC_SUBST([sysroot]) AC_OUTPUT(Makefile) _ATEOF -@@ -49694,7 +49694,7 @@ $at_traceon; } +@@ -49761,7 +49761,7 @@ $at_traceon; } LDFLAGS="$LDFLAGS --sysroot=$sysroot -no-undefined" @@ -122,7 +123,7 @@ diff --git a/tests/testsuite b/tests/testsuite #??? if test PATH = "$shlibpath_var"; then -@@ -49903,7 +49903,7 @@ AM_INIT_AUTOMAKE([foreign]) +@@ -49975,7 +49975,7 @@ AM_INIT_AUTOMAKE([foreign]) AC_PROG_CC AC_CONFIG_SRCDIR([lib2.c]) LT_INIT @@ -131,7 +132,7 @@ diff --git a/tests/testsuite b/tests/testsuite AC_SUBST([sysroot]) AC_OUTPUT(Makefile) _ATEOF -@@ -50091,7 +50091,7 @@ AM_INIT_AUTOMAKE([foreign]) +@@ -50168,7 +50168,7 @@ AM_INIT_AUTOMAKE([foreign]) AC_PROG_CC AC_CONFIG_SRCDIR([prog.c]) LT_INIT @@ -140,7 +141,7 @@ diff --git a/tests/testsuite b/tests/testsuite AC_SUBST([sysroot]) AC_OUTPUT(Makefile) _ATEOF -@@ -50443,7 +50443,7 @@ $at_traceon; } +@@ -50525,7 +50525,7 @@ $at_traceon; } LDFLAGS="$LDFLAGS --sysroot=$sysroot -no-undefined" @@ -149,7 +150,7 @@ diff --git a/tests/testsuite b/tests/testsuite #??? if test PATH = "$shlibpath_var"; then -@@ -50652,7 +50652,7 @@ AM_INIT_AUTOMAKE([foreign]) +@@ -50739,7 +50739,7 @@ AM_INIT_AUTOMAKE([foreign]) AC_PROG_CC AC_CONFIG_SRCDIR([lib2.c]) LT_INIT @@ -158,7 +159,7 @@ diff --git a/tests/testsuite b/tests/testsuite AC_SUBST([sysroot]) AC_OUTPUT(Makefile) _ATEOF -@@ -50840,7 +50840,7 @@ AM_INIT_AUTOMAKE([foreign]) +@@ -50932,7 +50932,7 @@ AM_INIT_AUTOMAKE([foreign]) AC_PROG_CC AC_CONFIG_SRCDIR([prog.c]) LT_INIT diff --git a/meta/recipes-devtools/libtool/libtool/0003-ltmain.in-Add-missing-sysroot-to-library-path.patch b/meta/recipes-devtools/libtool/libtool/0003-ltmain.in-Add-missing-sysroot-to-library-path.patch index 07c7f911e08..
[OE-core] [PATCH 4/5] libtool: Update cleanup sysroot handling patch
The sysroot path cleanup change was reworked after discussion/review upstream.
It
appeared there were two different changes in one of our patches so separate out
the second one and mark as inappropriate as it is unlikely upstream would take
such a change in defaults. We need further investigation to decide if OE really
wants/needs this going forward.
Signed-off-by: Richard Purdie
---
.../libtool/libtool-2.4.7.inc | 1 +
...-libtool.m4-Cleanup-sysroot-trailing.patch | 37 +++
...ool.m4-Handle-as-a-sysroot-correctly.patch | 33 +++--
3 files changed, 52 insertions(+), 19 deletions(-)
create mode 100644
meta/recipes-devtools/libtool/libtool/0003-libtool.m4-Cleanup-sysroot-trailing.patch
diff --git a/meta/recipes-devtools/libtool/libtool-2.4.7.inc
b/meta/recipes-devtools/libtool/libtool-2.4.7.inc
index a07df720acf..16bb10d48f8 100644
--- a/meta/recipes-devtools/libtool/libtool-2.4.7.inc
+++ b/meta/recipes-devtools/libtool/libtool-2.4.7.inc
@@ -15,6 +15,7 @@ SRC_URI = "${GNU_MIRROR}/libtool/libtool-${PV}.tar.gz \
file://0004-ltmain.sh-Fix-sysroot-paths-being-encoded-into-RPATH.patch \
file://0005-ltmain.in-Don-t-encode-RATHS-which-match-default-lin.patch \
file://dont-depend-on-help2man.patch \
+ file://0003-libtool.m4-Cleanup-sysroot-trailing.patch \
file://0006-libtool.m4-Handle-as-a-sysroot-correctly.patch \
file://nohardcodepaths.patch \
file://0007-libtool-Fix-support-for-NIOS2-processor.patch \
diff --git
a/meta/recipes-devtools/libtool/libtool/0003-libtool.m4-Cleanup-sysroot-trailing.patch
b/meta/recipes-devtools/libtool/libtool/0003-libtool.m4-Cleanup-sysroot-trailing.patch
new file mode 100644
index 000..b6175903daf
--- /dev/null
+++
b/meta/recipes-devtools/libtool/libtool/0003-libtool.m4-Cleanup-sysroot-trailing.patch
@@ -0,0 +1,37 @@
+libtool.m4: Cleanup sysroot trailing "/"
+
+If $CC has --sysroot=/, it is a valid configuration however libtool will
+then set lt_sysroot to "/".
+
+This means references like $lt_sysroot$libdir become //usr/lib instead
+of the more normally expected /usr/lib. This may or may not break something
+but certainly is confusing to the user and gives confusing output. Making
+"/" simply unset lt_sysroot is much cleaner.
+
+Whilst here, trim any trailing '/' from sysroot paths to drop the duplication
+and result in cleaner/consistent output.
+
+* m4/libtool.m4: Cleanup sysroot trailing '/' handling
+
+Upstream-Status: Submitted
[https://lists.gnu.org/archive/html/libtool-patches/2024-01/msg00111.html]
+Signed-off-by: Richard Purdie
+
+---
+ m4/libtool.m4 | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/m4/libtool.m4 b/m4/libtool.m4
+index fa1ae91..2f31d24 100644
+--- a/m4/libtool.m4
b/m4/libtool.m4
+@@ -1256,7 +1256,9 @@ lt_sysroot=
+ case $with_libtool_sysroot in #(
+ yes)
+if test yes = "$GCC"; then
+- lt_sysroot=`$CC --print-sysroot 2>/dev/null`
++ # Trim trailing / since we'll always append absolute paths and we want
++ # to avoid //, if only for less confusing output for the user.
++ lt_sysroot=`$CC --print-sysroot 2>/dev/null | $SED 's:/\+$::'`
+fi
+;; #(
+ /*)
diff --git
a/meta/recipes-devtools/libtool/libtool/0006-libtool.m4-Handle-as-a-sysroot-correctly.patch
b/meta/recipes-devtools/libtool/libtool/0006-libtool.m4-Handle-as-a-sysroot-correctly.patch
index a221dab5283..c104e904cc4 100644
---
a/meta/recipes-devtools/libtool/libtool/0006-libtool.m4-Handle-as-a-sysroot-correctly.patch
+++
b/meta/recipes-devtools/libtool/libtool/0006-libtool.m4-Handle-as-a-sysroot-correctly.patch
@@ -1,34 +1,29 @@
-From: Richard Purdie
-Subject: [PATCH 06/12] libtool.m4: Handle "/" as a sysroot correctly
+libtool.m4: Change libtool to handle sysroots by default
-Update libtool.m4 to resolve a problem with lt_sysroot not being properly
-updated if the option '--with[-libtool]-sysroot' is not provided when
-running the 'configure' script for a package so that "/" as a sysroot
-is handled correctly by libtool.
+Rather than using no sysroot by default, always query gcc to obtain the
sysroot.
Signed-off-by: Richard Purdie
-Upstream Report:
-http://lists.gnu.org/archive/html/bug-libtool/2013-09/msg5.html
+Upstream-Status: Inappropriate [Upstream are unlikely to accept this change of
default]
-Upstream-Status: Submitted
[https://lists.gnu.org/archive/html/libtool-patches/2021-10/msg00018.html]
+---
+ m4/libtool.m4 | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
-Index: libtool-2.4.7/m4/libtool.m4
-===
libtool-2.4.7.orig/m4/libtool.m4
-+++ libtool-2.4.7/m4/libtool.m4
-@@ -1254,16 +1254,20 @@ dnl lt_sysroot will always be passed unq
+diff --git a/m4/libtool.m4 b/m4/libtool.m4
+index 2f31d24..bd90775 100644
+--- a/m4/libtool.m4
b/m4/libtool.m4
+@@ -1254,18 +1254,18 @@ dnl lt_sysroo
[OE-core] [PATCH 1/5] libtool: Update patches to mark as backports
Several patches merged upstream, mark as such. Signed-off-by: Richard Purdie --- ...9-Makefile.am-make-sure-autoheader-run-before-autoconf.patch | 2 +- ...0-Makefile.am-make-sure-autoheader-run-before-automake.patch | 2 +- ...2-libtool.m4-For-reproducibility-stop-encoding-hostnam.patch | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/meta/recipes-devtools/libtool/libtool/0009-Makefile.am-make-sure-autoheader-run-before-autoconf.patch b/meta/recipes-devtools/libtool/libtool/0009-Makefile.am-make-sure-autoheader-run-before-autoconf.patch index 437c09fa6d4..1543ad2afd5 100644 --- a/meta/recipes-devtools/libtool/libtool/0009-Makefile.am-make-sure-autoheader-run-before-autoconf.patch +++ b/meta/recipes-devtools/libtool/libtool/0009-Makefile.am-make-sure-autoheader-run-before-autoconf.patch @@ -11,7 +11,7 @@ So make sure autoheader run before autoconf to avoid this race. Signed-off-by: Mingli Yu Signed-off-by: Richard Purdie -Upstream-Status: Submitted [https://lists.gnu.org/archive/html/libtool-patches/2021-10/msg00015.html] +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/libtool.git/commit/?id=e7dc729dd27b367905cd0ce52b5466d91537857a] diff --git a/Makefile.am b/Makefile.am index 6b546092..84795d87 100644 diff --git a/meta/recipes-devtools/libtool/libtool/0010-Makefile.am-make-sure-autoheader-run-before-automake.patch b/meta/recipes-devtools/libtool/libtool/0010-Makefile.am-make-sure-autoheader-run-before-automake.patch index a92e22905fa..67bd27ac928 100644 --- a/meta/recipes-devtools/libtool/libtool/0010-Makefile.am-make-sure-autoheader-run-before-automake.patch +++ b/meta/recipes-devtools/libtool/libtool/0010-Makefile.am-make-sure-autoheader-run-before-automake.patch @@ -11,7 +11,7 @@ so make automake run after autoheader to avoid the above race. Signed-off-by: Mingli Yu Signed-off-by: Richard Purdie -Upstream-Status: Submitted [https://lists.gnu.org/archive/html/libtool-patches/2021-10/msg00020.html] +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/libtool.git/commit/?id=e01c0bfe5e041418d84460901a1a5b11b89d596f] Signed-off-by: Mingli Yu diff --git a/meta/recipes-devtools/libtool/libtool/0012-libtool.m4-For-reproducibility-stop-encoding-hostnam.patch b/meta/recipes-devtools/libtool/libtool/0012-libtool.m4-For-reproducibility-stop-encoding-hostnam.patch index c750303d430..b0f771c9bbc 100644 --- a/meta/recipes-devtools/libtool/libtool/0012-libtool.m4-For-reproducibility-stop-encoding-hostnam.patch +++ b/meta/recipes-devtools/libtool/libtool/0012-libtool.m4-For-reproducibility-stop-encoding-hostnam.patch @@ -10,7 +10,7 @@ Signed-off-by: Richard Purdie https://sources.debian.org/data/main/libt/libtool/2.4.6-10/debian/patches/ no_hostname.patch -Upstream-Status: Submitted [https://lists.gnu.org/archive/html/libtool-patches/2021-10/msg00011.html] +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/libtool.git/commit/?id=bd826173c4c9c3fa8d77d92785754897cb4bfd89] diff --git a/m4/libtool.m4 b/m4/libtool.m4 index 022c1292..1a8a2998 100644 -- 2.39.2 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193908): https://lists.openembedded.org/g/openembedded-core/message/193908 Mute This Topic: https://lists.openembedded.org/mt/103785080/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 3/5] libtool: Update prefixmap and clang patches to match upstream submission
The patches were submitted upstream and adjusted after discussion. Update to
match
the changes requested.
Signed-off-by: Richard Purdie
---
...in.in-Parse-additional-clang-options.patch | 31 +++
...-prefix-map-compiler-options-correct.patch | 31 ---
2 files changed, 38 insertions(+), 24 deletions(-)
diff --git
a/meta/recipes-devtools/libtool/libtool/0001-ltmain.in-Parse-additional-clang-options.patch
b/meta/recipes-devtools/libtool/libtool/0001-ltmain.in-Parse-additional-clang-options.patch
index 0285c143d28..0dcf963dcca 100644
---
a/meta/recipes-devtools/libtool/libtool/0001-ltmain.in-Parse-additional-clang-options.patch
+++
b/meta/recipes-devtools/libtool/libtool/0001-ltmain.in-Parse-additional-clang-options.patch
@@ -1,21 +1,26 @@
-From: Khem Raj
-Subject: [PATCH] ltmain.in: Parse additional clang options
+ltmain.in: Parse additional clang options
-clang uses -rtlib and --unwindlib to select proper compiler runtime in
-some cases. There fore pass these options to linker when found in
+clang uses -rtlib and --unwindlib to select proper compiler
+runtime in some cases. Therefore pass these options to linker when found in
ldflags
-Upstream-Status: Pending
-Signed-off-by: Khem Raj
+* build-aux/ltmain.in: Handle clang linker options
-Index: libtool-2.4.7/build-aux/ltmain.in
-===
libtool-2.4.7.orig/build-aux/ltmain.in
-+++ libtool-2.4.7/build-aux/ltmain.in
-@@ -5420,10 +5420,12 @@ func_mode_link ()
+Signed-off-by: Richard Purdie
+Upstream-Status: Submitted
[https://lists.gnu.org/archive/html/libtool-patches/2024-01/msg00110.html]
+
+---
+ build-aux/ltmain.in | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/build-aux/ltmain.in b/build-aux/ltmain.in
+index 037f009..ba5c816 100644
+--- a/build-aux/ltmain.in
b/build-aux/ltmain.in
+@@ -5414,10 +5414,12 @@ func_mode_link ()
# -fsanitize=* Clang/GCC memory and address sanitizer
# -fuse-ld=* Linker select flags for GCC
- # -f*-prefix-map* needed for lto linking
+ # -f{file|debug|macro|profile}-prefix-map* needed for lto linking
+ # -rtlib=* select c runtime lib with clang
+ # --unwindlib=*select unwinder library with clang
# -Wa,*Pass flags directly to the assembler
@@ -23,6 +28,6 @@ Index: libtool-2.4.7/build-aux/ltmain.in
-t[45]*|-txscale*|-p|-pg|--coverage|-fprofile-*|-F*|@*|-tp=*|--sysroot=*| \
-
-O*|-g*|-flto*|-fwhopr*|-fuse-linker-plugin|-fstack-protector*|-stdlib=*| \
+
-O*|-g*|-flto*|-fwhopr*|-fuse-linker-plugin|-fstack-protector*|-stdlib=*|-rtlib=*|--unwindlib=*|
\
- -specs=*|-fsanitize=*|-fuse-ld=*|-f*-prefix-map*|-Wa,*)
+
-specs=*|-fsanitize=*|-fuse-ld=*|-ffile-prefix-map=*|-fdebug-prefix-map=*|-fmacro-prefix-map=*|-fprofile-prefix-map=*|-Wa,*)
func_quote_arg pretty "$arg"
arg=$func_quote_arg_result
diff --git
a/meta/recipes-devtools/libtool/libtool/0011-ltmain.in-Handle-prefix-map-compiler-options-correct.patch
b/meta/recipes-devtools/libtool/libtool/0011-ltmain.in-Handle-prefix-map-compiler-options-correct.patch
index 4945533badd..c0627795b45 100644
---
a/meta/recipes-devtools/libtool/libtool/0011-ltmain.in-Handle-prefix-map-compiler-options-correct.patch
+++
b/meta/recipes-devtools/libtool/libtool/0011-ltmain.in-Handle-prefix-map-compiler-options-correct.patch
@@ -1,28 +1,37 @@
-From: Richard Purdie
-Subject: [PATCH 11/12] ltmain.in: Handle prefix-map compiler options correctly
+ltmain.in: Handle prefix-map compiler options correctly
+
+If lto is enabled, we need the prefix-map variables to be passed to the linker
+to correctly link the objects using correctly mapped paths.
-If lto is enabled, we need the prefix-map variables to be passed to the linker.
Add these to the list of options libtool passes through.
+* build-aux/ltmain.in: Handle prefix-map compiler options
+
Signed-off-by: Richard Purdie
-Upstream-Status: Submitted
[https://lists.gnu.org/archive/html/libtool-patches/2021-10/msg00019.html]
+https://lists.gnu.org/archive/html/libtool-patches/2021-10/msg00019.html
+https://lists.gnu.org/archive/html/libtool-patches/2024-01/msg00066.html
+Upstream-Status: Submitted
[https://lists.gnu.org/archive/html/libtool-patches/2024-01/msg00109.html]
+
+---
+ build-aux/ltmain.in | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
-Index: libtool-2.4.7/build-aux/ltmain.in
-===
libtool-2.4.7.orig/build-aux/ltmain.in
-+++ libtool-2.4.7/build-aux/ltmain.in
-@@ -5419,11 +5419,12 @@ func_mode_link ()
+diff --git a/build-aux/ltmain.in b/build-aux/ltmain.in
+index 0a50f5b..037f009 100644
+--- a/build-aux/ltmain.in
b/build-aux/ltmain.in
+@@ -5413,11 +5413,12 @@ func_mode_link ()
# -stdlib=*select c++ std lib with clang
# -fsanitize=*
[OE-core] [PATCH 2/5] libtool: Update nios2 patch to match upstream merged version
Update the patch to match the version merged upstream.
Signed-off-by: Richard Purdie
---
...tool-Fix-support-for-NIOS2-processor.patch | 81 +--
1 file changed, 38 insertions(+), 43 deletions(-)
diff --git
a/meta/recipes-devtools/libtool/libtool/0007-libtool-Fix-support-for-NIOS2-processor.patch
b/meta/recipes-devtools/libtool/libtool/0007-libtool-Fix-support-for-NIOS2-processor.patch
index 277afe0af62..676ce7fd1ba 100644
---
a/meta/recipes-devtools/libtool/libtool/0007-libtool-Fix-support-for-NIOS2-processor.patch
+++
b/meta/recipes-devtools/libtool/libtool/0007-libtool-Fix-support-for-NIOS2-processor.patch
@@ -1,65 +1,60 @@
-From: Marek Vasut
-Subject: [PATCH 07/12] libtool: Fix support for NIOS2 processor
+libtool: Fix support for NIOS2 processor
The name of the system contains the string "nios2". This string
is caught by the some of the greedy checks for OS/2 in libtool,
in particular the *os2* branches of switch statements match for
the nios2 string, which results in incorrect behavior of libtool.
-This patch adds an explicit check for *nios2* before the *os2*
-checks to prevent the OS/2 check incorrectly trapping the nios2
-as well.
+Switch to use $host_os instead of $host and tweak the patterns to
+match to avoid this problem for nios2.
+
+* build-aux/ltmain.in: Fix NIOS2 support
+---
+ build-aux/ltmain.in | 12 ++--
+ 1 file changed, 6 insertions(+), 6 deletions(-)
-Signed-off-by: Marek Vasut
Signed-off-by: Richard Purdie
-Upstream-Status: Submitted
[https://lists.gnu.org/archive/html/libtool-patches/2021-10/msg00021.html]
+Submitted:
https://lists.gnu.org/archive/html/libtool-patches/2021-10/msg00021.html
+Reworked and submitted:
https://lists.gnu.org/archive/html/libtool-patches/2024-01/msg00068.html
+Upstream-Status: Backport
[https://git.savannah.gnu.org/cgit/libtool.git/commit/?id=49e6cb0d4dfdca2a59b909dc4532fe22dbc57ad5]
-diff --git a/build-aux/ltmain.in b/build-aux/ltmain.in
-index 6fb58ed2..606f17be 100644
a/build-aux/ltmain.in
-+++ b/build-aux/ltmain.in
-@@ -519,6 +519,12 @@ libtool_validate_options ()
+Index: libtool-2.4.7/build-aux/ltmain.in
+===
+--- libtool-2.4.7.orig/build-aux/ltmain.in
libtool-2.4.7/build-aux/ltmain.in
+@@ -518,10 +518,10 @@ libtool_validate_options ()
+ # preserve --debug
test : = "$debug_cmd" || func_append preserve_args " --debug"
- case $host in
-+ # For NIOS2, we want to make sure that it's not caught by the
-+ # more general OS/2 check below. Otherwise, NIOS2 is the same
-+ # as the default option.
-+ *nios2*)
-+opt_duplicate_compiler_generated_deps=$opt_preserve_dup_deps
-+;;
+-case $host in
++case $host_os in
# Solaris2 added to fix
http://debbugs.gnu.org/cgi/bugreport.cgi?bug=16452
# see also: http://gcc.gnu.org/bugzilla/show_bug.cgi?id=59788
- *cygwin* | *mingw* | *pw32* | *cegcc* | *solaris2* | *os2*)
-@@ -6246,6 +6252,15 @@ func_mode_link ()
+- *cygwin* | *mingw* | *pw32* | *cegcc* | *solaris2* | *os2*)
++ cygwin* | mingw* | pw32* | cegcc* | solaris2* | os2*)
+ # don't eliminate duplications in $postdeps and $predeps
+ opt_duplicate_compiler_generated_deps=:
+ ;;
+@@ -6273,8 +6273,8 @@ func_mode_link ()
+ fi
if test -n "$library_names" &&
{ test no = "$use_static_libs" || test -z "$old_library"; }; then
- case $host in
-+*nios2*)
-+ # For NIOS2, we want to make sure that it's not caught by the
-+ # more general OS/2 check below. Otherwise, NIOS2 is the same
-+ # as the default option.
-+ if test no = "$installed"; then
-+func_append notinst_deplibs " $lib"
-+need_relink=yes
-+ fi
-+ ;;
- *cygwin* | *mingw* | *cegcc* | *os2*)
+-case $host in
+-*cygwin* | *mingw* | *cegcc* | *os2*)
++case $host_os in
++cygwin* | mingw* | cegcc* | os2*)
# No point in relinking DLLs because paths are not encoded
func_append notinst_deplibs " $lib"
-@@ -6316,6 +6331,11 @@ func_mode_link ()
+ need_relink=no
+@@ -6343,8 +6343,8 @@ func_mode_link ()
+ soname=$dlname
elif test -n "$soname_spec"; then
# bleh windows
- case $host in
-+*nios2*)
-+ # For NIOS2, we want to make sure that it's not caught by the
-+ # more general OS/2 check below. Otherwise, NIOS2 is the same
-+ # as the default option.
-+ ;;
- *cygwin* | mingw* | *cegcc* | *os2*)
+-case $host in
+-*cygwin* | mingw* | *cegcc* | *os2*)
++case $host_os in
++cygwin* | mingw* | cegcc* | os2*)
func_arith $current - $age
major=$func_arith_result
---
-2.25.1
-
+ versuffix=-$
Re: [OE-core] [PATCH v3 2/2] shadow: link executables statically for -native variant
On Thu, 11 Jan 2024 at 15:15, Alexander Kanavin wrote:
>
> shadow 4.14.x adds a number of libraries it dynamically links with
> (md, bsd, attr). This causes troubles in setscene tasks where
> shadow executables are used (such as useradd), as pulling in
> the needed dynamic libraries needs unpleasant special-casing.
>
> Signed-off-by: Alexander Kanavin
It seems, this is causing issues with the TuxOE builds. We have been
observing issues with the TuxOE build environment with the image
creation choking on the home dirs. Reverting this patch seems to fix
the problem. The build environment is Ubuntu 20.04 running in a
container on Ubuntu 22.04.
ERROR: rpb-weston-image-1.0-r0 do_image_tar:
ExecutionError('/oe/build/tmp-rpb_wayland-glibc/work/qcom_armv8a-linaro-linux/rpb-weston-image/1.0/temp/run.do_image_tar.160075',
1, None, None)
ERROR: Logfile of failure stored in:
/oe/build/tmp-rpb_wayland-glibc/work/qcom_armv8a-linaro-linux/rpb-weston-image/1.0/temp/log.do_image_tar.160075
Log data follows:
| DEBUG: Executing python function set_image_size
| DEBUG: 1402908.00 = 1079160 * 1.30
| DEBUG: 1402908.00 = max(1402908.00, 65536)[1402908.00] + 0
| DEBUG: 1402908.00 = int(1402908.00)
| DEBUG: 1404928 = aligned(1402908)
| DEBUG: returning 1404928
| DEBUG: Python function set_image_size finished
| DEBUG: Executing shell function do_image_tar
| tar: ./home/linaro/.bashrc: Unknown file type; file ignored
| tar: ./home/linaro/.profile: Unknown file type; file ignored
| tar: Exiting with failure status due to previous errors
| WARNING:
/oe/build/tmp-rpb_wayland-glibc/work/qcom_armv8a-linaro-linux/rpb-weston-image/1.0/temp/run.do_image_tar.160075:146
exit 1 from '[ $? -eq 1 ]'
| WARNING: Backtrace (BB generated script):
| #1: do_image_tar,
/oe/build/tmp-rpb_wayland-glibc/work/qcom_armv8a-linaro-linux/rpb-weston-image/1.0/temp/run.do_image_tar.160075,
line 146
| #2: main,
/oe/build/tmp-rpb_wayland-glibc/work/qcom_armv8a-linaro-linux/rpb-weston-image/1.0/temp/run.do_image_tar.160075,
line 152
NOTE: recipe rpb-weston-image-1.0-r0: task do_image_tar: Failed
ERROR: Task
(/oe/build/conf/../../layers/meta-rpb/recipes-samples/images/rpb-weston-image.bb:do_image_tar)
failed with exit code '1'
| DEBUG: Python function extend_recipe_sysroot finished
| DEBUG: Executing python function set_image_size
| DEBUG: 1402908.00 = 1079160 * 1.30
| DEBUG: 1402908.00 = max(1402908.00, 65536)[1402908.00] + 0
| DEBUG: 1402908.00 = int(1402908.00)
| DEBUG: 1404928 = aligned(1402908)
| DEBUG: returning 1404928
| DEBUG: Python function set_image_size finished
| DEBUG: Executing shell function do_image_ext4
| DEBUG: Executing dd if=/dev/zero
of=/oe/build/tmp-rpb_wayland-glibc/work/qcom_armv8a-linaro-linux/rpb-weston-image/1.0/deploy-rpb-weston-image-image-complete/rpb-weston-image-qcom-armv8a.rootfs-20240117062023.ext4
seek=1404928 count=0 bs=1024
| 0+0 records in
| 0+0 records out
| 0 bytes copied, 9.0878e-05 s, 0.0 kB/s
| DEBUG: Actual Rootfs size: 1075376
/oe/build/tmp-rpb_wayland-glibc/work/qcom_armv8a-linaro-linux/rpb-weston-image/1.0/rootfs
| DEBUG: Actual Partition size: 1438646272
| DEBUG: Executing mkfs.ext4 -F -b 4096
/oe/build/tmp-rpb_wayland-glibc/work/qcom_armv8a-linaro-linux/rpb-weston-image/1.0/deploy-rpb-weston-image-image-complete/rpb-weston-image-qcom-armv8a.rootfs-20240117062023.ext4
-d
/oe/build/tmp-rpb_wayland-glibc/work/qcom_armv8a-linaro-linux/rpb-weston-image/1.0/rootfs
| mke2fs 1.47.0 (5-Feb-2023)
| Discarding device blocks: 0/351232
done
| Creating filesystem with 351232 4k blocks and 87824 inodes
| Filesystem UUID: 27cefb6f-e38e-44ed-ab0f-4b613d3594f2
| Superblock backups stored on blocks:
| 32768, 98304, 163840, 229376, 294912
|
| Allocating group tables: 0/11 done
| Writing inode tables: 0/11 done
| Creating journal (8192 blocks): done
| Copying files into the device: __populate_fs: ignoring entry ".bashrc"
| .bashrc: File not found by ext2_lookup while looking up ".bashrc"
| mkfs.ext4: File not found by ext2_lookup while populating file system
| WARNING:
/oe/build/tmp-rpb_wayland-glibc/work/qcom_armv8a-linaro-linux/rpb-weston-image/1.0/temp/run.do_image_ext4.160095:176
exit 1 from 'mkfs.$fstype -F $extra_imagecmd
/oe/build/tmp-rpb_wayland-glibc/work/qcom_armv8a-linaro-linux/rpb-weston-image/1.0/deploy-rpb-weston-image-image-complete/rpb-weston-image-qcom-armv8a.rootfs-20240117062023.$fstype
-d
/oe/build/tmp-rpb_wayland-glibc/work/qcom_armv8a-linaro-linux/rpb-weston-image/1.0/rootfs'
| WARNING: Backtrace (BB generated script):
| #1: oe_mkext234fs,
/oe/build/tmp-rpb_wayland-glibc/work/qcom_armv8a-linaro-linux/rpb-weston-image/1.0/temp/run.do_image_ext4.160095,
line 176
| #2: do_image_ext4,
/oe/build/tmp-rpb_wayland-glibc/work/qcom_armv8a-linaro-linux/rpb-weston-image/1.0/temp/run.do_image_ext4.160095,
line 146
| #3: main,
/oe/build/tmp-rpb_wayland-glibc/work/qcom_armv8a-linaro-linux/rpb-weston-image/1.0/temp/run
[OE-core] Patchtest results for [kirkstone][PATCHv2] openssl: fix CVE-2023-6237 Excessive time spent checking invalid RSA public keys
Thank you for your submission. Patchtest identified one or more issues with the patch. Please see the log below for more information: --- Testing patch /home/patchtest/share/mboxes/kirkstone-PATCHv2-openssl-fix-CVE-2023-6237-Excessive-time-spent-checking-invalid-RSA-public-keys.patch FAIL: test CVE check ignore: CVE_CHECK_IGNORE is deprecated and should be replaced by CVE_STATUS (test_metadata.TestMetadata.test_cve_check_ignore) PASS: test CVE tag format (test_patch.TestPatch.test_cve_tag_format) PASS: test Signed-off-by presence (test_mbox.TestMbox.test_signed_off_by_presence) PASS: test Signed-off-by presence (test_patch.TestPatch.test_signed_off_by_presence) PASS: test Upstream-Status presence (test_patch.TestPatch.test_upstream_status_presence_format) PASS: test author valid (test_mbox.TestMbox.test_author_valid) PASS: test commit message presence (test_mbox.TestMbox.test_commit_message_presence) PASS: test lic files chksum modified not mentioned (test_metadata.TestMetadata.test_lic_files_chksum_modified_not_mentioned) PASS: test max line length (test_metadata.TestMetadata.test_max_line_length) PASS: test mbox format (test_mbox.TestMbox.test_mbox_format) PASS: test non-AUH upgrade (test_mbox.TestMbox.test_non_auh_upgrade) PASS: test shortlog format (test_mbox.TestMbox.test_shortlog_format) PASS: test shortlog length (test_mbox.TestMbox.test_shortlog_length) PASS: test target mailing list (test_mbox.TestMbox.test_target_mailing_list) SKIP: pretest pylint: No python related patches, skipping test (test_python_pylint.PyLint.pretest_pylint) SKIP: pretest src uri left files: Patch cannot be merged (test_metadata.TestMetadata.pretest_src_uri_left_files) SKIP: test bugzilla entry format: No bug ID found (test_mbox.TestMbox.test_bugzilla_entry_format) SKIP: test lic files chksum presence: No added recipes, skipping test (test_metadata.TestMetadata.test_lic_files_chksum_presence) SKIP: test license presence: No added recipes, skipping test (test_metadata.TestMetadata.test_license_presence) SKIP: test pylint: No python related patches, skipping test (test_python_pylint.PyLint.test_pylint) SKIP: test series merge on head: Merge test is disabled for now (test_mbox.TestMbox.test_series_merge_on_head) SKIP: test src uri left files: Patch cannot be merged (test_metadata.TestMetadata.test_src_uri_left_files) SKIP: test summary presence: No added recipes, skipping test (test_metadata.TestMetadata.test_summary_presence) --- Please address the issues identified and submit a new revision of the patch, or alternatively, reply to this email with an explanation of why the patch should be accepted. If you believe these results are due to an error in patchtest, please submit a bug at https://bugzilla.yoctoproject.org/ (use the 'Patchtest' category under 'Yocto Project Subprojects'). For more information on specific failures, see: https://wiki.yoctoproject.org/wiki/Patchtest. Thank you! -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193906): https://lists.openembedded.org/g/openembedded-core/message/193906 Mute This Topic: https://lists.openembedded.org/mt/103783954/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [kirkstone][PATCHv2] openssl: fix CVE-2023-6237 Excessive time spent checking invalid RSA public keys
Upstream-Status: Backport from
https://github.com/openssl/openssl/commit/e09fc1d746a4fd15bb5c3d7bbbab950aadd005db
Signed-off-by: Hitendra Prajapati
---
.../openssl/openssl/CVE-2023-6237.patch | 127 ++
.../openssl/openssl_3.0.12.bb | 3 +-
2 files changed, 129 insertions(+), 1 deletion(-)
create mode 100644
meta/recipes-connectivity/openssl/openssl/CVE-2023-6237.patch
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2023-6237.patch
b/meta/recipes-connectivity/openssl/openssl/CVE-2023-6237.patch
new file mode 100644
index 00..621dc6b0ab
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/CVE-2023-6237.patch
@@ -0,0 +1,127 @@
+rom e09fc1d746a4fd15bb5c3d7bbbab950aadd005db Mon Sep 17 00:00:00 2001
+From: Tomas Mraz
+Date: Fri, 22 Dec 2023 16:25:56 +0100
+Subject: [PATCH] Limit the execution time of RSA public key check
+
+Fixes CVE-2023-6237
+
+If a large and incorrect RSA public key is checked with
+EVP_PKEY_public_check() the computation could take very long time
+due to no limit being applied to the RSA public key size and
+unnecessarily high number of Miller-Rabin algorithm rounds
+used for non-primality check of the modulus.
+
+Now the keys larger than 16384 bits (OPENSSL_RSA_MAX_MODULUS_BITS)
+will fail the check with RSA_R_MODULUS_TOO_LARGE error reason.
+Also the number of Miller-Rabin rounds was set to 5.
+
+Reviewed-by: Neil Horman
+Reviewed-by: Matt Caswell
+(Merged from https://github.com/openssl/openssl/pull/23243)
+
+Upstream-Status: Backport
[https://github.com/openssl/openssl/commit/e09fc1d746a4fd15bb5c3d7bbbab950aadd005db]
+CVE: CVE-2023-6237
+Signed-off-by: Hitendra Prajapati
+---
+ crypto/rsa/rsa_sp800_56b_check.c | 8 +++-
+ test/recipes/91-test_pkey_check.t | 2 +-
+ .../91-test_pkey_check_data/rsapub_17k.pem| 48 +++
+ 3 files changed, 56 insertions(+), 2 deletions(-)
+ create mode 100644 test/recipes/91-test_pkey_check_data/rsapub_17k.pem
+
+diff --git a/crypto/rsa/rsa_sp800_56b_check.c
b/crypto/rsa/rsa_sp800_56b_check.c
+index fc8f19b..bcbdd24 100644
+--- a/crypto/rsa/rsa_sp800_56b_check.c
b/crypto/rsa/rsa_sp800_56b_check.c
+@@ -289,6 +289,11 @@ int ossl_rsa_sp800_56b_check_public(const RSA *rsa)
+ return 0;
+
+ nbits = BN_num_bits(rsa->n);
++if (nbits > OPENSSL_RSA_MAX_MODULUS_BITS) {
++ERR_raise(ERR_LIB_RSA, RSA_R_MODULUS_TOO_LARGE);
++return 0;
++}
++
+ #ifdef FIPS_MODULE
+ /*
+ * (Step a): modulus must be 2048 or 3072 (caveat from SP800-56Br1)
+@@ -324,7 +329,8 @@ int ossl_rsa_sp800_56b_check_public(const RSA *rsa)
+ goto err;
+ }
+
+-ret = ossl_bn_miller_rabin_is_prime(rsa->n, 0, ctx, NULL, 1, &status);
++/* Highest number of MR rounds from FIPS 186-5 Section B.3 Table B.1 */
++ret = ossl_bn_miller_rabin_is_prime(rsa->n, 5, ctx, NULL, 1, &status);
+ #ifdef FIPS_MODULE
+ if (ret != 1 || status != BN_PRIMETEST_COMPOSITE_NOT_POWER_OF_PRIME) {
+ #else
+diff --git a/test/recipes/91-test_pkey_check.t
b/test/recipes/91-test_pkey_check.t
+index dc7cc64..f8088df 100644
+--- a/test/recipes/91-test_pkey_check.t
b/test/recipes/91-test_pkey_check.t
+@@ -70,7 +70,7 @@ push(@positive_tests, (
+ "dhpkey.pem"
+ )) unless disabled("dh");
+
+-my @negative_pubtests = ();
++my @negative_pubtests = ("rsapub_17k.pem"); # Too big RSA public key
+
+ push(@negative_pubtests, (
+ "dsapub_noparam.der"
+diff --git a/test/recipes/91-test_pkey_check_data/rsapub_17k.pem
b/test/recipes/91-test_pkey_check_data/rsapub_17k.pem
+new file mode 100644
+index 000..9a2eaed
+--- /dev/null
b/test/recipes/91-test_pkey_check_data/rsapub_17k.pem
+@@ -0,0 +1,48 @@
++-BEGIN PUBLIC KEY-
++MIIIbzANBgkqhkiG9w0BAQEFAAOCCFwAMIIIVwKCCE4Ang+cE5H+hg3RbapDAHqR
++B9lUnp2MlAwsZxQ/FhYepaR60bFQeumbu7817Eo5YLMObVI99hF1C4u/qcpD4Jph
++gZt87/JAYDbP+DIh/5gUXCL9m5Fp4u7mvZaZdnlcftBvR1uKUTCAwc9pZ/Cfr8W2
++GzrRODzsNYnk2DcZMfe2vRDuDZRopE+Y+I72rom2SZLxoN547N1daM/M/CL9KVQ/
++XMI/YOpJrBI0jI3brMRhLkvLckwies9joufydlGbJkeil9H7/grj3fQZtFkZ2Pkj
++b87XDzRVX7wsEpAgPJxskL3jApokCp1kQYKG+Uc3dKM9Ade6IAPK7VKcmbAQTYw2
++gZxsc28dtstazmfGz0ACCTSMrmbgWAM3oPL7RRzhrXDWgmYQ0jHefGh8SNTIgtPq
++TuHxPYkDMQNaf0LmDGCxqlnf4b5ld3YaU8zZ/RqIRx5v/+w0rJUvU53qY1bYSnL1
++vbqKSnN2mip0GYyQ4AUgkS1NBV4rGYU/VTvzEjLfkg02KOtHKandvEoUjmZPzCT0
++V2ZhGc8K1UJNGYlIiHqCdwCBoghvly/pYajTkDXyd6BsukzA5H3IkZB1xDgl035j
++/0Cr7QeZLEOdi9fPdSSaBT6OmD0WFuZfJF0wMr7ucRhWzPXvSensD9v7MBE7tNfH
++SLeTSx8tLt8UeWriiM+0CnkPR1IOqMOxubOyf1eV8NQqEWm5wEQG/0IskbOKnaHa
++PqLFJZn/bvyL3XK5OxVIJG3z6bnRDOMS9SzkjqgPdIO8tkySEHVSi/6iuGUltx3Y
++Fmq6ye/r34ekyHPbfn6UuTON7joM6SIXb5bHM64x4iMVWx4hMvDjfy0UqfywAUyu
++C1o7BExSMxxFG8GJcqR0K8akpPp7EM588PC+YuItoxzXgfUJnP3BQ1Beev2Ve7/J
++xeGZH0N4ntfr+cuaLAakAER9zDglwChWflw3NNFgIdAgSxXv3XXx5xDXpdP4lxUo
++F5zAN4Mero3yV90FaJl7Vhq/UFVidbwFc15jUDwaE0mKRcsBeVd3GOhoECAgE0id
++aIPT20z8oVY0FyTJlRk7QSjo8WjJSrHY/Fn14gctX07ZdfkufyL6w+NijBdYluvB
++nIrgHEvpkDEWoIa8qc
[OE-core][PATCH] opensbi: bump to 1.4
From: Thomas Perrot
This release has:
- Synopsys DesignWare APB GPIO driver
- Zicntr and Zihpm support
- Console print improvements
- Smepmp support
- Simple FDT based syscon regmap driver
- Syscon based reboot and poweroff driver
- Non-contiguous hpm counters
- Smcntrpmf support
- Full sparse hartid support
- IPI improvements
- RFENCE improvements
- Zkr support
- Andes custom PMU support
Overall, this release mainly adds more ISA extensions, drivers and other
improvements.
https://github.com/riscv-software-src/opensbi/compare/v1.3.1...v1.4
Signed-off-by: Thomas Perrot
---
...re-Remove-handling-of-R_RISCV_-32-64.patch | 88 +++
.../{opensbi_1.3.bb => opensbi_1.4.bb}| 8 +-
2 files changed, 92 insertions(+), 4 deletions(-)
create mode 100644
meta/recipes-bsp/opensbi/opensbi/0001-Revert-firmware-Remove-handling-of-R_RISCV_-32-64.patch
rename meta/recipes-bsp/opensbi/{opensbi_1.3.bb => opensbi_1.4.bb} (90%)
diff --git
a/meta/recipes-bsp/opensbi/opensbi/0001-Revert-firmware-Remove-handling-of-R_RISCV_-32-64.patch
b/meta/recipes-bsp/opensbi/opensbi/0001-Revert-firmware-Remove-handling-of-R_RISCV_-32-64.patch
new file mode 100644
index ..d14e0b73a9bc
--- /dev/null
+++
b/meta/recipes-bsp/opensbi/opensbi/0001-Revert-firmware-Remove-handling-of-R_RISCV_-32-64.patch
@@ -0,0 +1,88 @@
+From bfe480929bcc966e1fdf5afdde8d4c22adba7f6f Mon Sep 17 00:00:00 2001
+From: Thomas Perrot
+Date: Tue, 16 Jan 2024 15:16:58 +0100
+Subject: [PATCH] Revert "firmware: Remove handling of R_RISCV_{32,64}"
+
+This reverts commit 2a6d72534d44c39e1de0614970a0dad97b1c41ba.
+
+Upstream-Status: Inappropriate [oe specific]
+Signed-off-by: Thomas Perrot
+---
+ firmware/fw_base.S | 22 ++
+ firmware/fw_base.ldS| 6 ++
+ include/sbi/riscv_elf.h | 8
+ 3 files changed, 36 insertions(+)
+
+diff --git a/firmware/fw_base.S b/firmware/fw_base.S
+index f7763f4d9e56..60efad39b231 100644
+--- a/firmware/fw_base.S
b/firmware/fw_base.S
+@@ -88,8 +88,30 @@ _try_lottery:
+ add t5, t5, t2
+ add t3, t3, t2
+ REG_S t5, 0(t3) /* store runtime address to the GOT
entry */
++ j 5f
+
+ 3:
++ lla t4, __dyn_sym_start
++
++4:
++ srlit6, t5, SYM_INDEX /* t6 <--- sym table index */
++ andit5, t5, 0xFF/* t5 <--- relocation type */
++ li t3, RELOC_TYPE
++ bne t5, t3, 5f
++
++ /* address R_RISCV_64 or R_RISCV_32 cases*/
++ REG_L t3, 0(t0)
++ li t5, SYM_SIZE
++ mul t6, t6, t5
++ add s5, t4, t6
++ REG_L t6, (REGBYTES * 2)(t0) /* t0 <-- addend */
++ REG_L t5, REGBYTES(s5)
++ add t5, t5, t6
++ add t5, t5, t2 /* t5 <-- location to fix up in RAM */
++ add t3, t3, t2 /* t3 <-- location to fix up in RAM */
++ REG_S t5, 0(t3) /* store runtime address to the
variable */
++
++5:
+ addit0, t0, (REGBYTES * 3)
+ blt t0, t1, 2b
+ j _relocate_done
+diff --git a/firmware/fw_base.ldS b/firmware/fw_base.ldS
+index c15ccdbf6612..88b8dfd9cb56 100644
+--- a/firmware/fw_base.ldS
b/firmware/fw_base.ldS
+@@ -40,6 +40,12 @@
+
+ . = ALIGN(0x1000); /* Ensure next section is page aligned */
+
++ .dynsym : {
++ PROVIDE(__dyn_sym_start = .);
++ *(.dynsym)
++ PROVIDE(__dyn_sym_end = .);
++ }
++
+ .rela.dyn : {
+ PROVIDE(__rel_dyn_start = .);
+ *(.rela*)
+diff --git a/include/sbi/riscv_elf.h b/include/sbi/riscv_elf.h
+index ed361e346155..3b62c38b4a2d 100644
+--- a/include/sbi/riscv_elf.h
b/include/sbi/riscv_elf.h
+@@ -1,6 +1,14 @@
+ #ifndef __RISCV_ELF_H__
+ #define __RISCV_ELF_H__
+
++#include
++
++#define R_RISCV_321
++#define R_RISCV_642
+ #define R_RISCV_RELATIVE 3
+
++#define RELOC_TYPE__REG_SEL(R_RISCV_64, R_RISCV_32)
++#define SYM_INDEX __REG_SEL(0x20, 0x8)
++#define SYM_SIZE __REG_SEL(0x18,0x10)
++
+ #endif
+--
+2.43.0
diff --git a/meta/recipes-bsp/opensbi/opensbi_1.3.bb
b/meta/recipes-bsp/opensbi/opensbi_1.4.bb
similarity index 90%
rename from meta/recipes-bsp/opensbi/opensbi_1.3.bb
rename to meta/recipes-bsp/opensbi/opensbi_1.4.bb
index f01cae34d1ff..6cb1a2680f2a 100644
--- a/meta/recipes-bsp/opensbi/opensbi_1.3.bb
+++ b/meta/recipes-bsp/opensbi/opensbi_1.4.bb
@@ -8,8 +8,10 @@ require opensbi-payloads.inc
inherit autotools-brokensep deploy
-SRCREV = "057eb10b6d523540012e6947d5c9f63e95244e94"
-SRC_URI =
"git://github.com/riscv/opensbi.git;branch=release-1.3.x;protocol=https"
+SRCREV = "a2b255b88918715173942f2c5e1f97ac9e90c877"
+SRC_URI = "git://github.com/riscv/opensbi.git;branch=master;protocol=https \
+ file://0001-Revert-firmware-Remove-handling-of-R_RISCV_-32-64.patch \
+ "
S = "${WORKDIR}/git"
@@ -43,5 +45,3 @@ FILES:${PN} +=
"/s
Re: [OE-core] how badly do symlinks from within ${S} to outside ${S} mess up sstate?
On Tue, 16 Jan 2024, Richard Purdie wrote:
> On Tue, 2024-01-16 at 09:23 -0500, Robert P. J. Day wrote:
> > a very weird question, to be sure, but i literally just ran across a
> > recipe that does the following (i will paraphrase some stuff to
> > protect the innocent).
> >
> > the recipe processes a bunch of XML source files, and generates from
> > them JSON files, so any change in any of the XML source files should
> > (obviously) trigger a rebuild of the recipe. and here's the problem.
> >
> > the XML files are not copied into the recipe source directory, and
> > are not even referenced by SRC_URI. rather, the files live in a
> > well-known location on the build host (placed there by a monstrous
> > "repo sync"), and to save time and space, the recipe just *symlinks*
> > from inside ${S} to the XML source files outside of ${S}, then
> > proceeds to process them to generate the subsequent JSON files.
> >
> > the complaint is that, when the build pipeline started taking
> > advantage of sstate-cache, even after some of the XML files were
> > changed, the recipe would not rebuild.
> >
> > once i understood what was happening, my immediate reaction was
> > along the lines, "well, since what is under ${S} is simply symlinks to
> > files *outside* of ${S} and (worse) those symlink names will never
> > change (all that will change is the XML files at the other end), how
> > is bitbake supposed to have any idea that those XML files have
> > changed to kick off a rebuild?"
> >
> > so my initial response was, "this does not surprise me at all," but
> > does my reasoning hold up? obviously, this should probably use a
> > combination of bin_package and externalsrc, but as it is now, is it
> > moderately accurate to suggest that it is those symlinks that are
> > preventing bitbake from understanding that anything has changed, so
> > that it continues to use the old sstate-cache?
>
> Inputs to a recipe need to come through SRC_URI. That way bitbake can
> know when they change. If you point at some random place via a symlink
> how is bitbake supposed to know if/when they change?
>
> Yes, pointing at a large tree of files will take time to hash and yes,
> that can make parsing slow. Either you care when it changes or you
> don't.
>
> The inputs are used to generate a hash which makes up the hash
> representing the task. When the hash changes, we know that sstate is
> invalid and we need to rebuild.
thanks, richard, i appreciate the time you took to clarify this. i'm
going to paraphrase and add it to my WIP "OE/YP best practices"
internal doc; this advice would be contained in the chapter, "for the
love of god, stop doing this!"
thanks again.
rday
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#193903):
https://lists.openembedded.org/g/openembedded-core/message/193903
Mute This Topic: https://lists.openembedded.org/mt/103762271/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] Patchtest results for [meta-oe][PATCH 1/2] buildstats: consider multiconfigs when collecting statistics.
Thank you for your submission. Patchtest identified one or more issues with the patch. Please see the log below for more information: --- Testing patch /home/patchtest/share/mboxes/meta-oe-1-2-buildstats-consider-multiconfigs-when-collecting-statistics..patch FAIL: test target mailing list: Series sent to the wrong mailing list or some patches from the series correspond to different mailing lists (test_mbox.TestMbox.test_target_mailing_list) PASS: test Signed-off-by presence (test_mbox.TestMbox.test_signed_off_by_presence) PASS: test author valid (test_mbox.TestMbox.test_author_valid) PASS: test commit message presence (test_mbox.TestMbox.test_commit_message_presence) PASS: test max line length (test_metadata.TestMetadata.test_max_line_length) PASS: test mbox format (test_mbox.TestMbox.test_mbox_format) PASS: test non-AUH upgrade (test_mbox.TestMbox.test_non_auh_upgrade) PASS: test shortlog format (test_mbox.TestMbox.test_shortlog_format) PASS: test shortlog length (test_mbox.TestMbox.test_shortlog_length) SKIP: pretest pylint: No python related patches, skipping test (test_python_pylint.PyLint.pretest_pylint) SKIP: pretest src uri left files: Patch cannot be merged (test_metadata.TestMetadata.pretest_src_uri_left_files) SKIP: test CVE check ignore: No modified recipes, skipping test (test_metadata.TestMetadata.test_cve_check_ignore) SKIP: test CVE tag format: No new CVE patches introduced (test_patch.TestPatch.test_cve_tag_format) SKIP: test Signed-off-by presence: No new CVE patches introduced (test_patch.TestPatch.test_signed_off_by_presence) SKIP: test Upstream-Status presence: No new CVE patches introduced (test_patch.TestPatch.test_upstream_status_presence_format) SKIP: test bugzilla entry format: No bug ID found (test_mbox.TestMbox.test_bugzilla_entry_format) SKIP: test lic files chksum modified not mentioned: No modified recipes, skipping test (test_metadata.TestMetadata.test_lic_files_chksum_modified_not_mentioned) SKIP: test lic files chksum presence: No added recipes, skipping test (test_metadata.TestMetadata.test_lic_files_chksum_presence) SKIP: test license presence: No added recipes, skipping test (test_metadata.TestMetadata.test_license_presence) SKIP: test pylint: No python related patches, skipping test (test_python_pylint.PyLint.test_pylint) SKIP: test series merge on head: Merge test is disabled for now (test_mbox.TestMbox.test_series_merge_on_head) SKIP: test src uri left files: Patch cannot be merged (test_metadata.TestMetadata.test_src_uri_left_files) SKIP: test summary presence: No added recipes, skipping test (test_metadata.TestMetadata.test_summary_presence) --- Please address the issues identified and submit a new revision of the patch, or alternatively, reply to this email with an explanation of why the patch should be accepted. If you believe these results are due to an error in patchtest, please submit a bug at https://bugzilla.yoctoproject.org/ (use the 'Patchtest' category under 'Yocto Project Subprojects'). For more information on specific failures, see: https://wiki.yoctoproject.org/wiki/Patchtest. Thank you! -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193901): https://lists.openembedded.org/g/openembedded-core/message/193901 Mute This Topic: https://lists.openembedded.org/mt/103782012/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] Patchtest results for [meta-oe][PATCH 2/2] buildstats: support of custom disk usage command
Thank you for your submission. Patchtest identified one or more issues with the patch. Please see the log below for more information: --- Testing patch /home/patchtest/share/mboxes/meta-oe-2-2-buildstats-support-of-custom-disk-usage-command.patch FAIL: test target mailing list: Series sent to the wrong mailing list or some patches from the series correspond to different mailing lists (test_mbox.TestMbox.test_target_mailing_list) PASS: test Signed-off-by presence (test_mbox.TestMbox.test_signed_off_by_presence) PASS: test author valid (test_mbox.TestMbox.test_author_valid) PASS: test commit message presence (test_mbox.TestMbox.test_commit_message_presence) PASS: test max line length (test_metadata.TestMetadata.test_max_line_length) PASS: test mbox format (test_mbox.TestMbox.test_mbox_format) PASS: test non-AUH upgrade (test_mbox.TestMbox.test_non_auh_upgrade) PASS: test shortlog format (test_mbox.TestMbox.test_shortlog_format) PASS: test shortlog length (test_mbox.TestMbox.test_shortlog_length) SKIP: pretest pylint: No python related patches, skipping test (test_python_pylint.PyLint.pretest_pylint) SKIP: pretest src uri left files: Patch cannot be merged (test_metadata.TestMetadata.pretest_src_uri_left_files) SKIP: test CVE check ignore: No modified recipes, skipping test (test_metadata.TestMetadata.test_cve_check_ignore) SKIP: test CVE tag format: No new CVE patches introduced (test_patch.TestPatch.test_cve_tag_format) SKIP: test Signed-off-by presence: No new CVE patches introduced (test_patch.TestPatch.test_signed_off_by_presence) SKIP: test Upstream-Status presence: No new CVE patches introduced (test_patch.TestPatch.test_upstream_status_presence_format) SKIP: test bugzilla entry format: No bug ID found (test_mbox.TestMbox.test_bugzilla_entry_format) SKIP: test lic files chksum modified not mentioned: No modified recipes, skipping test (test_metadata.TestMetadata.test_lic_files_chksum_modified_not_mentioned) SKIP: test lic files chksum presence: No added recipes, skipping test (test_metadata.TestMetadata.test_lic_files_chksum_presence) SKIP: test license presence: No added recipes, skipping test (test_metadata.TestMetadata.test_license_presence) SKIP: test pylint: No python related patches, skipping test (test_python_pylint.PyLint.test_pylint) SKIP: test series merge on head: Merge test is disabled for now (test_mbox.TestMbox.test_series_merge_on_head) SKIP: test src uri left files: Patch cannot be merged (test_metadata.TestMetadata.test_src_uri_left_files) SKIP: test summary presence: No added recipes, skipping test (test_metadata.TestMetadata.test_summary_presence) --- Please address the issues identified and submit a new revision of the patch, or alternatively, reply to this email with an explanation of why the patch should be accepted. If you believe these results are due to an error in patchtest, please submit a bug at https://bugzilla.yoctoproject.org/ (use the 'Patchtest' category under 'Yocto Project Subprojects'). For more information on specific failures, see: https://wiki.yoctoproject.org/wiki/Patchtest. Thank you! -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193902): https://lists.openembedded.org/g/openembedded-core/message/193902 Mute This Topic: https://lists.openembedded.org/mt/103782013/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [meta-oe][PATCH 1/2] buildstats: consider multiconfigs when collecting statistics.
When multiconfigs are used, statistics for the same package name but
from the different multiconfigs is collected into the same file.
This causes incorrect charts generated with pybootchartgui, when
only the most recent part of statistics is shown.
This patch adds custom multiconfig prefix to the file names that
hold statistics.
Signed-off-by: Uladzimir Bely
---
meta/classes/buildstats.bbclass | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta/classes/buildstats.bbclass b/meta/classes/buildstats.bbclass
index 0de605200a..b417929b61 100644
--- a/meta/classes/buildstats.bbclass
+++ b/meta/classes/buildstats.bbclass
@@ -185,6 +185,8 @@ python run_buildstats () {
if bn is not None:
bsdir = os.path.join(d.getVar('BUILDSTATS_BASE'), bn)
taskdir = os.path.join(bsdir, d.getVar('PF'))
+if d.getVar('BB_CURRENT_MC') != 'default':
+taskdir = os.path.join(bsdir, d.getVar('BB_CURRENT_MC') + '_' +
d.getVar('PF'))
if isinstance(e, bb.event.HeartbeatEvent) and
bb.utils.to_boolean(d.getVar("BB_LOG_HOST_STAT_ON_INTERVAL")):
bb.utils.mkdirhier(bsdir)
write_host_data(os.path.join(bsdir, "host_stats_interval"), e, d,
"interval")
--
2.41.0
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#193900):
https://lists.openembedded.org/g/openembedded-core/message/193900
Mute This Topic: https://lists.openembedded.org/mt/103781926/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [meta-oe][PATCH 0/2] Buildstats improvements for using in Isar.
Isar project (https://github.com/ilbers/isar) borrows from OE some functionality including buildstats. Here are the changes that are mostly suitable to use in Isar but they should not break anything in OE/Yocto. Uladzimir Bely (2): buildstats: consider multiconfigs when collecting statistics. buildstats: support of custom disk usage command meta/classes/buildstats.bbclass | 7 ++- 1 file changed, 6 insertions(+), 1 deletion(-) -- 2.41.0 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193898): https://lists.openembedded.org/g/openembedded-core/message/193898 Mute This Topic: https://lists.openembedded.org/mt/103781924/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [meta-oe][PATCH 2/2] buildstats: support of custom disk usage command
This helps to make buildstats code usage easier in third-party projects
like Isar (https://github.com/ilbers/isar/). In Isar, rootfs is created
with 'sudo' privileges and some subpaths like '/proc' may be mounted at
build time. So, using "du -sh" on rootfs may produces multiple
'Permission denied' warnings.
Customizable disk usage command allows to deal with these issues
(e.g., by adding "-x" option or "sudo" can be added).
Signed-off-by: Uladzimir Bely
---
meta/classes/buildstats.bbclass | 5 -
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/meta/classes/buildstats.bbclass b/meta/classes/buildstats.bbclass
index b417929b61..94e48bfcb8 100644
--- a/meta/classes/buildstats.bbclass
+++ b/meta/classes/buildstats.bbclass
@@ -8,6 +8,8 @@ BUILDSTATS_BASE = "${TMPDIR}/buildstats/"
#
+BUILDSTATS_DISK_USAGE_CMD ??= "du -sh"
+
def get_buildprocess_cputime(pid):
with open("/proc/%d/stat" % pid, "r") as f:
fields = f.readline().rstrip().split()
@@ -246,7 +248,8 @@ python run_buildstats () {
rootfs = d.getVar('IMAGE_ROOTFS')
if os.path.isdir(rootfs):
try:
-rootfs_size = subprocess.check_output(["du", "-sh",
rootfs],
+rootfs_size = subprocess.check_output(
+d.getVar('BUILDSTATS_DISK_USAGE_CMD').split()
+ [rootfs],
stderr=subprocess.STDOUT).decode('utf-8')
f.write("Uncompressed Rootfs size: %s" % rootfs_size)
except subprocess.CalledProcessError as err:
--
2.41.0
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#193899):
https://lists.openembedded.org/g/openembedded-core/message/193899
Mute This Topic: https://lists.openembedded.org/mt/103781925/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [oe-core][kirkstone][PATCH 1/1] openssh: fix CVE-2023-48795
Hi Meenali Gupta, Already CVE-2023-48795 patch for openssh recipe has been merged to kirkstone branch. Please find the below links https://git.openembedded.org/openembedded-core-contrib/commit/?h=stable/kirkstone-nut&id=df5dc8d67e67a2aebf1a552c3e22374e305270bf https://lists.openembedded.org/g/openembedded-core/message/192819 Thanks & Regards, Vijay On Wed, Jan 17, 2024 at 12:38 PM Meenali Gupta via lists.openembedded.org wrote: > From: Meenali Gupta > > A flaw was found in the SSH channel integrity.By manipulating sequence > numbers during the handshake,an attacker can remove the initial messages > on the secure channel without causing a MAC failure. For example,an > attacker > could disable the ping extension and thus disable the new countermeasure in > OpenSSH 9.5 against keystroke timing attacks. > > This CVE fix included function kex_proposal_populate_entries in kex.c file > which > is not present in 8.9p, so ignored this change. > > Signed-off-by: Meenali Gupta > --- > .../openssh/openssh/CVE-2023-48795.patch | 503 ++ > .../openssh/openssh_8.9p1.bb | 1 + > 2 files changed, 504 insertions(+) > create mode 100644 > meta/recipes-connectivity/openssh/openssh/CVE-2023-48795.patch > > diff --git > a/meta/recipes-connectivity/openssh/openssh/CVE-2023-48795.patch > b/meta/recipes-connectivity/openssh/openssh/CVE-2023-48795.patch > new file mode 100644 > index 00..b1b16d5641 > --- /dev/null > +++ b/meta/recipes-connectivity/openssh/openssh/CVE-2023-48795.patch > @@ -0,0 +1,503 @@ > +From 1edb00c58f8a6875fad6a497aa2bacf37f9e6cd5 Mon Sep 17 00:00:00 2001 > +From: "d...@openbsd.org" > +Date: Mon, 18 Dec 2023 14:45:17 + > +Subject: [PATCH] upstream: implement "strict key exchange" in ssh and sshd > + This adds a protocol extension to improve the integrity of the SSH > transport > + protocol, particular in and around the initial key exchange (KEX) phase. > + > +Full details of the extension are in the PROTOCOL file. > + > +with markus@ > + > +OpenBSD-Commit-ID: 2a66ac962f0a630d7945fee54004ed9e9c439f14 > + > +CVE: CVE-2023-48795 > +Upstream-Status: Backport [ > https://github.com/openssh/openssh-portable/commit/1edb00c58f8a6875fad6a497aa2bacf37f9e6cd5 > ] > + > +Signed-off-by: Meenali Gupta > +--- > + PROTOCOL | 28 +- > + kex.c | 71 +- > + kex.h | 3 +- > + packet.c | 103 +- > + packet.h | 3 +- > + sshconnect2.c | 12 ++ > + 6 files changed, 137 insertions(+), 83 deletions(-) > + > +diff --git a/PROTOCOL b/PROTOCOL > +index e6a7d60..68912ce 100644 > +--- a/PROTOCOL > b/PROTOCOL > +@@ -102,6 +102,32 @@ OpenSSH supports the use of ECDH in Curve25519 for > key exchange as > + described at: > + > http://git.libssh.org/users/aris/libssh.git/plain/doc/curve25519-sha...@libssh.org.txt?h=curve25519 > + > ++1.9 transport: strict key exchange extension > ++ > ++OpenSSH supports a number of transport-layer hardening measures under > ++a "strict KEX" feature. This feature is signalled similarly to the > ++RFC8308 ext-info feature: by including a additional algorithm in the > ++initiial SSH2_MSG_KEXINIT kex_algorithms field. The client may append > ++"kex-strict-c-...@openssh.com" to its kex_algorithms and the server > ++may append "kex-strict-s-...@openssh.com". These pseudo-algorithms > ++are only valid in the initial SSH2_MSG_KEXINIT and MUST be ignored > ++if they are present in subsequent SSH2_MSG_KEXINIT packets. > ++ > ++When an endpoint that supports this extension observes this algorithm > ++name in a peer's KEXINIT packet, it MUST make the following changes to > ++the the protocol: > ++ > ++a) During initial KEX, terminate the connection if any unexpected or > ++ out-of-sequence packet is received. This includes terminating the > ++ connection if the first packet received is not SSH2_MSG_KEXINIT. > ++ Unexpected packets for the purpose of strict KEX include messages > ++ that are otherwise valid at any time during the connection such as > ++ SSH2_MSG_DEBUG and SSH2_MSG_IGNORE. > ++b) After sending or receiving a SSH2_MSG_NEWKEYS message, reset the > ++ packet sequence number to zero. This behaviour persists for the > ++ duration of the connection (i.e. not just the first > ++ SSH2_MSG_NEWKEYS). > ++ > + 2. Connection protocol changes > + > + 2.1. connection: Channel write close extension "e...@openssh.com" > +@@ -612,4 +638,4 @@ master instance and later clients. > + OpenSSH extends the usual agent protocol. These changes are documented > + in the PROTOCOL.agent file. > + > +-$OpenBSD: PROTOCOL,v 1.43 2021/12/19 22:15:42 djm Exp $ > ++$OpenBSD: PROTOCOL,v 1.50 2023/12/18 14:45:17 djm Exp $ > +diff --git a/kex.c b/kex.c > +index 0bcd27d..da16568 100644 > +--- a/kex.c > b/kex.c > +@@ -1,4 +1,4 @@ > +-/* $OpenBSD: kex.c,v 1.172 2022/02/01 23:32:51 djm Exp $ */ > ++/* $OpenBSD: kex.c,v 1.183 2023/12/1
