[OE-core] [PATCH] mdadm: skip running 04update-uuid and 07revert-inplace testcases
From: Ovidiu Panait
04update-uuid and 07revert-inplace tests are unreliable and fail intermittently
on the autobuilder (BZ#15181 and BZ#15159). Unfortunately, the failures cannot
be reproduced locally and the logs cannot be retrieved from the AB.
Mark the testcases as BROKEN to skip them when running ptest.
Signed-off-by: Ovidiu Panait
---
...n-files-for-04update-uuid-and-07reve.patch | 39 +++
meta/recipes-extended/mdadm/mdadm_4.2.bb | 1 +
2 files changed, 40 insertions(+)
create mode 100644
meta/recipes-extended/mdadm/files/0001-tests-add-.broken-files-for-04update-uuid-and-07reve.patch
diff --git
a/meta/recipes-extended/mdadm/files/0001-tests-add-.broken-files-for-04update-uuid-and-07reve.patch
b/meta/recipes-extended/mdadm/files/0001-tests-add-.broken-files-for-04update-uuid-and-07reve.patch
new file mode 100644
index 00..5a6bf9e4bd
--- /dev/null
+++
b/meta/recipes-extended/mdadm/files/0001-tests-add-.broken-files-for-04update-uuid-and-07reve.patch
@@ -0,0 +1,39 @@
+From ee594b1a12833c06102de888248a361bc49cea09 Mon Sep 17 00:00:00 2001
+From: Ovidiu Panait
+Date: Fri, 18 Aug 2023 12:20:40 +0300
+Subject: [PATCH] tests: add .broken files for 04update-uuid and
+ 07revert-inplace
+
+04update-uuid and 07revert-inplace tests are unreliable and fail intermittently
+on the autobuilder. Unfortunately, the failures cannot be reproduced locally
+and the logs cannot be retrieved from the AB.
+
+Mark the testcases as BROKEN to skip them when running ptest.
+
+Upstream-Status: Inappropriate
+
+Signed-off-by: Ovidiu Panait
+---
+ tests/04update-uuid.broken| 1 +
+ tests/07revert-inplace.broken | 1 +
+ 2 files changed, 2 insertions(+)
+ create mode 100644 tests/04update-uuid.broken
+ create mode 100644 tests/07revert-inplace.broken
+
+diff --git a/tests/04update-uuid.broken b/tests/04update-uuid.broken
+new file mode 100644
+index 000..197b35b
+--- /dev/null
b/tests/04update-uuid.broken
+@@ -0,0 +1 @@
++fails infrequently
+diff --git a/tests/07revert-inplace.broken b/tests/07revert-inplace.broken
+new file mode 100644
+index 000..197b35b
+--- /dev/null
b/tests/07revert-inplace.broken
+@@ -0,0 +1 @@
++fails infrequently
+--
+2.39.1
+
diff --git a/meta/recipes-extended/mdadm/mdadm_4.2.bb
b/meta/recipes-extended/mdadm/mdadm_4.2.bb
index fa50325f1f..c367b633a3 100644
--- a/meta/recipes-extended/mdadm/mdadm_4.2.bb
+++ b/meta/recipes-extended/mdadm/mdadm_4.2.bb
@@ -38,6 +38,7 @@ SRC_URI =
"${KERNELORG_MIRROR}/linux/utils/raid/mdadm/${BPN}-${PV}.tar.xz \
file://0004-monitor-Avoid-segfault-when-calling-NULL-get_bad_blo.patch \
file://0005-mdadm-test-Mark-and-ignore-broken-test-failures.patch \
file://0006-tests-Add-broken-files-for-all-broken-tests.patch \
+
file://0001-tests-add-.broken-files-for-04update-uuid-and-07reve.patch \
"
SRC_URI[sha256sum] =
"461c215670864bb74a4d1a3620684aa2b2f8296dffa06743f26dda5557acf01d"
--
2.39.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#186367):
https://lists.openembedded.org/g/openembedded-core/message/186367
Mute This Topic: https://lists.openembedded.org/mt/100819693/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] mdadm: save ptest logs
From: Ovidiu Panait Run test script with --save-logs and --logdir parameters, so the log files can be retrieved in case of failure. Signed-off-by: Ovidiu Panait --- meta/recipes-extended/mdadm/files/run-ptest | 11 +++ 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/meta/recipes-extended/mdadm/files/run-ptest b/meta/recipes-extended/mdadm/files/run-ptest index 2380c322a9..c3f201491e 100644 --- a/meta/recipes-extended/mdadm/files/run-ptest +++ b/meta/recipes-extended/mdadm/files/run-ptest @@ -1,7 +1,10 @@ #!/bin/sh -mkdir -p /mdadm-testing-dir -# make the test continue to execute even one fail -dir=. ./test --keep-going --disable-integrity --skip-broken +logdir=$PWD/logs +targetdir=/mdadm-testing-dir + +rm -rf $targetdir $logdir +mkdir -p $targetdir $logdir -rm -rf /mdadm-testing-dir/* +# make the test continue to execute even one fail +./test --keep-going --disable-integrity --skip-broken --save-logs --logdir=$logdir -- 2.39.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#185530): https://lists.openembedded.org/g/openembedded-core/message/185530 Mute This Topic: https://lists.openembedded.org/mt/100549348/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH] mdadm: add util-linux-blockdev ptest dependency
On 7/23/23 15:08, Alexander Kanavin wrote:
CAUTION: This email comes from a non Wind River email account!
Do not click links or open attachments unless you recognize the sender and know
the content is safe.
Can you please check why the test doesn't fail with the dependency absent?
The testcase fails intermittently:
https://bugzilla.yoctoproject.org/show_bug.cgi?id=15159
But it is not clear if it's related to the missing blockdev dependency,
as I was unable to reproduce the failure manually and we can't get the
logs from the autobuilder.
blockdev not being available doesn't make the testcase fail directly,
but it affects some calculations, so I think it should be added as a
dependency:
...
+++ /sbin/blockdev --getsize /dev/md0
/usr/lib/mdadm/ptest/tests/func.sh: line 334: /sbin/blockdev: No such
file or directory
++ '[' -eq 0 ']'
/usr/lib/mdadm/ptest/tests/func.sh: line 334: [: -eq: unary operator
expected
+++ /sbin/blockdev --getsize /dev/md0
/usr/lib/mdadm/ptest/tests/func.sh: line 335: /sbin/blockdev: No such
file or directory
++ _sz=
++ '[' 119808 -lt -o 95846 -gt ']'
/usr/lib/mdadm/ptest/tests/func.sh: line 336: [: -o: integer expression
expected
Ovidiu
Alex
On Fri, 21 Jul 2023 at 12:58, Ovidiu Panait via lists.openembedded.org
wrote:
From: Ovidiu Panait
07revert-inplace test logs contain the following:
func.sh: line 335: /sbin/blockdev: No such file or directory
Add the missing util-linux-blockdev dependency.
Signed-off-by: Ovidiu Panait
---
meta/recipes-extended/mdadm/mdadm_4.2.bb | 9 -
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/meta/recipes-extended/mdadm/mdadm_4.2.bb
b/meta/recipes-extended/mdadm/mdadm_4.2.bb
index 50d9548747..fa50325f1f 100644
--- a/meta/recipes-extended/mdadm/mdadm_4.2.bb
+++ b/meta/recipes-extended/mdadm/mdadm_4.2.bb
@@ -107,7 +107,14 @@ do_install_ptest() {
}
RDEPENDS:${PN} += "bash"
-RDEPENDS:${PN}-ptest += "bash e2fsprogs-mke2fs util-linux-lsblk util-linux-losetup
strace"
+RDEPENDS:${PN}-ptest += " \
+bash \
+e2fsprogs-mke2fs \
+util-linux-lsblk \
+util-linux-losetup \
+util-linux-blockdev \
+strace \
+"
RRECOMMENDS:${PN}-ptest += " \
coreutils \
kernel-module-loop \
--
2.39.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#184755):
https://lists.openembedded.org/g/openembedded-core/message/184755
Mute This Topic: https://lists.openembedded.org/mt/100274537/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] mdadm: add util-linux-blockdev ptest dependency
From: Ovidiu Panait
07revert-inplace test logs contain the following:
func.sh: line 335: /sbin/blockdev: No such file or directory
Add the missing util-linux-blockdev dependency.
Signed-off-by: Ovidiu Panait
---
meta/recipes-extended/mdadm/mdadm_4.2.bb | 9 -
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/meta/recipes-extended/mdadm/mdadm_4.2.bb
b/meta/recipes-extended/mdadm/mdadm_4.2.bb
index 50d9548747..fa50325f1f 100644
--- a/meta/recipes-extended/mdadm/mdadm_4.2.bb
+++ b/meta/recipes-extended/mdadm/mdadm_4.2.bb
@@ -107,7 +107,14 @@ do_install_ptest() {
}
RDEPENDS:${PN} += "bash"
-RDEPENDS:${PN}-ptest += "bash e2fsprogs-mke2fs util-linux-lsblk
util-linux-losetup strace"
+RDEPENDS:${PN}-ptest += " \
+bash \
+e2fsprogs-mke2fs \
+util-linux-lsblk \
+util-linux-losetup \
+util-linux-blockdev \
+strace \
+"
RRECOMMENDS:${PN}-ptest += " \
coreutils \
kernel-module-loop \
--
2.39.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#184682):
https://lists.openembedded.org/g/openembedded-core/message/184682
Mute This Topic: https://lists.openembedded.org/mt/100274537/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH v2 3/5] mdadm: fix segfaults when running ptests
From: Ovidiu Panait
Currently, some segfaults are reported when running ptest:
mdadm[12333]: segfault at 0 ip 7fe855924060 sp 7ffc4d6caf88 error 4 in
libc.so.6[7f)
Code: d2 0f 84 b7 0f 00 00 48 83 fa 01 0f 84 b9 0f 00 00 49 89 d3 89 f1 89 f8
48 83 e1 3f 4f
Backport the following upstream commits to fix them:
679bd9508a30 ("DDF: Cleanup validate_geometry_ddf_container()")
2b93288a5650 ("DDF: Fix NULL pointer dereference in validate_geometry_ddf()")
548e9b916f86 ("mdadm/Grow: Fix use after close bug by closing after fork")
9ae62977b51d ("monitor: Avoid segfault when calling NULL get_bad_blocks")
The fixes are part of the "Bug fixes and testing improvments" patchset [1].
[1] https://www.spinics.net/lists/raid/msg70621.html
Signed-off-by: Ovidiu Panait
---
...anup-validate_geometry_ddf_container.patch | 148 ++
...nter-dereference-in-validate_geometr.patch | 56 +++
...se-after-close-bug-by-closing-after-.patch | 91 +++
...gfault-when-calling-NULL-get_bad_blo.patch | 42 +
meta/recipes-extended/mdadm/mdadm_4.2.bb | 4 +
5 files changed, 341 insertions(+)
create mode 100644
meta/recipes-extended/mdadm/files/0001-DDF-Cleanup-validate_geometry_ddf_container.patch
create mode 100644
meta/recipes-extended/mdadm/files/0002-DDF-Fix-NULL-pointer-dereference-in-validate_geometr.patch
create mode 100644
meta/recipes-extended/mdadm/files/0003-mdadm-Grow-Fix-use-after-close-bug-by-closing-after-.patch
create mode 100644
meta/recipes-extended/mdadm/files/0004-monitor-Avoid-segfault-when-calling-NULL-get_bad_blo.patch
diff --git
a/meta/recipes-extended/mdadm/files/0001-DDF-Cleanup-validate_geometry_ddf_container.patch
b/meta/recipes-extended/mdadm/files/0001-DDF-Cleanup-validate_geometry_ddf_container.patch
new file mode 100644
index 00..cea435f83b
--- /dev/null
+++
b/meta/recipes-extended/mdadm/files/0001-DDF-Cleanup-validate_geometry_ddf_container.patch
@@ -0,0 +1,148 @@
+From ca458f4dcc4de9403298f67543466ce4bbc8f8ae Mon Sep 17 00:00:00 2001
+From: Logan Gunthorpe
+Date: Wed, 22 Jun 2022 14:25:07 -0600
+Subject: [PATCH 1/4] DDF: Cleanup validate_geometry_ddf_container()
+
+Move the function up so that the function declaration is not necessary
+and remove the unused arguments to the function.
+
+No functional changes are intended but will help with a bug fix in the
+next patch.
+
+Signed-off-by: Logan Gunthorpe
+Acked-by: Mariusz Tkaczyk
+Signed-off-by: Jes Sorensen
+
+Upstream-Status: Backport
+
+Reference to upstream patch:
+https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=679bd9508a30
+
+Signed-off-by: Ovidiu Panait
+---
+ super-ddf.c | 88 -
+ 1 file changed, 39 insertions(+), 49 deletions(-)
+
+diff --git a/super-ddf.c b/super-ddf.c
+index 3f304cd..65cf727 100644
+--- a/super-ddf.c
b/super-ddf.c
+@@ -503,13 +503,6 @@ struct ddf_super {
+ static int load_super_ddf_all(struct supertype *st, int fd,
+ void **sbp, char *devname);
+ static int get_svd_state(const struct ddf_super *, const struct vcl *);
+-static int
+-validate_geometry_ddf_container(struct supertype *st,
+- int level, int layout, int raiddisks,
+- int chunk, unsigned long long size,
+- unsigned long long data_offset,
+- char *dev, unsigned long long *freesize,
+- int verbose);
+
+ static int validate_geometry_ddf_bvd(struct supertype *st,
+int level, int layout, int raiddisks,
+@@ -3322,6 +3315,42 @@ static int reserve_space(struct supertype *st, int
raiddisks,
+ return 1;
+ }
+
++static int
++validate_geometry_ddf_container(struct supertype *st,
++ int level, int raiddisks,
++ unsigned long long data_offset,
++ char *dev, unsigned long long *freesize,
++ int verbose)
++{
++ int fd;
++ unsigned long long ldsize;
++
++ if (level != LEVEL_CONTAINER)
++ return 0;
++ if (!dev)
++ return 1;
++
++ fd = dev_open(dev, O_RDONLY|O_EXCL);
++ if (fd < 0) {
++ if (verbose)
++ pr_err("ddf: Cannot open %s: %s\n",
++ dev, strerror(errno));
++ return 0;
++ }
++ if (!get_dev_size(fd, dev, )) {
++ close(fd);
++ return 0;
++ }
++ close(fd);
++ if (freesize) {
++ *freesize = avail_size_ddf(st, ldsize >> 9, INVALID_SECTORS);
++ if (*freesize == 0)
++ return 0;
++ }
++
++ return 1;
++}
++
+ static int validate_geometry_ddf(struct supertype *st,
+int level, i
[OE-core] [PATCH v2 5/5] mdadm: re-add mdadm-ptest to PTESTS_SLOW
From: Ovidiu Panait
The ptest problems reported in e21021dc00ec ("mdadm: drop from PTESTS_SLOW")
should now be fixed, so mdadm can be added back to PTESTS_SLOW (a qemux86-64
test run takes about ~12 minutes to execute with kvm).
root@qemux86-64:~# ptest-runner mdadm
START: ptest-runner
2023-06-30T08:25
BEGIN: /usr/lib/mdadm/ptest
PASS: /usr/lib/mdadm/ptest/tests/00linear
PASS: /usr/lib/mdadm/ptest/tests/00multipath
...
PASS: /usr/lib/mdadm/ptest/tests/19repair-does-not-destroy
PASS: /usr/lib/mdadm/ptest/tests/20raid5journal
PASS: /usr/lib/mdadm/ptest/tests/21raid5cache
DURATION: 723
END: /usr/lib/mdadm/ptest
2023-06-30T09:16
STOP: ptest-runner
TOTAL: 1 FAIL: 0
For the testcases to run correctly, there must be enough rootfs space to create
13 loop devices. Similar to strace and lttng-tools, add a new
IMAGE_ROOTFS_EXTRA_SPACE entry for mdadm-ptest.
Signed-off-by: Ovidiu Panait
---
meta/conf/distro/include/ptest-packagelists.inc | 3 +--
meta/recipes-core/images/core-image-ptest.bb| 1 +
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta/conf/distro/include/ptest-packagelists.inc
b/meta/conf/distro/include/ptest-packagelists.inc
index da9153b998..6250cf081e 100644
--- a/meta/conf/distro/include/ptest-packagelists.inc
+++ b/meta/conf/distro/include/ptest-packagelists.inc
@@ -99,6 +99,7 @@ PTESTS_SLOW = "\
libgcrypt \
libmodule-build-perl \
lttng-tools \
+mdadm \
openssh \
openssl \
parted \
@@ -122,7 +123,6 @@ PTESTS_PROBLEMS:append:x86 = " valgrind"
#rt-tests \ # Needs to be checked whether it runs at all
#bash \ # Test outcomes are non-deterministic by design
#ifupdown \ # Tested separately in lib/oeqa/selftest/cases/imagefeatures.py
-#mdadm \ # Tests rely on non-deterministic sleep() amounts
#libinput \ # Tests need an unloaded system to be reliable
#libpam \ # Needs pam DISTRO_FEATURE
#numactl \ # qemu not (yet) configured for numa; all tests are skipped
@@ -134,7 +134,6 @@ PTESTS_PROBLEMS = "\
rt-tests \
bash \
ifupdown \
-mdadm \
libinput \
libpam \
libseccomp \
diff --git a/meta/recipes-core/images/core-image-ptest.bb
b/meta/recipes-core/images/core-image-ptest.bb
index 90c26641ba..ddc56c8f9f 100644
--- a/meta/recipes-core/images/core-image-ptest.bb
+++ b/meta/recipes-core/images/core-image-ptest.bb
@@ -19,6 +19,7 @@ BBCLASSEXTEND = "${@' '.join(['mcextend:'+x for x in
d.getVar('PTESTS').split()]
# strace-ptest in particular needs more than 500MB
IMAGE_OVERHEAD_FACTOR = "1.0"
IMAGE_ROOTFS_EXTRA_SPACE = "324288"
+IMAGE_ROOTFS_EXTRA_SPACE:virtclass-mcextend-mdadm = "1524288"
IMAGE_ROOTFS_EXTRA_SPACE:virtclass-mcextend-strace = "1024288"
IMAGE_ROOTFS_EXTRA_SPACE:virtclass-mcextend-lttng-tools = "1524288"
--
2.39.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#183817):
https://lists.openembedded.org/g/openembedded-core/message/183817
Mute This Topic: https://lists.openembedded.org/mt/99942490/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH v2 4/5] mdadm: skip running known broken ptests
From: Ovidiu Panait
Upstream marked some testcases as "KNOWN BROKEN" and introduced the
"--skip-broken" flag to ignore them when running the testsuite (commits [1]
and [2]). Backport these two commits to get rid of the last remaining ptest
failures.
Also, add the "--skip-broken" option to the run-ptest script.
[1] https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=28520bf114b3
[2] https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=daa86d663476
Signed-off-by: Ovidiu Panait
---
...Mark-and-ignore-broken-test-failures.patch | 128 +
...dd-broken-files-for-all-broken-tests.patch | 454 ++
meta/recipes-extended/mdadm/files/run-ptest | 2 +-
meta/recipes-extended/mdadm/mdadm_4.2.bb | 2 +
4 files changed, 585 insertions(+), 1 deletion(-)
create mode 100644
meta/recipes-extended/mdadm/files/0005-mdadm-test-Mark-and-ignore-broken-test-failures.patch
create mode 100644
meta/recipes-extended/mdadm/files/0006-tests-Add-broken-files-for-all-broken-tests.patch
diff --git
a/meta/recipes-extended/mdadm/files/0005-mdadm-test-Mark-and-ignore-broken-test-failures.patch
b/meta/recipes-extended/mdadm/files/0005-mdadm-test-Mark-and-ignore-broken-test-failures.patch
new file mode 100644
index 00..c55bfb125b
--- /dev/null
+++
b/meta/recipes-extended/mdadm/files/0005-mdadm-test-Mark-and-ignore-broken-test-failures.patch
@@ -0,0 +1,128 @@
+From feab1f72fcf032a4d21d0a69eb61b23a5ddb3352 Mon Sep 17 00:00:00 2001
+From: Logan Gunthorpe
+Date: Wed, 22 Jun 2022 14:25:18 -0600
+Subject: [PATCH 5/6] mdadm/test: Mark and ignore broken test failures
+
+Add functionality to continue if a test marked as broken fails.
+
+To mark a test as broken, a file with the same name but with the suffix
+'.broken' should exist. The first line in the file will be printed with
+a KNOWN BROKEN message; the rest of the file can describe the how the
+test is broken.
+
+Also adds --skip-broken and --skip-always-broken to skip all the tests
+that have a .broken file or to skip all tests whose .broken file's first
+line contains the keyword always.
+
+Signed-off-by: Logan Gunthorpe
+Signed-off-by: Jes Sorensen
+
+Upstream-Status: Backport
+
+Reference to upstream patch:
+https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=28520bf114b3
+
+[OP: adjusted context for mdadm-4.2]
+Signed-off-by: Ovidiu Panait
+---
+ test | 37 +++--
+ 1 file changed, 35 insertions(+), 2 deletions(-)
+
+diff --git a/test b/test
+index 8f189d9..ee8fba1 100755
+--- a/test
b/test
+@@ -10,6 +10,8 @@ devlist=
+
+ savelogs=0
+ exitonerror=1
++ctrl_c_error=0
++skipbroken=0
+ prefix='[0-9][0-9]'
+
+ # use loop devices by default if doesn't specify --dev
+@@ -35,6 +37,7 @@ die() {
+
+ ctrl_c() {
+ exitonerror=1
++ ctrl_c_error=1
+ }
+
+ # mdadm always adds --quiet, and we want to see any unexpected messages
+@@ -79,8 +82,21 @@ mdadm() {
+ do_test() {
+ _script=$1
+ _basename=`basename $_script`
++ _broken=0
++
+ if [ -f "$_script" ]
+ then
++ if [ -f "${_script}.broken" ]; then
++ _broken=1
++ _broken_msg=$(head -n1 "${_script}.broken" | tr -d '\n')
++ if [ "$skipbroken" == "all" ]; then
++ return
++ elif [ "$skipbroken" == "always" ] &&
++ [[ "$_broken_msg" == *always* ]]; then
++ return
++ fi
++ fi
++
+ rm -f $targetdir/stderr
+ # this might have been reset: restore the default.
+ echo 2000 > /proc/sys/dev/raid/speed_limit_max
+@@ -97,10 +113,15 @@ do_test() {
+ else
+ save_log fail
+ _fail=1
++ if [ "$_broken" == "1" ]; then
++ echo " (KNOWN BROKEN TEST: $_broken_msg)"
++ fi
+ fi
+ [ "$savelogs" == "1" ] &&
+ mv -f $targetdir/log $logdir/$_basename.log
+- [ "$_fail" == "1" -a "$exitonerror" == "1" ] && exit 1
++ [ "$ctrl_c_error" == "1" ] && exit 1
++ [ "$_fail" == "1" -a "$exitonerror" == "1" \
++-a "$_broken" == "0" ] && exit 1
+ fi
+ }
+
+@@ -117,6 +138,8 @@ do_help() {
+ --logdir=directory Directory to save all logfiles in
+ --save-logs Usually use with --logdir together
+ --keep-going | --no-error Don't stop on error, ie. run all
te
[OE-core] [PATCH v2 1/5] mdadm: fix util-linux ptest dependency
From: Ovidiu Panait
Trying to run mdadm-ptest in a core-image-minimal build will result in:
root@qemux86-64:~# ptest-runner mdadm
START: ptest-runner
BEGIN: /usr/lib/mdadm/ptest
which: no lsblk in
(/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin)
lsblk command not found!
DURATION: 0
END: /usr/lib/mdadm/ptest
2023-06-28T10:14
STOP: ptest-runner
TOTAL: 1 FAIL: 0
Remove util-linux from RRECOMMENDS and only add util-linux-lsblk and
util-linux-losetup to RDEPENDS.
Signed-off-by: Ovidiu Panait
---
v2 updates:
- add util-linux-losetup to RDEPENDS
meta/recipes-extended/mdadm/mdadm_4.2.bb | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/meta/recipes-extended/mdadm/mdadm_4.2.bb
b/meta/recipes-extended/mdadm/mdadm_4.2.bb
index 14de9d88c2..bcc0175f67 100644
--- a/meta/recipes-extended/mdadm/mdadm_4.2.bb
+++ b/meta/recipes-extended/mdadm/mdadm_4.2.bb
@@ -101,10 +101,9 @@ do_install_ptest() {
}
RDEPENDS:${PN} += "bash"
-RDEPENDS:${PN}-ptest += "bash e2fsprogs-mke2fs"
+RDEPENDS:${PN}-ptest += "bash e2fsprogs-mke2fs util-linux-lsblk
util-linux-losetup"
RRECOMMENDS:${PN}-ptest += " \
coreutils \
-util-linux \
kernel-module-loop \
kernel-module-linear \
kernel-module-raid0 \
--
2.39.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#183813):
https://lists.openembedded.org/g/openembedded-core/message/183813
Mute This Topic: https://lists.openembedded.org/mt/99942486/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH v2 2/5] mdadm: fix 07revert-inplace ptest
From: Ovidiu Panait
Testcase 07revert-inplace fails if strace is not installed:
...
strace -o /tmp/str ./mdadm -A /dev/md0 --update=revert-reshape /dev/<...>
tests/07revert-inplace: line 40: strace: command not found
Add strace to mdadm-ptest RDEPENDS to make sure the testcase passes even with
a core-image-minimal build.
Signed-off-by: Ovidiu Panait
---
meta/recipes-extended/mdadm/mdadm_4.2.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-extended/mdadm/mdadm_4.2.bb
b/meta/recipes-extended/mdadm/mdadm_4.2.bb
index bcc0175f67..6152a83655 100644
--- a/meta/recipes-extended/mdadm/mdadm_4.2.bb
+++ b/meta/recipes-extended/mdadm/mdadm_4.2.bb
@@ -101,7 +101,7 @@ do_install_ptest() {
}
RDEPENDS:${PN} += "bash"
-RDEPENDS:${PN}-ptest += "bash e2fsprogs-mke2fs util-linux-lsblk
util-linux-losetup"
+RDEPENDS:${PN}-ptest += "bash e2fsprogs-mke2fs util-linux-lsblk
util-linux-losetup strace"
RRECOMMENDS:${PN}-ptest += " \
coreutils \
kernel-module-loop \
--
2.39.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#183814):
https://lists.openembedded.org/g/openembedded-core/message/183814
Mute This Topic: https://lists.openembedded.org/mt/99942487/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] mdadm: re-add mdadm-ptest to PTESTS_SLOW
From: Ovidiu Panait
The ptest problems reported in e21021dc00ec ("mdadm: drop from PTESTS_SLOW")
should now be fixed, so mdadm can be added back to PTESTS_SLOW (a qemux86-64
test run takes about ~12 minutes to execute with kvm).
root@qemux86-64:~# ptest-runner mdadm
START: ptest-runner
2023-06-30T08:25
BEGIN: /usr/lib/mdadm/ptest
PASS: /usr/lib/mdadm/ptest/tests/00linear
PASS: /usr/lib/mdadm/ptest/tests/00multipath
...
PASS: /usr/lib/mdadm/ptest/tests/19repair-does-not-destroy
PASS: /usr/lib/mdadm/ptest/tests/20raid5journal
PASS: /usr/lib/mdadm/ptest/tests/21raid5cache
DURATION: 723
END: /usr/lib/mdadm/ptest
2023-06-30T09:16
STOP: ptest-runner
TOTAL: 1 FAIL: 0
For the testcases to run correctly, there must be enough rootfs space to create
13 loop devices. Similar to strace and lttng-tools, add a new
IMAGE_ROOTFS_EXTRA_SPACE entry for mdadm-ptest.
Signed-off-by: Ovidiu Panait
---
meta/conf/distro/include/ptest-packagelists.inc | 3 +--
meta/recipes-core/images/core-image-ptest.bb| 1 +
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta/conf/distro/include/ptest-packagelists.inc
b/meta/conf/distro/include/ptest-packagelists.inc
index da9153b998..6250cf081e 100644
--- a/meta/conf/distro/include/ptest-packagelists.inc
+++ b/meta/conf/distro/include/ptest-packagelists.inc
@@ -99,6 +99,7 @@ PTESTS_SLOW = "\
libgcrypt \
libmodule-build-perl \
lttng-tools \
+mdadm \
openssh \
openssl \
parted \
@@ -122,7 +123,6 @@ PTESTS_PROBLEMS:append:x86 = " valgrind"
#rt-tests \ # Needs to be checked whether it runs at all
#bash \ # Test outcomes are non-deterministic by design
#ifupdown \ # Tested separately in lib/oeqa/selftest/cases/imagefeatures.py
-#mdadm \ # Tests rely on non-deterministic sleep() amounts
#libinput \ # Tests need an unloaded system to be reliable
#libpam \ # Needs pam DISTRO_FEATURE
#numactl \ # qemu not (yet) configured for numa; all tests are skipped
@@ -134,7 +134,6 @@ PTESTS_PROBLEMS = "\
rt-tests \
bash \
ifupdown \
-mdadm \
libinput \
libpam \
libseccomp \
diff --git a/meta/recipes-core/images/core-image-ptest.bb
b/meta/recipes-core/images/core-image-ptest.bb
index 90c26641ba..ddc56c8f9f 100644
--- a/meta/recipes-core/images/core-image-ptest.bb
+++ b/meta/recipes-core/images/core-image-ptest.bb
@@ -19,6 +19,7 @@ BBCLASSEXTEND = "${@' '.join(['mcextend:'+x for x in
d.getVar('PTESTS').split()]
# strace-ptest in particular needs more than 500MB
IMAGE_OVERHEAD_FACTOR = "1.0"
IMAGE_ROOTFS_EXTRA_SPACE = "324288"
+IMAGE_ROOTFS_EXTRA_SPACE:virtclass-mcextend-mdadm = "1524288"
IMAGE_ROOTFS_EXTRA_SPACE:virtclass-mcextend-strace = "1024288"
IMAGE_ROOTFS_EXTRA_SPACE:virtclass-mcextend-lttng-tools = "1524288"
--
2.39.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#183696):
https://lists.openembedded.org/g/openembedded-core/message/183696
Mute This Topic: https://lists.openembedded.org/mt/99873178/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH 4/4] mdadm: skip running known broken ptests
Hi Alex,
On 6/29/23 17:54, Alexander Kanavin wrote:
CAUTION: This email comes from a non Wind River email account!
Do not click links or open attachments unless you recognize the sender and know
the content is safe.
Thanks for working on reenabling this. mdadm is currently taken out of
ptest lists because
#mdadm \ # Tests rely on non-deterministic sleep() amounts
Is this resolved, and can we re-add mdadm to SLOW or FAST lists?
I did multiple test runs with a qemu-x86-64 image and kvm and the
results seem consistent - always ~12 min per run, no failures:
# ptest-runner mdadm
...
PASS: /usr/lib/mdadm/ptest/tests/21raid5cache
DURATION: 724
END: /usr/lib/mdadm/ptest
2023-06-30T08:37
STOP: ptest-runner
TOTAL: 1 FAIL: 0
I think mdadm-ptest can be added back to PTESTS_SLOW.
Ovidiu
Alex
On Thu, 29 Jun 2023 at 16:19, Ovidiu Panait via lists.openembedded.org
wrote:
From: Ovidiu Panait
Upstream marked some testcases as "KNOWN BROKEN" and introduced the
"--skip-broken" flag to ignore them when running the testsuite (commits [1]
and [2]). Backport these two commits to get rid of the last remaining ptest
failures.
Also, add the "--skip-broken" option to the run-ptest script.
[1] https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=28520bf114b3
[2] https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=daa86d663476
Signed-off-by: Ovidiu Panait
---
...Mark-and-ignore-broken-test-failures.patch | 128 +
...dd-broken-files-for-all-broken-tests.patch | 454 ++
meta/recipes-extended/mdadm/files/run-ptest | 2 +-
meta/recipes-extended/mdadm/mdadm_4.2.bb | 2 +
4 files changed, 585 insertions(+), 1 deletion(-)
create mode 100644
meta/recipes-extended/mdadm/files/0005-mdadm-test-Mark-and-ignore-broken-test-failures.patch
create mode 100644
meta/recipes-extended/mdadm/files/0006-tests-Add-broken-files-for-all-broken-tests.patch
diff --git
a/meta/recipes-extended/mdadm/files/0005-mdadm-test-Mark-and-ignore-broken-test-failures.patch
b/meta/recipes-extended/mdadm/files/0005-mdadm-test-Mark-and-ignore-broken-test-failures.patch
new file mode 100644
index 00..c55bfb125b
--- /dev/null
+++
b/meta/recipes-extended/mdadm/files/0005-mdadm-test-Mark-and-ignore-broken-test-failures.patch
@@ -0,0 +1,128 @@
+From feab1f72fcf032a4d21d0a69eb61b23a5ddb3352 Mon Sep 17 00:00:00 2001
+From: Logan Gunthorpe
+Date: Wed, 22 Jun 2022 14:25:18 -0600
+Subject: [PATCH 5/6] mdadm/test: Mark and ignore broken test failures
+
+Add functionality to continue if a test marked as broken fails.
+
+To mark a test as broken, a file with the same name but with the suffix
+'.broken' should exist. The first line in the file will be printed with
+a KNOWN BROKEN message; the rest of the file can describe the how the
+test is broken.
+
+Also adds --skip-broken and --skip-always-broken to skip all the tests
+that have a .broken file or to skip all tests whose .broken file's first
+line contains the keyword always.
+
+Signed-off-by: Logan Gunthorpe
+Signed-off-by: Jes Sorensen
+
+Upstream-Status: Backport
+
+Reference to upstream patch:
+https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=28520bf114b3
+
+[OP: adjusted context for mdadm-4.2]
+Signed-off-by: Ovidiu Panait
+---
+ test | 37 +++--
+ 1 file changed, 35 insertions(+), 2 deletions(-)
+
+diff --git a/test b/test
+index 8f189d9..ee8fba1 100755
+--- a/test
b/test
+@@ -10,6 +10,8 @@ devlist=
+
+ savelogs=0
+ exitonerror=1
++ctrl_c_error=0
++skipbroken=0
+ prefix='[0-9][0-9]'
+
+ # use loop devices by default if doesn't specify --dev
+@@ -35,6 +37,7 @@ die() {
+
+ ctrl_c() {
+ exitonerror=1
++ ctrl_c_error=1
+ }
+
+ # mdadm always adds --quiet, and we want to see any unexpected messages
+@@ -79,8 +82,21 @@ mdadm() {
+ do_test() {
+ _script=$1
+ _basename=`basename $_script`
++ _broken=0
++
+ if [ -f "$_script" ]
+ then
++ if [ -f "${_script}.broken" ]; then
++ _broken=1
++ _broken_msg=$(head -n1 "${_script}.broken" | tr -d '\n')
++ if [ "$skipbroken" == "all" ]; then
++ return
++ elif [ "$skipbroken" == "always" ] &&
++ [[ "$_broken_msg" == *always* ]]; then
++ return
++ fi
++ fi
++
+ rm -f $targetdir/stderr
+ # this might have been reset: restore the default.
+ echo 2000 > /proc/sys/dev/raid/speed_limit_max
+@@ -97,10 +113,15 @@ do_test() {
+ else
+ save_log fail
+ _fail=1
++ if [ "$_broken" == "1" ]; then
++ echo " (KNOWN
[OE-core] [PATCH 4/4] mdadm: skip running known broken ptests
From: Ovidiu Panait
Upstream marked some testcases as "KNOWN BROKEN" and introduced the
"--skip-broken" flag to ignore them when running the testsuite (commits [1]
and [2]). Backport these two commits to get rid of the last remaining ptest
failures.
Also, add the "--skip-broken" option to the run-ptest script.
[1] https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=28520bf114b3
[2] https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=daa86d663476
Signed-off-by: Ovidiu Panait
---
...Mark-and-ignore-broken-test-failures.patch | 128 +
...dd-broken-files-for-all-broken-tests.patch | 454 ++
meta/recipes-extended/mdadm/files/run-ptest | 2 +-
meta/recipes-extended/mdadm/mdadm_4.2.bb | 2 +
4 files changed, 585 insertions(+), 1 deletion(-)
create mode 100644
meta/recipes-extended/mdadm/files/0005-mdadm-test-Mark-and-ignore-broken-test-failures.patch
create mode 100644
meta/recipes-extended/mdadm/files/0006-tests-Add-broken-files-for-all-broken-tests.patch
diff --git
a/meta/recipes-extended/mdadm/files/0005-mdadm-test-Mark-and-ignore-broken-test-failures.patch
b/meta/recipes-extended/mdadm/files/0005-mdadm-test-Mark-and-ignore-broken-test-failures.patch
new file mode 100644
index 00..c55bfb125b
--- /dev/null
+++
b/meta/recipes-extended/mdadm/files/0005-mdadm-test-Mark-and-ignore-broken-test-failures.patch
@@ -0,0 +1,128 @@
+From feab1f72fcf032a4d21d0a69eb61b23a5ddb3352 Mon Sep 17 00:00:00 2001
+From: Logan Gunthorpe
+Date: Wed, 22 Jun 2022 14:25:18 -0600
+Subject: [PATCH 5/6] mdadm/test: Mark and ignore broken test failures
+
+Add functionality to continue if a test marked as broken fails.
+
+To mark a test as broken, a file with the same name but with the suffix
+'.broken' should exist. The first line in the file will be printed with
+a KNOWN BROKEN message; the rest of the file can describe the how the
+test is broken.
+
+Also adds --skip-broken and --skip-always-broken to skip all the tests
+that have a .broken file or to skip all tests whose .broken file's first
+line contains the keyword always.
+
+Signed-off-by: Logan Gunthorpe
+Signed-off-by: Jes Sorensen
+
+Upstream-Status: Backport
+
+Reference to upstream patch:
+https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=28520bf114b3
+
+[OP: adjusted context for mdadm-4.2]
+Signed-off-by: Ovidiu Panait
+---
+ test | 37 +++--
+ 1 file changed, 35 insertions(+), 2 deletions(-)
+
+diff --git a/test b/test
+index 8f189d9..ee8fba1 100755
+--- a/test
b/test
+@@ -10,6 +10,8 @@ devlist=
+
+ savelogs=0
+ exitonerror=1
++ctrl_c_error=0
++skipbroken=0
+ prefix='[0-9][0-9]'
+
+ # use loop devices by default if doesn't specify --dev
+@@ -35,6 +37,7 @@ die() {
+
+ ctrl_c() {
+ exitonerror=1
++ ctrl_c_error=1
+ }
+
+ # mdadm always adds --quiet, and we want to see any unexpected messages
+@@ -79,8 +82,21 @@ mdadm() {
+ do_test() {
+ _script=$1
+ _basename=`basename $_script`
++ _broken=0
++
+ if [ -f "$_script" ]
+ then
++ if [ -f "${_script}.broken" ]; then
++ _broken=1
++ _broken_msg=$(head -n1 "${_script}.broken" | tr -d '\n')
++ if [ "$skipbroken" == "all" ]; then
++ return
++ elif [ "$skipbroken" == "always" ] &&
++ [[ "$_broken_msg" == *always* ]]; then
++ return
++ fi
++ fi
++
+ rm -f $targetdir/stderr
+ # this might have been reset: restore the default.
+ echo 2000 > /proc/sys/dev/raid/speed_limit_max
+@@ -97,10 +113,15 @@ do_test() {
+ else
+ save_log fail
+ _fail=1
++ if [ "$_broken" == "1" ]; then
++ echo " (KNOWN BROKEN TEST: $_broken_msg)"
++ fi
+ fi
+ [ "$savelogs" == "1" ] &&
+ mv -f $targetdir/log $logdir/$_basename.log
+- [ "$_fail" == "1" -a "$exitonerror" == "1" ] && exit 1
++ [ "$ctrl_c_error" == "1" ] && exit 1
++ [ "$_fail" == "1" -a "$exitonerror" == "1" \
++-a "$_broken" == "0" ] && exit 1
+ fi
+ }
+
+@@ -117,6 +138,8 @@ do_help() {
+ --logdir=directory Directory to save all logfiles in
+ --save-logs Usually use with --logdir together
+ --keep-going | --no-error Don't stop on error, ie. run all
te
[OE-core] [PATCH 3/4] mdadm: fix segfaults when running ptests
From: Ovidiu Panait
Currently, some segfaults are reported when running ptest:
mdadm[12333]: segfault at 0 ip 7fe855924060 sp 7ffc4d6caf88 error 4 in
libc.so.6[7f)
Code: d2 0f 84 b7 0f 00 00 48 83 fa 01 0f 84 b9 0f 00 00 49 89 d3 89 f1 89 f8
48 83 e1 3f 4f
Backport the following upstream commits to fix them:
679bd9508a30 ("DDF: Cleanup validate_geometry_ddf_container()")
2b93288a5650 ("DDF: Fix NULL pointer dereference in validate_geometry_ddf()")
548e9b916f86 ("mdadm/Grow: Fix use after close bug by closing after fork")
9ae62977b51d ("monitor: Avoid segfault when calling NULL get_bad_blocks")
The fixes are part of the "Bug fixes and testing improvments" patchset [1].
[1] https://www.spinics.net/lists/raid/msg70621.html
Signed-off-by: Ovidiu Panait
---
...anup-validate_geometry_ddf_container.patch | 148 ++
...nter-dereference-in-validate_geometr.patch | 56 +++
...se-after-close-bug-by-closing-after-.patch | 91 +++
...gfault-when-calling-NULL-get_bad_blo.patch | 42 +
meta/recipes-extended/mdadm/mdadm_4.2.bb | 4 +
5 files changed, 341 insertions(+)
create mode 100644
meta/recipes-extended/mdadm/files/0001-DDF-Cleanup-validate_geometry_ddf_container.patch
create mode 100644
meta/recipes-extended/mdadm/files/0002-DDF-Fix-NULL-pointer-dereference-in-validate_geometr.patch
create mode 100644
meta/recipes-extended/mdadm/files/0003-mdadm-Grow-Fix-use-after-close-bug-by-closing-after-.patch
create mode 100644
meta/recipes-extended/mdadm/files/0004-monitor-Avoid-segfault-when-calling-NULL-get_bad_blo.patch
diff --git
a/meta/recipes-extended/mdadm/files/0001-DDF-Cleanup-validate_geometry_ddf_container.patch
b/meta/recipes-extended/mdadm/files/0001-DDF-Cleanup-validate_geometry_ddf_container.patch
new file mode 100644
index 00..cea435f83b
--- /dev/null
+++
b/meta/recipes-extended/mdadm/files/0001-DDF-Cleanup-validate_geometry_ddf_container.patch
@@ -0,0 +1,148 @@
+From ca458f4dcc4de9403298f67543466ce4bbc8f8ae Mon Sep 17 00:00:00 2001
+From: Logan Gunthorpe
+Date: Wed, 22 Jun 2022 14:25:07 -0600
+Subject: [PATCH 1/4] DDF: Cleanup validate_geometry_ddf_container()
+
+Move the function up so that the function declaration is not necessary
+and remove the unused arguments to the function.
+
+No functional changes are intended but will help with a bug fix in the
+next patch.
+
+Signed-off-by: Logan Gunthorpe
+Acked-by: Mariusz Tkaczyk
+Signed-off-by: Jes Sorensen
+
+Upstream-Status: Backport
+
+Reference to upstream patch:
+https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=679bd9508a30
+
+Signed-off-by: Ovidiu Panait
+---
+ super-ddf.c | 88 -
+ 1 file changed, 39 insertions(+), 49 deletions(-)
+
+diff --git a/super-ddf.c b/super-ddf.c
+index 3f304cd..65cf727 100644
+--- a/super-ddf.c
b/super-ddf.c
+@@ -503,13 +503,6 @@ struct ddf_super {
+ static int load_super_ddf_all(struct supertype *st, int fd,
+ void **sbp, char *devname);
+ static int get_svd_state(const struct ddf_super *, const struct vcl *);
+-static int
+-validate_geometry_ddf_container(struct supertype *st,
+- int level, int layout, int raiddisks,
+- int chunk, unsigned long long size,
+- unsigned long long data_offset,
+- char *dev, unsigned long long *freesize,
+- int verbose);
+
+ static int validate_geometry_ddf_bvd(struct supertype *st,
+int level, int layout, int raiddisks,
+@@ -3322,6 +3315,42 @@ static int reserve_space(struct supertype *st, int
raiddisks,
+ return 1;
+ }
+
++static int
++validate_geometry_ddf_container(struct supertype *st,
++ int level, int raiddisks,
++ unsigned long long data_offset,
++ char *dev, unsigned long long *freesize,
++ int verbose)
++{
++ int fd;
++ unsigned long long ldsize;
++
++ if (level != LEVEL_CONTAINER)
++ return 0;
++ if (!dev)
++ return 1;
++
++ fd = dev_open(dev, O_RDONLY|O_EXCL);
++ if (fd < 0) {
++ if (verbose)
++ pr_err("ddf: Cannot open %s: %s\n",
++ dev, strerror(errno));
++ return 0;
++ }
++ if (!get_dev_size(fd, dev, )) {
++ close(fd);
++ return 0;
++ }
++ close(fd);
++ if (freesize) {
++ *freesize = avail_size_ddf(st, ldsize >> 9, INVALID_SECTORS);
++ if (*freesize == 0)
++ return 0;
++ }
++
++ return 1;
++}
++
+ static int validate_geometry_ddf(struct supertype *st,
+int level, i
[OE-core] [PATCH 1/4] mdadm: fix util-linux-lsblk ptest dependency
From: Ovidiu Panait
Trying to run mdadm-ptest in a core-image-minimal build will result in:
root@qemux86-64:~# ptest-runner mdadm
START: ptest-runner
BEGIN: /usr/lib/mdadm/ptest
which: no lsblk in
(/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin)
lsblk command not found!
DURATION: 0
END: /usr/lib/mdadm/ptest
2023-06-28T10:14
STOP: ptest-runner
TOTAL: 1 FAIL: 0
To fix this, add util-linux-lsblk to RDEPENDS and remove util-linux from
RRECOMMENDS.
Signed-off-by: Ovidiu Panait
---
meta/recipes-extended/mdadm/mdadm_4.2.bb | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/meta/recipes-extended/mdadm/mdadm_4.2.bb
b/meta/recipes-extended/mdadm/mdadm_4.2.bb
index 14de9d88c2..0a122b0b01 100644
--- a/meta/recipes-extended/mdadm/mdadm_4.2.bb
+++ b/meta/recipes-extended/mdadm/mdadm_4.2.bb
@@ -101,10 +101,9 @@ do_install_ptest() {
}
RDEPENDS:${PN} += "bash"
-RDEPENDS:${PN}-ptest += "bash e2fsprogs-mke2fs"
+RDEPENDS:${PN}-ptest += "bash e2fsprogs-mke2fs util-linux-lsblk"
RRECOMMENDS:${PN}-ptest += " \
coreutils \
-util-linux \
kernel-module-loop \
kernel-module-linear \
kernel-module-raid0 \
--
2.39.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#183631):
https://lists.openembedded.org/g/openembedded-core/message/183631
Mute This Topic: https://lists.openembedded.org/mt/99851482/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 2/4] mdadm: fix 07revert-inplace ptest
From: Ovidiu Panait
Testcase 07revert-inplace fails if strace is not installed:
...
strace -o /tmp/str ./mdadm -A /dev/md0 --update=revert-reshape /dev/<...>
tests/07revert-inplace: line 40: strace: command not found
Add strace to mdadm-ptest RDEPENDS to make sure the testcase passes even with
a core-image-minimal build.
Signed-off-by: Ovidiu Panait
---
meta/recipes-extended/mdadm/mdadm_4.2.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-extended/mdadm/mdadm_4.2.bb
b/meta/recipes-extended/mdadm/mdadm_4.2.bb
index 0a122b0b01..a5844b6726 100644
--- a/meta/recipes-extended/mdadm/mdadm_4.2.bb
+++ b/meta/recipes-extended/mdadm/mdadm_4.2.bb
@@ -101,7 +101,7 @@ do_install_ptest() {
}
RDEPENDS:${PN} += "bash"
-RDEPENDS:${PN}-ptest += "bash e2fsprogs-mke2fs util-linux-lsblk"
+RDEPENDS:${PN}-ptest += "bash e2fsprogs-mke2fs util-linux-lsblk strace"
RRECOMMENDS:${PN}-ptest += " \
coreutils \
kernel-module-loop \
--
2.39.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#183632):
https://lists.openembedded.org/g/openembedded-core/message/183632
Mute This Topic: https://lists.openembedded.org/mt/99851483/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] gobject-introspection: inherit python3targetconfig
When building gobject-introspection for aarch64, the generated giscanner python module has the wrong "x86_64" suffix: ./usr/lib/gobject-introspection/giscanner/_giscanner.cpython-311-x86_64-linux-gnu.so The EXT_SUFFIX used by meson to generate the python module is taken from the native python3 sysconfig instead of the target sysconfig. Replace the python3native inherit with python3targetconfig to fix this. Signed-off-by: Ovidiu Panait --- .../gobject-introspection/gobject-introspection_1.74.0.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-gnome/gobject-introspection/gobject-introspection_1.74.0.bb b/meta/recipes-gnome/gobject-introspection/gobject-introspection_1.74.0.bb index ab9d2d35d9..781ed65da3 100644 --- a/meta/recipes-gnome/gobject-introspection/gobject-introspection_1.74.0.bb +++ b/meta/recipes-gnome/gobject-introspection/gobject-introspection_1.74.0.bb @@ -21,7 +21,7 @@ SRC_URI[sha256sum] = "347b3a719e68ba4c69ff2d57ee2689233ea8c07fc492205e573386779e SRC_URI:append:class-native = " file://0001-Relocate-the-repository-directory-for-native-builds.patch" -inherit meson pkgconfig gtk-doc python3native qemu gobject-introspection-data upstream-version-is-even multilib_script +inherit meson pkgconfig gtk-doc python3targetconfig qemu gobject-introspection-data upstream-version-is-even multilib_script GTKDOC_MESON_OPTION = "gtk_doc" -- 2.39.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#179269): https://lists.openembedded.org/g/openembedded-core/message/179269 Mute This Topic: https://lists.openembedded.org/mt/97924147/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH 2/2] sstate.bbclass: fix cleanup when sysroot in manifest != RECIPE_SYSROOT
On 08.03.2023 12:18, Richard Purdie wrote: Yes, this is still reproducible in a clean build, with a fresh poky clone. Same steps as before: git clone https://github.com/yoctoproject/poky.git; cd poky/; . oe-init-build-env add to local.conf: require conf/multilib.conf MACHINE = "qemuarm64" MULTILIBS = "multilib:lib32" DEFAULTTUNE:virtclass-multilib-lib32 = "armv7athf-neon" bitbake gcc-cross-canadian-arm update local.conf to force a rebuild: GCCPIE = "--disable-default-pie" bitbake gcc-cross-canadian-arm Sorry, it looks like I messed something up in testing. The approach is the right one but as you mention, it isn't quite working. I've sent another patch which does work with the steps above. We can't just use nativesdk since the file lists of the different canadian targets may be different and would cause a different kind of failure. I therefore tweaked the prefix accordingly and made the fix multilib specific at the call site that triggers the issue. The new patch fixes the build for me as well, thanks a lot! Ovidiu Cheers, Richard -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#178166): https://lists.openembedded.org/g/openembedded-core/message/178166 Mute This Topic: https://lists.openembedded.org/mt/97268632/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH 2/2] sstate.bbclass: fix cleanup when sysroot in manifest != RECIPE_SYSROOT
Hi Richard,
On 3/7/23 22:45, Richard Purdie wrote:
CAUTION: This email comes from a non Wind River email account!
Do not click links or open attachments unless you recognize the sender and know
the content is safe.
On Tue, 2023-03-07 at 21:04 +0200, Ovidiu Panait wrote:
Hi Richard,
On 3/6/23 19:59, Richard Purdie wrote:
CAUTION: This email comes from a non Wind River email account!
Do not click links or open attachments unless you recognize the sender and know
the content is safe.
On Mon, 2023-02-27 at 17:42 +0200, Ovidiu Panait wrote:
The following scenario currently fails:
git clone git://git.yoctoproject.org/poky
cd poky; . oe-init-build-env
add to local.conf:
require conf/multilib.conf
MACHINE = "qemuarm64"
MULTILIBS = "multilib:lib32"
DEFAULTTUNE:virtclass-multilib-lib32 = "armv7athf-neon"
bitbake gcc-cross-canadian-arm
update local.conf to force a rebuild:
GCCPIE = "--disable-default-pie"
bitbake gcc-cross-canadian-arm
Failure log:
The stack trace of python calls that resulted in this exception/failure was:
File: 'exec_func_python() autogenerated', lineno: 2, function:
0001:
*** 0002:extend_recipe_sysroot(d)
0003:
File: 'poky/meta/classes-global/staging.bbclass', lineno: 164, function:
staging_copyfile
0160:os.symlink(linkto, dest)
0161:#bb.warn(c)
0162:else:
0163:try:
*** 0164:os.link(c, dest)
0165:except OSError as err:
0166:if err.errno == errno.EXDEV:
0167:bb.utils.copyfile(c, dest)
0168:else:
Exception: FileExistsError: [Errno 17] File exists:
'poky/build/tmp/sysroots-components/armv7at2hf-neon/lib32-linux-libc-headers/usr/include/asm/byteorder-32.h'
->
'poky/build/tmp/work/x86_64-nativesdk-pokysdk-linux/gcc-cross-canadian-arm/12.2.0-r0/recipe-sysroot/usr/include/asm/byteorder-32.h'
In this particular case, the paths in lib32-linux-libc-headers manifest file
are prefixed with lib32-recipe-sysroot:
$ cat build/tmp/sysroots-components/manifests/lib32-linux-libc-headers.xxx
lib32-recipe-sysroot/usr/include/asm/byteorder-32.h
lib32-recipe-sysroot/usr/include/asm/sigcontext-32.h
...
When gcc-cross-canadian-arm is built, the actual files get copied to
recipe-sysroot directory during do_prepare_recipe_sysroot().
Because of this mismatch, on rebuild, sstate_clean_manifest() will not clean
the files in recipe-sysroot, but will instead try to delete the non-existent
files in lib32-recipe-sysroot. This will trigger the FileExists errors later.
Add checks in sstate_clean_manifest() for this corner case, so that
RECIPE_SYSROOT gets cleaned up properly.
This fixes BZ#15045.
Signed-off-by: Ovidiu Panait
---
meta/classes-global/sstate.bbclass | 11 +++
1 file changed, 11 insertions(+)
diff --git a/meta/classes-global/sstate.bbclass
b/meta/classes-global/sstate.bbclass
index af93546b04..edf5c7fb65 100644
--- a/meta/classes-global/sstate.bbclass
+++ b/meta/classes-global/sstate.bbclass
@@ -529,9 +529,20 @@ def sstate_clean_manifest(manifest, d, canrace=False,
prefix=None):
entries = mfile.readlines()
mfile.close()
+recipe_sysroot = d.getVar("RECIPE_SYSROOT").rstrip("/").rsplit('/', 1)[-1]
+
for entry in entries:
sstate_clean_entry(entry, canrace, prefix)
+# The sysroot directory stored in the manifest file might not be the
+# same as RECIPE_SYSROOT, so the real sysroot will not be properly
+# cleaned up on rebuild. Handle the cleanup here in order to avoid
+# "File exists" errors during do_prepare_recipe_sysroot().
+manifest_sysroot = entry.split("/", 1)[0] or None
+if manifest_sysroot and manifest_sysroot != recipe_sysroot and not
manifest_sysroot.endswith("-native"):
+sysroot_entry = recipe_sysroot + "/" + entry.split("/", 1)[1]
+sstate_clean_entry(sysroot_entry, canrace, prefix)
+
postrm = manifest + ".postrm"
if os.path.exists(manifest + ".postrm"):
import subprocess
I looked into this and as I suspected, the bug is elsewhere. I've sent
a different patch to the staging.bbclass code which should fix this
problem.
I tested with latest poky sources (with commit "staging: Separate out
different multiconfig manifests" present), but the same error is still
triggered on rebuild:
File: 'poky/meta/classes-global/staging.bbclass', lineno: 164, function:
staging_copyfile
0160:os.symlink(linkto, dest)
0161:#bb.warn(c)
0162:else:
0163:try:
*** 0164:os.link(c, dest)
0165:except OSError as err:
0166:if err.errno == errno.EXDEV:
0167:bb.utils.copyfile(c, dest)
0168:else:
Exception: FileExistsError
Re: [OE-core] [PATCH 2/2] sstate.bbclass: fix cleanup when sysroot in manifest != RECIPE_SYSROOT
Hi Richard,
On 3/6/23 19:59, Richard Purdie wrote:
CAUTION: This email comes from a non Wind River email account!
Do not click links or open attachments unless you recognize the sender and know
the content is safe.
On Mon, 2023-02-27 at 17:42 +0200, Ovidiu Panait wrote:
The following scenario currently fails:
git clone git://git.yoctoproject.org/poky
cd poky; . oe-init-build-env
add to local.conf:
require conf/multilib.conf
MACHINE = "qemuarm64"
MULTILIBS = "multilib:lib32"
DEFAULTTUNE:virtclass-multilib-lib32 = "armv7athf-neon"
bitbake gcc-cross-canadian-arm
update local.conf to force a rebuild:
GCCPIE = "--disable-default-pie"
bitbake gcc-cross-canadian-arm
Failure log:
The stack trace of python calls that resulted in this exception/failure was:
File: 'exec_func_python() autogenerated', lineno: 2, function:
0001:
*** 0002:extend_recipe_sysroot(d)
0003:
File: 'poky/meta/classes-global/staging.bbclass', lineno: 164, function:
staging_copyfile
0160:os.symlink(linkto, dest)
0161:#bb.warn(c)
0162:else:
0163:try:
*** 0164:os.link(c, dest)
0165:except OSError as err:
0166:if err.errno == errno.EXDEV:
0167:bb.utils.copyfile(c, dest)
0168:else:
Exception: FileExistsError: [Errno 17] File exists:
'poky/build/tmp/sysroots-components/armv7at2hf-neon/lib32-linux-libc-headers/usr/include/asm/byteorder-32.h'
->
'poky/build/tmp/work/x86_64-nativesdk-pokysdk-linux/gcc-cross-canadian-arm/12.2.0-r0/recipe-sysroot/usr/include/asm/byteorder-32.h'
In this particular case, the paths in lib32-linux-libc-headers manifest file
are prefixed with lib32-recipe-sysroot:
$ cat build/tmp/sysroots-components/manifests/lib32-linux-libc-headers.xxx
lib32-recipe-sysroot/usr/include/asm/byteorder-32.h
lib32-recipe-sysroot/usr/include/asm/sigcontext-32.h
...
When gcc-cross-canadian-arm is built, the actual files get copied to
recipe-sysroot directory during do_prepare_recipe_sysroot().
Because of this mismatch, on rebuild, sstate_clean_manifest() will not clean
the files in recipe-sysroot, but will instead try to delete the non-existent
files in lib32-recipe-sysroot. This will trigger the FileExists errors later.
Add checks in sstate_clean_manifest() for this corner case, so that
RECIPE_SYSROOT gets cleaned up properly.
This fixes BZ#15045.
Signed-off-by: Ovidiu Panait
---
meta/classes-global/sstate.bbclass | 11 +++
1 file changed, 11 insertions(+)
diff --git a/meta/classes-global/sstate.bbclass
b/meta/classes-global/sstate.bbclass
index af93546b04..edf5c7fb65 100644
--- a/meta/classes-global/sstate.bbclass
+++ b/meta/classes-global/sstate.bbclass
@@ -529,9 +529,20 @@ def sstate_clean_manifest(manifest, d, canrace=False,
prefix=None):
entries = mfile.readlines()
mfile.close()
+recipe_sysroot = d.getVar("RECIPE_SYSROOT").rstrip("/").rsplit('/', 1)[-1]
+
for entry in entries:
sstate_clean_entry(entry, canrace, prefix)
+# The sysroot directory stored in the manifest file might not be the
+# same as RECIPE_SYSROOT, so the real sysroot will not be properly
+# cleaned up on rebuild. Handle the cleanup here in order to avoid
+# "File exists" errors during do_prepare_recipe_sysroot().
+manifest_sysroot = entry.split("/", 1)[0] or None
+if manifest_sysroot and manifest_sysroot != recipe_sysroot and not
manifest_sysroot.endswith("-native"):
+sysroot_entry = recipe_sysroot + "/" + entry.split("/", 1)[1]
+sstate_clean_entry(sysroot_entry, canrace, prefix)
+
postrm = manifest + ".postrm"
if os.path.exists(manifest + ".postrm"):
import subprocess
I looked into this and as I suspected, the bug is elsewhere. I've sent
a different patch to the staging.bbclass code which should fix this
problem.
I tested with latest poky sources (with commit "staging: Separate out
different multiconfig manifests" present), but the same error is still
triggered on rebuild:
File: 'poky/meta/classes-global/staging.bbclass', lineno: 164, function:
staging_copyfile
0160:Â Â Â os.symlink(linkto, dest)
0161:Â Â Â #bb.warn(c)
0162:Â Â Â else:
0163:Â Â Â try:
 *** 0164:   os.link(c, dest)
0165:Â Â Â except OSError as err:
0166:Â Â Â if err.errno == errno.EXDEV:
0167:Â Â Â bb.utils.copyfile(c, dest)
0168:Â Â Â else:
Exception: FileExistsError: [Errno 17] File exists:
'poky/build/tmp/sysroots-components/armv7at2hf-neon/lib32-linux-libc-headers/usr/include/asm/byteorder-32.h'
->
'poky/build/tmp/work/x86_64-nativesdk-pokysdk-linux/gcc-cross-canadian-arm/12.2.0-r0/recipe-sysroot/usr/include/asm/byteorder-32.h'
The manifest files still show
Re: [OE-core] [PATCH 2/2] sstate.bbclass: fix cleanup when sysroot in manifest != RECIPE_SYSROOT
Hi Richard,
On 2/27/23 17:56, Richard Purdie wrote:
CAUTION: This email comes from a non Wind River email account!
Do not click links or open attachments unless you recognize the sender and know
the content is safe.
On Mon, 2023-02-27 at 17:42 +0200, Ovidiu Panait wrote:
The following scenario currently fails:
git clone git://git.yoctoproject.org/poky
cd poky; . oe-init-build-env
add to local.conf:
require conf/multilib.conf
MACHINE = "qemuarm64"
MULTILIBS = "multilib:lib32"
DEFAULTTUNE:virtclass-multilib-lib32 = "armv7athf-neon"
bitbake gcc-cross-canadian-arm
update local.conf to force a rebuild:
GCCPIE = "--disable-default-pie"
bitbake gcc-cross-canadian-arm
Failure log:
The stack trace of python calls that resulted in this exception/failure was:
File: 'exec_func_python() autogenerated', lineno: 2, function:
0001:
*** 0002:extend_recipe_sysroot(d)
0003:
File: 'poky/meta/classes-global/staging.bbclass', lineno: 164, function:
staging_copyfile
0160:os.symlink(linkto, dest)
0161:#bb.warn(c)
0162:else:
0163:try:
*** 0164:os.link(c, dest)
0165:except OSError as err:
0166:if err.errno == errno.EXDEV:
0167:bb.utils.copyfile(c, dest)
0168:else:
Exception: FileExistsError: [Errno 17] File exists:
'poky/build/tmp/sysroots-components/armv7at2hf-neon/lib32-linux-libc-headers/usr/include/asm/byteorder-32.h'
->
'poky/build/tmp/work/x86_64-nativesdk-pokysdk-linux/gcc-cross-canadian-arm/12.2.0-r0/recipe-sysroot/usr/include/asm/byteorder-32.h'
In this particular case, the paths in lib32-linux-libc-headers manifest file
are prefixed with lib32-recipe-sysroot:
$ cat build/tmp/sysroots-components/manifests/lib32-linux-libc-headers.xxx
lib32-recipe-sysroot/usr/include/asm/byteorder-32.h
lib32-recipe-sysroot/usr/include/asm/sigcontext-32.h
...
When gcc-cross-canadian-arm is built, the actual files get copied to
recipe-sysroot directory during do_prepare_recipe_sysroot().
Because of this mismatch, on rebuild, sstate_clean_manifest() will not clean
the files in recipe-sysroot, but will instead try to delete the non-existent
files in lib32-recipe-sysroot. This will trigger the FileExists errors later.
Add checks in sstate_clean_manifest() for this corner case, so that
RECIPE_SYSROOT gets cleaned up properly.
This fixes BZ#15045.
Signed-off-by: Ovidiu Panait
---
meta/classes-global/sstate.bbclass | 11 +++
1 file changed, 11 insertions(+)
diff --git a/meta/classes-global/sstate.bbclass
b/meta/classes-global/sstate.bbclass
index af93546b04..edf5c7fb65 100644
--- a/meta/classes-global/sstate.bbclass
+++ b/meta/classes-global/sstate.bbclass
@@ -529,9 +529,20 @@ def sstate_clean_manifest(manifest, d, canrace=False,
prefix=None):
entries = mfile.readlines()
mfile.close()
+recipe_sysroot = d.getVar("RECIPE_SYSROOT").rstrip("/").rsplit('/', 1)[-1]
+
for entry in entries:
sstate_clean_entry(entry, canrace, prefix)
+# The sysroot directory stored in the manifest file might not be the
+# same as RECIPE_SYSROOT, so the real sysroot will not be properly
+# cleaned up on rebuild. Handle the cleanup here in order to avoid
+# "File exists" errors during do_prepare_recipe_sysroot().
+manifest_sysroot = entry.split("/", 1)[0] or None
+if manifest_sysroot and manifest_sysroot != recipe_sysroot and not
manifest_sysroot.endswith("-native"):
+sysroot_entry = recipe_sysroot + "/" + entry.split("/", 1)[1]
+sstate_clean_entry(sysroot_entry, canrace, prefix)
+
postrm = manifest + ".postrm"
if os.path.exists(manifest + ".postrm"):
import subprocess
How many recipe-sysroots are there for gcc-cross-canadian-arm ? This
feels like a workaround for some other issue which should probably be
fixed properly instead?
(resending, as the first reply didn't actually made it to the list)
There are "recipe-sysroot" and "recipe-sysroot-native" sysroots in
gcc-cross-canadian-arm WORKDIR, but no lib32-recipe-sysroot.
Ovidiu
Cheers,
Richard
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#177802):
https://lists.openembedded.org/g/openembedded-core/message/177802
Mute This Topic: https://lists.openembedded.org/mt/97268632/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 2/2] sstate.bbclass: fix cleanup when sysroot in manifest != RECIPE_SYSROOT
The following scenario currently fails:
git clone git://git.yoctoproject.org/poky
cd poky; . oe-init-build-env
add to local.conf:
require conf/multilib.conf
MACHINE = "qemuarm64"
MULTILIBS = "multilib:lib32"
DEFAULTTUNE:virtclass-multilib-lib32 = "armv7athf-neon"
bitbake gcc-cross-canadian-arm
update local.conf to force a rebuild:
GCCPIE = "--disable-default-pie"
bitbake gcc-cross-canadian-arm
Failure log:
The stack trace of python calls that resulted in this exception/failure was:
File: 'exec_func_python() autogenerated', lineno: 2, function:
0001:
*** 0002:extend_recipe_sysroot(d)
0003:
File: 'poky/meta/classes-global/staging.bbclass', lineno: 164, function:
staging_copyfile
0160:os.symlink(linkto, dest)
0161:#bb.warn(c)
0162:else:
0163:try:
*** 0164:os.link(c, dest)
0165:except OSError as err:
0166:if err.errno == errno.EXDEV:
0167:bb.utils.copyfile(c, dest)
0168:else:
Exception: FileExistsError: [Errno 17] File exists:
'poky/build/tmp/sysroots-components/armv7at2hf-neon/lib32-linux-libc-headers/usr/include/asm/byteorder-32.h'
->
'poky/build/tmp/work/x86_64-nativesdk-pokysdk-linux/gcc-cross-canadian-arm/12.2.0-r0/recipe-sysroot/usr/include/asm/byteorder-32.h'
In this particular case, the paths in lib32-linux-libc-headers manifest file
are prefixed with lib32-recipe-sysroot:
$ cat build/tmp/sysroots-components/manifests/lib32-linux-libc-headers.xxx
lib32-recipe-sysroot/usr/include/asm/byteorder-32.h
lib32-recipe-sysroot/usr/include/asm/sigcontext-32.h
...
When gcc-cross-canadian-arm is built, the actual files get copied to
recipe-sysroot directory during do_prepare_recipe_sysroot().
Because of this mismatch, on rebuild, sstate_clean_manifest() will not clean
the files in recipe-sysroot, but will instead try to delete the non-existent
files in lib32-recipe-sysroot. This will trigger the FileExists errors later.
Add checks in sstate_clean_manifest() for this corner case, so that
RECIPE_SYSROOT gets cleaned up properly.
This fixes BZ#15045.
Signed-off-by: Ovidiu Panait
---
meta/classes-global/sstate.bbclass | 11 +++
1 file changed, 11 insertions(+)
diff --git a/meta/classes-global/sstate.bbclass
b/meta/classes-global/sstate.bbclass
index af93546b04..edf5c7fb65 100644
--- a/meta/classes-global/sstate.bbclass
+++ b/meta/classes-global/sstate.bbclass
@@ -529,9 +529,20 @@ def sstate_clean_manifest(manifest, d, canrace=False,
prefix=None):
entries = mfile.readlines()
mfile.close()
+recipe_sysroot = d.getVar("RECIPE_SYSROOT").rstrip("/").rsplit('/', 1)[-1]
+
for entry in entries:
sstate_clean_entry(entry, canrace, prefix)
+# The sysroot directory stored in the manifest file might not be the
+# same as RECIPE_SYSROOT, so the real sysroot will not be properly
+# cleaned up on rebuild. Handle the cleanup here in order to avoid
+# "File exists" errors during do_prepare_recipe_sysroot().
+manifest_sysroot = entry.split("/", 1)[0] or None
+if manifest_sysroot and manifest_sysroot != recipe_sysroot and not
manifest_sysroot.endswith("-native"):
+sysroot_entry = recipe_sysroot + "/" + entry.split("/", 1)[1]
+sstate_clean_entry(sysroot_entry, canrace, prefix)
+
postrm = manifest + ".postrm"
if os.path.exists(manifest + ".postrm"):
import subprocess
--
2.39.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#177798):
https://lists.openembedded.org/g/openembedded-core/message/177798
Mute This Topic: https://lists.openembedded.org/mt/97268632/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 1/2] sstate.bbclass: factor out manifest cleanup code from sstate_clean_manifest()
Move manifest entry cleanup code from sstate_clean_manifest() to its own
function, so it can be reused.
Signed-off-by: Ovidiu Panait
---
meta/classes-global/sstate.bbclass | 40 --
1 file changed, 22 insertions(+), 18 deletions(-)
diff --git a/meta/classes-global/sstate.bbclass
b/meta/classes-global/sstate.bbclass
index 567de4aba4..af93546b04 100644
--- a/meta/classes-global/sstate.bbclass
+++ b/meta/classes-global/sstate.bbclass
@@ -501,6 +501,27 @@ def sstate_clean_cachefiles(d):
ss = sstate_state_fromvars(ld, task)
sstate_clean_cachefile(ss, ld)
+def sstate_clean_entry(entry, canrace, prefix):
+entry = entry.strip()
+if prefix and not entry.startswith("/"):
+entry = prefix + "/" + entry
+
+bb.debug(2, "Removing manifest: %s" % entry)
+# We can race against another package populating directories as we're
removing them
+# so we ignore errors here.
+try:
+if entry.endswith("/"):
+if os.path.islink(entry[:-1]):
+os.remove(entry[:-1])
+elif os.path.exists(entry) and len(os.listdir(entry)) == 0 and not
canrace:
+# Removing directories whilst builds are in progress exposes a
race. Only
+# do it in contexts where it is safe to do so.
+os.rmdir(entry[:-1])
+else:
+os.remove(entry)
+except OSError:
+pass
+
def sstate_clean_manifest(manifest, d, canrace=False, prefix=None):
import oe.path
@@ -509,24 +530,7 @@ def sstate_clean_manifest(manifest, d, canrace=False,
prefix=None):
mfile.close()
for entry in entries:
-entry = entry.strip()
-if prefix and not entry.startswith("/"):
-entry = prefix + "/" + entry
-bb.debug(2, "Removing manifest: %s" % entry)
-# We can race against another package populating directories as we're
removing them
-# so we ignore errors here.
-try:
-if entry.endswith("/"):
-if os.path.islink(entry[:-1]):
-os.remove(entry[:-1])
-elif os.path.exists(entry) and len(os.listdir(entry)) == 0 and
not canrace:
-# Removing directories whilst builds are in progress
exposes a race. Only
-# do it in contexts where it is safe to do so.
-os.rmdir(entry[:-1])
-else:
-os.remove(entry)
-except OSError:
-pass
+sstate_clean_entry(entry, canrace, prefix)
postrm = manifest + ".postrm"
if os.path.exists(manifest + ".postrm"):
--
2.39.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#177797):
https://lists.openembedded.org/g/openembedded-core/message/177797
Mute This Topic: https://lists.openembedded.org/mt/97268629/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH v2] webkitgtk: fix perl-native dependency
From: Ovidiu Panait
Currently, perl-native is missing from DEPENDS for webkitgtk even though
perlnative bbclass is inherited. This happens because the DEPENDS variable is
reassigned right after perlnative class is inherited:
inherit perlnative (DEPENDS += "perl-native")
...
DEPENDS = " \
..."
Adjust the DEPENDS line to use += in order to fix this.
Signed-off-by: Ovidiu Panait
---
v2 updates: change DEPENDS line to use +=.
meta/recipes-sato/webkit/webkitgtk_2.38.3.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-sato/webkit/webkitgtk_2.38.3.bb
b/meta/recipes-sato/webkit/webkitgtk_2.38.3.bb
index e890079dc5..f076fb0498 100644
--- a/meta/recipes-sato/webkit/webkitgtk_2.38.3.bb
+++ b/meta/recipes-sato/webkit/webkitgtk_2.38.3.bb
@@ -24,7 +24,7 @@ REQUIRED_DISTRO_FEATURES =
"${@bb.utils.contains('DISTRO_FEATURES', 'wayland', '
CVE_PRODUCT = "webkitgtk webkitgtk\+"
-DEPENDS = " \
+DEPENDS += " \
ruby-native \
gperf-native \
cairo \
--
2.38.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#175985):
https://lists.openembedded.org/g/openembedded-core/message/175985
Mute This Topic: https://lists.openembedded.org/mt/96306925/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] kernel.bbclass: remove empty module directories to prevent QA issues
From: Ovidiu Panait
Currently, allyesconfig test runs for x86_64 fail with:
ERROR: linux-yocto-5.19.17+gitAUTOINC+0cba9aa404_aaf4490d18-r0 do_package:
QA Issue: linux-yocto: Files/directories were installed but not shipped in any
package:
/lib/modules/5.19.17/kernel/drivers/nvdimm
With CONFIG_NVDIMM_TEST_BUILD=m, an empty nvdimm directory is created during
modules_install, which triggers the QA issue.
Extend kernel_do_install() to also remove inner empty directories that might
get created by modules_install.
Signed-off-by: Ovidiu Panait
---
meta/classes-recipe/kernel.bbclass | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta/classes-recipe/kernel.bbclass
b/meta/classes-recipe/kernel.bbclass
index 3f6b40907f..553e17bb4e 100644
--- a/meta/classes-recipe/kernel.bbclass
+++ b/meta/classes-recipe/kernel.bbclass
@@ -450,8 +450,8 @@ kernel_do_install() {
oe_runmake DEPMOD=echo
MODLIB=${D}${nonarch_base_libdir}/modules/${KERNEL_VERSION}
INSTALL_FW_PATH=${D}${nonarch_base_libdir}/firmware modules_install
rm "${D}${nonarch_base_libdir}/modules/${KERNEL_VERSION}/build"
rm "${D}${nonarch_base_libdir}/modules/${KERNEL_VERSION}/source"
- # If the kernel/ directory is empty remove it to prevent QA
issues
- rmdir --ignore-fail-on-non-empty
"${D}${nonarch_base_libdir}/modules/${KERNEL_VERSION}/kernel"
+ # Remove empty module directories to prevent QA issues
+ find
"${D}${nonarch_base_libdir}/modules/${KERNEL_VERSION}/kernel" -type d -empty
-delete
else
bbnote "no modules to install"
fi
--
2.38.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#174291):
https://lists.openembedded.org/g/openembedded-core/message/174291
Mute This Topic: https://lists.openembedded.org/mt/95470162/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [hardknott][PATCH 1/1] openssl: upgrade 1.1.1l -> 1.1.1n
Upgrade openssl 1.1.1l -> 1.1.1n to fix CVE-2022-0778:
https://nvd.nist.gov/vuln/detail/CVE-2022-0778
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3118eb64934499d93db3230748a452351d1d9a65
This also fixes an evp_extra_test ptest failure introduced by openssl-1.1.1m:
"""
not ok 19 - test_signatures_with_engine
ERROR: (ptr) 'e = ENGINE_by_id(engine_id) != NULL' failed @
../openssl-1.1.1m/test/evp_extra_test.c:1890
0x0
not ok 20 - test_cipher_with_engine
"""
The ptest change is already present in Yocto master since oe-core
commit 5cd40648b0ba ("openssl: upgrade to 3.0.1").
Signed-off-by: Ovidiu Panait
---
.../openssl/{openssl_1.1.1l.bb => openssl_1.1.1n.bb} | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
rename meta/recipes-connectivity/openssl/{openssl_1.1.1l.bb =>
openssl_1.1.1n.bb} (98%)
diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1l.bb
b/meta/recipes-connectivity/openssl/openssl_1.1.1n.bb
similarity index 98%
rename from meta/recipes-connectivity/openssl/openssl_1.1.1l.bb
rename to meta/recipes-connectivity/openssl/openssl_1.1.1n.bb
index 50500eebc2..df13abf54e 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.1.1l.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.1.1n.bb
@@ -29,7 +29,7 @@ SRC_URI_append_riscv32 = " \
file://0004-Fixup-support-for-io_pgetevents_time64-syscall.patch \
"
-SRC_URI[sha256sum] =
"0b7a3e5e59c34827fe0c3a74b7ec8baef302b98fa80088d7f9153aa16fa76bd1"
+SRC_URI[sha256sum] =
"40dceb51a4f6a5275bde0e6bf20ef4b91bfc32ed57c0552e2e8e15463372b17a"
inherit lib_package multilib_header multilib_script ptest
MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
@@ -204,6 +204,7 @@ do_install_ptest () {
install -m755 ${B}/apps/CA.pl ${D}${PTEST_PATH}/apps
install -d ${D}${PTEST_PATH}/engines
+ install -m755 ${B}/engines/dasync.so ${D}${PTEST_PATH}/engines
install -m755 ${B}/engines/ossltest.so ${D}${PTEST_PATH}/engines
# seems to be needed with perl 5.32.1
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#163480):
https://lists.openembedded.org/g/openembedded-core/message/163480
Mute This Topic: https://lists.openembedded.org/mt/89904118/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [dunfell][PATCH 1/1] openssl: upgrade 1.1.1l -> 1.1.1n
Upgrade openssl 1.1.1l -> 1.1.1n to fix CVE-2022-0778:
https://nvd.nist.gov/vuln/detail/CVE-2022-0778
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3118eb64934499d93db3230748a452351d1d9a65
This also fixes an evp_extra_test ptest failure introduced by openssl-1.1.1m:
"""
not ok 19 - test_signatures_with_engine
ERROR: (ptr) 'e = ENGINE_by_id(engine_id) != NULL' failed @
../openssl-1.1.1m/test/evp_extra_test.c:1890
0x0
not ok 20 - test_cipher_with_engine
"""
The ptest change is already present in Yocto master since oe-core
commit 5cd40648b0ba ("openssl: upgrade to 3.0.1").
Signed-off-by: Ovidiu Panait
---
.../openssl/openssl/CVE-2021-4160.patch | 145 --
.../{openssl_1.1.1l.bb => openssl_1.1.1n.bb} | 4 +-
2 files changed, 2 insertions(+), 147 deletions(-)
delete mode 100644
meta/recipes-connectivity/openssl/openssl/CVE-2021-4160.patch
rename meta/recipes-connectivity/openssl/{openssl_1.1.1l.bb =>
openssl_1.1.1n.bb} (97%)
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2021-4160.patch
b/meta/recipes-connectivity/openssl/openssl/CVE-2021-4160.patch
deleted file mode 100644
index ff1e807157..00
--- a/meta/recipes-connectivity/openssl/openssl/CVE-2021-4160.patch
+++ /dev/null
@@ -1,145 +0,0 @@
-From e9e726506cd2a3fd9c0f12daf8cc1fe934c7dddb Mon Sep 17 00:00:00 2001
-From: Bernd Edlinger
-Date: Sat, 11 Dec 2021 20:28:11 +0100
-Subject: [PATCH] Fix a carry overflow bug in bn_sqr_comba4/8 for mips 32-bit
- targets
-
-bn_sqr_comba8 does for instance compute a wrong result for the value:
-a=0x4aaac919 62056c84 fba7334e 1a6be678 022181ba fd3aa878 899b2346 ee210f45
-
-The correct result is:
-r=0x15c72e32 605a3061 d11b1012 3c187483 6df96999 bd0c22ba d3e7d437 4724a82f
-912c5e61 6a187efe 8f7c47fc f6945fe5 75be8e3d 97ed17d4 7950b465 3cb32899
-
-but the actual result was:
-r=0x15c72e32 605a3061 d11b1012 3c187483 6df96999 bd0c22ba d3e7d437 4724a82f
-912c5e61 6a187efe 8f7c47fc f6945fe5 75be8e3c 97ed17d4 7950b465 3cb32899
-
-so the forth word of the result was 0x75be8e3c but should have been
-0x75be8e3d instead.
-
-Likewise bn_sqr_comba4 has an identical bug for the same value as well:
-a=0x022181ba fd3aa878 899b2346 ee210f45
-
-correct result:
-r=0x00048a69 9fe82f8b 62bd2ed1 88781335 75be8e3d 97ed17d4 7950b465 3cb32899
-
-wrong result:
-r=0x00048a69 9fe82f8b 62bd2ed1 88781335 75be8e3c 97ed17d4 7950b465 3cb32899
-
-Fortunately the bn_mul_comba4/8 code paths are not affected.
-
-Also the mips64 target does in fact not handle the carry propagation
-correctly.
-
-Example:
-a=0x4aaac919 62056c84 fba7334e 1a6be678
-022181ba fd3aa878 899b234635dad283 ee210f450001
-
-correct result:
-r=0x15c72e32272c4471 392debf018c679c8 b85496496bf8254c d0204f36611e2be1
-0cdb3db8f3c081d8 c94ba0e1bacc5061 191b83d47ff929f6 5be0aebfc13ae68d
-3eea7a7fdf2f5758 42f7ec656cab3cb5 6a28095be34756f2 64f24687bf37de06
-2822309cd1d292f9 6fa698c972372f09 771e97d3a868cda0 dc421e8a0001
-
-wrong result:
-r=0x15c72e32272c4471 392debf018c679c8 b85496496bf8254c d0204f36611e2be1
-0cdb3db8f3c081d8 c94ba0e1bacc5061 191b83d47ff929f6 5be0aebfc13ae68d
-3eea7a7fdf2f5758 42f7ec656cab3cb5 6a28095be34756f2 64f24687bf37de06
-2822309cd1d292f8 6fa698c972372f09 771e97d3a868cda0 dc421e8a0001
-
-Reviewed-by: Paul Dale
-(Merged from https://github.com/openssl/openssl/pull/17258)
-
-(cherry picked from commit 336923c0c8d705cb8af5216b29a205662db0d590)
-
-Upstream-Status: Backport
[https://git.openssl.org/gitweb/?p=openssl.git;a=patch;h=e9e726506cd2a3fd9c0f12daf8cc1fe934c7dddb]
-CVE: CVE-2021-4160
-Signed-off-by: Ranjitsinh Rathod
-
- crypto/bn/asm/mips.pl | 4
- test/bntest.c | 45 +++
- 2 files changed, 49 insertions(+)
-
-diff --git a/crypto/bn/asm/mips.pl b/crypto/bn/asm/mips.pl
-index 8ad715bda4..74101030f2 100644
a/crypto/bn/asm/mips.pl
-+++ b/crypto/bn/asm/mips.pl
-@@ -1984,6 +1984,8 @@ $code.=<<___;
- sltu$at,$c_2,$t_1
- $ADDU $c_3,$t_2,$at
- $ST $c_2,$BNSZ($a0)
-+ sltu$at,$c_3,$t_2
-+ $ADDU $c_1,$at
- mflo($t_1,$a_2,$a_0)
- mfhi($t_2,$a_2,$a_0)
- ___
-@@ -2194,6 +2196,8 @@ $code.=<<___;
- sltu$at,$c_2,$t_1
- $ADDU $c_3,$t_2,$at
- $ST $c_2,$BNSZ($a0)
-+ sltu$at,$c_3,$t_2
-+ $ADDU $c_1,$at
- mflo($t_1,$a_2,$a_0)
- mfhi($t_2,$a_2,$a_0)
- ___
-diff --git a/test/bntest.c b/test/bntest.c
-index b58028a301..bab34ba54b 100644
a/test/bntest.c
-+++ b/test/bntest.c
-@@ -627,6 +627,51 @@ static int test_modexp_mont5(void)
- if (!TEST_BN_eq(c, d))
- goto err;
-
-+/*
-+ * Regression test for overflow bug in bn_sqr_comba4/8 for
-+ * mips-linux-gnu and mipsel-linux-gnu 32bit
[OE-core] [PATCH] timezone: upgrade to 2021a
Release 2021a - 2021-01-24 10:54:57 -0800
Changes to future timestamps
South Sudan changes from +03 to +02 on 2021-02-01 at 00:00.
(Thanks to Steffen Thorsen.)
Signed-off-by: Ovidiu Panait
---
meta/recipes-extended/timezone/timezone.inc | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/meta/recipes-extended/timezone/timezone.inc
b/meta/recipes-extended/timezone/timezone.inc
index 9a19093e24..a89560b424 100644
--- a/meta/recipes-extended/timezone/timezone.inc
+++ b/meta/recipes-extended/timezone/timezone.inc
@@ -6,7 +6,7 @@ SECTION = "base"
LICENSE = "PD & BSD & BSD-3-Clause"
LIC_FILES_CHKSUM = "file://LICENSE;md5=c679c9d6b02bc2757b3eaf8f53c43fba"
-PV = "2020f"
+PV = "2021a"
SRC_URI ="
http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz;name=tzcode
\
http://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata
\
@@ -14,5 +14,5 @@ SRC_URI ="
http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz
UPSTREAM_CHECK_URI = "http://www.iana.org/time-zones;
-SRC_URI[tzcode.sha256sum] =
"cfeeea2a7745164f64bd9f6d76e47916f4ac820c4434493674adbbd4324329c5"
-SRC_URI[tzdata.sha256sum] =
"121131918c3ae6dc5d40f0eb87563a2be920b71a76e2392c09519a5e4a666881"
+SRC_URI[tzcode.sha256sum] =
"eb46bfa124b5b6bd13d61a609bfde8351bd192894708d33aa06e5c1e255802d0"
+SRC_URI[tzdata.sha256sum] =
"39e7d2ba08c68cbaefc8de3227aab0dec2521be8042cf56855f7dc3a9fb14e08"
--
2.17.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#147157):
https://lists.openembedded.org/g/openembedded-core/message/147157
Mute This Topic: https://lists.openembedded.org/mt/80099456/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] timezone: upgrade to 2020f
Release 2020f - 2020-12-29 00:17:46 -0800
Change to build procedure
'make rearguard_tarballs' no longer generates a bad rearguard.zi,
fixing a 2020e bug. (Problem reported by Deborah Goldsmith.)
Signed-off-by: Ovidiu Panait
---
meta/recipes-extended/timezone/timezone.inc | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/meta/recipes-extended/timezone/timezone.inc
b/meta/recipes-extended/timezone/timezone.inc
index d175f0d4a0..9a19093e24 100644
--- a/meta/recipes-extended/timezone/timezone.inc
+++ b/meta/recipes-extended/timezone/timezone.inc
@@ -6,7 +6,7 @@ SECTION = "base"
LICENSE = "PD & BSD & BSD-3-Clause"
LIC_FILES_CHKSUM = "file://LICENSE;md5=c679c9d6b02bc2757b3eaf8f53c43fba"
-PV = "2020e"
+PV = "2020f"
SRC_URI ="
http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz;name=tzcode
\
http://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata
\
@@ -14,5 +14,5 @@ SRC_URI ="
http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz
UPSTREAM_CHECK_URI = "http://www.iana.org/time-zones;
-SRC_URI[tzcode.sha256sum] =
"3e10308976b09305d15cb4a32ff75483421f2063bfa24a9be366a027e7cd2902"
-SRC_URI[tzdata.sha256sum] =
"0be1ba329eae29ae1b54057c3547b3e672f73b3ae7643aa87dac85122bec037e"
+SRC_URI[tzcode.sha256sum] =
"cfeeea2a7745164f64bd9f6d76e47916f4ac820c4434493674adbbd4324329c5"
+SRC_URI[tzdata.sha256sum] =
"121131918c3ae6dc5d40f0eb87563a2be920b71a76e2392c09519a5e4a666881"
--
2.17.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#146351):
https://lists.openembedded.org/g/openembedded-core/message/146351
Mute This Topic: https://lists.openembedded.org/mt/79422775/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] timezone: upgrade to 2020e
Briefly:
Volgograd switches to Moscow time on 2020-12-27 at 02:00.
Changes to future timestamps
Volgograd changes time zone from +04 to +03 on 2020-12-27 at 02:00.
(Thanks to Alexander Krivenyshev and Stepan Golosunov.)
Changes to past timestamps
Correct many pre-1986 transitions, fixing entries originally
derived from Shanks. The fixes include:
- Australia: several 1917 through 1971 transitions
- Bahamas: several 1941 through 1945 transitions
- Bermuda: several 1917 through 1956 transitions
- Belize: several 1942 through 1968 transitions
- Ghana: several 1915 through 1956 transitions
- Israel and Palestine: several 1940 through 1985 transitions
- Kenya and adjacent: several 1908 through 1960 transitions
- Nigeria and adjacent: correcting LMT in Lagos, and several 1905
through 1919 transitions
- Seychelles: the introduction of standard time in 1907, not 1906
- Vanuatu: DST in 1973-1974, and a corrected 1984 transition
(Thanks to P Chan.)
Because of the Australia change, Australia/Currie (King Island) is
no longer needed, as it is identical to Australia/Hobart for all
timestamps since 1970 and was therefore created by mistake.
Australia/Currie has been moved to the 'backward' file and its
corrected data moved to the 'backzone' file.
Changes to past time zone abbreviations and DST flags
To better match legislation in Turks and Caicos, the 2015 shift to
year-round observance of -04 is now modeled as AST throughout before
returning to Eastern Time with US DST in 2018, rather than as
maintaining EDT until 2015-11-01. (Thanks to P Chan.)
Changes to documentation
The zic man page now documents zic's coalescing of transitions
when a zone falls back just before DST springs forward.
Signed-off-by: Ovidiu Panait
---
meta/recipes-extended/timezone/timezone.inc | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/meta/recipes-extended/timezone/timezone.inc
b/meta/recipes-extended/timezone/timezone.inc
index 5368464f30..d175f0d4a0 100644
--- a/meta/recipes-extended/timezone/timezone.inc
+++ b/meta/recipes-extended/timezone/timezone.inc
@@ -6,7 +6,7 @@ SECTION = "base"
LICENSE = "PD & BSD & BSD-3-Clause"
LIC_FILES_CHKSUM = "file://LICENSE;md5=c679c9d6b02bc2757b3eaf8f53c43fba"
-PV = "2020d"
+PV = "2020e"
SRC_URI ="
http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz;name=tzcode
\
http://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata
\
@@ -14,5 +14,5 @@ SRC_URI ="
http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz
UPSTREAM_CHECK_URI = "http://www.iana.org/time-zones;
-SRC_URI[tzcode.sha256sum] =
"6cf050ba28e8053029d3f32d71341d11a794c6b5dd51a77fc769d6dae364fad5"
-SRC_URI[tzdata.sha256sum] =
"8d813957de363387696f05af8a8889afa282ab5016a764c701a20758d39cbaf3"
+SRC_URI[tzcode.sha256sum] =
"3e10308976b09305d15cb4a32ff75483421f2063bfa24a9be366a027e7cd2902"
+SRC_URI[tzdata.sha256sum] =
"0be1ba329eae29ae1b54057c3547b3e672f73b3ae7643aa87dac85122bec037e"
--
2.17.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#146238):
https://lists.openembedded.org/g/openembedded-core/message/146238
Mute This Topic: https://lists.openembedded.org/mt/79265587/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH] kernel-devicetree: Introduce KERNEL_DEVICETREE_FLAGS to pass dtc flags
Hi Bruce,
On 22.12.2020 15:49, Bruce Ashfield wrote:
On Tue, Dec 22, 2020 at 5:43 AM Ovidiu Panait
wrote:
Currently DTC_FLAGS kernel makefile parameter can be specified directly on the
command line by adding it to KERNEL_EXTRA_ARGS. However, this prevents
scripts/Makefile.lib logic from appending flags that silence dtc warnings (all
assignments done from within a makefile, to a variable specified on the command
line, are ignored).
Because of this, the do_compile log is cluttered with dtc warnings that should
only be printed when compiling with W="123":
...
/soc: node has a reg or ranges property, but no unit name
/soc/gpu: missing or empty reg/ranges property
/soc/firmware/gpio: missing or empty reg/ranges property
...
To fix this, introduce the dedicated KERNEL_DEVICETREE_FLAGS variable to hold
dtc flags and export DTC_FLAGS in the environment before generating the dtbs
(make allows "+=" operations on variables that come from the environment, so
the warnings are silenced properly).
Signed-off-by: Ovidiu Panait
---
meta/classes/kernel-devicetree.bbclass | 7 +++
1 file changed, 7 insertions(+)
diff --git a/meta/classes/kernel-devicetree.bbclass
b/meta/classes/kernel-devicetree.bbclass
index 81dda8003f..2066096a9a 100644
--- a/meta/classes/kernel-devicetree.bbclass
+++ b/meta/classes/kernel-devicetree.bbclass
@@ -9,6 +9,9 @@ FILES_${KERNEL_PACKAGE_NAME}-image-zimage-bundle =
"/${KERNEL_IMAGEDEST}/zImage-
# Generate kernel+devicetree bundle
KERNEL_DEVICETREE_BUNDLE ?= "0"
+# dtc flags passed via DTC_FLAGS env variable
+KERNEL_DEVICETREE_FLAGS ?= ""
We should also be updating the docs with the new variable. I don't
know how well the other parts of this are documented, but the state of
the current docs shouldn't prevent this from being documented.
+
normalize_dtb () {
dtb="$1"
if echo $dtb | grep -q '/dts/'; then
@@ -50,6 +53,10 @@ do_configure_append() {
}
do_compile_append() {
+ if [ ! -z "${KERNEL_DEVICETREE_FLAGS}" ]; then
Does -n work here ? Having a positive test "does this exist ?", is
almost always easier to read / maintain than "does this not exist ?".
But someone can correct me, if there's a compatibility concern with -n
(and if so, I have a lot of scripts to change ;))
Bruce
I sent v2 for this. Also, the documentation patch:
https://lists.yoctoproject.org/g/docs/message/803
+ export DTC_FLAGS="${KERNEL_DEVICETREE_FLAGS}"
+ fi
+
for dtbf in ${KERNEL_DEVICETREE}; do
dtb=`normalize_dtb "$dtbf"`
oe_runmake $dtb CC="${KERNEL_CC} $cc_extra " LD="${KERNEL_LD}"
${KERNEL_EXTRA_ARGS}
--
2.17.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#146086):
https://lists.openembedded.org/g/openembedded-core/message/146086
Mute This Topic: https://lists.openembedded.org/mt/79146426/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH v2] kernel-devicetree: Introduce KERNEL_DTC_FLAGS to pass dtc flags
Currently DTC_FLAGS kernel makefile parameter can be specified directly on the
command line by adding it to KERNEL_EXTRA_ARGS. However, this prevents
scripts/Makefile.lib logic from appending flags that silence dtc warnings (all
assignments done from within a makefile, to a variable specified on the command
line, are ignored).
Because of this, the do_compile log is cluttered with dtc warnings that should
only be printed when compiling with W="123":
...
/soc: node has a reg or ranges property, but no unit name
/soc/gpu: missing or empty reg/ranges property
/soc/firmware/gpio: missing or empty reg/ranges property
...
To fix this, introduce the dedicated KERNEL_DTC_FLAGS variable to hold
dtc flags and export DTC_FLAGS in the environment before generating the dtbs
(make allows "+=" operations on variables that come from the environment, so
the warnings are silenced properly).
Signed-off-by: Ovidiu Panait
---
v2 updates:
- Rename KERNEL_DEVICETREE_FLAGS -> KERNEL_DTC_FLAGS
- Use "-n " instead of "! -z " inside if test
meta/classes/kernel-devicetree.bbclass | 7 +++
1 file changed, 7 insertions(+)
diff --git a/meta/classes/kernel-devicetree.bbclass
b/meta/classes/kernel-devicetree.bbclass
index 81dda8003f..d4f8864200 100644
--- a/meta/classes/kernel-devicetree.bbclass
+++ b/meta/classes/kernel-devicetree.bbclass
@@ -9,6 +9,9 @@ FILES_${KERNEL_PACKAGE_NAME}-image-zimage-bundle =
"/${KERNEL_IMAGEDEST}/zImage-
# Generate kernel+devicetree bundle
KERNEL_DEVICETREE_BUNDLE ?= "0"
+# dtc flags passed via DTC_FLAGS env variable
+KERNEL_DTC_FLAGS ?= ""
+
normalize_dtb () {
dtb="$1"
if echo $dtb | grep -q '/dts/'; then
@@ -50,6 +53,10 @@ do_configure_append() {
}
do_compile_append() {
+ if [ -n "${KERNEL_DTC_FLAGS}" ]; then
+ export DTC_FLAGS="${KERNEL_DTC_FLAGS}"
+ fi
+
for dtbf in ${KERNEL_DEVICETREE}; do
dtb=`normalize_dtb "$dtbf"`
oe_runmake $dtb CC="${KERNEL_CC} $cc_extra " LD="${KERNEL_LD}"
${KERNEL_EXTRA_ARGS}
--
2.17.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#146085):
https://lists.openembedded.org/g/openembedded-core/message/146085
Mute This Topic: https://lists.openembedded.org/mt/79179469/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] kernel-devicetree: Introduce KERNEL_DEVICETREE_FLAGS to pass dtc flags
Currently DTC_FLAGS kernel makefile parameter can be specified directly on the
command line by adding it to KERNEL_EXTRA_ARGS. However, this prevents
scripts/Makefile.lib logic from appending flags that silence dtc warnings (all
assignments done from within a makefile, to a variable specified on the command
line, are ignored).
Because of this, the do_compile log is cluttered with dtc warnings that should
only be printed when compiling with W="123":
...
/soc: node has a reg or ranges property, but no unit name
/soc/gpu: missing or empty reg/ranges property
/soc/firmware/gpio: missing or empty reg/ranges property
...
To fix this, introduce the dedicated KERNEL_DEVICETREE_FLAGS variable to hold
dtc flags and export DTC_FLAGS in the environment before generating the dtbs
(make allows "+=" operations on variables that come from the environment, so
the warnings are silenced properly).
Signed-off-by: Ovidiu Panait
---
meta/classes/kernel-devicetree.bbclass | 7 +++
1 file changed, 7 insertions(+)
diff --git a/meta/classes/kernel-devicetree.bbclass
b/meta/classes/kernel-devicetree.bbclass
index 81dda8003f..2066096a9a 100644
--- a/meta/classes/kernel-devicetree.bbclass
+++ b/meta/classes/kernel-devicetree.bbclass
@@ -9,6 +9,9 @@ FILES_${KERNEL_PACKAGE_NAME}-image-zimage-bundle =
"/${KERNEL_IMAGEDEST}/zImage-
# Generate kernel+devicetree bundle
KERNEL_DEVICETREE_BUNDLE ?= "0"
+# dtc flags passed via DTC_FLAGS env variable
+KERNEL_DEVICETREE_FLAGS ?= ""
+
normalize_dtb () {
dtb="$1"
if echo $dtb | grep -q '/dts/'; then
@@ -50,6 +53,10 @@ do_configure_append() {
}
do_compile_append() {
+ if [ ! -z "${KERNEL_DEVICETREE_FLAGS}" ]; then
+ export DTC_FLAGS="${KERNEL_DEVICETREE_FLAGS}"
+ fi
+
for dtbf in ${KERNEL_DEVICETREE}; do
dtb=`normalize_dtb "$dtbf"`
oe_runmake $dtb CC="${KERNEL_CC} $cc_extra " LD="${KERNEL_LD}"
${KERNEL_EXTRA_ARGS}
--
2.17.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#146046):
https://lists.openembedded.org/g/openembedded-core/message/146046
Mute This Topic: https://lists.openembedded.org/mt/79146426/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [dunfell][PATCH] libxml2: Fix CVE-2020-24977
GNOME project libxml2 v2.9.10 and earlier have a global Buffer Overflow
vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has
been fixed in commit 8e7c20a1 (20910-GITv2.9.10-103-g8e7c20a1).
Reference:
https://gitlab.gnome.org/GNOME/libxml2/-/issues/178
Upstream patch:
https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2
Signed-off-by: Ovidiu Panait
---
.../libxml/libxml2/CVE-2020-24977.patch | 41 +++
meta/recipes-core/libxml/libxml2_2.9.10.bb| 1 +
2 files changed, 42 insertions(+)
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2020-24977.patch
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2020-24977.patch
b/meta/recipes-core/libxml/libxml2/CVE-2020-24977.patch
new file mode 100644
index 00..8224346660
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2020-24977.patch
@@ -0,0 +1,41 @@
+From 50f06b3efb638efb0abd95dc62dca05ae67882c2 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer
+Date: Fri, 7 Aug 2020 21:54:27 +0200
+Subject: [PATCH] Fix out-of-bounds read with 'xmllint --htmlout'
+
+Make sure that truncated UTF-8 sequences don't cause an out-of-bounds
+array access.
+
+Thanks to @SuhwanSong and the Agency for Defense Development (ADD) for
+the report.
+
+Fixes #178.
+
+CVE: CVE-2020-24977
+Upstream-Status: Backport
[https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2]
+
+Signed-off-by: Ovidiu Panait
+---
+ xmllint.c | 6 ++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/xmllint.c b/xmllint.c
+index f6a8e463..c647486f 100644
+--- a/xmllint.c
b/xmllint.c
+@@ -528,6 +528,12 @@ static void
+ xmlHTMLEncodeSend(void) {
+ char *result;
+
++/*
++ * xmlEncodeEntitiesReentrant assumes valid UTF-8, but the buffer might
++ * end with a truncated UTF-8 sequence. This is a hack to at least avoid
++ * an out-of-bounds read.
++ */
++memset([sizeof(buffer)-4], 0, 4);
+ result = (char *) xmlEncodeEntitiesReentrant(NULL, BAD_CAST buffer);
+ if (result) {
+ xmlGenericError(xmlGenericErrorContext, "%s", result);
+--
+2.17.1
+
diff --git a/meta/recipes-core/libxml/libxml2_2.9.10.bb
b/meta/recipes-core/libxml/libxml2_2.9.10.bb
index 097aceb2c0..4ebfb9e556 100644
--- a/meta/recipes-core/libxml/libxml2_2.9.10.bb
+++ b/meta/recipes-core/libxml/libxml2_2.9.10.bb
@@ -22,6 +22,7 @@ SRC_URI =
"http://www.xmlsoft.org/sources/libxml2-${PV}.tar.gz;name=libtar \
file://fix-execution-of-ptests.patch \
file://CVE-2020-7595.patch \
file://CVE-2019-20388.patch \
+ file://CVE-2020-24977.patch \
"
SRC_URI[libtar.md5sum] = "10942a1dc23137a8aa07f0639cbfece5"
--
2.17.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#142355):
https://lists.openembedded.org/g/openembedded-core/message/142355
Mute This Topic: https://lists.openembedded.org/mt/76751426/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [zeus][PATCH] libxml2: Fix CVE-2020-24977
GNOME project libxml2 v2.9.10 and earlier have a global Buffer Overflow
vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has
been fixed in commit 8e7c20a1 (20910-GITv2.9.10-103-g8e7c20a1).
Reference:
https://gitlab.gnome.org/GNOME/libxml2/-/issues/178
Upstream patch:
https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2
Signed-off-by: Ovidiu Panait
---
.../libxml/libxml2/CVE-2020-24977.patch | 41 +++
meta/recipes-core/libxml/libxml2_2.9.9.bb | 1 +
2 files changed, 42 insertions(+)
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2020-24977.patch
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2020-24977.patch
b/meta/recipes-core/libxml/libxml2/CVE-2020-24977.patch
new file mode 100644
index 00..8224346660
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2020-24977.patch
@@ -0,0 +1,41 @@
+From 50f06b3efb638efb0abd95dc62dca05ae67882c2 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer
+Date: Fri, 7 Aug 2020 21:54:27 +0200
+Subject: [PATCH] Fix out-of-bounds read with 'xmllint --htmlout'
+
+Make sure that truncated UTF-8 sequences don't cause an out-of-bounds
+array access.
+
+Thanks to @SuhwanSong and the Agency for Defense Development (ADD) for
+the report.
+
+Fixes #178.
+
+CVE: CVE-2020-24977
+Upstream-Status: Backport
[https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2]
+
+Signed-off-by: Ovidiu Panait
+---
+ xmllint.c | 6 ++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/xmllint.c b/xmllint.c
+index f6a8e463..c647486f 100644
+--- a/xmllint.c
b/xmllint.c
+@@ -528,6 +528,12 @@ static void
+ xmlHTMLEncodeSend(void) {
+ char *result;
+
++/*
++ * xmlEncodeEntitiesReentrant assumes valid UTF-8, but the buffer might
++ * end with a truncated UTF-8 sequence. This is a hack to at least avoid
++ * an out-of-bounds read.
++ */
++memset([sizeof(buffer)-4], 0, 4);
+ result = (char *) xmlEncodeEntitiesReentrant(NULL, BAD_CAST buffer);
+ if (result) {
+ xmlGenericError(xmlGenericErrorContext, "%s", result);
+--
+2.17.1
+
diff --git a/meta/recipes-core/libxml/libxml2_2.9.9.bb
b/meta/recipes-core/libxml/libxml2_2.9.9.bb
index 1d898ab020..ff496ccfaf 100644
--- a/meta/recipes-core/libxml/libxml2_2.9.9.bb
+++ b/meta/recipes-core/libxml/libxml2_2.9.9.bb
@@ -23,6 +23,7 @@ SRC_URI =
"http://www.xmlsoft.org/sources/libxml2-${PV}.tar.gz;name=libtar \
file://Fix-CVE-2019-19956.patch \
file://CVE-2020-7595.patch \
file://CVE-2019-20388.patch \
+ file://CVE-2020-24977.patch \
"
SRC_URI[libtar.md5sum] = "c04a5a0a042eaa157e8e8c9eabe76bd6"
--
2.17.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#142354):
https://lists.openembedded.org/g/openembedded-core/message/142354
Mute This Topic: https://lists.openembedded.org/mt/76751423/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH] libxml2: Fix CVE-2020-24977
On 10.09.2020 03:07, Khem Raj wrote:
On 9/9/20 1:11 AM, Ovidiu Panait wrote:
GNOME project libxml2 v2.9.10 and earlier have a global Buffer Overflow
vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has
been fixed in commit 8e7c20a1 (20910-GITv2.9.10-103-g8e7c20a1).
Reference:
https://gitlab.gnome.org/GNOME/libxml2/-/issues/178
Upstream patch:
https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2
Do we need this on dunfell too ?
Yes. I will prepare patches for dunfell and zeus as well.
Ovidiu
Signed-off-by: Ovidiu Panait
---
.../libxml/libxml2/CVE-2020-24977.patch | 41 +++
meta/recipes-core/libxml/libxml2_2.9.10.bb| 1 +
2 files changed, 42 insertions(+)
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2020-24977.patch
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2020-24977.patch
b/meta/recipes-core/libxml/libxml2/CVE-2020-24977.patch
new file mode 100644
index 00..8224346660
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2020-24977.patch
@@ -0,0 +1,41 @@
+From 50f06b3efb638efb0abd95dc62dca05ae67882c2 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer
+Date: Fri, 7 Aug 2020 21:54:27 +0200
+Subject: [PATCH] Fix out-of-bounds read with 'xmllint --htmlout'
+
+Make sure that truncated UTF-8 sequences don't cause an out-of-bounds
+array access.
+
+Thanks to @SuhwanSong and the Agency for Defense Development (ADD) for
+the report.
+
+Fixes #178.
+
+CVE: CVE-2020-24977
+Upstream-Status: Backport
[https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2]
+
+Signed-off-by: Ovidiu Panait
+---
+ xmllint.c | 6 ++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/xmllint.c b/xmllint.c
+index f6a8e463..c647486f 100644
+--- a/xmllint.c
b/xmllint.c
+@@ -528,6 +528,12 @@ static void
+ xmlHTMLEncodeSend(void) {
+ char *result;
+
++/*
++ * xmlEncodeEntitiesReentrant assumes valid UTF-8, but the buffer might
++ * end with a truncated UTF-8 sequence. This is a hack to at least avoid
++ * an out-of-bounds read.
++ */
++memset([sizeof(buffer)-4], 0, 4);
+ result = (char *) xmlEncodeEntitiesReentrant(NULL, BAD_CAST buffer);
+ if (result) {
+ xmlGenericError(xmlGenericErrorContext, "%s", result);
+--
+2.17.1
+
diff --git a/meta/recipes-core/libxml/libxml2_2.9.10.bb
b/meta/recipes-core/libxml/libxml2_2.9.10.bb
index d11b083e8b..90890ffaed 100644
--- a/meta/recipes-core/libxml/libxml2_2.9.10.bb
+++ b/meta/recipes-core/libxml/libxml2_2.9.10.bb
@@ -22,6 +22,7 @@ SRC_URI =
"http://www.xmlsoft.org/sources/libxml2-${PV}.tar.gz;name=libtar \
file://fix-execution-of-ptests.patch \
file://CVE-2020-7595.patch \
file://CVE-2019-20388.patch \
+ file://CVE-2020-24977.patch \
"
SRC_URI[libtar.md5sum] = "10942a1dc23137a8aa07f0639cbfece5"
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#142353):
https://lists.openembedded.org/g/openembedded-core/message/142353
Mute This Topic: https://lists.openembedded.org/mt/76728102/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] libxml2: Fix CVE-2020-24977
GNOME project libxml2 v2.9.10 and earlier have a global Buffer Overflow
vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has
been fixed in commit 8e7c20a1 (20910-GITv2.9.10-103-g8e7c20a1).
Reference:
https://gitlab.gnome.org/GNOME/libxml2/-/issues/178
Upstream patch:
https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2
Signed-off-by: Ovidiu Panait
---
.../libxml/libxml2/CVE-2020-24977.patch | 41 +++
meta/recipes-core/libxml/libxml2_2.9.10.bb| 1 +
2 files changed, 42 insertions(+)
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2020-24977.patch
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2020-24977.patch
b/meta/recipes-core/libxml/libxml2/CVE-2020-24977.patch
new file mode 100644
index 00..8224346660
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2020-24977.patch
@@ -0,0 +1,41 @@
+From 50f06b3efb638efb0abd95dc62dca05ae67882c2 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer
+Date: Fri, 7 Aug 2020 21:54:27 +0200
+Subject: [PATCH] Fix out-of-bounds read with 'xmllint --htmlout'
+
+Make sure that truncated UTF-8 sequences don't cause an out-of-bounds
+array access.
+
+Thanks to @SuhwanSong and the Agency for Defense Development (ADD) for
+the report.
+
+Fixes #178.
+
+CVE: CVE-2020-24977
+Upstream-Status: Backport
[https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2]
+
+Signed-off-by: Ovidiu Panait
+---
+ xmllint.c | 6 ++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/xmllint.c b/xmllint.c
+index f6a8e463..c647486f 100644
+--- a/xmllint.c
b/xmllint.c
+@@ -528,6 +528,12 @@ static void
+ xmlHTMLEncodeSend(void) {
+ char *result;
+
++/*
++ * xmlEncodeEntitiesReentrant assumes valid UTF-8, but the buffer might
++ * end with a truncated UTF-8 sequence. This is a hack to at least avoid
++ * an out-of-bounds read.
++ */
++memset([sizeof(buffer)-4], 0, 4);
+ result = (char *) xmlEncodeEntitiesReentrant(NULL, BAD_CAST buffer);
+ if (result) {
+ xmlGenericError(xmlGenericErrorContext, "%s", result);
+--
+2.17.1
+
diff --git a/meta/recipes-core/libxml/libxml2_2.9.10.bb
b/meta/recipes-core/libxml/libxml2_2.9.10.bb
index d11b083e8b..90890ffaed 100644
--- a/meta/recipes-core/libxml/libxml2_2.9.10.bb
+++ b/meta/recipes-core/libxml/libxml2_2.9.10.bb
@@ -22,6 +22,7 @@ SRC_URI =
"http://www.xmlsoft.org/sources/libxml2-${PV}.tar.gz;name=libtar \
file://fix-execution-of-ptests.patch \
file://CVE-2020-7595.patch \
file://CVE-2019-20388.patch \
+ file://CVE-2020-24977.patch \
"
SRC_URI[libtar.md5sum] = "10942a1dc23137a8aa07f0639cbfece5"
--
2.17.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#142296):
https://lists.openembedded.org/g/openembedded-core/message/142296
Mute This Topic: https://lists.openembedded.org/mt/76728102/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [zeus][PATCH 1/1] nss: Fix CVE-2020-12399
Master (nss version 3.54) is not affected by this issue. This is a backport
from nss version 3.54.
NSS has shown timing differences when performing DSA signatures, which was
exploitable and could eventually leak private keys. This vulnerability affects
Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.
Upstream patch:
https://hg.mozilla.org/projects/nss/rev/daa823a4a29bcef0fec33a379ec83857429aea2e
Signed-off-by: Ovidiu Panait
---
...e-a-fixed-length-for-DSA-exponentiat.patch | 110 ++
meta/recipes-support/nss/nss_3.45.bb | 1 +
2 files changed, 111 insertions(+)
create mode 100644
meta/recipes-support/nss/nss/0001-Bug-1631576-Force-a-fixed-length-for-DSA-exponentiat.patch
diff --git
a/meta/recipes-support/nss/nss/0001-Bug-1631576-Force-a-fixed-length-for-DSA-exponentiat.patch
b/meta/recipes-support/nss/nss/0001-Bug-1631576-Force-a-fixed-length-for-DSA-exponentiat.patch
new file mode 100644
index 00..517c277ae0
--- /dev/null
+++
b/meta/recipes-support/nss/nss/0001-Bug-1631576-Force-a-fixed-length-for-DSA-exponentiat.patch
@@ -0,0 +1,110 @@
+From 5942c26888ba12ad5e0d92fb62f23d7cde6dc159 Mon Sep 17 00:00:00 2001
+From: Ovidiu Panait
+Date: Mon, 13 Jul 2020 06:25:56 +
+Subject: [PATCH] Bug 1631576 - Force a fixed length for DSA exponentiation
+ r=pereida,bbrumley
+
+Differential Revision: https://phabricator.services.mozilla.com/D72011
+
+Upstream-Status: Backport
[https://hg.mozilla.org/projects/nss/rev/daa823a4a29bcef0fec33a379ec83857429aea2e]
+
+Authored-by: Robert Relyea
+Signed-off-by: Ovidiu Panait
+---
+ nss/lib/freebl/dsa.c | 45 ++--
+ 1 file changed, 35 insertions(+), 10 deletions(-)
+
+diff --git a/nss/lib/freebl/dsa.c b/nss/lib/freebl/dsa.c
+index aef3539..389c9de 100644
+--- a/nss/lib/freebl/dsa.c
b/nss/lib/freebl/dsa.c
+@@ -313,13 +313,14 @@ DSA_NewKeyFromSeed(const PQGParams *params,
+
+ static SECStatus
+ dsa_SignDigest(DSAPrivateKey *key, SECItem *signature, const SECItem *digest,
+- const unsigned char *kb)
++ const unsigned char *kbytes)
+ {
+ mp_int p, q, g; /* PQG parameters */
+ mp_int x, k;/* private key & pseudo-random integer */
+ mp_int r, s;/* tuple (r, s) is signature) */
+ mp_int t; /* holding tmp values */
+ mp_int ar; /* holding blinding values */
++mp_digit fuzz; /* blinding multiplier for q */
+ mp_err err = MP_OKAY;
+ SECStatus rv = SECSuccess;
+ unsigned int dsa_subprime_len, dsa_signature_len, offset;
+@@ -373,6 +374,7 @@ dsa_SignDigest(DSAPrivateKey *key, SECItem *signature,
const SECItem *digest,
+ CHECK_MPI_OK(mp_init());
+ CHECK_MPI_OK(mp_init());
+ CHECK_MPI_OK(mp_init());
++
+ /*
+ ** Convert stored PQG and private key into MPI integers.
+ */
+@@ -380,14 +382,28 @@ dsa_SignDigest(DSAPrivateKey *key, SECItem *signature,
const SECItem *digest,
+ SECITEM_TO_MPINT(key->params.subPrime, );
+ SECITEM_TO_MPINT(key->params.base, );
+ SECITEM_TO_MPINT(key->privateValue, );
+-OCTETS_TO_MPINT(kb, , dsa_subprime_len);
++OCTETS_TO_MPINT(kbytes, , dsa_subprime_len);
++
++/* k blinding create a single value that has the high bit set in
++ * the mp_digit*/
++if (RNG_GenerateGlobalRandomBytes(, sizeof(mp_digit)) != SECSuccess)
{
++PORT_SetError(SEC_ERROR_NEED_RANDOM);
++rv = SECFailure;
++goto cleanup;
++}
++fuzz |= 1ULL << ((sizeof(mp_digit) * PR_BITS_PER_BYTE - 1));
+ /*
+ ** FIPS 186-1, Section 5, Step 1
+ **
+ ** r = (g**k mod p) mod q
+ */
+-CHECK_MPI_OK(mp_exptmod(, , , )); /* r = g**k mod p */
+-CHECK_MPI_OK(mp_mod(, , )); /* r = r mod q*/
++CHECK_MPI_OK(mp_mul_d(, fuzz, )); /* t = q*fuzz */
++CHECK_MPI_OK(mp_add(, , )); /* t = k+q*fuzz */
++/* length of t is now fixed, bits in k have been blinded */
++CHECK_MPI_OK(mp_exptmod(, , , )); /* r = g**t mod p */
++/* r is now g**(k+q*fuzz) == g**k mod p */
++CHECK_MPI_OK(mp_mod(, , )); /* r = r mod q*/
++
+ /*
+ ** FIPS 186-1, Section 5, Step 2
+ **
+@@ -411,15 +427,24 @@ dsa_SignDigest(DSAPrivateKey *key, SECItem *signature,
const SECItem *digest,
+ /* Using mp_invmod on k directly would leak bits from k. */
+ CHECK_MPI_OK(mp_mul(, , )); /* k = k * ar */
+ CHECK_MPI_OK(mp_mulmod(, , , )); /* k = k * t mod q */
+-CHECK_MPI_OK(mp_invmod(, , )); /* k = k**-1 mod q */
++/* k is now k*t*ar */
++CHECK_MPI_OK(mp_invmod(, , )); /* k = k**-1 mod q */
++/* k is now (k*t*ar)**-1 */
+ CHECK_MPI_OK(mp_mulmod(, , , )); /* k = k * t mod q */
+-SECITEM_TO_MPINT(localDigest, ); /* s = HASH(M) */
++/* k is now (k*ar)**-1 */
++SECITEM_TO_MPINT(localDigest, ); /* s = HASH(M) */
+ /* To avoid leaking secret bits here the addition is blinded. */
+-CHECK_MPI_OK(mp_mul(, , ));/* x =
[OE-core] [PATCH 2/2] dbus,dbus-test: Move common parts to dbus.inc
dbus and dbus-test share the same source code and base configuration options,
so factor out the common parts into dbus.inc.
This way we can eliminate the need to keep the two recipes in sync. When they
are not properly in sync (e.g. when dbus recipe has extra patches/config
options that are not duplicated in dbus-test) ptest testsuite will actually
test a slightly different codebase. This is due to the fact that dbus-test does
not run the testsuite against the system libdbus library, but instead it
generates a local libdbus.so that needs to configured/compiled as close as
possible to the system one.
Signed-off-by: Ovidiu Panait
---
meta/recipes-core/dbus/dbus-test_1.12.18.bb | 38 +---
meta/recipes-core/dbus/dbus.inc | 34 ++
meta/recipes-core/dbus/dbus_1.12.18.bb | 39 +++--
3 files changed, 47 insertions(+), 64 deletions(-)
create mode 100644 meta/recipes-core/dbus/dbus.inc
diff --git a/meta/recipes-core/dbus/dbus-test_1.12.18.bb
b/meta/recipes-core/dbus/dbus-test_1.12.18.bb
index 68fcdc847f..755c841bad 100644
--- a/meta/recipes-core/dbus/dbus-test_1.12.18.bb
+++ b/meta/recipes-core/dbus/dbus-test_1.12.18.bb
@@ -1,53 +1,31 @@
SUMMARY = "D-Bus test package (for D-bus functionality testing only)"
HOMEPAGE = "http://dbus.freedesktop.org;
SECTION = "base"
-LICENSE = "AFL-2.1 | GPLv2+"
-LIC_FILES_CHKSUM = "file://COPYING;md5=10dded3b58148f3f1fd804b26354af3e \
-
file://dbus/dbus.h;beginline=6;endline=20;md5=7755c9d7abccd5dbd25a6a974538bb3c"
-DEPENDS = "dbus glib-2.0"
+require dbus.inc
-RDEPENDS_${PN}-dev = ""
+SRC_URI += "file://run-ptest \
+file://python-config.patch \
+ "
-SRC_URI = "http://dbus.freedesktop.org/releases/dbus/dbus-${PV}.tar.gz \
- file://tmpdir.patch \
- file://run-ptest \
- file://python-config.patch \
- file://clear-guid_from_server-if-send_negotiate_unix_f.patch \
- "
+DEPENDS = "dbus glib-2.0"
-SRC_URI[md5sum] = "4ca570c281be35d0b30ab83436712242"
-SRC_URI[sha256sum] =
"64cf4d70840230e5e9bc784d153880775ab3db19d656ead8a0cb9c0ab5a95306"
+RDEPENDS_${PN}-dev = ""
S="${WORKDIR}/dbus-${PV}"
FILESEXTRAPATHS =. "${FILE_DIRNAME}/dbus:"
-inherit autotools pkgconfig gettext ptest upstream-version-is-even
+inherit ptest
-EXTRA_OECONF = "--enable-tests \
+EXTRA_OECONF += "--enable-tests \
--enable-modular-tests \
--enable-installed-tests \
--enable-checks \
--enable-asserts \
---enable-largefile \
---disable-xml-docs \
---disable-doxygen-docs \
---disable-libaudit \
--with-dbus-test-dir=${PTEST_PATH} \
--enable-embedded-tests \
"
-EXTRA_OECONF_append_class-target = " SYSTEMCTL=${base_bindir}/systemctl"
-
-PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd x11', d)}"
-PACKAGECONFIG_class-native = ""
-PACKAGECONFIG_class-nativesdk = ""
-
-PACKAGECONFIG[systemd] = "--enable-systemd
--with-systemdsystemunitdir=${systemd_system_unitdir},--disable-systemd
--without-systemdsystemunitdir,systemd"
-PACKAGECONFIG[x11] = "--with-x --enable-x11-autolaunch,--without-x
--disable-x11-autolaunch, virtual/libx11 libsm"
-PACKAGECONFIG[user-session] = "--enable-user-session
--with-systemduserunitdir=${systemd_user_unitdir},--disable-user-session"
-PACKAGECONFIG[verbose-mode] = "--enable-verbose-mode,,,"
-
do_install() {
:
}
diff --git a/meta/recipes-core/dbus/dbus.inc b/meta/recipes-core/dbus/dbus.inc
new file mode 100644
index 00..3bdb7ea4ff
--- /dev/null
+++ b/meta/recipes-core/dbus/dbus.inc
@@ -0,0 +1,34 @@
+inherit autotools pkgconfig gettext upstream-version-is-even
+
+LICENSE = "AFL-2.1 | GPLv2+"
+LIC_FILES_CHKSUM = "file://COPYING;md5=10dded3b58148f3f1fd804b26354af3e \
+
file://dbus/dbus.h;beginline=6;endline=20;md5=7755c9d7abccd5dbd25a6a974538bb3c"
+
+SRC_URI = "https://dbus.freedesktop.org/releases/dbus/dbus-${PV}.tar.gz \
+ file://tmpdir.patch \
+ file://dbus-1.init \
+ file://clear-guid_from_server-if-send_negotiate_unix_f.patch \
+"
+
+SRC_URI[md5sum] = "4ca570c281be35d0b30ab83436712242"
+SRC_URI[sha256sum] =
"64cf4d70840230e5e9bc784d153880775ab3db19d656ead8a0cb9c0ab5a95306"
+
+EXTRA_OECONF = "--disable-xml-docs \
+--disable-doxygen-docs \
+--disable-libaudit \
+--enable-largefile \
+--with-system-socket=/run/dbus/system_bus_socket \
+"
+EXTRA_OECONF_append_class-target = " SYSTEMCTL=
[OE-core] [PATCH 1/2] dbus-test: Remove EXTRA_OECONF_X configs
X specific configs are already handled through PACKAGECONFIG:
PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd x11', d)}"
...
PACKAGECONFIG[x11] = "--with-x --enable-x11-autolaunch,--without-x
--disable-x11-autolaunch, virtual/libx11 libsm"
Remove duplicated EXTRA_OECONF_X args.
Signed-off-by: Ovidiu Panait
---
meta/recipes-core/dbus/dbus-test_1.12.18.bb | 4
1 file changed, 4 deletions(-)
diff --git a/meta/recipes-core/dbus/dbus-test_1.12.18.bb
b/meta/recipes-core/dbus/dbus-test_1.12.18.bb
index 0063dcce67..68fcdc847f 100644
--- a/meta/recipes-core/dbus/dbus-test_1.12.18.bb
+++ b/meta/recipes-core/dbus/dbus-test_1.12.18.bb
@@ -24,9 +24,6 @@ FILESEXTRAPATHS =. "${FILE_DIRNAME}/dbus:"
inherit autotools pkgconfig gettext ptest upstream-version-is-even
-EXTRA_OECONF_X = "${@bb.utils.contains('DISTRO_FEATURES', 'x11', '--with-x',
'--without-x', d)}"
-EXTRA_OECONF_X_class-native = "--without-x"
-
EXTRA_OECONF = "--enable-tests \
--enable-modular-tests \
--enable-installed-tests \
@@ -37,7 +34,6 @@ EXTRA_OECONF = "--enable-tests \
--disable-doxygen-docs \
--disable-libaudit \
--with-dbus-test-dir=${PTEST_PATH} \
-${EXTRA_OECONF_X} \
--enable-embedded-tests \
"
--
2.17.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#139699):
https://lists.openembedded.org/g/openembedded-core/message/139699
Mute This Topic: https://lists.openembedded.org/mt/74987140/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH v2] lttng-tools: upgrade to 2.12.0
Upgrade lttng-tools 2.11.2 -> 2.12.0:
* drop x32 patch, as it was merged upstream
* update ptest file mi-lttng-3.0.xsd -> mi-lttng-4.0.xsd
* add local patch to fix ptest build failure on musl
* License-Update: licenses were moved under LICENSES directory and changed in
upstream commit [1]
[1]
https://github.com/lttng/lttng-tools/commit/ab5be9fa2eb5ba9600a82cd18fd3cfcbac69169a
Signed-off-by: Ovidiu Panait
---
...ents-ns-tp.h-Fix-build-with-musl-lib.patch | 43 +++
.../lttng/lttng-tools/x32.patch | 36
...-tools_2.11.2.bb => lttng-tools_2.12.0.bb} | 14 +++---
3 files changed, 50 insertions(+), 43 deletions(-)
create mode 100644
meta/recipes-kernel/lttng/lttng-tools/0001-tests-gen-ust-events-ns-tp.h-Fix-build-with-musl-lib.patch
delete mode 100644 meta/recipes-kernel/lttng/lttng-tools/x32.patch
rename meta/recipes-kernel/lttng/{lttng-tools_2.11.2.bb =>
lttng-tools_2.12.0.bb} (92%)
diff --git
a/meta/recipes-kernel/lttng/lttng-tools/0001-tests-gen-ust-events-ns-tp.h-Fix-build-with-musl-lib.patch
b/meta/recipes-kernel/lttng/lttng-tools/0001-tests-gen-ust-events-ns-tp.h-Fix-build-with-musl-lib.patch
new file mode 100644
index 00..a150d648ab
--- /dev/null
+++
b/meta/recipes-kernel/lttng/lttng-tools/0001-tests-gen-ust-events-ns-tp.h-Fix-build-with-musl-lib.patch
@@ -0,0 +1,43 @@
+From e5d94cf4882cc6516af52b794c6acb8e4d6469a3 Mon Sep 17 00:00:00 2001
+From: Ovidiu Panait
+Date: Mon, 18 May 2020 16:39:26 +0300
+Subject: [PATCH] tests: gen-ust-events-ns/tp.h: Fix build with musl libc
+
+Fix the following build error with musl libc:
+In file included from
../../../../../lttng-tools-2.12.0/tests/utils/testapp/gen-ust-events-ns/tp.h:14,
+ from
../../../../../lttng-tools-2.12.0/tests/utils/testapp/gen-ust-events-ns/tp.c:10:
+../../../../../lttng-tools-2.12.0/tests/utils/testapp/gen-ust-events-ns/tp.h:17:10:
error: unknown type name 'ino_t'; did you mean 'int8_t'?
+ 17 | TP_ARGS(ino_t, ns_ino),
+ | ^
+../../../../../lttng-tools-2.12.0/tests/utils/testapp/gen-ust-events-ns/tp.h:17:10:
error: unknown type name 'ino_t'; did you mean 'int8_t'?
+ 17 | TP_ARGS(ino_t, ns_ino),
+ | ^
+../../../../../lttng-tools-2.12.0/tests/utils/testapp/gen-ust-events-ns/./tp.h:17:2:
error: unknown type name 'ino_t'; did you mean 'int8_t'?
+ 17 | TP_ARGS(ino_t, ns_ino),
+ | ^~~
+../../../../../lttng-tools-2.12.0/tests/utils/testapp/gen-ust-events-ns/./tp.h:17:2:
error: unknown type name 'ino_t'; did you mean 'int8_t'?
+ 17 | TP_ARGS(ino_t, ns_ino),
+ | ^~~
+
+Upstream-Status: Submitted [https://github.com/lttng/lttng-tools/pull/161]
+
+Signed-off-by: Ovidiu Panait
+---
+ tests/utils/testapp/gen-ust-events-ns/tp.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/tests/utils/testapp/gen-ust-events-ns/tp.h
b/tests/utils/testapp/gen-ust-events-ns/tp.h
+index 4dbfed5..e0ddb29 100644
+--- a/tests/utils/testapp/gen-ust-events-ns/tp.h
b/tests/utils/testapp/gen-ust-events-ns/tp.h
+@@ -11,6 +11,7 @@
+ #if !defined(_TRACEPOINT_TP_H) || defined(TRACEPOINT_HEADER_MULTI_READ)
+ #define _TRACEPOINT_TP_H
+
++#include
+ #include
+
+ TRACEPOINT_EVENT(tp, tptest,
+--
+2.17.1
+
diff --git a/meta/recipes-kernel/lttng/lttng-tools/x32.patch
b/meta/recipes-kernel/lttng/lttng-tools/x32.patch
deleted file mode 100644
index 42cebf94ac..00
--- a/meta/recipes-kernel/lttng/lttng-tools/x32.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-Fix build for x32
-
-Signed-off-by: Christopher Larson
-
-Fix build error of src/common/utils.c for x32.
-
-Upstream-Status: Submitted [https://github.com/lttng/lttng-tools/pull/150]
-
-Signed-off-by: Kai Kang
-
-diff --git a/src/bin/lttng/utils.c b/src/bin/lttng/utils.c
-index 0e96ef0c..5c79c8c7 100644
a/src/bin/lttng/utils.c
-+++ b/src/bin/lttng/utils.c
-@@ -158,7 +158,7 @@ unsigned int fls_u32(uint32_t x)
- #define HAS_FLS_U32
- #endif
-
--#if defined(__x86_64)
-+#if defined(__x86_64) && !defined(__ILP32__)
- static inline
- unsigned int fls_u64(uint64_t x)
- {
-diff --git a/src/common/utils.c b/src/common/utils.c
-index 08139e5e..3c389981 100644
a/src/common/utils.c
-+++ b/src/common/utils.c
-@@ -1223,7 +1223,7 @@ static inline unsigned int fls_u32(uint32_t x)
- #define HAS_FLS_U32
- #endif
-
--#if defined(__x86_64)
-+#if defined(__x86_64) && !defined(__ILP32__)
- static inline
- unsigned int fls_u64(uint64_t x)
- {
diff --git a/meta/recipes-kernel/lttng/lttng-tools_2.11.2.bb
b/meta/recipes-kernel/lttng/lttng-tools_2.12.0.bb
similarity index 92%
rename from meta/recipes-kernel/lttng/lttng-tools_2.11.2.bb
rename to meta/recipes-kernel/lttng/lttng-tools_2.12.0.bb
index 36a19ec18d..148a7928d2 100644
--- a/meta/recipes-kernel/lttng/lttng-tools_2.11.2.bb
+++ b/meta/recipes-kernel/lttng/lttng-tools_2.12.0.bb
@@ -5,9 +5,9 @@ to extract program execution details from the Linux operating
system \
and interpret them.&quo
Re: [OE-core] [PATCH] populate_sdk_base: do not overwrite ld.so.conf in nativesdk
On 19.05.2020 07:36, Denys Dmytriyenko wrote:
From: Denys Dmytriyenko
Commit 7ec84a463ad4c45aee9cd2cbc75b43e5aab5cd18 has moved creation of ld.so.conf
from buildtools-tarball.bb to create_sdk_files() in populate_sdk_base.bbclass.
But since create_sdk_files() is an SDK_POSTPROCESS_COMMAND, creating ld.so.conf
can potentially overwrite existing file already provided by a nativesdk package.
Use append instead to avoid overwriting existing file.
Signed-off-by: Denys Dmytriyenko
---
meta/classes/populate_sdk_base.bbclass | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/classes/populate_sdk_base.bbclass
b/meta/classes/populate_sdk_base.bbclass
index 990505e..83c3448 100644
--- a/meta/classes/populate_sdk_base.bbclass
+++ b/meta/classes/populate_sdk_base.bbclass
@@ -189,7 +189,7 @@ fakeroot create_sdk_files() {
mkdir -p ${SDK_OUTPUT}/${SDKPATHNATIVE}${sysconfdir}/
echo '${SDKPATHNATIVE}${libdir_nativesdk}
${SDKPATHNATIVE}${base_libdir_nativesdk}
-include /etc/ld.so.conf' >
${SDK_OUTPUT}/${SDKPATHNATIVE}${sysconfdir}/ld.so.conf
+include /etc/ld.so.conf' >>
${SDK_OUTPUT}/${SDKPATHNATIVE}${sysconfdir}/ld.so.conf
}
Hi Denys,
With this change, in my testing (Ubuntu 18.04 server), nativesdk-gcc
would still try to link with host libraries first rather than nativesdk
ones, basically reverting the original intent of commit
7ec84a463ad4c45aee9cd2cbc75b43e5aab5cd18:
local.conf:
KERNEL_DEV_HOST_PKGS = "\
   nativesdk-openssl-dev \
   nativesdk-libelf \
   nativesdk-elfutils-dev \
   nativesdk-ncurses-terminfo-base \
   nativesdk-chrpath \
   nativesdk-tar \
   nativesdk-git \
   nativesdk-pigz \
   nativesdk-make \
   nativesdk-wget \
   nativesdk-ca-certificates \
   nativesdk-texinfo \
   nativesdk-libnss-nis \
   nativesdk-rpcsvc-proto \
   nativesdk-patch \
   nativesdk-automake \
   nativesdk-autoconf \
   nativesdk-binutils \
   nativesdk-binutils-symlinks \
   nativesdk-cpp \
   nativesdk-cpp-symlinks \
   nativesdk-gcc \
   nativesdk-gcc-symlinks \
   nativesdk-g++ \
   nativesdk-g++-symlinks \
   nativesdk-gettext \
   nativesdk-libatomic \
   nativesdk-libgcc \
   nativesdk-libstdc++ \
   nativesdk-libstdc++-dev \
   nativesdk-libtool \
   nativesdk-pkgconfig \
   nativesdk-glibc-utils \
   nativesdk-libxcrypt-dev \
"
KERNEL_DEV_HOST_PKGS_pn-uninative-tarball = ""
KERNEL_DEV_HOST_PKGS_pn-buildtools-tarball = ""
TOOLCHAIN_HOST_TASK_append = " ${KERNEL_DEV_HOST_PKGS}"
bitbake -c populate_sdk core-image-minimal
$ cat ld.so.conf
include /etc/ld.so.conf.d/*.conf
/buildarea/raid0/ovidiu/Builds/Yocto/yocto-latest/poky/build/tmp/deploy/sdk/sdk/sysroots/x86_64-pokysdk-linux/usr/lib
/buildarea/raid0/ovidiu/Builds/Yocto/yocto-latest/poky/build/tmp/deploy/sdk/sdk/sysroots/x86_64-pokysdk-linux/lib
include /etc/ld.so.conf
$ cat test.c
int main()
{
   return 0;
}
$ gcc -o test test.c -lcrypto
/buildarea/raid0/ovidiu/Builds/Yocto/yocto-latest/poky/build/tmp/deploy/sdk/sdk/sysroots/x86_64-pokysdk-linux/usr/lib/gcc/x86_64-pokysdk-linux/10.1.0/../../../../x86_64-pokysdk-linux/bin/ld:
/lib/x86_64-linux-gnu/libpthread.so.0: undefined reference to
`__libc_vfork@GLIBC_PRIVATE'
collect2: error: ld returned 1 exit status
Before this change:
$ gcc -o test test.c -lcrypto
$ echo $?
0
Also, it seems that the scenario in which the SDK provides its own
/etc/ld.so.conf and other nativesdk packages append to it did not
operate correctly even before commit
7ec84a463ad4c45aee9cd2cbc75b43e5aab5cd18, because host paths would be
appended instead of SDK paths.
Maybe we should try in create_sdk_files to prepend all existing paths
from /etc/ld.so.conf with ${SDK_OUTPUT}/${SDKPATHNATIVE} to solve this
overwrite problem?
Ovidiu
python check_sdk_sysroots() {
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#138454):
https://lists.openembedded.org/g/openembedded-core/message/138454
Mute This Topic: https://lists.openembedded.org/mt/74319242/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 3/4] lttng-tools: upgrade to 2.12.0
Upgrade lttng-tools 2.11.2 -> 2.12.0:
* drop x32 patch, as it was merged upstream
* License-Update: licenses were moved under LICENSES directory and changed in
upstream commit [1]
[1]
https://github.com/lttng/lttng-tools/commit/ab5be9fa2eb5ba9600a82cd18fd3cfcbac69169a
Signed-off-by: Ovidiu Panait
---
.../lttng/lttng-tools/x32.patch | 36 ---
...-tools_2.11.2.bb => lttng-tools_2.12.0.bb} | 11 +++---
2 files changed, 5 insertions(+), 42 deletions(-)
delete mode 100644 meta/recipes-kernel/lttng/lttng-tools/x32.patch
rename meta/recipes-kernel/lttng/{lttng-tools_2.11.2.bb =>
lttng-tools_2.12.0.bb} (94%)
diff --git a/meta/recipes-kernel/lttng/lttng-tools/x32.patch
b/meta/recipes-kernel/lttng/lttng-tools/x32.patch
deleted file mode 100644
index 42cebf94ac..00
--- a/meta/recipes-kernel/lttng/lttng-tools/x32.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-Fix build for x32
-
-Signed-off-by: Christopher Larson
-
-Fix build error of src/common/utils.c for x32.
-
-Upstream-Status: Submitted [https://github.com/lttng/lttng-tools/pull/150]
-
-Signed-off-by: Kai Kang
-
-diff --git a/src/bin/lttng/utils.c b/src/bin/lttng/utils.c
-index 0e96ef0c..5c79c8c7 100644
a/src/bin/lttng/utils.c
-+++ b/src/bin/lttng/utils.c
-@@ -158,7 +158,7 @@ unsigned int fls_u32(uint32_t x)
- #define HAS_FLS_U32
- #endif
-
--#if defined(__x86_64)
-+#if defined(__x86_64) && !defined(__ILP32__)
- static inline
- unsigned int fls_u64(uint64_t x)
- {
-diff --git a/src/common/utils.c b/src/common/utils.c
-index 08139e5e..3c389981 100644
a/src/common/utils.c
-+++ b/src/common/utils.c
-@@ -1223,7 +1223,7 @@ static inline unsigned int fls_u32(uint32_t x)
- #define HAS_FLS_U32
- #endif
-
--#if defined(__x86_64)
-+#if defined(__x86_64) && !defined(__ILP32__)
- static inline
- unsigned int fls_u64(uint64_t x)
- {
diff --git a/meta/recipes-kernel/lttng/lttng-tools_2.11.2.bb
b/meta/recipes-kernel/lttng/lttng-tools_2.12.0.bb
similarity index 94%
rename from meta/recipes-kernel/lttng/lttng-tools_2.11.2.bb
rename to meta/recipes-kernel/lttng/lttng-tools_2.12.0.bb
index 36a19ec18d..3aaf4490d6 100644
--- a/meta/recipes-kernel/lttng/lttng-tools_2.11.2.bb
+++ b/meta/recipes-kernel/lttng/lttng-tools_2.12.0.bb
@@ -5,9 +5,9 @@ to extract program execution details from the Linux operating
system \
and interpret them."
LICENSE = "GPLv2 & LGPLv2.1"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=01d7fc4496aacf37d90df90b90b0cac1 \
-file://gpl-2.0.txt;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
-file://lgpl-2.1.txt;md5=0f0d71500e6a57fd24d825f33242b9ca"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=40ef17463fbd6f377db3c47b1cbaded8 \
+
file://LICENSES/GPL-2.0;md5=e68f69a54b44ba526ad7cb963e18fbce \
+
file://LICENSES/LGPL-2.1;md5=9920968d0f2ff585ce61fae30344dd95"
DEPENDS = "liburcu popt libxml2 util-linux"
RDEPENDS_${PN} = "libgcc"
@@ -29,15 +29,14 @@ PACKAGECONFIG[manpages] = "--enable-man-pages,
--disable-man-pages, asciidoc-nat
PACKAGECONFIG_remove_arc = "lttng-ust"
SRC_URI = "https://lttng.org/files/lttng-tools/lttng-tools-${PV}.tar.bz2 \
- file://x32.patch \
file://0001-tests-do-not-strip-a-helper-library.patch \
file://run-ptest \
file://lttng-sessiond.service \
file://0001-tests-regression-disable-the-tools-live-tests.patch \
"
-SRC_URI[md5sum] = "68ed78f7fa4235477ea577e48b3cd245"
-SRC_URI[sha256sum] =
"936477305b25f65c5dd22db9161287d30a309ce868b6180857b1fd1fb5e6a56b"
+SRC_URI[md5sum] = "4592201ea981f0722438345fb1f009d2"
+SRC_URI[sha256sum] =
"405661d27617dc79a42712174a051a45c7ca12d167576c0d93f2de708ed29445"
inherit autotools ptest pkgconfig useradd python3-dir manpages systemd
--
2.17.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#138328):
https://lists.openembedded.org/g/openembedded-core/message/138328
Mute This Topic: https://lists.openembedded.org/mt/74225667/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 4/4] lttng-modules: Fix "LTTng: vmalloc_sync_all symbol lookup failed" warnings
Fix the following warnings introduced after backporting linux kernel commit [1] to stable branches: # lttng create session ... [ 483.242037] LTTng: vmalloc_sync_all symbol lookup failed. [ 483.257056] Page fault handler and NMI tracing might trigger faults. ... These patches should be dropped when a new stable 12.0 release is available. [1] https://github.com/torvalds/linux/commit/763802b53a427ed3cbd419dbba255c414fdd9e7c Signed-off-by: Ovidiu Panait --- ...l-5.7-use-vmalloc_sync_mappings-on-k.patch | 853 ++ ...per-rename-to-wrapper_vmalloc_sync_m.patch | 32 + ..._sync_mappings-on-kernel-5.6-as-well.patch | 88 ++ ...loc_sync_mappings-for-stable-kernels.patch | 67 ++ .../lttng/lttng-modules_2.12.0.bb | 4 + 5 files changed, 1044 insertions(+) create mode 100644 meta/recipes-kernel/lttng/lttng-modules/0001-Update-for-kernel-5.7-use-vmalloc_sync_mappings-on-k.patch create mode 100644 meta/recipes-kernel/lttng/lttng-modules/0002-Fix-missing-wrapper-rename-to-wrapper_vmalloc_sync_m.patch create mode 100644 meta/recipes-kernel/lttng/lttng-modules/0003-Fix-Use-vmalloc_sync_mappings-on-kernel-5.6-as-well.patch create mode 100644 meta/recipes-kernel/lttng/lttng-modules/0004-Update-Use-vmalloc_sync_mappings-for-stable-kernels.patch diff --git a/meta/recipes-kernel/lttng/lttng-modules/0001-Update-for-kernel-5.7-use-vmalloc_sync_mappings-on-k.patch b/meta/recipes-kernel/lttng/lttng-modules/0001-Update-for-kernel-5.7-use-vmalloc_sync_mappings-on-k.patch new file mode 100644 index 00..58f4d29193 --- /dev/null +++ b/meta/recipes-kernel/lttng/lttng-modules/0001-Update-for-kernel-5.7-use-vmalloc_sync_mappings-on-k.patch @@ -0,0 +1,853 @@ +From a2cc0e06330e55eefe668f7d6370de6d3177a907 Mon Sep 17 00:00:00 2001 +From: Mathieu Desnoyers +Date: Tue, 5 May 2020 13:38:31 -0400 +Subject: [PATCH] Update for kernel 5.7: use vmalloc_sync_mappings on kernels + >= 5.7 + +Upstream-Status: Backport [https://github.com/lttng/lttng-modules/commit/da0fcb1497ff2437407883647a8a0bba12bd0f91] + +Signed-off-by: Mathieu Desnoyers +Signed-off-by: Ovidiu Panait +--- + lib/ringbuffer/ring_buffer_backend.c | 4 +-- + lttng-abi.c | 4 +-- + lttng-context-callstack.c| 2 +- + lttng-context-cgroup-ns.c| 2 +- + lttng-context-cpu-id.c | 2 +- + lttng-context-egid.c | 2 +- + lttng-context-euid.c | 2 +- + lttng-context-gid.c | 2 +- + lttng-context-hostname.c | 2 +- + lttng-context-interruptible.c| 2 +- + lttng-context-ipc-ns.c | 2 +- + lttng-context-migratable.c | 2 +- + lttng-context-mnt-ns.c | 2 +- + lttng-context-need-reschedule.c | 2 +- + lttng-context-net-ns.c | 2 +- + lttng-context-nice.c | 2 +- + lttng-context-perf-counters.c| 2 +- + lttng-context-pid-ns.c | 2 +- + lttng-context-pid.c | 2 +- + lttng-context-ppid.c | 2 +- + lttng-context-preemptible.c | 2 +- + lttng-context-prio.c | 2 +- + lttng-context-procname.c | 2 +- + lttng-context-sgid.c | 2 +- + lttng-context-suid.c | 2 +- + lttng-context-tid.c | 2 +- + lttng-context-uid.c | 2 +- + lttng-context-user-ns.c | 2 +- + lttng-context-uts-ns.c | 2 +- + lttng-context-vegid.c| 2 +- + lttng-context-veuid.c| 2 +- + lttng-context-vgid.c | 2 +- + lttng-context-vpid.c | 2 +- + lttng-context-vppid.c| 2 +- + lttng-context-vsgid.c| 2 +- + lttng-context-vsuid.c| 2 +- + lttng-context-vtid.c | 2 +- + lttng-context-vuid.c | 2 +- + lttng-context.c | 2 +- + lttng-events.c | 10 +++--- + lttng-ring-buffer-client.h | 4 +-- + lttng-ring-buffer-metadata-client.h | 4 +-- + lttng-syscalls.c | 2 +- + probes/lttng-kprobes.c | 2 +- + probes/lttng-kretprobes.c| 2 +- + probes/lttng-tracepoint-event-impl.h | 4 +-- + probes/lttng-uprobes.c | 2 +- + probes/lttng.c | 2 +- + tests/probes/lttng-test.c| 2 +- + wrapper/vmalloc.h| 49 ++-- + 50 files changed, 104 insertions(+), 61 deletions(-) + +diff --git a/lib/ringbuffer/ring_buffer_backend.c b/lib/ringbuffer/ring_buffer_backend.c +index d4bec25..d232b7f 100644 +--- a/lib/ringbuffer/ring_buffer_backend.c b/lib/ringbuffer/ring_buffer_backend.c +@@ -17,7 +17,7 @@ + #include + + #include +-#include /* for wrapper_vmalloc_sync_all() */ ++#include /* for wrapper_vmalloc_sync_mappings() */ + #include + #include + #include +@@ -156,7 +156,7 @@
[OE-core] [PATCH 1/4] lttng-modules: upgrade to 2.12.0
Upgrade lttng-modules 2.11.2 -> 2.12.0.
Signed-off-by: Ovidiu Panait
---
.../{lttng-modules_2.11.2.bb => lttng-modules_2.12.0.bb} | 8
1 file changed, 4 insertions(+), 4 deletions(-)
rename meta/recipes-kernel/lttng/{lttng-modules_2.11.2.bb =>
lttng-modules_2.12.0.bb} (88%)
diff --git a/meta/recipes-kernel/lttng/lttng-modules_2.11.2.bb
b/meta/recipes-kernel/lttng/lttng-modules_2.12.0.bb
similarity index 88%
rename from meta/recipes-kernel/lttng/lttng-modules_2.11.2.bb
rename to meta/recipes-kernel/lttng/lttng-modules_2.12.0.bb
index 6fff096a37..f706f89621 100644
--- a/meta/recipes-kernel/lttng/lttng-modules_2.11.2.bb
+++ b/meta/recipes-kernel/lttng/lttng-modules_2.12.0.bb
@@ -13,8 +13,8 @@ SRC_URI =
"https://lttng.org/files/${BPN}/${BPN}-${PV}.tar.bz2 \
file://BUILD_RUNTIME_BUG_ON-vs-gcc7.patch \
"
-SRC_URI[md5sum] = "2e3bc8cfb264fa13f374618b46f170e7"
-SRC_URI[sha256sum] =
"8a42240813b8fd1d001835cd6f5ec687f7d7f3b26070d4e21604c35a51a6441d"
+SRC_URI[md5sum] = "be252df5013ea03894921d0b493c7b6c"
+SRC_URI[sha256sum] =
"efeb2ae60e96dbe9a9b342d3a80dfc7642f06a8c09686089d491ad696bb98f4d"
export INSTALL_MOD_DIR="kernel/lttng-modules"
@@ -33,11 +33,11 @@ python do_package_prepend() {
BBCLASSEXTEND = "devupstream:target"
LIC_FILES_CHKSUM_class-devupstream =
"file://LICENSE;md5=3f882d431dc0f32f1f44c0707aa41128"
DEFAULT_PREFERENCE_class-devupstream = "-1"
-SRC_URI_class-devupstream =
"git://git.lttng.org/lttng-modules;branch=stable-2.11 \
+SRC_URI_class-devupstream =
"git://git.lttng.org/lttng-modules;branch=stable-2.12 \
file://Makefile-Do-not-fail-if-CONFIG_TRACEPOINTS-is-not-en.patch \
file://BUILD_RUNTIME_BUG_ON-vs-gcc7.patch \
"
SRCREV_class-devupstream = "17c413953603f063f2a9d6c3788bec914ce6f955"
-PV_class-devupstream = "2.11.2+git${SRCPV}"
+PV_class-devupstream = "2.12.0+git${SRCPV}"
S_class-devupstream = "${WORKDIR}/git"
SRCREV_FORMAT ?= "lttng_git"
--
2.17.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#138326):
https://lists.openembedded.org/g/openembedded-core/message/138326
Mute This Topic: https://lists.openembedded.org/mt/74225657/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 2/4] lttng-ust: upgrade to 2.12.0
Upgrade lttng-ust 2.11.1 -> 2.12.0.
Signed-off-by: Ovidiu Panait
---
.../lttng/{lttng-ust_2.11.1.bb => lttng-ust_2.12.0.bb}| 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
rename meta/recipes-kernel/lttng/{lttng-ust_2.11.1.bb => lttng-ust_2.12.0.bb}
(93%)
diff --git a/meta/recipes-kernel/lttng/lttng-ust_2.11.1.bb
b/meta/recipes-kernel/lttng/lttng-ust_2.12.0.bb
similarity index 93%
rename from meta/recipes-kernel/lttng/lttng-ust_2.11.1.bb
rename to meta/recipes-kernel/lttng/lttng-ust_2.12.0.bb
index 3bd0dfad61..ad544d1b4a 100644
--- a/meta/recipes-kernel/lttng/lttng-ust_2.11.1.bb
+++ b/meta/recipes-kernel/lttng/lttng-ust_2.12.0.bb
@@ -31,8 +31,8 @@ SRC_URI =
"https://lttng.org/files/lttng-ust/lttng-ust-${PV}.tar.bz2 \
file://0001-python-lttngust-Makefile.am-Add-install-lib-to-setup.patch \
"
-SRC_URI[md5sum] = "7de04a8ff1f0a4effa09a42620ec4081"
-SRC_URI[sha256sum] =
"7fbab963d60741ffd4d8dd0a246f6cf168cdfe3b2385798bd90550f5f0bba869"
+SRC_URI[md5sum] = "3bf4a04c305271d13cf6596c4e7b9b3c"
+SRC_URI[sha256sum] =
"1983edb525f3f27e3494088d8d5389b4c71af66bbfe63c6f1df2ad95aa44a528"
CVE_PRODUCT = "ust"
--
2.17.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#138327):
https://lists.openembedded.org/g/openembedded-core/message/138327
Mute This Topic: https://lists.openembedded.org/mt/74225658/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 1/2] populate_sdk_base: Add ld.so.conf for nativesdk-binutils
Extend the functionality provided by commit [1] to the SDK as well. This way we
can make sure that nativesdk-binutils finds SDK libraries first rather than
host ones.
This is useful for example when trying to build the linux kernel using
nativesdk-gcc. This scenario currently fails because it tries to link to host
libraries rather than SDK host ones:
make x86_64_defconfig
make bzImage
...
error: Cannot generate ORC metadata for CONFIG_UNWINDER_ORC=y, please install
libelf-dev, libelf-devel or elfutils-libelf-devel
Makefile:1101: recipe for target 'prepare-objtool' failed
make: *** [prepare-objtool] Error 1
/../../../../x86_64-wrlinuxsdk-linux/bin/ld:
/lib/x86_64-linux-gnu/libpthread.so.0: undefined reference to
`__libc_vfork@GLIBC_PRIVATE'
...
[1] 15049c610b [buildtools-tarball: Add an ld.so.conf for nativesdk-binutils]
Signed-off-by: Ovidiu Panait
---
meta/classes/populate_sdk_base.bbclass | 5 +
meta/recipes-core/meta/buildtools-tarball.bb | 4
2 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/meta/classes/populate_sdk_base.bbclass
b/meta/classes/populate_sdk_base.bbclass
index ef0d8bef58..6a1ebc8c02 100644
--- a/meta/classes/populate_sdk_base.bbclass
+++ b/meta/classes/populate_sdk_base.bbclass
@@ -185,6 +185,11 @@ fakeroot create_sdk_files() {
# Escape special characters like '+' and '.' in the SDKPATH
escaped_sdkpath=$(echo ${SDKPATH} |sed -e "s:[\+\.]:\0:g")
sed -i -e "s:##DEFAULT_INSTALL_DIR##:$escaped_sdkpath:"
${SDK_OUTPUT}/${SDKPATH}/relocate_sdk.py
+
+ mkdir -p ${SDK_OUTPUT}/${SDKPATHNATIVE}${sysconfdir}/
+ echo '${SDKPATHNATIVE}${libdir}
+${SDKPATHNATIVE}${base_libdir}
+include /etc/ld.so.conf' >
${SDK_OUTPUT}/${SDKPATHNATIVE}${sysconfdir}/ld.so.conf
}
python check_sdk_sysroots() {
diff --git a/meta/recipes-core/meta/buildtools-tarball.bb
b/meta/recipes-core/meta/buildtools-tarball.bb
index 977b6a5e1d..c49802eef8 100644
--- a/meta/recipes-core/meta/buildtools-tarball.bb
+++ b/meta/recipes-core/meta/buildtools-tarball.bb
@@ -76,10 +76,6 @@ create_sdk_files_append () {
echo 'export
GIT_SSL_CAINFO="${SDKPATHNATIVE}${sysconfdir}/ssl/certs/ca-certificates.crt"'
>>$script
echo 'export
OPENSSL_CONF="${SDKPATHNATIVE}${sysconfdir}/ssl/openssl.cnf"' >>$script
- mkdir -p ${SDK_OUTPUT}/${SDKPATHNATIVE}${sysconfdir}/
- echo '${SDKPATHNATIVE}${libdir}
-${SDKPATHNATIVE}${base_libdir}
-include /etc/ld.so.conf' >
${SDK_OUTPUT}/${SDKPATHNATIVE}${sysconfdir}/ld.so.conf
if [ "${SDKMACHINE}" = "i686" ]; then
echo 'export NO32LIBS="0"' >>$script
echo 'echo "$BB_ENV_EXTRAWHITE" | grep -q "NO32LIBS"' >>$script
--
2.17.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#137566):
https://lists.openembedded.org/g/openembedded-core/message/137566
Mute This Topic: https://lists.openembedded.org/mt/73326300/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 2/2] populate_sdk_base: create_sdk_files: Use _nativesdk variants for libdir and base_libdir
Use the _nativesdk variants for libdir and base_libdir to fix the resulting
ld.so.conf paths in the SDK for systems with libdir=/lib64.
Signed-off-by: Ovidiu Panait
---
meta/classes/populate_sdk_base.bbclass | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta/classes/populate_sdk_base.bbclass
b/meta/classes/populate_sdk_base.bbclass
index 6a1ebc8c02..f85c3b9f62 100644
--- a/meta/classes/populate_sdk_base.bbclass
+++ b/meta/classes/populate_sdk_base.bbclass
@@ -187,8 +187,8 @@ fakeroot create_sdk_files() {
sed -i -e "s:##DEFAULT_INSTALL_DIR##:$escaped_sdkpath:"
${SDK_OUTPUT}/${SDKPATH}/relocate_sdk.py
mkdir -p ${SDK_OUTPUT}/${SDKPATHNATIVE}${sysconfdir}/
- echo '${SDKPATHNATIVE}${libdir}
-${SDKPATHNATIVE}${base_libdir}
+ echo '${SDKPATHNATIVE}${libdir_nativesdk}
+${SDKPATHNATIVE}${base_libdir_nativesdk}
include /etc/ld.so.conf' >
${SDK_OUTPUT}/${SDKPATHNATIVE}${sysconfdir}/ld.so.conf
}
--
2.17.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#137565):
https://lists.openembedded.org/g/openembedded-core/message/137565
Mute This Topic: https://lists.openembedded.org/mt/73326295/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] inetutils: Use alternatives to avoid manpage conflict
Fix the following manpage conflicts:
* check_data_file_clashes: Package inetutils-doc wants to install file
/usr/share/man/man1/tftp.1
But that file is already provided by package * tftp-hpa-doc
* check_data_file_clashes: Package inetutils-doc wants to install file
/usr/share/man/man8/tftpd.8
But that file is already provided by package * tftp-hpa-doc
* check_data_file_clashes: Package netkit-telnet-doc wants to install file
/usr/share/man/man8/telnetd.8
But that file is already provided by package * inetutils-doc
Signed-off-by: Ovidiu Panait
---
meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb
b/meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb
index 684fbe09e1..cc9410b94e 100644
--- a/meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb
+++ b/meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb
@@ -143,11 +143,15 @@ ALTERNATIVE_${PN}-traceroute = "traceroute"
ALTERNATIVE_${PN}-hostname = "hostname"
ALTERNATIVE_LINK_NAME[hostname] = "${base_bindir}/hostname"
-ALTERNATIVE_${PN}-doc = "hostname.1 dnsdomainname.1 logger.1 syslogd.8"
+ALTERNATIVE_${PN}-doc = "hostname.1 dnsdomainname.1 logger.1 syslogd.8 \
+ tftpd.8 tftp.1 telnetd.8"
ALTERNATIVE_LINK_NAME[hostname.1] = "${mandir}/man1/hostname.1"
ALTERNATIVE_LINK_NAME[dnsdomainname.1] = "${mandir}/man1/dnsdomainname.1"
ALTERNATIVE_LINK_NAME[logger.1] = "${mandir}/man1/logger.1"
ALTERNATIVE_LINK_NAME[syslogd.8] = "${mandir}/man8/syslogd.8"
+ALTERNATIVE_LINK_NAME[telnetd.8] = "${mandir}/man8/telnetd.8"
+ALTERNATIVE_LINK_NAME[tftpd.8] = "${mandir}/man8/tftpd.8"
+ALTERNATIVE_LINK_NAME[tftp.1] = "${mandir}/man1/tftp.1"
ALTERNATIVE_${PN}-ifconfig = "ifconfig"
ALTERNATIVE_LINK_NAME[ifconfig] = "${base_sbindir}/ifconfig"
--
2.17.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#136917):
https://lists.openembedded.org/g/openembedded-core/message/136917
Mute This Topic: https://lists.openembedded.org/mt/72695038/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 2/2] libpam: Add userdb packageconfig
Add userdb packageconfig to control the building of the pam_userdb.so module.
This depends on dbm support being compiled in for the berkley db package.
Also, remove "--with-db-uniquename=_pam" from EXTRA_OECONF. It makes the checks
for libdb fail because it searches for the wrong symbols in libdb (and libdb
was not configured with --with-uniquename=_pam option).
db.do_configure:
checking if --with-uniquename=NAME option specified... no
libpam.do_configure:
checking for db_create_pam... no
checking for db_create... no
checking for dbm_store_pam... no
checking for dbm_store... no
checking for dbm_store in -lndbm... no
Signed-off-by: Ovidiu Panait
---
meta/recipes-extended/pam/libpam_1.3.1.bb | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-extended/pam/libpam_1.3.1.bb
b/meta/recipes-extended/pam/libpam_1.3.1.bb
index ac8694ec26..bc72afe6ad 100644
--- a/meta/recipes-extended/pam/libpam_1.3.1.bb
+++ b/meta/recipes-extended/pam/libpam_1.3.1.bb
@@ -35,8 +35,7 @@ SRC_URI_append_libc-musl = "
file://0001-Add-support-for-defining-missing-funcit
DEPENDS = "bison-native flex flex-native cracklib libxml2-native virtual/crypt"
-EXTRA_OECONF = "--with-db-uniquename=_pam \
---includedir=${includedir}/security \
+EXTRA_OECONF = "--includedir=${includedir}/security \
--libdir=${base_libdir} \
--disable-nis \
--disable-regenerate-docu \
@@ -48,7 +47,9 @@ S = "${WORKDIR}/Linux-PAM-${PV}"
inherit autotools gettext pkgconfig
+PACKAGECONFIG ??= ""
PACKAGECONFIG[audit] = "--enable-audit,--disable-audit,audit,"
+PACKAGECONFIG[userdb] = "--enable-db=db,--enable-db=no,db,"
PACKAGES += "${PN}-runtime ${PN}-xtests"
FILES_${PN} = "${base_libdir}/lib*${SOLIBS}"
--
2.17.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#136795):
https://lists.openembedded.org/g/openembedded-core/message/136795
Mute This Topic: https://lists.openembedded.org/mt/72583074/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 1/2] db: Add dbm packageconfig
Add "dbm" packageconfig to enable legacy dbm support in libdb. This support is
needed to build libpam pam_userdb.so plugin.
Signed-off-by: Ovidiu Panait
---
meta/recipes-support/db/db_5.3.28.bb | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta/recipes-support/db/db_5.3.28.bb
b/meta/recipes-support/db/db_5.3.28.bb
index badb79f9ea..3a0923ae36 100644
--- a/meta/recipes-support/db/db_5.3.28.bb
+++ b/meta/recipes-support/db/db_5.3.28.bb
@@ -61,7 +61,9 @@ DB5_CONFIG ?= "--enable-o_direct --disable-cryptography
--disable-queue --disabl
EXTRA_OECONF = "${DB5_CONFIG} --enable-shared --enable-cxx --with-sysroot
STRIP=true"
+PACKAGECONFIG ??= ""
PACKAGECONFIG[verify] = "--enable-verify, --disable-verify"
+PACKAGECONFIG[dbm] = "--enable-dbm,--disable-dbm,"
EXTRA_OEMAKE += "LIBTOOL='./${HOST_SYS}-libtool'"
--
2.17.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#136796):
https://lists.openembedded.org/g/openembedded-core/message/136796
Mute This Topic: https://lists.openembedded.org/mt/72583075/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [zeus][PATCH 1/1] dhcp: Fix REQUIRE(ctx->running) assertion triggered on SIGTERM/SIGINT
Closed a small window of time between the installation of graceful
shutdown signal handlers and application context startup, during which
the receipt of shutdown signal would cause a REQUIRE() assertion to
occur. Note this issue is only visible when compiling with
ENABLE_GENTLE_SHUTDOWN defined.
Reference:
https://gitlab.isc.org/isc-projects/dhcp/issues/53
Upstream patches:
https://gitlab.isc.org/isc-projects/dhcp/commit/ce117de7a1ed3c4911b4009c1cc23fba85370a26
https://gitlab.isc.org/isc-projects/dhcp/commit/dbd36dfa82956b53683462afadfabb1b33fa3dd1
https://gitlab.isc.org/isc-projects/dhcp/commit/95944cab6035d20be270eec01254c7bb867ec705
Signed-off-by: Ovidiu Panait
---
...s-running-prior-to-calling-isc_app_c.patch | 165 ++
...ed-shutdown-log-statment-to-dhcrelay.patch | 29 +++
.../dhcp/0003-Addressed-review-comment.patch | 31
meta/recipes-connectivity/dhcp/dhcp_4.4.1.bb | 3 +
4 files changed, 228 insertions(+)
create mode 100644
meta/recipes-connectivity/dhcp/dhcp/0001-Ensure-context-is-running-prior-to-calling-isc_app_c.patch
create mode 100644
meta/recipes-connectivity/dhcp/dhcp/0002-Added-shutdown-log-statment-to-dhcrelay.patch
create mode 100644
meta/recipes-connectivity/dhcp/dhcp/0003-Addressed-review-comment.patch
diff --git
a/meta/recipes-connectivity/dhcp/dhcp/0001-Ensure-context-is-running-prior-to-calling-isc_app_c.patch
b/meta/recipes-connectivity/dhcp/dhcp/0001-Ensure-context-is-running-prior-to-calling-isc_app_c.patch
new file mode 100644
index 00..34b2ae1e5c
--- /dev/null
+++
b/meta/recipes-connectivity/dhcp/dhcp/0001-Ensure-context-is-running-prior-to-calling-isc_app_c.patch
@@ -0,0 +1,165 @@
+From f369dbb9e67eb5ef336944af63039b6d8f838384 Mon Sep 17 00:00:00 2001
+From: Thomas Markwalder
+Date: Thu, 12 Sep 2019 10:35:46 -0400
+Subject: [PATCH 1/3] Ensure context is running prior to calling
+ isc_app_ctxsuspend
+
+Add a release note.
+
+includes/omapip/isclib.h
+Added actx_running flag to global context, dhcp_gbl_ctx
+
+omapip/isclib.c
+set_ctx_running() - new function used as the ctxonrun callback
+
+dhcp_context_create() - installs set_ctx_running callback
+
+dhcp_signal_handler() - modified to use act_running flag to
+determine is context is running and should be suspended
+
+Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/dhcp.git]
+
+Signed-off-by: Ovidiu Panait
+---
+ RELNOTES | 7 +
+ includes/omapip/isclib.h | 3 ++-
+ omapip/isclib.c | 57 +---
+ 3 files changed, 57 insertions(+), 10 deletions(-)
+
+diff --git a/RELNOTES b/RELNOTES
+index f10305d..1730473 100644
+--- a/RELNOTES
b/RELNOTES
+@@ -6,6 +6,13 @@
+
+ NEW FEATURES
+
++- Closed a small window of time between the installation of graceful
++ shutdown signal handlers and application context startup, during which
++ the receipt of shutdown signal would cause a REQUIRE() assertion to
++ occur. Note this issue is only visible when compiling with
++ ENABLE_GENTLE_SHUTDOWN defined.
++ [Gitlab #53,!18 git TBD]
++
+ Please note that that ISC DHCP is now licensed under the Mozilla Public
License,
+ MPL 2.0. Please see https://www.mozilla.org/en-US/MPL/2.0/ to read the MPL 2.0
+ license terms.
+diff --git a/includes/omapip/isclib.h b/includes/omapip/isclib.h
+index 6c20584..af6a6fc 100644
+--- a/includes/omapip/isclib.h
b/includes/omapip/isclib.h
+@@ -94,7 +94,8 @@
+ typedef struct dhcp_context {
+ isc_mem_t *mctx;
+ isc_appctx_t*actx;
+- int actx_started;
++ int actx_started; // ISC_TRUE if ctxstart has been called
++ int actx_running; // ISC_TRUE if ctxrun has been called
+ isc_taskmgr_t *taskmgr;
+ isc_task_t *task;
+ isc_socketmgr_t *socketmgr;
+diff --git a/omapip/isclib.c b/omapip/isclib.c
+index ce4b4a1..73e017c 100644
+--- a/omapip/isclib.c
b/omapip/isclib.c
+@@ -134,6 +134,35 @@ handle_signal(int sig, void (*handler)(int)) {
+ }
+ }
+
++/* Callback passed to isc_app_ctxonrun
++ *
++ * BIND9 context code will invoke this handler once the context has
++ * entered the running state. We use it to set a global marker so that
++ * we can tell if the context is running. Several of the isc_app_
++ * calls REQUIRE that the context is running and we need a way to
++ * know that.
++ *
++ * We also check to see if we received a shutdown signal prior to
++ * the context entering the run state. If we did, then we can just
++ * simply shut the context down now. This closes the relatively
++ * small window between start up and entering run via the call
++ * to dispatch().
++ *
++ */
++static void
++set_ctx_running(isc_task_t *task, isc_event_t *event) {
++task = task; // unused;
++ dhcp_gbl_ctx.actx_running = ISC_TRUE;
++
++ if (shutdown_signal) {
++ // We got signaled shutdown before we entered
[OE-core] [thud][PATCH] ghostscript: Fix CVE-2019-3839
It was found that in ghostscript some privileged operators
remained accessible from various places after the CVE-2019-6116
fix. A specially crafted PostScript file could use this flaw in
order to, for example, have access to the file system outside of
the constrains imposed by -dSAFER. Ghostscript versions before
9.28 are vulnerable.
References:
https://nvd.nist.gov/vuln/detail/CVE-2019-3839
Upstream patches:
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=4ec9ca7
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=db24f25
These two commits are already present in ghostscript 9.27, so current master
is not affected.
Signed-off-by: Ovidiu Panait
---
.../ghostscript/CVE-2019-3839-0001.patch | 441 ++
.../ghostscript/CVE-2019-3839-0002.patch | 68 +++
.../ghostscript/ghostscript_9.26.bb | 2 +
3 files changed, 511 insertions(+)
create mode 100644
meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3839-0001.patch
create mode 100644
meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3839-0002.patch
diff --git
a/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3839-0001.patch
b/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3839-0001.patch
new file mode 100644
index 00..6c32ca7cc8
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3839-0001.patch
@@ -0,0 +1,441 @@
+From 07ec80d317c441a1ad9602c83c35b092e3fa1a27 Mon Sep 17 00:00:00 2001
+From: Ray Johnston
+Date: Thu, 31 Jan 2019 11:31:30 -0800
+Subject: [PATCH 1/2] Hide pdfdict and GS_PDF_ProcSet (internal stuff for the
+ PDF interp).
+
+We now keep GS_PDF_ProcSet in pdfdict, and immediately bind pdfdict
+where needed so we can undef it after the last PDF interp file has
+run (pdf_sec.ps).
+
+CVE: CVE-2019-3839
+Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git]
+
+Signed-off-by: Ovidiu Panait
+---
+ Resource/Init/pdf_base.ps | 11
+ Resource/Init/pdf_draw.ps | 59 +++
+ Resource/Init/pdf_font.ps | 9 +++---
+ Resource/Init/pdf_main.ps | 25 +
+ Resource/Init/pdf_ops.ps | 11
+ Resource/Init/pdf_sec.ps | 4 ++-
+ 6 files changed, 60 insertions(+), 59 deletions(-)
+
+diff --git a/Resource/Init/pdf_base.ps b/Resource/Init/pdf_base.ps
+index 7312729..2665197 100644
+--- a/Resource/Init/pdf_base.ps
b/Resource/Init/pdf_base.ps
+@@ -23,7 +23,6 @@
+
+ /.setlanguagelevel where { pop 2 .setlanguagelevel } if
+ .currentglobal //true .setglobal
+-/pdfdict where { pop } { /pdfdict 100 dict def } ifelse
+ pdfdict begin
+
+ % Define the name interpretation dictionary for reading values.
+@@ -130,11 +129,11 @@ currentdict /num-chars-dict .undef
+
+ /.pdfexectoken { %.pdfexectoken ?
+ PDFDEBUG {
+-pdfdict /PDFSTEPcount known not { pdfdict /PDFSTEPcount 1 .forceput }
executeonly if
++//pdfdict /PDFSTEPcount known not { //pdfdict /PDFSTEPcount 1 .forceput }
executeonly if
+ PDFSTEP {
+- pdfdict /PDFtokencount 2 copy .knownget { 1 add } { 1 } ifelse .forceput
++ //pdfdict /PDFtokencount 2 copy .knownget { 1 add } { 1 } ifelse
.forceput
+ PDFSTEPcount 1 gt {
+-pdfdict /PDFSTEPcount PDFSTEPcount 1 sub .forceput
++//pdfdict /PDFSTEPcount PDFSTEPcount 1 sub .forceput
+ } executeonly
+ {
+ dup ==only
+@@ -142,10 +141,10 @@ currentdict /num-chars-dict .undef
+ ( ? ) print flush 1 //false .outputpage
+ (%stdin) (r) file 255 string readline {
+ token {
+-exch pop pdfdict /PDFSTEPcount 3 -1 roll .forceput
++exch pop //pdfdict /PDFSTEPcount 3 -1 roll .forceput
+ } executeonly
+ {
+-pdfdict /PDFSTEPcount 1 .forceput
++//pdfdict /PDFSTEPcount 1 .forceput
+ } executeonly ifelse % token
+ } {
+ pop /PDFSTEP //false def % EOF on stdin
+diff --git a/Resource/Init/pdf_draw.ps b/Resource/Init/pdf_draw.ps
+index 40c6ac8..2b4532f 100644
+--- a/Resource/Init/pdf_draw.ps
b/Resource/Init/pdf_draw.ps
+@@ -18,8 +18,7 @@
+
+ /.setlanguagelevel where { pop 2 .setlanguagelevel } if
+ .currentglobal //true .setglobal
+-/pdfdict where { pop } { /pdfdict 100 dict def } ifelse
+-GS_PDF_ProcSet begin
++/GS_PDF_ProcSet load begin
+ pdfdict begin
+
+ % For simplicity, we use a single interpretation dictionary for all
+@@ -113,7 +112,7 @@ pdfdict begin
+
+ /resolvefunction {% resolvefunction
+ .resolvefn
+- PDFDEBUG { pdfdict /PDFSTEPcount .knownget { 1 le } { //true } ifelse {
(%Function: ) print dup === flush } if } if
++ PDFDEBUG { //pdfdict /PDFSTEPcount .knownget { 1 le } { //true } ifelse {
(%Function: ) print dup === flush } if } if
+ } bind executeonly def
+
+ /resolvefnproc { % resolvefnproc
+@@ -1073,7 +1072,7 @@ currentdict end readonly def
+ %% finished running the PaintProc.
+
+ /.actual_pdfpaintproc { % .pdfpaintproc -
+- PDFDEBUG { pdfdict
Re: [OE-core] [PATCH] grub-mkconfig: Use -c instead of --printf for stat
On 14.05.2019 00:51, Burton, Ross wrote:
This isn't OE-specific, can you try and send that upstream so we don't
carry the patch forever?
Also needs rebasing to current master.
Hi,
I have sent the patch upstream:
http://lists.gnu.org/archive/html/grub-devel/2019-05/msg00079.html
And I rebased to the current master.
Thanks,
Ovidiu
Ross
On Wed, 17 Apr 2019 at 03:52, Ovidiu Panait wrote:
"--printf" only works with the stat variant provided by coreutils.
With busybox, when running grub-mkconfig, stat will fail with the
following error:
stat: unrecognized option '--printf=%T'
Usage: stat [OPTIONS] FILE...
Signed-off-by: Ovidiu Panait
---
...fig-Use-c-instead-of-printf-for-stat.patch | 36 +++
meta/recipes-bsp/grub/grub2.inc | 1 +
2 files changed, 37 insertions(+)
create mode 100644
meta/recipes-bsp/grub/files/0001-grub-mkconfig-Use-c-instead-of-printf-for-stat.patch
diff --git
a/meta/recipes-bsp/grub/files/0001-grub-mkconfig-Use-c-instead-of-printf-for-stat.patch
b/meta/recipes-bsp/grub/files/0001-grub-mkconfig-Use-c-instead-of-printf-for-stat.patch
new file mode 100644
index 00..0700911b78
--- /dev/null
+++
b/meta/recipes-bsp/grub/files/0001-grub-mkconfig-Use-c-instead-of-printf-for-stat.patch
@@ -0,0 +1,36 @@
+From b5011ea2bc57d80b3e5a42bc308fa2000e85eab1 Mon Sep 17 00:00:00 2001
+From: Ovidiu Panait
+Date: Wed, 17 Apr 2019 12:10:28 +0300
+Subject: [PATCH] grub-mkconfig: Use -c instead of --printf for stat
+
+"--printf" only works with the stat variant provided by coreutils.
+
+With busybox, when running grub-mkconfig, stat will fail with the
+following error:
+stat: unrecognized option '--printf=%T'
+
+Usage: stat [OPTIONS] FILE...
+
+Upstream-Status: Inappropriate [OE specific]
+
+Signed-off-by: Ovidiu Panait
+---
+ util/grub-mkconfig.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in
+index f8496d2..628706d 100644
+--- a/util/grub-mkconfig.in
b/util/grub-mkconfig.in
+@@ -144,7 +144,7 @@ GRUB_DEVICE_BOOT_UUID="`${grub_probe} --device
${GRUB_DEVICE_BOOT} --target=fs_u
+ GRUB_FS="`${grub_probe} --device ${GRUB_DEVICE} --target=fs 2> /dev/null || echo
unknown`"
+
+ if [ x"$GRUB_FS" = xunknown ]; then
+-GRUB_FS="$(stat -f --printf=%T / || echo unknown)"
++GRUB_FS="$(stat -f -c %T / || echo unknown)"
+ fi
+
+ if test -f ${sysconfdir}/default/grub ; then
+--
+2.20.1
+
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index c6994723f9..a6909c31ca 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -23,6 +23,7 @@ SRC_URI = "https://ftp.gnu.org/gnu/grub/grub-${PV}.tar.gz \
file://0001-grub-setup-Debug-message-cleanup.patch \
file://disable-address-of-packed-member.patch \
file://fix.build.with.squashfs.patch \
+ file://0001-grub-mkconfig-Use-c-instead-of-printf-for-stat.patch \
"
SRC_URI[md5sum] = "1116d1f60c840e6dbd67abbc99acb45d"
SRC_URI[sha256sum] =
"660ee136fbcee08858516ed4de2ad87068bfe1b6b8b37896ce3529ff054a726d"
--
2.20.1
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] grub-mkconfig: Use -c instead of --printf for stat
"--printf" only works with the stat variant provided by coreutils.
With busybox, when running grub-mkconfig, stat will fail with the
following error:
stat: unrecognized option '--printf=%T'
Usage: stat [OPTIONS] FILE...
Signed-off-by: Ovidiu Panait
---
...fig-Use-c-instead-of-printf-for-stat.patch | 36 +++
meta/recipes-bsp/grub/grub2.inc | 1 +
2 files changed, 37 insertions(+)
create mode 100644
meta/recipes-bsp/grub/files/0001-grub-mkconfig-Use-c-instead-of-printf-for-stat.patch
diff --git
a/meta/recipes-bsp/grub/files/0001-grub-mkconfig-Use-c-instead-of-printf-for-stat.patch
b/meta/recipes-bsp/grub/files/0001-grub-mkconfig-Use-c-instead-of-printf-for-stat.patch
new file mode 100644
index 00..9acddb73c8
--- /dev/null
+++
b/meta/recipes-bsp/grub/files/0001-grub-mkconfig-Use-c-instead-of-printf-for-stat.patch
@@ -0,0 +1,36 @@
+From b5011ea2bc57d80b3e5a42bc308fa2000e85eab1 Mon Sep 17 00:00:00 2001
+From: Ovidiu Panait
+Date: Wed, 17 Apr 2019 12:10:28 +0300
+Subject: [PATCH] grub-mkconfig: Use -c instead of --printf for stat
+
+"--printf" only works with the stat variant provided by coreutils.
+
+With busybox, when running grub-mkconfig, stat will fail with the
+following error:
+stat: unrecognized option '--printf=%T'
+
+Usage: stat [OPTIONS] FILE...
+
+Upstream-Status: Submitted
[http://lists.gnu.org/archive/html/grub-devel/2019-05/msg00079.html]
+
+Signed-off-by: Ovidiu Panait
+---
+ util/grub-mkconfig.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in
+index f8496d2..628706d 100644
+--- a/util/grub-mkconfig.in
b/util/grub-mkconfig.in
+@@ -144,7 +144,7 @@ GRUB_DEVICE_BOOT_UUID="`${grub_probe} --device
${GRUB_DEVICE_BOOT} --target=fs_u
+ GRUB_FS="`${grub_probe} --device ${GRUB_DEVICE} --target=fs 2> /dev/null ||
echo unknown`"
+
+ if [ x"$GRUB_FS" = xunknown ]; then
+-GRUB_FS="$(stat -f --printf=%T / || echo unknown)"
++GRUB_FS="$(stat -f -c %T / || echo unknown)"
+ fi
+
+ if test -f ${sysconfdir}/default/grub ; then
+--
+2.20.1
+
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 7d8c280b3f..7eb9e9c491 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -20,6 +20,7 @@ SRC_URI = "https://ftp.gnu.org/gnu/grub/grub-${PV}.tar.gz \
file://gcc8.patch \
file://0001-x86-64-Treat-R_X86_64_PLT32-as-R_X86_64_PC32.patch \
file://0001-grub-setup-Debug-message-cleanup.patch \
+ file://0001-grub-mkconfig-Use-c-instead-of-printf-for-stat.patch \
"
SRC_URI[md5sum] = "1116d1f60c840e6dbd67abbc99acb45d"
SRC_URI[sha256sum] =
"660ee136fbcee08858516ed4de2ad87068bfe1b6b8b37896ce3529ff054a726d"
--
2.20.1
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] grub-mkconfig: Use -c instead of --printf for stat
"--printf" only works with the stat variant provided by coreutils.
With busybox, when running grub-mkconfig, stat will fail with the
following error:
stat: unrecognized option '--printf=%T'
Usage: stat [OPTIONS] FILE...
Signed-off-by: Ovidiu Panait
---
...fig-Use-c-instead-of-printf-for-stat.patch | 36 +++
meta/recipes-bsp/grub/grub2.inc | 1 +
2 files changed, 37 insertions(+)
create mode 100644
meta/recipes-bsp/grub/files/0001-grub-mkconfig-Use-c-instead-of-printf-for-stat.patch
diff --git
a/meta/recipes-bsp/grub/files/0001-grub-mkconfig-Use-c-instead-of-printf-for-stat.patch
b/meta/recipes-bsp/grub/files/0001-grub-mkconfig-Use-c-instead-of-printf-for-stat.patch
new file mode 100644
index 00..0700911b78
--- /dev/null
+++
b/meta/recipes-bsp/grub/files/0001-grub-mkconfig-Use-c-instead-of-printf-for-stat.patch
@@ -0,0 +1,36 @@
+From b5011ea2bc57d80b3e5a42bc308fa2000e85eab1 Mon Sep 17 00:00:00 2001
+From: Ovidiu Panait
+Date: Wed, 17 Apr 2019 12:10:28 +0300
+Subject: [PATCH] grub-mkconfig: Use -c instead of --printf for stat
+
+"--printf" only works with the stat variant provided by coreutils.
+
+With busybox, when running grub-mkconfig, stat will fail with the
+following error:
+stat: unrecognized option '--printf=%T'
+
+Usage: stat [OPTIONS] FILE...
+
+Upstream-Status: Inappropriate [OE specific]
+
+Signed-off-by: Ovidiu Panait
+---
+ util/grub-mkconfig.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in
+index f8496d2..628706d 100644
+--- a/util/grub-mkconfig.in
b/util/grub-mkconfig.in
+@@ -144,7 +144,7 @@ GRUB_DEVICE_BOOT_UUID="`${grub_probe} --device
${GRUB_DEVICE_BOOT} --target=fs_u
+ GRUB_FS="`${grub_probe} --device ${GRUB_DEVICE} --target=fs 2> /dev/null ||
echo unknown`"
+
+ if [ x"$GRUB_FS" = xunknown ]; then
+-GRUB_FS="$(stat -f --printf=%T / || echo unknown)"
++GRUB_FS="$(stat -f -c %T / || echo unknown)"
+ fi
+
+ if test -f ${sysconfdir}/default/grub ; then
+--
+2.20.1
+
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index c6994723f9..a6909c31ca 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -23,6 +23,7 @@ SRC_URI = "https://ftp.gnu.org/gnu/grub/grub-${PV}.tar.gz \
file://0001-grub-setup-Debug-message-cleanup.patch \
file://disable-address-of-packed-member.patch \
file://fix.build.with.squashfs.patch \
+ file://0001-grub-mkconfig-Use-c-instead-of-printf-for-stat.patch \
"
SRC_URI[md5sum] = "1116d1f60c840e6dbd67abbc99acb45d"
SRC_URI[sha256sum] =
"660ee136fbcee08858516ed4de2ad87068bfe1b6b8b37896ce3529ff054a726d"
--
2.20.1
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] ghostscript: Fix 3 CVEs
It was discovered that the ghostscript /invalidaccess checks fail under certain conditions. An attacker could possibly exploit this to bypass the -dSAFER protection and, for example, execute arbitrary shell commands via a specially crafted PostScript document. It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. References: https://nvd.nist.gov/vuln/detail/CVE-2019-6116 https://www.openwall.com/lists/oss-security/2019/01/23/5 https://nvd.nist.gov/vuln/detail/CVE-2019-3835 https://nvd.nist.gov/vuln/detail/CVE-2019-3838 Upstream patches: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=13b0a36 http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2db98f9 http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=99f1309 http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=59d8f4d http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2768d1a http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=49c8092 http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2ff600a http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=779664d http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=e8acf6d http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2055917 http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d683d1e http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=ed9fcd9 http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a82601e Signed-off-by: Ovidiu Panait --- .../ghostscript/CVE-2019-3835-0001.patch | 99 +++ .../ghostscript/CVE-2019-3835-0002.patch | 71 +++ .../ghostscript/CVE-2019-3835-0003.patch | 295 + .../ghostscript/CVE-2019-3835-0004.patch | 167 + .../ghostscript/CVE-2019-3838-0001.patch | 34 + .../ghostscript/CVE-2019-3838-0002.patch | 30 + .../ghostscript/CVE-2019-6116-0001.patch | 177 ++ .../ghostscript/CVE-2019-6116-0002.patch | 442 + .../ghostscript/CVE-2019-6116-0003.patch | 32 + .../ghostscript/CVE-2019-6116-0004.patch | 136 .../ghostscript/CVE-2019-6116-0005.patch | 250 .../ghostscript/CVE-2019-6116-0006.patch | 596 ++ .../ghostscript/CVE-2019-6116-0007.patch | 346 ++ .../ghostscript/ghostscript_9.26.bb | 13 + 14 files changed, 2688 insertions(+) create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0001.patch create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0002.patch create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0003.patch create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0004.patch create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3838-0001.patch create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3838-0002.patch create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0001.patch create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0002.patch create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0003.patch create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0004.patch create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0005.patch create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0006.patch create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0007.patch diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0001.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0001.patch new file mode 100644 index 00..30ce04a7b1 --- /dev/null +++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0001.patch @@ -0,0 +1,99 @@ +From ad3ad6b389653722507e588c5cb34d8731e49e89 Mon Sep 17 00:00:00 2001 +From: Chris Liddell +Date: Mon, 26 Nov 2018 18:01:25 + +Subject: [PATCH] Have gs_cet.ps run from gs_init.ps + +Previously gs_cet.ps was run on the command line, to set up the interpreter +state so our output more closely matches the example output for the QL CET +tests. + +Allow a -dCETMODE command line switch, which will cause gs_init.ps to run the +file directly. + +This works better for gpdl as it means the changes are made in the intial +interpreter state, rather than after initialisation is complete. + +This also means adding a definition of the default procedure for black +generation
[OE-core] [PATCH] xf86-video-vesa: Refuse to run on UEFI machines
Fix the following Xorg start failure on UEFI machines when using xf86-video-vesa
driver (e.g. in qemu, when anaconda tries to start X):
Xorg -br -logfile /tmp/X.log :1 vt7 -s 1440 -ac -nolisten tcp -dpi 96 -noreset
...
(EE) Cannot run in framebuffer mode. Please specify busIDs for all framebuffer
devices
...
Upstream patch:
https://cgit.freedesktop.org/xorg/driver/xf86-video-vesa/commit/?id=2645e0aa9c17c2c966a0533e52ad00510311483e
Signed-off-by: Ovidiu Panait
---
.../0001-Refuse-to-run-on-UEFI-machines.patch | 52 +++
.../xorg-driver/xf86-video-vesa_2.4.0.bb | 4 ++
2 files changed, 56 insertions(+)
create mode 100644
meta/recipes-graphics/xorg-driver/xf86-video-vesa/0001-Refuse-to-run-on-UEFI-machines.patch
diff --git
a/meta/recipes-graphics/xorg-driver/xf86-video-vesa/0001-Refuse-to-run-on-UEFI-machines.patch
b/meta/recipes-graphics/xorg-driver/xf86-video-vesa/0001-Refuse-to-run-on-UEFI-machines.patch
new file mode 100644
index 00..9e01770667
--- /dev/null
+++
b/meta/recipes-graphics/xorg-driver/xf86-video-vesa/0001-Refuse-to-run-on-UEFI-machines.patch
@@ -0,0 +1,52 @@
+From 2645e0aa9c17c2c966a0533e52ad00510311483e Mon Sep 17 00:00:00 2001
+From: Adam Jackson
+Date: Wed, 29 Aug 2018 11:04:23 -0400
+Subject: [PATCH] Refuse to run on UEFI machines
+
+No possible good can come of this.
+
+v2: Check for .../efi-framebuffer.0 ("is there an EFI framebuffer")
+instead of /sys/firmware/efi ("is this an EFI machine"). Suggested by
+Peter Jones.
+
+Upstream-Status: Backport
[https://gitlab.freedesktop.org/xorg/driver/xf86-video-vesa]
+
+Reviewed-by: Peter Jones
+Signed-off-by: Adam Jackson
+Signed-off-by: Ovidiu Panait
+---
+ src/vesa.c | 11 +--
+ 1 file changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/src/vesa.c b/src/vesa.c
+index 9b65b9b..af750e2 100644
+--- a/src/vesa.c
b/src/vesa.c
+@@ -43,7 +43,7 @@
+ #endif
+
+ #include
+-
++#include
+ #include "vesa.h"
+
+ /* All drivers initialising the SW cursor need this */
+@@ -450,7 +450,14 @@ VESAPciProbe(DriverPtr drv, int entity_num, struct
pci_device *dev,
+intptr_t match_data)
+ {
+ ScrnInfoPtr pScrn;
+-
++
++#ifdef __linux__
++if (access("/sys/devices/platform/efi-framebuffer.0", F_OK) == 0) {
++ErrorF("vesa: Refusing to run on UEFI\n");
++return FALSE;
++}
++#endif
++
+ pScrn = xf86ConfigPciEntity(NULL, 0, entity_num, NULL,
+ NULL, NULL, NULL, NULL, NULL);
+ if (pScrn != NULL) {
+--
+2.20.1
+
diff --git a/meta/recipes-graphics/xorg-driver/xf86-video-vesa_2.4.0.bb
b/meta/recipes-graphics/xorg-driver/xf86-video-vesa_2.4.0.bb
index 9a110148d8..f6aa54456c 100644
--- a/meta/recipes-graphics/xorg-driver/xf86-video-vesa_2.4.0.bb
+++ b/meta/recipes-graphics/xorg-driver/xf86-video-vesa_2.4.0.bb
@@ -17,3 +17,7 @@ RRECOMMENDS_${PN} += "xserver-xorg-module-libint10"
SRC_URI[md5sum] = "8134201beaf6f77150c7809c3cc802e6"
SRC_URI[sha256sum] =
"bf443c94d7bf6cd4e248f8a3147f4647be04dc4c80250d9405006263bbdee38c"
+
+SRC_URI += " \
+file://0001-Refuse-to-run-on-UEFI-machines.patch \
+"
--
2.20.1
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [thud][PATCH] ghostscript: Fix CVE-2019-3835 and CVE-2019-3838
On 03.04.2019 16:34, Burton, Ross wrote:
Have all of these been resolved in master?
Ross
No, these have not been resolved in master. Ghostscript version on
master is 9.26 and the fixes come from 9.27, which hasn't been released yet.
I only sent them for thud since I remember that on master is preferred
to upgrade to a newer version when it's available instead of backporting
fixes.
Ovidiu
On Wed, 3 Apr 2019 at 13:39, Ovidiu Panait wrote:
It was found that the superexec operator was available in the internal
dictionary in ghostscript before 9.27. A specially crafted PostScript
file could use this flaw in order to, for example, have access to the
file system outside of the constrains imposed by -dSAFER.
It was found that the forceput operator could be extracted from the
DefineResource method in ghostscript before 9.27. A specially crafted
PostScript file could use this flaw in order to, for example, have
access to the file system outside of the constrains imposed by -dSAFER.
References:
https://nvd.nist.gov/vuln/detail/CVE-2019-3835
https://nvd.nist.gov/vuln/detail/CVE-2019-3838
Upstream patches:
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=779664d
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=e8acf6d
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2055917
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d683d1e
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=ed9fcd9
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a82601e
Signed-off-by: Ovidiu Panait
---
.../ghostscript/CVE-2019-3835-0001.patch | 99 ++
.../ghostscript/CVE-2019-3835-0002.patch | 71 +
.../ghostscript/CVE-2019-3835-0003.patch | 295 ++
.../ghostscript/CVE-2019-3835-0004.patch | 167 ++
.../ghostscript/CVE-2019-3838-0001.patch | 34 ++
.../ghostscript/CVE-2019-3838-0002.patch | 30 ++
.../ghostscript/ghostscript_9.26.bb | 6 +
7 files changed, 702 insertions(+)
create mode 100644
meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0001.patch
create mode 100644
meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0002.patch
create mode 100644
meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0003.patch
create mode 100644
meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0004.patch
create mode 100644
meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3838-0001.patch
create mode 100644
meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3838-0002.patch
diff --git
a/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0001.patch
b/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0001.patch
new file mode 100644
index 00..30ce04a7b1
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0001.patch
@@ -0,0 +1,99 @@
+From ad3ad6b389653722507e588c5cb34d8731e49e89 Mon Sep 17 00:00:00 2001
+From: Chris Liddell
+Date: Mon, 26 Nov 2018 18:01:25 +
+Subject: [PATCH] Have gs_cet.ps run from gs_init.ps
+
+Previously gs_cet.ps was run on the command line, to set up the interpreter
+state so our output more closely matches the example output for the QL CET
+tests.
+
+Allow a -dCETMODE command line switch, which will cause gs_init.ps to run the
+file directly.
+
+This works better for gpdl as it means the changes are made in the intial
+interpreter state, rather than after initialisation is complete.
+
+This also means adding a definition of the default procedure for black
+generation and under color removal (rather it being defined in-line in
+.setdefaultbgucr
+
+Also, add a check so gs_cet.ps only runs once - if we try to run it a second
+time, we'll just skip over the file, flushing through to the end.
+
+CVE: CVE-2019-3835
+Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git]
+
+Signed-off-by: Ovidiu Panait
+---
+ Resource/Init/gs_cet.ps | 11 ++-
+ Resource/Init/gs_init.ps | 13 -
+ 2 files changed, 22 insertions(+), 2 deletions(-)
+
+diff --git a/Resource/Init/gs_cet.ps b/Resource/Init/gs_cet.ps
+index d3e1686..75534bb 100644
+--- a/Resource/Init/gs_cet.ps
b/Resource/Init/gs_cet.ps
+@@ -1,6 +1,11 @@
+ %!PS
+ % Set defaults for Ghostscript to match Adobe CPSI behaviour for CET
+
++systemdict /product get (PhotoPRINT SE 5.0v2) readonly eq
++{
++ (%END GS_CET) .skipeof
++} if
++
+ % do this in the server level so it is persistent across jobs
+ //true 0 startjob not {
+ (*** Warning: CET startup is not in server default) = flush
+@@ -25,7 +30,9 @@ currentglobal //true setglobal
+
+ /UNROLLFORMS true def
+
+-{ } bind dup
++(%.defaultbgrucrproc) cvn { } bind def
++
++(%.defaultbgrucrproc) cvn load dup
+ setblackgeneration
+ setundercolorremoval
+ 0 array cvx readonly dup dup dup setcolortransfer
+@@ -109,3 +116,5 @@ userdict /.smoothness currentsmoothness put
+ % end of slightly nasty hack to give consistent cluster results
[OE-core] [thud][PATCH] ghostscript: Fix CVE-2019-3835 and CVE-2019-3838
It was found that the superexec operator was available in the internal
dictionary in ghostscript before 9.27. A specially crafted PostScript
file could use this flaw in order to, for example, have access to the
file system outside of the constrains imposed by -dSAFER.
It was found that the forceput operator could be extracted from the
DefineResource method in ghostscript before 9.27. A specially crafted
PostScript file could use this flaw in order to, for example, have
access to the file system outside of the constrains imposed by -dSAFER.
References:
https://nvd.nist.gov/vuln/detail/CVE-2019-3835
https://nvd.nist.gov/vuln/detail/CVE-2019-3838
Upstream patches:
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=779664d
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=e8acf6d
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2055917
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d683d1e
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=ed9fcd9
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a82601e
Signed-off-by: Ovidiu Panait
---
.../ghostscript/CVE-2019-3835-0001.patch | 99 ++
.../ghostscript/CVE-2019-3835-0002.patch | 71 +
.../ghostscript/CVE-2019-3835-0003.patch | 295 ++
.../ghostscript/CVE-2019-3835-0004.patch | 167 ++
.../ghostscript/CVE-2019-3838-0001.patch | 34 ++
.../ghostscript/CVE-2019-3838-0002.patch | 30 ++
.../ghostscript/ghostscript_9.26.bb | 6 +
7 files changed, 702 insertions(+)
create mode 100644
meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0001.patch
create mode 100644
meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0002.patch
create mode 100644
meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0003.patch
create mode 100644
meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0004.patch
create mode 100644
meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3838-0001.patch
create mode 100644
meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3838-0002.patch
diff --git
a/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0001.patch
b/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0001.patch
new file mode 100644
index 00..30ce04a7b1
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0001.patch
@@ -0,0 +1,99 @@
+From ad3ad6b389653722507e588c5cb34d8731e49e89 Mon Sep 17 00:00:00 2001
+From: Chris Liddell
+Date: Mon, 26 Nov 2018 18:01:25 +
+Subject: [PATCH] Have gs_cet.ps run from gs_init.ps
+
+Previously gs_cet.ps was run on the command line, to set up the interpreter
+state so our output more closely matches the example output for the QL CET
+tests.
+
+Allow a -dCETMODE command line switch, which will cause gs_init.ps to run the
+file directly.
+
+This works better for gpdl as it means the changes are made in the intial
+interpreter state, rather than after initialisation is complete.
+
+This also means adding a definition of the default procedure for black
+generation and under color removal (rather it being defined in-line in
+.setdefaultbgucr
+
+Also, add a check so gs_cet.ps only runs once - if we try to run it a second
+time, we'll just skip over the file, flushing through to the end.
+
+CVE: CVE-2019-3835
+Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git]
+
+Signed-off-by: Ovidiu Panait
+---
+ Resource/Init/gs_cet.ps | 11 ++-
+ Resource/Init/gs_init.ps | 13 -
+ 2 files changed, 22 insertions(+), 2 deletions(-)
+
+diff --git a/Resource/Init/gs_cet.ps b/Resource/Init/gs_cet.ps
+index d3e1686..75534bb 100644
+--- a/Resource/Init/gs_cet.ps
b/Resource/Init/gs_cet.ps
+@@ -1,6 +1,11 @@
+ %!PS
+ % Set defaults for Ghostscript to match Adobe CPSI behaviour for CET
+
++systemdict /product get (PhotoPRINT SE 5.0v2) readonly eq
++{
++ (%END GS_CET) .skipeof
++} if
++
+ % do this in the server level so it is persistent across jobs
+ //true 0 startjob not {
+ (*** Warning: CET startup is not in server default) = flush
+@@ -25,7 +30,9 @@ currentglobal //true setglobal
+
+ /UNROLLFORMS true def
+
+-{ } bind dup
++(%.defaultbgrucrproc) cvn { } bind def
++
++(%.defaultbgrucrproc) cvn load dup
+ setblackgeneration
+ setundercolorremoval
+ 0 array cvx readonly dup dup dup setcolortransfer
+@@ -109,3 +116,5 @@ userdict /.smoothness currentsmoothness put
+ % end of slightly nasty hack to give consistent cluster results
+
+ //false 0 startjob pop% re-enter encapsulated mode
++
++%END GS_CET
+diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps
+index 45bebf4..e6b9cd2 100644
+--- a/Resource/Init/gs_init.ps
b/Resource/Init/gs_init.ps
+@@ -1538,10 +1538,18 @@ setpacking
+ % any-part-of-pixel rule.
+ 0.5 .setfilladjust
+ } bind def
++
+ % Set the default screen and BG/UCR.
++% We define the proc here, rather than inline in .setdefaultbgucr
[OE-core] [PATCH] openssl: Add cryptodev-linux PACKAGECONFIG
The old bsd cryptodev engine was removed in
https://github.com/openssl/openssl/pull/3699
and the new one added in:
https://github.com/openssl/openssl/pull/3744
It can be enabled by configuring with "enable-devcryptoeng".
Signed-off-by: Ovidiu Panait
---
meta/recipes-connectivity/openssl/openssl_1.1.1a.bb | 6 ++
1 file changed, 6 insertions(+)
diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1a.bb
b/meta/recipes-connectivity/openssl/openssl_1.1.1a.bb
index 02fd66910e..4a626a4fcd 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.1.1a.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.1.1a.bb
@@ -28,6 +28,12 @@ SRC_URI[sha256sum] =
"fc20130f8b7cbd2fb918b2f14e2f429e109c31ddd0fb38fc5d71d9ffed
inherit lib_package multilib_header ptest
+PACKAGECONFIG ?= ""
+PACKAGECONFIG_class-native = ""
+PACKAGECONFIG_class-nativesdk = ""
+
+PACKAGECONFIG[cryptodev-linux] =
"enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux"
+
B = "${WORKDIR}/build"
do_configure[cleandirs] = "${B}"
--
2.20.1
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [thud][PATCH] ghostscript: Fix CVE-2019-6116
It was discovered that the ghostscript /invalidaccess checks fail under
certain conditions. An attacker could possibly exploit this to bypass
the -dSAFER protection and, for example, execute arbitrary shell commands
via a specially crafted PostScript document.
Reference:
https://www.openwall.com/lists/oss-security/2019/01/23/5
Upstream patches:
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=13b0a36f8181db66a91bcc8cea139998b53a8996
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2db98f9c66135601efb103d8db7d020a672308db
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=99f13091a3f309bdc95d275ea9fec10bb9f42d9a
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=59d8f4deef90c1598ff50616519d5576756b4495
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2768d1a6dddb83f5c061207a7ed2813999c1b5c9
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=49c8092da88ef6bb0aa281fe294ae0925a44b5b9
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2ff600a3c4fc169e7c6c1e83874a6bf63a6fb42b
Signed-off-by: Ovidiu Panait
---
.../ghostscript/CVE-2019-6116-0001.patch | 177 ++
.../ghostscript/CVE-2019-6116-0002.patch | 442 +
.../ghostscript/CVE-2019-6116-0003.patch | 32 +
.../ghostscript/CVE-2019-6116-0004.patch | 136
.../ghostscript/CVE-2019-6116-0005.patch | 250
.../ghostscript/CVE-2019-6116-0006.patch | 596 ++
.../ghostscript/CVE-2019-6116-0007.patch | 346 ++
.../ghostscript/ghostscript_9.26.bb | 7 +
8 files changed, 1986 insertions(+)
create mode 100644
meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0001.patch
create mode 100644
meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0002.patch
create mode 100644
meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0003.patch
create mode 100644
meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0004.patch
create mode 100644
meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0005.patch
create mode 100644
meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0006.patch
create mode 100644
meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0007.patch
diff --git
a/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0001.patch
b/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0001.patch
new file mode 100644
index 00..b2c1ade4be
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0001.patch
@@ -0,0 +1,177 @@
+From c8c77690199b677f70093824382f0881e643e17b Mon Sep 17 00:00:00 2001
+From: Chris Liddell
+Date: Wed, 5 Dec 2018 12:22:13 +
+Subject: [PATCH 1/7] Sanitize op stack for error conditions
+
+We save the stacks to an array and store the array for the error handler to
+access.
+
+For SAFER, we traverse the array, and deep copy any op arrays (procedures). As
+we make these copies, we check for operators that do *not* exist in systemdict,
+when we find one, we replace the operator with a name object (of the form
+"/--opname--").
+
+CVE: CVE-2019-6116
+Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git]
+
+Signed-off-by: Ovidiu Panait
+---
+ psi/int.mak | 3 +-
+ psi/interp.c | 8 ++
+ psi/istack.c | 78
+ psi/istack.h | 3 ++
+ 4 files changed, 91 insertions(+), 1 deletion(-)
+
+diff --git a/psi/int.mak b/psi/int.mak
+index 6ab5bf0..6b349cb 100644
+--- a/psi/int.mak
b/psi/int.mak
+@@ -204,7 +204,8 @@ $(PSOBJ)iparam.$(OBJ) : $(PSSRC)iparam.c $(GH)\
+ $(PSOBJ)istack.$(OBJ) : $(PSSRC)istack.c $(GH) $(memory__h)\
+ $(ierrors_h) $(gsstruct_h) $(gsutil_h)\
+ $(ialloc_h) $(istack_h) $(istkparm_h) $(istruct_h) $(iutil_h) $(ivmspace_h)\
+- $(store_h) $(INT_MAK) $(MAKEDIRS)
++ $(store_h) $(icstate_h) $(iname_h) $(dstack_h) $(idict_h) \
++ $(INT_MAK) $(MAKEDIRS)
+ $(PSCC) $(PSO_)istack.$(OBJ) $(C_) $(PSSRC)istack.c
+
+ $(PSOBJ)iutil.$(OBJ) : $(PSSRC)iutil.c $(GH) $(math__h) $(memory__h)
$(string__h)\
+diff --git a/psi/interp.c b/psi/interp.c
+index 6dc0dda..aa5779c 100644
+--- a/psi/interp.c
b/psi/interp.c
+@@ -761,6 +761,7 @@ copy_stack(i_ctx_t *i_ctx_p, const ref_stack_t * pstack,
int skip, ref * arr)
+ uint size = ref_stack_count(pstack) - skip;
+ uint save_space = ialloc_space(idmemory);
+ int code, i;
++ref *safety, *safe;
+
+ if (size > 65535)
+ size = 65535;
+@@ -778,6 +779,13 @@ copy_stack(i_ctx_t *i_ctx_p, const ref_stack_t * pstack,
int skip, ref * arr)
+ make_null(>value.refs[i]);
+ }
+ }
++if (pstack == _stack && dict_find_string(systemdict, "SAFETY", )
> 0 &&
++dict_find_string(safety, "safe", ) > 0 && r_has_type(safe,
t_boolean) &&
++safe->value.boolval == true) {
++code = ref_stack_array_sanitize(i_ctx_p, arr, arr);
++
[OE-core] [PATCH 1/1] sysprof: inherit gsettings
Fix the following error when launching sysprof: $ sysprof GLib-GIO-ERROR **: Settings schema 'org.gnome.sysprof2' is not installed Signed-off-by: Ovidiu Panait --- meta/recipes-kernel/sysprof/sysprof_3.30.2.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-kernel/sysprof/sysprof_3.30.2.bb b/meta/recipes-kernel/sysprof/sysprof_3.30.2.bb index 866642cd1e..27f37f808e 100644 --- a/meta/recipes-kernel/sysprof/sysprof_3.30.2.bb +++ b/meta/recipes-kernel/sysprof/sysprof_3.30.2.bb @@ -5,7 +5,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504 \ file://src/sp-application.c;endline=17;md5=40e55577ef122c88fe20052acda64875" GNOMEBASEBUILDCLASS = "meson" -inherit gnomebase gettext systemd upstream-version-is-even +inherit gnomebase gettext systemd upstream-version-is-even gsettings DEPENDS = "glib-2.0 libxml2-native glib-2.0-native" -- 2.20.1 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [thud][PATCH] ghostscript: Fix CVE-2018-19134 and CVE-2018-19478
In Artifex Ghostscript through 9.25, the setpattern operator did not properly
validate certain types. A specially crafted PostScript document could exploit
this to crash Ghostscript or, possibly, execute arbitrary code in the context
of the Ghostscript process. This is a type confusion issue because of failure
to check whether the Implementation of a pattern dictionary was a structure
type.
In Artifex Ghostscript before 9.26, a carefully crafted PDF file can trigger
an extremely long running computation when parsing the file.
References:
https://nvd.nist.gov/vuln/detail/CVE-2018-19134
https://nvd.nist.gov/vuln/detail/CVE-2018-19478
Upstream patches:
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=693baf0
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=0a7e5a1
Signed-off-by: Ovidiu Panait
---
.../ghostscript/CVE-2018-19134.patch | 158 ++
.../ghostscript/CVE-2018-19478.patch | 78 +
.../ghostscript/ghostscript_9.25.bb | 2 +
3 files changed, 238 insertions(+)
create mode 100644
meta/recipes-extended/ghostscript/ghostscript/CVE-2018-19134.patch
create mode 100644
meta/recipes-extended/ghostscript/ghostscript/CVE-2018-19478.patch
diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2018-19134.patch
b/meta/recipes-extended/ghostscript/ghostscript/CVE-2018-19134.patch
new file mode 100644
index 00..d32415a32c
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2018-19134.patch
@@ -0,0 +1,158 @@
+From 693baf02152119af6e6afd30bb8ec76d14f84bbf Mon Sep 17 00:00:00 2001
+From: Ken Sharp
+Date: Thu, 8 Nov 2018 14:43:32 +
+Subject: [PATCH] PS interpreter - check the Implementation of a Pattern before
+ use
+
+Bug #700141 "Type confusion in setpattern"
+
+As the bug thread says, we were not checking that the Implementation
+of a pattern dictionary was a structure type, leading to a crash when
+we tried to treat it as one.
+
+Here we make the st_pattern1_instance and st_pattern2_instance
+structures public definitions and in zsetcolor we check the object
+stored under the Implementation key in the supplied dictionary to see if
+its a t_struct or t_astruct type, and if it is that its a
+st_pattern1_instance or st_pattern2_instance structure.
+
+If either check fails we throw a typecheck error.
+
+We need to make the st_pattern1_instance and st_pattern2_instance
+definitions public as they are defined in the graphics library and we
+need to check in the interpreter.
+
+CVE: CVE-2018-19134
+Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git]
+
+Signed-off-by: Ovidiu Panait
+---
+ base/gsptype1.c | 2 +-
+ base/gsptype2.c | 6 +++---
+ base/gsptype2.h | 4 ++--
+ base/gxcolor2.h | 4 ++--
+ psi/zcolor.c| 11 ---
+ 5 files changed, 16 insertions(+), 11 deletions(-)
+
+diff --git a/base/gsptype1.c b/base/gsptype1.c
+index 27fdd5a1b..e98dde18e 100644
+--- a/base/gsptype1.c
b/base/gsptype1.c
+@@ -50,7 +50,7 @@
+
+ /* GC descriptors */
+ private_st_pattern1_template();
+-private_st_pattern1_instance();
++public_st_pattern1_instance();
+
+ /* GC procedures */
+ static ENUM_PTRS_BEGIN(pattern1_instance_enum_ptrs) {
+diff --git a/base/gsptype2.c b/base/gsptype2.c
+index 791e538c0..c53eb2e9f 100644
+--- a/base/gsptype2.c
b/base/gsptype2.c
+@@ -33,7 +33,7 @@
+
+ /* GC descriptors */
+ private_st_pattern2_template();
+-private_st_pattern2_instance();
++public_st_pattern2_instance();
+
+ /* GC procedures */
+ static ENUM_PTRS_BEGIN(pattern2_instance_enum_ptrs) {
+@@ -206,10 +206,10 @@ gs_pattern2_set_color(const gs_client_color * pcc,
gs_gstate * pgs)
+
+ pinst->saved->overprint_mode = pgs->overprint_mode;
+ pinst->saved->overprint = pgs->overprint;
+-
++
+ num_comps = pgs->device->color_info.num_components;
+ for (k = 0; k < num_comps; k++) {
+-pgs->color_component_map.color_map[k] =
++pgs->color_component_map.color_map[k] =
+ pinst->saved->color_component_map.color_map[k];
+ }
+ code = pcs->type->set_overprint(pcs, pgs);
+diff --git a/base/gsptype2.h b/base/gsptype2.h
+index f0f26d19b..4186201d0 100644
+--- a/base/gsptype2.h
b/base/gsptype2.h
+@@ -57,8 +57,8 @@ typedef struct gs_pattern2_instance_s {
+ bool shfill;
+ } gs_pattern2_instance_t;
+
+-#define private_st_pattern2_instance() /* in gsptype2.c */\
+- gs_private_st_composite(st_pattern2_instance, gs_pattern2_instance_t,\
++#define public_st_pattern2_instance() /* in gsptype2.c */\
++ gs_public_st_composite(st_pattern2_instance, gs_pattern2_instance_t,\
+ "gs_pattern2_instance_t", pattern2_instance_enum_ptrs,\
+ pattern2_instance_reloc_ptrs)
+
+diff --git a/base/gxcolor2.h b/base/gxcolor2.h
+index 62ec05e9b..d5b109573 100644
+--- a/base/gxcolor2.h
b/base/gxcolor2.h
+@@ -92,8 +92,8 @@ struct gs_pattern1_instance_s {
+ gx_bitmap_id id;
Re: [OE-core] [morty][PATCH v2] qemux86: wic: Add MLPREFIX to syslinux
On 14.09.2018 16:32, Martin Jansa wrote:
On Fri, Sep 14, 2018 at 04:03:10PM +0300, Ovidiu Panait wrote:
Fix the following do_image_wic failure for lib32-core-image-minimal:
| DEBUG: Executing python function set_image_size
| DEBUG: Python function set_image_size finished
| DEBUG: Executing shell function do_image_wic
| Error: Please build syslinux first
Test case:
MACHINE ?= "qemux86-64"
require conf/multilib.conf
MULTILIBS = "multilib:lib32"
DEFAULTTUNE_virtclass-multilib-lib32 = "x86"
IMAGE_FSTYPES_append = " wic wic.bmap"
$ bitbake lib32-core-image-minimal
Currently, syslinux gets built instead of lib32-syslinux, so do_image_wic
doesn't find the right files into tmp/sysroots/lib32-qemux86-64 sysroot.
Pyro and later releases are not affected by this issue because they are
based on Recipe Specific Sysroot, so syslinux binaries end up in the
right place.
How does RSS help with this issue? It still builds the wrong version of
syslinux, doesn't it?
Hi,
It seems that do_image_wic needs some files that are independent of the
architecture syslinux is built for.
$ cat scripts/lib/wic/plugins/source/bootimg-pcbios.py
...
   cmds = ("install -m 0644 %s/bzImage %s/vmlinuz" %
   (staging_kernel_dir, hdddir),
   "install -m 444 %s/syslinux/ldlinux.sys %s/ldlinux.sys" %
   (bootimg_dir, hdddir),
   "install -m 0644 %s/syslinux/vesamenu.c32
%s/vesamenu.c32" %
   (bootimg_dir, hdddir),
   "install -m 444 %s/syslinux/libcom32.c32 %s/libcom32.c32" %
   (bootimg_dir, hdddir),
   "install -m 444 %s/syslinux/libutil.c32 %s/libutil.c32" %
   (bootimg_dir, hdddir))
...
These files are provided by both syslinux and lib32-syslinux, but before
RSS, they will be present in the 64bit sysroot, not the lib32 one, so
wic won't find them when building lib32-core-image-minimal.
With RSS, all binaries are in the same sysroot directory:
$ ls -1
tmp/work/qemux86_64-pokymllib32-linux/lib32-core-image-minimal/1.0-r0/lib32-recipe-sysroot/usr/share/syslinux
...
ldlinux.sys
libcom32.c32
libutil.c32
vesamenu.c32
...
Thanks,
Ovidiu
Signed-off-by: Ovidiu Panait
---
meta/conf/machine/qemux86-64.conf | 2 +-
meta/conf/machine/qemux86.conf| 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta/conf/machine/qemux86-64.conf
b/meta/conf/machine/qemux86-64.conf
index 4f30033e51..e093078d9d 100644
--- a/meta/conf/machine/qemux86-64.conf
+++ b/meta/conf/machine/qemux86-64.conf
@@ -33,4 +33,4 @@ MACHINE_FEATURES += "x86"
MACHINE_ESSENTIAL_EXTRA_RDEPENDS += "v86d"
WKS_FILE ?= "directdisk.wks"
-do_image_wic[depends] += "syslinux:do_build syslinux-native:do_populate_sysroot
mtools-native:do_populate_sysroot dosfstools-native:do_populate_sysroot"
+do_image_wic[depends] += "${MLPREFIX}syslinux:do_build
syslinux-native:do_populate_sysroot mtools-native:do_populate_sysroot
dosfstools-native:do_populate_sysroot"
diff --git a/meta/conf/machine/qemux86.conf b/meta/conf/machine/qemux86.conf
index e232947aee..29897f 100644
--- a/meta/conf/machine/qemux86.conf
+++ b/meta/conf/machine/qemux86.conf
@@ -32,4 +32,4 @@ MACHINE_FEATURES += "x86"
MACHINE_ESSENTIAL_EXTRA_RDEPENDS += "v86d"
WKS_FILE = "directdisk.wks"
-do_image_wic[depends] += "syslinux:do_build syslinux-native:do_populate_sysroot
mtools-native:do_populate_sysroot dosfstools-native:do_populate_sysroot"
+do_image_wic[depends] += "${MLPREFIX}syslinux:do_build
syslinux-native:do_populate_sysroot mtools-native:do_populate_sysroot
dosfstools-native:do_populate_sysroot"
--
2.17.1
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [morty][PATCH v2] qemux86: wic: Add MLPREFIX to syslinux
Fix the following do_image_wic failure for lib32-core-image-minimal:
| DEBUG: Executing python function set_image_size
| DEBUG: Python function set_image_size finished
| DEBUG: Executing shell function do_image_wic
| Error: Please build syslinux first
Test case:
MACHINE ?= "qemux86-64"
require conf/multilib.conf
MULTILIBS = "multilib:lib32"
DEFAULTTUNE_virtclass-multilib-lib32 = "x86"
IMAGE_FSTYPES_append = " wic wic.bmap"
$ bitbake lib32-core-image-minimal
Currently, syslinux gets built instead of lib32-syslinux, so do_image_wic
doesn't find the right files into tmp/sysroots/lib32-qemux86-64 sysroot.
Pyro and later releases are not affected by this issue because they are
based on Recipe Specific Sysroot, so syslinux binaries end up in the
right place.
Signed-off-by: Ovidiu Panait
---
meta/conf/machine/qemux86-64.conf | 2 +-
meta/conf/machine/qemux86.conf| 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta/conf/machine/qemux86-64.conf
b/meta/conf/machine/qemux86-64.conf
index 4f30033e51..e093078d9d 100644
--- a/meta/conf/machine/qemux86-64.conf
+++ b/meta/conf/machine/qemux86-64.conf
@@ -33,4 +33,4 @@ MACHINE_FEATURES += "x86"
MACHINE_ESSENTIAL_EXTRA_RDEPENDS += "v86d"
WKS_FILE ?= "directdisk.wks"
-do_image_wic[depends] += "syslinux:do_build
syslinux-native:do_populate_sysroot mtools-native:do_populate_sysroot
dosfstools-native:do_populate_sysroot"
+do_image_wic[depends] += "${MLPREFIX}syslinux:do_build
syslinux-native:do_populate_sysroot mtools-native:do_populate_sysroot
dosfstools-native:do_populate_sysroot"
diff --git a/meta/conf/machine/qemux86.conf b/meta/conf/machine/qemux86.conf
index e232947aee..29897f 100644
--- a/meta/conf/machine/qemux86.conf
+++ b/meta/conf/machine/qemux86.conf
@@ -32,4 +32,4 @@ MACHINE_FEATURES += "x86"
MACHINE_ESSENTIAL_EXTRA_RDEPENDS += "v86d"
WKS_FILE = "directdisk.wks"
-do_image_wic[depends] += "syslinux:do_build
syslinux-native:do_populate_sysroot mtools-native:do_populate_sysroot
dosfstools-native:do_populate_sysroot"
+do_image_wic[depends] += "${MLPREFIX}syslinux:do_build
syslinux-native:do_populate_sysroot mtools-native:do_populate_sysroot
dosfstools-native:do_populate_sysroot"
--
2.17.1
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [morty][PATCH] qemux86-64: wic: Add MLPREFIX to syslinux
Fix the following do_image_wic failure for lib32-core-image-minimal:
| DEBUG: Executing python function set_image_size
| DEBUG: Python function set_image_size finished
| DEBUG: Executing shell function do_image_wic
| Error: Please build syslinux first
Test case:
MACHINE ?= "qemux86-64"
require conf/multilib.conf
MULTILIBS = "multilib:lib32"
DEFAULTTUNE_virtclass-multilib-lib32 = "x86"
IMAGE_FSTYPES_append = " wic wic.bmap"
$ bitbake lib32-core-image-minimal
Signed-off-by: Ovidiu Panait
---
meta/conf/machine/qemux86-64.conf | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/conf/machine/qemux86-64.conf
b/meta/conf/machine/qemux86-64.conf
index 4f30033e51..e093078d9d 100644
--- a/meta/conf/machine/qemux86-64.conf
+++ b/meta/conf/machine/qemux86-64.conf
@@ -33,4 +33,4 @@ MACHINE_FEATURES += "x86"
MACHINE_ESSENTIAL_EXTRA_RDEPENDS += "v86d"
WKS_FILE ?= "directdisk.wks"
-do_image_wic[depends] += "syslinux:do_build
syslinux-native:do_populate_sysroot mtools-native:do_populate_sysroot
dosfstools-native:do_populate_sysroot"
+do_image_wic[depends] += "${MLPREFIX}syslinux:do_build
syslinux-native:do_populate_sysroot mtools-native:do_populate_sysroot
dosfstools-native:do_populate_sysroot"
--
2.17.1
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [rocko][PATCH] lsof: Update SRC_URI
lsof 4.89 archive has been moved to OLD directory and turned into tar.gz,
so update SRC_URI and checksums.
Signed-off-by: Ovidiu Panait
---
meta/recipes-extended/lsof/lsof_4.89.bb | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/meta/recipes-extended/lsof/lsof_4.89.bb
b/meta/recipes-extended/lsof/lsof_4.89.bb
index 14546db23c..b58b8281f9 100644
--- a/meta/recipes-extended/lsof/lsof_4.89.bb
+++ b/meta/recipes-extended/lsof/lsof_4.89.bb
@@ -11,12 +11,12 @@ LIC_FILES_CHKSUM =
"file://00README;beginline=645;endline=679;md5=964df275d26429
# https://people.freebsd.org/~abe/ ). http://www.mirrorservice.org seems to be
# the most commonly used alternative.
-SRC_URI =
"http://www.mirrorservice.org/sites/lsof.itap.purdue.edu/pub/tools/unix/lsof/lsof_${PV}.tar.bz2
\
+SRC_URI =
"http://www.mirrorservice.org/sites/lsof.itap.purdue.edu/pub/tools/unix/lsof/OLD/lsof_${PV}.tar.gz
\
file://lsof-remove-host-information.patch \
"
-SRC_URI[md5sum] = "1b9cd34f3fb86856a125abbf2be3a386"
-SRC_URI[sha256sum] =
"81ac2fc5fdc944793baf41a14002b6deb5a29096b387744e28f8c30a360a3718"
+SRC_URI[md5sum] = "8afbaff3ee308edc130bdc5df0801c8f"
+SRC_URI[sha256sum] =
"5d08da7ebe049c9d9a6472d6afb81aa5af54c4733a3f8822cbc22b57867633c9"
LOCALSRC = "file://${WORKDIR}/lsof_${PV}/lsof_${PV}_src.tar"
--
2.17.1
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] lsof: upgrade 4.89 -> 4.91
Signed-off-by: Ovidiu Panait
---
meta/recipes-extended/lsof/{lsof_4.89.bb => lsof_4.91.bb} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
rename meta/recipes-extended/lsof/{lsof_4.89.bb => lsof_4.91.bb} (93%)
diff --git a/meta/recipes-extended/lsof/lsof_4.89.bb
b/meta/recipes-extended/lsof/lsof_4.91.bb
similarity index 93%
rename from meta/recipes-extended/lsof/lsof_4.89.bb
rename to meta/recipes-extended/lsof/lsof_4.91.bb
index 14546db23c..0128de4a6e 100644
--- a/meta/recipes-extended/lsof/lsof_4.89.bb
+++ b/meta/recipes-extended/lsof/lsof_4.91.bb
@@ -15,8 +15,8 @@ SRC_URI =
"http://www.mirrorservice.org/sites/lsof.itap.purdue.edu/pub/tools/uni
file://lsof-remove-host-information.patch \
"
-SRC_URI[md5sum] = "1b9cd34f3fb86856a125abbf2be3a386"
-SRC_URI[sha256sum] =
"81ac2fc5fdc944793baf41a14002b6deb5a29096b387744e28f8c30a360a3718"
+SRC_URI[md5sum] = "148ed410cb52e08c2adc0c60f480f11f"
+SRC_URI[sha256sum] =
"c9da946a525fbf82ff80090b6d1879c38df090556f3fe0e6d782cb44172450a3"
LOCALSRC = "file://${WORKDIR}/lsof_${PV}/lsof_${PV}_src.tar"
--
2.17.1
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH 1/1] db: disable the ARM assembler mutex code
The swpb in macro MUTEX_SET will cause "undefined instruction" error
on the new arm arches which don't support this assembly instruction
any more. If use ldrex/strex to replace swpb, the old arm arches don't
support them. So to avoid this issue, just disable the ARM assembler
mutex code, and use the default pthreads mutex.
Signed-off-by: Li Zhou
Signed-off-by: Catalin Enache
Signed-off-by: Ovidiu Panait
---
meta/recipes-support/db/db_5.3.28.bb | 13 +
1 file changed, 1 insertion(+), 12 deletions(-)
diff --git a/meta/recipes-support/db/db_5.3.28.bb
b/meta/recipes-support/db/db_5.3.28.bb
index 093ee44909..15b4155a29 100644
--- a/meta/recipes-support/db/db_5.3.28.bb
+++ b/meta/recipes-support/db/db_5.3.28.bb
@@ -59,18 +59,7 @@ FILES_SOLIBSDEV = "${libdir}/libdb.so ${libdir}/libdb_cxx.so"
# All the --disable-* options replace --enable-smallbuild, which breaks a
bunch of stuff (eg. postfix)
DB5_CONFIG ?= "--enable-o_direct --disable-cryptography --disable-queue
--disable-replication --disable-verify --disable-compat185 --disable-sql"
-EXTRA_OECONF = "${DB5_CONFIG} --enable-shared --enable-cxx --with-sysroot"
-
-# Override the MUTEX setting here, the POSIX library is
-# the default - "POSIX/pthreads/library".
-# Don't ignore the nice SWP instruction on the ARM:
-# These enable the ARM assembler mutex code, this won't
-# work with thumb compilation...
-ARM_MUTEX = "--with-mutex=ARM/gcc-assembly"
-MUTEX = ""
-MUTEX_arm = "${ARM_MUTEX}"
-MUTEX_armeb = "${ARM_MUTEX}"
-EXTRA_OECONF += "${MUTEX} STRIP=true"
+EXTRA_OECONF = "${DB5_CONFIG} --enable-shared --enable-cxx --with-sysroot
STRIP=true"
EXTRA_OEMAKE += "LIBTOOL='./${HOST_SYS}-libtool'"
EXTRA_AUTORECONF += "--exclude=autoheader -I ${S}/dist/aclocal
-I${S}/dist/aclocal_java"
--
2.17.1
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [rocko][PATCH 1/1] ncurses: Fix CVE-2018-10754
In ncurses before 6.1.20180414, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service if the terminfo library code is used to process untrusted terminfo data in which a use-name is invalid syntax. Upstream patch: ftp://ftp.invisible-island.net/ncurses/6.1/ncurses-6.1-20180414.patch.gz References: https://nvd.nist.gov/vuln/detail/CVE-2018-10754 https://bugzilla.redhat.com/show_bug.cgi?id=1576119 https://bugzilla.redhat.com/show_bug.cgi?id=1566575 Signed-off-by: Ovidiu Panait <ovidiu.pan...@windriver.com> --- .../ncurses/files/CVE-2018-10754.patch | 449 + meta/recipes-core/ncurses/ncurses_6.0+20170715.bb | 1 + 2 files changed, 450 insertions(+) create mode 100644 meta/recipes-core/ncurses/files/CVE-2018-10754.patch diff --git a/meta/recipes-core/ncurses/files/CVE-2018-10754.patch b/meta/recipes-core/ncurses/files/CVE-2018-10754.patch new file mode 100644 index 00..f6542cf2b3 --- /dev/null +++ b/meta/recipes-core/ncurses/files/CVE-2018-10754.patch @@ -0,0 +1,449 @@ +From cc24cd13a8637fdc3228347152cbaea7dd8f56e2 Mon Sep 17 00:00:00 2001 +From: Ovidiu Panait <ovidiu.pan...@windriver.com> +Date: Fri, 18 May 2018 08:32:42 + +Subject: [PATCH] ncurses: CVE-2018-10754 + +# ncurses 6.1 - patch 20180414 - Thomas E. Dickey +# +# -- +# +# Ncurses 6.1 is at +# ftp.gnu.org:/pub/gnu +# +# Patches for ncurses 6.1 can be found at +# ftp://ftp.invisible-island.net/ncurses/6.1 +# http://invisible-mirror.net/archives/ncurses/6.1 +# +# -- +# ftp://ftp.invisible-island.net/ncurses/6.1/ncurses-6.1-20180414.patch.gz +# patch by Thomas E. Dickey <dic...@invisible-island.net> +# created Sat Apr 14 22:50:05 UTC 2018 + +Upstream-Status: Backport +CVE: CVE-2018-10754 + +Signed-off-by: Ovidiu Panait <ovidiu.pan...@windriver.com> +--- + form/form.h | 5 +++-- + form/form.priv.h| 7 --- + form/frm_driver.c | 24 +++- + ncurses/curses.priv.h | 2 -- + ncurses/llib-lncursestw | 9 ++--- + ncurses/llib-lncursesw | 8 +--- + ncurses/llib-ltinfotw | 8 +--- + ncurses/llib-ltinfow| 8 +--- + ncurses/tinfo/alloc_entry.c | 7 +-- + ncurses/tinfo/alloc_ttype.c | 24 ++-- + ncurses/tinfo/comp_parse.c | 6 +- + ncurses/tinfo/parse_entry.c | 8 +--- + ncurses/tinfo/read_entry.c | 3 +++ + 13 files changed, 59 insertions(+), 60 deletions(-) + +diff --git a/form/form.h b/form/form.h +index f11807f5..1d4c241d 100644 +--- a/form/form.h b/form/form.h +@@ -1,5 +1,5 @@ + / +- * Copyright (c) 1998-2016,2017 Free Software Foundation, Inc. * ++ * Copyright (c) 1998-2017,2018 Free Software Foundation, Inc. * + * * + * Permission is hereby granted, free of charge, to any person obtaining a * + * copy of this software and associated documentation files (the* +@@ -30,7 +30,7 @@ + * Author: Juergen Pfeifer, 1995,1997* + / + +-/* $Id: form.h,v 0.27 2017/02/11 16:35:42 tom Exp $ */ ++/* $Id: form.h,v 0.28 2018/04/14 21:06:21 Leon.Winter Exp $ */ + + #ifndef FORM_H + #define FORM_H +@@ -222,6 +222,7 @@ typedef void (*Form_Hook)(FORM *); + #define O_STATIC (0x0200U) + #define O_DYNAMIC_JUSTIFY (0x0400U) /* ncurses extension*/ + #define O_NO_LEFT_STRIP (0x0800U) /* ncurses extension */ ++#define O_EDGE_INSERT_STAY (0x1000U) /* ncurses extension*/ + + /* form options */ + #define O_NL_OVERLOAD (0x0001U) +diff --git a/form/form.priv.h b/form/form.priv.h +index ad25ec2d..e48a9f26 100644 +--- a/form/form.priv.h b/form/form.priv.h +@@ -1,5 +1,5 @@ + / +- * Copyright (c) 1998-2016,2017 Free Software Foundation, Inc. * ++ * Copyright (c) 1998-2017,2018 Free Software Foundation, Inc. * + * * + * Permission is hereby granted, free of charge, to any person obtaining a * + * copy of this software and associated documentation files (the* +@@ -30,7 +30,7 @@ + * Author: Juergen Pfeifer, 1995,1997* + / + +-/* $Id: form.priv.h,v 0.42 2017/02/11 16:12:19 tom Exp $ */ ++/* $Id: form.priv.h,v 0.43 2018/04/14 21:06:14 Leon.Wint
[OE-core] [PATCH] nativesdk-rpm: Add wrappers for nativesdk support
When installing the SDK to a non-default path, running "rpm --showrc" from the
sdk will produce the following error:
error: Unable to open
/opt/poky/2.4+snapshot/sysroots/x86_64-pokysdk-linux/usr/lib/rpm/rpmrc for
reading: No such file or directory.
Fix this by adding wrappers that dynamically export the RPM_CONFIGDIR,
RPM_ETCCONFIGDIR and MAGIC environment variables, pointing to the proper
sdk locations.
Signed-off-by: Ovidiu Panait <ovidiu.pan...@windriver.com>
---
meta/recipes-devtools/rpm/rpm_4.14.1.bb | 26 ++
1 file changed, 26 insertions(+)
diff --git a/meta/recipes-devtools/rpm/rpm_4.14.1.bb
b/meta/recipes-devtools/rpm/rpm_4.14.1.bb
index 7b8ea46a75..daaf4637a3 100644
--- a/meta/recipes-devtools/rpm/rpm_4.14.1.bb
+++ b/meta/recipes-devtools/rpm/rpm_4.14.1.bb
@@ -65,6 +65,7 @@ EXTRA_OECONF_append_libc-musl = " --disable-nls"
#
# Also disable plugins, so that rpm doesn't attempt to inhibit shutdown via
session dbus
EXTRA_OECONF_append_class-native = " --sysconfdir=/etc --localstatedir=/var
--disable-plugins"
+EXTRA_OECONF_append_class-nativesdk = " --sysconfdir=/etc --localstatedir=/var
--disable-plugins"
BBCLASSEXTEND = "native nativesdk"
@@ -96,6 +97,31 @@ do_install_append_class-native() {
done
}
+do_install_append_class-nativesdk() {
+tools="\
+${bindir}/rpm \
+${bindir}/rpm2archive \
+${bindir}/rpm2cpio \
+${bindir}/rpmbuild \
+${bindir}/rpmdb \
+${bindir}/rpmgraph \
+${bindir}/rpmkeys \
+${bindir}/rpmsign \
+${bindir}/rpmspec \
+${libdir}/rpm/rpmdeps \
+"
+
+for tool in $tools; do
+create_wrapper ${D}$tool \
+RPM_CONFIGDIR='`dirname
$''realpath`'/${@os.path.relpath(d.getVar('libdir', True), d.getVar('bindir',
True))}/rpm \
+RPM_ETCCONFIGDIR='$'{RPM_ETCCONFIGDIR-'`dirname
$''realpath`'/${@os.path.relpath(d.getVar('sysconfdir', True),
d.getVar('bindir', True))}/..} \
+MAGIC='`dirname
$''realpath`'/${@os.path.relpath(d.getVar('datadir', True), d.getVar('bindir',
True))}/misc/magic.mgc \
+RPM_NO_CHROOT_FOR_SCRIPTS=1
+done
+
+rm -rf ${D}/var
+}
+
# Rpm's make install creates var/tmp which clashes with base-files packaging
do_install_append_class-target() {
rm -rf ${D}/var
--
2.16.2
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] python: Fix CVE-2017-1000158
CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in
the PyString_DecodeEscape function in stringobject.c, resulting in
heap-based buffer overflow (and possible arbitrary code execution).
Upstream patches:
https://github.com/python/cpython/commit/c3c9db89273fabc62ea1b48389d9a3000c1c03ae
https://github.com/python/cpython/commit/fd8614c5c5466a14a945db5b059c10c0fb8f76d9
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2017-1000158
Signed-off-by: Ovidiu Panait <ovidiu.pan...@windriver.com>
---
.../python/python-native_2.7.13.bb | 1 +
.../python/python/CVE-2017-1000158.patch | 49 +++
.../python/python3-native_3.5.3.bb | 1 +
.../python/python3/CVE-2017-1000158.patch | 70 ++
meta/recipes-devtools/python/python3_3.5.3.bb | 1 +
meta/recipes-devtools/python/python_2.7.13.bb | 1 +
6 files changed, 123 insertions(+)
create mode 100644 meta/recipes-devtools/python/python/CVE-2017-1000158.patch
create mode 100644 meta/recipes-devtools/python/python3/CVE-2017-1000158.patch
diff --git a/meta/recipes-devtools/python/python-native_2.7.13.bb
b/meta/recipes-devtools/python/python-native_2.7.13.bb
index 7edf153..8864364 100644
--- a/meta/recipes-devtools/python/python-native_2.7.13.bb
+++ b/meta/recipes-devtools/python/python-native_2.7.13.bb
@@ -17,6 +17,7 @@ SRC_URI += "\
file://builddir.patch \
file://parallel-makeinst-create-bindir.patch \
file://revert_use_of_sysconfigdata.patch \
+file://CVE-2017-1000158.patch \
"
S = "${WORKDIR}/Python-${PV}"
diff --git a/meta/recipes-devtools/python/python/CVE-2017-1000158.patch
b/meta/recipes-devtools/python/python/CVE-2017-1000158.patch
new file mode 100644
index 000..1a15f80
--- /dev/null
+++ b/meta/recipes-devtools/python/python/CVE-2017-1000158.patch
@@ -0,0 +1,49 @@
+From 6ddb35c6203626dc6ca9549d6e70264e93d86166 Mon Sep 17 00:00:00 2001
+From: Ovidiu Panait <ovidiu.pan...@windriver.com>
+Date: Fri, 5 Jan 2018 13:50:01 +
+Subject: [PATCH] bpo-30657: Check & prevent integer overflow in
+ PyString_DecodeEscape (#2174)
+
+Upstream-Status: Backport
+CVE: CVE-2017-1000158
+
+Signed-off-by: Ovidiu Panait <ovidiu.pan...@windriver.com>
+---
+ Misc/ACKS | 1 +
+ Objects/stringobject.c | 8 +++-
+ 2 files changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/Misc/ACKS b/Misc/ACKS
+index 9c374b7..eefb4c0 100644
+--- a/Misc/ACKS
b/Misc/ACKS
+@@ -151,6 +151,7 @@ Gregory Bond
+ Matias Bordese
+ Jonas Borgström
+ Jurjen Bos
++Jay Bosamiya
+ Peter Bosch
+ Dan Boswell
+ Eric Bouck
+diff --git a/Objects/stringobject.c b/Objects/stringobject.c
+index f2db6da..5614ad9 100644
+--- a/Objects/stringobject.c
b/Objects/stringobject.c
+@@ -612,7 +612,13 @@ PyObject *PyString_DecodeEscape(const char *s,
+ char *p, *buf;
+ const char *end;
+ PyObject *v;
+-Py_ssize_t newlen = recode_encoding ? 4*len:len;
++Py_ssize_t newlen;
++/* Check for integer overflow */
++if (recode_encoding && (len > PY_SSIZE_T_MAX / 4)) {
++PyErr_SetString(PyExc_OverflowError, "string is too large");
++return NULL;
++}
++newlen = recode_encoding ? 4*len:len;
+ v = PyString_FromStringAndSize((char *)NULL, newlen);
+ if (v == NULL)
+ return NULL;
+--
+2.11.0
+
diff --git a/meta/recipes-devtools/python/python3-native_3.5.3.bb
b/meta/recipes-devtools/python/python3-native_3.5.3.bb
index 8cd9c88..d07b5c0 100644
--- a/meta/recipes-devtools/python/python3-native_3.5.3.bb
+++ b/meta/recipes-devtools/python/python3-native_3.5.3.bb
@@ -25,6 +25,7 @@ file://sysconfig.py-add-_PYTHON_PROJECT_SRC.patch \
file://setup.py-check-cross_compiling-when-get-FLAGS.patch \
file://0001-Do-not-use-the-shell-version-of-python-config-that-w.patch \
file://support_SOURCE_DATE_EPOCH_in_py_compile.patch \
+file://CVE-2017-1000158.patch \
"
SRC_URI[md5sum] = "57d1f8bfbabf4f2500273fb0706e6f21"
diff --git a/meta/recipes-devtools/python/python3/CVE-2017-1000158.patch
b/meta/recipes-devtools/python/python3/CVE-2017-1000158.patch
new file mode 100644
index 000..52d3870
--- /dev/null
+++ b/meta/recipes-devtools/python/python3/CVE-2017-1000158.patch
@@ -0,0 +1,70 @@
+From 6ddb35c6203626dc6ca9549d6e70264e93d86166 Mon Sep 17 00:00:00 2001
+From: Ovidiu Panait <ovidiu.pan...@windriver.com>
+Date: Fri, 5 Jan 2018 13:50:01 +
+Subject: [PATCH] bpo-30657: Check & prevent integer overflow in
+ PyString_DecodeEscape (#2174)
+
+Fixes possible integer overflow in PyBytes_DecodeEscape.
+
+Upstream-Status: Backport
+CVE: CVE-2017-1000158
+
+Co-Authored-By: Jay Bosamiya <jaybosam...@gmail.com>
+Signed-off-by: Ovidiu Panait <ovidiu.pan...@windriver.com>
+---
+ Misc/ACKS | 2 +
[OE-core] [PATCH] openssl-nativesdk: Fix "can't open config file" warning
When SDK is not installed in the default location, openssl will not be
able to find the the openssl.cnf config file:
"WARNING: can't open config file: /usr/lib/ssl/openssl.cnf"
To fix this, we need to provide the environment variable $OPENSSL_CONF
pointing to the correct config file location.
Signed-off-by: Ovidiu Panait <ovidiu.pan...@windriver.com>
---
.../openssl/openssl/environment.d-openssl.sh | 1 +
meta/recipes-connectivity/openssl/openssl10.inc | 7 +++
meta/recipes-connectivity/openssl/openssl_1.0.2m.bb | 5 +
meta/recipes-connectivity/openssl/openssl_1.1.0g.bb | 11 +++
4 files changed, 24 insertions(+)
create mode 100644
meta/recipes-connectivity/openssl/openssl/environment.d-openssl.sh
diff --git a/meta/recipes-connectivity/openssl/openssl/environment.d-openssl.sh
b/meta/recipes-connectivity/openssl/openssl/environment.d-openssl.sh
new file mode 100644
index 000..b9cc24a
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/environment.d-openssl.sh
@@ -0,0 +1 @@
+export OPENSSL_CONF="$OECORE_NATIVE_SYSROOT/usr/lib/ssl/openssl.cnf"
diff --git a/meta/recipes-connectivity/openssl/openssl10.inc
b/meta/recipes-connectivity/openssl/openssl10.inc
index 4697755..71e80f1 100644
--- a/meta/recipes-connectivity/openssl/openssl10.inc
+++ b/meta/recipes-connectivity/openssl/openssl10.inc
@@ -271,5 +271,12 @@ do_install_append_class-native() {
OPENSSL_ENGINES=${libdir}/ssl/engines
}
+do_install_append_class-nativesdk() {
+mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d
+install -m 644 ${WORKDIR}/environment.d-openssl.sh
${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
+}
+
+FILES_${PN}_append_class-nativesdk = "
${SDKPATHNATIVE}/environment-setup.d/openssl.sh"
+
BBCLASSEXTEND = "native nativesdk"
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2m.bb
b/meta/recipes-connectivity/openssl/openssl_1.0.2m.bb
index 9270f52..fcb627a 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.0.2m.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.2m.bb
@@ -44,6 +44,11 @@ SRC_URI += "file://find.pl;subdir=openssl-${PV}/util/ \
file://0001-openssl-force-soft-link-to-avoid-rare-race.patch \
file://0001-aes-armv4-bsaes-armv7-sha256-armv4-.pl-make-it-work-.patch \
"
+
+SRC_URI_append_class-nativesdk = " \
+file://environment.d-openssl.sh \
+ "
+
SRC_URI[md5sum] = "10e9e37f492094b9ef296f68f24a7666"
SRC_URI[sha256sum] =
"8c6ff15ec6b319b50788f42c7abc2890c08ba5a1cdcd3810eb9092deada37b0f"
diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.0g.bb
b/meta/recipes-connectivity/openssl/openssl_1.1.0g.bb
index 53f397a..0d4c90f 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.1.0g.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.1.0g.bb
@@ -21,6 +21,10 @@ SRC_URI =
"http://www.openssl.org/source/openssl-${PV}.tar.gz \
file://0001-aes-asm-aes-armv4-bsaes-armv7-.pl-make-it-work-with-.patch \
"
+SRC_URI_append_class-nativesdk = " \
+file://environment.d-openssl.sh \
+ "
+
S = "${WORKDIR}/openssl-${PV}"
inherit lib_package multilib_header ptest
@@ -143,6 +147,13 @@ do_install_append_class-native () {
sed -i -e 's,/etc/openssl,${sysconfdir}/ssl,g' ${D}${bindir}/c_rehash
}
+do_install_append_class-nativesdk() {
+mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d
+install -m 644 ${WORKDIR}/environment.d-openssl.sh
${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
+}
+
+FILES_${PN}_append_class-nativesdk = "
${SDKPATHNATIVE}/environment-setup.d/openssl.sh"
+
do_install_ptest() {
cp -r * ${D}${PTEST_PATH}
--
2.10.2
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] boost: fix build failure when musl is used with x32 ABI
Solves do_compile task failure when musl and x32 ABI are used (Bug #12119)
Signed-off-by: Ovidiu Panait <ovidiu.pan...@windriver.com>
---
meta/recipes-support/boost/boost.inc | 1 +
1 file changed, 1 insertion(+)
diff --git a/meta/recipes-support/boost/boost.inc
b/meta/recipes-support/boost/boost.inc
index f4ecc10..2d8a442 100644
--- a/meta/recipes-support/boost/boost.inc
+++ b/meta/recipes-support/boost/boost.inc
@@ -170,6 +170,7 @@ BJAM_OPTS_append_class-native = ' -sNO_BZIP2=1'
# Adjust the build for x32
BJAM_OPTS_append_linux-gnux32 = " abi=x32 address-model=64"
+BJAM_OPTS_append_linux-muslx32 = " abi=x32 address-model=64"
do_configure() {
cp -f ${S}/boost/config/platform/linux.hpp
${S}/boost/config/platform/linux-gnueabi.hpp
--
2.10.2
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] icu: CVE-2017-14952
Double free in i18n/zonemeta.cpp in International Components for Unicode
(ICU) for C/C++ through 59.1 allows remote attackers to execute arbitrary
code via a crafted string, aka a "redundant UVector entry clean up
function call" issue.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2017-14952
Upstream patches:
http://bugs.icu-project.org/trac/changeset/40324/trunk/icu4c/source/i18n/zonemeta.cpp
Signed-off-by: Ovidiu Panait <ovidiu.pan...@windriver.com>
---
meta/recipes-support/icu/icu/CVE-2017-14952.patch | 28 +++
meta/recipes-support/icu/icu_59.1.bb | 1 +
2 files changed, 29 insertions(+)
create mode 100644 meta/recipes-support/icu/icu/CVE-2017-14952.patch
diff --git a/meta/recipes-support/icu/icu/CVE-2017-14952.patch
b/meta/recipes-support/icu/icu/CVE-2017-14952.patch
new file mode 100644
index 000..f759efc
--- /dev/null
+++ b/meta/recipes-support/icu/icu/CVE-2017-14952.patch
@@ -0,0 +1,28 @@
+From fc83cd832725d3968011f118637b9f5d212e8717 Mon Sep 17 00:00:00 2001
+From: Ovidiu Panait <ovidiu.pan...@windriver.com>
+Date: Fri, 10 Nov 2017 16:51:25 +0200
+Subject: [PATCH] Removed redundant UVector entry clean up function call.
+
+Upstream-Status: Backport
+CVE: CVE-2017-14952
+
+Signed-off-by: Ovidiu Panait <ovidiu.pan...@windriver.com>
+---
+ i18n/zonemeta.cpp | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/i18n/zonemeta.cpp b/i18n/zonemeta.cpp
+index 84a9657..e163b00 100644
+--- a/i18n/zonemeta.cpp
b/i18n/zonemeta.cpp
+@@ -690,7 +690,6 @@ ZoneMeta::createMetazoneMappings(const UnicodeString
) {
+ mzMappings = new UVector(deleteOlsonToMetaMappingEntry,
NULL, status);
+ if (U_FAILURE(status)) {
+ delete mzMappings;
+-deleteOlsonToMetaMappingEntry(entry);
+ uprv_free(entry);
+ break;
+ }
+--
+2.10.2
+
diff --git a/meta/recipes-support/icu/icu_59.1.bb
b/meta/recipes-support/icu/icu_59.1.bb
index 31f017b..9fb1be8 100644
--- a/meta/recipes-support/icu/icu_59.1.bb
+++ b/meta/recipes-support/icu/icu_59.1.bb
@@ -17,6 +17,7 @@ SRC_URI = "${BASE_SRC_URI} \
file://icu-pkgdata-large-cmd.patch \
file://fix-install-manx.patch \
file://0001-i18n-Drop-include-xlocale.h.patch \
+ file://CVE-2017-14952.patch \
"
SRC_URI_append_class-target = "\
--
2.10.2
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] libxfont: bump versions to 1.5.3 and 2.0.2
Bump libxfont version to 1.5.3 and libxfont2 version to 2.0.2 in order to
eliminate CVE-2017-13720 and CVE-2017-13722 vulnerabilities.
In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2
and 2.x before 2.0.2, an attacker with access to an X connection can cause
a buffer over-read during pattern matching of fonts, leading to information
disclosure or a crash (denial of service). This occurs because '\0'
characters are incorrectly skipped in situations involving ? characters.
In the pcfGetProperties function in bitmap/pcfread.c in libXfont through 1.5.2
and 2.x before 2.0.2, a missing boundary check (for PCF files) could be used
by local attackers authenticated to an Xserver for a buffer over-read, for
information disclosure or a crash of the X server.
References:
https://nvd.nist.gov/vuln/detail/CVE-2017-13720
https://nvd.nist.gov/vuln/detail/CVE-2017-13722
Upstream patches:
https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d1e670a4a8704b8708e493ab6155589bcd570608
https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=672bb944311392e2415b39c0d63b1e1902905bcd
Signed-off-by: Ovidiu Panait <ovidiu.pan...@windriver.com>
---
.../xorg-lib/{libxfont2_2.0.1.bb => libxfont2_2.0.2.bb} | 4 ++--
.../xorg-lib/{libxfont_1.5.2.bb => libxfont_1.5.3.bb} | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
rename meta/recipes-graphics/xorg-lib/{libxfont2_2.0.1.bb =>
libxfont2_2.0.2.bb} (80%)
rename meta/recipes-graphics/xorg-lib/{libxfont_1.5.2.bb => libxfont_1.5.3.bb}
(81%)
diff --git a/meta/recipes-graphics/xorg-lib/libxfont2_2.0.1.bb
b/meta/recipes-graphics/xorg-lib/libxfont2_2.0.2.bb
similarity index 80%
rename from meta/recipes-graphics/xorg-lib/libxfont2_2.0.1.bb
rename to meta/recipes-graphics/xorg-lib/libxfont2_2.0.2.bb
index 4bfb290..08d1123 100644
--- a/meta/recipes-graphics/xorg-lib/libxfont2_2.0.1.bb
+++ b/meta/recipes-graphics/xorg-lib/libxfont2_2.0.2.bb
@@ -15,8 +15,8 @@ XORG_PN = "libXfont2"
BBCLASSEXTEND = "native"
-SRC_URI[md5sum] = "0d9f6dd9c23bf4bcbfb00504b566baf5"
-SRC_URI[sha256sum] =
"e9fbbb475ddd171b3a6a54b989cbade1f6f874fc35d505ebc5be426bc6e4db7e"
+SRC_URI[md5sum] = "d39e6446e46f939486d1a8b856e8b67b"
+SRC_URI[sha256sum] =
"94088d3b87f7d42c7116d9adaad155859e93330c6e47f5989f2de600b9a6c111"
PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}"
PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
diff --git a/meta/recipes-graphics/xorg-lib/libxfont_1.5.2.bb
b/meta/recipes-graphics/xorg-lib/libxfont_1.5.3.bb
similarity index 81%
rename from meta/recipes-graphics/xorg-lib/libxfont_1.5.2.bb
rename to meta/recipes-graphics/xorg-lib/libxfont_1.5.3.bb
index b11dda5..5b15a4e 100644
--- a/meta/recipes-graphics/xorg-lib/libxfont_1.5.2.bb
+++ b/meta/recipes-graphics/xorg-lib/libxfont_1.5.3.bb
@@ -18,8 +18,8 @@ XORG_PN = "libXfont"
BBCLASSEXTEND = "native"
-SRC_URI[md5sum] = "254ee42bd178d18ebc7a73aacfde7f79"
-SRC_URI[sha256sum] =
"02945ea68da447102f3e6c2b896c1d2061fd115de99404facc2aca3ad7010d71"
+SRC_URI[md5sum] = "9ba75bf38ba62a6ad52550ab716da9b3"
+SRC_URI[sha256sum] =
"ab85c10fd2683481dfef672a77fe60e6a2039558cbc0e9bf56b5e1df471c93d0"
PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}"
PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
--
2.10.2
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] init-install: add timeout for legacy grub
After installing an image from an iso, booting the system using
the legacy boots makes the grub prompt wait for an enter.
This is not desirable since many of these devices are embedded
devices that should start by themselves without user entry.
Signed-off-by: Ovidiu Panait <ovidiu.pan...@windriver.com>
---
meta/recipes-core/initrdscripts/files/init-install.sh | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta/recipes-core/initrdscripts/files/init-install.sh
b/meta/recipes-core/initrdscripts/files/init-install.sh
index 572613e..c9d86de 100644
--- a/meta/recipes-core/initrdscripts/files/init-install.sh
+++ b/meta/recipes-core/initrdscripts/files/init-install.sh
@@ -259,6 +259,8 @@ if [ -f /etc/grub.d/00_header -a $grub_version -ne 0 ] ;
then
GRUBCFG="/boot/grub/grub.cfg"
mkdir -p $(dirname $GRUBCFG)
cat >$GRUBCFG <<_EOF
+timeout=5
+default=0
menuentry "Linux" {
search --no-floppy --fs-uuid $boot_uuid --set root
linux /vmlinuz root=PARTUUID=$root_part_uuid $rootwait rw $5 $3 $4 quiet
--
2.10.2
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] git: bump version to 2.14.3
Bump version to 2.14.3 in order to eliminate CVE-2017-14867 vulnerability.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2017-14867
Upstream patches:
https://github.com/git/git/commit/9a42c03cb71eaa9d41ba67275de38c997a791c32
https://github.com/git/git/commit/fce13af5d20cad8dcb2d0e47bcf01b6960f08e55
https://github.com/git/git/commit/27dd73871f814062737c327103ee43f1eb7f30d9
https://github.com/git/git/commit/46203ac24dc7e6b5a8d4f1b024ed93591705d47b
https://github.com/git/git/commit/5b4efea666951efe0770f8d5a301f8917015315f
https://github.com/git/git/commit/8d0fad0a7a6ba34fd706c148fa7ed1f8eb2b8b26
Signed-off-by: Ovidiu Panait <ovidiu.pan...@windriver.com>
---
meta/recipes-devtools/git/git_2.13.3.bb | 11 ---
meta/recipes-devtools/git/git_2.14.3.bb | 11 +++
2 files changed, 11 insertions(+), 11 deletions(-)
delete mode 100644 meta/recipes-devtools/git/git_2.13.3.bb
create mode 100644 meta/recipes-devtools/git/git_2.14.3.bb
diff --git a/meta/recipes-devtools/git/git_2.13.3.bb
b/meta/recipes-devtools/git/git_2.13.3.bb
deleted file mode 100644
index b3e3887..000
--- a/meta/recipes-devtools/git/git_2.13.3.bb
+++ /dev/null
@@ -1,11 +0,0 @@
-require git.inc
-
-EXTRA_OECONF += "ac_cv_snprintf_returns_bogus=no \
-
ac_cv_fread_reads_directories=${ac_cv_fread_reads_directories=yes} \
- "
-EXTRA_OEMAKE += "NO_GETTEXT=1"
-
-SRC_URI[tarball.md5sum] = "d2dc550f6693ba7e5b16212b2714f59f"
-SRC_URI[tarball.sha256sum] =
"1497001772f630d49809e981672edfe3e3ce1a1d18e905cd539c4d2f4dbcd75a"
-SRC_URI[manpages.md5sum] = "3037d11a4f4cdd19435871c267ca48b4"
-SRC_URI[manpages.sha256sum] =
"f9b302eeb08ce08934e7afb42280ce9294411fbf5f7b6ac3fcc236e8031f10c5"
diff --git a/meta/recipes-devtools/git/git_2.14.3.bb
b/meta/recipes-devtools/git/git_2.14.3.bb
new file mode 100644
index 000..4628fc7
--- /dev/null
+++ b/meta/recipes-devtools/git/git_2.14.3.bb
@@ -0,0 +1,11 @@
+require git.inc
+
+EXTRA_OECONF += "ac_cv_snprintf_returns_bogus=no \
+
ac_cv_fread_reads_directories=${ac_cv_fread_reads_directories=yes} \
+ "
+EXTRA_OEMAKE += "NO_GETTEXT=1"
+
+SRC_URI[tarball.md5sum] = "034a737e20a95194a5c274fff2333a67"
+SRC_URI[tarball.sha256sum] =
"0236d3ba8a1bea779dfecc0ed0bb4ad68ab8601d14435dd8c08416f78d7f"
+SRC_URI[manpages.md5sum] = "b0f9be472139b978954bd0e132f1db8a"
+SRC_URI[manpages.sha256sum] =
"d64e10b6e3b351231e7a187af038d9c87e1225a5c90eeff8dece839a8d383ca6"
--
2.10.2
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCHv2] git: bump version to 2.13.6
Bump version to 2.13.6 in order to eliminate CVE-2017-14867 vulnerability.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2017-14867
Upstream patches:
https://github.com/git/git/commit/9a42c03cb71eaa9d41ba67275de38c997a791c32
https://github.com/git/git/commit/fce13af5d20cad8dcb2d0e47bcf01b6960f08e55
https://github.com/git/git/commit/27dd73871f814062737c327103ee43f1eb7f30d9
https://github.com/git/git/commit/46203ac24dc7e6b5a8d4f1b024ed93591705d47b
https://github.com/git/git/commit/5b4efea666951efe0770f8d5a301f8917015315f
https://github.com/git/git/commit/8d0fad0a7a6ba34fd706c148fa7ed1f8eb2b8b26
Signed-off-by: Ovidiu Panait <ovidiu.pan...@windriver.com>
---
meta/recipes-devtools/git/git_2.13.3.bb | 11 ---
meta/recipes-devtools/git/git_2.13.6.bb | 11 +++
2 files changed, 11 insertions(+), 11 deletions(-)
delete mode 100644 meta/recipes-devtools/git/git_2.13.3.bb
create mode 100644 meta/recipes-devtools/git/git_2.13.6.bb
diff --git a/meta/recipes-devtools/git/git_2.13.3.bb
b/meta/recipes-devtools/git/git_2.13.3.bb
deleted file mode 100644
index b3e3887319..00
--- a/meta/recipes-devtools/git/git_2.13.3.bb
+++ /dev/null
@@ -1,11 +0,0 @@
-require git.inc
-
-EXTRA_OECONF += "ac_cv_snprintf_returns_bogus=no \
-
ac_cv_fread_reads_directories=${ac_cv_fread_reads_directories=yes} \
- "
-EXTRA_OEMAKE += "NO_GETTEXT=1"
-
-SRC_URI[tarball.md5sum] = "d2dc550f6693ba7e5b16212b2714f59f"
-SRC_URI[tarball.sha256sum] =
"1497001772f630d49809e981672edfe3e3ce1a1d18e905cd539c4d2f4dbcd75a"
-SRC_URI[manpages.md5sum] = "3037d11a4f4cdd19435871c267ca48b4"
-SRC_URI[manpages.sha256sum] =
"f9b302eeb08ce08934e7afb42280ce9294411fbf5f7b6ac3fcc236e8031f10c5"
diff --git a/meta/recipes-devtools/git/git_2.13.6.bb
b/meta/recipes-devtools/git/git_2.13.6.bb
new file mode 100644
index 00..c7e559c019
--- /dev/null
+++ b/meta/recipes-devtools/git/git_2.13.6.bb
@@ -0,0 +1,11 @@
+require git.inc
+
+EXTRA_OECONF += "ac_cv_snprintf_returns_bogus=no \
+
ac_cv_fread_reads_directories=${ac_cv_fread_reads_directories=yes} \
+ "
+EXTRA_OEMAKE += "NO_GETTEXT=1"
+
+SRC_URI[tarball.md5sum] = "b7a8f9de37cc45aef96035bd27dc98c8"
+SRC_URI[tarball.sha256sum] =
"cb53e6b388d8d19189933366c1fe5c1ca500e8b227b9e707af39c3d879e41015"
+SRC_URI[manpages.md5sum] = "c4d966309cf8d6ad18d43624bf8ebc56"
+SRC_URI[manpages.sha256sum] =
"c76071195596887a8eb5c73478b0be6a6e237f6af5b397e4fe8900ecda70642e"
--
2.11.0
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] git: CVE-2017-14867
Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before
2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support
subcommands such as cvsserver, which allows attackers to execute arbitrary
OS commands via shell metacharacters in a module name. The vulnerable code
is reachable via git-shell even without CVS support.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2017-14867
Upstream patches:
https://github.com/git/git/commit/9a42c03cb71eaa9d41ba67275de38c997a791c32
https://github.com/git/git/commit/fce13af5d20cad8dcb2d0e47bcf01b6960f08e55
https://github.com/git/git/commit/27dd73871f814062737c327103ee43f1eb7f30d9
https://github.com/git/git/commit/46203ac24dc7e6b5a8d4f1b024ed93591705d47b
https://github.com/git/git/commit/5b4efea666951efe0770f8d5a301f8917015315f
https://github.com/git/git/commit/8d0fad0a7a6ba34fd706c148fa7ed1f8eb2b8b26
Signed-off-by: Ovidiu Panait <ovidiu.pan...@windriver.com>
---
.../git/git/git-CVE-2017-14867-2.patch | 121
.../git/git/git-CVE-2017-14867-3.patch | 117
.../git/git/git-CVE-2017-14867-4.patch | 60
.../git/git/git-CVE-2017-14867-5.patch | 36 +
.../git/git/git-CVE-2017-14867-6.patch | 44 ++
.../git/git/git-CVE-2017-14867.patch | 153 +
meta/recipes-devtools/git/git_2.13.3.bb| 9 ++
7 files changed, 540 insertions(+)
create mode 100644 meta/recipes-devtools/git/git/git-CVE-2017-14867-2.patch
create mode 100644 meta/recipes-devtools/git/git/git-CVE-2017-14867-3.patch
create mode 100644 meta/recipes-devtools/git/git/git-CVE-2017-14867-4.patch
create mode 100644 meta/recipes-devtools/git/git/git-CVE-2017-14867-5.patch
create mode 100644 meta/recipes-devtools/git/git/git-CVE-2017-14867-6.patch
create mode 100644 meta/recipes-devtools/git/git/git-CVE-2017-14867.patch
diff --git a/meta/recipes-devtools/git/git/git-CVE-2017-14867-2.patch
b/meta/recipes-devtools/git/git/git-CVE-2017-14867-2.patch
new file mode 100644
index 000..0a563a4
--- /dev/null
+++ b/meta/recipes-devtools/git/git/git-CVE-2017-14867-2.patch
@@ -0,0 +1,121 @@
+From fce13af5d20cad8dcb2d0e47bcf01b6960f08e55 Mon Sep 17 00:00:00 2001
+From: Junio C Hamano <gits...@pobox.com>
+Date: Mon, 11 Sep 2017 14:44:24 +0900
+Subject: [PATCH] cvsserver: move safe_pipe_capture() to the main package
+
+As a preparation for replacing `command` with a call to this
+function from outside GITCVS::updater package, move it to the main
+package.
+
+Upstream-Status: Backport
+CVE: CVE-2017-14867
+
+Signed-off-by: Junio C Hamano <gits...@pobox.com>
+Signed-off-by: Ovidiu Panait <ovidiu.pan...@windriver.com>
+---
+ git-cvsserver.perl | 47 ++-
+ 1 file changed, 22 insertions(+), 25 deletions(-)
+
+diff --git a/git-cvsserver.perl b/git-cvsserver.perl
+index d50c85e..8229d9d 100755
+--- a/git-cvsserver.perl
b/git-cvsserver.perl
+@@ -3406,6 +3406,22 @@ sub refHashEqual
+ return $out;
+ }
+
++# an alternative to `command` that allows input to be passed as an array
++# to work around shell problems with weird characters in arguments
++
++sub safe_pipe_capture {
++
++my @output;
++
++if (my $pid = open my $child, '-|') {
++@output = (<$child>);
++close $child or die join(' ',@_).": $! $?";
++} else {
++exec(@_) or die "$! $?"; # exec() can fail the executable can't be
found
++}
++return wantarray ? @output : join('',@output);
++}
++
+
+ package GITCVS::log;
+
+@@ -3882,7 +3898,7 @@ sub update
+ # several candidate merge bases. let's assume
+ # that the first one is the best one.
+ my $base = eval {
+- safe_pipe_capture('git', 'merge-base',
++ ::safe_pipe_capture('git', 'merge-base',
+$lastpicked, $parent);
+ };
+ # The two branches may not be related at all,
+@@ -4749,7 +4765,7 @@ sub getMetaFromCommithash
+ return $retVal;
+ }
+
+-my($fileHash)=safe_pipe_capture("git","rev-parse","$revCommit:$filename");
++my($fileHash) =
::safe_pipe_capture("git","rev-parse","$revCommit:$filename");
+ chomp $fileHash;
+ if(!($fileHash=~/^[0-9a-f]{40}$/))
+ {
+@@ -4844,8 +4860,8 @@ sub lookupCommitRef
+ return $commitHash;
+ }
+
+-$commitHash=safe_pipe_capture("git","rev-parse","--verify","--quiet",
+- $self->unescapeRefName($ref));
++$commitHash = ::safe_pipe_capture("git","rev-parse","--verify","--quiet",
++$self->unescapeRefName($ref));
+ $commi
[OE-core] [PATCH] ncurses: CVE-2017-13732, CVE-2017-13734, CVE-2017-13730, CVE-2017-13729, CVE-2017-13728, CVE-2017-13731
There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack. There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack. There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack. There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack. There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack. There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack. References: https://nvd.nist.gov/vuln/detail/CVE-2017-13734 https://nvd.nist.gov/vuln/detail/CVE-2017-13732 https://nvd.nist.gov/vuln/detail/CVE-2017-13731 https://nvd.nist.gov/vuln/detail/CVE-2017-13730 https://nvd.nist.gov/vuln/detail/CVE-2017-13729 https://nvd.nist.gov/vuln/detail/CVE-2017-13728 Upstream patch: https://anonscm.debian.org/cgit/collab-maint/ncurses.git/commit/?id=129aac80802d997b86ab0663836b7fdafb8e3926 Signed-off-by: Ovidiu Panait <ovidiu.pan...@windriver.com> --- ...-2017-13729-CVE-2017-13728-CVE-2017-13731.patch | 541 + meta/recipes-core/ncurses/ncurses_6.0+20170715.bb | 1 + 2 files changed, 542 insertions(+) create mode 100644 meta/recipes-core/ncurses/files/CVE-2017-13732-CVE-2017-13734-CVE-2017-13730-CVE-2017-13729-CVE-2017-13728-CVE-2017-13731.patch diff --git a/meta/recipes-core/ncurses/files/CVE-2017-13732-CVE-2017-13734-CVE-2017-13730-CVE-2017-13729-CVE-2017-13728-CVE-2017-13731.patch b/meta/recipes-core/ncurses/files/CVE-2017-13732-CVE-2017-13734-CVE-2017-13730-CVE-2017-13729-CVE-2017-13728-CVE-2017-13731.patch new file mode 100644 index 000..3024e96 --- /dev/null +++ b/meta/recipes-core/ncurses/files/CVE-2017-13732-CVE-2017-13734-CVE-2017-13730-CVE-2017-13729-CVE-2017-13728-CVE-2017-13731.patch @@ -0,0 +1,541 @@ +From 4bf72cb8f1d3aa5f33c31eb817a5f0338f4aaf6f Mon Sep 17 00:00:00 2001 +From: Ovidiu Panait <ovidiu.pan...@windriver.com> +Date: Wed, 20 Sep 2017 05:02:00 + +Subject: [PATCH] Import upstream patch 20170826 + +20170826 + + fixes for "iterm2" (report by Leonardo Brondani Schenkel) -TD + + corrected a warning from tic about keys which are the same, to skip + over missing/cancelled values. + + add check in tic for unnecessary use of "2" to denote a shifted + special key. + + improve checks in trim_sgr0, comp_parse.c and parse_entry.c, for + cancelled string capabilities. + + add check in _nc_parse_entry() for invalid entry name, setting the + name to "invalid" to avoid problems storing entries. + + add/improve checks in tic's parser to address invalid input + + add a check in comp_scan.c to handle the special case where a + nontext file ending with a NUL rather than newline is given to tic + as input (Redhat #1484274). + + allow for cancelled capabilities in _nc_save_str (Redhat #1484276). + + add validity checks for "use=" target in _nc_parse_entry (Redhat + #1484284). + + check for invalid strings in postprocess_termcap (Redhat #1484285) + + reset secondary pointers on EOF in next_char() (Redhat #1484287). + + guard _nc_safe_strcpy() and _nc_safe_strcat() against calls using + cancelled strings (Redhat #1484291). + + correct typo in curs_memleaks.3x (Sven Joachim). + + improve test/configure checks for some curses variants not based on + X/Open Curses. + + add options for test/configure to disable checks for form, menu and + panel libraries. + +Upstream-Status: Backport +CVE: CVE-2017-13732, CVE-2017-13734, CVE-2017-13730, CVE-2017-13729, CVE-2017-13728, CVE-2017-13731 + + +Author: Sven Joachim <svenj...@gmx.de> +Signed-off-by: Ovidiu Panait <ovidiu.pan...@windriver.com> +--- + dist.mk | 4 +- + include/ncurses_defs| 4 +- + ncurses/tinfo/alloc_entry.c | 4 +- + ncurses/tinfo/comp_parse.c | 10 ++--- + ncurses/tinfo/comp_scan.c | 6 ++- + ncurses/tinfo/parse_entry.c | 91 ++--- + ncurses/tinfo/strings.c | 9 +++-- + ncurses/tinfo/trim_sgr0.c | 4 +- + progs/tic.c | 75 - + 9 files changed, 157 insertions(+), 50 deletions(-) + +diff --git a/dist.mk b/dist.mk +index 9af2699..2c70472 100644 +--- a/dist.mk b/dist.mk +@@ -25,7 +25,7 @@ + # use or other dealings in this
[OE-core] [PATCH] ruby: CVE-2017-14064
Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose
arbitrary memory during a JSON.generate call. The issues lies in using
strdup in ext/json/ext/generator/generator.c, which will stop after
encountering a '\0' byte, returning a pointer to a string of length zero,
which is not the length stored in space_len.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2017-14064
Upstream patch:
https://github.com/flori/json/commit/8f782fd8e181d9cfe9387ded43a5ca9692266b85
Signed-off-by: Ovidiu Panait <ovidiu.pan...@windriver.com>
---
.../ruby/ruby/ruby-CVE-2017-14064.patch| 87 ++
meta/recipes-devtools/ruby/ruby_2.4.1.bb | 1 +
2 files changed, 88 insertions(+)
create mode 100644 meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-14064.patch
diff --git a/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-14064.patch
b/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-14064.patch
new file mode 100644
index 000..88e693c
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-14064.patch
@@ -0,0 +1,87 @@
+From 8f782fd8e181d9cfe9387ded43a5ca9692266b85 Mon Sep 17 00:00:00 2001
+From: Florian Frank <fl...@ping.de>
+Date: Thu, 2 Mar 2017 12:12:33 +0100
+Subject: [PATCH] Fix arbitrary heap exposure problem
+
+Upstream-Status: Backport
+CVE: CVE-2017-14064
+
+Signed-off-by: Ovidiu Panait <ovidiu.pan...@windriver.com>
+---
+ ext/json/generator/generator.c | 12 ++--
+ ext/json/generator/generator.h | 1 -
+ 2 files changed, 6 insertions(+), 7 deletions(-)
+
+diff --git a/ext/json/generator/generator.c b/ext/json/generator/generator.c
+index ef85bb7..c88818c 100644
+--- a/ext/json/generator/generator.c
b/ext/json/generator/generator.c
+@@ -308,7 +308,7 @@ static char *fstrndup(const char *ptr, unsigned long len) {
+ char *result;
+ if (len <= 0) return NULL;
+ result = ALLOC_N(char, len);
+- memccpy(result, ptr, 0, len);
++ memcpy(result, ptr, len);
+ return result;
+ }
+
+@@ -1062,7 +1062,7 @@ static VALUE cState_indent_set(VALUE self, VALUE indent)
+ }
+ } else {
+ if (state->indent) ruby_xfree(state->indent);
+-state->indent = strdup(RSTRING_PTR(indent));
++state->indent = fstrndup(RSTRING_PTR(indent), len);
+ state->indent_len = len;
+ }
+ return Qnil;
+@@ -1100,7 +1100,7 @@ static VALUE cState_space_set(VALUE self, VALUE space)
+ }
+ } else {
+ if (state->space) ruby_xfree(state->space);
+-state->space = strdup(RSTRING_PTR(space));
++state->space = fstrndup(RSTRING_PTR(space), len);
+ state->space_len = len;
+ }
+ return Qnil;
+@@ -1136,7 +1136,7 @@ static VALUE cState_space_before_set(VALUE self, VALUE
space_before)
+ }
+ } else {
+ if (state->space_before) ruby_xfree(state->space_before);
+-state->space_before = strdup(RSTRING_PTR(space_before));
++state->space_before = fstrndup(RSTRING_PTR(space_before), len);
+ state->space_before_len = len;
+ }
+ return Qnil;
+@@ -1173,7 +1173,7 @@ static VALUE cState_object_nl_set(VALUE self, VALUE
object_nl)
+ }
+ } else {
+ if (state->object_nl) ruby_xfree(state->object_nl);
+-state->object_nl = strdup(RSTRING_PTR(object_nl));
++state->object_nl = fstrndup(RSTRING_PTR(object_nl), len);
+ state->object_nl_len = len;
+ }
+ return Qnil;
+@@ -1208,7 +1208,7 @@ static VALUE cState_array_nl_set(VALUE self, VALUE
array_nl)
+ }
+ } else {
+ if (state->array_nl) ruby_xfree(state->array_nl);
+-state->array_nl = strdup(RSTRING_PTR(array_nl));
++state->array_nl = fstrndup(RSTRING_PTR(array_nl), len);
+ state->array_nl_len = len;
+ }
+ return Qnil;
+diff --git a/ext/json/generator/generator.h b/ext/json/generator/generator.h
+index 900b4d5..c367a62 100644
+--- a/ext/json/generator/generator.h
b/ext/json/generator/generator.h
+@@ -1,7 +1,6 @@
+ #ifndef _GENERATOR_H_
+ #define _GENERATOR_H_
+
+-#include
+ #include
+ #include
+
+--
+2.10.2
+
diff --git a/meta/recipes-devtools/ruby/ruby_2.4.1.bb
b/meta/recipes-devtools/ruby/ruby_2.4.1.bb
index 4443146..7d27ac8 100644
--- a/meta/recipes-devtools/ruby/ruby_2.4.1.bb
+++ b/meta/recipes-devtools/ruby/ruby_2.4.1.bb
@@ -6,6 +6,7 @@ SRC_URI += " \
file://ruby-CVE-2017-9227.patch \
file://ruby-CVE-2017-9228.patch \
file://ruby-CVE-2017-9229.patch \
+ file://ruby-CVE-2017-14064.patch \
"
SRC_URI[md5sum] = "782bca562e474dd25956dd0017d92677"
--
2.10.2
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] libgcrypt: CVE-2017-9526
In Libgcrypt before 1.7.7, an attacker who learns the EdDSA session key
(from side-channel observation during the signing process) can easily
recover the long-term secret key. 1.7.7 makes a cipher/ecc-eddsa.c change
to store this session key in secure memory, to ensure that constant-time
point operations are used in the MPI library.
References:
https://nvd.nist.gov/vuln/detail/CVE-2017-9526
Upstream patch:
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commitdiff;h=5a22de904a0a366ae79f03ff1e13a1232a89e26b
Signed-off-by: Ovidiu Panait <ovpan...@gmail.com>
---
.../libgcrypt/files/CVE-2017-9526.patch| 36 ++
meta/recipes-support/libgcrypt/libgcrypt.inc | 1 +
2 files changed, 37 insertions(+)
create mode 100644 meta/recipes-support/libgcrypt/files/CVE-2017-9526.patch
diff --git a/meta/recipes-support/libgcrypt/files/CVE-2017-9526.patch
b/meta/recipes-support/libgcrypt/files/CVE-2017-9526.patch
new file mode 100644
index 000..26b570f
--- /dev/null
+++ b/meta/recipes-support/libgcrypt/files/CVE-2017-9526.patch
@@ -0,0 +1,36 @@
+From 5a22de904a0a366ae79f03ff1e13a1232a89e26b Mon Sep 17 00:00:00 2001
+From: Jo Van Bulck <jo.vanbu...@cs.kuleuven.be>
+Date: Thu, 19 Jan 2017 17:00:15 +0100
+Subject: [PATCH] ecc: Store EdDSA session key in secure memory.
+
+* cipher/ecc-eddsa.c (_gcry_ecc_eddsa_sign): use mpi_snew to allocate
+session key.
+--
+
+An attacker who learns the EdDSA session key from side-channel
+observation during the signing process, can easily revover the long-
+term secret key. Storing the session key in secure memory ensures that
+constant time point operations are used in the MPI library.
+
+Upstream-Status: Backport
+CVE: CVE-2017-9526
+
+Signed-off-by: Jo Van Bulck <jo.vanbu...@cs.kuleuven.be>
+Signed-off-by: Ovidiu Panait <ovpan...@gmail.com>
+---
+ cipher/ecc-eddsa.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/cipher/ecc-eddsa.c b/cipher/ecc-eddsa.c
+index f91f848..813e030 100644
+--- a/cipher/ecc-eddsa.c
b/cipher/ecc-eddsa.c
+@@ -603,7 +603,7 @@ _gcry_ecc_eddsa_sign (gcry_mpi_t input, ECC_secret_key
*skey,
+ a = mpi_snew (0);
+ x = mpi_new (0);
+ y = mpi_new (0);
+- r = mpi_new (0);
++ r = mpi_snew (0);
+ ctx = _gcry_mpi_ec_p_internal_new (skey->E.model, skey->E.dialect, 0,
+ skey->E.p, skey->E.a, skey->E.b);
+ b = (ctx->nbits+7)/8;
+--
+2.7.4
+
diff --git a/meta/recipes-support/libgcrypt/libgcrypt.inc
b/meta/recipes-support/libgcrypt/libgcrypt.inc
index 3c7e89a..d6d5bd9 100644
--- a/meta/recipes-support/libgcrypt/libgcrypt.inc
+++ b/meta/recipes-support/libgcrypt/libgcrypt.inc
@@ -20,6 +20,7 @@ SRC_URI = "${GNUPG_MIRROR}/libgcrypt/libgcrypt-${PV}.tar.gz \
file://libgcrypt-fix-building-error-with-O2-in-sysroot-path.patch \
file://fix-ICE-failure-on-mips-with-option-O-and-g.patch \
file://fix-undefined-reference-to-pthread.patch \
+file://CVE-2017-9526.patch \
"
BINCONFIG = "${bindir}/libgcrypt-config"
--
2.7.4
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
