Re: [OE-core] [PATCH] binutils: rename BRANCH var

[akuster]

On 4/11/21 11:03 AM, Khem Raj wrote:
> On Sun, Apr 11, 2021 at 8:49 AM akuster  wrote:
>> If BRANCH is defined in local.conf then that name is used to d/l sources
>> for binutils. You will get this error:
>>
>> Fetcher failure for URL: 
>> 'git://sourceware.org/git/binutils-gdb.git;branch=hardknott;protocol=git'. 
>> Unable to fetch URL from any source.
>>
>> Rename to SRCBRANCH like glibc has to avoid the more common variable name 
>> BRANCH.
>>
>> Signed-off-by: Armin Kuster 
>> ---
>>  meta/recipes-devtools/binutils/binutils-2.36.inc | 6 +++---
>>  1 file changed, 3 insertions(+), 3 deletions(-)
>>
>> diff --git a/meta/recipes-devtools/binutils/binutils-2.36.inc 
>> b/meta/recipes-devtools/binutils/binutils-2.36.inc
>> index 2968291889..f638f02e8f 100644
>> --- a/meta/recipes-devtools/binutils/binutils-2.36.inc
>> +++ b/meta/recipes-devtools/binutils/binutils-2.36.inc
>> @@ -19,13 +19,13 @@ def binutils_branch_version(d):
>>  PV = "2.36.1"
>>  CVE_VERSION = "2.36.1"
>>  BINUPV = "${@binutils_branch_version(d)}"
>> -#BRANCH = "binutils-${BINUPV}-branch"
>> -BRANCH ?= "binutils-2_36-branch"
>> +#SRCBRANCH = "binutils-${BINUPV}-branch"
>> +SRCBRANCH ?= "binutils-2_36-branch"
> if dropping to use BINUPV then lets drop setting this as well. Which
> also means you can drop
i wasn't the one who dropped BINUPV. Those were already commented out via
b71294c4de binutils: Upgrade to binutils 2.32


> binutils_branch_version as well which is fine with me.

I can do V2 to clean that up.

-armin
>
>>  UPSTREAM_CHECK_GITTAGREGEX = "binutils-(?P\d+_(\d_?)*)"
>>
>>  SRCREV ?= "7651a4871c225925ffdfda0a8c91a6ed370cd9a1"
>> -BINUTILS_GIT_URI ?= 
>> "git://sourceware.org/git/binutils-gdb.git;branch=${BRANCH};protocol=git"
>> +BINUTILS_GIT_URI ?= 
>> "git://sourceware.org/git/binutils-gdb.git;branch=${SRCBRANCH};protocol=git"
>>  SRC_URI = "\
>>   ${BINUTILS_GIT_URI} \
>>   file://0004-configure-widen-the-regexp-for-SH-architectures.patch \
>> --
>> 2.17.1
>>
>>
>> 
>>



-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#150391): 
https://lists.openembedded.org/g/openembedded-core/message/150391
Mute This Topic: https://lists.openembedded.org/mt/82016388/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] binutils: rename BRANCH var

[akuster]

If BRANCH is defined in local.conf then that name is used to d/l sources
for binutils. You will get this error:

Fetcher failure for URL: 
'git://sourceware.org/git/binutils-gdb.git;branch=hardknott;protocol=git'. 
Unable to fetch URL from any source.

Rename to SRCBRANCH like glibc has to avoid the more common variable name 
BRANCH.

Signed-off-by: Armin Kuster 
---
 meta/recipes-devtools/binutils/binutils-2.36.inc | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/meta/recipes-devtools/binutils/binutils-2.36.inc 
b/meta/recipes-devtools/binutils/binutils-2.36.inc
index 2968291889..f638f02e8f 100644
--- a/meta/recipes-devtools/binutils/binutils-2.36.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.36.inc
@@ -19,13 +19,13 @@ def binutils_branch_version(d):
 PV = "2.36.1"
 CVE_VERSION = "2.36.1"
 BINUPV = "${@binutils_branch_version(d)}"
-#BRANCH = "binutils-${BINUPV}-branch"
-BRANCH ?= "binutils-2_36-branch"
+#SRCBRANCH = "binutils-${BINUPV}-branch"
+SRCBRANCH ?= "binutils-2_36-branch"
 
 UPSTREAM_CHECK_GITTAGREGEX = "binutils-(?P\d+_(\d_?)*)"
 
 SRCREV ?= "7651a4871c225925ffdfda0a8c91a6ed370cd9a1"
-BINUTILS_GIT_URI ?= 
"git://sourceware.org/git/binutils-gdb.git;branch=${BRANCH};protocol=git"
+BINUTILS_GIT_URI ?= 
"git://sourceware.org/git/binutils-gdb.git;branch=${SRCBRANCH};protocol=git"
 SRC_URI = "\
  ${BINUTILS_GIT_URI} \
  file://0004-configure-widen-the-regexp-for-SH-architectures.patch \
-- 
2.17.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#150358): 
https://lists.openembedded.org/g/openembedded-core/message/150358
Mute This Topic: https://lists.openembedded.org/mt/82016388/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core][dunfell 00/41] Pull request (cover letter only)

[akuster]

On 3/3/21 8:39 AM, Khem Raj wrote:
> On Wed, Mar 3, 2021 at 6:17 AM Steve Sakoman  wrote:
>> The following changes since commit a8debddd6cbdd70db74e096d72f97fbee008ee63:
>>
>>   build-appliance-image: Update to dunfell head revision (2021-02-18 
>> 23:43:04 +)
>>
>> are available in the Git repository at:
>>
>>   git://git.openembedded.org/openembedded-core-contrib stable/dunfell-next
>>   
>> http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-next
>>
>> Alexander Kanavin (1):
>>   connman: update to 1.38
>>
> connman changes will impact iwd and also depend on ell version. Many
> times they go in lock steps.

ok. The update should be dropped then.

-armin
>
>> Andrei Gherzan (2):
>>   oe/recipeutils: Fix copying patches when BBLAYERS entries are not
>> normalised
>>   qemu: Backport patch to avoid assertion fails on icache line size
>>
>> Bruce Ashfield (2):
>>   linux-yocto/5.4: update to v5.4.96
>>   linux-yocto/5.4: update to v5.4.98
>>
>> Chris Laplante (2):
>>   cve-check: introduce CVE_CHECK_RECIPE_FILE variable to allow changing
>> of per-recipe check file
>>   cve-check: add CVE_CHECK_REPORT_PATCHED variable to suppress reporting
>> of patched CVEs
>>
>> Jan-Simon Möller (1):
>>   package_rpm: Enable use_source_date_epoch_as_buildtime in package_rpm
>> class
>>
>> Joshua Watt (3):
>>   oeqa: reproducible: Fix SSTATE_MIRRORS variable
>>   oeqa: reproducible: Add more logging
>>   libomxil: Fix up commercial license flag
>>
>> Lee Chee Yang (2):
>>   sudo: 1.8.31 -> 1.8.32
>>   go: update to 1.14.15
>>
>> Marek Vasut (1):
>>   weston-init: Fix weston-keyboard path in weston.ini
>>
>> Martin Jansa (1):
>>   icu: backport fix for rare random genrb segmentation fault
>>
>> Richard Purdie (16):
>>   pseudo: Update to work with glibc 2.33
>>   pseudo: Update for rename and faccessat fixes
>>   pseudo: Update to include fixes for glibc 2.33
>>   quilt: Be determnistic about column presence
>>   buildtools-extended-tarball: Add glibc-gconvs needed for build
>>   cwautomacros: Ensure version is set deterministically
>>   vim: Improve determinism
>>   vim: Fix a race over creation of the desktop files
>>   watchdog: Fix determinism issue from sendmail host path
>>   watchdog: Avoid reproducibility failures after fixing build
>>   xorg-fonts-minimal: Fix reproducibility
>>   xorg-minimal-fonts: Really fix determinism
>>   xmlto: Fix reproducibility
>>   groff: Fix determinism issue
>>   oeqa/commands: Fix compatibility with python 3.9
>>   selftest/reproducible: Don't call sync between each file compare
>>
>> Scott Murray (1):
>>   u-boot: fix CVE-2020-8432 and CVE-2020-10648
>>
>> Teoh Jay Shen (1):
>>   oeqa/runlevel : add test for runlevels
>>
>> Thomas Viehweger (1):
>>   mtd-utils: Remove duplicate assignments to alternative link names
>>
>> Vivien Didelot (2):
>>   local.conf.sample.extended: fix double 'of' typo
>>   local.conf.sample.extended: prefer INIT_MANAGER
>>
>> Wes Lindauer (1):
>>   df.py: Add feature check for read-only-rootfs
>>
>> Yoann Congal (1):
>>   npm.bbclass: avoid building target nodejs for native npm recipes
>>
>> Zbigniew Bodek (1):
>>   wpebackend-fdo: Fix missing .so symlink when using dev package
>>
>> akuster (2):
>>   cve-check.bbclass: add layer to cve log
>>   connman: update to 1.39
>>
>>  meta/classes/cve-check.bbclass|   46 +-
>>  meta/classes/npm.bbclass  |2 +-
>>  meta/classes/package_rpm.bbclass  |1 +
>>  meta/conf/local.conf.sample.extended  |   23 +-
>>  meta/lib/oe/recipeutils.py|2 +-
>>  meta/lib/oeqa/runtime/cases/df.py |2 +
>>  meta/lib/oeqa/runtime/cases/runlevel.py   |   22 +
>>  meta/lib/oeqa/selftest/cases/reproducible.py  |7 +-
>>  meta/lib/oeqa/utils/commands.py   |4 +-
>>  .../u-boot/files/CVE-2020-10648-1.patch   |   98 ++
>>  .../u-boot/files/CVE-2020-10648-2.patch   |   52 +
>>  .../u-boot/files/CVE-2020-8432.patch  |  114 ++
>>  meta/recipes-bsp/u-boot/u-boot-common.inc |3 +
>>  meta/recipes-connectivity/connman/connman.inc |1 +
>>  ...-gweb-fix-segfault-with-musl-v1.1.21.patch |   34 -
>>  ...ve-musl-does-not-implement-res_ninit.patch |   20 +-
>>  .../connman/connman_1.37.bb  

Re: [OE-core] [PATCH] lttng-tools: upgrade 2.12.2 -> 2.12.3

[akuster]

On 3/3/21 4:26 PM, Wang Mingyu wrote:
> Signed-off-by: Wang Mingyu 

There is an open Yocto bug
https://bugzilla.yoctoproject.org/show_bug.cgi?id=14263

Any data if this ptest passes with this update or can you help look into
the failure noted in the bug?

-armin
> ---
>  .../lttng/{lttng-tools_2.12.2.bb => lttng-tools_2.12.3.bb}  | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>  rename meta/recipes-kernel/lttng/{lttng-tools_2.12.2.bb => 
> lttng-tools_2.12.3.bb} (98%)
>
> diff --git a/meta/recipes-kernel/lttng/lttng-tools_2.12.2.bb 
> b/meta/recipes-kernel/lttng/lttng-tools_2.12.3.bb
> similarity index 98%
> rename from meta/recipes-kernel/lttng/lttng-tools_2.12.2.bb
> rename to meta/recipes-kernel/lttng/lttng-tools_2.12.3.bb
> index 52bfd36370..7074096ee7 100644
> --- a/meta/recipes-kernel/lttng/lttng-tools_2.12.2.bb
> +++ b/meta/recipes-kernel/lttng/lttng-tools_2.12.3.bb
> @@ -39,7 +39,7 @@ SRC_URI = 
> "https://lttng.org/files/lttng-tools/lttng-tools-${PV}.tar.bz2 \
> file://determinism.patch \
> "
>  
> -SRC_URI[sha256sum] = 
> "9ed9161795ff023b076f9f95afaa4f1f822ec42495c0fa04c586ab8fa74e84f1"
> +SRC_URI[sha256sum] = 
> "2890da230edd523fcf497e9eb28133b7606d64fa01bcbffadbfcba42104db153"
>  
>  inherit autotools ptest pkgconfig useradd python3-dir manpages systemd
>  
>
> 
>


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#148947): 
https://lists.openembedded.org/g/openembedded-core/message/148947
Mute This Topic: https://lists.openembedded.org/mt/81066635/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [meta-openembedded][dunfell][PATCH] nghttp2: Add fix for CVE-2020-11080

[akuster]

On 2/20/21 4:07 PM, Martin Jansa wrote:
> Looks like this version of the patch got merged to meta-oe today and
> it fails to apply cleanly, will send update.
it got pushed into dunfell-next which was then removed.

-armin
>
> On Wed, Feb 17, 2021 at 4:20 PM akuster  <mailto:akuster...@gmail.com>> wrote:
>
>
>
> On 2/17/21 12:57 AM, Rahul Taya wrote:
> > Hi,
> >
> > I have backported this patch from Master branch as in
> master(v1.43.0)
> > and Gatesgarth(v1.41.0) the code of this patch is already present in
> > the source code so it is only applicable for Dunfell(v1.40.0) and
> > Zeus(v1.39.1) branch.
> >
> > Yes i will add my signoff in the patch.
> >
> > *Can you please tell which is the correct ML for sending this
> patch ?*
> openembedded-de...@lists.openembedded.org
> <mailto:openembedded-de...@lists.openembedded.org>
>
>
> Also I am seeing this this  error.
>
> Applying patch CVE-2020-11080.patch
> patching file doc/CMakeLists.txt
> patching file doc/Makefile.am
> Hunk #1 FAILED at 69.
> 1 out of 1 hunk FAILED -- rejects in file doc/Makefile.am
> patching file lib/includes/nghttp2/nghttp2.h
> patching file lib/nghttp2_helper.c
> patching file lib/nghttp2_option.c
> patching file lib/nghttp2_option.h
> patching file lib/nghttp2_session.c
> Hunk #3 succeeded at 5694 (offset 31 lines).
> Hunk #4 succeeded at 7470 (offset 29 lines).
> patching file lib/nghttp2_session.h
> patching file tests/main.c
> Hunk #1 succeeded at 315 (offset -2 lines).
> patching file tests/nghttp2_session_test.c
> Hunk #1 succeeded at 10558 (offset -56 lines).
> patching file tests/nghttp2_session_test.h
> Patch CVE-2020-11080.patch does not apply (enforce with -f)*
> *
> -armin*
> *
> >
> > Thanks and Regards,
> > Rahul Taya
> >
> 
> > *From:* akuster808  <mailto:akuster...@gmail.com>>
> > *Sent:* Tuesday, February 16, 2021 9:32 PM
> > *To:* Rahul Taya mailto:rahul.t...@kpit.com>>;
> > Openembedded-core@lists.openembedded.org
> <mailto:Openembedded-core@lists.openembedded.org>
> >  <mailto:Openembedded-core@lists.openembedded.org>>;
> raj.k...@gmail.com <mailto:raj.k...@gmail.com>
> > mailto:raj.k...@gmail.com>>
> > *Cc:* Nisha Parrakat  <mailto:nisha.parra...@kpit.com>>; Harpritkaur Bhandari
> >  <mailto:harpritkaur.bhand...@kpit.com>>
> > *Subject:* Re: [OE-core] [meta-openembedded][dunfell][PATCH]
> nghttp2:
> > Add fix for CVE-2020-11080
> >  
> >
> >
> > On 2/16/21 12:39 AM, Rahul Taya wrote:
> > > Added patch for CVE-2020-11080 taken from below link:
> > >
> >
> 
> https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnghttp2%2Fnghttp2%2Fcommit%2F336a98feb0d56b9ac54e12736b18785c27f75090data=04%7C01%7CRahul.Taya%40kpit.com%7C81c7b0a589c54fd9815d08d8d2944b5f%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637490881707290985%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=LO7%2BKX%2F6ZD4VSi85fOVS%2FydUAFSH1kCUamqOyQcV0Ww%3Dreserved=0
> > >
> > > Signed-off-by: Rahul Taya  <mailto:rahul.t...@kpit.com>>
> > Wrong ML. 
> >
> > Is master or Gatesgath affected by this?
> >
> > Also the patch it self is missing your signoff.
> >
> > -armin
> > > ---
> > >  .../nghttp2/nghttp2/CVE-2020-11080.patch  | 306
> ++
> > >  .../recipes-support/nghttp2/nghttp2_1.40.0.bb
> <http://nghttp2_1.40.0.bb> |   1 +
> > >  2 files changed, 307 insertions(+)
> > >  create mode 100644
> > meta-networking/recipes-support/nghttp2/nghttp2/CVE-2020-11080.patch
> > >
> > > diff --git
> >
> a/meta-networking/recipes-support/nghttp2/nghttp2/CVE-2020-11080.patch
> >
> b/meta-networking/recipes-support/nghttp2/nghttp2/CVE-2020-11080.patch
> > > new file mode 100644
> > > index 0..a376e5372
> > > --- /dev/null
> > > +++
> >
> b/meta-networking/recipes-support/nghttp2/nghttp2/CVE-2020-11080.patch
> > > @@ -0,0 +1,306 @@
> > > +From 336a

Re: [OE-core] [[PATCH] cve-check.bbclass: don't skip scanning if file not found

[akuster]

On 2/18/21 8:50 AM, Ross Burton wrote:
> Why is the file not found though?
its downloaded there for not in the WORKDIR

-armin


>
> Ross
>
> On Mon, 15 Feb 2021 at 22:41, akuster  wrote:
>> This helps avoid these errors:
>> ERROR: lockdev-1_1.0.3-r0 do_cve_check: File Not found: 
>> /home/build/builds/master/tmp/work/core2-64-poky-linux/lockdev/1_1.0.3-r0/lockdev_1.0.3-1.6.diff
>>
>> We should continuing to scan other applied patches for CVE info.
>>
>> Signed-off-by: Armin Kuster 
>> ---
>>  meta/classes/cve-check.bbclass | 4 ++--
>>  1 file changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
>> index 1bed815d8e4..e56366579d1 100644
>> --- a/meta/classes/cve-check.bbclass
>> +++ b/meta/classes/cve-check.bbclass
>> @@ -186,8 +186,8 @@ def get_patches_cves(d):
>>  patch_file = bb.fetch.decodeurl(url)[2]
>>
>>  if not os.path.isfile(patch_file):
>> -bb.error("File Not found: %s" % patch_file)
>> -raise FileNotFoundError
>> +bb.warn("File Not found: %s" % patch_file)
>> +continue
>>
>>  # Check patch file name for CVE ID
>>  fname_match = cve_file_name_match.search(patch_file)
>> --
>> 2.25.1
>>
>>
>> 
>>


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#148329): 
https://lists.openembedded.org/g/openembedded-core/message/148329
Mute This Topic: https://lists.openembedded.org/mt/80666308/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [dunfell][PATCH] sudo: update to 1.8.32

[akuster]

From: Armin Kuster 

Source: https://www.sudo.ws
MR: 108078, 108046, 108136
Type: Security Fix
Disposition: Backported from https://www.sudo.ws
ChangeID: 3d266a182918f7a7afe40bdee01b369171125358
Description:

The 1.8.x series is a stable release.
Bug fix only updates.

LIC_FILES_CHKSUM updated do to 2021 yr update

see https://www.sudo.ws/legacy.html
CVE-2021-23239
CVE-2021-23240
CVE-2021-3156

Signed-off-by: Armin Kuster 
---
 meta/recipes-extended/sudo/sudo.inc   | 2 +-
 meta/recipes-extended/sudo/{sudo_1.8.31.bb => sudo_1.8.32.bb} | 3 +--
 2 files changed, 2 insertions(+), 3 deletions(-)
 rename meta/recipes-extended/sudo/{sudo_1.8.31.bb => sudo_1.8.32.bb} (92%)

diff --git a/meta/recipes-extended/sudo/sudo.inc 
b/meta/recipes-extended/sudo/sudo.inc
index 5d27d469282..aeedfc1a23b 100644
--- a/meta/recipes-extended/sudo/sudo.inc
+++ b/meta/recipes-extended/sudo/sudo.inc
@@ -4,7 +4,7 @@ HOMEPAGE = "http://www.sudo.ws;
 BUGTRACKER = "http://www.sudo.ws/bugs/;
 SECTION = "admin"
 LICENSE = "ISC & BSD & Zlib"
-LIC_FILES_CHKSUM = "file://doc/LICENSE;md5=4d1b44b1576eea036d78b8cc961aa93d \
+LIC_FILES_CHKSUM = "file://doc/LICENSE;md5=07966675feaddba70cc812895b248230 \
 
file://plugins/sudoers/redblack.c;beginline=1;endline=46;md5=03e35317699ba00b496251e0dfe9f109
 \
 
file://lib/util/reallocarray.c;beginline=3;endline=15;md5=397dd45c7683e90b9f8bf24638cf03bf
 \
 
file://lib/util/fnmatch.c;beginline=3;endline=27;md5=004d7d2866ba1f5b41174906849d2e0f
 \
diff --git a/meta/recipes-extended/sudo/sudo_1.8.31.bb 
b/meta/recipes-extended/sudo/sudo_1.8.32.bb
similarity index 92%
rename from meta/recipes-extended/sudo/sudo_1.8.31.bb
rename to meta/recipes-extended/sudo/sudo_1.8.32.bb
index 39d8817c32e..6787f43e1a9 100644
--- a/meta/recipes-extended/sudo/sudo_1.8.31.bb
+++ b/meta/recipes-extended/sudo/sudo_1.8.32.bb
@@ -7,8 +7,7 @@ SRC_URI = "https://www.sudo.ws/dist/sudo-${PV}.tar.gz \
 
 PAM_SRC_URI = "file://sudo.pam"
 
-SRC_URI[md5sum] = "ce17ff6e72a70f8d5dabba8abf3cd2de"
-SRC_URI[sha256sum] = 
"7ea8d97a3cee4c844e0887ea7a1bd80eb54cc98fd77966776cb1a80653ad454f"
+SRC_URI[sha256sum] = 
"5ce3c18c5efbecd5437a0945f314f1822423eaf9a2d7eb7ecf80857bc32246c5"
 
 DEPENDS += " virtual/crypt ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 
'libpam', '', d)}"
 RDEPENDS_${PN} += " ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 
'pam-plugin-limits pam-plugin-keyinit', '', d)}"
-- 
2.17.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#148260): 
https://lists.openembedded.org/g/openembedded-core/message/148260
Mute This Topic: https://lists.openembedded.org/mt/80721044/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [meta-openembedded][dunfell][PATCH] nghttp2: Add fix for CVE-2020-11080

[akuster]

On 2/17/21 12:57 AM, Rahul Taya wrote:
> Hi,
>
> I have backported this patch from Master branch as in master(v1.43.0)
> and Gatesgarth(v1.41.0) the code of this patch is already present in
> the source code so it is only applicable for Dunfell(v1.40.0) and
> Zeus(v1.39.1) branch.
>
> Yes i will add my signoff in the patch.
>
> *Can you please tell which is the correct ML for sending this patch ?*
openembedded-de...@lists.openembedded.org


Also I am seeing this this  error.

Applying patch CVE-2020-11080.patch
patching file doc/CMakeLists.txt
patching file doc/Makefile.am
Hunk #1 FAILED at 69.
1 out of 1 hunk FAILED -- rejects in file doc/Makefile.am
patching file lib/includes/nghttp2/nghttp2.h
patching file lib/nghttp2_helper.c
patching file lib/nghttp2_option.c
patching file lib/nghttp2_option.h
patching file lib/nghttp2_session.c
Hunk #3 succeeded at 5694 (offset 31 lines).
Hunk #4 succeeded at 7470 (offset 29 lines).
patching file lib/nghttp2_session.h
patching file tests/main.c
Hunk #1 succeeded at 315 (offset -2 lines).
patching file tests/nghttp2_session_test.c
Hunk #1 succeeded at 10558 (offset -56 lines).
patching file tests/nghttp2_session_test.h
Patch CVE-2020-11080.patch does not apply (enforce with -f)*
*
-armin*
*
>
> Thanks and Regards,
> Rahul Taya
> 
> *From:* akuster808 
> *Sent:* Tuesday, February 16, 2021 9:32 PM
> *To:* Rahul Taya ;
> Openembedded-core@lists.openembedded.org
> ; raj.k...@gmail.com
> 
> *Cc:* Nisha Parrakat ; Harpritkaur Bhandari
> 
> *Subject:* Re: [OE-core] [meta-openembedded][dunfell][PATCH] nghttp2:
> Add fix for CVE-2020-11080
>  
>
>
> On 2/16/21 12:39 AM, Rahul Taya wrote:
> > Added patch for CVE-2020-11080 taken from below link:
> >
> https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnghttp2%2Fnghttp2%2Fcommit%2F336a98feb0d56b9ac54e12736b18785c27f75090data=04%7C01%7CRahul.Taya%40kpit.com%7C81c7b0a589c54fd9815d08d8d2944b5f%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637490881707290985%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=LO7%2BKX%2F6ZD4VSi85fOVS%2FydUAFSH1kCUamqOyQcV0Ww%3Dreserved=0
> >
> > Signed-off-by: Rahul Taya 
> Wrong ML. 
>
> Is master or Gatesgath affected by this?
>
> Also the patch it self is missing your signoff.
>
> -armin
> > ---
> >  .../nghttp2/nghttp2/CVE-2020-11080.patch  | 306 ++
> >  .../recipes-support/nghttp2/nghttp2_1.40.0.bb |   1 +
> >  2 files changed, 307 insertions(+)
> >  create mode 100644
> meta-networking/recipes-support/nghttp2/nghttp2/CVE-2020-11080.patch
> >
> > diff --git
> a/meta-networking/recipes-support/nghttp2/nghttp2/CVE-2020-11080.patch
> b/meta-networking/recipes-support/nghttp2/nghttp2/CVE-2020-11080.patch
> > new file mode 100644
> > index 0..a376e5372
> > --- /dev/null
> > +++
> b/meta-networking/recipes-support/nghttp2/nghttp2/CVE-2020-11080.patch
> > @@ -0,0 +1,306 @@
> > +From 336a98feb0d56b9ac54e12736b18785c27f75090 Mon Sep 17 00:00:00 2001
> > +From: James M Snell 
> > +Date: Fri, 17 Apr 2020 16:53:51 -0700
> > +Subject: [PATCH] Implement max settings option
> > +
> > +CVE: CVE-2020-11080
> > +Upstream-Status: Backport
> [https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnghttp2%2Fnghttp2%2Fcommit%2F336a98feb0d56b9ac54e12736b18785c27f75090data=04%7C01%7CRahul.Taya%40kpit.com%7C81c7b0a589c54fd9815d08d8d2944b5f%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637490881707290985%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=LO7%2BKX%2F6ZD4VSi85fOVS%2FydUAFSH1kCUamqOyQcV0Ww%3Dreserved=0]
> > +Comment: No hunks refreshed
> > +---
> > + doc/CMakeLists.txt |  1 +
> > + doc/Makefile.am    |  1 +
> > + lib/includes/nghttp2/nghttp2.h | 23 +
> > + lib/nghttp2_helper.c   |  2 ++
> > + lib/nghttp2_option.c   |  5 +++
> > + lib/nghttp2_option.h   |  5 +++
> > + lib/nghttp2_session.c  | 21 
> > + lib/nghttp2_session.h  |  2 ++
> > + tests/main.c   |  2 ++
> > + tests/nghttp2_session_test.c   | 61 ++
> > + tests/nghttp2_session_test.h   |  1 +
> > + 11 files changed, 124 insertions(+)
> > +
> > +diff --git a/doc/CMakeLists.txt b/doc/CMakeLists.txt
> > +index 34c027929..f3aec84da 100644
> > +--- a/doc/CMakeLists.txt
> >  b/doc/CMakeLists.txt
> > +@@ -42,6 +42,7 @@ set(APIDOCS
> > +   nghttp2_option_set_no_recv_client_magic.rst
> > +   nghttp2_option_set_peer_max_concurrent_streams.rst
> > +   nghttp2_option_set_user_recv_extension_type.rst
> > ++  nghttp2_option_set_max_settings.rst
> > +   nghttp2_pack_settings_payload.rst
> > +   nghttp2_priority_spec_check_default.rst
> > +   nghttp2_priority_spec_default_init.rst
> > +diff --git a/doc/Makefile.am b/doc/Makefile.am
> > +index 4d73cef50..f073bfa4c 100644
> > +--- 

Re: [OE-core] CVE's for linux-yocto

[akuster]

On 2/16/21 10:23 AM, Steve Sakoman wrote:
> The weekly cve reports for master, gatesgarth, and dunfell currently
> omit linux-yocto since the CPE database for the kernel is notoriously
> incomplete in versioning information.
>
> This morning at the YP technical team meeting we discussed this and
> decided to see if we might, as a team, expend some effort to update
> the CPE database to improve this situation (much as we have been doing
> for the other packages in oe-core)
>
> The first step in this process is to shine some light on the current
> situation, so below is a list of the current CVE hits for linux-yocto
> in all three branches.

Thanks Steve.
What kernel versions are these for?
- armin
>
> Steve
>
> CVE list for linux-yocto master branch
>
> CVE-1999-0524: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-0524 *
> CVE-1999-0656: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-0656 *
> CVE-2006-2932: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-2932 *
> CVE-2007-2764: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-2764 *
> CVE-2007-4998: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4998 *
> CVE-2008-4609: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4609 *
> CVE-2010-0298: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0298 *
> CVE-2010-4563: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4563 *
> CVE-2011-0640: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0640 *
> CVE-2014-2648: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2648 *
> CVE-2014-8171: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8171 *
> CVE-2016-0774: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0774 *
> CVE-2016-3695: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3695 *
> CVE-2016-3699: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3699 *
> CVE-2017-1000255: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1000255 *
> CVE-2017-1000377: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1000377 *
> CVE-2017-5897: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5897 *
> CVE-2017-6264: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6264 *
> CVE-2018-126: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-126 *
> CVE-2018-10840: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10840 *
> CVE-2018-10876: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10876 *
> CVE-2018-10882: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10882 *
> CVE-2018-10901: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10901 *
> CVE-2018-10902: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10902 *
> CVE-2018-14625: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14625 *
> CVE-2018-16880: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16880 *
> CVE-2018-16884: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16884 *
> CVE-2018-5873: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5873 *
> CVE-2018-6559: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6559 *
> CVE-2019-10126: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10126 *
> CVE-2019-14899: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14899 *
> CVE-2019-3016: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3016 *
> CVE-2019-3819: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3819 *
> CVE-2019-3846: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3846 *
> CVE-2019-3887: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3887 *
> CVE-2020-10732: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10732 *
> CVE-2020-16119: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16119 *
> CVE-2020-1749: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1749 *
> CVE-2020-8834: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8834 *
> CVE-2021-26708: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26708 *
> CVE-2021-3348: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3348 *
>
> CVE list for linux-yocto gatesgarth
>
> CVE-1999-0524: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-0524 *
> CVE-1999-0656: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-0656 *
> CVE-2006-2932: 

Re: [OE-core] [meta-openembedded][dunfell][PATCH] nghttp2: Add fix for CVE-2020-11080

[akuster]

On 2/16/21 12:39 AM, Rahul Taya wrote:
> Added patch for CVE-2020-11080 taken from below link:
> https://github.com/nghttp2/nghttp2/commit/336a98feb0d56b9ac54e12736b18785c27f75090
>
> Signed-off-by: Rahul Taya 
Wrong ML. 

Is master or Gatesgath affected by this?

Also the patch it self is missing your signoff.

-armin
> ---
>  .../nghttp2/nghttp2/CVE-2020-11080.patch  | 306 ++
>  .../recipes-support/nghttp2/nghttp2_1.40.0.bb |   1 +
>  2 files changed, 307 insertions(+)
>  create mode 100644 
> meta-networking/recipes-support/nghttp2/nghttp2/CVE-2020-11080.patch
>
> diff --git 
> a/meta-networking/recipes-support/nghttp2/nghttp2/CVE-2020-11080.patch 
> b/meta-networking/recipes-support/nghttp2/nghttp2/CVE-2020-11080.patch
> new file mode 100644
> index 0..a376e5372
> --- /dev/null
> +++ b/meta-networking/recipes-support/nghttp2/nghttp2/CVE-2020-11080.patch
> @@ -0,0 +1,306 @@
> +From 336a98feb0d56b9ac54e12736b18785c27f75090 Mon Sep 17 00:00:00 2001
> +From: James M Snell 
> +Date: Fri, 17 Apr 2020 16:53:51 -0700
> +Subject: [PATCH] Implement max settings option
> +
> +CVE: CVE-2020-11080
> +Upstream-Status: Backport 
> [https://github.com/nghttp2/nghttp2/commit/336a98feb0d56b9ac54e12736b18785c27f75090]
> +Comment: No hunks refreshed
> +---
> + doc/CMakeLists.txt |  1 +
> + doc/Makefile.am|  1 +
> + lib/includes/nghttp2/nghttp2.h | 23 +
> + lib/nghttp2_helper.c   |  2 ++
> + lib/nghttp2_option.c   |  5 +++
> + lib/nghttp2_option.h   |  5 +++
> + lib/nghttp2_session.c  | 21 
> + lib/nghttp2_session.h  |  2 ++
> + tests/main.c   |  2 ++
> + tests/nghttp2_session_test.c   | 61 ++
> + tests/nghttp2_session_test.h   |  1 +
> + 11 files changed, 124 insertions(+)
> +
> +diff --git a/doc/CMakeLists.txt b/doc/CMakeLists.txt
> +index 34c027929..f3aec84da 100644
> +--- a/doc/CMakeLists.txt
>  b/doc/CMakeLists.txt
> +@@ -42,6 +42,7 @@ set(APIDOCS
> +   nghttp2_option_set_no_recv_client_magic.rst
> +   nghttp2_option_set_peer_max_concurrent_streams.rst
> +   nghttp2_option_set_user_recv_extension_type.rst
> ++  nghttp2_option_set_max_settings.rst
> +   nghttp2_pack_settings_payload.rst
> +   nghttp2_priority_spec_check_default.rst
> +   nghttp2_priority_spec_default_init.rst
> +diff --git a/doc/Makefile.am b/doc/Makefile.am
> +index 4d73cef50..f073bfa4c 100644
> +--- a/doc/Makefile.am
>  b/doc/Makefile.am
> +@@ -69,6 +69,7 @@ APIDOCS= \
> +   nghttp2_option_set_peer_max_concurrent_streams.rst \
> +   nghttp2_option_set_user_recv_extension_type.rst \
> +   nghttp2_option_set_max_outbound_ack.rst \
> ++  nghttp2_option_set_max_settings.rst \
> +   nghttp2_pack_settings_payload.rst \
> +   nghttp2_priority_spec_check_default.rst \
> +   nghttp2_priority_spec_default_init.rst \
> +diff --git a/lib/includes/nghttp2/nghttp2.h b/lib/includes/nghttp2/nghttp2.h
> +index e3aeb9fed..9be6eea5c 100644
> +--- a/lib/includes/nghttp2/nghttp2.h
>  b/lib/includes/nghttp2/nghttp2.h
> +@@ -228,6 +228,13 @@ typedef struct {
> +  */
> + #define NGHTTP2_CLIENT_MAGIC_LEN 24
> +
> ++/**
> ++ * @macro
> ++ *
> ++ * The default max number of settings per SETTINGS frame
> ++ */
> ++#define NGHTTP2_DEFAULT_MAX_SETTINGS 32
> ++
> + /**
> +  * @enum
> +  *
> +@@ -398,6 +405,11 @@ typedef enum {
> +* receives an other type of frame.
> +*/
> +   NGHTTP2_ERR_SETTINGS_EXPECTED = -536,
> ++  /**
> ++   * When a local endpoint receives too many settings entries
> ++   * in a single SETTINGS frame.
> ++   */
> ++  NGHTTP2_ERR_TOO_MANY_SETTINGS = -537,
> +   /**
> +* The errors < :enum:`NGHTTP2_ERR_FATAL` mean that the library is
> +* under unexpected condition and processing was terminated (e.g.,
> +@@ -2659,6 +2671,17 @@ NGHTTP2_EXTERN void 
> nghttp2_option_set_no_closed_streams(nghttp2_option *option,
> + NGHTTP2_EXTERN void nghttp2_option_set_max_outbound_ack(nghttp2_option 
> *option,
> + size_t val);
> +
> ++/**
> ++ * @function
> ++ *
> ++ * This function sets the maximum number of SETTINGS entries per
> ++ * SETTINGS frame that will be accepted. If more than those entries
> ++ * are received, the peer is considered to be misbehaving and session
> ++ * will be closed. The default value is 32.
> ++ */
> ++NGHTTP2_EXTERN void nghttp2_option_set_max_settings(nghttp2_option *option,
> ++size_t val);
> ++
> + /**
> +  * @function
> +  *
> +diff --git a/lib/nghttp2_helper.c b/lib/nghttp2_helper.c
> +index 91136a619..0bd541472 100644
> +--- a/lib/nghttp2_helper.c
>  b/lib/nghttp2_helper.c
> +@@ -334,6 +334,8 @@ const char *nghttp2_strerror(int error_code) {
> +   case NGHTTP2_ERR_FLOODED:
> + return "Flooding was detected in this HTTP/2 session, and it must be "
> +"closed";
> ++  case 

[OE-core] [V2][PATCH] cve-check.bbclass: allow skiping non pbn

[akuster]

I don't see the point in logging native, nativesdk etc.
The bottom line is the BPN has the issue.

Allow folks to filter out those other package name variations via
CVE_CHECK_MANIFEST_FILTER

Signed-off-by: Armin Kuster 

--
[V2]
rename varible to CVE_CHECK_FILTER_BUILD_TOOLS
---
 meta/classes/cve-check.bbclass | 9 +
 1 file changed, 9 insertions(+)

diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 112ee3379d3..1bed815d8e4 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -59,6 +59,7 @@ CVE_CHECK_LAYER_EXCLUDELIST ??= ""
 # Layers to be included 
 CVE_CHECK_LAYER_INCLUDELIST ??= ""
 
+CVE_CHECK_FILTER_BUILD_TOOLS ??="0"
 
 # set to "alphabetical" for version using single alphabetical character as 
increament release
 CVE_VERSION_SUFFIX ??= ""
@@ -96,6 +97,13 @@ python do_cve_check () {
 """
 
 if os.path.exists(d.getVar("CVE_CHECK_DB_FILE")):
+if d.getVar("CVE_CHECK_FILTER_BUILD_TOOLS") == "1":
+# drop native, nativesdk, cross, etc
+bpn = d.getVar("BPN")
+pn = d.getVar("PN")
+if bpn != pn:
+   return
+
 try:
 patched_cves = get_patches_cves(d)
 except FileNotFoundError:
@@ -164,6 +172,7 @@ def get_patches_cves(d):
 import re
 
 pn = d.getVar("PN")
+
 cve_match = re.compile("CVE:( CVE\-\d{4}\-\d+)+")
 
 # Matches last CVE-1234-211432 in the file name, also if written
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#148080): 
https://lists.openembedded.org/g/openembedded-core/message/148080
Mute This Topic: https://lists.openembedded.org/mt/80666339/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [[PATCH] cve-check.bbclass: don't skip scanning if file not found

[akuster]

This helps avoid these errors:
ERROR: lockdev-1_1.0.3-r0 do_cve_check: File Not found: 
/home/build/builds/master/tmp/work/core2-64-poky-linux/lockdev/1_1.0.3-r0/lockdev_1.0.3-1.6.diff

We should continuing to scan other applied patches for CVE info.

Signed-off-by: Armin Kuster 
---
 meta/classes/cve-check.bbclass | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 1bed815d8e4..e56366579d1 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -186,8 +186,8 @@ def get_patches_cves(d):
 patch_file = bb.fetch.decodeurl(url)[2]
 
 if not os.path.isfile(patch_file):
-bb.error("File Not found: %s" % patch_file)
-raise FileNotFoundError
+bb.warn("File Not found: %s" % patch_file)
+continue
 
 # Check patch file name for CVE ID
 fname_match = cve_file_name_match.search(patch_file)
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#148079): 
https://lists.openembedded.org/g/openembedded-core/message/148079
Mute This Topic: https://lists.openembedded.org/mt/80666308/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] upgrading pseudo on zeus branch to handle gcc 10?

[akuster]

On 2/15/21 12:11 PM, Robert P. J. Day wrote:
>   yes, i know fedora 33 is not a supported build distro, but in trying
> an absolutely stock build of core-image-minimal from poky (zeus
> branch) on my F33 system, i ran into a gcc 10-related build error for
> which this:
>
> https://git.yoctoproject.org/cgit/cgit.cgi/pseudo/commit/?h=oe-core=a44361b8d3fbf5fc40cd87b599caeb380454efbe
>
> would appear to be just the solution. so is there a proper protocol
> for handling this? should the zeus branch move up to the incorporate
> that commit? or what?
wouldn't bbappend of that patch work?

-armin
> rday
>
> 
>


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#148077): 
https://lists.openembedded.org/g/openembedded-core/message/148077
Mute This Topic: https://lists.openembedded.org/mt/80662805/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [[PATCH] cve-check.bbclass: allow skiping non pbn

[akuster]

On 2/14/21 11:51 PM, mikko.rap...@bmw.de wrote:
> Hi,
>
> On Sun, Feb 14, 2021 at 11:20:27PM +, akuster wrote:
>> I don't see the point in logging native, nativesdk etc.
>> The bottom line is the BPN has the issue.
> While I agree to some part and do alot of:
>
> $ cd build/tmp/deploy/cve
> $ less $( grep -l Unpatched * | \
> egrep -v -- '-native|-nativesdk|-cross-|-crosssdk' )
We appear to generate a lot of redundant information.
>
> I do find that fixing build tooling CVEs is a good idea since
> they downloads stuff from the Internet.
>
> Hence I'm not sure I like this filter. Maybe at least
> rename CVE_CHECK_MANIFEST_FILTER to CVE_CHECK_FILTER_BUILD_TOOLS
> which makes this a bit more clear.
Yeah, I wasn't all the keen on the name either.  Thanks for the input

thanks,
Armin
>
> Cheers,
>
> -Mikko
>
>> Allow folks to filter out those other package name variations via
>> CVE_CHECK_MANIFEST_FILTER
>>
>> Signed-off-by: Armin Kuster 
>> ---
>>  meta/classes/cve-check.bbclass | 9 +
>>  1 file changed, 9 insertions(+)
>>
>> diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
>> index 112ee3379d3..0d33d5a530c 100644
>> --- a/meta/classes/cve-check.bbclass
>> +++ b/meta/classes/cve-check.bbclass
>> @@ -59,6 +59,7 @@ CVE_CHECK_LAYER_EXCLUDELIST ??= ""
>>  # Layers to be included 
>>  CVE_CHECK_LAYER_INCLUDELIST ??= ""
>>
>> +CVE_CHECK_MANIFEST_FILTER ??="0"
>>
>>  # set to "alphabetical" for version using single alphabetical character as 
>> increament release
>>  CVE_VERSION_SUFFIX ??= ""
>> @@ -96,6 +97,13 @@ python do_cve_check () {
>>  """
>>
>>  if os.path.exists(d.getVar("CVE_CHECK_DB_FILE")):
>> +if d.getVar("CVE_CHECK_MANIFEST_FILTER") == "1":
>> +# drop native, nativesdk, cross, etc
>> +bpn = d.getVar("BPN")
>> +pn = d.getVar("PN")
>> +if bpn != pn:
>> +   return
>> +
>>  try:
>>  patched_cves = get_patches_cves(d)
>>  except FileNotFoundError:
>> @@ -164,6 +172,7 @@ def get_patches_cves(d):
>>  import re
>>
>>  pn = d.getVar("PN")
>> +
>>  cve_match = re.compile("CVE:( CVE\-\d{4}\-\d+)+")
>>
>>  # Matches last CVE-1234-211432 in the file name, also if written
>> -- 
>> 2.25.1
>>
>> 
>>



-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#148069): 
https://lists.openembedded.org/g/openembedded-core/message/148069
Mute This Topic: https://lists.openembedded.org/mt/80642628/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [[PATCH] cve-check.bbclass: allow skiping non pbn

[akuster]

I don't see the point in logging native, nativesdk etc.
The bottom line is the BPN has the issue.

Allow folks to filter out those other package name variations via
CVE_CHECK_MANIFEST_FILTER

Signed-off-by: Armin Kuster 
---
 meta/classes/cve-check.bbclass | 9 +
 1 file changed, 9 insertions(+)

diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 112ee3379d3..0d33d5a530c 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -59,6 +59,7 @@ CVE_CHECK_LAYER_EXCLUDELIST ??= ""
 # Layers to be included 
 CVE_CHECK_LAYER_INCLUDELIST ??= ""
 
+CVE_CHECK_MANIFEST_FILTER ??="0"
 
 # set to "alphabetical" for version using single alphabetical character as 
increament release
 CVE_VERSION_SUFFIX ??= ""
@@ -96,6 +97,13 @@ python do_cve_check () {
 """
 
 if os.path.exists(d.getVar("CVE_CHECK_DB_FILE")):
+if d.getVar("CVE_CHECK_MANIFEST_FILTER") == "1":
+# drop native, nativesdk, cross, etc
+bpn = d.getVar("BPN")
+pn = d.getVar("PN")
+if bpn != pn:
+   return
+
 try:
 patched_cves = get_patches_cves(d)
 except FileNotFoundError:
@@ -164,6 +172,7 @@ def get_patches_cves(d):
 import re
 
 pn = d.getVar("PN")
+
 cve_match = re.compile("CVE:( CVE\-\d{4}\-\d+)+")
 
 # Matches last CVE-1234-211432 in the file name, also if written
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#148042): 
https://lists.openembedded.org/g/openembedded-core/message/148042
Mute This Topic: https://lists.openembedded.org/mt/80642628/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [V2][PATCH] buildhistory.bbclass: add cloning

[akuster]

Provide a method to clone and push to a git repo
Provide a method to pre-populate buildhistory
Maybe remove the need for external scripts to do the same

Three new variables:
BUILDHISTORY_BRANCH - branch used for checkout and pushing
BUILDHISTORY_CLONE - git repo uri

example:
BUILDHISTORY_BRANCH="${DISTRO}/gatesgarth/${MACHINE}"
BUILDHISTORY_CLONE = "g...@gitlab.com:akuster/oe-buildhistory"
BUILDHISTORY_PUSH_REPO = "origin ${BUILDHISTORY_BRANCH}"

Signed-off-by: Armin Kuster 


[V2]
Use BUILDHISTORY_CLONE instead of BUILDHISTORY_REPO_URI

Simplified initial clone to one step
---
 meta/classes/buildhistory.bbclass | 47 +++
 1 file changed, 47 insertions(+)

diff --git a/meta/classes/buildhistory.bbclass 
b/meta/classes/buildhistory.bbclass
index 117a44eaf38..d0e918c3d8e 100644
--- a/meta/classes/buildhistory.bbclass
+++ b/meta/classes/buildhistory.bbclass
@@ -44,6 +44,12 @@ BUILDHISTORY_COMMIT_AUTHOR ?= "buildhistory 
"
 BUILDHISTORY_PUSH_REPO ?= ""
 BUILDHISTORY_TAG ?= "build"
 
+# Branch for checkout
+BUILDHISTORY_BRANCH ?= ""
+
+# Clone previous buildhistory from repo
+BUILDHISTORY_CLONE ?= ""
+
 SSTATEPOSTINSTFUNCS_append = " buildhistory_emit_pkghistory"
 # We want to avoid influencing the signatures of sstate tasks - first the 
function itself:
 sstate_install[vardepsexclude] += "buildhistory_emit_pkghistory"
@@ -858,6 +864,42 @@ END
fi) || true
 }
 
+python buildhistory_clone() {
+import subprocess
+
+histdir = d.getVar('BUILDHISTORY_DIR')
+repo_uri = d.getVar("BUILDHISTORY_CLONE")
+bh_branch = d.getVar("BUILDHISTORY_BRANCH")
+
+if not bh_branch:
+bb.note("BUILDHISTORY_BRANCH not set")
+return
+
+if not os.path.isdir(histdir):
+cmd = ['git', 'clone', repo_uri, '-b', bh_branch, histdir]
+ret = subprocess.call(cmd)
+if ret != 0:
+bb.error('Failed to clond %s!' % repo_uri)
+
+if not os.path.isdir(histdir):
+   rerturn
+
+if os.path.isdir(os.path.join(histdir, '.git')):
+cmd =['git', '-C', histdir, 'config', '--get', 'remote.origin.url']
+hasurl = subprocess.call(cmd, shell=True)
+if hasurl:
+cmd = ['git', '-C', histdir, 'remote', 'add', '-f', '-t', 
bh_branch, '-m', bh_branch, 'origin', repo_uri]
+subprocess.call(cmd)
+
+cmd = ['git', '-C', histdir, 'checkout', bh_branch]
+ret = subprocess.call(cmd)
+if ret != 0:
+bb.error('Failed to checkout branch %s' % bh_branch)
+
+cmd = ['git', '-C', histdir, 'branch', 
'--set-upstream-to=origin/%s' % bh_branch]
+subprocess.call(cmd)
+}
+
 python buildhistory_eventhandler() {
 if (e.data.getVar('BUILDHISTORY_FEATURES') or "").strip():
 reset = e.data.getVar("BUILDHISTORY_RESET")
@@ -874,6 +916,11 @@ python buildhistory_eventhandler() {
 for entry in entries:
 os.rename(os.path.join(rootdir, entry),
   os.path.join(olddir, entry))
+
+if e.data.getVar("BUILDHISTORY_CLONE") != "":
+localdata = bb.data.createCopy(e.data)
+bb.build.exec_func("buildhistory_clone", d)
+
 elif isinstance(e, bb.event.BuildCompleted):
 if reset:
 import shutil
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#148041): 
https://lists.openembedded.org/g/openembedded-core/message/148041
Mute This Topic: https://lists.openembedded.org/mt/80637646/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH] buildhistory.bbclass: add ${PN}/cve.log

[akuster]

On 2/14/21 10:43 AM, Konrad Weihmann wrote:
>
>
> On 14.02.21 18:59, akuster wrote:
>> Let archive package cve.logs too
>>
>> Signed-off-by: Armin Kuster 
>> ---
>>   meta/classes/buildhistory.bbclass | 24 
>>   1 file changed, 24 insertions(+)
>>
>> diff --git a/meta/classes/buildhistory.bbclass
>> b/meta/classes/buildhistory.bbclass
>> index 8ed420174e9..a119981d9b7 100644
>> --- a/meta/classes/buildhistory.bbclass
>> +++ b/meta/classes/buildhistory.bbclass
>> @@ -1067,3 +1067,27 @@ def write_latest_ptest_result(d, histdir):
>>   bb.error('Failed to run %s!' % cmd)
>>   finally:
>>   bb.utils.unlockfile(lock)
>> +
>> +do_cve_check[postfuncs] += "write_cve_result"
>> +do_cve_check[vardepsexclude] += "write_cve_result"
>> +
>> +python write_cve_result() {
>> +    write_latest_cve_result(d, d.getVar('BUILDHISTORY_DIR'))
>> +}
>> +
>> +def write_latest_cve_result(d, histdir):
>> +    import shutil
>> +
>> +    input_file = d.getVar("CVE_CHECK_LOG")
>> +    pkg = d.getVar("PN")
>> +
>> +    output_cve = os.path.join(histdir, 'cve', pkg)
>> +    if os.path.isfile(input_file):
>> +    try:
>> +    # Lock it avoid race issue
>> +    lock = bb.utils.lockfile(histdir + "/cve.lock")
>> +    bb.utils.mkdirhier(output_cve)
>> +    shutil.copyfile(input_file, output_cve+"/cve.log")
>> +
>> +    finally:
>> +    bb.utils.unlockfile(lock)
>
> just theoretically if bb.utils.lockfile raises an exception `lock`
> would be undefined at this line
Good question. I don't know. I just copied that locking from the ptest
handler in buildhistory.

-armin
>
>>
>>
>>
>> 
>>


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#148036): 
https://lists.openembedded.org/g/openembedded-core/message/148036
Mute This Topic: https://lists.openembedded.org/mt/80635985/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] buildhistory.bbclass: add ${PN}/cve.log

[akuster]

Let archive package cve.logs too

Signed-off-by: Armin Kuster 
---
 meta/classes/buildhistory.bbclass | 24 
 1 file changed, 24 insertions(+)

diff --git a/meta/classes/buildhistory.bbclass 
b/meta/classes/buildhistory.bbclass
index 8ed420174e9..a119981d9b7 100644
--- a/meta/classes/buildhistory.bbclass
+++ b/meta/classes/buildhistory.bbclass
@@ -1067,3 +1067,27 @@ def write_latest_ptest_result(d, histdir):
 bb.error('Failed to run %s!' % cmd)
 finally:
 bb.utils.unlockfile(lock)
+
+do_cve_check[postfuncs] += "write_cve_result"
+do_cve_check[vardepsexclude] += "write_cve_result"
+
+python write_cve_result() {
+write_latest_cve_result(d, d.getVar('BUILDHISTORY_DIR'))
+}
+
+def write_latest_cve_result(d, histdir):
+import shutil
+
+input_file = d.getVar("CVE_CHECK_LOG")
+pkg = d.getVar("PN")
+
+output_cve = os.path.join(histdir, 'cve', pkg)
+if os.path.isfile(input_file):
+try:
+# Lock it avoid race issue
+lock = bb.utils.lockfile(histdir + "/cve.lock")
+bb.utils.mkdirhier(output_cve)
+shutil.copyfile(input_file, output_cve+"/cve.log")
+
+finally:
+bb.utils.unlockfile(lock)
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#148031): 
https://lists.openembedded.org/g/openembedded-core/message/148031
Mute This Topic: https://lists.openembedded.org/mt/80635985/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH] buildhistory.bbclass: add cloning

[akuster]

On 2/14/21 9:12 AM, Richard Purdie wrote:
> On Sun, 2021-02-14 at 15:53 +0000, akuster wrote:
>> Provide a method to clone and push to a git repo
>> Provide a method to pre-populate buildhistory
>> Maybe remove the need for external scripts to do the same
>>
>> Three new variables:
>> BUILDHISTORY_CLONE - Enable the cloning function
>> BUILDHISTORY_BRANCH - branch used for checkout and pushing
>> BUILDHISTORY_REPO_URI - git repo uri
>>
>> example:
>> BUILDHISTORY_CLONE = "1"
>> BUILDHISTORY_BRANCH="${DISTRO}/gatesgarth/${MACHINE}"
>> BUILDHISTORY_REPO_URI = "g...@gitlab.com:akuster/oe-buildhistory"
>> BUILDHISTORY_PUSH_REPO = "origin ${BUILDHISTORY_BRANCH}"
>>
>> Signed-off-by: Armin Kuster 
>> ---
>>  meta/classes/buildhistory.bbclass | 59 +++
>>  1 file changed, 59 insertions(+)
> Whether or not this is a good idea I'm not sure 
Not sure either but I did notice the AB does handle this separately and
so did the OE world build Martin setup so why not create a framework
that folks can opt-in if they want to.

> but I don't like the
> variable names. How about configuring as:
>
> BUILDHISTORY_CLONE = "g...@gitlab.com:akuster/oe-buildhistory"
> BUILDHISTORY_CLONE_BRANCH="${DISTRO}/gatesgarth/${MACHINE}"
> BUILDHISTORY_PUSH_REPO = "origin ${BUILDHISTORY_BRANCH}"
works for me. I am not married to the names.

> ?
>
> You're unlikely to not set a repo uri if you set clone...
Right.

thanks for the input.

-armin
>
> Cheers,
>
> Richard
>
>
>


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#148030): 
https://lists.openembedded.org/g/openembedded-core/message/148030
Mute This Topic: https://lists.openembedded.org/mt/80632805/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] buildhistory.bbclass: add cloning

[akuster]

Provide a method to clone and push to a git repo
Provide a method to pre-populate buildhistory
Maybe remove the need for external scripts to do the same

Three new variables:
BUILDHISTORY_CLONE - Enable the cloning function
BUILDHISTORY_BRANCH - branch used for checkout and pushing
BUILDHISTORY_REPO_URI - git repo uri

example:
BUILDHISTORY_CLONE = "1"
BUILDHISTORY_BRANCH="${DISTRO}/gatesgarth/${MACHINE}"
BUILDHISTORY_REPO_URI = "g...@gitlab.com:akuster/oe-buildhistory"
BUILDHISTORY_PUSH_REPO = "origin ${BUILDHISTORY_BRANCH}"

Signed-off-by: Armin Kuster 
---
 meta/classes/buildhistory.bbclass | 59 +++
 1 file changed, 59 insertions(+)

diff --git a/meta/classes/buildhistory.bbclass 
b/meta/classes/buildhistory.bbclass
index 117a44eaf38..8ed420174e9 100644
--- a/meta/classes/buildhistory.bbclass
+++ b/meta/classes/buildhistory.bbclass
@@ -44,6 +44,15 @@ BUILDHISTORY_COMMIT_AUTHOR ?= "buildhistory 
"
 BUILDHISTORY_PUSH_REPO ?= ""
 BUILDHISTORY_TAG ?= "build"
 
+# Branch for checkout
+BUILDHISTORY_BRANCH ?= ""
+
+# git uri to clone and push too
+BUILDHISTORY_REPO_URI ?= ""
+
+# Clone previous buildhistory from repo
+BUILDHISTORY_CLONE ?= ""
+
 SSTATEPOSTINSTFUNCS_append = " buildhistory_emit_pkghistory"
 # We want to avoid influencing the signatures of sstate tasks - first the 
function itself:
 sstate_install[vardepsexclude] += "buildhistory_emit_pkghistory"
@@ -858,6 +867,51 @@ END
fi) || true
 }
 
+python buildhistory_clone() {
+import subprocess
+
+histdir = d.getVar('BUILDHISTORY_DIR')
+repo_uri = d.getVar("BUILDHISTORY_REPO_URI")
+bh_branch = d.getVar("BUILDHISTORY_BRANCH")
+
+if not repo_uri:
+bb.note("BUILDHISTORY_REPO_URI not set")
+return
+
+if not bh_branch:
+bb.note("BUILDHISTORY_BRANCH not set")
+return
+
+if not os.path.isdir(histdir):
+cmd = ['git', 'clone', repo_uri, histdir]
+ret = subprocess.call(cmd)
+if ret != 0:
+bb.error('Failed to clond %s!' % repo_uri)
+
+cmd = ['git', '-C', histdir, 'checkout','-b', bh_branch]
+ret = subprocess.call(cmd)
+if ret != 0:
+bb.error('Failed to checkout branch %s!' % bh_branch)
+
+if not os.path.isdir(histdir):
+   rerturn
+
+if os.path.isdir(os.path.join(histdir, '.git')):
+cmd =['git', '-C', histdir, 'config', '--get', 'remote.origin.url']
+hasurl = subprocess.call(cmd, shell=True)
+if hasurl:
+cmd = ['git', '-C', histdir, 'remote', 'add', '-f', '-t', 
bh_branch, '-m', bh_branch, 'origin', repo_uri]
+subprocess.call(cmd)
+
+cmd = ['git', '-C', histdir, 'checkout', bh_branch]
+ret = subprocess.call(cmd)
+if ret != 0:
+bb.error('Failed to checkout branch %s' % bh_branch)
+
+cmd = ['git', '-C', histdir, 'branch', 
'--set-upstream-to=origin/%s' % bh_branch]
+subprocess.call(cmd)
+}
+
 python buildhistory_eventhandler() {
 if (e.data.getVar('BUILDHISTORY_FEATURES') or "").strip():
 reset = e.data.getVar("BUILDHISTORY_RESET")
@@ -874,6 +928,11 @@ python buildhistory_eventhandler() {
 for entry in entries:
 os.rename(os.path.join(rootdir, entry),
   os.path.join(olddir, entry))
+
+if e.data.getVar("BUILDHISTORY_CLONE") == "1":
+localdata = bb.data.createCopy(e.data)
+bb.build.exec_func("buildhistory_clone", d)
+
 elif isinstance(e, bb.event.BuildCompleted):
 if reset:
 import shutil
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#148027): 
https://lists.openembedded.org/g/openembedded-core/message/148027
Mute This Topic: https://lists.openembedded.org/mt/80632805/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [dunfell][PATCH 1/2] connman: update to 1.38

[akuster]

From: Alexander Kanavin 

Drop a patch merged upstream.

Signed-off-by: Alexander Kanavin 
Signed-off-by: Richard Purdie 
(cherry picked from commit ce2948af5293258a69a9cfefba9e883cefecac87)
[ 1.38 changelog:
 Fix issue with online check on IP address update.
 Fix issue with OpenVPN and encrypted private keys.
 Fix issue with finishing of VPN connections.
 Add support for updated stable iwd APIs.
 Add support for WireGuard networks.
 ]
Signed-off-by: Armin Kuster 
---
 meta/recipes-connectivity/connman/connman.inc |  1 +
 ...-gweb-fix-segfault-with-musl-v1.1.21.patch | 34 ---
 ...ve-musl-does-not-implement-res_ninit.patch | 20 +--
 .../connman/connman_1.37.bb   | 17 --
 .../connman/connman_1.38.bb   | 16 +
 5 files changed, 26 insertions(+), 62 deletions(-)
 delete mode 100644 
meta/recipes-connectivity/connman/connman/0001-gweb-fix-segfault-with-musl-v1.1.21.patch
 delete mode 100644 meta/recipes-connectivity/connman/connman_1.37.bb
 create mode 100644 meta/recipes-connectivity/connman/connman_1.38.bb

diff --git a/meta/recipes-connectivity/connman/connman.inc 
b/meta/recipes-connectivity/connman/connman.inc
index 55e5bf97c7..7888bc2c1b 100644
--- a/meta/recipes-connectivity/connman/connman.inc
+++ b/meta/recipes-connectivity/connman/connman.inc
@@ -53,6 +53,7 @@ PACKAGECONFIG[nftables] = "--with-firewall=nftables ,,libmnl 
libnftnl,,kernel-mo
 PACKAGECONFIG[iptables] = "--with-firewall=iptables ,,iptables,iptables"
 PACKAGECONFIG[nfc] = "--enable-neard, --disable-neard, neard, neard"
 PACKAGECONFIG[client] = "--enable-client,--disable-client,readline"
+PACKAGECONFIG[wireguard] = "--enable-wireguard,--disable-wireguard,libmnl"
 
 INITSCRIPT_NAME = "connman"
 INITSCRIPT_PARAMS = "start 05 5 2 3 . stop 22 0 1 6 ."
diff --git 
a/meta/recipes-connectivity/connman/connman/0001-gweb-fix-segfault-with-musl-v1.1.21.patch
 
b/meta/recipes-connectivity/connman/connman/0001-gweb-fix-segfault-with-musl-v1.1.21.patch
deleted file mode 100644
index 30f1432cd3..00
--- 
a/meta/recipes-connectivity/connman/connman/0001-gweb-fix-segfault-with-musl-v1.1.21.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From f0a8c69971b30ea7ca255bb885fdd1179fa5d298 Mon Sep 17 00:00:00 2001
-From: Nicola Lunghi 
-Date: Thu, 23 May 2019 07:55:25 +0100
-Subject: [PATCH] gweb: fix segfault with musl v1.1.21
-
-In musl > v1.1.21 freeaddrinfo() implementation changed and
-was causing a segmentation fault on recent Yocto using musl.
-
-See this commit:
-
- 
https://git.musl-libc.org/cgit/musl/commit/src/network/freeaddrinfo.c?id=d1395c43c019aec6b855cf3c656bf47c8a719e7f
-
-Upstream-Status: Submitted

- gweb/gweb.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/gweb/gweb.c b/gweb/gweb.c
-index 393afe0a..12fcb1d8 100644
 a/gweb/gweb.c
-+++ b/gweb/gweb.c
-@@ -1274,7 +1274,8 @@ static bool is_ip_address(const char *host)
-   addr = NULL;
- 
-   result = getaddrinfo(host, NULL, , );
--  freeaddrinfo(addr);
-+  if(!result)
-+  freeaddrinfo(addr);
- 
-   return result == 0;
- }
--- 
-2.19.1
-
diff --git 
a/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch
 
b/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch
index 639ccfa2a2..942b9c97b6 100644
--- 
a/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch
+++ 
b/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch
@@ -1,7 +1,7 @@
-From 10b0d16d04b811b1ccd1f9b0cfe757bce8d876a1 Mon Sep 17 00:00:00 2001
+From c7734e1547db967eccf242fe4b9e8a30b9ff141c Mon Sep 17 00:00:00 2001
 From: Khem Raj 
 Date: Mon, 6 Apr 2015 23:02:21 -0700
-Subject: [PATCH 2/3] resolve: musl does not implement res_ninit
+Subject: [PATCH] resolve: musl does not implement res_ninit
 
 ported from
 http://git.alpinelinux.org/cgit/aports/plain/testing/connman/libresolv.patch
@@ -9,12 +9,13 @@ 
http://git.alpinelinux.org/cgit/aports/plain/testing/connman/libresolv.patch
 Upstream-Status: Pending
 
 Signed-off-by: Khem Raj 
+
 ---
- gweb/gresolv.c | 33 -
- 1 file changed, 12 insertions(+), 21 deletions(-)
+ gweb/gresolv.c | 34 +-
+ 1 file changed, 13 insertions(+), 21 deletions(-)
 
 diff --git a/gweb/gresolv.c b/gweb/gresolv.c
-index 5cf7a9a..3ad8e70 100644
+index 38a554e..a9e8740 100644
 --- a/gweb/gresolv.c
 +++ b/gweb/gresolv.c
 @@ -36,6 +36,7 @@
@@ -25,7 +26,7 @@ index 5cf7a9a..3ad8e70 100644
  
  #include "gresolv.h"
  
-@@ -875,8 +875,6 @@ GResolv *g_resolv_new(int index)
+@@ -877,8 +878,6 @@ GResolv *g_resolv_new(int index)
resolv->index = index;
resolv->nameserver_list = NULL;
  
@@ -34,7 +35,7 @@ index 5cf7a9a..3ad8e70 100644
return resolv;
  }
  
-@@ -916,8 +914,6 @@ void g_resolv_unref(GResolv *resolv)
+@@ -918,8 +917,6 @@ void 

[OE-core] [dunfell][PATCH 2/2] connman: update to 1.39

[akuster]

From: akuster 

Bug fix only and includes two security fixes:

CVE-2021-26675
CVE-2021-26676

Changelog:
- Fix issue with scanning state synchronization and iwd.
- Fix issue with invalid key with 4-way handshake offloading.
- Fix issue with DNS proxy length checks to prevent buffer overflow.
- Fix issue with DHCP leaking stack data via uninitialized variable.

[Yocto #14231]

Signed-off-by: Armin Kuster 
Signed-off-by: Richard Purdie 
(cherry picked from commit eb20fd47d738f469f7bbeb4b8d85040f9163722b)
Signed-off-by: Armin Kuster 
(cherry picked from commit 1ec530801ae62bddeaa434d792ed9c2640f9eebe)
Signed-off-by: Armin Kuster 
---
 .../connman/{connman_1.38.bb => connman_1.39.bb}   | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)
 rename meta/recipes-connectivity/connman/{connman_1.38.bb => connman_1.39.bb} 
(78%)

diff --git a/meta/recipes-connectivity/connman/connman_1.38.bb 
b/meta/recipes-connectivity/connman/connman_1.39.bb
similarity index 78%
rename from meta/recipes-connectivity/connman/connman_1.38.bb
rename to meta/recipes-connectivity/connman/connman_1.39.bb
index 027c41e9af..df42e9ffb8 100644
--- a/meta/recipes-connectivity/connman/connman_1.38.bb
+++ b/meta/recipes-connectivity/connman/connman_1.39.bb
@@ -9,8 +9,7 @@ SRC_URI = 
"${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \
 
 SRC_URI_append_libc-musl = " 
file://0002-resolve-musl-does-not-implement-res_ninit.patch"
 
-SRC_URI[md5sum] = "1ed8745354c7254bdfd4def54833ee94"
-SRC_URI[sha256sum] = 
"cb30aca97c2f79ccaed8802aa2909ac5100a3969de74c0af8a9d73b85fc4932b"
+SRC_URI[sha256sum] = 
"9f62a7169b7491c670a1ff2e335b0d966308fb2f62e285c781105eb90f181af3"
 
 RRECOMMENDS_${PN} = "connman-conf"
 RCONFLICTS_${PN} = "networkmanager"
-- 
2.17.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#147994): 
https://lists.openembedded.org/g/openembedded-core/message/147994
Mute This Topic: https://lists.openembedded.org/mt/80599286/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [gatesgarth][PATCH] connman: update to 1.39

[akuster]

From: akuster 

Bug fix only and includes two security fixes:

CVE-2021-26675
CVE-2021-26676

Changelog:
- Fix issue with scanning state synchronization and iwd.
- Fix issue with invalid key with 4-way handshake offloading.
- Fix issue with DNS proxy length checks to prevent buffer overflow.
- Fix issue with DHCP leaking stack data via uninitialized variable.

[Yocto #14231]

Signed-off-by: Armin Kuster 
Signed-off-by: Richard Purdie 
(cherry picked from commit eb20fd47d738f469f7bbeb4b8d85040f9163722b)
Signed-off-by: Armin Kuster 
---
 .../connman/{connman_1.38.bb => connman_1.39.bb}   | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)
 rename meta/recipes-connectivity/connman/{connman_1.38.bb => connman_1.39.bb} 
(78%)

diff --git a/meta/recipes-connectivity/connman/connman_1.38.bb 
b/meta/recipes-connectivity/connman/connman_1.39.bb
similarity index 78%
rename from meta/recipes-connectivity/connman/connman_1.38.bb
rename to meta/recipes-connectivity/connman/connman_1.39.bb
index 027c41e9af..df42e9ffb8 100644
--- a/meta/recipes-connectivity/connman/connman_1.38.bb
+++ b/meta/recipes-connectivity/connman/connman_1.39.bb
@@ -9,8 +9,7 @@ SRC_URI = 
"${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \
 
 SRC_URI_append_libc-musl = " 
file://0002-resolve-musl-does-not-implement-res_ninit.patch"
 
-SRC_URI[md5sum] = "1ed8745354c7254bdfd4def54833ee94"
-SRC_URI[sha256sum] = 
"cb30aca97c2f79ccaed8802aa2909ac5100a3969de74c0af8a9d73b85fc4932b"
+SRC_URI[sha256sum] = 
"9f62a7169b7491c670a1ff2e335b0d966308fb2f62e285c781105eb90f181af3"
 
 RRECOMMENDS_${PN} = "connman-conf"
 RCONFLICTS_${PN} = "networkmanager"
-- 
2.17.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#147992): 
https://lists.openembedded.org/g/openembedded-core/message/147992
Mute This Topic: https://lists.openembedded.org/mt/80599228/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [v2][PATCH] connman: update to 1.39

[akuster]

[Yocto #14231]

Bug fix only and includes two security fixes:

CVE-2021-26675
CVE-2021-26676

Signed-off-by: Armin Kuster 
---
 .../connman/{connman_1.38.bb => connman_1.39.bb}   | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)
 rename meta/recipes-connectivity/connman/{connman_1.38.bb => connman_1.39.bb} 
(78%)

diff --git a/meta/recipes-connectivity/connman/connman_1.38.bb 
b/meta/recipes-connectivity/connman/connman_1.39.bb
similarity index 78%
rename from meta/recipes-connectivity/connman/connman_1.38.bb
rename to meta/recipes-connectivity/connman/connman_1.39.bb
index 027c41e9afa..df42e9ffb8a 100644
--- a/meta/recipes-connectivity/connman/connman_1.38.bb
+++ b/meta/recipes-connectivity/connman/connman_1.39.bb
@@ -9,8 +9,7 @@ SRC_URI = 
"${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \
 
 SRC_URI_append_libc-musl = " 
file://0002-resolve-musl-does-not-implement-res_ninit.patch"
 
-SRC_URI[md5sum] = "1ed8745354c7254bdfd4def54833ee94"
-SRC_URI[sha256sum] = 
"cb30aca97c2f79ccaed8802aa2909ac5100a3969de74c0af8a9d73b85fc4932b"
+SRC_URI[sha256sum] = 
"9f62a7169b7491c670a1ff2e335b0d966308fb2f62e285c781105eb90f181af3"
 
 RRECOMMENDS_${PN} = "connman-conf"
 RCONFLICTS_${PN} = "networkmanager"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#147955): 
https://lists.openembedded.org/g/openembedded-core/message/147955
Mute This Topic: https://lists.openembedded.org/mt/80559329/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH] connman: update to 1.39

[akuster]

On 2/10/21 7:54 AM, Oleksandr Kravchuk wrote:
> Changelog:
> - Fix issue with scanning state synchronization and iwd.
> - Fix issue with invalid key with 4-way handshake offloading.
> - Fix issue with DNS proxy length checks to prevent buffer overflow.
> - Fix issue with DHCP leaking stack data via uninitialized variable.

this update was sent last night which included CVE #. either patch will
do IMHO

-armin
>
> Signed-off-by: Oleksandr Kravchuk 
> ---
>  .../connman/{connman_1.38.bb => connman_1.39.bb}   | 3 +--
>  1 file changed, 1 insertion(+), 2 deletions(-)
>  rename meta/recipes-connectivity/connman/{connman_1.38.bb => 
> connman_1.39.bb} (78%)
>
> diff --git a/meta/recipes-connectivity/connman/connman_1.38.bb 
> b/meta/recipes-connectivity/connman/connman_1.39.bb
> similarity index 78%
> rename from meta/recipes-connectivity/connman/connman_1.38.bb
> rename to meta/recipes-connectivity/connman/connman_1.39.bb
> index 027c41e9af..df42e9ffb8 100644
> --- a/meta/recipes-connectivity/connman/connman_1.38.bb
> +++ b/meta/recipes-connectivity/connman/connman_1.39.bb
> @@ -9,8 +9,7 @@ SRC_URI = 
> "${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \
>  
>  SRC_URI_append_libc-musl = " 
> file://0002-resolve-musl-does-not-implement-res_ninit.patch"
>  
> -SRC_URI[md5sum] = "1ed8745354c7254bdfd4def54833ee94"
> -SRC_URI[sha256sum] = 
> "cb30aca97c2f79ccaed8802aa2909ac5100a3969de74c0af8a9d73b85fc4932b"
> +SRC_URI[sha256sum] = 
> "9f62a7169b7491c670a1ff2e335b0d966308fb2f62e285c781105eb90f181af3"
>  
>  RRECOMMENDS_${PN} = "connman-conf"
>  RCONFLICTS_${PN} = "networkmanager"
>
> 
>


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#147937): 
https://lists.openembedded.org/g/openembedded-core/message/147937
Mute This Topic: https://lists.openembedded.org/mt/80524901/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH] mesa: Remove dependency on opengl or vulkan DISTRO_FEATURES

[akuster]

On 2/10/21 3:11 AM, Ray Smith wrote:
> Mesa doesn't _require_ either of these features of the distribution,
> it (conditionally) _provides_ them.
>
> This has a desirable side-effect of enabling a build of mesa that
> supports only OpenGL ES and EGL, without having the rest of the
> distribution think that full OpenGL is available.
>
> Without this, a distribution can't support different machines with
> (non-mesa) OpenGL ES/EGL-only drivers alongside mesa drivers, even
> when the distribution only needs OpenGL ES/EGL.
>
> (Note that currently mesa internally requires OpenGL support to be
> built in order for OpenGL ES support to be built, but this is a
> detail internal to mesa that should not be exposed to the wider
> build)

Did you run yocto-check-layer to ensure this passes?

-armin
> Signed-off-by: Ray Smith 
> ---
>  meta/recipes-graphics/mesa/mesa.inc | 4 +---
>  1 file changed, 1 insertion(+), 3 deletions(-)
>
> diff --git a/meta/recipes-graphics/mesa/mesa.inc 
> b/meta/recipes-graphics/mesa/mesa.inc
> index cb075a8b89..bdb978de95 100644
> --- a/meta/recipes-graphics/mesa/mesa.inc
> +++ b/meta/recipes-graphics/mesa/mesa.inc
> @@ -44,12 +44,10 @@ PROVIDES = " \
>  virtual/mesa \
>  "
>  
> -inherit meson pkgconfig python3native gettext features_check
> +inherit meson pkgconfig python3native gettext
>  
>  BBCLASSEXTEND = "native nativesdk"
>  
> -ANY_OF_DISTRO_FEATURES_class-target = "opengl vulkan"
> -
>  PLATFORMS ??= "${@bb.utils.filter('PACKAGECONFIG', 'x11 wayland', d)}"
>  
>  export YOCTO_ALTERNATE_EXE_PATH = 
> "${STAGING_LIBDIR}/llvm${MESA_LLVM_RELEASE}/llvm-config"
>
> 
>


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#147929): 
https://lists.openembedded.org/g/openembedded-core/message/147929
Mute This Topic: https://lists.openembedded.org/mt/80529198/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] connman: update to 1.39

[akuster]

[Yocto #14231]

Bug fix only and includes two security fixes:

CVE-2021-26676
CVE-2021-26676

Signed-off-by: Armin Kuster 
---
 .../connman/{connman_1.38.bb => connman_1.39.bb}   | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)
 rename meta/recipes-connectivity/connman/{connman_1.38.bb => connman_1.39.bb} 
(78%)

diff --git a/meta/recipes-connectivity/connman/connman_1.38.bb 
b/meta/recipes-connectivity/connman/connman_1.39.bb
similarity index 78%
rename from meta/recipes-connectivity/connman/connman_1.38.bb
rename to meta/recipes-connectivity/connman/connman_1.39.bb
index 027c41e9afa..df42e9ffb8a 100644
--- a/meta/recipes-connectivity/connman/connman_1.38.bb
+++ b/meta/recipes-connectivity/connman/connman_1.39.bb
@@ -9,8 +9,7 @@ SRC_URI = 
"${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \
 
 SRC_URI_append_libc-musl = " 
file://0002-resolve-musl-does-not-implement-res_ninit.patch"
 
-SRC_URI[md5sum] = "1ed8745354c7254bdfd4def54833ee94"
-SRC_URI[sha256sum] = 
"cb30aca97c2f79ccaed8802aa2909ac5100a3969de74c0af8a9d73b85fc4932b"
+SRC_URI[sha256sum] = 
"9f62a7169b7491c670a1ff2e335b0d966308fb2f62e285c781105eb90f181af3"
 
 RRECOMMENDS_${PN} = "connman-conf"
 RCONFLICTS_${PN} = "networkmanager"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#147916): 
https://lists.openembedded.org/g/openembedded-core/message/147916
Mute This Topic: https://lists.openembedded.org/mt/80524901/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] documentation.conf: add both CVE_CHECK_LAYER_*

[akuster]

Signed-off-by: Armin Kuster 
---
 meta/conf/documentation.conf | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/conf/documentation.conf b/meta/conf/documentation.conf
index eee3c43ff2c..c5a38b07642 100644
--- a/meta/conf/documentation.conf
+++ b/meta/conf/documentation.conf
@@ -123,6 +123,8 @@ CONFLICT_MACHINE_FEATURES[doc] = "When a recipe inherits 
the features_check clas
 CORE_IMAGE_EXTRA_INSTALL[doc] = "Specifies the list of packages to be added to 
the image. You should only set this variable in the conf/local.conf file in the 
Build Directory."
 COREBASE[doc] = "Specifies the parent directory of the OpenEmbedded Core 
Metadata layer (i.e. meta)."
 CONF_VERSION[doc] = "Tracks the version of local.conf.  Increased each time 
build/conf/ changes incompatibly."
+CVE_CHECK_LAYER_EXCLUDELIST[doc] = "Defines which layers to exclude from 
cve-check scanning"
+CVE_CHECK_LAYER_INCLUDELIST[doc] = "Defines which layers to include during 
cve-check scanning"
 
 #D
 
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#147848): 
https://lists.openembedded.org/g/openembedded-core/message/147848
Mute This Topic: https://lists.openembedded.org/mt/80497450/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [dunfell][PATCH 2/2] p11-kit: upgrade 0.23.21 -> 0.23.22

[akuster]

From: Lee Chee Yang 

https://github.com/p11-glue/p11-kit/releases/tag/0.23.22

Release notes:
Fix memory-safety issues that affect the RPC protocol (CVE-2020-29361, 
CVE-2020-29362, and CVE-2020-29363), discovered and fixed by David Cook
anchor: Prefer persistent format when storing anchor [#329]
common: Fix infloop in p11_path_build [#326, #327]
proxy: C_CloseAllSessions: Make sure that calloc args are non-zero [#325]
common: Check for a NULL locale before freeing it [#321]
Build and test fixes [#313, #315, #317, #318, #319, #323, #330, #333, #334, 
#335, #338, #339]

https://github.com/p11-glue/p11-kit/commit/c4e75e10021ce86ab42682ea4936dce94ced2f77
patch to fix trailing newline using custom_target() caused error
with DISTRO_FEATURES api-documentation due to meson bugs, enable
manpages PACKAGECONFIG should prevent this error.
| warning: failed to load external entity "../version.xml"
| ../p11-kit-docs.xml:11: parser error : Failure to process entity version
|   for p11-kit 
| ^
| ../p11-kit-docs.xml:11: parser error : Entity 'version' not defined
|   for p11-kit 
| ^
| unable to parse ../p11-kit-docs.xml

(From OE-Core rev: b112ba291835061640123c13784e2b33cc73f17d)

Signed-off-by: Lee Chee Yang 
Signed-off-by: Richard Purdie 
(cherry picked from commit 59b07a71f32c84e592d66595a2a7e1ae9c7ebef8)
Signed-off-by: Anuj Mittal 
(cherry picked from commit f500435958fd676a00757a64572f06f5cb16c251)
[p11-kit 0.23.xx is lts version. Bug fix only update
Signed-off-by: Armin Kuster 
---
 .../p11-kit/{p11-kit_0.23.21.bb => p11-kit_0.23.22.bb} | 7 ---
 1 file changed, 4 insertions(+), 3 deletions(-)
 rename meta/recipes-support/p11-kit/{p11-kit_0.23.21.bb => p11-kit_0.23.22.bb} 
(75%)

diff --git a/meta/recipes-support/p11-kit/p11-kit_0.23.21.bb 
b/meta/recipes-support/p11-kit/p11-kit_0.23.22.bb
similarity index 75%
rename from meta/recipes-support/p11-kit/p11-kit_0.23.21.bb
rename to meta/recipes-support/p11-kit/p11-kit_0.23.22.bb
index b1fd2334b2..c539ecdbc6 100644
--- a/meta/recipes-support/p11-kit/p11-kit_0.23.21.bb
+++ b/meta/recipes-support/p11-kit/p11-kit_0.23.22.bb
@@ -2,17 +2,18 @@ SUMMARY = "Provides a way to load and enumerate PKCS#11 
modules"
 LICENSE = "BSD-3-Clause"
 LIC_FILES_CHKSUM = "file://COPYING;md5=02933887f609807fbb57aa4237d14a50"
 
-inherit meson gettext pkgconfig gtk-doc bash-completion
+inherit meson gettext pkgconfig gtk-doc bash-completion manpages
 
 DEPENDS = "libtasn1 libtasn1-native libffi"
 
 DEPENDS_append = "${@' glib-2.0' if d.getVar('GTKDOC_ENABLED') == 'True' else 
''}"
 
-SRC_URI = "git://github.com/p11-glue/p11-kit"
-SRCREV = "fd8b56f3ee971f94dc6fc95411fc01e1c12153ab"
+SRC_URI = "git://github.com/p11-glue/p11-kit;branch=0.23"
+SRCREV = "bd97afbfe28d5fbbde95ce36ff7a8834fc0291ee"
 S = "${WORKDIR}/git"
 
 PACKAGECONFIG ??= ""
+PACKAGECONFIG[manpages] = "-Dman=true,-Dman=false,libxslt-native"
 PACKAGECONFIG[trust-paths] = 
"-Dtrust_paths=/etc/ssl/certs/ca-certificates.crt,,,ca-certificates"
 
 GTKDOC_MESON_OPTION = 'gtk_doc'
-- 
2.17.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#147827): 
https://lists.openembedded.org/g/openembedded-core/message/147827
Mute This Topic: https://lists.openembedded.org/mt/80480774/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [dunfell][PATCH 1/2] p11-kit: upgrade 0.23.20 -> 0.23.21

[akuster]

From: Alexander Kanavin 

Signed-off-by: Alexander Kanavin 
Signed-off-by: Richard Purdie 
(cherry picked from commit 6e811db2f614500f16415fc09801f229968428e7)
[0.23.x is an lts release, bug fix only update]
Signed-off-by: Armin Kuster 
---
 .../p11-kit/{p11-kit_0.23.20.bb => p11-kit_0.23.21.bb}  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-support/p11-kit/{p11-kit_0.23.20.bb => p11-kit_0.23.21.bb} 
(94%)

diff --git a/meta/recipes-support/p11-kit/p11-kit_0.23.20.bb 
b/meta/recipes-support/p11-kit/p11-kit_0.23.21.bb
similarity index 94%
rename from meta/recipes-support/p11-kit/p11-kit_0.23.20.bb
rename to meta/recipes-support/p11-kit/p11-kit_0.23.21.bb
index 4ba93f998a..b1fd2334b2 100644
--- a/meta/recipes-support/p11-kit/p11-kit_0.23.20.bb
+++ b/meta/recipes-support/p11-kit/p11-kit_0.23.21.bb
@@ -9,7 +9,7 @@ DEPENDS = "libtasn1 libtasn1-native libffi"
 DEPENDS_append = "${@' glib-2.0' if d.getVar('GTKDOC_ENABLED') == 'True' else 
''}"
 
 SRC_URI = "git://github.com/p11-glue/p11-kit"
-SRCREV = "762cdaa2cd5c5ec09cc844f9a6bdc551c7f6c8ed"
+SRCREV = "fd8b56f3ee971f94dc6fc95411fc01e1c12153ab"
 S = "${WORKDIR}/git"
 
 PACKAGECONFIG ??= ""
-- 
2.17.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#147826): 
https://lists.openembedded.org/g/openembedded-core/message/147826
Mute This Topic: https://lists.openembedded.org/mt/80480773/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH 2/2] cve-check: add include/exclude layers

[akuster]

On 2/8/21 2:16 AM, Richard Purdie wrote:
> On Mon, 2021-02-08 at 05:51 +0000, akuster wrote:
>> There are times when exluding or including a layer
>> may be desired. This provide the framwork for that via
>> two variables. The default is all layers in bblayers.
>>
>> CVE_CHECK_LAYER_INCLUDELIST
>> CVE_CHECK_LAYER_EXCLUDELIST
> Do we need to document these?
Yes if and when the patches are accepted.  By doc do you mean the
manuals or documentation.conf?

- armin
>
> Cheers,
>
> Richard
>


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#147825): 
https://lists.openembedded.org/g/openembedded-core/message/147825
Mute This Topic: https://lists.openembedded.org/mt/80471477/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 2/2] cve-check: add include/exclude layers

[akuster]

There are times when exluding or including a layer
may be desired. This provide the framwork for that via
two variables. The default is all layers in bblayers.

CVE_CHECK_LAYER_INCLUDELIST
CVE_CHECK_LAYER_EXCLUDELIST

Signed-off-by: Armin Kuster 
---
 meta/classes/cve-check.bbclass | 17 +
 1 file changed, 17 insertions(+)

diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 061af7a2760..112ee3379d3 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -53,6 +53,13 @@ CVE_CHECK_PN_WHITELIST ?= ""
 #
 CVE_CHECK_WHITELIST ?= ""
 
+# Layers to be excluded
+CVE_CHECK_LAYER_EXCLUDELIST ??= ""
+
+# Layers to be included 
+CVE_CHECK_LAYER_INCLUDELIST ??= ""
+
+
 # set to "alphabetical" for version using single alphabetical character as 
increament release
 CVE_VERSION_SUFFIX ??= ""
 
@@ -334,10 +341,20 @@ def cve_write_data(d, patched, unpatched, whitelisted, 
cve_data):
 CVE manifest if enabled.
 """
 
+
 cve_file = d.getVar("CVE_CHECK_LOG")
 fdir_name  = d.getVar("FILE_DIRNAME")
 layer = fdir_name.split("/")[-3]
 
+include_layers = d.getVar("CVE_CHECK_LAYER_INCLUDELIST").split()
+exclude_layers = d.getVar("CVE_CHECK_LAYER_EXCLUDELIST").split()
+
+if exclude_layers and layer in exclude_layers:
+return
+
+if include_layers and layer not in include_layers:
+return
+
 nvd_link = "https://web.nvd.nist.gov/view/vuln/detail?vulnId=;
 write_string = ""
 unpatched_cves = []
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#147773): 
https://lists.openembedded.org/g/openembedded-core/message/147773
Mute This Topic: https://lists.openembedded.org/mt/80471477/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 1/2] cve-check.bbclass: add layer to cve log

[akuster]

Lets include whcih layer a package belongs to and
add it to the cve logs

Signed-off-by: Armin Kuster 
---
 meta/classes/cve-check.bbclass | 4 
 1 file changed, 4 insertions(+)

diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index ed86403b6bc..061af7a2760 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -335,6 +335,9 @@ def cve_write_data(d, patched, unpatched, whitelisted, 
cve_data):
 """
 
 cve_file = d.getVar("CVE_CHECK_LOG")
+fdir_name  = d.getVar("FILE_DIRNAME")
+layer = fdir_name.split("/")[-3]
+
 nvd_link = "https://web.nvd.nist.gov/view/vuln/detail?vulnId=;
 write_string = ""
 unpatched_cves = []
@@ -344,6 +347,7 @@ def cve_write_data(d, patched, unpatched, whitelisted, 
cve_data):
 is_patched = cve in patched
 if is_patched and (d.getVar("CVE_CHECK_REPORT_PATCHED") != "1"):
 continue
+write_string += "LAYER: %s\n" % layer
 write_string += "PACKAGE NAME: %s\n" % d.getVar("PN")
 write_string += "PACKAGE VERSION: %s%s\n" % (d.getVar("EXTENDPE"), 
d.getVar("PV"))
 write_string += "CVE: %s\n" % cve
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#147772): 
https://lists.openembedded.org/g/openembedded-core/message/147772
Mute This Topic: https://lists.openembedded.org/mt/80471476/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] openssl: Enable srp algorithm

[akuster]

This is still needed by libest in meta-security

Signed-off-by: Armin Kuster 
Cc: Shachar Menashe 
---
 meta/recipes-connectivity/openssl/openssl_1.1.1i.bb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1i.bb 
b/meta/recipes-connectivity/openssl/openssl_1.1.1i.bb
index 52e96b78310..5617f337e04 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.1.1i.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.1.1i.bb
@@ -64,7 +64,8 @@ CFLAGS_append_class-nativesdk = " -DOPENSSLDIR=/not/builtin 
-DENGINESDIR=/not/bu
 # rc4 (freerdp librtorrent ettercap xrdp transmission pam-ssh-agent-auth php)
 # rc2 (mailx)
 # psk (qt5)
-DEPRECATED_CRYPTO_FLAGS = "no-ssl no-idea no-rc5 no-md2 no-srp no-camellia 
no-mdc2 no-scrypt no-seed no-siphash no-sm2 no-sm3 no-sm4 no-whirlpool"
+# srp (libest)
+DEPRECATED_CRYPTO_FLAGS = "no-ssl no-idea no-rc5 no-md2 no-camellia no-mdc2 
no-scrypt no-seed no-siphash no-sm2 no-sm3 no-sm4 no-whirlpool"
 
 do_configure () {
os=${HOST_OS}
-- 
2.17.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#147134): 
https://lists.openembedded.org/g/openembedded-core/message/147134
Mute This Topic: https://lists.openembedded.org/mt/80079249/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] git: update to 2.30.0

[akuster]

For your info see: 
https://lore.kernel.org/lkml/xmqqk0t1g326@gitster.c.googlers.com/T/

Signed-off-by: Armin Kuster 
---
 meta/recipes-devtools/git/{git_2.29.2.bb => git_2.30.0.bb} | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename meta/recipes-devtools/git/{git_2.29.2.bb => git_2.30.0.bb} (51%)

diff --git a/meta/recipes-devtools/git/git_2.29.2.bb 
b/meta/recipes-devtools/git/git_2.30.0.bb
similarity index 51%
rename from meta/recipes-devtools/git/git_2.29.2.bb
rename to meta/recipes-devtools/git/git_2.30.0.bb
index 6433a2e2b70..93f8ed298b5 100644
--- a/meta/recipes-devtools/git/git_2.29.2.bb
+++ b/meta/recipes-devtools/git/git_2.30.0.bb
@@ -5,5 +5,5 @@ EXTRA_OECONF += "ac_cv_snprintf_returns_bogus=no \
  "
 EXTRA_OEMAKE += "NO_GETTEXT=1"
 
-SRC_URI[tarball.sha256sum] = 
"869a121e1d75e4c28213df03d204156a17f02fce2dc77be9795b327830f54195"
-SRC_URI[manpages.sha256sum] = 
"68b258e6d590cb78e02c0df741bbaeab94cbbac6d25de9da4fb3882ee098307b"
+SRC_URI[tarball.sha256sum] = 
"d24c4fa2a658318c2e66e25ab67cc30038a35696d2d39e6b12ceccf024de1e5e"
+SRC_URI[manpages.sha256sum] = 
"e23035ae232c9a5eda57db258bc3b7f1c1060cfd66920f92c7d388b6439773a6"
-- 
2.17.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#147090): 
https://lists.openembedded.org/g/openembedded-core/message/147090
Mute This Topic: https://lists.openembedded.org/mt/80008038/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [bitbake-devel] Backport changes for _PYTHON_SYSCONFIGDATA_NAME to Gatesgarth and Dunfell

[akuster]

On 1/16/21 9:44 AM, Martin Jansa wrote:
> Aren't the missing spaces in appends fixes also needed for meta-oe
> recipes?


>
> I think at least top 5 commits from:
> https://git.openembedded.org/meta-openembedded/log/?qt=grep=space.*append
> were also follow-up from these changes in oe-core.
>
Do you mean something beyond the meta-openembedded commits mentioned
near the bottom of the email?

I need clarity so I can open an issue in gitlab for tracking purposes as
I am sure I will forget this

-armin

> On Thu, Jan 14, 2021 at 6:50 PM Peter Kjellerstedt
> mailto:peter.kjellerst...@axis.com>> wrote:
>
> [ Cross-posting since these changes affect all of bitbake,
> openembedded-core
>   and meta-openembedded and need to be made (at least somewhat) in
> sync. ]
>
> Can the solution for _PYTHON_SYSCONFIGDATA_NAME please be
> backported to
> Gatesgarth and Dunfell? We are seeing problems for developers who
> have
> updated the python3 version on their hosts when they try to do
> devtool
> modify on recipes that inherit python3native. The following relevant
> changes should cherry-pick cleanly to the respective repositories for
> both gatesgarth and dunfell:
>
> openembedded-core:
> 5a118d4e python3: split python target configuration into own class
> dadf001c python3-pycairo: use python3targetconfig
> 9c8f6660 distutils3-base.bbclass: use python3targetconfig
> d3a81dd0 meta: drop _PYTHON_SYSCONFIGDATA_NAME hacks
> 38ecb83c gpgme: use python3targetconfig
> c99bb790 python3targetconfig.bbclass: Make py3 dep and tasks only
> for target recipes
>
> bitbake:
> 47b64cfa lib/bb/fetch2/__init__.py: drop
> _PYTHON_SYSCONFIGDATA_NAME unsetting
>
> meta-openembedded:
> a06cdf5a gedit: Inherit python3targetconfig
> 59f817bb openipmi: Inherit python3targetconfig
> be7d2286 libplist: Inherit python3targetconfig
> c499aaee postgresql: Inherit python3targetconfig
>
> I guess there may be some controversy regarding whether these
> changes should
> be backported to the stable branches since they modify what
> python3native
> does and may require existing recipes to be modified to inherit
> the new
> python3targetconfig class. However, I believe that having devtool
> modify
> fail on random recipes without an easy solution for the user is
> much worse
> than having to update a recipe or two once due to a build failure
> after
> upgrading to a new version of OE-Core (in my book that is pretty
> normal and
> something I always have to do anyway when we update OE-Core). And
> based on
> the number of recipes in openembedded-core and meta-openembedded
> that needed
> to be updated (2+4), I do not expect there to be many other
> recipes in the
> first place that actually need to be updated.
>
> //Peter
>
>
> 
>


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#146882): 
https://lists.openembedded.org/g/openembedded-core/message/146882
Mute This Topic: https://lists.openembedded.org/mt/79732586/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [dunfell][PATCH 1/2] classes/waf: Add build and install arguments

[akuster]

From: Joshua Watt 

Adds variables that can be used to allow a recipe to pass extra
arguments to `waf build` and `waf install`. In most cases, you want to
pass the same arguments to `build` and `install` (since install is a
superset of `build`), so by default setting EXTRA_OEWAF_BUILD also
affects `waf install`, but this can be overridded.

(From OE-Core rev: 493e17a2f5cbbbe3b1e435dadb281b007bca2cbf)

Signed-off-by: Joshua Watt 
Signed-off-by: Richard Purdie 
(cherry picked from commit 633652284b13dc78206f4cc8e81f29de44777b75)
Signed-off-by: Armin Kuster 
---
 meta/classes/waf.bbclass | 9 +++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/meta/classes/waf.bbclass b/meta/classes/waf.bbclass
index 900244004ec..309f625a40f 100644
--- a/meta/classes/waf.bbclass
+++ b/meta/classes/waf.bbclass
@@ -5,6 +5,11 @@ B = "${WORKDIR}/build"
 
 EXTRA_OECONF_append = " ${PACKAGECONFIG_CONFARGS}"
 
+EXTRA_OEWAF_BUILD ??= ""
+# In most cases, you want to pass the same arguments to `waf build` and `waf
+# install`, but you can override it if necessary
+EXTRA_OEWAF_INSTALL ??= "${EXTRA_OEWAF_BUILD}"
+
 def waflock_hash(d):
 # Calculates the hash used for the waf lock file. This should include
 # all of the user controllable inputs passed to waf configure. Note
@@ -55,11 +60,11 @@ waf_do_configure() {
 
 do_compile[progress] = "outof:^\[\s*(\d+)/\s*(\d+)\]\s+"
 waf_do_compile()  {
-   (cd ${S} && ./waf build ${@oe.utils.parallel_make_argument(d, '-j%d', 
limit=64)})
+   (cd ${S} && ./waf build ${@oe.utils.parallel_make_argument(d, '-j%d', 
limit=64)} ${EXTRA_OEWAF_BUILD})
 }
 
 waf_do_install() {
-   (cd ${S} && ./waf install --destdir=${D})
+   (cd ${S} && ./waf install --destdir=${D} ${EXTRA_OEWAF_INSTALL})
 }
 
 EXPORT_FUNCTIONS do_configure do_compile do_install
-- 
2.17.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#146879): 
https://lists.openembedded.org/g/openembedded-core/message/146879
Mute This Topic: https://lists.openembedded.org/mt/79732578/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [dunfell][PATCH 2/2] waf: don't assume the waf intepretter is good

[akuster]

From: Ross Burton 

Waf typically uses `python` as the intepretter but inside a task this
does not exist.  Typically this is solved by patching waf (see the
glmark2 recipe) but not all versionf of Waf support Python 3 so we can't
assume a specific interpretter.

Instead, create a new variable WAF_PYTHON for the correct interpretter,
and default this to `python3`.  If the user has a recipe that needs
Python 2 then this can be changed in the recipe.

(From OE-Core rev: 802e80d35e6374b9b80f89068d00b84fe2d04ca1)

Signed-off-by: Ross Burton 
Signed-off-by: Richard Purdie 
(cherry picked from commit 85b6301c6190a1d1823de9bfe7285f7a7d15a46f)
[Fixes build issue on Ubuntu 20 with mvp
https://github.com/openembedded/meta-openembedded/issues/304 ]
Signed-off-by: Armin Kuster 
---
 meta/classes/waf.bbclass | 13 +
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/meta/classes/waf.bbclass b/meta/classes/waf.bbclass
index 309f625a40f..8fa5063645c 100644
--- a/meta/classes/waf.bbclass
+++ b/meta/classes/waf.bbclass
@@ -1,6 +1,10 @@
 # avoids build breaks when using no-static-libs.inc
 DISABLE_STATIC = ""
 
+# What Python interpretter to use.  Defaults to Python 3 but can be
+# overridden if required.
+WAF_PYTHON ?= "python3"
+
 B = "${WORKDIR}/build"
 
 EXTRA_OECONF_append = " ${PACKAGECONFIG_CONFARGS}"
@@ -40,9 +44,10 @@ python waf_preconfigure() {
 import subprocess
 from distutils.version import StrictVersion
 subsrcdir = d.getVar('S')
+python = d.getVar('WAF_PYTHON')
 wafbin = os.path.join(subsrcdir, 'waf')
 try:
-result = subprocess.check_output([wafbin, '--version'], cwd=subsrcdir, 
stderr=subprocess.STDOUT)
+result = subprocess.check_output([python, wafbin, '--version'], 
cwd=subsrcdir, stderr=subprocess.STDOUT)
 version = result.decode('utf-8').split()[1]
 if StrictVersion(version) >= StrictVersion("1.8.7"):
 d.setVar("WAF_EXTRA_CONF", "--bindir=${bindir} --libdir=${libdir}")
@@ -55,16 +60,16 @@ python waf_preconfigure() {
 do_configure[prefuncs] += "waf_preconfigure"
 
 waf_do_configure() {
-   (cd ${S} && ./waf configure -o ${B} --prefix=${prefix} 
${WAF_EXTRA_CONF} ${EXTRA_OECONF})
+   (cd ${S} && ${WAF_PYTHON} ./waf configure -o ${B} --prefix=${prefix} 
${WAF_EXTRA_CONF} ${EXTRA_OECONF})
 }
 
 do_compile[progress] = "outof:^\[\s*(\d+)/\s*(\d+)\]\s+"
 waf_do_compile()  {
-   (cd ${S} && ./waf build ${@oe.utils.parallel_make_argument(d, '-j%d', 
limit=64)} ${EXTRA_OEWAF_BUILD})
+   (cd ${S} && ${WAF_PYTHON} ./waf build 
${@oe.utils.parallel_make_argument(d, '-j%d', limit=64)} ${EXTRA_OEWAF_BUILD})
 }
 
 waf_do_install() {
-   (cd ${S} && ./waf install --destdir=${D} ${EXTRA_OEWAF_INSTALL})
+   (cd ${S} && ${WAF_PYTHON} ./waf install --destdir=${D} 
${EXTRA_OEWAF_INSTALL})
 }
 
 EXPORT_FUNCTIONS do_configure do_compile do_install
-- 
2.17.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#146880): 
https://lists.openembedded.org/g/openembedded-core/message/146880
Mute This Topic: https://lists.openembedded.org/mt/79732579/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [dunfell][PATCH 0/2] Fix build issue for meta-oe

[akuster]

World builds failed for mvp. These two changes fix

Exception: PermissionError: [Errno 13] Permission denied: 
'TOPDIR/tmp/work/core2-64-poky-linux/mpv/0.32.0-r0/git/waf'

https://errors.yoctoproject.org/Errors/Details/539929/

Issue introduced by 
https://git.openembedded.org/meta-openembedded/commit/meta-oe/recipes-multimedia/mplayer?id=5af46f89fcef5c436786ed81978de60f26abe054


These fixes are in Gatesgarth.

Please concider these for Dunfell.

Joshua Watt (1):
  classes/waf: Add build and install arguments

Ross Burton (1):
  waf: don't assume the waf intepretter is good

 meta/classes/waf.bbclass | 18 ++
 1 file changed, 14 insertions(+), 4 deletions(-)

-- 
2.17.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#146878): 
https://lists.openembedded.org/g/openembedded-core/message/146878
Mute This Topic: https://lists.openembedded.org/mt/79732577/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [dunfell][PATCH 2/2] curl: Security fix for CVE-2020-8231

[akuster]

From: Armin Kuster 

Source: https://curl.se/
MR: 105190
Type: Security Fix
Disposition: Backport from 
https://github.com/curl/curl/commit/3c9e021f86872baae412a427e807fbfa2f3e8
ChangeID: 7cb4278f48b0da2009b5b7cf2b2383b12a5660ab
Description:

Fixes CVE-2020-8231
Affects 7.29.0 to 7.71.1

Signed-off-by: Armin Kuster 
---
 .../curl/curl/CVE-2020-8231.patch | 143 ++
 meta/recipes-support/curl/curl_7.69.1.bb  |   1 +
 2 files changed, 144 insertions(+)
 create mode 100644 meta/recipes-support/curl/curl/CVE-2020-8231.patch

diff --git a/meta/recipes-support/curl/curl/CVE-2020-8231.patch 
b/meta/recipes-support/curl/curl/CVE-2020-8231.patch
new file mode 100644
index 000..f01e225e754
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2020-8231.patch
@@ -0,0 +1,143 @@
+From 3c9e021f86872baae412a427e807fbfa2f3e8a22 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg 
+Date: Sun, 16 Aug 2020 11:34:35 +0200
+Subject: [PATCH] Curl_easy: remember last connection by id, not by pointer
+
+CVE-2020-8231
+
+Bug: https://curl.haxx.se/docs/CVE-2020-8231.html
+
+Reported-by: Marc Aldorasi
+Closes #5824
+
+Upstream-Status: Backport 
[https://github.com/curl/curl/commit/3c9e021f86872baae412a427e807fbfa2f3e8]
+CVE: CVE-2020-8231
+Affects: 7.20.0 to 7.71.1
+Signed-off-by: Armin Kuster 
+
+---
+ lib/connect.c | 19 ++-
+ lib/easy.c|  3 +--
+ lib/multi.c   |  9 +
+ lib/url.c |  2 +-
+ lib/urldata.h |  2 +-
+ 5 files changed, 18 insertions(+), 17 deletions(-)
+
+Index: curl-7.69.1/lib/connect.c
+===
+--- curl-7.69.1.orig/lib/connect.c
 curl-7.69.1/lib/connect.c
+@@ -1356,15 +1356,15 @@ CURLcode Curl_connecthost(struct connect
+ }
+ 
+ struct connfind {
+-  struct connectdata *tofind;
+-  bool found;
++  long id_tofind;
++  struct connectdata *found;
+ };
+ 
+ static int conn_is_conn(struct connectdata *conn, void *param)
+ {
+   struct connfind *f = (struct connfind *)param;
+-  if(conn == f->tofind) {
+-f->found = TRUE;
++  if(conn->connection_id == f->id_tofind) {
++f->found = conn;
+ return 1;
+   }
+   return 0;
+@@ -1386,21 +1386,22 @@ curl_socket_t Curl_getconnectinfo(struct
+* - that is associated with a multi handle, and whose connection
+*   was detached with CURLOPT_CONNECT_ONLY
+*/
+-  if(data->state.lastconnect && (data->multi_easy || data->multi)) {
+-struct connectdata *c = data->state.lastconnect;
++  if((data->state.lastconnect_id != -1) && (data->multi_easy || data->multi)) 
{
++struct connectdata *c;
+ struct connfind find;
+-find.tofind = data->state.lastconnect;
+-find.found = FALSE;
++find.id_tofind = data->state.lastconnect_id;
++find.found = NULL;
+ 
+ Curl_conncache_foreach(data, data->multi_easy?
+>multi_easy->conn_cache:
+>multi->conn_cache, , conn_is_conn);
+ 
+ if(!find.found) {
+-  data->state.lastconnect = NULL;
++  data->state.lastconnect_id = -1;
+   return CURL_SOCKET_BAD;
+ }
+ 
++c = find.found;
+ if(connp) {
+   /* only store this if the caller cares for it */
+   *connp = c;
+Index: curl-7.69.1/lib/easy.c
+===
+--- curl-7.69.1.orig/lib/easy.c
 curl-7.69.1/lib/easy.c
+@@ -831,8 +831,7 @@ struct Curl_easy *curl_easy_duphandle(st
+ 
+   /* the connection cache is setup on demand */
+   outcurl->state.conn_cache = NULL;
+-
+-  outcurl->state.lastconnect = NULL;
++  outcurl->state.lastconnect_id = -1;
+ 
+   outcurl->progress.flags= data->progress.flags;
+   outcurl->progress.callback = data->progress.callback;
+Index: curl-7.69.1/lib/multi.c
+===
+--- curl-7.69.1.orig/lib/multi.c
 curl-7.69.1/lib/multi.c
+@@ -454,6 +454,7 @@ CURLMcode curl_multi_add_handle(struct C
+ data->state.conn_cache = >share->conn_cache;
+   else
+ data->state.conn_cache = >conn_cache;
++  data->state.lastconnect_id = -1;
+ 
+ #ifdef USE_LIBPSL
+   /* Do the same for PSL. */
+@@ -669,11 +670,11 @@ static CURLcode multi_done(struct Curl_e
+ CONN_UNLOCK(data);
+ if(Curl_conncache_return_conn(data, conn)) {
+   /* remember the most recently used connection */
+-  data->state.lastconnect = conn;
++  data->state.lastconnect_id = conn->connection_id;
+   infof(data, "%s\n", buffer);
+ }
+ else
+-  data->state.lastconnect = NULL;
++  data->state.lastconnect_id = -1;
+   }
+ 
+   Curl_free_request_state(data);
+Index: curl-7.69.1/lib/url.c
+===
+--- curl-7.69.1.orig/lib/url.c
 curl-7.69.1/lib/url.c
+@@ -618,7 +618,7 @@ CURLcode Curl_open(struct Curl_easy **cu
+   Curl_initinfo(data);
+ 
+   /* most recent connection is not yet defined */
+-  data->state.lastconnect = NULL;
++  

[OE-core] [dunfell][PATCH 1/2] curl: Fix CVE-2020-8284, CVE-2020-8285, CVE-2020-8286

[akuster]

From: Khairul Rohaizzat Jamaluddin 

Source: git.openembedded.org
MR: 107592, 107620, 107606
Type: Security Fix
Disposition: Backport from 
https://git.openembedded.org/openembedded-core-contrib/commit/?h=anujm/gatesgarth=f1a0ea55c0ae2cce7f7c3c6c73f57c5b8222c860
ChangeID: 8d65a5974018f276bef9054cbbdcd5a2a5f0a154
Description:

Backport the CVE patches from upstream
https://github.com/curl/curl/commit/ec9cc725d598ac
https://github.com/curl/curl/commit/a95a6ce6b809693a1195e3b4347a6cfa0fbc2ee7
https://github.com/curl/curl/commit/69a358f2186e04
https://github.com/curl/curl/commit/d9d01672785b.patch

0002-remove-void-protop-create-union-p.patch is added because the CVE-2020-8285 
fix is
dependent on it.

CVE:
CVE-2020-8284
CVE-2020-8285
CVE-2020-8286

Signed-off-by: Khairul Rohaizzat Jamaluddin 

Signed-off-by: Anuj Mittal 
Signed-off-by: Armin Kuster 
---
 ...02-remove-void-protop-create-union-p.patch | 1609 +
 .../curl/curl/CVE-2020-8284.patch |  210 +++
 .../curl/curl/CVE-2020-8285.patch |  261 +++
 .../curl/curl/CVE-2020-8286.patch |  138 ++
 meta/recipes-support/curl/curl_7.69.1.bb  |3 +
 5 files changed, 2221 insertions(+)
 create mode 100644 
meta/recipes-support/curl/curl/0002-remove-void-protop-create-union-p.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2020-8284.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2020-8285.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2020-8286.patch

diff --git 
a/meta/recipes-support/curl/curl/0002-remove-void-protop-create-union-p.patch 
b/meta/recipes-support/curl/curl/0002-remove-void-protop-create-union-p.patch
new file mode 100644
index 000..d0d01fb97cb
--- /dev/null
+++ 
b/meta/recipes-support/curl/curl/0002-remove-void-protop-create-union-p.patch
@@ -0,0 +1,1609 @@
+From bfdb7ee65fc8b96f1fce10ef23871acb092b74b6 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg 
+Date: Mon, 23 Nov 2020 08:32:41 +0100
+Subject: [PATCH] urldata: remove 'void *protop' and create the union 'p'
+
+... to avoid the use of 'void *' for the protocol specific structs done
+per transfer.
+
+Closes #6238
+
+Upstream-Status: Backport 
[https://github.com/curl/curl/commit/a95a6ce6b809693a1195e3b4347a6cfa0fbc2ee7]
+
+CVE: CVE-2020-8285
+
+Signed-off-by: Daniel Stenberg 
+Signed-off-by: Khairul Rohaizzat Jamaluddin 

+
+---
+ docs/INTERNALS.md  |  4 ++--
+ lib/file.c | 14 +++---
+ lib/ftp.c  | 36 ++--
+ lib/http.c | 14 +++---
+ lib/http2.c| 50 +-
+ lib/http_proxy.c   |  6 +++---
+ lib/imap.c | 26 +-
+ lib/mqtt.c | 10 +-
+ lib/openldap.c |  8 
+ lib/pop3.c | 14 +++---
+ lib/rtsp.c |  8 
+ lib/smb.c  | 20 ++--
+ lib/smtp.c | 22 +++---
+ lib/telnet.c   | 30 +++---
+ lib/transfer.c |  8 
+ lib/url.c  |  2 +-
+ lib/urldata.h  | 19 +--
+ lib/vquic/ngtcp2.c | 24 
+ lib/vquic/quiche.c | 10 +-
+ lib/vssh/libssh.c  | 10 +-
+ lib/vssh/libssh2.c |  8 
+ lib/vssh/wolfssh.c |  8 
+ 22 files changed, 183 insertions(+), 168 deletions(-)
+
+diff --git a/docs/INTERNALS.md b/docs/INTERNALS.md
+index 635e7b2..ca8988e 100644
+--- a/docs/INTERNALS.md
 b/docs/INTERNALS.md
+@@ -980,8 +980,8 @@ for older and later versions as things don't change 
drastically that often.
+   protocol specific data that then gets associated with that `Curl_easy` for
+   the rest of this transfer. It gets freed again at the end of the transfer.
+   It will be called before the `connectdata` for the transfer has been
+-  selected/created. Most protocols will allocate its private
+-  `struct [PROTOCOL]` here and assign `Curl_easy->req.protop` to point to it.
++  selected/created. Most protocols will allocate its private `struct
++  [PROTOCOL]` here and assign `Curl_easy->req.p.[protocol]` to it.
+ 
+   `->connect_it` allows a protocol to do some specific actions after the TCP
+   connect is done, that can still be considered part of the connection phase.
+diff --git a/lib/file.c b/lib/file.c
+index cd3e49c..110e5c2 100644
+--- a/lib/file.c
 b/lib/file.c
+@@ -119,8 +119,8 @@ const struct Curl_handler Curl_handler_file = {
+ static CURLcode file_setup_connection(struct connectdata *conn)
+ {
+   /* allocate the FILE specific struct */
+-  conn->data->req.protop = calloc(1, sizeof(struct FILEPROTO));
+-  if(!conn->data->req.protop)
++  conn->data->req.p.file = calloc(1, sizeof(struct FILEPROTO));
++  if(!conn->data->req.p.file)
+ return CURLE_OUT_OF_MEMORY;
+ 
+   return CURLE_OK;
+@@ -135,7 +135,7 @@ static CURLcode file_connect(struct connectdata *conn, 
bool *done)
+ {
+   struct Curl_easy *data = conn->data;
+   char *real_path;
+-  

[OE-core] [dunfell][PATCH] glibc: CVE-2019-25013

[akuster]

From: Scott Murray 

Source: openembedded.org
MR: 107928
Type: Security Fix
Disposition: Backport from 
https://git.openembedded.org/openembedded-core/commit/meta/recipes-core/glibc?id=53d149df4d8832e34ace2470c31ddc688176faf7
ChangeID: 462441a4a91cb481401e170876c25dcdbd00f1e0
Description:

* CVE detail: https://nvd.nist.gov/vuln/detail/CVE-2019-25013

* upstream tracking: https://sourceware.org/bugzilla/show_bug.cgi?id=24973

* patch from upstream:
https://sourceware.org/git/?p=glibc.git;a=patch;
h=ee7a3144c9922808181009b7b3e50e852fb4999b

(From OE-Core rev: 53d149df4d8832e34ace2470c31ddc688176faf7)

Signed-off-by: Scott Murray 
Signed-off-by: Richard Purdie 
(cherry picked from commit 164b3e63612b40e984aec19c5a54c8ae408725ec)
Signed-off-by: Armin Kuster 
---
 .../glibc/glibc/CVE-2019-25013.patch  | 135 ++
 meta/recipes-core/glibc/glibc_2.31.bb |   1 +
 2 files changed, 136 insertions(+)
 create mode 100644 meta/recipes-core/glibc/glibc/CVE-2019-25013.patch

diff --git a/meta/recipes-core/glibc/glibc/CVE-2019-25013.patch 
b/meta/recipes-core/glibc/glibc/CVE-2019-25013.patch
new file mode 100644
index 000..73df1da868c
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/CVE-2019-25013.patch
@@ -0,0 +1,135 @@
+From ee7a3144c9922808181009b7b3e50e852fb4999b Mon Sep 17 00:00:00 2001
+From: Andreas Schwab 
+Date: Mon, 21 Dec 2020 08:56:43 +0530
+Subject: [PATCH] Fix buffer overrun in EUC-KR conversion module (bz #24973)
+
+The byte 0xfe as input to the EUC-KR conversion denotes a user-defined
+area and is not allowed.  The from_euc_kr function used to skip two bytes
+when told to skip over the unknown designation, potentially running over
+the buffer end.
+
+Upstream-Status: Backport 
[https://sourceware.org/git/?p=glibc.git;a=patch;h=ee7a3144c9922808181009b7b3e50e852fb4999b]
+CVE: CVE-2019-25013
+Signed-off-by: Scott Murray 
+[Refreshed for Dundell context; Makefile changes]
+Signed-off-by: Armin Kuster 
+
+---
+ iconvdata/Makefile  |  3 ++-
+ iconvdata/bug-iconv13.c | 53 +
+ iconvdata/euc-kr.c  |  6 +
+ iconvdata/ksc5601.h |  6 ++---
+ 4 files changed, 59 insertions(+), 9 deletions(-)
+ create mode 100644 iconvdata/bug-iconv13.c
+
+Index: git/iconvdata/Makefile
+===
+--- git.orig/iconvdata/Makefile
 git/iconvdata/Makefile
+@@ -73,7 +73,7 @@ modules.so := $(addsuffix .so, $(modules
+ ifeq (yes,$(build-shared))
+ tests = bug-iconv1 bug-iconv2 tst-loading tst-e2big tst-iconv4 bug-iconv4 \
+   tst-iconv6 bug-iconv5 bug-iconv6 tst-iconv7 bug-iconv8 bug-iconv9 \
+-  bug-iconv10 bug-iconv11 bug-iconv12
++  bug-iconv10 bug-iconv11 bug-iconv12 bug-iconv13
+ ifeq ($(have-thread-library),yes)
+ tests += bug-iconv3
+ endif
+Index: git/iconvdata/bug-iconv13.c
+===
+--- /dev/null
 git/iconvdata/bug-iconv13.c
+@@ -0,0 +1,53 @@
++/* bug 24973: Test EUC-KR module
++   Copyright (C) 2020 Free Software Foundation, Inc.
++   This file is part of the GNU C Library.
++
++   The GNU C Library is free software; you can redistribute it and/or
++   modify it under the terms of the GNU Lesser General Public
++   License as published by the Free Software Foundation; either
++   version 2.1 of the License, or (at your option) any later version.
++
++   The GNU C Library is distributed in the hope that it will be useful,
++   but WITHOUT ANY WARRANTY; without even the implied warranty of
++   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++   Lesser General Public License for more details.
++
++   You should have received a copy of the GNU Lesser General Public
++   License along with the GNU C Library; if not, see
++   .  */
++
++#include 
++#include 
++#include 
++#include 
++
++static int
++do_test (void)
++{
++  iconv_t cd = iconv_open ("UTF-8//IGNORE", "EUC-KR");
++  TEST_VERIFY_EXIT (cd != (iconv_t) -1);
++
++  /* 0xfe (->0x7e : row 94) and 0xc9 (->0x49 : row 41) are user-defined
++ areas, which are not allowed and should be skipped over due to
++ //IGNORE.  The trailing 0xfe also is an incomplete sequence, which
++ should be checked first.  */
++  char input[4] = { '\xc9', '\xa1', '\0', '\xfe' };
++  char *inptr = input;
++  size_t insize = sizeof (input);
++  char output[4];
++  char *outptr = output;
++  size_t outsize = sizeof (output);
++
++  /* This used to crash due to buffer overrun.  */
++  TEST_VERIFY (iconv (cd, , , , ) == (size_t) -1);
++  TEST_VERIFY (errno == EINVAL);
++  /* The conversion should produce one character, the converted null
++ character.  */
++  TEST_VERIFY (sizeof (output) - outsize == 1);
++
++  TEST_VERIFY_EXIT (iconv_close (cd) != -1);
++
++  return 0;
++}
++
++#include 
+Index: git/iconvdata/euc-kr.c
+===
+--- 

[OE-core] [dunfell][PATCH] glibc: Security fix for CVE-2020-29573

[akuster]

From: Armin Kuster 

Source: glibc.org
MR: 107580
Type: Security Fix
Disposition: Backport from 
https://sourceware.org/git/?p=glibc.git;a=commit;h=681900d29683722b1cb0a8e565a0585846ec5a61

ChangeID: 7bc5edb2e1947ac0774a453000a1568bbe3bb7d2
Description:

Fixedup to match 2.31 context. ldbl2mpn.c is in i386 for this version

Signed-off-by: Armin Kuster 
---
 .../glibc/glibc/CVE-2020-29573.patch  | 128 ++
 meta/recipes-core/glibc/glibc_2.31.bb |   1 +
 2 files changed, 129 insertions(+)
 create mode 100644 meta/recipes-core/glibc/glibc/CVE-2020-29573.patch

diff --git a/meta/recipes-core/glibc/glibc/CVE-2020-29573.patch 
b/meta/recipes-core/glibc/glibc/CVE-2020-29573.patch
new file mode 100644
index 000..1e75f2d29d4
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/CVE-2020-29573.patch
@@ -0,0 +1,128 @@
+From 681900d29683722b1cb0a8e565a0585846ec5a61 Mon Sep 17 00:00:00 2001
+From: Florian Weimer 
+Date: Tue, 22 Sep 2020 19:07:48 +0200
+Subject: [PATCH] x86: Harden printf against non-normal long double values (bug
+ 26649)
+
+The behavior of isnan/__builtin_isnan on bit patterns that do not
+correspond to something that the CPU would produce from valid inputs
+is currently under-defined in the toolchain. (The GCC built-in and
+glibc disagree.)
+
+The isnan check in PRINTF_FP_FETCH in stdio-common/printf_fp.c
+assumes the GCC behavior that returns true for non-normal numbers
+which are not specified as NaN. (The glibc implementation returns
+false for such numbers.)
+
+At present, passing non-normal numbers to __mpn_extract_long_double
+causes this function to produce irregularly shaped multi-precision
+integers, triggering undefined behavior in __printf_fp_l.
+
+With GCC 10 and glibc 2.32, this behavior is not visible because
+__builtin_isnan is used, which avoids calling
+__mpn_extract_long_double in this case.  This commit updates the
+implementation of __mpn_extract_long_double so that regularly shaped
+multi-precision integers are produced in this case, avoiding
+undefined behavior in __printf_fp_l.
+
+Upstream-Status: Backport [git://sourceware.org/git/glibc.git]
+CVE: CVE-2020-29573
+Signed-off-By: Armin Kuster 
+
+---
+ sysdeps/x86/Makefile|  4 ++
+ sysdeps/x86/ldbl2mpn.c  |  8 
+ sysdeps/x86/tst-ldbl-nonnormal-printf.c | 52 +
+ 3 files changed, 64 insertions(+)
+ create mode 100644 sysdeps/x86/tst-ldbl-nonnormal-printf.c
+
+Index: git/sysdeps/x86/Makefile
+===
+--- git.orig/sysdeps/x86/Makefile
 git/sysdeps/x86/Makefile
+@@ -9,6 +9,10 @@ tests += tst-get-cpu-features tst-get-cp
+ tests-static += tst-get-cpu-features-static
+ endif
+ 
++ifeq ($(subdir),math)
++tests += tst-ldbl-nonnormal-printf
++endif # $(subdir) == math
++
+ ifeq ($(subdir),setjmp)
+ gen-as-const-headers += jmp_buf-ssp.sym
+ sysdep_routines += __longjmp_cancel
+Index: git/sysdeps/x86/tst-ldbl-nonnormal-printf.c
+===
+--- /dev/null
 git/sysdeps/x86/tst-ldbl-nonnormal-printf.c
+@@ -0,0 +1,52 @@
++/* Test printf with x86-specific non-normal long double value.
++   Copyright (C) 2020 Free Software Foundation, Inc.
++
++   This file is part of the GNU C Library.
++
++   The GNU C Library is free software; you can redistribute it and/or
++   modify it under the terms of the GNU Lesser General Public
++   License as published by the Free Software Foundation; either
++   version 2.1 of the License, or (at your option) any later version.
++
++   The GNU C Library is distributed in the hope that it will be useful,
++   but WITHOUT ANY WARRANTY; without even the implied warranty of
++   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++   Lesser General Public License for more details.
++
++   You should have received a copy of the GNU Lesser General Public
++   License along with the GNU C Library; if not, see
++   .  */
++
++#include 
++#include 
++#include 
++
++/* Fill the stack with non-zero values.  This makes a crash in
++   snprintf more likely.  */
++static void __attribute__ ((noinline, noclone))
++fill_stack (void)
++{
++  char buffer[65536];
++  memset (buffer, 0xc0, sizeof (buffer));
++  asm ("" ::: "memory");
++}
++
++static int
++do_test (void)
++{
++  fill_stack ();
++
++  long double value;
++  memcpy (, "\x00\x04\x00\x00\x00\x00\x00\x00\x00\x04", 10);
++
++  char buf[30];
++  int ret = snprintf (buf, sizeof (buf), "%Lg", value);
++  TEST_COMPARE (ret, strlen (buf));
++  if (strcmp (buf, "nan") != 0)
++/* If snprintf does not recognize the non-normal number as a NaN,
++   it has added the missing explicit MSB.  */
++TEST_COMPARE_STRING (buf, "3.02201e-4624");
++  return 0;
++}
++
++#include 
+Index: git/sysdeps/i386/ldbl2mpn.c
+===
+--- git.orig/sysdeps/i386/ldbl2mpn.c

[OE-core] [dunfell][PATCH] xorg: Security fix for CVE-2020-14345

[akuster]

From: Armin Kuster 

Source: freedesktop.org
MR: 105894
Type: Security Fix
Disposition: Backport from 
https://gitlab.freedesktop.org/xorg/xserver/-/commit/f7cd1276bbd4fe3a9700096dec33b52b8440788d
ChangeID: 2c6b7553d8e5bc152258ad1794d95cb7d8b215eb
Description:

CVE-2020-14345 fix

Signed-off-by: Armin Kuster 
---
 .../xserver-xorg/CVE-2020-14345.patch | 182 ++
 .../xorg-xserver/xserver-xorg_1.20.8.bb   |   1 +
 2 files changed, 183 insertions(+)
 create mode 100644 
meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14345.patch

diff --git 
a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14345.patch 
b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14345.patch
new file mode 100644
index 000..fb3a37c4748
--- /dev/null
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14345.patch
@@ -0,0 +1,182 @@
+From f7cd1276bbd4fe3a9700096dec33b52b8440788d Mon Sep 17 00:00:00 2001
+From: Matthieu Herrb 
+Date: Tue, 18 Aug 2020 14:46:32 +0200
+Subject: [PATCH] Correct bounds checking in XkbSetNames()
+
+CVE-2020-14345 / ZDI 11428
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+
+Signed-off-by: Matthieu Herrb 
+
+Upstream-Status: Backport
+CVE: CVE-2020-14345
+Affects < 1.20.9
+
+Signed-off-by: Armin Kuster 
+
+---
+ xkb/xkb.c | 48 
+ 1 file changed, 48 insertions(+)
+
+Index: xorg-server-1.20.8/xkb/xkb.c
+===
+--- xorg-server-1.20.8.orig/xkb/xkb.c
 xorg-server-1.20.8/xkb/xkb.c
+@@ -152,6 +152,19 @@ static RESTYPE RT_XKBCLIENT;
+ #define   CHK_REQ_KEY_RANGE(err,first,num,r)  \
+   CHK_REQ_KEY_RANGE2(err,first,num,r,client->errorValue,BadValue)
+ 
++static Bool
++_XkbCheckRequestBounds(ClientPtr client, void *stuff, void *from, void *to) {
++char *cstuff = (char *)stuff;
++char *cfrom = (char *)from;
++char *cto = (char *)to;
++
++return cfrom < cto &&
++   cfrom >= cstuff &&
++   cfrom < cstuff + ((size_t)client->req_len << 2) &&
++   cto >= cstuff &&
++   cto <= cstuff + ((size_t)client->req_len << 2);
++}
++
+ /******/
+ 
+ int
+@@ -4045,6 +4058,8 @@ _XkbSetNamesCheck(ClientPtr client, Devi
+ client->errorValue = _XkbErrCode2(0x04, stuff->firstType);
+ return BadAccess;
+ }
++if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + stuff->nTypes))
++return BadLength;
+ old = tmp;
+ tmp = _XkbCheckAtoms(tmp, stuff->nTypes, client->swapped, );
+ if (!tmp) {
+@@ -4074,6 +4089,8 @@ _XkbSetNamesCheck(ClientPtr client, Devi
+ }
+ width = (CARD8 *) tmp;
+ tmp = (CARD32 *) (((char *) tmp) + XkbPaddedSize(stuff->nKTLevels));
++if (!_XkbCheckRequestBounds(client, stuff, width, tmp))
++return BadLength;
+ type = >map->types[stuff->firstKTLevel];
+ for (i = 0; i < stuff->nKTLevels; i++, type++) {
+ if (width[i] == 0)
+@@ -4083,6 +4100,8 @@ _XkbSetNamesCheck(ClientPtr client, Devi
+   type->num_levels, width[i]);
+ return BadMatch;
+ }
++if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + width[i]))
++return BadLength;
+ tmp = _XkbCheckAtoms(tmp, width[i], client->swapped, );
+ if (!tmp) {
+ client->errorValue = bad;
+@@ -4095,6 +4114,9 @@ _XkbSetNamesCheck(ClientPtr client, Devi
+ client->errorValue = 0x08;
+ return BadMatch;
+ }
++if (!_XkbCheckRequestBounds(client, stuff, tmp,
++tmp + Ones(stuff->indicators)))
++return BadLength;
+ tmp = _XkbCheckMaskedAtoms(tmp, XkbNumIndicators, stuff->indicators,
+client->swapped, );
+ if (!tmp) {
+@@ -4107,6 +4129,9 @@ _XkbSetNamesCheck(ClientPtr client, Devi
+ client->errorValue = 0x09;
+ return BadMatch;
+ }
++if (!_XkbCheckRequestBounds(client, stuff, tmp,
++tmp + Ones(stuff->virtualMods)))
++return BadLength;
+ tmp = _XkbCheckMaskedAtoms(tmp, XkbNumVirtualMods,
+(CARD32) stuff->virtualMods,
+client->swapped, );
+@@ -4120,6 +4145,9 @@ _XkbSetNamesCheck(ClientPtr client, Devi
+ client->errorValue = 0x0a;
+ return BadMatch;
+ }
++if (!_XkbCheckRequestBounds(client, stuff, tmp,
++tmp + Ones(stuff->groupNames)))
++return BadLength;
+ tmp = _XkbCheckMaskedAtoms(tmp, XkbNumKbdGroups,
+(CARD32) stuff->groupNames,
+ 

[OE-core] [Dunfell][meta-oe][PATCH] Revert "mpv: fetch waf in do_fetch"

[akuster]

This reverts commit 8ce691e47f5b3f795821a439536f4b54b24f887f.

The above commit introduced an issue now being seen on Ubuntu 20.

ERROR: mpv-0.32.0-r0 do_configure: Error executing a python function in 
exec_python_func() autogenerated:

The stack trace of python calls that resulted in this exception/failure was:
File: 'exec_python_func() autogenerated', lineno: 2, function: 
 0001:
  *** 0002:waf_preconfigure(d)

[Gitlab issue #304 ]
error log: https://errors.yoctoproject.org/Errors/Details/539929/

Signed-off-by: Armin Kuster 
---
 meta-oe/recipes-multimedia/mplayer/mpv_0.32.0.bb | 12 +++-
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/meta-oe/recipes-multimedia/mplayer/mpv_0.32.0.bb 
b/meta-oe/recipes-multimedia/mplayer/mpv_0.32.0.bb
index 70a39c7b60b..f7b0f30fb9d 100644
--- a/meta-oe/recipes-multimedia/mplayer/mpv_0.32.0.bb
+++ b/meta-oe/recipes-multimedia/mplayer/mpv_0.32.0.bb
@@ -18,9 +18,7 @@ LICENSE_FLAGS = "commercial"
 SRCREV_mpv = "70b991749df389bcc0a4e145b5687233a03b4ed7"
 SRC_URI = " \
 git://github.com/mpv-player/mpv;name=mpv \
-https://waf.io/waf-2.0.20;name=waf;subdir=git \
 "
-SRC_URI[waf.sha256sum] = 
"bf971e98edc2414968a262c6aa6b88541a26c3cd248689c89f4c57370955ee7f"
 
 S = "${WORKDIR}/git"
 
@@ -103,10 +101,14 @@ EXTRA_OECONF = " \
 ${PACKAGECONFIG_CONFARGS} \
 "
 
-link_waf() {
-ln -s waf-2.0.20 ${S}/waf
+do_patch[postfuncs] += "get_waf"
+
+get_waf() {
+cd ${S}
+./bootstrap.py
+sed -i -e 's|/usr/bin/env python|/usr/bin/env python3|g' ${S}/waf
+cd -
 }
-do_unpack[postfuncs] += "link_waf"
 
 FILES_${PN} += " \
 ${datadir}/icons \
-- 
2.17.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#146233): 
https://lists.openembedded.org/g/openembedded-core/message/146233
Mute This Topic: https://lists.openembedded.org/mt/79255178/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH 00/18] Move python3-pytest to oe-core

[akuster]

On 11/27/20 8:24 PM, Tim Orling wrote:
> From: Tim Orling 
>
> We are increasingly needing pytest in oe-core, so it is time to move it
> from meta-python.
>
> This series first imports the recipes -- as-is -- from meta-python.
> Second, the maintainers.inc is updated to add myself as maintainer for all
> the new recipes.
> Third, the two recipes that have stable updates are updated to their
> latest releases.
> Finally, a fix caught during ptest runs is added for RDEPENDS for
> pytest.
>
> This was built on 'nodistro' with only openembedded-core and tested on 
> qemux86-64. All the new recipes that have ptests pass all tests.

cool. This will reduce the number needed from meta-python  that the
sphinx recipe needs.

need to rebase my work.
-armin
>
> The following changes since commit 6e3785a3f1f3cf68f5fe101cd6bebe91db165973:
>
>   uninative: Don't use single sstate for pseudo-native (2020-11-24 15:53:04 
> +)
>
> are available in the Git repository at:
>
>   git://git.openembedded.org/openembedded-core-contrib 
> timo/add-pytest-to-oe-core
>   
> http://cgit.openembedded.org/openembedded-core-contrib/log/?h=timo/add-pytest-to-oe-core
>
> For convenience, the same series is also available at the Git repository
> at:
>
>  git://git.yoctoproject.org/poky-contrib timo/move-pytest-to-core
>  
> http://git.yoctoproject.org/cgit/cgit.cgi/poky-contrib/log/?h=timo/move-pytest-to-core
>
> Tim Orling (18):
>   python3-atomicwrites: move from meta-python
>   python3-attrs: move from meta-python
>   python3-iniconfig: move from meta-python
>   python3-more-itertools: move from meta-python
>   python3-pathlib2: move from meta-python
>   python3-toml: move from meta-python
>   python3-py: move from meta-python
>   python3-setuptools-scm: move from meta-python
>   python3-packaging: move from meta-python
>   python3-wcwidth: move from meta-python
>   python3-zipp: move from meta-python
>   python3-importlib-metadata: move from meta-python
>   python3-pluggy: move from meta-python
>   python3-pytest: move from meta-python
>   maintainers.inc: add self for new pytest packages
>   python3-more-itertools: upgrade 8.5.0 -> 8.6.0
>   python3-importlib-metadata: upgrade 2.0.0 to 3.1.0
>   python3-pytest: RDEPENDS on python3-toml
>
>  meta/conf/distro/include/maintainers.inc  | 14 +++
>  .../python/python3-atomicwrites/run-ptest |  3 ++
>  .../python/python3-atomicwrites_1.4.0.bb  | 25 
>  .../python/python3-attrs_20.3.0.bb| 20 ++
>  .../python3-importlib-metadata_3.1.0.bb   | 18 +
>  .../python/python3-iniconfig_1.1.1.bb |  9 +
>  .../python/python3-more-itertools/run-ptest   |  3 ++
>  .../python/python3-more-itertools_8.6.0.bb| 23 +++
>  .../python/python3-packaging_20.4.bb  | 14 +++
>  .../python/python3-pathlib2_2.3.5.bb  | 13 +++
>  .../python/python3-pluggy/run-ptest   |  3 ++
>  .../python/python3-pluggy_0.13.1.bb   | 27 +
>  .../python/python3-py_1.9.0.bb| 15 +++
>  ...he-setup_requires-for-setuptools-scm.patch | 39 +++
>  .../python/python3-pytest_6.1.2.bb| 39 +++
>  .../python/python3-setuptools-scm_4.1.2.bb| 21 ++
>  .../python/python3-toml_0.10.2.bb | 15 +++
>  .../python/python3-wcwidth/run-ptest  |  3 ++
>  .../python/python3-wcwidth_0.2.5.bb   | 25 
>  .../python/python3-zipp_3.4.0.bb  | 19 +
>  20 files changed, 348 insertions(+)
>  create mode 100644 
> meta/recipes-devtools/python/python3-atomicwrites/run-ptest
>  create mode 100644 meta/recipes-devtools/python/python3-atomicwrites_1.4.0.bb
>  create mode 100644 meta/recipes-devtools/python/python3-attrs_20.3.0.bb
>  create mode 100644 
> meta/recipes-devtools/python/python3-importlib-metadata_3.1.0.bb
>  create mode 100644 meta/recipes-devtools/python/python3-iniconfig_1.1.1.bb
>  create mode 100644 
> meta/recipes-devtools/python/python3-more-itertools/run-ptest
>  create mode 100644 
> meta/recipes-devtools/python/python3-more-itertools_8.6.0.bb
>  create mode 100644 meta/recipes-devtools/python/python3-packaging_20.4.bb
>  create mode 100644 meta/recipes-devtools/python/python3-pathlib2_2.3.5.bb
>  create mode 100644 meta/recipes-devtools/python/python3-pluggy/run-ptest
>  create mode 100644 meta/recipes-devtools/python/python3-pluggy_0.13.1.bb
>  create mode 100644 meta/recipes-devtools/python/python3-py_1.9.0.bb
>  create mode 100644 
> meta/recipes-devtools/python/python3-pytest/0001-setup.py-remove-the-setup_requires-for-setuptools-scm.patch
>  create mode 100644 meta/recipes-devtools/python/python3-pytest_6.1.2.bb
>  create mode 100644 
> meta/recipes-devtools/python/python3-setuptools-scm_4.1.2.bb
>  create mode 100644 meta/recipes-devtools/python/python3-toml_0.10.2.bb
>  create mode 100644 meta/recipes-devtools/python/python3-wcwidth/run-ptest
>  create mode 100644 

Re: [OE-core] [PATCH 1/5] python3: split python target configuration into own class

[akuster]

On 11/13/20 11:48 AM, Alexander Kanavin wrote:
> Setting _PYTHON_SYSCONFIGDATA_NAME in python3native class globally was
> problematic as it was leaking into host python environment, which
> was causing tracebacks depending on host distro and action
> (typically anything involving importing sysconfig module).
>
> The new class sets the variable only in specific tasks where it is needed,
> and should be inherited explicitly:
> - use python3native to run scripts with native python
> - use python3targetconfig to run scripts with native python
> if those scripts need to access target config data (such
> as correct installation directories). This also adds a dependency
> on target python, so should be used carefully to avoid lengthening builds.

cool.  I wonder if this fixes this open defect.
https://bugzilla.yoctoproject.org/show_bug.cgi?id=14076
>
> Signed-off-by: Alexander Kanavin 
> ---
>  meta/classes/python3native.bbclass   |  2 --
>  meta/classes/python3targetconfig.bbclass | 15 +++
>  2 files changed, 15 insertions(+), 2 deletions(-)
>  create mode 100644 meta/classes/python3targetconfig.bbclass
>
> diff --git a/meta/classes/python3native.bbclass 
> b/meta/classes/python3native.bbclass
> index d98fb4c758..2e3a88c126 100644
> --- a/meta/classes/python3native.bbclass
> +++ b/meta/classes/python3native.bbclass
> @@ -17,8 +17,6 @@ export STAGING_LIBDIR
>  export PYTHON_LIBRARY="${STAGING_LIBDIR}/lib${PYTHON_DIR}${PYTHON_ABI}.so"
>  export PYTHON_INCLUDE_DIR="${STAGING_INCDIR}/${PYTHON_DIR}${PYTHON_ABI}"
>  
> -export _PYTHON_SYSCONFIGDATA_NAME="_sysconfigdata"
> -
>  # suppress host user's site-packages dirs.
>  export PYTHONNOUSERSITE = "1"
>  
> diff --git a/meta/classes/python3targetconfig.bbclass 
> b/meta/classes/python3targetconfig.bbclass
> new file mode 100644
> index 00..640d0c97b6
> --- /dev/null
> +++ b/meta/classes/python3targetconfig.bbclass
> @@ -0,0 +1,15 @@
> +inherit python3native
> +
> +DEPENDS_append = " python3"
> +
> +do_configure_prepend() {
> +export _PYTHON_SYSCONFIGDATA_NAME="_sysconfigdata"
> +}
> +
> +do_compile_prepend() {
> +export _PYTHON_SYSCONFIGDATA_NAME="_sysconfigdata"
> +}
> +
> +do_install_prepend() {
> +export _PYTHON_SYSCONFIGDATA_NAME="_sysconfigdata"
> +}
>
> 
>


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#144601): 
https://lists.openembedded.org/g/openembedded-core/message/144601
Mute This Topic: https://lists.openembedded.org/mt/78237681/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] libdrm: fix build failure

[akuster]

From: akuster 

Failure seen on my CentOS7 build host

Signed-off-by: akuster 
---
 .../0001-xf86drm.c-fix-build-failure.patch| 87 +++
 meta/recipes-graphics/drm/libdrm_2.4.102.bb   |  4 +-
 2 files changed, 90 insertions(+), 1 deletion(-)
 create mode 100644 
meta/recipes-graphics/drm/files/0001-xf86drm.c-fix-build-failure.patch

diff --git 
a/meta/recipes-graphics/drm/files/0001-xf86drm.c-fix-build-failure.patch 
b/meta/recipes-graphics/drm/files/0001-xf86drm.c-fix-build-failure.patch
new file mode 100644
index 000..60c996ca855
--- /dev/null
+++ b/meta/recipes-graphics/drm/files/0001-xf86drm.c-fix-build-failure.patch
@@ -0,0 +1,87 @@
+From c7d89412884de2dbfa543720d185027377e62f21 Mon Sep 17 00:00:00 2001
+From: Heiko Thiery 
+Date: Fri, 5 Jun 2020 23:46:52 +0200
+Subject: [PATCH] xf86drm.c: fix build failure
+
+./xf86drm.c: In function 'drmNodeIsDRM':
+../xf86drm.c:2825:7: error: "__FreeBSD__" is not defined [-Werror=undef]
+ #elif __FreeBSD__
+   ^
+../xf86drm.c: In function 'drmGetMinorNameForFD':
+../xf86drm.c:2938:7: error: "__FreeBSD__" is not defined [-Werror=undef]
+ #elif __FreeBSD__
+   ^
+../xf86drm.c: In function 'drmParsePciBusInfo':
+../xf86drm.c:3258:7: error: "__FreeBSD__" is not defined [-Werror=undef]
+ #elif __FreeBSD__
+   ^
+../xf86drm.c: In function 'drmParsePciDeviceInfo':
+../xf86drm.c:3427:7: error: "__FreeBSD__" is not defined [-Werror=undef]
+ #elif __FreeBSD__
+   ^
+../xf86drm.c: In function 'drmGetDeviceNameFromFd2':
+../xf86drm.c:4305:7: error: "__FreeBSD__" is not defined [-Werror=undef]
+ #elif __FreeBSD__
+   ^
+
+Signed-off-by: Heiko Thiery 
+
+Upstream-Status: Backport
+Signed-off-by: Armin Kuster 
+
+---
+ xf86drm.c | 10 +-
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/xf86drm.c b/xf86drm.c
+index 07a18c4..50a6f09 100644
+--- a/xf86drm.c
 b/xf86drm.c
+@@ -2822,7 +2822,7 @@ static bool drmNodeIsDRM(int maj, int min)
+ snprintf(path, sizeof(path), "/sys/dev/char/%d:%d/device/drm",
+  maj, min);
+ return stat(path, ) == 0;
+-#elif __FreeBSD__
++#elif defined(__FreeBSD__)
+ char name[SPECNAMELEN];
+ 
+ if (!devname_r(makedev(maj, min), S_IFCHR, name, sizeof(name)))
+@@ -2935,7 +2935,7 @@ static char *drmGetMinorNameForFD(int fd, int type)
+ 
+ closedir(sysdir);
+ return NULL;
+-#elif __FreeBSD__
++#elif defined(__FreeBSD__)
+ struct stat sbuf;
+ char dname[SPECNAMELEN];
+ const char *mname;
+@@ -3255,7 +3255,7 @@ static int drmParsePciBusInfo(int maj, int min, 
drmPciBusInfoPtr info)
+ info->func = pinfo.func;
+ 
+ return 0;
+-#elif __FreeBSD__
++#elif defined(__FreeBSD__)
+ return get_sysctl_pci_bus_info(maj, min, info);
+ #else
+ #warning "Missing implementation of drmParsePciBusInfo"
+@@ -3424,7 +3424,7 @@ static int drmParsePciDeviceInfo(int maj, int min,
+ device->subdevice_id = pinfo.subdevice_id;
+ 
+ return 0;
+-#elif __FreeBSD__
++#elif defined(__FreeBSD__)
+ drmPciBusInfo info;
+ struct pci_conf_io pc;
+ struct pci_match_conf patterns[1];
+@@ -4302,7 +4302,7 @@ drm_public char *drmGetDeviceNameFromFd2(int fd)
+ free(value);
+ 
+ return strdup(path);
+-#elif __FreeBSD__
++#elif defined(__FreeBSD__)
+ return drmGetDeviceNameFromFd(fd);
+ #else
+ struct stat  sbuf;
+-- 
+1.8.3.1
+
diff --git a/meta/recipes-graphics/drm/libdrm_2.4.102.bb 
b/meta/recipes-graphics/drm/libdrm_2.4.102.bb
index fb9a94207f9..ad512d14a90 100644
--- a/meta/recipes-graphics/drm/libdrm_2.4.102.bb
+++ b/meta/recipes-graphics/drm/libdrm_2.4.102.bb
@@ -10,7 +10,9 @@ LIC_FILES_CHKSUM = 
"file://xf86drm.c;beginline=9;endline=32;md5=c8a3b961af7667c5
 PROVIDES = "drm"
 DEPENDS = "libpthread-stubs"
 
-SRC_URI = "http://dri.freedesktop.org/libdrm/${BP}.tar.xz;
+SRC_URI = "http://dri.freedesktop.org/libdrm/${BP}.tar.xz \ 
+   file://0001-xf86drm.c-fix-build-failure.patch "
+
 SRC_URI[sha256sum] = 
"8bcbf9336c28e393d76c1f16d7e79e394a7fce8a2e929d52d3ad7ad8525ba05b"
 
 inherit meson pkgconfig manpages
-- 
2.17.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#142876): 
https://lists.openembedded.org/g/openembedded-core/message/142876
Mute This Topic: https://lists.openembedded.org/mt/77181371/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] core-image-sato: qemumips use 512 mem

[akuster]

From: Armin Kuster 

Fixes:

WARNING: core-image-sato-sdk-1.0-r0 do_testimage: Couldn't login into serial 
console as root using blank password
WARNING: core-image-sato-sdk-1.0-r0 do_testimage: The output:
root
<<< run_serial(): command timed out after 60 seconds without output >>>

In another run, this error was seen:

Failed to reload daemon: Refusing to reload, not enough space available on 
/run/systemd. Currently, 14.3M are free, but a safety buffer of 16.0M is 
enforced.

With updates to systemd and Qemu we should revert: 499a31cf06 core-image-sato: 
don't use 512MB in qemumips

Signed-off-by: Armin Kuster  
---
 meta/recipes-sato/images/core-image-sato.bb | 1 -
 1 file changed, 1 deletion(-)

diff --git a/meta/recipes-sato/images/core-image-sato.bb 
b/meta/recipes-sato/images/core-image-sato.bb
index 673106eb6d..878e0eaa8d 100644
--- a/meta/recipes-sato/images/core-image-sato.bb
+++ b/meta/recipes-sato/images/core-image-sato.bb
@@ -12,4 +12,3 @@ TOOLCHAIN_HOST_TASK_append = " nativesdk-intltool 
nativesdk-glib-2.0"
 TOOLCHAIN_HOST_TASK_remove_task-populate-sdk-ext = " nativesdk-intltool 
nativesdk-glib-2.0"
 
 QB_MEM = '${@bb.utils.contains("DISTRO_FEATURES", "opengl", "-m 512", "-m 
256", d)}'
-QB_MEM_qemumips = "-m 256"
-- 
2.17.1

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#142469): 
https://lists.openembedded.org/g/openembedded-core/message/142469
Mute This Topic: https://lists.openembedded.org/mt/76814331/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub  
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH] cve-check: use SAFELIST

[akuster]

On 9/11/20 12:37 AM, Lee Chee Yang wrote:
> From: Lee Chee Yang 
>
> use safelist instead of whitelist.
Thanks for sending the patch. There is some unfinished conclusions for
renaming various variables to be more inclusive. I am personally fine
with this word choice.

Is this what other open source projects are rename to ? 

So would "blacklist" become "unsafelist"

Do you have an idea if other layers would be affected by this change?

-armin


> Replace CVE_CHECK_PN_WHITELIST with CVE_CHECK_PN_SAFELIST.
> Replace CVE_CHECK_WHITELIST with CVE_CHECK_SAFELIST.
>
> Signed-off-by: Lee Chee Yang 
> ---
>  meta/classes/cve-check.bbclass| 47 ++-
>  .../openssl/openssl_1.1.1g.bb |  2 +-
>  meta/recipes-core/glibc/glibc_2.32.bb |  2 +-
>  meta/recipes-devtools/cmake/cmake.inc |  2 +-
>  meta/recipes-devtools/python/python3_3.8.5.bb |  2 +-
>  meta/recipes-devtools/rsync/rsync_3.2.3.bb|  2 +-
>  .../iputils/iputils_s20200821.bb  |  2 +-
>  meta/recipes-extended/procps/procps_3.3.16.bb |  2 +-
>  .../libpng/libpng_1.6.37.bb   |  2 +-
>  .../libsndfile/libsndfile1_1.0.28.bb  |  2 +-
>  meta/recipes-support/lz4/lz4_1.9.2.bb |  2 +-
>  meta/recipes-support/sqlite/sqlite3_3.33.0.bb |  2 +-
>  12 files changed, 35 insertions(+), 34 deletions(-)
>
> diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
> index 17f64a8a9c..82b2b40da0 100644
> --- a/meta/classes/cve-check.bbclass
> +++ b/meta/classes/cve-check.bbclass
> @@ -40,15 +40,15 @@ CVE_CHECK_MANIFEST ?= 
> "${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.cve
>  CVE_CHECK_COPY_FILES ??= "1"
>  CVE_CHECK_CREATE_MANIFEST ??= "1"
>
> -# Whitelist for packages (PN)
> -CVE_CHECK_PN_WHITELIST ?= ""
> +# Safelist for packages (PN)
> +CVE_CHECK_PN_SAFELIST ?= ""
>
> -# Whitelist for CVE. If a CVE is found, then it is considered patched.
> +# Safelist for CVE. If a CVE is found, then it is considered patched.
>  # The value is a string containing space separated CVE values:
> -# 
> -# CVE_CHECK_WHITELIST = 'CVE-2014-2524 CVE-2018-1234'
> -# 
> -CVE_CHECK_WHITELIST ?= ""
> +#
> +# CVE_CHECK_SAFELIST = 'CVE-2014-2524 CVE-2018-1234'
> +#
> +CVE_CHECK_SAFELIST ?= ""
>
>  python cve_save_summary_handler () {
>  import shutil
> @@ -87,10 +87,10 @@ python do_cve_check () {
>  patched_cves = get_patches_cves(d)
>  except FileNotFoundError:
>  bb.fatal("Failure in searching patches")
> -whitelisted, patched, unpatched = check_cves(d, patched_cves)
> +safelisted, patched, unpatched = check_cves(d, patched_cves)
>  if patched or unpatched:
>  cve_data = get_cve_info(d, patched + unpatched)
> -cve_write_data(d, patched, unpatched, whitelisted, cve_data)
> +cve_write_data(d, patched, unpatched, safelisted, cve_data)
>  else:
>  bb.note("No CVE database found, skipping CVE check")
>
> @@ -213,15 +213,16 @@ def check_cves(d, patched_cves):
>  return ([], [], [])
>  pv = d.getVar("CVE_VERSION").split("+git")[0]
>
> -# If the recipe has been whitlisted we return empty lists
> -if d.getVar("PN") in d.getVar("CVE_CHECK_PN_WHITELIST").split():
> -bb.note("Recipe has been whitelisted, skipping check")
> +if d.getVar("CVE_CHECK_PN_WHITELIST"):
> +bb.warn("CVE_CHECK_PN_WHITELIST is deprecated, please use 
> CVE_CHECK_PN_SAFELIST.")
> +# If the recipe has been safelisted we return empty lists
> +if d.getVar("PN") in d.getVar("CVE_CHECK_PN_SAFELIST").split():
> +bb.note("Recipe has been safelisted, skipping check")
>  return ([], [], [])
>
> -old_cve_whitelist =  d.getVar("CVE_CHECK_CVE_WHITELIST")
> -if old_cve_whitelist:
> -bb.warn("CVE_CHECK_CVE_WHITELIST is deprecated, please use 
> CVE_CHECK_WHITELIST.")
> -cve_whitelist = d.getVar("CVE_CHECK_WHITELIST").split()
> +if d.getVar("CVE_CHECK_CVE_WHITELIST") or 
> d.getVar("CVE_CHECK_WHITELIST"):
> +bb.warn("CVE_CHECK_CVE_WHITELIST and CVE_CHECK_WHITELIST is 
> deprecated, please use CVE_CHECK_SAFELIST.")
> +cve_safelist = d.getVar("CVE_CHECK_SAFELIST").split()
>
>  import sqlite3
>  db_file = d.expand("file:${CVE_CHECK_DB_FILE}?mode=ro")
> @@ -238,9 +239,9 @@ def check_cves(d, patched_cves):
>  for cverow in conn.execute("SELECT DISTINCT ID FROM PRODUCTS WHERE 
> PRODUCT IS ? AND VENDOR LIKE ?", (product, vendor)):
>  cve = cverow[0]
>
> -if cve in cve_whitelist:
> -bb.note("%s-%s has been whitelisted for %s" % (product, pv, 
> cve))
> -# TODO: this should be in the report as 'whitelisted'
> +if cve in cve_safelist:
> +bb.note("%s-%s has been safelisted for %s" % (product, pv, 
> cve))
> +# TODO: this should be in the report as 'safelisted'
>  patched_cves.add(cve)
>  

[OE-core] Yocto Zeus stable branch

[akuster]

Hello,

The Zeus branch was defined as a transitional branch with a 9 month
stable cycle since LTS was created. The 3.0.4 was the last Zeus dot
release. We have since added several Build stabilization changes and
last minute backports . We intend on doing on last formal build cycle
but no QA so no formal dot release. After this action is complete,  
this branch will most like transition to Community Support and we will
see where it goes from there.

regards,
Armin
( On behalf of the Yocto Project® TSC)

Yocto Project® are registered trademark of the Linux Foundation.

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#142281): 
https://lists.openembedded.org/g/openembedded-core/message/142281
Mute This Topic: https://lists.openembedded.org/mt/76726721/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub  
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [yocto] Warrior and Thud stable branches

[akuster]

Sorry. still have the old email address in my contacts.

re-sending.

 Forwarded Message 
Subject:[yocto] Warrior and Thud stable branches
Date:   Tue, 8 Sep 2020 21:39:28 -0700
From:   akuster via lists.yoctoproject.org

Reply-To:   akuster...@gmail.com
To: openembedded-c...@openembedded.org
, yo...@yoctoproject.org
, OpenEmbedded Devel List
,
bitbake-de...@lists.openembedded.org 



Hello,

A few words regarding the older stable releases, Thud and Warrior.

Thud no longer has an active Community Maintainer so this release with
be move to the  EOL state.  Warrior did have a volunteer but no activity
to date and this branch will also move to the EOL state. This will take
affect tomorrow (Wednesday PST).

regards,
Armin


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#50521): https://lists.yoctoproject.org/g/yocto/message/50521
Mute This Topic: https://lists.yoctoproject.org/mt/76726389/3616698
Group Owner: yocto+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub  
[akuster...@gmail.com]
-=-=-=-=-=-=-=-=-=-=-=-

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#142280): 
https://lists.openembedded.org/g/openembedded-core/message/142280
Mute This Topic: https://lists.openembedded.org/mt/76726457/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub  
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [dunfell][PATCH] uninative: Upgrade to 2.9

[akuster]

From: Khem Raj 

This supports glibc upto 2.32 which is now rolling into distributions

Signed-off-by: Khem Raj 
Signed-off-by: Richard Purdie 
(cherry picked from commit 5cda8c7d642cfb72242c95f450e3391bd6537709)
Signed-off-by: Armin Kuster 
---
 meta/conf/distro/include/yocto-uninative.inc | 10 +-
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/meta/conf/distro/include/yocto-uninative.inc 
b/meta/conf/distro/include/yocto-uninative.inc
index 889695eae3..69b6edee5f 100644
--- a/meta/conf/distro/include/yocto-uninative.inc
+++ b/meta/conf/distro/include/yocto-uninative.inc
@@ -6,9 +6,9 @@
 # to the distro running on the build machine.
 #
 
-UNINATIVE_MAXGLIBCVERSION = "2.31"
+UNINATIVE_MAXGLIBCVERSION = "2.32"
 
-UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/2.8/;
-UNINATIVE_CHECKSUM[aarch64] ?= 
"989187344bf9539b464fb7ed9c223e51f4bdb4c7a677d2c314e6fed393176efe"
-UNINATIVE_CHECKSUM[i686] ?= 
"cc3e45bc8594488b407363e3fa9af5a099279dab2703c64342098719bd674990"
-UNINATIVE_CHECKSUM[x86_64] ?= 
"a09922172c3a439105e0ae6b943daad2d83505b17da0aba97961ff433b8c21ab"
+UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/2.9/;
+UNINATIVE_CHECKSUM[aarch64] ?= 
"9f25a667aee225b1dd65c4aea73e01983e825b1cb9b56937932a1ee328b45f81"
+UNINATIVE_CHECKSUM[i686] ?= 
"cae5d73245d95b07cf133b780ba3f6c8d0adca3ffc4e7e7fab61d5e24d36"
+UNINATIVE_CHECKSUM[x86_64] ?= 
"d07916b95c419c81541a19c8ef0ed8cbd78ae18437ff28a4c8a60ef40518e423"
-- 
2.17.1

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#142203): 
https://lists.openembedded.org/g/openembedded-core/message/142203
Mute This Topic: https://lists.openembedded.org/mt/76689810/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub  
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH 7/8] bind: Add 9.16.x

[akuster]

On 9/4/20 1:39 AM, Andrey Zhizhikin wrote:
> Hello Armin,
>
> On Tue, Sep 1, 2020 at 5:23 PM akuster  wrote:
>> Removed obsolete packageconfig options
>>
>> License change to MPL-2.0
>> https://gitlab.isc.org/isc-projects/bind9/blob/master/LICENSE
>>
>> Refreshed:
>> bind-ensure-searching-for-json-headers-searches-sysr.patch
>> 0001-named-lwresd-V-and-start-log-hide-build-options.patch
>> bind-ensure-searching-for-json-headers-searches-sysr.patch
>>
>> Drop obsolete patch: 0001-configure.in-remove-useless-L-use_openssl-lib.patch
>>
>> Signed-off-by: Armin Kuster 
>> ---
>>  ...1-avoid-start-failure-with-bind-user.patch |  27 ++
>>  ...d-V-and-start-log-hide-build-options.patch |  35 ++
>>  ...ching-for-json-headers-searches-sysr.patch |  47 +++
>>  .../bind/bind-9.16.5/bind9|   2 +
>>  .../bind/bind-9.16.5/conf.patch   | 330 ++
>>  .../bind/bind-9.16.5/generate-rndc-key.sh |   8 +
>>  ...t.d-add-support-for-read-only-rootfs.patch |  65 
>>  .../make-etc-initd-bind-stop-work.patch   |  42 +++
>>  .../bind/bind-9.16.5/named.service|  22 ++
>>  meta/recipes-connectivity/bind/bind_9.16.5.bb | 125 +++
>>  10 files changed, 703 insertions(+)
>>  create mode 100644 
>> meta/recipes-connectivity/bind/bind-9.16.5/0001-avoid-start-failure-with-bind-user.patch
>>  create mode 100644 
>> meta/recipes-connectivity/bind/bind-9.16.5/0001-named-lwresd-V-and-start-log-hide-build-options.patch
>>  create mode 100644 
>> meta/recipes-connectivity/bind/bind-9.16.5/bind-ensure-searching-for-json-headers-searches-sysr.patch
>>  create mode 100644 meta/recipes-connectivity/bind/bind-9.16.5/bind9
>>  create mode 100644 meta/recipes-connectivity/bind/bind-9.16.5/conf.patch
>>  create mode 100644 
>> meta/recipes-connectivity/bind/bind-9.16.5/generate-rndc-key.sh
>>  create mode 100644 
>> meta/recipes-connectivity/bind/bind-9.16.5/init.d-add-support-for-read-only-rootfs.patch
>>  create mode 100644 
>> meta/recipes-connectivity/bind/bind-9.16.5/make-etc-initd-bind-stop-work.patch
>>  create mode 100644 meta/recipes-connectivity/bind/bind-9.16.5/named.service
>>  create mode 100644 meta/recipes-connectivity/bind/bind_9.16.5.bb
>>
>> diff --git 
>> a/meta/recipes-connectivity/bind/bind-9.16.5/0001-avoid-start-failure-with-bind-user.patch
>>  
>> b/meta/recipes-connectivity/bind/bind-9.16.5/0001-avoid-start-failure-with-bind-user.patch
>> new file mode 100644
>> index 000..8db96ec049c
>> --- /dev/null
>> +++ 
>> b/meta/recipes-connectivity/bind/bind-9.16.5/0001-avoid-start-failure-with-bind-user.patch
>> @@ -0,0 +1,27 @@
>> +From 31dde3562f287429eea94b77250d184818b49063 Mon Sep 17 00:00:00 2001
>> +From: Chen Qi 
>> +Date: Mon, 15 Oct 2018 16:55:09 +0800
>> +Subject: [PATCH] avoid start failure with bind user
>> +
>> +Upstream-Status: Pending
>> +
>> +Signed-off-by: Chen Qi 
>> +---
>> + init.d | 1 +
>> + 1 file changed, 1 insertion(+)
>> +
>> +diff --git a/init.d b/init.d
>> +index b2eec60..6e03936 100644
>> +--- a/init.d
>>  b/init.d
>> +@@ -57,6 +57,7 @@ case "$1" in
>> +   modprobe capability >/dev/null 2>&1 || true
>> +   if [ ! -f /etc/bind/rndc.key ]; then
>> +   /usr/sbin/rndc-confgen -a -b 512 -r /dev/urandom
>> ++  chown root:bind /etc/bind/rndc.key >/dev/null 2>&1 || true
>> +   chmod 0640 /etc/bind/rndc.key
>> +   fi
>> +   if [ -f /var/run/named/named.pid ]; then
>> +--
>> +2.7.4
>> +
>> diff --git 
>> a/meta/recipes-connectivity/bind/bind-9.16.5/0001-named-lwresd-V-and-start-log-hide-build-options.patch
>>  
>> b/meta/recipes-connectivity/bind/bind-9.16.5/0001-named-lwresd-V-and-start-log-hide-build-options.patch
>> new file mode 100644
>> index 000..5bcc16c9b2b
>> --- /dev/null
>> +++ 
>> b/meta/recipes-connectivity/bind/bind-9.16.5/0001-named-lwresd-V-and-start-log-hide-build-options.patch
>> @@ -0,0 +1,35 @@
>> +From a3af4a405baf5ff582e82aaba392dd9667d94bdc Mon Sep 17 00:00:00 2001
>> +From: Hongxu Jia 
>> +Date: Mon, 27 Aug 2018 21:24:20 +0800
>> +Subject: [PATCH] `named/lwresd -V' and start log hide build options
>> +
>> +The build options expose build path directories, so hide them.
>> +[snip]
>> +$ named -V
>> +|built by make with *** (options are hidden)
>> +[snip]
>> +
>> +Upstream-Status: Inappropriate [oe-core specific]
>> +
>>

Re: [OE-core] [PATCH 6/8] dhcp: remove from core

[akuster]

On 9/1/20 11:10 AM, Khem Raj wrote:
> it seems its used by
> build-appliance-image and packagegroup-core-base-utils so you need to
> take care of that as well.

Richard caught that just after I sent he patch series.

He added a change for that.

http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?h=master-next=a5a4fa3d7cf7a88a7788e64306b8797e60999005

-armin
>  in meta-networking networkmanager recipe
> depends on it too which I think I can take care.
>
> On Tue, Sep 1, 2020 at 8:23 AM akuster  wrote:
>> update maintainers.inc too
>>
>> Signed-off-by: Armin Kuster 
>> ---
>>  meta/conf/distro/include/maintainers.inc  |   1 -
>>  meta/recipes-connectivity/dhcp/dhcp.inc   | 149 --
>>  ...TH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.patch |  27 
>>  ...-limitation-in-linux-dhclient-script.patch |  65 
>>  .../dhcp/dhcp/0002-dhclient-dbus.patch| 117 --
>>  .../dhcp/dhcp/0003-link-with-lcrypto.patch|  35 
>>  .../dhcp/0004-Fix-out-of-tree-builds.patch|  95 ---
>>  ...invoke-dhclient-script-failed-on-Rea.patch |  36 -
>>  ...gument-to-make-the-libxml2-dependenc.patch |  62 
>>  ...move-dhclient-script-bash-dependency.patch |  28 
>>  ...ct-the-intention-for-xml2-lib-search.patch |  34 
>>  .../dhcp/dhcp/0013-fixup_use_libbind.patch|  64 
>>  meta/recipes-connectivity/dhcp/dhcp_4.4.2.bb  |  23 ---
>>  .../dhcp/files/default-relay  |  12 --
>>  .../dhcp/files/default-server |   7 -
>>  .../dhcp/files/dhclient-systemd-wrapper   |  39 -
>>  .../dhcp/files/dhclient.conf  |  50 --
>>  .../dhcp/files/dhclient.service   |  13 --
>>  .../dhcp/files/dhcpd.conf | 108 -
>>  .../dhcp/files/dhcpd.service  |  15 --
>>  .../dhcp/files/dhcpd6.service |  15 --
>>  .../dhcp/files/dhcrelay.service   |  10 --
>>  .../dhcp/files/init-relay |  44 --
>>  .../dhcp/files/init-server|  44 --
>>  24 files changed, 1093 deletions(-)
>>  delete mode 100644 meta/recipes-connectivity/dhcp/dhcp.inc
>>  delete mode 100644 
>> meta/recipes-connectivity/dhcp/dhcp/0001-define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.patch
>>  delete mode 100644 
>> meta/recipes-connectivity/dhcp/dhcp/0001-workaround-busybox-limitation-in-linux-dhclient-script.patch
>>  delete mode 100644 
>> meta/recipes-connectivity/dhcp/dhcp/0002-dhclient-dbus.patch
>>  delete mode 100644 
>> meta/recipes-connectivity/dhcp/dhcp/0003-link-with-lcrypto.patch
>>  delete mode 100644 
>> meta/recipes-connectivity/dhcp/dhcp/0004-Fix-out-of-tree-builds.patch
>>  delete mode 100644 
>> meta/recipes-connectivity/dhcp/dhcp/0005-dhcp-client-fix-invoke-dhclient-script-failed-on-Rea.patch
>>  delete mode 100644 
>> meta/recipes-connectivity/dhcp/dhcp/0007-Add-configure-argument-to-make-the-libxml2-dependenc.patch
>>  delete mode 100644 
>> meta/recipes-connectivity/dhcp/dhcp/0009-remove-dhclient-script-bash-dependency.patch
>>  delete mode 100644 
>> meta/recipes-connectivity/dhcp/dhcp/0012-dhcp-correct-the-intention-for-xml2-lib-search.patch
>>  delete mode 100644 
>> meta/recipes-connectivity/dhcp/dhcp/0013-fixup_use_libbind.patch
>>  delete mode 100644 meta/recipes-connectivity/dhcp/dhcp_4.4.2.bb
>>  delete mode 100644 meta/recipes-connectivity/dhcp/files/default-relay
>>  delete mode 100644 meta/recipes-connectivity/dhcp/files/default-server
>>  delete mode 100644 
>> meta/recipes-connectivity/dhcp/files/dhclient-systemd-wrapper
>>  delete mode 100644 meta/recipes-connectivity/dhcp/files/dhclient.conf
>>  delete mode 100644 meta/recipes-connectivity/dhcp/files/dhclient.service
>>  delete mode 100644 meta/recipes-connectivity/dhcp/files/dhcpd.conf
>>  delete mode 100644 meta/recipes-connectivity/dhcp/files/dhcpd.service
>>  delete mode 100644 meta/recipes-connectivity/dhcp/files/dhcpd6.service
>>  delete mode 100644 meta/recipes-connectivity/dhcp/files/dhcrelay.service
>>  delete mode 100644 meta/recipes-connectivity/dhcp/files/init-relay
>>  delete mode 100644 meta/recipes-connectivity/dhcp/files/init-server
>>
>> diff --git a/meta/conf/distro/include/maintainers.inc 
>> b/meta/conf/distro/include/maintainers.inc
>> index 27e3474da8b..a55dbfa13c9 100644
>> --- a/meta/conf/distro/include/maintainers.inc
>> +++ b/meta/conf/distro/include/maintainers.inc
>> @@ -143,7 +143,6 @@ RECIPE_MAINTAINER_pn-debianutils = "Yi Zhao 
>> "
>>  RE

[OE-core] [PATCH 6/8] dhcp: remove from core

[akuster]

update maintainers.inc too

Signed-off-by: Armin Kuster 
---
 meta/conf/distro/include/maintainers.inc  |   1 -
 meta/recipes-connectivity/dhcp/dhcp.inc   | 149 --
 ...TH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.patch |  27 
 ...-limitation-in-linux-dhclient-script.patch |  65 
 .../dhcp/dhcp/0002-dhclient-dbus.patch| 117 --
 .../dhcp/dhcp/0003-link-with-lcrypto.patch|  35 
 .../dhcp/0004-Fix-out-of-tree-builds.patch|  95 ---
 ...invoke-dhclient-script-failed-on-Rea.patch |  36 -
 ...gument-to-make-the-libxml2-dependenc.patch |  62 
 ...move-dhclient-script-bash-dependency.patch |  28 
 ...ct-the-intention-for-xml2-lib-search.patch |  34 
 .../dhcp/dhcp/0013-fixup_use_libbind.patch|  64 
 meta/recipes-connectivity/dhcp/dhcp_4.4.2.bb  |  23 ---
 .../dhcp/files/default-relay  |  12 --
 .../dhcp/files/default-server |   7 -
 .../dhcp/files/dhclient-systemd-wrapper   |  39 -
 .../dhcp/files/dhclient.conf  |  50 --
 .../dhcp/files/dhclient.service   |  13 --
 .../dhcp/files/dhcpd.conf | 108 -
 .../dhcp/files/dhcpd.service  |  15 --
 .../dhcp/files/dhcpd6.service |  15 --
 .../dhcp/files/dhcrelay.service   |  10 --
 .../dhcp/files/init-relay |  44 --
 .../dhcp/files/init-server|  44 --
 24 files changed, 1093 deletions(-)
 delete mode 100644 meta/recipes-connectivity/dhcp/dhcp.inc
 delete mode 100644 
meta/recipes-connectivity/dhcp/dhcp/0001-define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.patch
 delete mode 100644 
meta/recipes-connectivity/dhcp/dhcp/0001-workaround-busybox-limitation-in-linux-dhclient-script.patch
 delete mode 100644 meta/recipes-connectivity/dhcp/dhcp/0002-dhclient-dbus.patch
 delete mode 100644 
meta/recipes-connectivity/dhcp/dhcp/0003-link-with-lcrypto.patch
 delete mode 100644 
meta/recipes-connectivity/dhcp/dhcp/0004-Fix-out-of-tree-builds.patch
 delete mode 100644 
meta/recipes-connectivity/dhcp/dhcp/0005-dhcp-client-fix-invoke-dhclient-script-failed-on-Rea.patch
 delete mode 100644 
meta/recipes-connectivity/dhcp/dhcp/0007-Add-configure-argument-to-make-the-libxml2-dependenc.patch
 delete mode 100644 
meta/recipes-connectivity/dhcp/dhcp/0009-remove-dhclient-script-bash-dependency.patch
 delete mode 100644 
meta/recipes-connectivity/dhcp/dhcp/0012-dhcp-correct-the-intention-for-xml2-lib-search.patch
 delete mode 100644 
meta/recipes-connectivity/dhcp/dhcp/0013-fixup_use_libbind.patch
 delete mode 100644 meta/recipes-connectivity/dhcp/dhcp_4.4.2.bb
 delete mode 100644 meta/recipes-connectivity/dhcp/files/default-relay
 delete mode 100644 meta/recipes-connectivity/dhcp/files/default-server
 delete mode 100644 
meta/recipes-connectivity/dhcp/files/dhclient-systemd-wrapper
 delete mode 100644 meta/recipes-connectivity/dhcp/files/dhclient.conf
 delete mode 100644 meta/recipes-connectivity/dhcp/files/dhclient.service
 delete mode 100644 meta/recipes-connectivity/dhcp/files/dhcpd.conf
 delete mode 100644 meta/recipes-connectivity/dhcp/files/dhcpd.service
 delete mode 100644 meta/recipes-connectivity/dhcp/files/dhcpd6.service
 delete mode 100644 meta/recipes-connectivity/dhcp/files/dhcrelay.service
 delete mode 100644 meta/recipes-connectivity/dhcp/files/init-relay
 delete mode 100644 meta/recipes-connectivity/dhcp/files/init-server

diff --git a/meta/conf/distro/include/maintainers.inc 
b/meta/conf/distro/include/maintainers.inc
index 27e3474da8b..a55dbfa13c9 100644
--- a/meta/conf/distro/include/maintainers.inc
+++ b/meta/conf/distro/include/maintainers.inc
@@ -143,7 +143,6 @@ RECIPE_MAINTAINER_pn-debianutils = "Yi Zhao 
"
 RECIPE_MAINTAINER_pn-dejagnu = "Nathan Rossi "
 RECIPE_MAINTAINER_pn-depmodwrapper-cross = "Unassigned 
"
 RECIPE_MAINTAINER_pn-desktop-file-utils = "Alexander Kanavin 
"
-RECIPE_MAINTAINER_pn-dhcp = "Hongxu Jia "
 RECIPE_MAINTAINER_pn-dhcpd = "Armin Kuster "
 RECIPE_MAINTAINER_pn-diffoscope = "Joshua Watt "
 RECIPE_MAINTAINER_pn-diffstat = "Chen Qi "
diff --git a/meta/recipes-connectivity/dhcp/dhcp.inc 
b/meta/recipes-connectivity/dhcp/dhcp.inc
deleted file mode 100644
index d46130d49b9..000
--- a/meta/recipes-connectivity/dhcp/dhcp.inc
+++ /dev/null
@@ -1,149 +0,0 @@
-SECTION = "console/network"
-SUMMARY = "Internet Software Consortium DHCP package"
-DESCRIPTION = "DHCP (Dynamic Host Configuration Protocol) is a protocol \
-which allows individual devices on an IP network to get their own \
-network configuration information from a server.  DHCP helps make it \
-easier to administer devices."
-
-HOMEPAGE = "http://www.isc.org/;
-
-LICENSE = "ISC"
-LIC_FILES_CHKSUM = 
"file://LICENSE;beginline=4;md5=004a4db50a1e20972e924a8618747c01"
-
-DEPENDS = "openssl bind"
-
-SRC_URI = "http://ftp.isc.org/isc/dhcp/${PV}/dhcp-${PV}.tar.gz \
-   file://init-relay 

[OE-core] [PATCH 1/8] log4cplus: move meta-oe pkg to core

[akuster]

pkg need for kea

Signed-off-by: Armin Kuster 
---
 .../log4cplus/log4cplus_2.0.5.bb  | 19 +++
 1 file changed, 19 insertions(+)
 create mode 100644 meta/recipes-devtools/log4cplus/log4cplus_2.0.5.bb

diff --git a/meta/recipes-devtools/log4cplus/log4cplus_2.0.5.bb 
b/meta/recipes-devtools/log4cplus/log4cplus_2.0.5.bb
new file mode 100644
index 000..967ac7623a3
--- /dev/null
+++ b/meta/recipes-devtools/log4cplus/log4cplus_2.0.5.bb
@@ -0,0 +1,19 @@
+SUMMARY = "log4cplus provides a simple C++ logging API for log management"
+SECTION = "libs"
+HOMEPAGE = "http://sourceforge.net/projects/log4cplus/;
+BUGTRACKER = "http://sourceforge.net/p/log4cplus/bugs/;
+
+LICENSE = "Apache-2.0 & BSD-2-Clause"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=41e8e060c26822886b592ab4765c756b"
+
+SRC_URI = 
"${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}-stable/${PV}/${BP}.tar.gz \
+  "
+SRC_URI[md5sum] = "71dd956bf686195127559671f1426cff"
+SRC_URI[sha256sum] = 
"c07115c23219390633798def30b7b51a0f79fdeb857e4b49632f17746d0ceb97"
+
+UPSTREAM_CHECK_URI = 
"https://sourceforge.net/projects/log4cplus/files/log4cplus-stable/;
+UPSTREAM_CHECK_REGEX = "log4cplus-stable/(?P\d+(\.\d+)+)/"
+
+inherit autotools pkgconfig
+
+BBCLASSEXTEND = "native"
-- 
2.17.1

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#142060): 
https://lists.openembedded.org/g/openembedded-core/message/142060
Mute This Topic: https://lists.openembedded.org/mt/76558731/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub  
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 2/8] kea: Move from meta-networking

[akuster]

Signed-off-by: Armin Kuster 
---
 .../kea/files/0001-remove-AC_TRY_RUN.patch| 34 ++
 .../kea/files/kea-dhcp-ddns.service   | 13 
 .../kea/files/kea-dhcp4.service   | 13 
 .../kea/files/kea-dhcp6.service   | 13 
 meta/recipes-connectivity/kea/kea_1.7.7.bb| 67 +++
 5 files changed, 140 insertions(+)
 create mode 100644 
meta/recipes-connectivity/kea/files/0001-remove-AC_TRY_RUN.patch
 create mode 100644 meta/recipes-connectivity/kea/files/kea-dhcp-ddns.service
 create mode 100644 meta/recipes-connectivity/kea/files/kea-dhcp4.service
 create mode 100644 meta/recipes-connectivity/kea/files/kea-dhcp6.service
 create mode 100644 meta/recipes-connectivity/kea/kea_1.7.7.bb

diff --git a/meta/recipes-connectivity/kea/files/0001-remove-AC_TRY_RUN.patch 
b/meta/recipes-connectivity/kea/files/0001-remove-AC_TRY_RUN.patch
new file mode 100644
index 000..d7ca9ff8fa5
--- /dev/null
+++ b/meta/recipes-connectivity/kea/files/0001-remove-AC_TRY_RUN.patch
@@ -0,0 +1,34 @@
+From 9d6b8321c5b46199baca907f3d42bdcaaf1958a8 Mon Sep 17 00:00:00 2001
+From: Mingli Yu 
+Date: Thu, 23 May 2019 23:59:42 -0700
+Subject: [PATCH] remove AC_TRY_RUN
+
+AC_TRY_RUN doesn't work in cross compile env,
+use AC_COMPILE_IFELSE instead to fix below configure
+error:
+ | checking for usuable C++11 regex... configure: error: in 
`/builddir/tmp/work/core2-64-poky-linux/kea/1.5.0-r0/build':
+ | configure: error: cannot run test program while cross compiling
+
+Upstream-Status: Inappropriate [oe specific]
+
+Signed-off-by: Mingli Yu 
+---
+ configure.ac | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index c880b77..dd40c7c 100644
+--- a/configure.ac
 b/configure.ac
+@@ -580,7 +580,7 @@ AC_TRY_COMPILE([
+ AC_MSG_RESULT(no))
+ 
+ AC_MSG_CHECKING(for usuable C++11 regex)
+-AC_TRY_RUN([
++AC_COMPILE_IFELSE([
+ #include 
+ #include 
+ int main() {
+-- 
+2.21.0
+
diff --git a/meta/recipes-connectivity/kea/files/kea-dhcp-ddns.service 
b/meta/recipes-connectivity/kea/files/kea-dhcp-ddns.service
new file mode 100644
index 000..91aa2eb14f0
--- /dev/null
+++ b/meta/recipes-connectivity/kea/files/kea-dhcp-ddns.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=Kea DHCP-DDNS Server
+Wants=network-online.target
+After=network-online.target
+After=time-sync.target
+
+[Service]
+ExecStartPre=@BASE_BINDIR@/mkdir -p @LOCALSTATEDIR@/run/kea/
+ExecStartPre=@BASE_BINDIR@/mkdir -p @LOCALSTATEDIR@/kea
+ExecStart=@SBINDIR@/kea-dhcp-ddns -c @SYSCONFDIR@/kea/kea-dhcp-ddns.conf
+
+[Install]
+WantedBy=multi-user.target
diff --git a/meta/recipes-connectivity/kea/files/kea-dhcp4.service 
b/meta/recipes-connectivity/kea/files/kea-dhcp4.service
new file mode 100644
index 000..b851ea71c53
--- /dev/null
+++ b/meta/recipes-connectivity/kea/files/kea-dhcp4.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=Kea DHCPv4 Server
+Wants=network-online.target
+After=network-online.target
+After=time-sync.target
+
+[Service]
+ExecStartPre=@BASE_BINDIR@/mkdir -p @LOCALSTATEDIR@/run/kea/
+ExecStartPre=@BASE_BINDIR@/mkdir -p @LOCALSTATEDIR@/lib/kea
+ExecStart=@SBINDIR@/kea-dhcp4 -c @SYSCONFDIR@/kea/kea-dhcp4.conf
+
+[Install]
+WantedBy=multi-user.target
diff --git a/meta/recipes-connectivity/kea/files/kea-dhcp6.service 
b/meta/recipes-connectivity/kea/files/kea-dhcp6.service
new file mode 100644
index 000..0f9f0ef8d98
--- /dev/null
+++ b/meta/recipes-connectivity/kea/files/kea-dhcp6.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=Kea DHCPv6 Server
+Wants=network-online.target
+After=network-online.target
+After=time-sync.target
+
+[Service]
+ExecStartPre=@BASE_BINDIR@/mkdir -p @LOCALSTATEDIR@/run/kea/
+ExecStartPre=@BASE_BINDIR@/mkdir -p @LOCALSTATEDIR@/lib/kea
+ExecStart=@SBINDIR@/kea-dhcp6 -c @SYSCONFDIR@/kea/kea-dhcp6.conf
+
+[Install]
+WantedBy=multi-user.target
diff --git a/meta/recipes-connectivity/kea/kea_1.7.7.bb 
b/meta/recipes-connectivity/kea/kea_1.7.7.bb
new file mode 100644
index 000..e25f8e6fb0b
--- /dev/null
+++ b/meta/recipes-connectivity/kea/kea_1.7.7.bb
@@ -0,0 +1,67 @@
+SUMMARY = "ISC Kea DHCP Server"
+DESCRIPTION = "Kea is the next generation of DHCP software developed by ISC. 
It supports both DHCPv4 and DHCPv6 protocols along with their extensions, e.g. 
prefix delegation and dynamic updates to DNS."
+HOMEPAGE = "http://kea.isc.org;
+SECTION = "connectivity"
+LICENSE = "MPL-2.0 & Apache-2.0"
+LIC_FILES_CHKSUM = "file://COPYING;md5=68d95543d2096459290a4e6b9ceccffa"
+
+DEPENDS += "kea-native"
+
+SRC_URI = "\
+http://ftp.isc.org/isc/kea/${PV}/${BP}.tar.gz \
+file://0001-remove-AC_TRY_RUN.patch \
+file://kea-dhcp4.service \
+file://kea-dhcp6.service \
+file://kea-dhcp-ddns.service \
+"
+SRC_URI[md5sum] = "4f8d1251fd41ef2e822a4eb3f0797d46"
+SRC_URI[sha256sum] = 
"0bba8b045672884a928ff4b2a8575ac5ba420eb6ba47a9338f1932bc38dcf866"
+
+inherit autotools systemd
+
+SYSTEMD_SERVICE_${PN} = 

[OE-core] [PATCH 5/8] maintainers.inc: Add me as dhcpd maintainer

[akuster]

Signed-off-by: Armin Kuster 
---
 meta/conf/distro/include/maintainers.inc | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/conf/distro/include/maintainers.inc 
b/meta/conf/distro/include/maintainers.inc
index b83be2c5f9e..27e3474da8b 100644
--- a/meta/conf/distro/include/maintainers.inc
+++ b/meta/conf/distro/include/maintainers.inc
@@ -144,6 +144,7 @@ RECIPE_MAINTAINER_pn-dejagnu = "Nathan Rossi 
"
 RECIPE_MAINTAINER_pn-depmodwrapper-cross = "Unassigned 
"
 RECIPE_MAINTAINER_pn-desktop-file-utils = "Alexander Kanavin 
"
 RECIPE_MAINTAINER_pn-dhcp = "Hongxu Jia "
+RECIPE_MAINTAINER_pn-dhcpd = "Armin Kuster "
 RECIPE_MAINTAINER_pn-diffoscope = "Joshua Watt "
 RECIPE_MAINTAINER_pn-diffstat = "Chen Qi "
 RECIPE_MAINTAINER_pn-diffutils = "Chen Qi "
-- 
2.17.1

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#142064): 
https://lists.openembedded.org/g/openembedded-core/message/142064
Mute This Topic: https://lists.openembedded.org/mt/76558737/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub  
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 3/8] maintainers.inc: Add me as kea & log4plus maintainer.

[akuster]

Signed-off-by: Armin Kuster 
---
 meta/conf/distro/include/maintainers.inc | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/conf/distro/include/maintainers.inc 
b/meta/conf/distro/include/maintainers.inc
index c3a1f273328..b83be2c5f9e 100644
--- a/meta/conf/distro/include/maintainers.inc
+++ b/meta/conf/distro/include/maintainers.inc
@@ -287,6 +287,7 @@ RECIPE_MAINTAINER_pn-json-c = "Yi Zhao 
"
 RECIPE_MAINTAINER_pn-json-glib = "Yi Zhao "
 RECIPE_MAINTAINER_pn-jquery = "Joshua Watt "
 RECIPE_MAINTAINER_pn-kbd = "Alexander Kanavin "
+RECIPE_MAINTAINER_pn-kea = "Armin Kuster "
 RECIPE_MAINTAINER_pn-kern-tools-native = "Bruce Ashfield 
"
 RECIPE_MAINTAINER_pn-kernel-devsrc = "Bruce Ashfield 
"
 RECIPE_MAINTAINER_pn-kexec-tools = "Armin Kuster "
@@ -450,6 +451,7 @@ RECIPE_MAINTAINER_pn-linux-yocto-rt = "Bruce Ashfield 

 RECIPE_MAINTAINER_pn-linux-yocto-tiny = "Bruce Ashfield 
"
 RECIPE_MAINTAINER_pn-llvm = "Khem Raj "
 RECIPE_MAINTAINER_pn-logrotate = "Yi Zhao "
+RECIPE_MAINTAINER_pn-log4cplus = "Armin Kuster "
 RECIPE_MAINTAINER_pn-lrzsz = "Anuj Mittal "
 RECIPE_MAINTAINER_pn-lsb-release = "Hongxu Jia "
 RECIPE_MAINTAINER_pn-lsof = "Ross Burton "
-- 
2.17.1

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#142062): 
https://lists.openembedded.org/g/openembedded-core/message/142062
Mute This Topic: https://lists.openembedded.org/mt/76558733/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub  
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 8/8] bind: 9.11 remove

[akuster]

Signed-off-by: Armin Kuster 
---
 ...1-avoid-start-failure-with-bind-user.patch |  27 --
 in-remove-useless-L-use_openssl-lib.patch |  30 --
 ...d-V-and-start-log-hide-build-options.patch |  34 --
 ...ching-for-json-headers-searches-sysr.patch |  47 ---
 meta/recipes-connectivity/bind/bind/bind9 |   2 -
 .../recipes-connectivity/bind/bind/conf.patch | 330 --
 .../bind/bind/generate-rndc-key.sh|   8 -
 ...t.d-add-support-for-read-only-rootfs.patch |  65 
 .../bind/make-etc-initd-bind-stop-work.patch  |  42 ---
 .../bind/bind/named.service   |  22 --
 .../recipes-connectivity/bind/bind_9.11.22.bb | 140 
 11 files changed, 747 deletions(-)
 delete mode 100644 
meta/recipes-connectivity/bind/bind/0001-avoid-start-failure-with-bind-user.patch
 delete mode 100644 
meta/recipes-connectivity/bind/bind/0001-configure.in-remove-useless-L-use_openssl-lib.patch
 delete mode 100644 
meta/recipes-connectivity/bind/bind/0001-named-lwresd-V-and-start-log-hide-build-options.patch
 delete mode 100644 
meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch
 delete mode 100644 meta/recipes-connectivity/bind/bind/bind9
 delete mode 100644 meta/recipes-connectivity/bind/bind/conf.patch
 delete mode 100644 meta/recipes-connectivity/bind/bind/generate-rndc-key.sh
 delete mode 100644 
meta/recipes-connectivity/bind/bind/init.d-add-support-for-read-only-rootfs.patch
 delete mode 100644 
meta/recipes-connectivity/bind/bind/make-etc-initd-bind-stop-work.patch
 delete mode 100644 meta/recipes-connectivity/bind/bind/named.service
 delete mode 100644 meta/recipes-connectivity/bind/bind_9.11.22.bb

diff --git 
a/meta/recipes-connectivity/bind/bind/0001-avoid-start-failure-with-bind-user.patch
 
b/meta/recipes-connectivity/bind/bind/0001-avoid-start-failure-with-bind-user.patch
deleted file mode 100644
index 8db96ec049c..000
--- 
a/meta/recipes-connectivity/bind/bind/0001-avoid-start-failure-with-bind-user.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From 31dde3562f287429eea94b77250d184818b49063 Mon Sep 17 00:00:00 2001
-From: Chen Qi 
-Date: Mon, 15 Oct 2018 16:55:09 +0800
-Subject: [PATCH] avoid start failure with bind user
-
-Upstream-Status: Pending
-
-Signed-off-by: Chen Qi 

- init.d | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/init.d b/init.d
-index b2eec60..6e03936 100644
 a/init.d
-+++ b/init.d
-@@ -57,6 +57,7 @@ case "$1" in
-   modprobe capability >/dev/null 2>&1 || true
-   if [ ! -f /etc/bind/rndc.key ]; then
-   /usr/sbin/rndc-confgen -a -b 512 -r /dev/urandom
-+  chown root:bind /etc/bind/rndc.key >/dev/null 2>&1 || true
-   chmod 0640 /etc/bind/rndc.key
-   fi
-   if [ -f /var/run/named/named.pid ]; then
--- 
-2.7.4
-
diff --git 
a/meta/recipes-connectivity/bind/bind/0001-configure.in-remove-useless-L-use_openssl-lib.patch
 
b/meta/recipes-connectivity/bind/bind/0001-configure.in-remove-useless-L-use_openssl-lib.patch
deleted file mode 100644
index 9d31b980807..000
--- 
a/meta/recipes-connectivity/bind/bind/0001-configure.in-remove-useless-L-use_openssl-lib.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From 2325a92f1896a2a7f586611686801b41fbc91b50 Mon Sep 17 00:00:00 2001
-From: Hongxu Jia 
-Date: Mon, 27 Aug 2018 15:00:51 +0800
-Subject: [PATCH] configure.in: remove useless `-L$use_openssl/lib'
-
-Since `--with-openssl=${STAGING_DIR_HOST}${prefix}' is used in bind recipe,
-the `-L$use_openssl/lib' has a hardcoded suffix, removing it is harmless
-and helpful for clean up host build path in isc-config.sh
-
-Upstream-Status: Inappropriate [oe-core specific]
-
-Signed-off-by: Hongxu Jia 
-

- configure.ac | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/configure.ac b/configure.ac
-index e85a5c6..2bbfc58 100644
 a/configure.ac
-+++ b/configure.ac
-@@ -1631,7 +1631,7 @@ If you don't want OpenSSL, use --without-openssl])
-   fi
-   ;;
-   *)
--  DST_OPENSSL_LIBS="-L$use_openssl/lib -lcrypto"
-+  DST_OPENSSL_LIBS="-lcrypto"
-   ;;
-   esac
-   fi
diff --git 
a/meta/recipes-connectivity/bind/bind/0001-named-lwresd-V-and-start-log-hide-build-options.patch
 
b/meta/recipes-connectivity/bind/bind/0001-named-lwresd-V-and-start-log-hide-build-options.patch
deleted file mode 100644
index 75908aa638f..000
--- 
a/meta/recipes-connectivity/bind/bind/0001-named-lwresd-V-and-start-log-hide-build-options.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From a3af4a405baf5ff582e82aaba392dd9667d94bdc Mon Sep 17 00:00:00 2001
-From: Hongxu Jia 
-Date: Mon, 27 Aug 2018 21:24:20 +0800
-Subject: [PATCH] `named/lwresd -V' and start log hide build options
-
-The build options expose build path directories, so hide them.
-[snip]
-$ named -V
-|built by make with *** (options 

[OE-core] [PATCH 7/8] bind: Add 9.16.x

[akuster]

Removed obsolete packageconfig options

License change to MPL-2.0
https://gitlab.isc.org/isc-projects/bind9/blob/master/LICENSE

Refreshed:
bind-ensure-searching-for-json-headers-searches-sysr.patch
0001-named-lwresd-V-and-start-log-hide-build-options.patch
bind-ensure-searching-for-json-headers-searches-sysr.patch

Drop obsolete patch: 0001-configure.in-remove-useless-L-use_openssl-lib.patch

Signed-off-by: Armin Kuster 
---
 ...1-avoid-start-failure-with-bind-user.patch |  27 ++
 ...d-V-and-start-log-hide-build-options.patch |  35 ++
 ...ching-for-json-headers-searches-sysr.patch |  47 +++
 .../bind/bind-9.16.5/bind9|   2 +
 .../bind/bind-9.16.5/conf.patch   | 330 ++
 .../bind/bind-9.16.5/generate-rndc-key.sh |   8 +
 ...t.d-add-support-for-read-only-rootfs.patch |  65 
 .../make-etc-initd-bind-stop-work.patch   |  42 +++
 .../bind/bind-9.16.5/named.service|  22 ++
 meta/recipes-connectivity/bind/bind_9.16.5.bb | 125 +++
 10 files changed, 703 insertions(+)
 create mode 100644 
meta/recipes-connectivity/bind/bind-9.16.5/0001-avoid-start-failure-with-bind-user.patch
 create mode 100644 
meta/recipes-connectivity/bind/bind-9.16.5/0001-named-lwresd-V-and-start-log-hide-build-options.patch
 create mode 100644 
meta/recipes-connectivity/bind/bind-9.16.5/bind-ensure-searching-for-json-headers-searches-sysr.patch
 create mode 100644 meta/recipes-connectivity/bind/bind-9.16.5/bind9
 create mode 100644 meta/recipes-connectivity/bind/bind-9.16.5/conf.patch
 create mode 100644 
meta/recipes-connectivity/bind/bind-9.16.5/generate-rndc-key.sh
 create mode 100644 
meta/recipes-connectivity/bind/bind-9.16.5/init.d-add-support-for-read-only-rootfs.patch
 create mode 100644 
meta/recipes-connectivity/bind/bind-9.16.5/make-etc-initd-bind-stop-work.patch
 create mode 100644 meta/recipes-connectivity/bind/bind-9.16.5/named.service
 create mode 100644 meta/recipes-connectivity/bind/bind_9.16.5.bb

diff --git 
a/meta/recipes-connectivity/bind/bind-9.16.5/0001-avoid-start-failure-with-bind-user.patch
 
b/meta/recipes-connectivity/bind/bind-9.16.5/0001-avoid-start-failure-with-bind-user.patch
new file mode 100644
index 000..8db96ec049c
--- /dev/null
+++ 
b/meta/recipes-connectivity/bind/bind-9.16.5/0001-avoid-start-failure-with-bind-user.patch
@@ -0,0 +1,27 @@
+From 31dde3562f287429eea94b77250d184818b49063 Mon Sep 17 00:00:00 2001
+From: Chen Qi 
+Date: Mon, 15 Oct 2018 16:55:09 +0800
+Subject: [PATCH] avoid start failure with bind user
+
+Upstream-Status: Pending
+
+Signed-off-by: Chen Qi 
+---
+ init.d | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/init.d b/init.d
+index b2eec60..6e03936 100644
+--- a/init.d
 b/init.d
+@@ -57,6 +57,7 @@ case "$1" in
+   modprobe capability >/dev/null 2>&1 || true
+   if [ ! -f /etc/bind/rndc.key ]; then
+   /usr/sbin/rndc-confgen -a -b 512 -r /dev/urandom
++  chown root:bind /etc/bind/rndc.key >/dev/null 2>&1 || true
+   chmod 0640 /etc/bind/rndc.key
+   fi
+   if [ -f /var/run/named/named.pid ]; then
+-- 
+2.7.4
+
diff --git 
a/meta/recipes-connectivity/bind/bind-9.16.5/0001-named-lwresd-V-and-start-log-hide-build-options.patch
 
b/meta/recipes-connectivity/bind/bind-9.16.5/0001-named-lwresd-V-and-start-log-hide-build-options.patch
new file mode 100644
index 000..5bcc16c9b2b
--- /dev/null
+++ 
b/meta/recipes-connectivity/bind/bind-9.16.5/0001-named-lwresd-V-and-start-log-hide-build-options.patch
@@ -0,0 +1,35 @@
+From a3af4a405baf5ff582e82aaba392dd9667d94bdc Mon Sep 17 00:00:00 2001
+From: Hongxu Jia 
+Date: Mon, 27 Aug 2018 21:24:20 +0800
+Subject: [PATCH] `named/lwresd -V' and start log hide build options
+
+The build options expose build path directories, so hide them.
+[snip]
+$ named -V
+|built by make with *** (options are hidden)
+[snip]
+
+Upstream-Status: Inappropriate [oe-core specific]
+
+Signed-off-by: Hongxu Jia 
+
+Refreshed for 9.16.0
+Signed-off-by: Armin Kuster 
+
+---
+ bin/named/include/named/globals.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Index: bind-9.16.0/bin/named/include/named/globals.h
+===
+--- bind-9.16.0.orig/bin/named/include/named/globals.h
 bind-9.16.0/bin/named/include/named/globals.h
+@@ -69,7 +69,7 @@ EXTERN const char *named_g_version I
+ EXTERN const char *named_g_product INIT(PRODUCT);
+ EXTERN const char *named_g_description INIT(DESCRIPTION);
+ EXTERN const char *named_g_srcid   INIT(SRCID);
+-EXTERN const char *named_g_configargs  INIT(CONFIGARGS);
++EXTERN const char *named_g_configargs  INIT("*** (options are hidden)");
+ EXTERN const char *named_g_builder INIT(BUILDER);
+ EXTERN in_port_t named_g_portINIT(0);
+ EXTERN isc_dscp_t named_g_dscp   INIT(-1);
diff --git 
a/meta/recipes-connectivity/bind/bind-9.16.5/bind-ensure-searching-for-json-headers-searches-sysr.patch
 

[OE-core] [PATCH 4/8] dhcpd: move from meta-network need a client

[akuster]

Signed-off-by: Armin Kuster 
---
 .../dhcpcd/dhcpcd_9.1.4.bb| 28 
 ...e-INCLUDEDIR-to-prevent-build-issues.patch | 45 +++
 2 files changed, 73 insertions(+)
 create mode 100644 meta/recipes-connectivity/dhcpcd/dhcpcd_9.1.4.bb
 create mode 100644 
meta/recipes-connectivity/dhcpcd/files/0001-remove-INCLUDEDIR-to-prevent-build-issues.patch

diff --git a/meta/recipes-connectivity/dhcpcd/dhcpcd_9.1.4.bb 
b/meta/recipes-connectivity/dhcpcd/dhcpcd_9.1.4.bb
new file mode 100644
index 000..defd3420f02
--- /dev/null
+++ b/meta/recipes-connectivity/dhcpcd/dhcpcd_9.1.4.bb
@@ -0,0 +1,28 @@
+SECTION = "console/network"
+SUMMARY = "dhcpcd - a DHCP client"
+DESCRIPTION = "dhcpcd runs on your machine and silently configures your \
+   computer to work on the attached networks without trouble \
+   and mostly without configuration."
+
+HOMEPAGE = "http://roy.marples.name/projects/dhcpcd/;
+
+LICENSE = "BSD-2-Clause"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=9674cc803c5d71306941e6e8b5c002f2"
+
+UPSTREAM_CHECK_URI = "https://roy.marples.name/downloads/dhcpcd/;
+
+SRC_URI = "http://roy.marples.name/downloads/${BPN}/${BPN}-${PV}.tar.xz \
+   file://0001-remove-INCLUDEDIR-to-prevent-build-issues.patch"
+
+SRC_URI[sha256sum] = 
"5fe133e5497d8af6d26bd6e6b8dd48ab12d124d6cc4cefe6de6536ff97f76820"
+
+inherit pkgconfig autotools-brokensep
+
+PACKAGECONFIG ?= "udev ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}"
+
+PACKAGECONFIG[udev] = "--with-udev,--without-udev,udev,udev"
+PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6"
+
+EXTRA_OECONF = "--enable-ipv4"
+
+FILES_${PN}-dbg += "${libdir}/dhcpcd/dev/.debug"
diff --git 
a/meta/recipes-connectivity/dhcpcd/files/0001-remove-INCLUDEDIR-to-prevent-build-issues.patch
 
b/meta/recipes-connectivity/dhcpcd/files/0001-remove-INCLUDEDIR-to-prevent-build-issues.patch
new file mode 100644
index 000..37d2344438a
--- /dev/null
+++ 
b/meta/recipes-connectivity/dhcpcd/files/0001-remove-INCLUDEDIR-to-prevent-build-issues.patch
@@ -0,0 +1,45 @@
+From aa9e3982c1e75ad49945a62f5e262279c7a905a4 Mon Sep 17 00:00:00 2001
+From: Stefano Cappa 
+Date: Sun, 13 Jan 2019 01:50:52 +0100
+Subject: [PATCH] remove INCLUDEDIR to prevent build issues
+
+Upstream-Status: Pending
+
+Signed-off-by: Stefano Cappa 
+---
+ configure | 5 -
+ 1 file changed, 5 deletions(-)
+
+diff --git a/configure b/configure
+index 6c81e0db..32dea2b4 100755
+--- a/configure
 b/configure
+@@ -20,7 +20,6 @@ BUILD=
+ HOST=
+ HOSTCC=
+ TARGET=
+-INCLUDEDIR=
+ DEBUG=
+ FORK=
+ STATIC=
+@@ -72,7 +71,6 @@ for x do
+   --mandir) MANDIR=$var;;
+   --datadir) DATADIR=$var;;
+   --with-ccopts|CFLAGS) CFLAGS=$var;;
+-  -I|--includedir) INCLUDEDIR="$INCLUDEDIR${INCLUDEDIR:+ }-I$var";;
+   CC) CC=$var;;
+   CPPFLAGS) CPPFLAGS=$var;;
+   PKG_CONFIG) PKG_CONFIG=$var;;
+@@ -309,9 +307,6 @@ if [ -n "$CPPFLAGS" ]; then
+   echo "CPPFLAGS=" >>$CONFIG_MK
+   echo "CPPFLAGS+=$CPPFLAGS" >>$CONFIG_MK
+ fi
+-if [ -n "$INCLUDEDIR" ]; then
+-  echo "CPPFLAGS+=$INCLUDEDIR" >>$CONFIG_MK
+-fi
+ if [ -n "$LDFLAGS" ]; then
+   echo "LDFLAGS=" >>$CONFIG_MK
+   echo "LDFLAGS+= $LDFLAGS" >>$CONFIG_MK
+-- 
+2.17.2 (Apple Git-113)
+
-- 
2.17.1

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#142063): 
https://lists.openembedded.org/g/openembedded-core/message/142063
Mute This Topic: https://lists.openembedded.org/mt/76558735/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub  
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [master][dunfell][PATCH] bind: update to 9.11.22 ESV

[akuster]

From: Armin Kuster 

Source: isc.org
MR: 105232, 105246, 105260
Type: Security Fix
Disposition: Backport from  https://www.isc.org/bind/
ChangeID: 655cfdf1e91c4107321e63a2012302e1cc184366
Description:

Bug fix only update

Three CVE fixes
CVE-2020-8622
CVE-2020-8623
CVE-2020-8624

For more information see: 
https://downloads.isc.org/isc/bind9/9.11.22/RELEASE-NOTES-bind-9.11.22.pdf

Signed-off-by: Armin Kuster 
---
 .../bind/{bind_9.11.21.bb => bind_9.11.22.bb}   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-connectivity/bind/{bind_9.11.21.bb => bind_9.11.22.bb} 
(98%)

diff --git a/meta/recipes-connectivity/bind/bind_9.11.21.bb 
b/meta/recipes-connectivity/bind/bind_9.11.22.bb
similarity index 98%
rename from meta/recipes-connectivity/bind/bind_9.11.21.bb
rename to meta/recipes-connectivity/bind/bind_9.11.22.bb
index ee546a0a2c1..7128bd3870c 100644
--- a/meta/recipes-connectivity/bind/bind_9.11.21.bb
+++ b/meta/recipes-connectivity/bind/bind_9.11.22.bb
@@ -20,7 +20,7 @@ SRC_URI = 
"https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \
file://0001-avoid-start-failure-with-bind-user.patch \
"
 
-SRC_URI[sha256sum] = 
"668158b005b3de4328fa0d3f524b66f28f024c67538aa9412a9e69c9dfbc"
+SRC_URI[sha256sum] = 
"afc6d8015006f1cabf699ff19f517bb8fd9c1811e5231f26baf51c3550262ac9"
 
 UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/;
 # stay at 9.11 until 9.16, from 9.16 follow the ESV versions divisible by 4
-- 
2.17.1

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#141714): 
https://lists.openembedded.org/g/openembedded-core/message/141714
Mute This Topic: https://lists.openembedded.org/mt/76352436/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub  
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [AUH] bind: upgrading to 9.16.5 FAILED

[akuster]

This update has been attempted a few times. It has many moving parts.

the latest work is sitting @

https://git.openembedded.org/openembedded-core-contrib
akuster/bind_update
<https://git.openembedded.org/openembedded-core-contrib/log/?h=akuster/bind_update>

- armin

On 8/15/20 11:19 PM, a...@auh.yoctoproject.org wrote:
> Hello,
>
> this email is a notification from the Auto Upgrade Helper
> that the automatic attempt to upgrade the recipe *bind* to *9.16.5* has 
> Failed (devtool error).
>
> Detailed error information:
>
> The following devtool command failed:  upgrade bind -V 9.16.5
> NOTE: Starting bitbake server...
> NOTE: Reconnecting to bitbake server...
> NOTE: Retrying server connection (#1)...
> Loading cache...done.
> Loaded 1342 entries from dependency cache.
> INFO: Extracting current version source...
> NOTE: Resolving any missing task queue dependencies
>
> Build Configuration:
> BB_VERSION   = "1.47.0"
> BUILD_SYS= "x86_64-linux"
> NATIVELSBSTRING  = "universal"
> TARGET_SYS   = "x86_64-poky-linux"
> MACHINE  = "qemux86-64"
> DISTRO   = "poky"
> DISTRO_VERSION   = "3.1+snapshot-20200815"
> TUNE_FEATURES= "m64 core2"
> TARGET_FPU   = ""
> meta 
> meta-poky
> meta-yocto-bsp   = 
> "tmp-auh-upgrades:641bf8cec1666761209f05c0131659f2f6a15d46"
> workspace= "master:bd1da2aca0bc26720f438a9c1d54f5b04084da4e"
>
> Initialising tasks...done.
> Sstate summary: Wanted 0 Found 0 Missed 0 Current 20 (0% match, 100% complete)
> NOTE: Executing Tasks
> NOTE: Tasks Summary: Attempted 93 tasks of which 90 didn't need to be rerun 
> and all succeeded.
> NOTE: Writing buildhistory
> NOTE: Writing buildhistory took: 1 seconds
> INFO: Adding local source files to srctree...
> INFO: Extracting upgraded version source...
> INFO: Fetching https://ftp.isc.org/isc/bind9/9.16.5/bind-9.16.5.tar.gz...
> Loading cache...done.
> Loaded 1342 entries from dependency cache.
> Parsing recipes...done.
> Parsing of 779 .bb files complete (777 cached, 2 parsed). 1343 targets, 33 
> skipped, 0 masked, 0 errors.
> NOTE: Resolving any missing task queue dependencies
>
> Build Configuration:
> BB_VERSION   = "1.47.0"
> BUILD_SYS= "x86_64-linux"
> NATIVELSBSTRING  = "universal"
> TARGET_SYS   = "x86_64-poky-linux"
> MACHINE  = "qemux86-64"
> DISTRO   = "poky"
> DISTRO_VERSION   = "3.1+snapshot-20200815"
> TUNE_FEATURES= "m64 core2"
> TARGET_FPU   = ""
> meta 
> meta-poky
> meta-yocto-bsp   = 
> "tmp-auh-upgrades:641bf8cec1666761209f05c0131659f2f6a15d46"
> workspace= "master:bd1da2aca0bc26720f438a9c1d54f5b04084da4e"
>
> Initialising tasks...done.
> Sstate summary: Wanted 0 Found 0 Missed 0 Current 0 (0% match, 0% complete)
> NOTE: No setscene tasks
> NOTE: Executing Tasks
> WARNING: Failed to fetch URL 
> https://ftp.isc.org/isc/bind9/9.16.5/bind-9.16.5.tar.gz, attempting MIRRORS 
> if available
> ERROR: Fetcher failure: Fetch command export PSEUDO_DISABLED=1; unset 
> _PYTHON_SYSCONFIGDATA_NAME; export ftp_proxy="http://proxy.yocto.io:5187/;; 
> export FTP_PROXY="http://proxy.yocto.io:5187/;; export 
> PATH="/home/pokybuild/yocto-worker/auh/build/build/build/tmp/sysroots-uninative/x86_64-linux/usr/bin:/home/pokybuild/yocto-worker/auh/build/build/poky/scripts:/home/pokybuild/yocto-worker/auh/build/build/build/tmp/work/recipetool-uda27hb7/work/recipe-sysroot-native/usr/bin/x86_64-poky-linux:/home/pokybuild/yocto-worker/auh/build/build/build/tmp/work/recipetool-uda27hb7/work/recipe-sysroot/usr/bin/crossscripts:/home/pokybuild/yocto-worker/auh/build/build/build/tmp/work/recipetool-uda27hb7/work/recipe-sysroot-native/usr/sbin:/home/pokybuild/yocto-worker/auh/build/build/build/tmp/work/recipetool-uda27hb7/work/recipe-sysroot-native/usr/bin:/home/pokybuild/yocto-worker/auh/build/build/build/tmp/work/recipetool-uda27hb7/work/recipe-sysroot-native/sbin:/home/pokybuild/yocto-worker/auh/
>  
> build/build/build/tmp/work/recipetool-uda27hb7/work/recipe-sysroot-native/bin:/home/pokybuild/yocto-worker/auh/build/build/poky/bitbake/bin:/home/pokybuild/yocto-worker/auh/build/build/build/tmp/hosttools";
>  export HOME="/home/pokybuild"; /usr/bin/env wget -t 2 -T 30 --passive-ftp 
> --no-check-certificate -P 
> /home/pokybuild/yocto-worker/auh/build/build/build/downloads 
> 'https://ftp.isc.org/isc/bind9/9.16.5/bind-9.16.

[OE-core] [zeus][PATCH 1/2] pypi.bbclass: mind package suffix on version check

[akuster]

From: Konrad Weihmann 

Some pypi packages do have suffixes like dev, or a0 or b1.
When doing a version check on these, the version will get falsely
identified as major release versions.
Add a terminating slash to rule out those false positives

Signed-off-by: Konrad Weihmann 
Signed-off-by: Richard Purdie 
Signed-off-by: Steve Sakoman 
(cherry picked from commit 0603f6d9f2abfa67b99b1bc39228f6aa16a0370d)
[Yocto bug #13990]
Signed-off-by: Armin Kuster 
---
 meta/classes/pypi.bbclass | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/classes/pypi.bbclass b/meta/classes/pypi.bbclass
index e5d7ab3ce1..ffa8aa3ff4 100644
--- a/meta/classes/pypi.bbclass
+++ b/meta/classes/pypi.bbclass
@@ -23,4 +23,4 @@ SRC_URI += "${PYPI_SRC_URI}"
 S = "${WORKDIR}/${PYPI_PACKAGE}-${PV}"
 
 UPSTREAM_CHECK_URI ?= "https://pypi.python.org/pypi/${PYPI_PACKAGE}/;
-UPSTREAM_CHECK_REGEX ?= "/${PYPI_PACKAGE}/(?P(\d+[\.\-_]*)+)"
+UPSTREAM_CHECK_REGEX ?= "/${PYPI_PACKAGE}/(?P(\d+[\.\-_]*)+)/"
-- 
2.17.1

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#141316): 
https://lists.openembedded.org/g/openembedded-core/message/141316
Mute This Topic: https://lists.openembedded.org/mt/76068826/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub  
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [zeus][PATCH 2/2] pypi.bbclass: use new pypi UPSTREAM_CHECK_URI

[akuster]

From: Tim Orling 

Upstream https://pypi.python.org/pypi/${PYPI_PACKAGE}/
redirects to https://pypi.org/project/${PYPI_PACKAGE}/

Signed-off-by: Tim Orling 
Signed-off-by: Richard Purdie 
Signed-off-by: Steve Sakoman 
(cherry picked from commit e5f3f961242d888f3f786af8f793bf1d247fdff0)
[Yocto # 13990]
Signed-off-by: Armin Kuster 
---
 meta/classes/pypi.bbclass | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/classes/pypi.bbclass b/meta/classes/pypi.bbclass
index ffa8aa3ff4..87b4c85fc0 100644
--- a/meta/classes/pypi.bbclass
+++ b/meta/classes/pypi.bbclass
@@ -22,5 +22,5 @@ SECTION = "devel/python"
 SRC_URI += "${PYPI_SRC_URI}"
 S = "${WORKDIR}/${PYPI_PACKAGE}-${PV}"
 
-UPSTREAM_CHECK_URI ?= "https://pypi.python.org/pypi/${PYPI_PACKAGE}/;
+UPSTREAM_CHECK_URI ?= "https://pypi.org/project/${PYPI_PACKAGE}/;
 UPSTREAM_CHECK_REGEX ?= "/${PYPI_PACKAGE}/(?P(\d+[\.\-_]*)+)/"
-- 
2.17.1

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#141317): 
https://lists.openembedded.org/g/openembedded-core/message/141317
Mute This Topic: https://lists.openembedded.org/mt/76068827/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub  
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [yocto] QA notification for completed autobuilder build (yocto-3.1.2.rc1)

[akuster]

On 7/28/20 11:22 PM, Jain, Sangeeta wrote:
> Hi All,
>
> This is the QA report for yocto-3.1.2.rc1:  
> https://git.yoctoproject.org/cgit/cgit.cgi/yocto-testresults-contrib/tree/?h=intel-yocto-testresults

Is QA still having to perform the Manual test remotely?

-armin
>
> === Summary 
> No high milestone defects.  
> No new defects are found in this cycle.
>
> Thanks,
> Sangeeta
>
>> -Original Message-
>> From: yo...@lists.yoctoproject.org  On Behalf
>> Of Pokybuild User
>> Sent: Friday, 24 July, 2020 3:58 PM
>> To: yo...@lists.yoctoproject.org
>> Cc: ota...@ossystems.com.br; yi.z...@windriver.com; Sangal, Apoorv
>> ; Yeoh, Ee Peng ; Chan,
>> Aaron Chun Yew ;
>> richard.pur...@linuxfoundation.org; akuster...@gmail.com;
>> sjolley.yp...@gmail.com; Jain, Sangeeta ;
>> st...@sakoman.com
>> Subject: [yocto] QA notification for completed autobuilder build (yocto-
>> 3.1.2.rc1)
>>
>>
>> A build flagged for QA (yocto-3.1.2.rc1) was completed on the autobuilder 
>> and is
>> available at:
>>
>>
>> https://autobuilder.yocto.io/pub/releases/yocto-3.1.2.rc1
>>
>>
>> Build hash information:
>>
>> bitbake: cc11dfa4eb3616547a8a3909f89da0cc4f35dc57
>> meta-arm: 4812a66527e88ebdc5351d5dbd63765abe4abf62
>> meta-gplv2: 60b251c25ba87e946a0ca4cdc8d17b1cb09292ac
>> meta-intel: 77831443738885d33bfa3a738fe6c4f0361e4892
>> meta-kernel: 58a589c5aad5417abd099a961e3c1a5b083cdb90
>> meta-mingw: 524de686205b5d6736661d4532f5f98fee8589b7
>> oecore: ea886d57db917a41a0d106a15e1e96c72d6407b0
>> poky: 569b1f5d67c57de957e243997c53ec2f81dc8dfe
>>
>>
>>
>> This is an automated message from the Yocto Project Autobuilder
>> Git: git://git.yoctoproject.org/yocto-autobuilder2
>> Email: richard.pur...@linuxfoundation.org
>>
>>
>>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#141106): 
https://lists.openembedded.org/g/openembedded-core/message/141106
Mute This Topic: https://lists.openembedded.org/mt/75860151/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub  
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [v2][PATCH] cve-check: print warning if file is missing

[akuster]

On 7/27/20 7:47 AM, Richard Purdie wrote:
> On Mon, 2020-07-27 at 06:57 -0700, akuster808 wrote:
>> On 7/27/20 2:39 AM, Richard Purdie wrote:
>>> On Sun, 2020-07-26 at 19:52 -0700, akuster wrote:
>>>> If the "tmp/cve_check" file was not create as in the case for -c
>>>> populate_sdk, just print a
>>>> warning instead of dumping a trace back
>>>>
>>>> ---
>>>> v2] lets include the missing part of the patch
>>>>
>>>> Signed-off-by: Armin Kuster 
>>>> ---
>>>>  meta/classes/cve-check.bbclass | 4 
>>>>  1 file changed, 4 insertions(+)
>>>>
>>>> diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-
>>>> check.bbclass
>>>> index 0889e7544aa..b16da9890af 100644
>>>> --- a/meta/classes/cve-check.bbclass
>>>> +++ b/meta/classes/cve-check.bbclass
>>>> @@ -55,6 +55,10 @@ python cve_save_summary_handler () {
>>>>  
>>>>  cve_tmp_file = d.getVar("CVE_CHECK_TMP_FILE")
>>>>  
>>>> +if not os.path.isfile(cve_tmp_file):
>>>> +bb.warn("File Not found: %s" % cve_tmp_file)
>>>> +return
>>>> +
>>> A warning is something the user really needs to fix or take some
>>> action
>>> about. Is this a warning?
>> Its actually an error in certail conditions. Do we want this to be
>> silent or fail on 'populate_sdk'?
> What are the "certain conditions"?

populate_sdk

>
> Should it not detect those conditions and error if they occur?
if INHERIT += "cve-check' is included and -c populate_sdk, the file is
not generated.

>
> Showing a warning and asking the user to guess is not a good user
> experience. I have no idea whether I should worry about the warning
> above or not for example, so I doubt anyone else does either.

I am fine with not sending any warning.

- armin
>
> Cheers,
>
> Richard
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#141004): 
https://lists.openembedded.org/g/openembedded-core/message/141004
Mute This Topic: https://lists.openembedded.org/mt/75815509/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub  
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [bitbake-devel] [yocto] Stable Warrior branch

[akuster]

Adrian,

On 7/21/20 1:53 AM, Richard Purdie wrote:
> On Tue, 2020-07-14 at 16:56 +0300, Adrian Bunk wrote:
>> On Thu, Jun 04, 2020 at 09:28:00PM -0700, akuster wrote:
>>> Hello,
>>>
>>> The Warrior branch of Poky has had its last official dot release.
>>> It
>>> will be moving to Community support and EOL within 6 weeks if no
>>> one
>>> steps up.
>>> If someone is interested in taking on the responsibilities of
>>> maintaining the "Warrior" branch moving forward, please email this
>>> list.
>> I have an interest in keeping warrior branch alive in poky and meta-
>> oe,
>> and I'll take this responsibility since noone else seems to be
>> interested.

Are you still interested?

-armin
>>> Please look at the
>>> https://wiki.yoctoproject.org/wiki/Stable_Release_and_LTS for what
>>> will
>>> be expected.
>> I have some ideas, but not yet a fixed plan how I will set this up.
> Ok. FWIW we are struggling a little with keeping the older releases
> building on the autobuilder as the workers change. We do have plans for
> handling this with buildtools but its not rolled out on the older
> autobuilder-helper branches.
>
> I do have work in progress working with Jeremy for thud
> (contrib/rpurdie/thud), much of which should apply to warrior too
> (contrib/rpurdie/warrior is a guess). I just really want to highlight
> that there may be some initial work to get these older branches to the
> point where they continue to work on the infrastructure.
>
> I think we may have to accept backporting a lot of patches in helper to
> bring things more into sync with master/dunfell to make all this easier
> to maintain/get working.
>
> Cheers,
>
> Richard
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#140983): 
https://lists.openembedded.org/g/openembedded-core/message/140983
Mute This Topic: https://lists.openembedded.org/mt/75699866/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub  
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [v2][PATCH] cve-check: print warning if file is missing

[akuster]

On 7/27/20 2:39 AM, Richard Purdie wrote:
> On Sun, 2020-07-26 at 19:52 -0700, akuster wrote:
>> If the "tmp/cve_check" file was not create as in the case for -c
>> populate_sdk, just print a
>> warning instead of dumping a trace back
>>
>> ---
>> v2] lets include the missing part of the patch
>>
>> Signed-off-by: Armin Kuster 
>> ---
>>  meta/classes/cve-check.bbclass | 4 
>>  1 file changed, 4 insertions(+)
>>
>> diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-
>> check.bbclass
>> index 0889e7544aa..b16da9890af 100644
>> --- a/meta/classes/cve-check.bbclass
>> +++ b/meta/classes/cve-check.bbclass
>> @@ -55,6 +55,10 @@ python cve_save_summary_handler () {
>>  
>>  cve_tmp_file = d.getVar("CVE_CHECK_TMP_FILE")
>>  
>> +if not os.path.isfile(cve_tmp_file):
>> +bb.warn("File Not found: %s" % cve_tmp_file)
>> +return
>> +
> A warning is something the user really needs to fix or take some action
> about. Is this a warning?
Its actually an error in certail conditions. Do we want this to be
silent or fail on 'populate_sdk'?
>
> Cheers,
>
> Richard
>
>
>


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#140982): 
https://lists.openembedded.org/g/openembedded-core/message/140982
Mute This Topic: https://lists.openembedded.org/mt/75815509/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub  
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH] cve-check: print warning if file is missing

[akuster]

ignore this one. should have been squished a local change.

-armin

On 7/26/20 7:50 PM, akuster via lists.openembedded.org wrote:
> If the "tmp/cve_check" file was not create as in the case for -c 
> populate_sdk, just print a
> warning instead of dumping a trace back
>
> Signed-off-by: Armin Kuster 
> ---
>  meta/classes/cve-check.bbclass | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
> index e61c90e5600..b16da9890af 100644
> --- a/meta/classes/cve-check.bbclass
> +++ b/meta/classes/cve-check.bbclass
> @@ -56,7 +56,7 @@ python cve_save_summary_handler () {
>  cve_tmp_file = d.getVar("CVE_CHECK_TMP_FILE")
>  
>  if not os.path.isfile(cve_tmp_file):
> -bb.warn("File Not found, check has no affect: %s" % cve_tmp_file)
> +bb.warn("File Not found: %s" % cve_tmp_file)
>  return
>  
>  cve_summary_name = d.getVar("CVE_CHECK_SUMMARY_FILE_NAME")
>
> 

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#140973): 
https://lists.openembedded.org/g/openembedded-core/message/140973
Mute This Topic: https://lists.openembedded.org/mt/75815497/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub  
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [v2][PATCH] cve-check: print warning if file is missing

[akuster]

If the "tmp/cve_check" file was not create as in the case for -c populate_sdk, 
just print a
warning instead of dumping a trace back

---
v2] lets include the missing part of the patch

Signed-off-by: Armin Kuster 
---
 meta/classes/cve-check.bbclass | 4 
 1 file changed, 4 insertions(+)

diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 0889e7544aa..b16da9890af 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -55,6 +55,10 @@ python cve_save_summary_handler () {
 
 cve_tmp_file = d.getVar("CVE_CHECK_TMP_FILE")
 
+if not os.path.isfile(cve_tmp_file):
+bb.warn("File Not found: %s" % cve_tmp_file)
+return
+
 cve_summary_name = d.getVar("CVE_CHECK_SUMMARY_FILE_NAME")
 cvelogpath = d.getVar("CVE_CHECK_SUMMARY_DIR")
 bb.utils.mkdirhier(cvelogpath)
-- 
2.17.1

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#140972): 
https://lists.openembedded.org/g/openembedded-core/message/140972
Mute This Topic: https://lists.openembedded.org/mt/75815509/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub  
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] cve-check: print warning if file is missing

[akuster]

If the "tmp/cve_check" file was not create as in the case for -c populate_sdk, 
just print a
warning instead of dumping a trace back

Signed-off-by: Armin Kuster 
---
 meta/classes/cve-check.bbclass | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index e61c90e5600..b16da9890af 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -56,7 +56,7 @@ python cve_save_summary_handler () {
 cve_tmp_file = d.getVar("CVE_CHECK_TMP_FILE")
 
 if not os.path.isfile(cve_tmp_file):
-bb.warn("File Not found, check has no affect: %s" % cve_tmp_file)
+bb.warn("File Not found: %s" % cve_tmp_file)
 return
 
 cve_summary_name = d.getVar("CVE_CHECK_SUMMARY_FILE_NAME")
-- 
2.17.1

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#140971): 
https://lists.openembedded.org/g/openembedded-core/message/140971
Mute This Topic: https://lists.openembedded.org/mt/75815497/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub  
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core][PATCH] llvm: upgrade 9.0.1 -> 10.0.0

[akuster]

On 7/26/20 10:11 AM, Trevor Gamblin wrote:
>
>
> On 7/25/20 10:58 AM, akuster808 wrote:
>> Per release notes, riscv is now supported.
>> https://releases.llvm.org/10.0.0/docs/ReleaseNotes.html#changes-to-the-risc-v-target
>>
>> If you have time, can you also double check Riscv so these two can be
>> removed, if not maybe we can wait until this is in core.
>>
>> |
>> COMPATIBLE_HOST_riscv64 = "null"
>> COMPATIBLE_HOST_riscv32 = "null"|
>>
>> There is a qemuriscv64 machine in core.
>
> llvm broke during do_compile when I tested it against qemuriscv64.
> I'll submit the upgrade patch and look into the riscv targets issue as
> a separate patch.
>
Ah, ok. Thanks for checking.  sounds reasonable.

thanks,
Armin
>
> Trevor
>
>>
>> -armin
>>
>> On 7/25/20 4:07 AM, Alexander Kanavin wrote:
>>> Llvm 10.0.1 is now out, please rebase and resend the patches :)
>>>
>>> Alex
>>>
>>> On Fri, 29 May 2020 at 15:30, Trevor Gamblin
>>> mailto:trevor.gamb...@windriver.com>>
>>> wrote:
>>>
>>>
>>> On 5/28/20 9:57 PM, Khem Raj wrote:
>>> > On Wed, May 27, 2020 at 6:48 AM Trevor Gamblin
>>> > >> > wrote:
>>> >> Signed-off-by: Trevor Gamblin >> >
>>> >> ---
>>> >>   meta/recipes-devtools/llvm/llvm_git.bb 
>>> | 6 +++---
>>> >>   1 file changed, 3 insertions(+), 3 deletions(-)
>>> >>
>>> >> diff --git a/meta/recipes-devtools/llvm/llvm_git.bb
>>>  b/meta/recipes-devtools/llvm/llvm_git.bb
>>> 
>>> >> index d24ed761bf..787cc3adcf 100644
>>> >> --- a/meta/recipes-devtools/llvm/llvm_git.bb 
>>> >> +++ b/meta/recipes-devtools/llvm/llvm_git.bb 
>>> >> @@ -19,9 +19,9 @@ inherit cmake pkgconfig
>>> >>
>>> >>   PROVIDES += "llvm${PV}"
>>> >>
>>> >> -MAJOR_VERSION = "9"
>>> >> +MAJOR_VERSION = "10"
>>> >>   MINOR_VERSION = "0"
>>> >> -PATCH_VERSION = "1"
>>> >> +PATCH_VERSION = "0"
>>> >>
>>> > It also needs updating LLVMVERSION in
>>> > meta/conf/distro/include/tcmode-default.inc
>>> > secondly, I would suggest to wait for 10.0.1 which is
>>> releasing in a weeks time.
>>>
>>> Alright, I'll watch for that release.
>>>
>>> Thanks!
>>>
>>> >
>>> >>   PV = "${MAJOR_VERSION}.${MINOR_VERSION}.${PATCH_VERSION}"
>>> >>
>>> >> @@ -29,7 +29,7 @@ LLVM_RELEASE = "${PV}"
>>> >>   LLVM_DIR = "llvm${LLVM_RELEASE}"
>>> >>
>>> >>   BRANCH = "release/${MAJOR_VERSION}.x"
>>> >> -SRCREV = "c1a0a213378a458fbea1a5c77b315c7dce08fd05"
>>> >> +SRCREV = "d32170dbd5b0d54436537b6b75beaf44324e0c28"
>>> >>   SRC_URI =
>>> "git://github.com/llvm/llvm-project.git;branch=${BRANCH}
>>>  \
>>> >>             
>>> 
>>> file://0006-llvm-TargetLibraryInfo-Undefine-libc-functions-if-th.patch;striplevel=2
>>> \
>>> >>             
>>> file://0007-llvm-allow-env-override-of-exe-path.patch;striplevel=2 \
>>> >> --
>>> >> 2.24.1
>>> >>
>>> >>
>>>
>>>
>>> 
>>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#140969): 
https://lists.openembedded.org/g/openembedded-core/message/140969
Mute This Topic: https://lists.openembedded.org/mt/74499834/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub  
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] adwaita-icon-theme: has a dependancy to gtk3+ add check

[akuster]

fixes:

NOTE: Resolving any missing task queue dependencies
ERROR: Nothing PROVIDES 'gtk+3' (but 
/.../poky/meta/recipes-gnome/gnome/adwaita-icon-theme_3.36.1.bb DEPENDS on or 
otherwise requires it)
gtk+3 was skipped: one of 'wayland x11' needs to be in DISTRO_FEATURES

Signed-off-by: Armin Kuster 
---
 meta/recipes-gnome/gnome/adwaita-icon-theme_3.36.1.bb | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/meta/recipes-gnome/gnome/adwaita-icon-theme_3.36.1.bb 
b/meta/recipes-gnome/gnome/adwaita-icon-theme_3.36.1.bb
index 2d78bea2c85..f185a3478b0 100644
--- a/meta/recipes-gnome/gnome/adwaita-icon-theme_3.36.1.bb
+++ b/meta/recipes-gnome/gnome/adwaita-icon-theme_3.36.1.bb
@@ -8,7 +8,9 @@ LIC_FILES_CHKSUM = 
"file://COPYING;md5=c84cac88e46fc07647ea07e6c24eeb7c \
 
file://COPYING_CCBYSA3;md5=96143d33de3a79321b1006c4e8ed07e7 \
 file://COPYING_LGPL;md5=e6a600fd5e1d9cbde2d983680233ad02"
 
-inherit allarch autotools pkgconfig gettext gtk-icon-cache 
upstream-version-is-even
+inherit allarch autotools pkgconfig gettext gtk-icon-cache 
upstream-version-is-even features_check
+
+ANY_OF_DISTRO_FEATURES = "${GTK3DISTROFEATURES}"
 
 MAJ_VER = "${@oe.utils.trim_version("${PV}", 2)}"
 SRC_URI = "${GNOME_MIRROR}/${BPN}/${MAJ_VER}/${BPN}-${PV}.tar.xz \
-- 
2.17.1

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#140966): 
https://lists.openembedded.org/g/openembedded-core/message/140966
Mute This Topic: https://lists.openembedded.org/mt/75807632/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub  
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core][PATCH] llvm: upgrade 9.0.1 -> 10.0.0

[akuster]

Per release notes, riscv is now supported.
https://releases.llvm.org/10.0.0/docs/ReleaseNotes.html#changes-to-the-risc-v-target

If you have time, can you also double check Riscv so these two can be
removed, if not maybe we can wait until this is in core.

|

COMPATIBLE_HOST_riscv64 = "null"
COMPATIBLE_HOST_riscv32 = "null"|


There is a qemuriscv64 machine in core.

-armin

On 7/25/20 4:07 AM, Alexander Kanavin wrote:
> Llvm 10.0.1 is now out, please rebase and resend the patches :)
>
> Alex
>
> On Fri, 29 May 2020 at 15:30, Trevor Gamblin
> mailto:trevor.gamb...@windriver.com>>
> wrote:
>
>
> On 5/28/20 9:57 PM, Khem Raj wrote:
> > On Wed, May 27, 2020 at 6:48 AM Trevor Gamblin
> >  > wrote:
> >> Signed-off-by: Trevor Gamblin  >
> >> ---
> >>   meta/recipes-devtools/llvm/llvm_git.bb  |
> 6 +++---
> >>   1 file changed, 3 insertions(+), 3 deletions(-)
> >>
> >> diff --git a/meta/recipes-devtools/llvm/llvm_git.bb
>  b/meta/recipes-devtools/llvm/llvm_git.bb
> 
> >> index d24ed761bf..787cc3adcf 100644
> >> --- a/meta/recipes-devtools/llvm/llvm_git.bb 
> >> +++ b/meta/recipes-devtools/llvm/llvm_git.bb 
> >> @@ -19,9 +19,9 @@ inherit cmake pkgconfig
> >>
> >>   PROVIDES += "llvm${PV}"
> >>
> >> -MAJOR_VERSION = "9"
> >> +MAJOR_VERSION = "10"
> >>   MINOR_VERSION = "0"
> >> -PATCH_VERSION = "1"
> >> +PATCH_VERSION = "0"
> >>
> > It also needs updating LLVMVERSION in
> > meta/conf/distro/include/tcmode-default.inc
> > secondly, I would suggest to wait for 10.0.1 which is releasing
> in a weeks time.
>
> Alright, I'll watch for that release.
>
> Thanks!
>
> >
> >>   PV = "${MAJOR_VERSION}.${MINOR_VERSION}.${PATCH_VERSION}"
> >>
> >> @@ -29,7 +29,7 @@ LLVM_RELEASE = "${PV}"
> >>   LLVM_DIR = "llvm${LLVM_RELEASE}"
> >>
> >>   BRANCH = "release/${MAJOR_VERSION}.x"
> >> -SRCREV = "c1a0a213378a458fbea1a5c77b315c7dce08fd05"
> >> +SRCREV = "d32170dbd5b0d54436537b6b75beaf44324e0c28"
> >>   SRC_URI =
> "git://github.com/llvm/llvm-project.git;branch=${BRANCH}
>  \
> >>             
> 
> file://0006-llvm-TargetLibraryInfo-Undefine-libc-functions-if-th.patch;striplevel=2
> \
> >>             
> file://0007-llvm-allow-env-override-of-exe-path.patch;striplevel=2 \
> >> --
> >> 2.24.1
> >>
> >>
>
>
> 

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#140945): 
https://lists.openembedded.org/g/openembedded-core/message/140945
Mute This Topic: https://lists.openembedded.org/mt/74499834/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub  
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] cve-check breaks on zeus

[akuster]

On 7/25/20 4:13 AM, Konrad Weihmann wrote:
> Hi all,
>
> I'm just too lazy to check if that has been fixed in master already,
> but since yesterday cve-check breaks on zeus for me with the following

I think I just saw this on master. We need to check if NVD changed their
format again.

-armin

>
> File:
> '/opt/build/poky/meta/recipes-core/meta/cve-update-db-native.bb',
> lineno: 91, function: do_populate_cve_db
>  0087:    # Update db with current year json file
>  0088:    try:
>  0089:    response = urllib.request.urlopen(json_url)
>  0090:    if response:
>  *** 0091:    update_db(c,
> gzip.decompress(response.read()).decode('utf-8'))
>  0092:    c.execute("insert or replace into META
> values (?, ?)", [year, last_modified])
>  0093:    except urllib.error.URLError as e:
>  0094:    cve_f.write('Warning: CVE db update error,
> CVE data is outdated.\n\n')
>  0095:    bb.warn("Cannot parse CVE data (%s), update
> failed" % e.reason)
> File:
> '/opt/build/poky/meta/recipes-core/meta/cve-update-db-native.bb',
> lineno: 173, function: update_db
>  0169:
>  0170:    cveId = elt['cve']['CVE_data_meta']['ID']
>  0171:    cveDesc =
> elt['cve']['description']['description_data'][0]['value']
>  0172:    date = elt['lastModifiedDate']
>  *** 0173:    accessVector =
> elt['impact']['baseMetricV2']['cvssV2']['accessVector']
>  0174:    cvssv2 =
> elt['impact']['baseMetricV2']['cvssV2']['baseScore']
>  0175:
>  0176:    try:
>  0177:    cvssv3 =
> elt['impact']['baseMetricV3']['cvssV3']['baseScore']
> Exception: KeyError: 'baseMetricV2'
>
> Cheers
> Konrad
>
> 

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#140944): 
https://lists.openembedded.org/g/openembedded-core/message/140944
Mute This Topic: https://lists.openembedded.org/mt/75782989/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub  
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [yocto] error about cve_check after a 'do_populate_sdk: Succeeded' on poky master since 20 july on ubuntu18.04/Debian 10/Debian 9.12

[akuster]

This error has been reported earlier.

I am working on a fix .

-armin

On 7/24/20 5:25 AM, vygu via lists.yoctoproject.org wrote:
> Hello,
>
> We observe this following error about cve_check after a populate_sdk:
>
> ERROR: Execution of event handler 'cve_save_summary_handler' failed
> Traceback (most recent call last):
>   File "/home/user/poky/meta/classes/cve-check.bbclass", line 65, in
> cve_save_summary_handler(e= 0x7ff6d41af0b8>):
> 
>     >    shutil.copyfile(cve_tmp_file, cve_summary_file)
> 
>   File "/usr/lib/python3.6/shutil.py", line 120, in
> copyfile(src='/home/user/poky/build/tmp/cve_check',
> dst='/home/user/poky/build/tmp/log/cve/cve-summary-20200724111814.txt',
> follow_symlinks=True):
>  else:
>     >    with open(src, 'rb') as fsrc:
>  with open(dst, 'wb') as fdst:
> FileNotFoundError: [Errno 2] No such file or directory:
> '/home/user/poky/build/tmp/cve_check'
>
> 

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#140934): 
https://lists.openembedded.org/g/openembedded-core/message/140934
Mute This Topic: https://lists.openembedded.org/mt/75770228/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub  
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH] cve-check.bbclass: always save cve report

[akuster]

On 7/21/20 2:54 AM, Adrian Bunk wrote:
> This breaks building the SDK in distributions with INHERIT += "cve-check":
>
> $ bitbake tmp-sdk -c populate_sdk
> ...
> NOTE: Tasks Summary: Attempted 2785 tasks of which 2785 didn't need to be 
> rerun and all succeeded.
> ERROR: Execution of event handler 'cve_save_summary_handler' failed
> Traceback (most recent call last):
>   File 
> "/home/bunk/yoctomaster/yocto-tmp/sources/poky/meta/classes/cve-check.bbclass",
>  line 65, in cve_save_summary_handler(e= 0x7fcf4e4bada0>):
>
> >shutil.copyfile(cve_tmp_file, cve_summary_file)
>
>   File "/usr/lib/python3.6/shutil.py", line 120, in 
> copyfile(src='/home/bunk/yoctomaster/yocto-tmp/build_tmp/tmp/cve_check', 
> dst='/home/bunk/yoctomaster/yocto-tmp/build_tmp/tmp/log/cve/cve-summary-20200721124814.txt',
>  follow_symlinks=True):
>  else:
> >with open(src, 'rb') as fsrc:
>  with open(dst, 'wb') as fdst:
> FileNotFoundError: [Errno 2] No such file or directory: 
> '/home/bunk/yoctomaster/yocto-tmp/build_tmp/tmp/cve_check'

thanks. I will take a look.

-armin
>
> Summary: There was 1 ERROR message shown, returning a non-zero exit code.
> $
>
> cu
> Adrian

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#140829): 
https://lists.openembedded.org/g/openembedded-core/message/140829
Mute This Topic: https://lists.openembedded.org/mt/75466539/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub  
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [master][dunfell][PATCH] glibc: Secruity fix for CVE-2020-6096

[akuster]

From: Armin Kuster 

Source: glibc.org
MR: 104799
Type: Security Fix
Disposition: Backport from  beea361050728138b82c57dda0c4810402d342b9
ChangeID: 29df826fb697fdd2742c3bace33388bda962c5f1
Description:

Signed-off-by: Armin Kuster 
---
 .../glibc/glibc/CVE-2020-6096.patch   | 112 ++
 .../glibc/glibc/CVE-2020-6096_2.patch | 194 ++
 meta/recipes-core/glibc/glibc_2.31.bb |   2 +
 3 files changed, 308 insertions(+)
 create mode 100644 meta/recipes-core/glibc/glibc/CVE-2020-6096.patch
 create mode 100644 meta/recipes-core/glibc/glibc/CVE-2020-6096_2.patch

diff --git a/meta/recipes-core/glibc/glibc/CVE-2020-6096.patch 
b/meta/recipes-core/glibc/glibc/CVE-2020-6096.patch
new file mode 100644
index 000..9c26f76432d
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/CVE-2020-6096.patch
@@ -0,0 +1,112 @@
+From beea361050728138b82c57dda0c4810402d342b9 Mon Sep 17 00:00:00 2001
+From: Alexander Anisimov 
+Date: Wed, 8 Jul 2020 14:18:31 +0200
+Subject: [PATCH] arm: CVE-2020-6096: Fix multiarch memcpy for negative length
+ [BZ #25620]
+
+Unsigned branch instructions could be used for r2 to fix the wrong
+behavior when a negative length is passed to memcpy.
+This commit fixes the armv7 version.
+
+Upstream-Status: Backport
+CVE: CVE-2020-6096 patch #1
+Signed-off-by: Armin Kuster 
+
+---
+ sysdeps/arm/armv7/multiarch/memcpy_impl.S | 22 +++---
+ 1 file changed, 11 insertions(+), 11 deletions(-)
+
+diff --git a/sysdeps/arm/armv7/multiarch/memcpy_impl.S 
b/sysdeps/arm/armv7/multiarch/memcpy_impl.S
+index bf4ac7077f..379bb56fc9 100644
+--- a/sysdeps/arm/armv7/multiarch/memcpy_impl.S
 b/sysdeps/arm/armv7/multiarch/memcpy_impl.S
+@@ -268,7 +268,7 @@ ENTRY(memcpy)
+ 
+   mov dst, dstin  /* Preserve dstin, we need to return it.  */
+   cmp count, #64
+-  bge .Lcpy_not_short
++  bhs .Lcpy_not_short
+   /* Deal with small copies quickly by dropping straight into the
+  exit block.  */
+ 
+@@ -351,10 +351,10 @@ ENTRY(memcpy)
+ 
+ 1:
+   substmp2, count, #64/* Use tmp2 for count.  */
+-  blt .Ltail63aligned
++  blo .Ltail63aligned
+ 
+   cmp tmp2, #512
+-  bge .Lcpy_body_long
++  bhs .Lcpy_body_long
+ 
+ .Lcpy_body_medium:/* Count in tmp2.  */
+ #ifdef USE_VFP
+@@ -378,7 +378,7 @@ ENTRY(memcpy)
+   add src, src, #64
+   vstrd1, [dst, #56]
+   add dst, dst, #64
+-  bge 1b
++  bhs 1b
+   tst tmp2, #0x3f
+   beq .Ldone
+ 
+@@ -412,7 +412,7 @@ ENTRY(memcpy)
+   ldrdA_l, A_h, [src, #64]!
+   strdA_l, A_h, [dst, #64]!
+   substmp2, tmp2, #64
+-  bge 1b
++  bhs 1b
+   tst tmp2, #0x3f
+   bne 1f
+   ldr tmp2,[sp], #FRAME_SIZE
+@@ -482,7 +482,7 @@ ENTRY(memcpy)
+   add src, src, #32
+ 
+   substmp2, tmp2, #prefetch_lines * 64 * 2
+-  blt 2f
++  blo 2f
+ 1:
+   cpy_line_vfpd3, 0
+   cpy_line_vfpd4, 64
+@@ -494,7 +494,7 @@ ENTRY(memcpy)
+   add dst, dst, #2 * 64
+   add src, src, #2 * 64
+   substmp2, tmp2, #prefetch_lines * 64
+-  bge 1b
++  bhs 1b
+ 
+ 2:
+   cpy_tail_vfpd3, 0
+@@ -615,8 +615,8 @@ ENTRY(memcpy)
+ 1:
+   pld [src, #(3 * 64)]
+   subscount, count, #64
+-  ldrmi   tmp2, [sp], #FRAME_SIZE
+-  bmi .Ltail63unaligned
++  ldrlo   tmp2, [sp], #FRAME_SIZE
++  blo .Ltail63unaligned
+   pld [src, #(4 * 64)]
+ 
+ #ifdef USE_NEON
+@@ -633,7 +633,7 @@ ENTRY(memcpy)
+   neon_load_multi d0-d3, src
+   neon_load_multi d4-d7, src
+   subscount, count, #64
+-  bmi 2f
++  blo 2f
+ 1:
+   pld [src, #(4 * 64)]
+   neon_store_multi d0-d3, dst
+@@ -641,7 +641,7 @@ ENTRY(memcpy)
+   neon_store_multi d4-d7, dst
+   neon_load_multi d4-d7, src
+   subscount, count, #64
+-  bpl 1b
++  bhs 1b
+ 2:
+   neon_store_multi d0-d3, dst
+   neon_store_multi d4-d7, dst
+-- 
+2.17.1
+
diff --git a/meta/recipes-core/glibc/glibc/CVE-2020-6096_2.patch 
b/meta/recipes-core/glibc/glibc/CVE-2020-6096_2.patch
new file mode 100644
index 000..905e44c8e33
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/CVE-2020-6096_2.patch
@@ -0,0 +1,194 @@
+From 79a4fa341b8a89cb03f84564fd72abaa1a2db394 Mon Sep 17 00:00:00 2001
+From: Evgeny Eremin 
+Date: Wed, 8 Jul 2020 14:18:19 +0200
+Subject: [PATCH] arm: CVE-2020-6096: fix memcpy and memmove for negative
+ length [BZ #25620]
+
+Unsigned branch instructions could be used for r2 to fix the wrong
+behavior when a negative length is passed to memcpy and memmove.
+This commit fixes the generic arm implementation of memcpy amd memmove.
+
+Upstream-Status: Backport
+CVE: CVE-2020-6096 patch #2
+Signed-off-by: Armin Kuster 
+
+---
+ sysdeps/arm/memcpy.S  | 24 ++--
+ 

[OE-core] [master][dunfell][PATCH] glibc: whitelist CVE-2010-10029

[akuster]

The update via Commit 
https://git.openembedded.org/openembedded-core/commit/meta/recipes-core/glibc?id=2c7e0e0bf32eb1ed0b7d8acddb16c0d1e93f2aa1

should have added the whitelist for this CVE removed

Signed-off-by: Armin Kuster 
---
 meta/recipes-core/glibc/glibc_2.31.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/recipes-core/glibc/glibc_2.31.bb 
b/meta/recipes-core/glibc/glibc_2.31.bb
index 61679e2c1cb..9b2cf1bdeb4 100644
--- a/meta/recipes-core/glibc/glibc_2.31.bb
+++ b/meta/recipes-core/glibc/glibc_2.31.bb
@@ -1,6 +1,8 @@
 require glibc.inc
 require glibc-version.inc
 
+CVE_CHECK_WHITELIST += "CVE-2020-10029"
+
 DEPENDS += "gperf-native bison-native make-native"
 
 NATIVESDKFIXES ?= ""
-- 
2.17.1

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#140796): 
https://lists.openembedded.org/g/openembedded-core/message/140796
Mute This Topic: https://lists.openembedded.org/mt/75670279/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub  
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH] cve-check.bbclass: always save cve report

[akuster]

On 7/12/20 3:38 PM, akuster via lists.openembedded.org wrote:
> The cve-check file should be saved always, it has good info.
>
> Put a copy in the log dir as cve-summary with symlinks to latest run.
>
> [Yocto #13974]

ping.  Any issues with this? Did I miss a response to this?

-armin
> Signed-off-by: Armin Kuster 
> ---
>  meta/classes/cve-check.bbclass | 32 
>  1 file changed, 32 insertions(+)
>
> diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
> index 514897e8b8..0889e7544a 100644
> --- a/meta/classes/cve-check.bbclass
> +++ b/meta/classes/cve-check.bbclass
> @@ -30,6 +30,9 @@ CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_1.1.db"
>  
>  CVE_CHECK_LOG ?= "${T}/cve.log"
>  CVE_CHECK_TMP_FILE ?= "${TMPDIR}/cve_check"
> +CVE_CHECK_SUMMARY_DIR ?= "${LOG_DIR}/cve"
> +CVE_CHECK_SUMMARY_FILE_NAME ?= "cve-summary"
> +CVE_CHECK_SUMMARY_FILE ?= 
> "${CVE_CHECK_SUMMARY_DIR}/${CVE_CHECK_SUMMARY_FILE_NAME}"
>  
>  CVE_CHECK_DIR ??= "${DEPLOY_DIR}/cve"
>  CVE_CHECK_MANIFEST ?= 
> "${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.cve"
> @@ -46,6 +49,32 @@ CVE_CHECK_PN_WHITELIST ?= ""
>  # 
>  CVE_CHECK_WHITELIST ?= ""
>  
> +python cve_save_summary_handler () {
> +import shutil
> +import datetime
> +
> +cve_tmp_file = d.getVar("CVE_CHECK_TMP_FILE")
> +
> +cve_summary_name = d.getVar("CVE_CHECK_SUMMARY_FILE_NAME")
> +cvelogpath = d.getVar("CVE_CHECK_SUMMARY_DIR")
> +bb.utils.mkdirhier(cvelogpath)
> +
> +timestamp = datetime.datetime.now().strftime('%Y%m%d%H%M%S')
> +cve_summary_file = os.path.join(cvelogpath, "%s-%s.txt" % 
> (cve_summary_name, timestamp))
> +
> +shutil.copyfile(cve_tmp_file, cve_summary_file)
> +
> +if cve_summary_file and os.path.exists(cve_summary_file):
> +cvefile_link = os.path.join(cvelogpath, cve_summary_name)
> +
> +if os.path.exists(os.path.realpath(cvefile_link)):
> +os.remove(cvefile_link)
> +os.symlink(os.path.basename(cve_summary_file), cvefile_link)
> +}
> +
> +addhandler cve_save_summary_handler
> +cve_save_summary_handler[eventmask] = "bb.event.BuildCompleted"
> +
>  python do_cve_check () {
>  """
>  Check recipe for patched and unpatched CVEs
> @@ -331,5 +360,8 @@ def cve_write_data(d, patched, unpatched, whitelisted, 
> cve_data):
>  f.write(write_string)
>  
>  if d.getVar("CVE_CHECK_CREATE_MANIFEST") == "1":
> +cvelogpath = d.getVar("CVE_CHECK_SUMMARY_DIR")
> +bb.utils.mkdirhier(cvelogpath)
> +
>  with open(d.getVar("CVE_CHECK_TMP_FILE"), "a") as f:
>  f.write("%s" % write_string)
>
> 

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#140721): 
https://lists.openembedded.org/g/openembedded-core/message/140721
Mute This Topic: https://lists.openembedded.org/mt/75466539/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub  
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] cve-check.bbclass: always save cve report

[akuster]

The cve-check file should be saved always, it has good info.

Put a copy in the log dir as cve-summary with symlinks to latest run.

[Yocto #13974]

Signed-off-by: Armin Kuster 
---
 meta/classes/cve-check.bbclass | 32 
 1 file changed, 32 insertions(+)

diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 514897e8b8..0889e7544a 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -30,6 +30,9 @@ CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_1.1.db"
 
 CVE_CHECK_LOG ?= "${T}/cve.log"
 CVE_CHECK_TMP_FILE ?= "${TMPDIR}/cve_check"
+CVE_CHECK_SUMMARY_DIR ?= "${LOG_DIR}/cve"
+CVE_CHECK_SUMMARY_FILE_NAME ?= "cve-summary"
+CVE_CHECK_SUMMARY_FILE ?= 
"${CVE_CHECK_SUMMARY_DIR}/${CVE_CHECK_SUMMARY_FILE_NAME}"
 
 CVE_CHECK_DIR ??= "${DEPLOY_DIR}/cve"
 CVE_CHECK_MANIFEST ?= 
"${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.cve"
@@ -46,6 +49,32 @@ CVE_CHECK_PN_WHITELIST ?= ""
 # 
 CVE_CHECK_WHITELIST ?= ""
 
+python cve_save_summary_handler () {
+import shutil
+import datetime
+
+cve_tmp_file = d.getVar("CVE_CHECK_TMP_FILE")
+
+cve_summary_name = d.getVar("CVE_CHECK_SUMMARY_FILE_NAME")
+cvelogpath = d.getVar("CVE_CHECK_SUMMARY_DIR")
+bb.utils.mkdirhier(cvelogpath)
+
+timestamp = datetime.datetime.now().strftime('%Y%m%d%H%M%S')
+cve_summary_file = os.path.join(cvelogpath, "%s-%s.txt" % 
(cve_summary_name, timestamp))
+
+shutil.copyfile(cve_tmp_file, cve_summary_file)
+
+if cve_summary_file and os.path.exists(cve_summary_file):
+cvefile_link = os.path.join(cvelogpath, cve_summary_name)
+
+if os.path.exists(os.path.realpath(cvefile_link)):
+os.remove(cvefile_link)
+os.symlink(os.path.basename(cve_summary_file), cvefile_link)
+}
+
+addhandler cve_save_summary_handler
+cve_save_summary_handler[eventmask] = "bb.event.BuildCompleted"
+
 python do_cve_check () {
 """
 Check recipe for patched and unpatched CVEs
@@ -331,5 +360,8 @@ def cve_write_data(d, patched, unpatched, whitelisted, 
cve_data):
 f.write(write_string)
 
 if d.getVar("CVE_CHECK_CREATE_MANIFEST") == "1":
+cvelogpath = d.getVar("CVE_CHECK_SUMMARY_DIR")
+bb.utils.mkdirhier(cvelogpath)
+
 with open(d.getVar("CVE_CHECK_TMP_FILE"), "a") as f:
 f.write("%s" % write_string)
-- 
2.17.1

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#140571): 
https://lists.openembedded.org/g/openembedded-core/message/140571
Mute This Topic: https://lists.openembedded.org/mt/75466539/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub  
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [dunfell][PATCH] busybox: Security Fix For CVE-2018-1000500

[akuster]

On 7/11/20 6:21 PM, Rahul Kumar wrote:
> CVE: CVE-2018-1000500
>
> Signed-off-by: Rahul Kumar 

Does this affect master?

-armin
> ---
>  .../busybox/busybox/busybox-CVE-2018-1000500.patch | 98 
> ++
>  meta/recipes-core/busybox/busybox_1.31.1.bb|  1 +
>  2 files changed, 99 insertions(+)
>  create mode 100644 
> meta/recipes-core/busybox/busybox/busybox-CVE-2018-1000500.patch
>
> diff --git a/meta/recipes-core/busybox/busybox/busybox-CVE-2018-1000500.patch 
> b/meta/recipes-core/busybox/busybox/busybox-CVE-2018-1000500.patch
> new file mode 100644
> index 000..cde3923
> --- /dev/null
> +++ b/meta/recipes-core/busybox/busybox/busybox-CVE-2018-1000500.patch
> @@ -0,0 +1,98 @@
> +From 71e7e2fb35c806d20f9739d832cd9ae3a86fdee2 Mon Sep 17 00:00:00 2001
> +From: Dimitri John Ledkov 
> +Date: Tue, 19 May 2020 18:20:39 +0100
> +Subject: [PATCH] wget: implement TLS verification with
> + ENABLE_FEATURE_WGET_OPENSSL
> +
> +When ENABLE_FEATURE_WGET_OPENSSL is enabled, correctly implement TLS
> +verification by default. And only ignore verification errors, if
> +--no-check-certificate was passed.
> +
> +Also note, that previously OPENSSL implementation did not implement
> +TLS verification, nor printed any warning messages that verification
> +was not performed.
> +
> +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1879533
> +
> +CVE-2018-1000500
> +
> +Upstream Status: Backport 
> https://git.busybox.net/busybox/commit/?id=45fa3f18adf57ef9d743038743d9c90573aeeb91
> +CVE: CVE-2018-1000500
> +
> +Signed-off-by: Dimitri John Ledkov 
> +Signed-off-by: Denys Vlasenko 
> +Signed-off-by: Rahul Kumar 
> +---
> + networking/wget.c | 20 +---
> + 1 file changed, 17 insertions(+), 3 deletions(-)
> +
> +diff --git a/networking/wget.c b/networking/wget.c
> +index 9153264..a7e6deb 100644
> +--- a/networking/wget.c
>  b/networking/wget.c
> +@@ -91,6 +91,9 @@
> + //config:   patches, but do want to waste bandwidth expaining how wrong
> + //config:   it is, you will be ignored.
> + //config:
> ++//config:   FEATURE_WGET_OPENSSL does implement TLS verification
> ++//config:   using the certificates available to OpenSSL.
> ++//config:
> + //config:config FEATURE_WGET_OPENSSL
> + //config:   bool "Try to connect to HTTPS using openssl"
> + //config:   default y
> +@@ -115,6 +118,9 @@
> + //config:   If openssl can't be executed, internal TLS code will be used
> + //config:   (if you enabled it); if openssl can be executed but fails later,
> + //config:   wget can't detect this, and download will fail.
> ++//config:
> ++//config:   By default TLS verification is performed, unless
> ++//config:   --no-check-certificate option is passed.
> + 
> + //applet:IF_WGET(APPLET(wget, BB_DIR_USR_BIN, BB_SUID_DROP))
> + 
> +@@ -124,8 +130,11 @@
> + //usage:IF_FEATURE_WGET_LONG_OPTIONS(
> + //usage:   "[-c|--continue] [--spider] [-q|--quiet] 
> [-O|--output-document FILE]\n"
> + //usage:   "[-o|--output-file FILE] [--header 'header: value'] 
> [-Y|--proxy on/off]\n"
> ++//usage:IF_FEATURE_WGET_OPENSSL(
> ++//usage:   "[--no-check-certificate]\n"
> ++//usage:)
> + /* Since we ignore these opts, we don't show them in --help */
> +-/* //usage:"[--no-check-certificate] [--no-cache] [--passive-ftp] 
> [-t TRIES]" */
> ++/* //usage:"[--no-cache] [--passive-ftp] [-t TRIES]" */
> + /* //usage:"[-nv] [-nc] [-nH] [-np]" */
> + //usage:   "[-P DIR] [-S|--server-response] [-U|--user-agent 
> AGENT]" IF_FEATURE_WGET_TIMEOUT(" [-T SEC]") " URL..."
> + //usage:)
> +@@ -137,7 +146,9 @@
> + //usage:   "Retrieve files via HTTP or FTP\n"
> + //usage:IF_FEATURE_WGET_LONG_OPTIONS(
> + //usage: "\n--spiderOnly check URL existence: $? is 0 if 
> exists"
> +-///: "\n--no-check-certificate  Don't validate the server's 
> certificate"
> ++//usage:IF_FEATURE_WGET_OPENSSL(
> ++//usage: "\n--no-check-certificate  Don't validate the server's 
> certificate"
> ++//usage:)
> + //usage:)
> + //usage: "\n-c  Continue retrieval of aborted transfer"
> + //usage: "\n-q  Quiet"
> +@@ -662,7 +673,7 @@ static int spawn_https_helper_openssl(const char *host, 
> unsigned port)
> + pid = xvfork();
> + if (pid == 0) {
> + /* Child */
> +-char *argv[8];
> ++char *argv[9];
> + 
> + close(sp[0]);
> + xmove_fd(sp[1], 0);
> +@@ -689,6 +700,9 @@ static int spawn_https_helper_openssl(const char *host, 
> unsigned port)
> + argv[5] = (char*)"-servername";
> + argv[6] = (char*)servername;
> + }
> ++if (!(option_mask32 & WGET_OPT_NO_CHECK_CERT)) {
> ++argv[7] = (char*)"-verify_return_error";
> ++}
> + 
> + BB_EXECVP(argv[0], argv);
> + xmove_fd(3, 2);
> +-- 
> +2.7.4
> +
> diff --git 

[OE-core] [dunfell][v2][PATCH] sqlite3: Security fix for CVE-2020-15358

[akuster]

From: Armin Kuster 

Source: sqlite.org
MR: 104526
Type: Security Fix
Disposition: Backport from 
https://www.sqlite.org/src/vinfo/10fa79d00f8091e5?diff=1
ChangeID: a1c012b8c8aecd4970f3ae16686bf25f2376f542
Description:

Affects sqlite < 3.32.3

Fixes CVE CVE-2020-15358

Signed-off-by: Armin Kuster 

---
v2: Fix patch format
---
 .../sqlite/files/CVE-2020-15358.patch | 47 +++
 meta/recipes-support/sqlite/sqlite3_3.31.1.bb |  1 +
 2 files changed, 48 insertions(+)
 create mode 100644 meta/recipes-support/sqlite/files/CVE-2020-15358.patch

diff --git a/meta/recipes-support/sqlite/files/CVE-2020-15358.patch 
b/meta/recipes-support/sqlite/files/CVE-2020-15358.patch
new file mode 100644
index 00..086f6ef913
--- /dev/null
+++ b/meta/recipes-support/sqlite/files/CVE-2020-15358.patch
@@ -0,0 +1,47 @@
+Fix a defect in the query-flattener optimization identified by ticket 
[8f157e8010b22af0]. 
+
+Upstream-Status: Backport
+https://www.sqlite.org/src/info/10fa79d00f8091e5
+CVE: CVE-2020-15358
+Signed-off-by: Armin Kuster 
+
+Index: sqlite-autoconf-3310100/sqlite3.c
+===
+--- sqlite-autoconf-3310100.orig/sqlite3.c
 sqlite-autoconf-3310100/sqlite3.c
+@@ -18349,6 +18349,7 @@ struct Select {
+ #define SF_WhereBegin0x008 /* Really a WhereBegin() call.  Debug Only 
*/
+ #define SF_WinRewrite0x010 /* Window function rewrite accomplished */
+ #define SF_View  0x020 /* SELECT statement is a view */
++#define SF_NoopOrderBy   0x040 /* ORDER BY is ignored for this query */
+ 
+ /*
+ ** The results of a SELECT can be distributed in several ways, as defined
+@@ -130607,9 +130608,7 @@ static int multiSelect(
+   selectOpName(p->op)));
+ rc = sqlite3Select(pParse, p, );
+ testcase( rc!=SQLITE_OK );
+-/* Query flattening in sqlite3Select() might refill p->pOrderBy.
+-** Be sure to delete p->pOrderBy, therefore, to avoid a memory leak. 
*/
+-sqlite3ExprListDelete(db, p->pOrderBy);
++assert( p->pOrderBy==0 );
+ pDelete = p->pPrior;
+ p->pPrior = pPrior;
+ p->pOrderBy = 0;
+@@ -131958,7 +131957,7 @@ static int flattenSubquery(
+ ** We look at every expression in the outer query and every place we see
+ ** "a" we substitute "x*3" and every place we see "b" we substitute 
"y+10".
+ */
+-if( pSub->pOrderBy ){
++if( pSub->pOrderBy && (pParent->selFlags & SF_NoopOrderBy)==0 ){
+   /* At this point, any non-zero iOrderByCol values indicate that the
+   ** ORDER BY column expression is identical to the iOrderByCol'th
+   ** expression returned by SELECT statement pSub. Since these values
+@@ -133659,6 +133658,7 @@ SQLITE_PRIVATE int sqlite3Select(
+ sqlite3ExprListDelete(db, p->pOrderBy);
+ p->pOrderBy = 0;
+ p->selFlags &= ~SF_Distinct;
++p->selFlags |= SF_NoopOrderBy;
+   }
+   sqlite3SelectPrep(pParse, p, 0);
+   if( pParse->nErr || db->mallocFailed ){
diff --git a/meta/recipes-support/sqlite/sqlite3_3.31.1.bb 
b/meta/recipes-support/sqlite/sqlite3_3.31.1.bb
index 57a791385c..e5071b48bb 100644
--- a/meta/recipes-support/sqlite/sqlite3_3.31.1.bb
+++ b/meta/recipes-support/sqlite/sqlite3_3.31.1.bb
@@ -7,6 +7,7 @@ SRC_URI = 
"http://www.sqlite.org/2020/sqlite-autoconf-${SQLITE_PV}.tar.gz \
file://CVE-2020-9327.patch \
file://CVE-2020-11656.patch \
file://CVE-2020-11655.patch \
+   file://CVE-2020-15358.patch \
"
 SRC_URI[md5sum] = "2d0a553534c521504e3ac3ad3b90f125"
 SRC_URI[sha256sum] = 
"62284efebc05a76f909c580ffa5c008a7d22a1287285d68b7825a2b6b51949ae"
-- 
2.17.1

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#140144): 
https://lists.openembedded.org/g/openembedded-core/message/140144
Mute This Topic: https://lists.openembedded.org/mt/75219776/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub  
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [dunfell][PATCH] sqlite3: Security fix for CVE-2020-15358

[akuster]

From: Armin Kuster 

Source: sqlite.org
MR: 104526
Type: Security Fix
Disposition: Backport from 
https://www.sqlite.org/src/vinfo/10fa79d00f8091e5?diff=1
ChangeID: a1c012b8c8aecd4970f3ae16686bf25f2376f542
Description:

Affects sqlite < 3.32.3

Fixes CVE CVE-2020-15358

Signed-off-by: Armin Kuster 
---
 .../sqlite/files/CVE-2020-15358.patch | 47 +++
 meta/recipes-support/sqlite/sqlite3_3.31.1.bb |  1 +
 2 files changed, 48 insertions(+)
 create mode 100644 meta/recipes-support/sqlite/files/CVE-2020-15358.patch

diff --git a/meta/recipes-support/sqlite/files/CVE-2020-15358.patch 
b/meta/recipes-support/sqlite/files/CVE-2020-15358.patch
new file mode 100644
index 00..f4cd6ba4b5
--- /dev/null
+++ b/meta/recipes-support/sqlite/files/CVE-2020-15358.patch
@@ -0,0 +1,47 @@
+Fix a defect in the query-flattener optimization identified by ticket 
[8f157e8010b22af0]. 
+
+Upstream Status: Backport
+https://www.sqlite.org/src/info/10fa79d00f8091e5
+CVE: CVE-2020-15358
+Signed-off-by: Armin Kuster 
+
+Index: sqlite-autoconf-3310100/sqlite3.c
+===
+--- sqlite-autoconf-3310100.orig/sqlite3.c
 sqlite-autoconf-3310100/sqlite3.c
+@@ -18349,6 +18349,7 @@ struct Select {
+ #define SF_WhereBegin0x008 /* Really a WhereBegin() call.  Debug Only 
*/
+ #define SF_WinRewrite0x010 /* Window function rewrite accomplished */
+ #define SF_View  0x020 /* SELECT statement is a view */
++#define SF_NoopOrderBy   0x040 /* ORDER BY is ignored for this query */
+ 
+ /*
+ ** The results of a SELECT can be distributed in several ways, as defined
+@@ -130607,9 +130608,7 @@ static int multiSelect(
+   selectOpName(p->op)));
+ rc = sqlite3Select(pParse, p, );
+ testcase( rc!=SQLITE_OK );
+-/* Query flattening in sqlite3Select() might refill p->pOrderBy.
+-** Be sure to delete p->pOrderBy, therefore, to avoid a memory leak. 
*/
+-sqlite3ExprListDelete(db, p->pOrderBy);
++assert( p->pOrderBy==0 );
+ pDelete = p->pPrior;
+ p->pPrior = pPrior;
+ p->pOrderBy = 0;
+@@ -131958,7 +131957,7 @@ static int flattenSubquery(
+ ** We look at every expression in the outer query and every place we see
+ ** "a" we substitute "x*3" and every place we see "b" we substitute 
"y+10".
+ */
+-if( pSub->pOrderBy ){
++if( pSub->pOrderBy && (pParent->selFlags & SF_NoopOrderBy)==0 ){
+   /* At this point, any non-zero iOrderByCol values indicate that the
+   ** ORDER BY column expression is identical to the iOrderByCol'th
+   ** expression returned by SELECT statement pSub. Since these values
+@@ -133659,6 +133658,7 @@ SQLITE_PRIVATE int sqlite3Select(
+ sqlite3ExprListDelete(db, p->pOrderBy);
+ p->pOrderBy = 0;
+ p->selFlags &= ~SF_Distinct;
++p->selFlags |= SF_NoopOrderBy;
+   }
+   sqlite3SelectPrep(pParse, p, 0);
+   if( pParse->nErr || db->mallocFailed ){
diff --git a/meta/recipes-support/sqlite/sqlite3_3.31.1.bb 
b/meta/recipes-support/sqlite/sqlite3_3.31.1.bb
index 57a791385c..e5071b48bb 100644
--- a/meta/recipes-support/sqlite/sqlite3_3.31.1.bb
+++ b/meta/recipes-support/sqlite/sqlite3_3.31.1.bb
@@ -7,6 +7,7 @@ SRC_URI = 
"http://www.sqlite.org/2020/sqlite-autoconf-${SQLITE_PV}.tar.gz \
file://CVE-2020-9327.patch \
file://CVE-2020-11656.patch \
file://CVE-2020-11655.patch \
+   file://CVE-2020-15358.patch \
"
 SRC_URI[md5sum] = "2d0a553534c521504e3ac3ad3b90f125"
 SRC_URI[sha256sum] = 
"62284efebc05a76f909c580ffa5c008a7d22a1287285d68b7825a2b6b51949ae"
-- 
2.17.1

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#140142): 
https://lists.openembedded.org/g/openembedded-core/message/140142
Mute This Topic: https://lists.openembedded.org/mt/75218755/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub  
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] libuv: update to the last version in meta-oe

[akuster]

Looks like I forgot to update the contrib branch.

This is a squished set of these changes:
https://git.openembedded.org/meta-openembedded/commit/?id=e03b48481438c747322f07ac1e1f04add541ffac
https://git.openembedded.org/meta-openembedded/commit/?id=9b61f412d36b390f8d71ad1fb5875f5f6e32fd8a
https://git.openembedded.org/meta-openembedded/commit/?id=644ea1ee145902b00e4e66856ebe8d8800dfc1f0

Signed-off-by: Armin Kuster 
---
 .../libuv/{libuv_1.34.2.bb => libuv_1.38.0.bb}  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-connectivity/libuv/{libuv_1.34.2.bb => libuv_1.38.0.bb} 
(90%)

diff --git a/meta/recipes-connectivity/libuv/libuv_1.34.2.bb 
b/meta/recipes-connectivity/libuv/libuv_1.38.0.bb
similarity index 90%
rename from meta/recipes-connectivity/libuv/libuv_1.34.2.bb
rename to meta/recipes-connectivity/libuv/libuv_1.38.0.bb
index 234cec37bb..afc9b2f2ea 100644
--- a/meta/recipes-connectivity/libuv/libuv_1.34.2.bb
+++ b/meta/recipes-connectivity/libuv/libuv_1.38.0.bb
@@ -4,7 +4,7 @@ BUGTRACKER = "https://github.com/libuv/libuv/issues;
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=a68902a430e32200263d182d44924d47"
 
-SRCREV = "f868c9ab0c307525a16fff99fd21e32a6ebc3837"
+SRCREV = "1ab9ea3790378f9f25c4e78e9e2b511c75f9c9ed"
 SRC_URI = "git://github.com/libuv/libuv;branch=v1.x"
 
 S = "${WORKDIR}/git"
-- 
2.17.1

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#140037): 
https://lists.openembedded.org/g/openembedded-core/message/140037
Mute This Topic: https://lists.openembedded.org/mt/75147214/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub  
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH 1/6] libuv: move from meta-oe to core for bind update

[akuster]

On 6/26/20 4:52 AM, Martin Jansa wrote:
> Looks like 1.34.2 was imported from meta-oe, but there was 1.38.0
> version (as removed
> in 
> https://git.openembedded.org/meta-openembedded/commit/?id=4413f4cb70a5a4cf11c2f9c1881c4506860c588c)
> causing downgrade as shown by QA checks like:
> log.world-all.qemux86-64:ERROR: libuv-1.34.2-r0
> do_packagedata_setscene: QA Issue: Package version for package
> libuv-src went backwards which would break package feeds (from
> 0:1.38.0-r0 to 0:1.34.2-r0) [version-going-backwards]
> log.world-all.qemux86-64:ERROR: libuv-1.34.2-r0
> do_packagedata_setscene: QA Issue: Package version for package
> libuv-dbg went backwards which would break package feeds (from
> 0:1.38.0-r0 to 0:1.34.2-r0) [version-going-backwards]
> log.world-all.qemux86-64:ERROR: libuv-1.34.2-r0
> do_packagedata_setscene: QA Issue: Package version for package
> libuv-staticdev went backwards which would break package feeds (from
> 0:1.38.0-r0 to 0:1.34.2-r0) [version-going-backwards]
> log.world-all.qemux86-64:ERROR: libuv-1.34.2-r0
> do_packagedata_setscene: QA Issue: Package version for package
> libuv-dev went backwards which would break package feeds (from
> 0:1.38.0-r0 to 0:1.34.2-r0) [version-going-backwards]
> log.world-all.qemux86-64:ERROR: libuv-1.34.2-r0
> do_packagedata_setscene: QA Issue: Package version for package
> libuv-doc went backwards which would break package feeds (from
> 0:1.38.0-r0 to 0:1.34.2-r0) [version-going-backwards]
> log.world-all.qemux86-64:ERROR: libuv-1.34.2-r0
> do_packagedata_setscene: QA Issue: Package version for package
> libuv-locale went backwards which would break package feeds (from
> 0:1.38.0-r0 to 0:1.34.2-r0) [version-going-backwards]
> log.world-all.qemux86-64:ERROR: libuv-1.34.2-r0
> do_packagedata_setscene: QA Issue: Package version for package libuv
> went backwards which would break package feeds (from 0:1.38.0-r0 to
> 0:1.34.2-r0) [version-going-backwards]
>
> these 3 meta-oe commits are now missing in oe-core:
> https://git.openembedded.org/meta-openembedded/commit/?id=e03b48481438c747322f07ac1e1f04add541ffac
> https://git.openembedded.org/meta-openembedded/commit/?id=9b61f412d36b390f8d71ad1fb5875f5f6e32fd8a
> https://git.openembedded.org/meta-openembedded/commit/?id=644ea1ee145902b00e4e66856ebe8d8800dfc1f0
>

Oh, that is not good. I will be sending an upgrade patch soon.

-armin
> On Mon, Jun 22, 2020 at 4:19 PM akuster  <mailto:akuster...@gmail.com>> wrote:
>
> From: Armin Kuster mailto:akus...@mvista.com>>
>
> Signed-off-by: Armin Kuster  <mailto:akus...@mvista.com>>
> ---
>  meta/conf/distro/include/maintainers.inc      |  1 +
>  .../libuv/libuv_1.34.2.bb <http://libuv_1.34.2.bb>               
>      | 19 +++
>  2 files changed, 20 insertions(+)
>  create mode 100644
> meta/recipes-connectivity/libuv/libuv_1.34.2.bb
> <http://libuv_1.34.2.bb>
>
> diff --git a/meta/conf/distro/include/maintainers.inc
> b/meta/conf/distro/include/maintainers.inc
> index 6496a48e40..fc1b5272da 100644
> --- a/meta/conf/distro/include/maintainers.inc
> +++ b/meta/conf/distro/include/maintainers.inc
> @@ -393,6 +393,7 @@ RECIPE_MAINTAINER_pn-liburcu = "Alexander
> Kanavin mailto:alex.kana...@gmail.com>>"
>  RECIPE_MAINTAINER_pn-liburi-perl = "Tim Orling
>  <mailto:timothy.t.orl...@linux.intel.com>>"
>  RECIPE_MAINTAINER_pn-libusb1 = "Anuj Mittal
> mailto:anuj.mit...@intel.com>>"
>  RECIPE_MAINTAINER_pn-libubootenv = "Stefano Babic  <mailto:sba...@denx.de>>"
> +RECIPE_MAINTAINER_pn-libuv = "Armin Kuster  <mailto:akus...@mvista.com>>"
>  RECIPE_MAINTAINER_pn-libva = "Anuj Mittal  <mailto:anuj.mit...@intel.com>>"
>  RECIPE_MAINTAINER_pn-libva-initial = "Anuj Mittal
> mailto:anuj.mit...@intel.com>>"
>  RECIPE_MAINTAINER_pn-libva-utils = "Anuj Mittal
> mailto:anuj.mit...@intel.com>>"
> diff --git a/meta/recipes-connectivity/libuv/libuv_1.34.2.bb
> <http://libuv_1.34.2.bb>
> b/meta/recipes-connectivity/libuv/libuv_1.34.2.bb
> <http://libuv_1.34.2.bb>
> new file mode 100644
> index 00..234cec37bb
> --- /dev/null
> +++ b/meta/recipes-connectivity/libuv/libuv_1.34.2.bb
> <http://libuv_1.34.2.bb>
> @@ -0,0 +1,19 @@
> +SUMMARY = "A multi-platform support library with a focus on
> asynchronous I/O"
> +HOMEPAGE = "https://github.com/libuv/libuv;
> +BUGTRACKER = "https://github.com/libuv/libuv/issues;
> 

[OE-core] [PATCH]] wpa-supplicant: Security fix CVE-2020-12695

[akuster]

From: Armin Kuster 

Source: http://w1.fi/security/
MR: 104452
Type: Security Fix
Disposition: Backport from http://w1.fi/security/2020-1/
ChangeID: 81edff1c2c8bd592643ad3e9bba41447c34b3468
Description:

Affects <= 2.9 wpa-supplicant

Signed-off-by: Armin Kuster 
---
 ...allow-event-subscriptions-with-URLs-.patch | 151 ++
 ...nt-message-generation-using-a-long-U.patch |  62 +++
 ...HTTP-initiation-failures-for-events-.patch |  50 ++
 .../wpa-supplicant/wpa-supplicant_2.9.bb  |   5 +-
 4 files changed, 267 insertions(+), 1 deletion(-)
 create mode 100644 
meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch
 create mode 100644 
meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch
 create mode 100644 
meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch

diff --git 
a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch
 
b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch
new file mode 100644
index 00..53ad5d028a
--- /dev/null
+++ 
b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch
@@ -0,0 +1,151 @@
+From 5b78c8f961f25f4dc22d6f2b77ddd06d712cec63 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen 
+Date: Wed, 3 Jun 2020 23:17:35 +0300
+Subject: [PATCH 1/3] WPS UPnP: Do not allow event subscriptions with URLs to
+ other networks
+
+The UPnP Device Architecture 2.0 specification errata ("UDA errata
+16-04-2020.docx") addresses a problem with notifications being allowed
+to go out to other domains by disallowing such cases. Do such filtering
+for the notification callback URLs to avoid undesired connections to
+external networks based on subscriptions that any device in the local
+network could request when WPS support for external registrars is
+enabled (the upnp_iface parameter in hostapd configuration).
+
+Upstream-Status: Backport
+CVE: CVE-2020-12695 patch #1
+Signed-off-by: Jouni Malinen 
+Signed-off-by: Armin Kuster 
+
+---
+ src/wps/wps_er.c |  2 +-
+ src/wps/wps_upnp.c   | 38 --
+ src/wps/wps_upnp_i.h |  3 ++-
+ 3 files changed, 39 insertions(+), 4 deletions(-)
+
+Index: wpa_supplicant-2.9/src/wps/wps_er.c
+===
+--- wpa_supplicant-2.9.orig/src/wps/wps_er.c
 wpa_supplicant-2.9/src/wps/wps_er.c
+@@ -1298,7 +1298,7 @@ wps_er_init(struct wps_context *wps, con
+  "with %s", filter);
+   }
+   if (get_netif_info(er->ifname, >ip_addr, >ip_addr_text,
+- er->mac_addr)) {
++ NULL, er->mac_addr)) {
+   wpa_printf(MSG_INFO, "WPS UPnP: Could not get IP/MAC address "
+  "for %s. Does it have IP address?", er->ifname);
+   wps_er_deinit(er, NULL, NULL);
+Index: wpa_supplicant-2.9/src/wps/wps_upnp.c
+===
+--- wpa_supplicant-2.9.orig/src/wps/wps_upnp.c
 wpa_supplicant-2.9/src/wps/wps_upnp.c
+@@ -303,6 +303,14 @@ static void subscr_addr_free_all(struct
+ }
+
+
++static int local_network_addr(struct upnp_wps_device_sm *sm,
++struct sockaddr_in *addr)
++{
++  return (addr->sin_addr.s_addr & sm->netmask.s_addr) ==
++  (sm->ip_addr & sm->netmask.s_addr);
++}
++
++
+ /* subscr_addr_add_url -- add address(es) for one url to subscription */
+ static void subscr_addr_add_url(struct subscription *s, const char *url,
+   size_t url_len)
+@@ -381,6 +389,7 @@ static void subscr_addr_add_url(struct s
+
+   for (rp = result; rp; rp = rp->ai_next) {
+   struct subscr_addr *a;
++  struct sockaddr_in *addr = (struct sockaddr_in *) rp->ai_addr;
+
+   /* Limit no. of address to avoid denial of service attack */
+   if (dl_list_len(>addr_list) >= MAX_ADDR_PER_SUBSCRIPTION) {
+@@ -389,6 +398,13 @@ static void subscr_addr_add_url(struct s
+   break;
+   }
+
++  if (!local_network_addr(s->sm, addr)) {
++  wpa_printf(MSG_INFO,
++ "WPS UPnP: Ignore a delivery URL that points 
to another network %s",
++ inet_ntoa(addr->sin_addr));
++  continue;
++  }
++
+   a = os_zalloc(sizeof(*a) + alloc_len);
+   if (a == NULL)
+   break;
+@@ -889,11 +905,12 @@ static int eth_get(const char *device, u
+  * @net_if: Selected network interface name
+  * @ip_addr: Buffer for returning IP address in network 

[OE-core] [dunfell][PATCH] curl: Security fixes for CVE-2020-{8169/8177}

[akuster]

From: Armin Kuster 

Source: https://curl.haxx.se/
MR: 104472, 104458
Type: Security Fix
Disposition: Backport from 
https://github.com/curl/curl/commit/{600a8cded447cd/8236aba58542c5f}
ChangeID: 1300924f7a64b22375b4326daeef0b686481e30c
Description:

- Affected versions: curl 7.20.0 to and including 7.70.0
- Not affected versions: curl < 7.20.0 and curl >= 7.71.0

Fixes both CVE-2020-8169 and CVE-2020-8177

Signed-off-by: Armin Kuster 
---
 .../curl/curl/CVE-2020-8169.patch | 140 ++
 .../curl/curl/CVE-2020-8177.patch |  67 +
 meta/recipes-support/curl/curl_7.69.1.bb  |   2 +
 3 files changed, 209 insertions(+)
 create mode 100644 meta/recipes-support/curl/curl/CVE-2020-8169.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2020-8177.patch

diff --git a/meta/recipes-support/curl/curl/CVE-2020-8169.patch 
b/meta/recipes-support/curl/curl/CVE-2020-8169.patch
new file mode 100644
index 00..5f0b47cfe3
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2020-8169.patch
@@ -0,0 +1,140 @@
+From 600a8cded447cd7118ed50142c576567c0cf5158 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg 
+Date: Thu, 14 May 2020 14:37:12 +0200
+Subject: [PATCH] url: make the updated credentials URL-encoded in the URL
+
+Found-by: Gregory Jefferis
+Reported-by: Jeroen Ooms
+Added test 1168 to verify. Bug spotted when doing a redirect.
+Bug: https://github.com/jeroen/curl/issues/224
+Closes #5400
+
+Upstream-Status: Backport
+https://github.com/curl/curl/commit/600a8cded447cd
+
+CVE: CVE-2020-8169
+Signed-off-by: Armin Kuster 
+
+---
+ lib/url.c   |  6 ++--
+ tests/data/Makefile.inc |  1 +
+ tests/data/test1168 | 78 +
+ 3 files changed, 83 insertions(+), 2 deletions(-)
+ create mode 100644 tests/data/test1168
+
+Index: curl-7.69.1/lib/url.c
+===
+--- curl-7.69.1.orig/lib/url.c
 curl-7.69.1/lib/url.c
+@@ -2776,12 +2776,14 @@ static CURLcode override_login(struct Cu
+ 
+   /* for updated strings, we update them in the URL */
+   if(user_changed) {
+-uc = curl_url_set(data->state.uh, CURLUPART_USER, *userp, 0);
++uc = curl_url_set(data->state.uh, CURLUPART_USER, *userp,
++  CURLU_URLENCODE);
+ if(uc)
+   return Curl_uc_to_curlcode(uc);
+   }
+   if(passwd_changed) {
+-uc = curl_url_set(data->state.uh, CURLUPART_PASSWORD, *passwdp, 0);
++uc = curl_url_set(data->state.uh, CURLUPART_PASSWORD, *passwdp,
++  CURLU_URLENCODE);
+ if(uc)
+   return Curl_uc_to_curlcode(uc);
+   }
+Index: curl-7.69.1/tests/data/Makefile.inc
+===
+--- curl-7.69.1.orig/tests/data/Makefile.inc
 curl-7.69.1/tests/data/Makefile.inc
+@@ -133,6 +133,7 @@ test1136 test1137 test1138 test1139 test
+ test1144 test1145 test1146 test1147 test1148 test1149 test1150 test1151 \
+ test1152 test1153 test1154 test1155 test1156 test1157 test1158 test1159 \
+ test1160 test1161 test1162 test1163 test1164 test1165 test1166 test1167 \
++test1168 \
+ \
+ test1170 test1171 test1172 test1173 test1174 test1175 test1176 \
+ \
+Index: curl-7.69.1/tests/data/test1168
+===
+--- /dev/null
 curl-7.69.1/tests/data/test1168
+@@ -0,0 +1,78 @@
++
++
++
++HTTP
++HTTP GET
++followlocation
++
++
++# Server-side
++
++
++HTTP/1.1 301 This is a weirdo text message swsclose
++Date: Thu, 09 Nov 2010 14:49:00 GMT
++Server: test-server/fake
++Location: /data/11680002.txt
++Connection: close
++
++This server reply is for testing a simple Location: following
++
++
++
++HTTP/1.1 200 Followed here fine swsclose
++Date: Thu, 09 Nov 2010 14:49:00 GMT
++Server: test-server/fake
++Content-Length: 52
++
++If this is received, the location following worked
++
++
++
++HTTP/1.1 301 This is a weirdo text message swsclose
++Date: Thu, 09 Nov 2010 14:49:00 GMT
++Server: test-server/fake
++Location: /data/11680002.txt
++Connection: close
++
++HTTP/1.1 200 Followed here fine swsclose
++Date: Thu, 09 Nov 2010 14:49:00 GMT
++Server: test-server/fake
++Content-Length: 52
++
++If this is received, the location following worked
++
++
++
++
++# Client-side
++
++
++http
++
++ 
++HTTP redirect with credentials using # in user and password
++ 
++ 
++http://%HOSTIP:%HTTPPORT/want/1168 -L -u "catmai#d:#DZaRJYrixKE*gFY"
++
++
++
++# Verify data after the test has been "shot"
++
++
++^User-Agent:.*
++
++
++GET /want/1168 HTTP/1.1
++Host: %HOSTIP:%HTTPPORT
++Authorization: Basic Y2F0bWFpI2Q6I0RaYVJKWXJpeEtFKmdGWQ==
++Accept: */*
++
++GET /data/11680002.txt HTTP/1.1
++Host: %HOSTIP:%HTTPPORT
++Authorization: Basic Y2F0bWFpI2Q6I0RaYVJKWXJpeEtFKmdGWQ==
++Accept: */*
++
++
++
++
diff --git a/meta/recipes-support/curl/curl/CVE-2020-8177.patch 
b/meta/recipes-support/curl/curl/CVE-2020-8177.patch
new file mode 100644
index 00..4f14fa2306
--- 

[OE-core] [PATCH 4/6] kea: Move to core

[akuster]

ISC dhcp is being retiered by kea.

Move kea from meta-oe to core

Signed-off-by: Armin Kuster 
---
 .../kea/files/0001-remove-AC_TRY_RUN.patch| 34 ++
 .../kea/files/kea-dhcp-ddns.service   | 13 
 .../kea/files/kea-dhcp4.service   | 13 
 .../kea/files/kea-dhcp6.service   | 13 
 meta/recipes-connectivity/kea/kea_1.7.7.bb| 67 +++
 5 files changed, 140 insertions(+)
 create mode 100644 
meta/recipes-connectivity/kea/files/0001-remove-AC_TRY_RUN.patch
 create mode 100644 meta/recipes-connectivity/kea/files/kea-dhcp-ddns.service
 create mode 100644 meta/recipes-connectivity/kea/files/kea-dhcp4.service
 create mode 100644 meta/recipes-connectivity/kea/files/kea-dhcp6.service
 create mode 100644 meta/recipes-connectivity/kea/kea_1.7.7.bb

diff --git a/meta/recipes-connectivity/kea/files/0001-remove-AC_TRY_RUN.patch 
b/meta/recipes-connectivity/kea/files/0001-remove-AC_TRY_RUN.patch
new file mode 100644
index 00..d7ca9ff8fa
--- /dev/null
+++ b/meta/recipes-connectivity/kea/files/0001-remove-AC_TRY_RUN.patch
@@ -0,0 +1,34 @@
+From 9d6b8321c5b46199baca907f3d42bdcaaf1958a8 Mon Sep 17 00:00:00 2001
+From: Mingli Yu 
+Date: Thu, 23 May 2019 23:59:42 -0700
+Subject: [PATCH] remove AC_TRY_RUN
+
+AC_TRY_RUN doesn't work in cross compile env,
+use AC_COMPILE_IFELSE instead to fix below configure
+error:
+ | checking for usuable C++11 regex... configure: error: in 
`/builddir/tmp/work/core2-64-poky-linux/kea/1.5.0-r0/build':
+ | configure: error: cannot run test program while cross compiling
+
+Upstream-Status: Inappropriate [oe specific]
+
+Signed-off-by: Mingli Yu 
+---
+ configure.ac | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index c880b77..dd40c7c 100644
+--- a/configure.ac
 b/configure.ac
+@@ -580,7 +580,7 @@ AC_TRY_COMPILE([
+ AC_MSG_RESULT(no))
+ 
+ AC_MSG_CHECKING(for usuable C++11 regex)
+-AC_TRY_RUN([
++AC_COMPILE_IFELSE([
+ #include 
+ #include 
+ int main() {
+-- 
+2.21.0
+
diff --git a/meta/recipes-connectivity/kea/files/kea-dhcp-ddns.service 
b/meta/recipes-connectivity/kea/files/kea-dhcp-ddns.service
new file mode 100644
index 00..91aa2eb14f
--- /dev/null
+++ b/meta/recipes-connectivity/kea/files/kea-dhcp-ddns.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=Kea DHCP-DDNS Server
+Wants=network-online.target
+After=network-online.target
+After=time-sync.target
+
+[Service]
+ExecStartPre=@BASE_BINDIR@/mkdir -p @LOCALSTATEDIR@/run/kea/
+ExecStartPre=@BASE_BINDIR@/mkdir -p @LOCALSTATEDIR@/kea
+ExecStart=@SBINDIR@/kea-dhcp-ddns -c @SYSCONFDIR@/kea/kea-dhcp-ddns.conf
+
+[Install]
+WantedBy=multi-user.target
diff --git a/meta/recipes-connectivity/kea/files/kea-dhcp4.service 
b/meta/recipes-connectivity/kea/files/kea-dhcp4.service
new file mode 100644
index 00..b851ea71c5
--- /dev/null
+++ b/meta/recipes-connectivity/kea/files/kea-dhcp4.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=Kea DHCPv4 Server
+Wants=network-online.target
+After=network-online.target
+After=time-sync.target
+
+[Service]
+ExecStartPre=@BASE_BINDIR@/mkdir -p @LOCALSTATEDIR@/run/kea/
+ExecStartPre=@BASE_BINDIR@/mkdir -p @LOCALSTATEDIR@/lib/kea
+ExecStart=@SBINDIR@/kea-dhcp4 -c @SYSCONFDIR@/kea/kea-dhcp4.conf
+
+[Install]
+WantedBy=multi-user.target
diff --git a/meta/recipes-connectivity/kea/files/kea-dhcp6.service 
b/meta/recipes-connectivity/kea/files/kea-dhcp6.service
new file mode 100644
index 00..0f9f0ef8d9
--- /dev/null
+++ b/meta/recipes-connectivity/kea/files/kea-dhcp6.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=Kea DHCPv6 Server
+Wants=network-online.target
+After=network-online.target
+After=time-sync.target
+
+[Service]
+ExecStartPre=@BASE_BINDIR@/mkdir -p @LOCALSTATEDIR@/run/kea/
+ExecStartPre=@BASE_BINDIR@/mkdir -p @LOCALSTATEDIR@/lib/kea
+ExecStart=@SBINDIR@/kea-dhcp6 -c @SYSCONFDIR@/kea/kea-dhcp6.conf
+
+[Install]
+WantedBy=multi-user.target
diff --git a/meta/recipes-connectivity/kea/kea_1.7.7.bb 
b/meta/recipes-connectivity/kea/kea_1.7.7.bb
new file mode 100644
index 00..e25f8e6fb0
--- /dev/null
+++ b/meta/recipes-connectivity/kea/kea_1.7.7.bb
@@ -0,0 +1,67 @@
+SUMMARY = "ISC Kea DHCP Server"
+DESCRIPTION = "Kea is the next generation of DHCP software developed by ISC. 
It supports both DHCPv4 and DHCPv6 protocols along with their extensions, e.g. 
prefix delegation and dynamic updates to DNS."
+HOMEPAGE = "http://kea.isc.org;
+SECTION = "connectivity"
+LICENSE = "MPL-2.0 & Apache-2.0"
+LIC_FILES_CHKSUM = "file://COPYING;md5=68d95543d2096459290a4e6b9ceccffa"
+
+DEPENDS += "kea-native"
+
+SRC_URI = "\
+http://ftp.isc.org/isc/kea/${PV}/${BP}.tar.gz \
+file://0001-remove-AC_TRY_RUN.patch \
+file://kea-dhcp4.service \
+file://kea-dhcp6.service \
+file://kea-dhcp-ddns.service \
+"
+SRC_URI[md5sum] = "4f8d1251fd41ef2e822a4eb3f0797d46"
+SRC_URI[sha256sum] = 
"0bba8b045672884a928ff4b2a8575ac5ba420eb6ba47a9338f1932bc38dcf866"
+
+inherit 

[OE-core] [PATCH 5/6] dhcp: remove depricated package

[akuster]

replaces by kea

Signed-off-by: Armin Kuster 
---
 meta/recipes-connectivity/dhcp/dhcp.inc   | 149 --
 ...TH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.patch |  27 
 ...-limitation-in-linux-dhclient-script.patch |  65 
 .../dhcp/dhcp/0002-dhclient-dbus.patch| 117 --
 .../dhcp/dhcp/0003-link-with-lcrypto.patch|  35 
 .../dhcp/0004-Fix-out-of-tree-builds.patch|  95 ---
 ...invoke-dhclient-script-failed-on-Rea.patch |  36 -
 ...gument-to-make-the-libxml2-dependenc.patch |  62 
 ...move-dhclient-script-bash-dependency.patch |  28 
 ...ct-the-intention-for-xml2-lib-search.patch |  34 
 .../dhcp/dhcp/0013-fixup_use_libbind.patch|  64 
 meta/recipes-connectivity/dhcp/dhcp_4.4.2.bb  |  21 ---
 12 files changed, 733 deletions(-)
 delete mode 100644 meta/recipes-connectivity/dhcp/dhcp.inc
 delete mode 100644 
meta/recipes-connectivity/dhcp/dhcp/0001-define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.patch
 delete mode 100644 
meta/recipes-connectivity/dhcp/dhcp/0001-workaround-busybox-limitation-in-linux-dhclient-script.patch
 delete mode 100644 meta/recipes-connectivity/dhcp/dhcp/0002-dhclient-dbus.patch
 delete mode 100644 
meta/recipes-connectivity/dhcp/dhcp/0003-link-with-lcrypto.patch
 delete mode 100644 
meta/recipes-connectivity/dhcp/dhcp/0004-Fix-out-of-tree-builds.patch
 delete mode 100644 
meta/recipes-connectivity/dhcp/dhcp/0005-dhcp-client-fix-invoke-dhclient-script-failed-on-Rea.patch
 delete mode 100644 
meta/recipes-connectivity/dhcp/dhcp/0007-Add-configure-argument-to-make-the-libxml2-dependenc.patch
 delete mode 100644 
meta/recipes-connectivity/dhcp/dhcp/0009-remove-dhclient-script-bash-dependency.patch
 delete mode 100644 
meta/recipes-connectivity/dhcp/dhcp/0012-dhcp-correct-the-intention-for-xml2-lib-search.patch
 delete mode 100644 
meta/recipes-connectivity/dhcp/dhcp/0013-fixup_use_libbind.patch
 delete mode 100644 meta/recipes-connectivity/dhcp/dhcp_4.4.2.bb

diff --git a/meta/recipes-connectivity/dhcp/dhcp.inc 
b/meta/recipes-connectivity/dhcp/dhcp.inc
deleted file mode 100644
index d46130d49b..00
--- a/meta/recipes-connectivity/dhcp/dhcp.inc
+++ /dev/null
@@ -1,149 +0,0 @@
-SECTION = "console/network"
-SUMMARY = "Internet Software Consortium DHCP package"
-DESCRIPTION = "DHCP (Dynamic Host Configuration Protocol) is a protocol \
-which allows individual devices on an IP network to get their own \
-network configuration information from a server.  DHCP helps make it \
-easier to administer devices."
-
-HOMEPAGE = "http://www.isc.org/;
-
-LICENSE = "ISC"
-LIC_FILES_CHKSUM = 
"file://LICENSE;beginline=4;md5=004a4db50a1e20972e924a8618747c01"
-
-DEPENDS = "openssl bind"
-
-SRC_URI = "http://ftp.isc.org/isc/dhcp/${PV}/dhcp-${PV}.tar.gz \
-   file://init-relay file://default-relay \
-   file://init-server file://default-server \
-   file://dhclient.conf file://dhcpd.conf \
-   file://dhclient-systemd-wrapper \
-   file://dhclient.service \
-   file://dhcpd.service file://dhcrelay.service \
-   file://dhcpd6.service \
-   "
-UPSTREAM_CHECK_URI = "http://ftp.isc.org/isc/dhcp/;
-UPSTREAM_CHECK_REGEX = "(?P\d+\.\d+\.(\d+?))/"
-
-inherit autotools-brokensep systemd useradd update-rc.d
-
-USERADD_PACKAGES = "${PN}-server"
-USERADD_PARAM_${PN}-server = "--system --no-create-home --home-dir 
/var/run/${BPN} --shell /bin/false --user-group ${BPN}"
-
-SYSTEMD_PACKAGES = "${PN}-server ${PN}-relay ${PN}-client"
-SYSTEMD_SERVICE_${PN}-server = "dhcpd.service dhcpd6.service"
-SYSTEMD_AUTO_ENABLE_${PN}-server = "disable"
-
-SYSTEMD_SERVICE_${PN}-relay = "dhcrelay.service"
-SYSTEMD_AUTO_ENABLE_${PN}-relay = "disable"
-
-SYSTEMD_SERVICE_${PN}-client = "dhclient.service"
-SYSTEMD_AUTO_ENABLE_${PN}-client = "disable"
-
-INITSCRIPT_PACKAGES = "dhcp-server"
-INITSCRIPT_NAME_dhcp-server = "dhcp-server"
-INITSCRIPT_PARAMS_dhcp-server = "defaults"
-
-CFLAGS += "-D_GNU_SOURCE"
-EXTRA_OECONF = "--with-srv-lease-file=${localstatedir}/lib/dhcp/dhcpd.leases \
---with-srv6-lease-file=${localstatedir}/lib/dhcp/dhcpd6.leases 
\
-
--with-cli-lease-file=${localstatedir}/lib/dhcp/dhclient.leases \
-
--with-cli6-lease-file=${localstatedir}/lib/dhcp/dhclient6.leases \
---enable-paranoia --disable-static \
---with-randomdev=/dev/random \
---with-libbind=${STAGING_DIR_HOST} \
-   --enable-libtool \
-   "
-
-#Enable shared libs per dhcp README
-do_configure_prepend () {
-   cp configure.ac+lt configure.ac
-}
-
-do_install_append () {
-   install -d ${D}${sysconfdir}/init.d
-   install -d ${D}${sysconfdir}/default
-   install -d ${D}${sysconfdir}/dhcp
-   install -m 0755 ${WORKDIR}/init-relay 
${D}${sysconfdir}/init.d/dhcp-relay
-   install -m 0644 ${WORKDIR}/default-relay 
${D}${sysconfdir}/default/dhcp-relay
-   install -m 

[OE-core] [PATCH 6/6] maintainers.inc: add new packages remove dhcp

[akuster]

Signed-off-by: Armin Kuster 
---
 meta/conf/distro/include/maintainers.inc | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/meta/conf/distro/include/maintainers.inc 
b/meta/conf/distro/include/maintainers.inc
index fc1b5272da..31dfbf5064 100644
--- a/meta/conf/distro/include/maintainers.inc
+++ b/meta/conf/distro/include/maintainers.inc
@@ -144,7 +144,6 @@ RECIPE_MAINTAINER_pn-debianutils = "Yi Zhao 
"
 RECIPE_MAINTAINER_pn-dejagnu = "Nathan Rossi "
 RECIPE_MAINTAINER_pn-depmodwrapper-cross = "Mark Hatle 
"
 RECIPE_MAINTAINER_pn-desktop-file-utils = "Alexander Kanavin 
"
-RECIPE_MAINTAINER_pn-dhcp = "Hongxu Jia "
 RECIPE_MAINTAINER_pn-diffoscope = "Joshua Watt "
 RECIPE_MAINTAINER_pn-diffstat = "Chen Qi "
 RECIPE_MAINTAINER_pn-diffutils = "Chen Qi "
@@ -286,6 +285,7 @@ RECIPE_MAINTAINER_pn-json-c = "Yi Zhao 
"
 RECIPE_MAINTAINER_pn-json-glib = "Yi Zhao "
 RECIPE_MAINTAINER_pn-jquery = "Joshua Watt "
 RECIPE_MAINTAINER_pn-kbd = "Alexander Kanavin "
+RECIPE_MAINTAINER_pn-kea = "Armin Kuster "
 RECIPE_MAINTAINER_pn-kern-tools-native = "Bruce Ashfield 
"
 RECIPE_MAINTAINER_pn-kernel-devsrc = "Bruce Ashfield 
"
 RECIPE_MAINTAINER_pn-kexec-tools = "Armin Kuster "
@@ -393,7 +393,7 @@ RECIPE_MAINTAINER_pn-liburcu = "Alexander Kanavin 
"
 RECIPE_MAINTAINER_pn-liburi-perl = "Tim Orling 
"
 RECIPE_MAINTAINER_pn-libusb1 = "Anuj Mittal "
 RECIPE_MAINTAINER_pn-libubootenv = "Stefano Babic "
-RECIPE_MAINTAINER_pn-libuv = "Armin Kuster "
+RECIPE_MAINTAINER_pn-libuv = "Armin Kuster "
 RECIPE_MAINTAINER_pn-libva = "Anuj Mittal "
 RECIPE_MAINTAINER_pn-libva-initial = "Anuj Mittal "
 RECIPE_MAINTAINER_pn-libva-utils = "Anuj Mittal "
@@ -449,6 +449,7 @@ RECIPE_MAINTAINER_pn-linux-yocto-rt = "Bruce Ashfield 

 RECIPE_MAINTAINER_pn-linux-yocto-tiny = "Bruce Ashfield 
"
 RECIPE_MAINTAINER_pn-llvm = "Khem Raj "
 RECIPE_MAINTAINER_pn-logrotate = "Yi Zhao "
+RECIPE_MAINTAINER_pn-log4cplus = "Armin Kuster "
 RECIPE_MAINTAINER_pn-lrzsz = "Anuj Mittal "
 RECIPE_MAINTAINER_pn-lsb-release = "Hongxu Jia "
 RECIPE_MAINTAINER_pn-lsof = "Ross Burton "
-- 
2.17.1

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#139744): 
https://lists.openembedded.org/g/openembedded-core/message/139744
Mute This Topic: https://lists.openembedded.org/mt/75039179/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub  
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 2/6] bind: Update to latest ESV version 9.16

[akuster]

From: Armin Kuster 

Removed obsolete packageconfig options

License change to MPL-2.0
https://gitlab.isc.org/isc-projects/bind9/blob/master/LICENSE

Refreshed:
bind-ensure-searching-for-json-headers-searches-sysr.patch
0001-named-lwresd-V-and-start-log-hide-build-options.patch
bind-ensure-searching-for-json-headers-searches-sysr.patch

Drop obsolete patch: 0001-configure.in-remove-useless-L-use_openssl-lib.patch

Signed-off-by: Armin Kuster 
---
 in-remove-useless-L-use_openssl-lib.patch | 30 ---
 ...d-V-and-start-log-hide-build-options.patch | 33 +
 ...ching-for-json-headers-searches-sysr.patch | 14 +++
 .../bind/{bind_9.11.19.bb => bind_9.16.4.bb}  | 37 ++-
 4 files changed, 35 insertions(+), 79 deletions(-)
 delete mode 100644 
meta/recipes-connectivity/bind/bind/0001-configure.in-remove-useless-L-use_openssl-lib.patch
 rename meta/recipes-connectivity/bind/{bind_9.11.19.bb => bind_9.16.4.bb} (77%)

diff --git 
a/meta/recipes-connectivity/bind/bind/0001-configure.in-remove-useless-L-use_openssl-lib.patch
 
b/meta/recipes-connectivity/bind/bind/0001-configure.in-remove-useless-L-use_openssl-lib.patch
deleted file mode 100644
index 9d31b98080..00
--- 
a/meta/recipes-connectivity/bind/bind/0001-configure.in-remove-useless-L-use_openssl-lib.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From 2325a92f1896a2a7f586611686801b41fbc91b50 Mon Sep 17 00:00:00 2001
-From: Hongxu Jia 
-Date: Mon, 27 Aug 2018 15:00:51 +0800
-Subject: [PATCH] configure.in: remove useless `-L$use_openssl/lib'
-
-Since `--with-openssl=${STAGING_DIR_HOST}${prefix}' is used in bind recipe,
-the `-L$use_openssl/lib' has a hardcoded suffix, removing it is harmless
-and helpful for clean up host build path in isc-config.sh
-
-Upstream-Status: Inappropriate [oe-core specific]
-
-Signed-off-by: Hongxu Jia 
-

- configure.ac | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/configure.ac b/configure.ac
-index e85a5c6..2bbfc58 100644
 a/configure.ac
-+++ b/configure.ac
-@@ -1631,7 +1631,7 @@ If you don't want OpenSSL, use --without-openssl])
-   fi
-   ;;
-   *)
--  DST_OPENSSL_LIBS="-L$use_openssl/lib -lcrypto"
-+  DST_OPENSSL_LIBS="-lcrypto"
-   ;;
-   esac
-   fi
diff --git 
a/meta/recipes-connectivity/bind/bind/0001-named-lwresd-V-and-start-log-hide-build-options.patch
 
b/meta/recipes-connectivity/bind/bind/0001-named-lwresd-V-and-start-log-hide-build-options.patch
index 75908aa638..5bcc16c9b2 100644
--- 
a/meta/recipes-connectivity/bind/bind/0001-named-lwresd-V-and-start-log-hide-build-options.patch
+++ 
b/meta/recipes-connectivity/bind/bind/0001-named-lwresd-V-and-start-log-hide-build-options.patch
@@ -12,23 +12,24 @@ $ named -V
 Upstream-Status: Inappropriate [oe-core specific]
 
 Signed-off-by: Hongxu Jia 
+
+Refreshed for 9.16.0
+Signed-off-by: Armin Kuster 
+
 ---
  bin/named/include/named/globals.h | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
-diff --git a/bin/named/include/named/globals.h 
b/bin/named/include/named/globals.h
-index ba3457e..7741da7 100644
 a/bin/named/include/named/globals.h
-+++ b/bin/named/include/named/globals.h
-@@ -68,7 +68,7 @@ EXTERN const char *  ns_g_version
INIT(VERSION);
- EXTERN const char *   ns_g_productINIT(PRODUCT);
- EXTERN const char *   ns_g_descriptionINIT(DESCRIPTION);
- EXTERN const char *   ns_g_srcid  INIT(SRCID);
--EXTERN const char *   ns_g_configargs INIT(CONFIGARGS);
-+EXTERN const char *   ns_g_configargs INIT("*** (options are 
hidden)");
- EXTERN const char *   ns_g_builderINIT(BUILDER);
- EXTERN in_port_t  ns_g_port   INIT(0);
- EXTERN isc_dscp_t ns_g_dscp   INIT(-1);
--- 
-2.7.4
-
+Index: bind-9.16.0/bin/named/include/named/globals.h
+===
+--- bind-9.16.0.orig/bin/named/include/named/globals.h
 bind-9.16.0/bin/named/include/named/globals.h
+@@ -69,7 +69,7 @@ EXTERN const char *named_g_version I
+ EXTERN const char *named_g_product INIT(PRODUCT);
+ EXTERN const char *named_g_description INIT(DESCRIPTION);
+ EXTERN const char *named_g_srcid   INIT(SRCID);
+-EXTERN const char *named_g_configargs  INIT(CONFIGARGS);
++EXTERN const char *named_g_configargs  INIT("*** (options are hidden)");
+ EXTERN const char *named_g_builder INIT(BUILDER);
+ EXTERN in_port_t named_g_portINIT(0);
+ EXTERN isc_dscp_t named_g_dscp   INIT(-1);
diff --git 
a/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch
 
b/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch

[OE-core] [PATCH 3/6] log4cplus: move meta-oe pkg to core

[akuster]

pkg need for kea

Signed-off-by: Armin Kuster 
---
 .../log4cplus/log4cplus_2.0.5.bb  | 19 +++
 1 file changed, 19 insertions(+)
 create mode 100644 meta/recipes-devtools/log4cplus/log4cplus_2.0.5.bb

diff --git a/meta/recipes-devtools/log4cplus/log4cplus_2.0.5.bb 
b/meta/recipes-devtools/log4cplus/log4cplus_2.0.5.bb
new file mode 100644
index 00..967ac7623a
--- /dev/null
+++ b/meta/recipes-devtools/log4cplus/log4cplus_2.0.5.bb
@@ -0,0 +1,19 @@
+SUMMARY = "log4cplus provides a simple C++ logging API for log management"
+SECTION = "libs"
+HOMEPAGE = "http://sourceforge.net/projects/log4cplus/;
+BUGTRACKER = "http://sourceforge.net/p/log4cplus/bugs/;
+
+LICENSE = "Apache-2.0 & BSD-2-Clause"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=41e8e060c26822886b592ab4765c756b"
+
+SRC_URI = 
"${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}-stable/${PV}/${BP}.tar.gz \
+  "
+SRC_URI[md5sum] = "71dd956bf686195127559671f1426cff"
+SRC_URI[sha256sum] = 
"c07115c23219390633798def30b7b51a0f79fdeb857e4b49632f17746d0ceb97"
+
+UPSTREAM_CHECK_URI = 
"https://sourceforge.net/projects/log4cplus/files/log4cplus-stable/;
+UPSTREAM_CHECK_REGEX = "log4cplus-stable/(?P\d+(\.\d+)+)/"
+
+inherit autotools pkgconfig
+
+BBCLASSEXTEND = "native"
-- 
2.17.1

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#139741): 
https://lists.openembedded.org/g/openembedded-core/message/139741
Mute This Topic: https://lists.openembedded.org/mt/75039174/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub  
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 1/6] libuv: move from meta-oe to core for bind update

[akuster]

From: Armin Kuster 

Signed-off-by: Armin Kuster 
---
 meta/conf/distro/include/maintainers.inc  |  1 +
 .../libuv/libuv_1.34.2.bb | 19 +++
 2 files changed, 20 insertions(+)
 create mode 100644 meta/recipes-connectivity/libuv/libuv_1.34.2.bb

diff --git a/meta/conf/distro/include/maintainers.inc 
b/meta/conf/distro/include/maintainers.inc
index 6496a48e40..fc1b5272da 100644
--- a/meta/conf/distro/include/maintainers.inc
+++ b/meta/conf/distro/include/maintainers.inc
@@ -393,6 +393,7 @@ RECIPE_MAINTAINER_pn-liburcu = "Alexander Kanavin 
"
 RECIPE_MAINTAINER_pn-liburi-perl = "Tim Orling 
"
 RECIPE_MAINTAINER_pn-libusb1 = "Anuj Mittal "
 RECIPE_MAINTAINER_pn-libubootenv = "Stefano Babic "
+RECIPE_MAINTAINER_pn-libuv = "Armin Kuster "
 RECIPE_MAINTAINER_pn-libva = "Anuj Mittal "
 RECIPE_MAINTAINER_pn-libva-initial = "Anuj Mittal "
 RECIPE_MAINTAINER_pn-libva-utils = "Anuj Mittal "
diff --git a/meta/recipes-connectivity/libuv/libuv_1.34.2.bb 
b/meta/recipes-connectivity/libuv/libuv_1.34.2.bb
new file mode 100644
index 00..234cec37bb
--- /dev/null
+++ b/meta/recipes-connectivity/libuv/libuv_1.34.2.bb
@@ -0,0 +1,19 @@
+SUMMARY = "A multi-platform support library with a focus on asynchronous I/O"
+HOMEPAGE = "https://github.com/libuv/libuv;
+BUGTRACKER = "https://github.com/libuv/libuv/issues;
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=a68902a430e32200263d182d44924d47"
+
+SRCREV = "f868c9ab0c307525a16fff99fd21e32a6ebc3837"
+SRC_URI = "git://github.com/libuv/libuv;branch=v1.x"
+
+S = "${WORKDIR}/git"
+
+inherit autotools
+
+do_configure() {
+${S}/autogen.sh || bbnote "${PN} failed to autogen.sh"
+oe_runconf
+}
+
+BBCLASSEXTEND = "native"
-- 
2.17.1

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#139739): 
https://lists.openembedded.org/g/openembedded-core/message/139739
Mute This Topic: https://lists.openembedded.org/mt/75039171/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub  
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 0/6] Update bind and replace dhcp

[akuster]

Move to the latest Bind ESV and replace the depricated dhcp with kea.
Three packages need to move from meta-oe to core.

The new bind is not compatable with the dhcp

Armin Kuster (6):
  libuv: move from meta-oe to core for bind update
  bind: Update to latest ESV version 9.16
  log4cplus: move meta-oe pkg to core
  kea: Move to core
  dhcp: remove depricated package
  maintainers.inc: add new packages remove dhcp

 meta/conf/distro/include/maintainers.inc  |   4 +-
 in-remove-useless-L-use_openssl-lib.patch |  30 
 ...d-V-and-start-log-hide-build-options.patch |  33 ++--
 ...ching-for-json-headers-searches-sysr.patch |  14 +-
 .../bind/{bind_9.11.19.bb => bind_9.16.4.bb}  |  37 ++---
 meta/recipes-connectivity/dhcp/dhcp.inc   | 149 --
 ...TH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.patch |  27 
 ...-limitation-in-linux-dhclient-script.patch |  65 
 .../dhcp/dhcp/0002-dhclient-dbus.patch| 117 --
 .../dhcp/dhcp/0003-link-with-lcrypto.patch|  35 
 .../dhcp/0004-Fix-out-of-tree-builds.patch|  95 ---
 ...invoke-dhclient-script-failed-on-Rea.patch |  36 -
 ...gument-to-make-the-libxml2-dependenc.patch |  62 
 ...move-dhclient-script-bash-dependency.patch |  28 
 ...ct-the-intention-for-xml2-lib-search.patch |  34 
 .../dhcp/dhcp/0013-fixup_use_libbind.patch|  64 
 meta/recipes-connectivity/dhcp/dhcp_4.4.2.bb  |  21 ---
 .../kea/files/0001-remove-AC_TRY_RUN.patch|  34 
 .../kea/files/kea-dhcp-ddns.service   |  13 ++
 .../kea/files/kea-dhcp4.service   |  13 ++
 .../kea/files/kea-dhcp6.service   |  13 ++
 meta/recipes-connectivity/kea/kea_1.7.7.bb|  67 
 .../libuv/libuv_1.34.2.bb |  19 +++
 .../log4cplus/log4cplus_2.0.5.bb  |  19 +++
 24 files changed, 216 insertions(+), 813 deletions(-)
 delete mode 100644 
meta/recipes-connectivity/bind/bind/0001-configure.in-remove-useless-L-use_openssl-lib.patch
 rename meta/recipes-connectivity/bind/{bind_9.11.19.bb => bind_9.16.4.bb} (77%)
 delete mode 100644 meta/recipes-connectivity/dhcp/dhcp.inc
 delete mode 100644 
meta/recipes-connectivity/dhcp/dhcp/0001-define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.patch
 delete mode 100644 
meta/recipes-connectivity/dhcp/dhcp/0001-workaround-busybox-limitation-in-linux-dhclient-script.patch
 delete mode 100644 meta/recipes-connectivity/dhcp/dhcp/0002-dhclient-dbus.patch
 delete mode 100644 
meta/recipes-connectivity/dhcp/dhcp/0003-link-with-lcrypto.patch
 delete mode 100644 
meta/recipes-connectivity/dhcp/dhcp/0004-Fix-out-of-tree-builds.patch
 delete mode 100644 
meta/recipes-connectivity/dhcp/dhcp/0005-dhcp-client-fix-invoke-dhclient-script-failed-on-Rea.patch
 delete mode 100644 
meta/recipes-connectivity/dhcp/dhcp/0007-Add-configure-argument-to-make-the-libxml2-dependenc.patch
 delete mode 100644 
meta/recipes-connectivity/dhcp/dhcp/0009-remove-dhclient-script-bash-dependency.patch
 delete mode 100644 
meta/recipes-connectivity/dhcp/dhcp/0012-dhcp-correct-the-intention-for-xml2-lib-search.patch
 delete mode 100644 
meta/recipes-connectivity/dhcp/dhcp/0013-fixup_use_libbind.patch
 delete mode 100644 meta/recipes-connectivity/dhcp/dhcp_4.4.2.bb
 create mode 100644 
meta/recipes-connectivity/kea/files/0001-remove-AC_TRY_RUN.patch
 create mode 100644 meta/recipes-connectivity/kea/files/kea-dhcp-ddns.service
 create mode 100644 meta/recipes-connectivity/kea/files/kea-dhcp4.service
 create mode 100644 meta/recipes-connectivity/kea/files/kea-dhcp6.service
 create mode 100644 meta/recipes-connectivity/kea/kea_1.7.7.bb
 create mode 100644 meta/recipes-connectivity/libuv/libuv_1.34.2.bb
 create mode 100644 meta/recipes-devtools/log4cplus/log4cplus_2.0.5.bb

-- 
2.17.1

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#139738): 
https://lists.openembedded.org/g/openembedded-core/message/139738
Mute This Topic: https://lists.openembedded.org/mt/75039170/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub  
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [AUH] bind: upgrading to 9.16.3 FAILED

[akuster]

On 6/17/20 1:22 AM, a...@auh.yoctoproject.org wrote:
> Hello,
>
> this email is a notification from the Auto Upgrade Helper
> that the automatic attempt to upgrade the recipe *bind* to *9.16.3* has 
> Failed (devtool error).

Its on my list to update the work i did awhile back.

-armin
>
> Detailed error information:
>
> The following devtool command failed:  upgrade bind -V 9.16.3
> NOTE: Starting bitbake server...
> INFO: Creating workspace layer in 
> /home/pokybuild/yocto-worker/auh/build/build/build/workspace
> Loading cache...done.
> Loaded 0 entries from dependency cache.
> Parsing recipes...done.
> Parsing of 775 .bb files complete (0 cached, 775 parsed). 1330 targets, 33 
> skipped, 0 masked, 0 errors.
> INFO: Extracting current version source...
> NOTE: Resolving any missing task queue dependencies
>
> Build Configuration:
> BB_VERSION   = "1.46.0"
> BUILD_SYS= "x86_64-linux"
> NATIVELSBSTRING  = "universal"
> TARGET_SYS   = "x86_64-poky-linux"
> MACHINE  = "qemux86-64"
> DISTRO   = "poky"
> DISTRO_VERSION   = "3.1+snapshot-20200616"
> TUNE_FEATURES= "m64 core2"
> TARGET_FPU   = ""
> meta 
> meta-poky
> meta-yocto-bsp   = 
> "tmp-auh-upgrades:816a12758bfcb5409accbf636ec58d9fa917cdb6"
> workspace= "master:816a12758bfcb5409accbf636ec58d9fa917cdb6"
>
> Initialising tasks...done.
> Sstate summary: Wanted 0 Found 0 Missed 0 Current 20 (0% match, 100% complete)
> NOTE: Executing Tasks
> NOTE: Tasks Summary: Attempted 93 tasks of which 90 didn't need to be rerun 
> and all succeeded.
> NOTE: Writing buildhistory
> NOTE: Writing buildhistory took: 8 seconds
> INFO: Adding local source files to srctree...
> INFO: Extracting upgraded version source...
> INFO: Fetching https://ftp.isc.org/isc/bind9/9.16.3/bind-9.16.3.tar.gz...
> Loading cache...done.
> Loaded 1330 entries from dependency cache.
> Parsing recipes...done.
> Parsing of 776 .bb files complete (774 cached, 2 parsed). 1331 targets, 33 
> skipped, 0 masked, 0 errors.
> NOTE: Resolving any missing task queue dependencies
>
> Build Configuration:
> BB_VERSION   = "1.46.0"
> BUILD_SYS= "x86_64-linux"
> NATIVELSBSTRING  = "universal"
> TARGET_SYS   = "x86_64-poky-linux"
> MACHINE  = "qemux86-64"
> DISTRO   = "poky"
> DISTRO_VERSION   = "3.1+snapshot-20200616"
> TUNE_FEATURES= "m64 core2"
> TARGET_FPU   = ""
> meta 
> meta-poky
> meta-yocto-bsp   = 
> "tmp-auh-upgrades:816a12758bfcb5409accbf636ec58d9fa917cdb6"
> workspace= "master:816a12758bfcb5409accbf636ec58d9fa917cdb6"
>
> Initialising tasks...done.
> Sstate summary: Wanted 0 Found 0 Missed 0 Current 0 (0% match, 0% complete)
> NOTE: No setscene tasks
> NOTE: Executing Tasks
> WARNING: Failed to fetch URL 
> https://ftp.isc.org/isc/bind9/9.16.3/bind-9.16.3.tar.gz, attempting MIRRORS 
> if available
> ERROR: Fetcher failure: Fetch command export PSEUDO_DISABLED=1; unset 
> _PYTHON_SYSCONFIGDATA_NAME; export ftp_proxy="http://proxy.yocto.io:5187/;; 
> export FTP_PROXY="http://proxy.yocto.io:5187/;; export 
> PATH="/home/pokybuild/yocto-worker/auh/build/build/build/tmp/sysroots-uninative/x86_64-linux/usr/bin:/home/pokybuild/yocto-worker/auh/build/build/poky/scripts:/home/pokybuild/yocto-worker/auh/build/build/build/tmp/work/recipetool-jyvexl6r/work/recipe-sysroot-native/usr/bin/x86_64-poky-linux:/home/pokybuild/yocto-worker/auh/build/build/build/tmp/work/recipetool-jyvexl6r/work/recipe-sysroot/usr/bin/crossscripts:/home/pokybuild/yocto-worker/auh/build/build/build/tmp/work/recipetool-jyvexl6r/work/recipe-sysroot-native/usr/sbin:/home/pokybuild/yocto-worker/auh/build/build/build/tmp/work/recipetool-jyvexl6r/work/recipe-sysroot-native/usr/bin:/home/pokybuild/yocto-worker/auh/build/build/build/tmp/work/recipetool-jyvexl6r/work/recipe-sysroot-native/sbin:/home/pokybuild/yocto-worker/auh/
>  
> build/build/build/tmp/work/recipetool-jyvexl6r/work/recipe-sysroot-native/bin:/home/pokybuild/yocto-worker/auh/build/build/poky/bitbake/bin:/home/pokybuild/yocto-worker/auh/build/build/build/tmp/hosttools";
>  export HOME="/home/pokybuild"; /usr/bin/env wget -t 2 -T 30 --passive-ftp 
> --no-check-certificate -P 
> /home/pokybuild/yocto-worker/auh/build/build/build/downloads 
> 'https://ftp.isc.org/isc/bind9/9.16.3/bind-9.16.3.tar.gz' --progress=dot -v 
> failed with exit code 8, output:
> --2020-06-16 20:06:17--  
> https://ftp.isc.org/isc/bind9/9.16.3/bind-9.16.3.tar.gz
> Resolving ftp.isc.org (ftp.isc.org)... 2001:4f8:1:f::49, 149.20.1.49
> Connecting to ftp.isc.org (ftp.isc.org)|2001:4f8:1:f::49|:443... connected.
> HTTP request sent, awaiting response... 404 Not Found
> 2020-06-16 20:06:18 ERROR 404: Not Found.
>
>
> ERROR: Fetcher failure for URL: 
> 'https://ftp.isc.org/isc/bind9/9.16.3/bind-9.16.3.tar.gz'. Unable to fetch 
> URL from any source.
> ERROR: Logfile of 

Re: [OE-core][master][PATCH] libjpeg-turbo: Fix CVE-2020-13790

[akuster]

On 6/18/20 1:31 AM, jason.lau wrote:
> libjpeg-turbo 2.0.4 has a heap-based buffer over-read
> in get_rgb_row() in rdppm.c via a malformed PPM input file.
>
> CVE: CVE-2020-13790

What about dunfell?

-armin
>
> Upstream-Status: Backport
> [https://github.com/libjpeg-turbo/libjpeg-turbo/commit/3de15e0c344d11d4b90f4a47136467053eb2d09a]
>
> Signed-off-by: Liu Haitao 
> ---
>  ...buf-overrun-caused-by-bad-binary-PPM.patch | 81 +++
>  .../jpeg/libjpeg-turbo_2.0.4.bb   |  1 +
>  2 files changed, 82 insertions(+)
>  create mode 100644 
> meta/recipes-graphics/jpeg/files/0001-rdppm.c-Fix-buf-overrun-caused-by-bad-binary-PPM.patch
>
> diff --git 
> a/meta/recipes-graphics/jpeg/files/0001-rdppm.c-Fix-buf-overrun-caused-by-bad-binary-PPM.patch
>  
> b/meta/recipes-graphics/jpeg/files/0001-rdppm.c-Fix-buf-overrun-caused-by-bad-binary-PPM.patch
> new file mode 100644
> index 00..518df2d28e
> --- /dev/null
> +++ 
> b/meta/recipes-graphics/jpeg/files/0001-rdppm.c-Fix-buf-overrun-caused-by-bad-binary-PPM.patch
> @@ -0,0 +1,81 @@
> +From ae2fc496c622bdf0c409b93006bbb69d2cabd41f Mon Sep 17 00:00:00 2001
> +From: DRC 
> +Date: Tue, 2 Jun 2020 14:15:37 -0500
> +Subject: [PATCH] rdppm.c: Fix buf overrun caused by bad binary PPM
> +
> +This extends the fix in 1e81b0c3ea26f4ea8f56de05367469333de64a9f to
> +include binary PPM files with maximum values < 255, thus preventing a
> +malformed binary PPM input file with those specifications from
> +triggering an overrun of the rescale array and potentially crashing
> +cjpeg, TJBench, or any program that uses the tjLoadImage() function.
> +
> +Fixes #433
> +
> +CVE: CVE-2020-13790
> +
> +Signed-off-by: Liu Haitao 
> +---
> + ChangeLog.md | 20 
> + rdppm.c  |  4 ++--
> + 2 files changed, 18 insertions(+), 6 deletions(-)
> +
> +diff --git a/ChangeLog.md b/ChangeLog.md
> +index 4d1219e..250bcaa 100644
> +--- a/ChangeLog.md
>  b/ChangeLog.md
> +@@ -1,3 +1,15 @@
> ++2.0.5
> ++=
> ++
> ++### Significant changes relative to 2.0.4:
> ++
> ++1. Fixed an issue in the PPM reader that caused a buffer overrun in cjpeg,
> ++TJBench, or the `tjLoadImage()` function if one of the values in a binary
> ++PPM/PGM input file exceeded the maximum value defined in the file's header 
> and
> ++that maximum value was less than 255.  libjpeg-turbo 1.5.0 already included 
> a
> ++similar fix for binary PPM/PGM files with maximum values greater than 255.
> ++
> ++
> + 2.0.4
> + =
> + 
> +@@ -562,10 +574,10 @@ application was linked against.
> + 
> + 3. Fixed a couple of issues in the PPM reader that would cause buffer 
> overruns
> + in cjpeg if one of the values in a binary PPM/PGM input file exceeded the
> +-maximum value defined in the file's header.  libjpeg-turbo 1.4.2 already
> +-included a similar fix for ASCII PPM/PGM files.  Note that these issues were
> +-not security bugs, since they were confined to the cjpeg program and did not
> +-affect any of the libjpeg-turbo libraries.
> ++maximum value defined in the file's header and that maximum value was 
> greater
> ++than 255.  libjpeg-turbo 1.4.2 already included a similar fix for ASCII 
> PPM/PGM
> ++files.  Note that these issues were not security bugs, since they were 
> confined
> ++to the cjpeg program and did not affect any of the libjpeg-turbo libraries.
> + 
> + 4. Fixed an issue whereby attempting to decompress a JPEG file with a 
> corrupt
> + header using the `tjDecompressToYUV2()` function would cause the function to
> +diff --git a/rdppm.c b/rdppm.c
> +index 87bc330..a8507b9 100644
> +--- a/rdppm.c
>  b/rdppm.c
> +@@ -5,7 +5,7 @@
> +  * Copyright (C) 1991-1997, Thomas G. Lane.
> +  * Modified 2009 by Bill Allombert, Guido Vollbeding.
> +  * libjpeg-turbo Modifications:
> +- * Copyright (C) 2015-2017, D. R. Commander.
> ++ * Copyright (C) 2015-2017, 2020, D. R. Commander.
> +  * For conditions of distribution and use, see the accompanying README.ijg
> +  * file.
> +  *
> +@@ -720,7 +720,7 @@ start_input_ppm(j_compress_ptr cinfo, cjpeg_source_ptr 
> sinfo)
> + /* On 16-bit-int machines we have to be careful of maxval = 65535 */
> + source->rescale = (JSAMPLE *)
> +   (*cinfo->mem->alloc_small) ((j_common_ptr)cinfo, JPOOL_IMAGE,
> +-  (size_t)(((long)maxval + 1L) *
> ++  (size_t)(((long)MAX(maxval, 255) + 1L) *
> +sizeof(JSAMPLE)));
> + half_maxval = maxval / 2;
> + for (val = 0; val <= (long)maxval; val++) {
> +-- 
> +2.17.0
> +
> diff --git a/meta/recipes-graphics/jpeg/libjpeg-turbo_2.0.4.bb 
> b/meta/recipes-graphics/jpeg/libjpeg-turbo_2.0.4.bb
> index 1f49fd3d3b..e210635c4f 100644
> --- a/meta/recipes-graphics/jpeg/libjpeg-turbo_2.0.4.bb
> +++ b/meta/recipes-graphics/jpeg/libjpeg-turbo_2.0.4.bb
> @@ -12,6 +12,7 @@ DEPENDS_append_x86_class-target= " nasm-native"
>  
>  SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}-${PV}.tar.gz \
>