[oe][meta-oe][scarthgap][PATCH] libdbd-mysql-perl: avoid invoking assert_lib at do_configure stage

[Chen Qi via lists.openembedded.org]

From: Chen Qi 

The assert_lib from perl package will execute the generated binary.
This is not suitable for cross compilation environment such as OE.

In OE, if the libs are not available, the following do_compile task
will just fail.

So we should avoid invoking assert_lib at do_configure stage to avoid
error message like below in log.do_configure:

  /usr/lib64/ld-linux-aarch64.so.1: No such file or directory

Signed-off-by: Chen Qi 
---
 ...void-running-assert_lib-at-configure.patch | 40 +++
 .../perl/libdbd-mysql-perl_4.050.bb   |  4 +-
 2 files changed, 43 insertions(+), 1 deletion(-)
 create mode 100644 
meta-oe/recipes-devtools/perl/libdbd-mysql-perl/0001-Makefile.PL-avoid-running-assert_lib-at-configure.patch

diff --git 
a/meta-oe/recipes-devtools/perl/libdbd-mysql-perl/0001-Makefile.PL-avoid-running-assert_lib-at-configure.patch
 
b/meta-oe/recipes-devtools/perl/libdbd-mysql-perl/0001-Makefile.PL-avoid-running-assert_lib-at-configure.patch
new file mode 100644
index 00..2e010931d6
--- /dev/null
+++ 
b/meta-oe/recipes-devtools/perl/libdbd-mysql-perl/0001-Makefile.PL-avoid-running-assert_lib-at-configure.patch
@@ -0,0 +1,40 @@
+From 577cdd6a571cfed506ec902b9021e60a2b854e4a Mon Sep 17 00:00:00 2001
+From: Chen Qi 
+Date: Sun, 7 Jul 2024 22:32:30 -0700
+Subject: [PATCH] Makefile.PL: avoid running assert_lib at configure
+
+The assert_lib will run the generated binary. When cross compiling,
+e.g., for qemuarm64, we'll see error like below:
+
+  /usr/lib64/ld-linux-aarch64.so.1: No such file or directory
+
+We should just skip library checking, because in OE, if these libs are
+not available, the do_compile process will fail anyway.
+
+Upstream-Status: Inappropriate [OE Specific]
+
+Signed-off-by: Chen Qi 
+---
+ Makefile.PL | 6 +-
+ 1 file changed, 1 insertion(+), 5 deletions(-)
+
+diff --git a/Makefile.PL b/Makefile.PL
+index a1b38f6..939cadc 100644
+--- a/Makefile.PL
 b/Makefile.PL
+@@ -206,11 +206,7 @@ To change these settings, see 'perl Makefile.PL --help' 
and
+ MSG
+ 
+ print "Checking if libs are available for compiling...\n";
+-
+-assert_lib(
+-  LIBS => ($opt->{'embedded'} ? $opt->{'embedded'} : $opt->{libs}),
+-);
+-
++print "Skip checking libs at configure stage as we are cross compiling.\n";
+ print "Looks good.\n\n";
+ 
+ sleep 1;
+-- 
+2.25.1
+
diff --git a/meta-oe/recipes-devtools/perl/libdbd-mysql-perl_4.050.bb 
b/meta-oe/recipes-devtools/perl/libdbd-mysql-perl_4.050.bb
index fc505fe1e8..99a9fcf628 100644
--- a/meta-oe/recipes-devtools/perl/libdbd-mysql-perl_4.050.bb
+++ b/meta-oe/recipes-devtools/perl/libdbd-mysql-perl_4.050.bb
@@ -15,7 +15,9 @@ DEPENDS += "libdev-checklib-perl-native libdbi-perl-native 
libmysqlclient"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=d0a06964340e5c0cde88b7af611f755c"
 
 SRCREV = "9b5b70ea372f49fe9bc9e592dae3870596d1e3d6"
-SRC_URI = 
"git://github.com/perl5-dbi/DBD-mysql.git;protocol=https;branch=master"
+SRC_URI = 
"git://github.com/perl5-dbi/DBD-mysql.git;protocol=https;branch=master \
+   file://0001-Makefile.PL-avoid-running-assert_lib-at-configure.patch 
\
+   "
 
 S = "${WORKDIR}/git"
 
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#111281): 
https://lists.openembedded.org/g/openembedded-devel/message/111281
Mute This Topic: https://lists.openembedded.org/mt/107119065/21656
Group Owner: openembedded-devel+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[oe][meta-oe][PATCH] xscreensaver: remove obsolete append_libtool_sysroot

[Chen Qi via lists.openembedded.org]

From: Chen Qi 

Due to recent libtool change in oe-core, append_libtool_sysroot is
no longer defined. Remove reference to it to avoid bitbake parsing
error.

Signed-off-by: Chen Qi 
---
 meta-oe/recipes-graphics/xscreensaver/xscreensaver_6.04.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta-oe/recipes-graphics/xscreensaver/xscreensaver_6.04.bb 
b/meta-oe/recipes-graphics/xscreensaver/xscreensaver_6.04.bb
index c06c9e96b..d698efa5e 100644
--- a/meta-oe/recipes-graphics/xscreensaver/xscreensaver_6.04.bb
+++ b/meta-oe/recipes-graphics/xscreensaver/xscreensaver_6.04.bb
@@ -34,7 +34,7 @@ PACKAGECONFIG = "png 
${@bb.utils.contains('DISTRO_FEATURES','systemd','systemd',
 PACKAGECONFIG[systemd] = "--with-systemd=yes,--with-systemd=no,systemd"
 PACKAGECONFIG[png] = "--with-png=yes,--with-png=no,libpng"
 
-CONFIGUREOPTS:remove = "--disable-silent-rules --disable-dependency-tracking 
${@append_libtool_sysroot(d)}"
+CONFIGUREOPTS:remove = "--disable-silent-rules --disable-dependency-tracking"
 EXTRA_OECONF:remove = "--disable-static"
 
 do_install:append() {
-- 
2.45.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#110694): 
https://lists.openembedded.org/g/openembedded-devel/message/110694
Mute This Topic: https://lists.openembedded.org/mt/106498540/21656
Group Owner: openembedded-devel+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [oe] [meta-multimedia][PATCH] sample-content: Set UNPACKDIR to S to avoid a QA warning

[Chen Qi via lists.openembedded.org]

I think you need to do the opposite, setting S using UNPACKDIR.

Regards,
Qi


On 5/27/24 15:33, Yoann Congal via lists.openembedded.org wrote:

Since recent UNPACKDIR work, default S directory is not created anymore.
By setting UNPACKDIR to S, S in indirectly created in do_unpack.

Fixes these warnings:
   WARNING: bigbuckbunny-480p-1.0-r0 do_unpack: bigbuckbunny-480p: the 
directory ${WORKDIR}/${BP} 
(.../tmp/work/all-poky-linux/bigbuckbunny-480p/1.0/bigbuckbunny-480p-1.0) 
pointed to by the S variable doesn't exist - please set S within the recipe to 
point to where the source has been unpacked to
   WARNING: bigbuckbunny-720p-1.0-r0 do_unpack: bigbuckbunny-720p: the 
directory ${WORKDIR}/${BP} 
(.../tmp/work/all-poky-linux/bigbuckbunny-720p/1.0/bigbuckbunny-720p-1.0) 
pointed to by the S variable doesn't exist - please set S within the recipe to 
point to where the source has been unpacked to
   WARNING: bigbuckbunny-1080p-1.0-r0 do_unpack: bigbuckbunny-1080p: the 
directory ${WORKDIR}/${BP} 
(.../tmp/work/all-poky-linux/bigbuckbunny-1080p/1.0/bigbuckbunny-1080p-1.0) 
pointed to by the S variable doesn't exist - please set S within the recipe to 
point to where the source has been unpacked to
   WARNING: tearsofsteel-1080p-1.0-r0 do_unpack: tearsofsteel-1080p: the 
directory ${WORKDIR}/${BP} 
(.../tmp/work/all-poky-linux/tearsofsteel-1080p/1.0/tearsofsteel-1080p-1.0) 
pointed to by the S variable doesn't exist - please set S within the recipe to 
point to where the source has been unpacked to

Signed-off-by: Yoann Congal 
Reviewed-by: Alexandre Truong 
---
  .../recipes-multimedia/sample-content/bigbuckbunny-1080p.bb | 2 ++
  .../recipes-multimedia/sample-content/bigbuckbunny-480p.bb  | 2 ++
  .../recipes-multimedia/sample-content/bigbuckbunny-720p.bb  | 2 ++
  .../recipes-multimedia/sample-content/tearsofsteel-1080p.bb | 2 ++
  4 files changed, 8 insertions(+)

diff --git 
a/meta-multimedia/recipes-multimedia/sample-content/bigbuckbunny-1080p.bb 
b/meta-multimedia/recipes-multimedia/sample-content/bigbuckbunny-1080p.bb
index e5a8f085b..83ad136b4 100644
--- a/meta-multimedia/recipes-multimedia/sample-content/bigbuckbunny-1080p.bb
+++ b/meta-multimedia/recipes-multimedia/sample-content/bigbuckbunny-1080p.bb
@@ -9,6 +9,8 @@ SRC_URI[sha256sum] = 
"69fe2cfe7154a6e752688e3a0d7d6b07b1605bbaf75b56f6470dc7b4c2
  
  inherit allarch
  
+UNPACKDIR = "${S}"

+
  do_install() {
  install -d ${D}${datadir}/movies
  install -m 0644 ${UNPACKDIR}/big_buck_bunny_1080p_surround.avi 
${D}${datadir}/movies/
diff --git 
a/meta-multimedia/recipes-multimedia/sample-content/bigbuckbunny-480p.bb 
b/meta-multimedia/recipes-multimedia/sample-content/bigbuckbunny-480p.bb
index 37e519790..b054948e6 100644
--- a/meta-multimedia/recipes-multimedia/sample-content/bigbuckbunny-480p.bb
+++ b/meta-multimedia/recipes-multimedia/sample-content/bigbuckbunny-480p.bb
@@ -9,6 +9,8 @@ SRC_URI[sha256sum] = 
"40d1cf5bc8e1b0e55dac7bb2e3fbc2aea05b6679444864781299b24db0
  
  inherit allarch
  
+UNPACKDIR = "${S}"

+
  do_install() {
  install -d ${D}${datadir}/movies
  install -m 0644 ${UNPACKDIR}/big_buck_bunny_480p_surround-fix.avi 
${D}${datadir}/movies/
diff --git 
a/meta-multimedia/recipes-multimedia/sample-content/bigbuckbunny-720p.bb 
b/meta-multimedia/recipes-multimedia/sample-content/bigbuckbunny-720p.bb
index 2b233d3e1..4b80d110a 100644
--- a/meta-multimedia/recipes-multimedia/sample-content/bigbuckbunny-720p.bb
+++ b/meta-multimedia/recipes-multimedia/sample-content/bigbuckbunny-720p.bb
@@ -9,6 +9,8 @@ SRC_URI[sha256sum] = 
"b957d6e6212638441b52d3b620af157cc8d40c2a0342669294854a06ed
  
  inherit allarch
  
+UNPACKDIR = "${S}"

+
  do_install() {
  install -d ${D}${datadir}/movies
  install -m 0644 ${UNPACKDIR}/big_buck_bunny_720p_surround.avi 
${D}${datadir}/movies/
diff --git 
a/meta-multimedia/recipes-multimedia/sample-content/tearsofsteel-1080p.bb 
b/meta-multimedia/recipes-multimedia/sample-content/tearsofsteel-1080p.bb
index 34753fdb1..02b3c3048 100644
--- a/meta-multimedia/recipes-multimedia/sample-content/tearsofsteel-1080p.bb
+++ b/meta-multimedia/recipes-multimedia/sample-content/tearsofsteel-1080p.bb
@@ -8,6 +8,8 @@ SRC_URI[sha256sum] = 
"bd2b5bc6c16d4085034f47ef7e4b3938afe86b4eec4ac3cf2685367d3b
  
  inherit allarch
  
+UNPACKDIR = "${S}"

+
  do_install() {
  install -d ${D}${datadir}/movies
  install -m 0644 ${UNPACKDIR}/ToS-4k-1920.mov ${D}${datadir}/movies/






-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#110534): 
https://lists.openembedded.org/g/openembedded-devel/message/110534
Mute This Topic: https://lists.openembedded.org/mt/10632/21656
Group Owner: openembedded-devel+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [oe][meta-oe][kirkstone][PATCH 1/1] openvpn: ignore CVE-2023-7235

[Chen Qi via lists.openembedded.org]

Hi Yoann,

This is because OE's cve-checker uses the configuration field to check. 
If a CVE lacks such field, it's not on the list.

https://nvd.nist.gov/vuln/detail/CVE-2023-7235

Regards,
Qi

On 3/7/24 21:49, Yoann Congal wrote:

Hi,

Le jeu. 7 mars 2024 à 10:21, Soumya via lists.openembedded.org 
 
 a écrit :


From: Soumya Sambu 

This CVE is related to OpenVPN 2.x GUI on Windows.

References:
https://community.openvpn.net/openvpn/wiki/CVE-2023-7235


https://security-tracker.debian.org/tracker/CVE-2023-7235



Signed-off-by: Soumya Sambu 
---
 meta-networking/recipes-support/openvpn/openvpn_2.5.6.bb


| 3 +++
 1 file changed, 3 insertions(+)

diff --git
a/meta-networking/recipes-support/openvpn/openvpn_2.5.6.bb


b/meta-networking/recipes-support/openvpn/openvpn_2.5.6.bb


index 218e72b7a..828cd5033 100644
--- a/meta-networking/recipes-support/openvpn/openvpn_2.5.6.bb


+++ b/meta-networking/recipes-support/openvpn/openvpn_2.5.6.bb


@@ -19,6 +19,9 @@ SRC_URI[sha256sum] =
"333a7ef3d5b317968aca2c77bdc29aa7c6d6bb3316eb3f79743b59c532
 # CVE-2020-7224 and CVE-2020-27569 are for Aviatrix OpenVPN
client, not for openvpn.
 CVE_CHECK_IGNORE += "CVE-2020-7224 CVE-2020-27569"

+# CVE-2023-7235 is specific to Windows platform
+CVE_CHECK_IGNORE += "CVE-2023-7235"


That's weird, this CVE does not appear as applicable neither locally 
for me or on the AB: 
https://autobuilder.yocto.io/pub/non-release/patchmetrics-meta-oe/cve-status-kirkstone.txt 


Did you do something specific to see this CVE?

+
 SYSTEMD_SERVICE:${PN} += "openvpn@loopback-server.service
openvpn@loopback-client.service"
 SYSTEMD_AUTO_ENABLE = "disable"

-- 
2.40.0







--
Yoann Congal
Smile ECS - Tech expert




-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#109480): 
https://lists.openembedded.org/g/openembedded-devel/message/109480
Mute This Topic: https://lists.openembedded.org/mt/104784192/21656
Group Owner: openembedded-devel+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[oe] [meta-networking][PATCH] tcprelay: fix a minor cross compilation do_configure issue

[Chen Qi via lists.openembedded.org]

From: Chen Qi 

We're seeing errors like below in log.do_configure:

  ./conftest: cannot execute binary file: Exec format error

The tcprelay's configure have two places to execute ./conftest.
And the result happens to be correct even with the error above.

Instead of leaving the errors as they are, we explicitly skip
running ./conftest in case of cross compiling. The build will
continue to succeed and result will remain the same.

Signed-off-by: Chen Qi 
---
 ...not-run-conftest-in-case-of-cross-co.patch | 51 +++
 .../tcpreplay/tcpreplay_4.4.4.bb  |  1 +
 2 files changed, 52 insertions(+)
 create mode 100644 
meta-networking/recipes-support/tcpreplay/tcpreplay/0001-configure.ac-do-not-run-conftest-in-case-of-cross-co.patch

diff --git 
a/meta-networking/recipes-support/tcpreplay/tcpreplay/0001-configure.ac-do-not-run-conftest-in-case-of-cross-co.patch
 
b/meta-networking/recipes-support/tcpreplay/tcpreplay/0001-configure.ac-do-not-run-conftest-in-case-of-cross-co.patch
new file mode 100644
index 0..08cb3b88f
--- /dev/null
+++ 
b/meta-networking/recipes-support/tcpreplay/tcpreplay/0001-configure.ac-do-not-run-conftest-in-case-of-cross-co.patch
@@ -0,0 +1,51 @@
+From 42f7bbc1ce4913fe2c0bc76293c5445d31690f5d Mon Sep 17 00:00:00 2001
+From: Chen Qi 
+Date: Thu, 7 Mar 2024 21:02:07 -0800
+Subject: [PATCH] configure.ac: do not run conftest in case of cross
+ compilation
+
+It'll give us nothing but error like below:
+
+  ./conftest: cannot execute binary file: Exec format error
+  ...
+  ./configure: line 23950: test: -eq: unary operator expected
+
+The version check only has effect on Apple systems. We'd better
+avoid error like above when cross compilation.
+
+Also, in case of cross compilation, instead of having the above
+Exec format error and resulting in unaligned_cv_fail to yes, set
+it directly to yes.
+
+Upstream-Status: Submitted [https://github.com/appneta/tcpreplay/pull/849]
+
+Signed-off-by: Chen Qi 
+---
+ configure.ac | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 387219de..15201601 100644
+--- a/configure.ac
 b/configure.ac
+@@ -928,7 +928,7 @@ cat >conftest.c </dev/null 2>&1
+-if test -x conftest ; then
++if test -x conftest -a "$cross_compiling" != "yes"; then
+ full_libpcap_version=$(LD_LIBRARY_PATH="$LPCAP_LD_LIBRARY_PATH" 
./conftest)
+ libpcap_version=$(echo "$full_libpcap_version" | ${CUT} -d' ' -f3)
+ pcap_version_ok=yes
+@@ -1709,7 +1709,7 @@ case "$host_os" in
+ EOF
+ ${CC-cc} -o conftest $CFLAGS $CPPFLAGS $LDFLAGS \
+ conftest.c $LIBS >/dev/null 2>&1
+-if test ! -x conftest ; then
++if test ! -x conftest -o "$cross_compiling" = "yes" ; then
+ dnl failed to compile for some reason
+ unaligned_cv_fail=yes
+ else
+-- 
+2.42.0
+
diff --git a/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.4.bb 
b/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.4.bb
index 53f17c961..26de40a65 100644
--- a/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.4.bb
+++ b/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.4.bb
@@ -10,6 +10,7 @@ LIC_FILES_CHKSUM = 
"file://docs/LICENSE;md5=10f0474a2f0e5dccfca20f69d6598ad8"
 SRC_URI = 
"https://github.com/appneta/${BPN}/releases/download/v${PV}/${BP}.tar.gz \
 file://0001-libopts.m4-set-POSIX_SHELL-to-bin-sh.patch \
 file://0001-configure.ac-unify-search-dirs-for-pcap-and-add-lib3.patch \
+file://0001-configure.ac-do-not-run-conftest-in-case-of-cross-co.patch \
 "
 
 SRC_URI[sha256sum] = 
"44f18fb6d3470ecaf77a51b901a119dae16da5be4d4140ffbb2785e37ad6d4bf"
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#109218): 
https://lists.openembedded.org/g/openembedded-devel/message/109218
Mute This Topic: https://lists.openembedded.org/mt/104804036/21656
Group Owner: openembedded-devel+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[oe] [meta-oe][PATCH] unixodbc: fix odbc.pc file generation

[Chen Qi via lists.openembedded.org]

From: Chen Qi 

The build process currently succeeds but the odbc.pc file is not correctly
generated.

The error message is like below in log.do_compile and log.do_install:

  /bin/bash: line 1: ../exe/odbc_config: cannot execute binary file: Exec 
format error

I can see the message comes from the following line in exe/Makefile.am:

@sed "s![@]ODBC_ULEN[@]!`$(top_builddir)/exe/odbc_config$(EXEEXT) --ulen`!" \
  $(top_builddir)/DriverManager/odbc.pc > 
$(top_builddir)/exe/odbc.pc.tmp

It's running the exe/odbc_config program we built out. But the binary is for 
the target
platform and if we run it on the build host, we get that error message. The 
resulting ulen
and build_cflags in the final odbc.pc file are also empty.

Fix the issue by using qemu usermode to launch the target binary.

Signed-off-by: Chen Qi 
---
 ...add-CROSS_LAUNCHER-to-run-odbc_confi.patch | 54 +++
 .../unixodbc/unixodbc_2.3.11.bb   | 18 ++-
 2 files changed, 71 insertions(+), 1 deletion(-)
 create mode 100644 
meta-oe/recipes-support/unixodbc/files/0001-exe-Makefile.am-add-CROSS_LAUNCHER-to-run-odbc_confi.patch

diff --git 
a/meta-oe/recipes-support/unixodbc/files/0001-exe-Makefile.am-add-CROSS_LAUNCHER-to-run-odbc_confi.patch
 
b/meta-oe/recipes-support/unixodbc/files/0001-exe-Makefile.am-add-CROSS_LAUNCHER-to-run-odbc_confi.patch
new file mode 100644
index 0..c763a9feb
--- /dev/null
+++ 
b/meta-oe/recipes-support/unixodbc/files/0001-exe-Makefile.am-add-CROSS_LAUNCHER-to-run-odbc_confi.patch
@@ -0,0 +1,54 @@
+From e886222c70d4b251f0785f670477b7aee938e5af Mon Sep 17 00:00:00 2001
+From: Chen Qi 
+Date: Wed, 21 Feb 2024 13:55:41 +0800
+Subject: [PATCH] exe/Makefile.am: add CROSS_LAUNCHER to run odbc_config
+
+In case of cross compilation, the odbc_config cannot run, the error message
+would be like below:
+
+  /bin/bash: line 1: ../exe/odbc_config: cannot execute binary file: Exec 
format error
+
+Add CROSS_LAUNCHER to allow the possibility of running odbc_config correctly in
+case of cross compilation.
+
+For example, here's a possible value for it (Yocto project environment, 
aarch64 target).
+  export CROSS_LAUNCHER="PSEUDO_UNLOAD=1 qemu-aarch64 -r 5.15 \
+  -L /PATH/TO/unixodbc/2.3.11/recipe-sysroot \
+  -E 
LD_LIBRARY_PATH=/PATH/TO/unixodbc/2.3.11/recipe-sysroot//usr/lib:/PATH/TO/unixodbc/2.3.11/recipe-sysroot//usr/lib
  "
+
+Other projects can use the launcher they like to allow correct generation of
+the odbc.pc file in cross compilation environment.
+
+Upstream-Status: Submitted [Personal Email, nick.gor...@easysoft.com]
+
+As said in the official website, https://www.unixodbc.org/, the way to report 
bug and send
+out patch is via personal email. So there's a public link above.
+
+Signed-off-by: Chen Qi 
+---
+ exe/Makefile.am | 6 --
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/exe/Makefile.am b/exe/Makefile.am
+index 03f3d5a..5f33cf2 100644
+--- a/exe/Makefile.am
 b/exe/Makefile.am
+@@ -59,11 +59,13 @@ slencheck_SOURCES = slencheck.c
+ dltest_DEPENDENCIES = $(LTDLDEPS)
+ dltest_LDADD = $(LIBLTDL)
+ 
++CROSS_LAUNCHER ?= ""
++
+ all-am:
+-  @sed "s![@]ODBC_ULEN[@]!`$(top_builddir)/exe/odbc_config$(EXEEXT) 
--ulen`!" \
++  @sed 
"s![@]ODBC_ULEN[@]!`$(CROSS_LAUNCHER)$(top_builddir)/exe/odbc_config$(EXEEXT) 
--ulen`!" \
+ $(top_builddir)/DriverManager/odbc.pc > 
$(top_builddir)/exe/odbc.pc.tmp
+   @mv -f $(top_builddir)/exe/odbc.pc.tmp 
$(top_builddir)/DriverManager/odbc.pc
+-  @sed "s![@]ODBC_CFLAGS[@]!`$(top_builddir)/exe/odbc_config$(EXEEXT) 
--cflags | sed 's/ -I.*//'`!" \
++  @sed 
"s![@]ODBC_CFLAGS[@]!`$(CROSS_LAUNCHER)$(top_builddir)/exe/odbc_config$(EXEEXT) 
--cflags | sed 's/ -I.*//'`!" \
+ $(top_builddir)/DriverManager/odbc.pc > 
$(top_builddir)/exe/odbc.pc.tmp
+   @mv -f $(top_builddir)/exe/odbc.pc.tmp 
$(top_builddir)/DriverManager/odbc.pc
+ 
+-- 
+2.34.1
+
diff --git a/meta-oe/recipes-support/unixodbc/unixodbc_2.3.11.bb 
b/meta-oe/recipes-support/unixodbc/unixodbc_2.3.11.bb
index 3a9e390a2..0ab4f8864 100644
--- a/meta-oe/recipes-support/unixodbc/unixodbc_2.3.11.bb
+++ b/meta-oe/recipes-support/unixodbc/unixodbc_2.3.11.bb
@@ -10,23 +10,39 @@ DEPENDS = "libtool readline"
 
 SRC_URI = "https://www.unixodbc.org/unixODBC-${PV}.tar.gz \
file://do-not-use-libltdl-source-directory.patch \
+   
file://0001-exe-Makefile.am-add-CROSS_LAUNCHER-to-run-odbc_confi.patch \
 "
 SRC_URI[sha256sum] = 
"d9e55c8e7118347e3c66c87338856dad1516b490fb7c756c1562a2c267c73b5c"
 
 UPSTREAM_CHECK_REGEX = "unixODBC-(?P\d+(\.\d+)+)\.tar"
 
-inherit autotools-brokensep multilib_header
+inherit autotools-brokensep multilib_header qemu
 
 S = "${WORKDIR}/unixODBC-${PV}"
 
 EXTRA_OEMAKE += "LIBS=-lltdl"
 
+DEPENDS:append:class-target = "${@' qemu-native' if 

[oe] [meta-oe][PATCH] libblockdev: fix QA error in case of multilib

[Chen Qi via lists.openembedded.org]

Fix the following QA error.

ERROR: QA Issue: libblockdev: Files/directories were installed but not shipped 
in any package:
  /usr/lib
  /usr/lib/python3.11
  /usr/lib/python3.11/site-packages
  /usr/lib/python3.11/site-packages/gi
  /usr/lib/python3.11/site-packages/gi/overrides
  /usr/lib/python3.11/site-packages/gi/overrides/BlockDev.py

Signed-off-by: Chen Qi 
---
 ...ir-for-multilib-when-cross-compiling.patch | 32 +++
 .../libblockdev/libblockdev_3.03.bb   |  3 +-
 2 files changed, 34 insertions(+), 1 deletion(-)
 create mode 100644 
meta-oe/recipes-extended/libblockdev/files/0001-fix-pythondir-for-multilib-when-cross-compiling.patch

diff --git 
a/meta-oe/recipes-extended/libblockdev/files/0001-fix-pythondir-for-multilib-when-cross-compiling.patch
 
b/meta-oe/recipes-extended/libblockdev/files/0001-fix-pythondir-for-multilib-when-cross-compiling.patch
new file mode 100644
index 00..ec3a9fe470
--- /dev/null
+++ 
b/meta-oe/recipes-extended/libblockdev/files/0001-fix-pythondir-for-multilib-when-cross-compiling.patch
@@ -0,0 +1,32 @@
+From 297abed277ce3aa0cf12adbfda3c8581afdba850 Mon Sep 17 00:00:00 2001
+From: Chen Qi 
+Date: Sun, 8 Oct 2023 19:30:29 -0700
+Subject: [PATCH] fix pythondir for multilib when cross compiling
+
+In case of cross compiling + multilib, the 'shell python3' line is
+not likely to give out correct result. Make use of pythondir instead.
+
+This patch is related to 
meta/recipes-devtools/automake/automake/0001-automake-Update-for-python.m4-to-respect-libdir.patch
+in oe-core, so this one is marked as oe specific.
+
+Upstream-Status: Inappropriate [OE Specific]
+
+Signed-off-by: Chen Qi 
+---
+ src/python/gi/overrides/Makefile.am | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/python/gi/overrides/Makefile.am 
b/src/python/gi/overrides/Makefile.am
+index 5e8e75f7..7c30601c 100644
+--- a/src/python/gi/overrides/Makefile.am
 b/src/python/gi/overrides/Makefile.am
+@@ -1,5 +1,5 @@
+ if WITH_PYTHON3
+-py3libdir = $(shell python3 -c "import sysconfig; 
print(sysconfig.get_path('platlib', vars={'platbase': '${exec_prefix}'}))")
++py3libdir = $(pythondir)
+ py3overridesdir = $(py3libdir)/gi/overrides
+ dist_py3overrides_DATA = BlockDev.py
+ endif
+-- 
+2.42.0
+
diff --git a/meta-oe/recipes-extended/libblockdev/libblockdev_3.03.bb 
b/meta-oe/recipes-extended/libblockdev/libblockdev_3.03.bb
index 670bebd37b..99175e6112 100644
--- a/meta-oe/recipes-extended/libblockdev/libblockdev_3.03.bb
+++ b/meta-oe/recipes-extended/libblockdev/libblockdev_3.03.bb
@@ -13,7 +13,8 @@ inherit autotools gobject-introspection pkgconfig lib_package
 DEPENDS = "autoconf-archive-native glib-2.0 kmod udev libnvme"
 
 SRC_URI = 
"git://github.com/storaged-project/libblockdev;branch=master;protocol=https \
-"
+   file://0001-fix-pythondir-for-multilib-when-cross-compiling.patch \
+   "
 SRCREV = "38378931d285b91333ff2e2a391b1fe91072f9bb"
 S = "${WORKDIR}/git"
 
-- 
2.42.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#105388): 
https://lists.openembedded.org/g/openembedded-devel/message/105388
Mute This Topic: https://lists.openembedded.org/mt/101846038/21656
Group Owner: openembedded-devel+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[oe] [meta-oe][mickledore][PATCH 2/2] grpc: fix CVE-2023-33953

[Chen Qi via lists.openembedded.org]

From: Chen Qi 

Signed-off-by: Chen Qi 
---
 ...ventEngine-Improve-server-handling-o.patch | 224 ++
 meta-oe/recipes-devtools/grpc/grpc_1.50.1.bb  |   1 +
 2 files changed, 225 insertions(+)
 create mode 100644 
meta-oe/recipes-devtools/grpc/grpc/0001-backport-iomgr-EventEngine-Improve-server-handling-o.patch

diff --git 
a/meta-oe/recipes-devtools/grpc/grpc/0001-backport-iomgr-EventEngine-Improve-server-handling-o.patch
 
b/meta-oe/recipes-devtools/grpc/grpc/0001-backport-iomgr-EventEngine-Improve-server-handling-o.patch
new file mode 100644
index 00..4488df172f
--- /dev/null
+++ 
b/meta-oe/recipes-devtools/grpc/grpc/0001-backport-iomgr-EventEngine-Improve-server-handling-o.patch
@@ -0,0 +1,224 @@
+From b3c105c59dfb7d932b36b0d9ac7ab62875ab23e8 Mon Sep 17 00:00:00 2001
+From: AJ Heller 
+Date: Wed, 12 Jul 2023 18:42:09 -0700
+Subject: [PATCH] [backport][iomgr][EventEngine] Improve server handling of
+ file descriptor exhaustion (#33672)
+
+Backport of #33656
+
+CVE: CVE-2023-33953
+
+Upstream-Status: Backport [1e86ca5834b94cae7d5e6d219056c0fc895cf95d]
+The patch is backported with tweaks to fit 1.50.1.
+
+Signed-off-by: Chen Qi 
+---
+ .../event_engine/posix_engine/posix_engine.h  |  1 +
+ src/core/lib/iomgr/tcp_server_posix.cc| 51 ++-
+ src/core/lib/iomgr/tcp_server_utils_posix.h   | 14 -
+ .../iomgr/tcp_server_utils_posix_common.cc| 22 
+ 4 files changed, 73 insertions(+), 15 deletions(-)
+
+diff --git a/src/core/lib/event_engine/posix_engine/posix_engine.h 
b/src/core/lib/event_engine/posix_engine/posix_engine.h
+index eac6dfb4c5..866c04bcfa 100644
+--- a/src/core/lib/event_engine/posix_engine/posix_engine.h
 b/src/core/lib/event_engine/posix_engine/posix_engine.h
+@@ -97,6 +97,7 @@ class PosixEventEngine final : public EventEngine {
+   const DNSResolver::ResolverOptions& options) override;
+   void Run(Closure* closure) override;
+   void Run(absl::AnyInvocable closure) override;
++  // Caution!! The timer implementation cannot create any fds. See #20418.
+   TaskHandle RunAfter(Duration when, Closure* closure) override;
+   TaskHandle RunAfter(Duration when,
+   absl::AnyInvocable closure) override;
+diff --git a/src/core/lib/iomgr/tcp_server_posix.cc 
b/src/core/lib/iomgr/tcp_server_posix.cc
+index d43113fb03..32be997cff 100644
+--- a/src/core/lib/iomgr/tcp_server_posix.cc
 b/src/core/lib/iomgr/tcp_server_posix.cc
+@@ -16,13 +16,17 @@
+  *
+  */
+ 
+-/* FIXME: "posix" files shouldn't be depending on _GNU_SOURCE */
++#include 
++
++#include 
++
++#include 
++
++// FIXME: "posix" files shouldn't be depending on _GNU_SOURCE
+ #ifndef _GNU_SOURCE
+ #define _GNU_SOURCE
+ #endif
+ 
+-#include 
+-
+ #include "src/core/lib/iomgr/port.h"
+ 
+ #ifdef GRPC_POSIX_SOCKET_TCP_SERVER
+@@ -44,6 +48,7 @@
+ #include "absl/strings/str_format.h"
+ 
+ #include 
++#include 
+ #include 
+ #include 
+ #include 
+@@ -63,6 +68,8 @@
+ #include "src/core/lib/resource_quota/api.h"
+ 
+ static std::atomic num_dropped_connections{0};
++static constexpr grpc_core::Duration kRetryAcceptWaitTime{
++grpc_core::Duration::Seconds(1)};
+ 
+ using ::grpc_event_engine::experimental::EndpointConfig;
+ 
+@@ -195,21 +202,35 @@ static void on_read(void* arg, grpc_error_handle err) {
+ if (fd < 0) {
+   if (errno == EINTR) {
+ continue;
+-  } else if (errno == EAGAIN || errno == ECONNABORTED ||
+- errno == EWOULDBLOCK) {
++  }
++  // When the process runs out of fds, accept4() returns EMFILE. When this
++  // happens, the connection is left in the accept queue until either a
++  // read event triggers the on_read callback, or time has passed and the
++  // accept should be re-tried regardless. This callback is not cancelled,
++  // so a spurious wakeup may occur even when there's nothing to accept.
++  // This is not a performant code path, but if an fd limit has been
++  // reached, the system is likely in an unhappy state regardless.
++  if (errno == EMFILE) {
+ grpc_fd_notify_on_read(sp->emfd, >read_closure);
++if (gpr_atm_full_xchg(>retry_timer_armed, true)) return;
++grpc_timer_init(>retry_timer,
++grpc_core::Timestamp::Now() + kRetryAcceptWaitTime,
++>retry_closure);
+ return;
++  }
++  if (errno == EAGAIN || errno == ECONNABORTED || errno == EWOULDBLOCK) {
++grpc_fd_notify_on_read(sp->emfd, >read_closure);
++return;
++  }
++  gpr_mu_lock(>server->mu);
++  if (!sp->server->shutdown_listeners) {
++gpr_log(GPR_ERROR, "Failed accept4: %s", strerror(errno));
+   } else {
+-gpr_mu_lock(>server->mu);
+-if (!sp->server->shutdown_listeners) {
+-  gpr_log(GPR_ERROR, "Failed accept4: %s", strerror(errno));

[oe] [meta-oe][mickledore][PATCH 1/2] grpc: fix CVE-2023-32732

[Chen Qi via lists.openembedded.org]

From: Chen Qi 

Signed-off-by: Chen Qi 
Signed-off-by: Khem Raj 
---
 .../grpc/grpc/0001-fix-CVE-2023-32732.patch   | 81 +++
 meta-oe/recipes-devtools/grpc/grpc_1.50.1.bb  |  1 +
 2 files changed, 82 insertions(+)
 create mode 100644 
meta-oe/recipes-devtools/grpc/grpc/0001-fix-CVE-2023-32732.patch

diff --git a/meta-oe/recipes-devtools/grpc/grpc/0001-fix-CVE-2023-32732.patch 
b/meta-oe/recipes-devtools/grpc/grpc/0001-fix-CVE-2023-32732.patch
new file mode 100644
index 00..ab46897b12
--- /dev/null
+++ b/meta-oe/recipes-devtools/grpc/grpc/0001-fix-CVE-2023-32732.patch
@@ -0,0 +1,81 @@
+From d39489045b5aa73e27713e3cbacb8832c1140ec8 Mon Sep 17 00:00:00 2001
+From: Chen Qi 
+Date: Wed, 9 Aug 2023 13:33:45 +0800
+Subject: [PATCH] fix CVE-2023-32732
+
+CVE: CVE-2023-32732
+
+Upstream-Status: Backport 
[https://github.com/grpc/grpc/pull/32309/commits/6a7850ef4f042ac26559854266dddc79bfbc75b2]
+The original patch is adjusted to fit the current 1.50.1 version.
+
+Signed-off-by: Chen Qi 
+---
+ .../ext/transport/chttp2/transport/hpack_parser.cc | 10 +++---
+ src/core/ext/transport/chttp2/transport/internal.h |  2 --
+ src/core/ext/transport/chttp2/transport/parsing.cc |  6 ++
+ 3 files changed, 9 insertions(+), 9 deletions(-)
+
+diff --git a/src/core/ext/transport/chttp2/transport/hpack_parser.cc 
b/src/core/ext/transport/chttp2/transport/hpack_parser.cc
+index f2e49022dc3..cd459d15238 100644
+--- a/src/core/ext/transport/chttp2/transport/hpack_parser.cc
 b/src/core/ext/transport/chttp2/transport/hpack_parser.cc
+@@ -1211,12 +1211,16 @@ class HPackParser::Parser {
+ "). GRPC_ARG_MAX_METADATA_SIZE can be set to increase this 
limit.",
+ *frame_length_, metadata_size_limit_);
+ if (metadata_buffer_ != nullptr) metadata_buffer_->Clear();
++// StreamId is used as a signal to skip this stream but keep the 
connection
++// alive
+ return input_->MaybeSetErrorAndReturn(
+ [] {
+   return grpc_error_set_int(
+-  GRPC_ERROR_CREATE_FROM_STATIC_STRING(
+-  "received initial metadata size exceeds limit"),
+-  GRPC_ERROR_INT_GRPC_STATUS, GRPC_STATUS_RESOURCE_EXHAUSTED);
++grpc_error_set_int(
++  GRPC_ERROR_CREATE_FROM_STATIC_STRING(
++  "received initial metadata size exceeds limit"),
++  GRPC_ERROR_INT_GRPC_STATUS, GRPC_STATUS_RESOURCE_EXHAUSTED),
++GRPC_ERROR_INT_STREAM_ID, 0);
+ },
+ false);
+   }
+diff --git a/src/core/ext/transport/chttp2/transport/internal.h 
b/src/core/ext/transport/chttp2/transport/internal.h
+index 4a2f4261d83..f8b544d9583 100644
+--- a/src/core/ext/transport/chttp2/transport/internal.h
 b/src/core/ext/transport/chttp2/transport/internal.h
+@@ -542,8 +542,6 @@ struct grpc_chttp2_stream {
+ 
+   grpc_core::Timestamp deadline = grpc_core::Timestamp::InfFuture();
+ 
+-  /** saw some stream level error */
+-  grpc_error_handle forced_close_error = GRPC_ERROR_NONE;
+   /** how many header frames have we received? */
+   uint8_t header_frames_received = 0;
+   /** number of bytes received - reset at end of parse thread execution */
+diff --git a/src/core/ext/transport/chttp2/transport/parsing.cc 
b/src/core/ext/transport/chttp2/transport/parsing.cc
+index 980f13543f6..afe6da190b6 100644
+--- a/src/core/ext/transport/chttp2/transport/parsing.cc
 b/src/core/ext/transport/chttp2/transport/parsing.cc
+@@ -22,6 +22,7 @@
+ #include 
+ 
+ #include 
++#include 
+ 
+ #include "absl/base/attributes.h"
+ #include "absl/status/status.h"
+@@ -719,10 +720,7 @@ static grpc_error_handle 
parse_frame_slice(grpc_chttp2_transport* t,
+ }
+ grpc_chttp2_parsing_become_skip_parser(t);
+ if (s) {
+-  s->forced_close_error = err;
+-  grpc_chttp2_add_rst_stream_to_next_write(t, t->incoming_stream_id,
+-   GRPC_HTTP2_PROTOCOL_ERROR,
+-   >stats.outgoing);
++  grpc_chttp2_cancel_stream(t, s, std::exchange(err, absl::OkStatus()));
+ } else {
+   GRPC_ERROR_UNREF(err);
+ }
+-- 
+2.34.1
+
diff --git a/meta-oe/recipes-devtools/grpc/grpc_1.50.1.bb 
b/meta-oe/recipes-devtools/grpc/grpc_1.50.1.bb
index 7b8a25c277..b3956ce40c 100644
--- a/meta-oe/recipes-devtools/grpc/grpc_1.50.1.bb
+++ b/meta-oe/recipes-devtools/grpc/grpc_1.50.1.bb
@@ -26,6 +26,7 @@ SRC_URI = 
"gitsm://github.com/grpc/grpc.git;protocol=https;name=grpc;branch=${BR

file://0001-Revert-Changed-GRPCPP_ABSEIL_SYNC-to-GPR_ABSEIL_SYNC.patch \
file://0001-cmake-add-separate-export-for-plugin-targets.patch \
file://0001-cmake-Link-with-libatomic-on-rv32-rv64.patch \
+   file://0001-fix-CVE-2023-32732.patch \
"
 # Fixes build with older compilers 4.8 especially on ub

[oe][meta-python][PATCH] python3-blivetgui: switch from master to main

[Chen Qi via lists.openembedded.org]

From: Chen Qi 

Switch to main branch to avoid do_fetch failure.

Signed-off-by: Chen Qi 
---
 .../recipes-extended/python-blivet/python3-blivetgui_2.3.0.bb   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git 
a/meta-python/recipes-extended/python-blivet/python3-blivetgui_2.3.0.bb 
b/meta-python/recipes-extended/python-blivet/python3-blivetgui_2.3.0.bb
index aba127897d..42bcf4651c 100644
--- a/meta-python/recipes-extended/python-blivet/python3-blivetgui_2.3.0.bb
+++ b/meta-python/recipes-extended/python-blivet/python3-blivetgui_2.3.0.bb
@@ -9,7 +9,7 @@ S = "${WORKDIR}/git"
 B = "${S}"
 
 SRCREV = "42512ee48494cee71febf04078d9774f0146a085"
-SRC_URI = 
"git://github.com/storaged-project/blivet-gui.git;branch=master;protocol=https \
+SRC_URI = 
"git://github.com/storaged-project/blivet-gui.git;branch=main;protocol=https \
file://0001-Use-setuptools-instead-of-distutils-in-setup.py.patch \
file://0002-Use-symbolic-list-add-and-edit-icons.patch \
"
-- 
2.40.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#104705): 
https://lists.openembedded.org/g/openembedded-devel/message/104705
Mute This Topic: https://lists.openembedded.org/mt/101144345/21656
Group Owner: openembedded-devel+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [oe][meta-networking][kirkstone][PATCH] spice-protocol: fix populate_sdk error when spice is installed

[Chen Qi via lists.openembedded.org]

On 8/29/23 01:04, Khem Raj wrote:

I think this applies to master too can you confirm.


I just saw this message, and I then found you've helped merged this patch.

Thanks.

Regards,

Qi



On Mon, Aug 28, 2023 at 12:05 AM Chen Qi via lists.openembedded.org
 wrote:

From: Chen Qi 

spice depends on spice-protocol, when IMAGE_INSTALL contains spice,
do_populate_sdk fails with the following error:

   Error:
   Problem: package 
libspice-server-dev-0.14.2+git0+7cbd70b931_4fc4c2db36-r0.core2_64 requires 
spice-protocol-dev, but none of the providers can be installed
   - conflicting requests
   - nothing provides spice-protocol = 0.14.4-r0 needed by 
spice-protocol-dev-0.14.4-r0.core2_64
   (try to add '--skip-broken' to skip uninstallable packages)

For spice-protocol, it's a development package and all things are in
the dev package, so set ALLOW_EMPTY to fix the above error.

Signed-off-by: Chen Qi 
---
  meta-networking/recipes-support/spice/spice-protocol_0.14.4.bb | 2 ++
  1 file changed, 2 insertions(+)

diff --git a/meta-networking/recipes-support/spice/spice-protocol_0.14.4.bb 
b/meta-networking/recipes-support/spice/spice-protocol_0.14.4.bb
index 9ce019ed86..3c8458baac 100644
--- a/meta-networking/recipes-support/spice/spice-protocol_0.14.4.bb
+++ b/meta-networking/recipes-support/spice/spice-protocol_0.14.4.bb
@@ -16,4 +16,6 @@ S = "${WORKDIR}/git"

  inherit meson pkgconfig

+ALLOW_EMPTY:${PN} = "1"
+
  BBCLASSEXTEND = "native nativesdk"
--
2.40.0







-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#104666): 
https://lists.openembedded.org/g/openembedded-devel/message/104666
Mute This Topic: https://lists.openembedded.org/mt/101005385/21656
Group Owner: openembedded-devel+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[oe][meta-networking][kirkstone][PATCH] spice-protocol: fix populate_sdk error when spice is installed

[Chen Qi via lists.openembedded.org]

From: Chen Qi 

spice depends on spice-protocol, when IMAGE_INSTALL contains spice,
do_populate_sdk fails with the following error:

  Error:
  Problem: package 
libspice-server-dev-0.14.2+git0+7cbd70b931_4fc4c2db36-r0.core2_64 requires 
spice-protocol-dev, but none of the providers can be installed
  - conflicting requests
  - nothing provides spice-protocol = 0.14.4-r0 needed by 
spice-protocol-dev-0.14.4-r0.core2_64
  (try to add '--skip-broken' to skip uninstallable packages)

For spice-protocol, it's a development package and all things are in
the dev package, so set ALLOW_EMPTY to fix the above error.

Signed-off-by: Chen Qi 
---
 meta-networking/recipes-support/spice/spice-protocol_0.14.4.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta-networking/recipes-support/spice/spice-protocol_0.14.4.bb 
b/meta-networking/recipes-support/spice/spice-protocol_0.14.4.bb
index 9ce019ed86..3c8458baac 100644
--- a/meta-networking/recipes-support/spice/spice-protocol_0.14.4.bb
+++ b/meta-networking/recipes-support/spice/spice-protocol_0.14.4.bb
@@ -16,4 +16,6 @@ S = "${WORKDIR}/git"
 
 inherit meson pkgconfig
 
+ALLOW_EMPTY:${PN} = "1"
+
 BBCLASSEXTEND = "native nativesdk"
-- 
2.40.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#104631): 
https://lists.openembedded.org/g/openembedded-devel/message/104631
Mute This Topic: https://lists.openembedded.org/mt/101005385/21656
Group Owner: openembedded-devel+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[oe] [meta-oe][PATCH] grpc: fix CVE-2023-32732

[Chen Qi via lists.openembedded.org]

From: Chen Qi 

Signed-off-by: Chen Qi 
---
 .../grpc/grpc/0001-fix-CVE-2023-32732.patch   | 81 +++
 meta-oe/recipes-devtools/grpc/grpc_1.50.1.bb  |  1 +
 2 files changed, 82 insertions(+)
 create mode 100644 
meta-oe/recipes-devtools/grpc/grpc/0001-fix-CVE-2023-32732.patch

diff --git a/meta-oe/recipes-devtools/grpc/grpc/0001-fix-CVE-2023-32732.patch 
b/meta-oe/recipes-devtools/grpc/grpc/0001-fix-CVE-2023-32732.patch
new file mode 100644
index 0..ab46897b1
--- /dev/null
+++ b/meta-oe/recipes-devtools/grpc/grpc/0001-fix-CVE-2023-32732.patch
@@ -0,0 +1,81 @@
+From d39489045b5aa73e27713e3cbacb8832c1140ec8 Mon Sep 17 00:00:00 2001
+From: Chen Qi 
+Date: Wed, 9 Aug 2023 13:33:45 +0800
+Subject: [PATCH] fix CVE-2023-32732
+
+CVE: CVE-2023-32732
+
+Upstream-Status: Backport 
[https://github.com/grpc/grpc/pull/32309/commits/6a7850ef4f042ac26559854266dddc79bfbc75b2]
+The original patch is adjusted to fit the current 1.50.1 version.
+
+Signed-off-by: Chen Qi 
+---
+ .../ext/transport/chttp2/transport/hpack_parser.cc | 10 +++---
+ src/core/ext/transport/chttp2/transport/internal.h |  2 --
+ src/core/ext/transport/chttp2/transport/parsing.cc |  6 ++
+ 3 files changed, 9 insertions(+), 9 deletions(-)
+
+diff --git a/src/core/ext/transport/chttp2/transport/hpack_parser.cc 
b/src/core/ext/transport/chttp2/transport/hpack_parser.cc
+index f2e49022dc3..cd459d15238 100644
+--- a/src/core/ext/transport/chttp2/transport/hpack_parser.cc
 b/src/core/ext/transport/chttp2/transport/hpack_parser.cc
+@@ -1211,12 +1211,16 @@ class HPackParser::Parser {
+ "). GRPC_ARG_MAX_METADATA_SIZE can be set to increase this 
limit.",
+ *frame_length_, metadata_size_limit_);
+ if (metadata_buffer_ != nullptr) metadata_buffer_->Clear();
++// StreamId is used as a signal to skip this stream but keep the 
connection
++// alive
+ return input_->MaybeSetErrorAndReturn(
+ [] {
+   return grpc_error_set_int(
+-  GRPC_ERROR_CREATE_FROM_STATIC_STRING(
+-  "received initial metadata size exceeds limit"),
+-  GRPC_ERROR_INT_GRPC_STATUS, GRPC_STATUS_RESOURCE_EXHAUSTED);
++grpc_error_set_int(
++  GRPC_ERROR_CREATE_FROM_STATIC_STRING(
++  "received initial metadata size exceeds limit"),
++  GRPC_ERROR_INT_GRPC_STATUS, GRPC_STATUS_RESOURCE_EXHAUSTED),
++GRPC_ERROR_INT_STREAM_ID, 0);
+ },
+ false);
+   }
+diff --git a/src/core/ext/transport/chttp2/transport/internal.h 
b/src/core/ext/transport/chttp2/transport/internal.h
+index 4a2f4261d83..f8b544d9583 100644
+--- a/src/core/ext/transport/chttp2/transport/internal.h
 b/src/core/ext/transport/chttp2/transport/internal.h
+@@ -542,8 +542,6 @@ struct grpc_chttp2_stream {
+ 
+   grpc_core::Timestamp deadline = grpc_core::Timestamp::InfFuture();
+ 
+-  /** saw some stream level error */
+-  grpc_error_handle forced_close_error = GRPC_ERROR_NONE;
+   /** how many header frames have we received? */
+   uint8_t header_frames_received = 0;
+   /** number of bytes received - reset at end of parse thread execution */
+diff --git a/src/core/ext/transport/chttp2/transport/parsing.cc 
b/src/core/ext/transport/chttp2/transport/parsing.cc
+index 980f13543f6..afe6da190b6 100644
+--- a/src/core/ext/transport/chttp2/transport/parsing.cc
 b/src/core/ext/transport/chttp2/transport/parsing.cc
+@@ -22,6 +22,7 @@
+ #include 
+ 
+ #include 
++#include 
+ 
+ #include "absl/base/attributes.h"
+ #include "absl/status/status.h"
+@@ -719,10 +720,7 @@ static grpc_error_handle 
parse_frame_slice(grpc_chttp2_transport* t,
+ }
+ grpc_chttp2_parsing_become_skip_parser(t);
+ if (s) {
+-  s->forced_close_error = err;
+-  grpc_chttp2_add_rst_stream_to_next_write(t, t->incoming_stream_id,
+-   GRPC_HTTP2_PROTOCOL_ERROR,
+-   >stats.outgoing);
++  grpc_chttp2_cancel_stream(t, s, std::exchange(err, absl::OkStatus()));
+ } else {
+   GRPC_ERROR_UNREF(err);
+ }
+-- 
+2.34.1
+
diff --git a/meta-oe/recipes-devtools/grpc/grpc_1.50.1.bb 
b/meta-oe/recipes-devtools/grpc/grpc_1.50.1.bb
index 958992e1e..45bfcb857 100644
--- a/meta-oe/recipes-devtools/grpc/grpc_1.50.1.bb
+++ b/meta-oe/recipes-devtools/grpc/grpc_1.50.1.bb
@@ -26,6 +26,7 @@ SRC_URI = 
"gitsm://github.com/grpc/grpc.git;protocol=https;name=grpc;branch=${BR

file://0001-Revert-Changed-GRPCPP_ABSEIL_SYNC-to-GPR_ABSEIL_SYNC.patch \
file://0001-cmake-add-separate-export-for-plugin-targets.patch \
file://0001-cmake-Link-with-libatomic-on-rv32-rv64.patch \
+   file://0001-fix-CVE-2023-32732.patch \
"
 # Fixes build with older compilers 4.8 especially on ubuntu 14.04
 CXXFLAGS:append:class-native = " -Wl,--no

[oe] [meta-networking][PATCH] open-vm-tools: add CVE_PRODUCT

[Chen Qi via lists.openembedded.org]

From: Chen Qi 

vmware:tools is also a valid CVE_PRODUCT for open-vm-tools,
e.g., https://nvd.nist.gov/vuln/detail/CVE-2023-20867.

Signed-off-by: Chen Qi 
---
 .../recipes-support/open-vm-tools/open-vm-tools_12.1.5.bb   | 2 ++
 1 file changed, 2 insertions(+)

diff --git 
a/meta-networking/recipes-support/open-vm-tools/open-vm-tools_12.1.5.bb 
b/meta-networking/recipes-support/open-vm-tools/open-vm-tools_12.1.5.bb
index e12e4be7f..4873e9d89 100644
--- a/meta-networking/recipes-support/open-vm-tools/open-vm-tools_12.1.5.bb
+++ b/meta-networking/recipes-support/open-vm-tools/open-vm-tools_12.1.5.bb
@@ -119,3 +119,5 @@ python() {
 if 'filesystems-layer' not in d.getVar('BBFILE_COLLECTIONS').split():
 raise bb.parse.SkipRecipe('Requires meta-filesystems to be present to 
provide fuse.')
 }
+
+CVE_PRODUCT = "open-vm-tools vmware:tools"
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#104301): 
https://lists.openembedded.org/g/openembedded-devel/message/104301
Mute This Topic: https://lists.openembedded.org/mt/100595561/21656
Group Owner: openembedded-devel+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[oe] [meta-oe][PATCH] iperf3: remove incorrect CVE_PRODUCT setting

[Chen Qi via lists.openembedded.org]

From: Chen Qi 

This CVE_PRODUCT setting seems to be copied from the iperf2 recipe.
But the CVE_PRODUCT for iperf3 should be just iperf3. For example,
https://nvd.nist.gov/vuln/detail/CVE-2023-38403.

Signed-off-by: Chen Qi 
---
 meta-oe/recipes-benchmark/iperf3/iperf3_3.14.bb | 2 --
 1 file changed, 2 deletions(-)

diff --git a/meta-oe/recipes-benchmark/iperf3/iperf3_3.14.bb 
b/meta-oe/recipes-benchmark/iperf3/iperf3_3.14.bb
index d181eb3b0..74c715617 100644
--- a/meta-oe/recipes-benchmark/iperf3/iperf3_3.14.bb
+++ b/meta-oe/recipes-benchmark/iperf3/iperf3_3.14.bb
@@ -30,5 +30,3 @@ PACKAGECONFIG[lksctp] = 
"ac_cv_header_netinet_sctp_h=yes,ac_cv_header_netinet_sc
 PACKAGECONFIG[openssl] = 
"--with-openssl=${RECIPE_SYSROOT}${prefix},--without-openssl,openssl"
 
 CFLAGS += "-D_GNU_SOURCE"
-
-CVE_PRODUCT = "iperf_project:iperf"
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#104201): 
https://lists.openembedded.org/g/openembedded-devel/message/104201
Mute This Topic: https://lists.openembedded.org/mt/100499924/21656
Group Owner: openembedded-devel+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [oe][meta-oe][master][mickledore][langdale][kirkstone][PATCH] redis: use the files path correctly

[Chen Qi via lists.openembedded.org]

V2 sent with commit message updated. Sorry for the confusion.

Regards,
Qi

From: openembedded-devel@lists.openembedded.org 
 On Behalf Of Chen Qi via 
lists.openembedded.org
Sent: Tuesday, June 13, 2023 5:42 PM
To: Martin Jansa 
Cc: openembedded-devel@lists.openembedded.org
Subject: Re: [oe][meta-oe][master][mickledore][langdale][kirkstone][PATCH] 
redis: use the files path correctly

Hi Martin,

Sorry I didn’t put enough explanation in the commit.

Using FILESPATH in this way removes the possibility of overriding some files 
(e.g., the redis service file) from other layers via FILESEXTRAPATH:prepend, 
which is kind of a common practice and is actually working for basically all 
other recipes.

Because we have:
meta/classes-global/base.bbclass:FILESPATH = 
"${@base_set_filespath(["${FILE_DIRNAME}/${BP}", "${FILE_DIRNAME}/${BPN}", 
"${FILE_DIRNAME}/files"], d)}"
And FILESEXTRAPATH is handled in base_set_filespath.

The issue is not about multilib. And undoing the GNU_SOURCE patch is not 
necessary, because it does not change any output.

Regards,
Qi


From: Martin Jansa mailto:martin.ja...@gmail.com>>
Sent: Tuesday, June 13, 2023 5:28 PM
To: Chen, Qi mailto:qi.c...@windriver.com>>
Cc: 
openembedded-devel@lists.openembedded.org<mailto:openembedded-devel@lists.openembedded.org>
Subject: Re: [oe][meta-oe][master][mickledore][langdale][kirkstone][PATCH] 
redis: use the files path correctly



On Tue, Jun 13, 2023 at 9:23 AM Chen Qi via 
lists.openembedded.org<https://urldefense.com/v3/__http:/lists.openembedded.org__;!!AjveYdw8EvQ!dAF2fW0oHh2Z5vsexUKQehAWQ2GlwvfpgVWBV5LzXf4GUqD1fVHhhnT-TFPqz477ae1kW6Fhjx9z63m6cTvw92E$>
 
mailto:windriver@lists.openembedded.org>>
 wrote:
From: Chen Qi mailto:qi.c...@windriver.com>>

Recipes are not expected to set FILESPATH directly, they are
expected to use FILESEXTRAPATH.

I can see the seting of FILESPATH in this recipe only wants to
find redis-7 specific patches and files. This could be easily
achieved by using redis-7.0.11/ directory to hold all those files.

What's the issue with this, yes it's a bit uncommon but since:
https://git.openembedded.org/meta-openembedded/commit/?h=kirkstone=3deca451692e99d269812959e6b5e0b519a82f30<https://urldefense.com/v3/__https:/git.openembedded.org/meta-openembedded/commit/?h=kirkstone=3deca451692e99d269812959e6b5e0b519a82f30__;!!AjveYdw8EvQ!dAF2fW0oHh2Z5vsexUKQehAWQ2GlwvfpgVWBV5LzXf4GUqD1fVHhhnT-TFPqz477ae1kW6Fhjx9z63m6eVSS-FI$>

which correctly uses BPN in FILESPATH I don't see any patching issues with 
redis in my world builds. Before it was failing in multilib builds because it 
was searching in lib32-redis-7 directory and when not found there it used 
GNU_SOURCE.patch from the other directory and failed with patch-fuzz.

If you still want to go ahead with this then you can also undo GNU_SOURCE.patch 
to GNU_SOURCE-7.patch rename (which is IMHO the only file which isn't 
unnecessary duplicated between redis-6 and redis-7.

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#103267): 
https://lists.openembedded.org/g/openembedded-devel/message/103267
Mute This Topic: https://lists.openembedded.org/mt/99500777/21656
Group Owner: openembedded-devel+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[oe][meta-oe][master][mickledore][langdale][kirkstone][PATCH V2] redis: use the files path correctly

[Chen Qi via lists.openembedded.org]

From: Chen Qi 

Recipes are not expected to set FILESPATH directly, they are
expected to use FILESEXTRAPATH.

I can see the seting of FILESPATH in this recipe only wants to
find redis-7 specific patches and files. This could be easily achieved by
using redis-7.0.11/ directory to hold all those files.

Using FILESPATH in this way removes the possibility of overriding
some files (e.g., the redis service file) from other layers via
FILESEXTRAPATH:prepend, which is kind of a common practice and is
actually working for basically all other recipes.

This is because we have:
meta/classes-global/base.bbclass:FILESPATH = 
"${@base_set_filespath(["${FILE_DIRNAME}/${BP}", "${FILE_DIRNAME}/${BPN}", 
"${FILE_DIRNAME}/files"], d)}"
And FILESEXTRAPATH is handled in base_set_filespath.

Signed-off-by: Chen Qi 
---
 .../0001-src-Do-not-reset-FINAL_LIBS.patch  | 0
 .../0006-Define-correct-gregs-for-RISCV32.patch | 0
 .../redis/{redis-7 => redis-7.0.11}/GNU_SOURCE-7.patch  | 0
 .../hiredis-use-default-CC-if-it-is-set.patch   | 0
 .../redis/{redis-7 => redis-7.0.11}/init-redis-server   | 0
 .../lua-update-Makefile-to-use-environment-build-setting.patch  | 0
 .../redis/{redis-7 => redis-7.0.11}/oe-use-libc-malloc.patch| 0
 .../recipes-extended/redis/{redis-7 => redis-7.0.11}/redis.conf | 0
 .../redis/{redis-7 => redis-7.0.11}/redis.service   | 0
 meta-oe/recipes-extended/redis/redis_7.0.11.bb  | 2 --
 10 files changed, 2 deletions(-)
 rename meta-oe/recipes-extended/redis/{redis-7 => 
redis-7.0.11}/0001-src-Do-not-reset-FINAL_LIBS.patch (100%)
 rename meta-oe/recipes-extended/redis/{redis-7 => 
redis-7.0.11}/0006-Define-correct-gregs-for-RISCV32.patch (100%)
 rename meta-oe/recipes-extended/redis/{redis-7 => 
redis-7.0.11}/GNU_SOURCE-7.patch (100%)
 rename meta-oe/recipes-extended/redis/{redis-7 => 
redis-7.0.11}/hiredis-use-default-CC-if-it-is-set.patch (100%)
 rename meta-oe/recipes-extended/redis/{redis-7 => 
redis-7.0.11}/init-redis-server (100%)
 rename meta-oe/recipes-extended/redis/{redis-7 => 
redis-7.0.11}/lua-update-Makefile-to-use-environment-build-setting.patch (100%)
 rename meta-oe/recipes-extended/redis/{redis-7 => 
redis-7.0.11}/oe-use-libc-malloc.patch (100%)
 rename meta-oe/recipes-extended/redis/{redis-7 => redis-7.0.11}/redis.conf 
(100%)
 rename meta-oe/recipes-extended/redis/{redis-7 => redis-7.0.11}/redis.service 
(100%)

diff --git 
a/meta-oe/recipes-extended/redis/redis-7/0001-src-Do-not-reset-FINAL_LIBS.patch 
b/meta-oe/recipes-extended/redis/redis-7.0.11/0001-src-Do-not-reset-FINAL_LIBS.patch
similarity index 100%
rename from 
meta-oe/recipes-extended/redis/redis-7/0001-src-Do-not-reset-FINAL_LIBS.patch
rename to 
meta-oe/recipes-extended/redis/redis-7.0.11/0001-src-Do-not-reset-FINAL_LIBS.patch
diff --git 
a/meta-oe/recipes-extended/redis/redis-7/0006-Define-correct-gregs-for-RISCV32.patch
 
b/meta-oe/recipes-extended/redis/redis-7.0.11/0006-Define-correct-gregs-for-RISCV32.patch
similarity index 100%
rename from 
meta-oe/recipes-extended/redis/redis-7/0006-Define-correct-gregs-for-RISCV32.patch
rename to 
meta-oe/recipes-extended/redis/redis-7.0.11/0006-Define-correct-gregs-for-RISCV32.patch
diff --git a/meta-oe/recipes-extended/redis/redis-7/GNU_SOURCE-7.patch 
b/meta-oe/recipes-extended/redis/redis-7.0.11/GNU_SOURCE-7.patch
similarity index 100%
rename from meta-oe/recipes-extended/redis/redis-7/GNU_SOURCE-7.patch
rename to meta-oe/recipes-extended/redis/redis-7.0.11/GNU_SOURCE-7.patch
diff --git 
a/meta-oe/recipes-extended/redis/redis-7/hiredis-use-default-CC-if-it-is-set.patch
 
b/meta-oe/recipes-extended/redis/redis-7.0.11/hiredis-use-default-CC-if-it-is-set.patch
similarity index 100%
rename from 
meta-oe/recipes-extended/redis/redis-7/hiredis-use-default-CC-if-it-is-set.patch
rename to 
meta-oe/recipes-extended/redis/redis-7.0.11/hiredis-use-default-CC-if-it-is-set.patch
diff --git a/meta-oe/recipes-extended/redis/redis-7/init-redis-server 
b/meta-oe/recipes-extended/redis/redis-7.0.11/init-redis-server
similarity index 100%
rename from meta-oe/recipes-extended/redis/redis-7/init-redis-server
rename to meta-oe/recipes-extended/redis/redis-7.0.11/init-redis-server
diff --git 
a/meta-oe/recipes-extended/redis/redis-7/lua-update-Makefile-to-use-environment-build-setting.patch
 
b/meta-oe/recipes-extended/redis/redis-7.0.11/lua-update-Makefile-to-use-environment-build-setting.patch
similarity index 100%
rename from 
meta-oe/recipes-extended/redis/redis-7/lua-update-Makefile-to-use-environment-build-setting.patch
rename to 
meta-oe/recipes-extended/redis/redis-7.0.11/lua-update-Makefile-to-use-environment-build-setting.patch
diff --git a/meta-oe/recipes-extended/redis/redis-7/oe-use-libc-malloc.patch 
b/meta-oe/recipes-extended/redis/redis-7.0.11/oe-use-libc-malloc.patch
similarity index 100%
rename from meta-oe

Re: [oe][meta-oe][master][mickledore][langdale][kirkstone][PATCH] redis: use the files path correctly

[Chen Qi via lists.openembedded.org]

Hi Martin,

Sorry I didn’t put enough explanation in the commit.

Using FILESPATH in this way removes the possibility of overriding some files 
(e.g., the redis service file) from other layers via FILESEXTRAPATH:prepend, 
which is kind of a common practice and is actually working for basically all 
other recipes.

Because we have:
meta/classes-global/base.bbclass:FILESPATH = 
"${@base_set_filespath(["${FILE_DIRNAME}/${BP}", "${FILE_DIRNAME}/${BPN}", 
"${FILE_DIRNAME}/files"], d)}"
And FILESEXTRAPATH is handled in base_set_filespath.

The issue is not about multilib. And undoing the GNU_SOURCE patch is not 
necessary, because it does not change any output.

Regards,
Qi


From: Martin Jansa 
Sent: Tuesday, June 13, 2023 5:28 PM
To: Chen, Qi 
Cc: openembedded-devel@lists.openembedded.org
Subject: Re: [oe][meta-oe][master][mickledore][langdale][kirkstone][PATCH] 
redis: use the files path correctly



On Tue, Jun 13, 2023 at 9:23 AM Chen Qi via 
lists.openembedded.org<https://urldefense.com/v3/__http:/lists.openembedded.org__;!!AjveYdw8EvQ!dAF2fW0oHh2Z5vsexUKQehAWQ2GlwvfpgVWBV5LzXf4GUqD1fVHhhnT-TFPqz477ae1kW6Fhjx9z63m6cTvw92E$>
 
mailto:windriver....@lists.openembedded.org>>
 wrote:
From: Chen Qi mailto:qi.c...@windriver.com>>

Recipes are not expected to set FILESPATH directly, they are
expected to use FILESEXTRAPATH.

I can see the seting of FILESPATH in this recipe only wants to
find redis-7 specific patches and files. This could be easily
achieved by using redis-7.0.11/ directory to hold all those files.

What's the issue with this, yes it's a bit uncommon but since:
https://git.openembedded.org/meta-openembedded/commit/?h=kirkstone=3deca451692e99d269812959e6b5e0b519a82f30<https://urldefense.com/v3/__https:/git.openembedded.org/meta-openembedded/commit/?h=kirkstone=3deca451692e99d269812959e6b5e0b519a82f30__;!!AjveYdw8EvQ!dAF2fW0oHh2Z5vsexUKQehAWQ2GlwvfpgVWBV5LzXf4GUqD1fVHhhnT-TFPqz477ae1kW6Fhjx9z63m6eVSS-FI$>

which correctly uses BPN in FILESPATH I don't see any patching issues with 
redis in my world builds. Before it was failing in multilib builds because it 
was searching in lib32-redis-7 directory and when not found there it used 
GNU_SOURCE.patch from the other directory and failed with patch-fuzz.

If you still want to go ahead with this then you can also undo GNU_SOURCE.patch 
to GNU_SOURCE-7.patch rename (which is IMHO the only file which isn't 
unnecessary duplicated between redis-6 and redis-7.

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#103265): 
https://lists.openembedded.org/g/openembedded-devel/message/103265
Mute This Topic: https://lists.openembedded.org/mt/99500777/21656
Group Owner: openembedded-devel+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[oe][meta-oe][master][mickledore][langdale][kirkstone][PATCH] redis: use the files path correctly

[Chen Qi via lists.openembedded.org]

From: Chen Qi 

Recipes are not expected to set FILESPATH directly, they are
expected to use FILESEXTRAPATH.

I can see the seting of FILESPATH in this recipe only wants to
find redis-7 specific patches and files. This could be easily
achieved by using redis-7.0.11/ directory to hold all those files.

Signed-off-by: Chen Qi 
---
 .../0001-src-Do-not-reset-FINAL_LIBS.patch  | 0
 .../0006-Define-correct-gregs-for-RISCV32.patch | 0
 .../redis/{redis-7 => redis-7.0.11}/GNU_SOURCE-7.patch  | 0
 .../hiredis-use-default-CC-if-it-is-set.patch   | 0
 .../redis/{redis-7 => redis-7.0.11}/init-redis-server   | 0
 .../lua-update-Makefile-to-use-environment-build-setting.patch  | 0
 .../redis/{redis-7 => redis-7.0.11}/oe-use-libc-malloc.patch| 0
 .../recipes-extended/redis/{redis-7 => redis-7.0.11}/redis.conf | 0
 .../redis/{redis-7 => redis-7.0.11}/redis.service   | 0
 meta-oe/recipes-extended/redis/redis_7.0.11.bb  | 2 --
 10 files changed, 2 deletions(-)
 rename meta-oe/recipes-extended/redis/{redis-7 => 
redis-7.0.11}/0001-src-Do-not-reset-FINAL_LIBS.patch (100%)
 rename meta-oe/recipes-extended/redis/{redis-7 => 
redis-7.0.11}/0006-Define-correct-gregs-for-RISCV32.patch (100%)
 rename meta-oe/recipes-extended/redis/{redis-7 => 
redis-7.0.11}/GNU_SOURCE-7.patch (100%)
 rename meta-oe/recipes-extended/redis/{redis-7 => 
redis-7.0.11}/hiredis-use-default-CC-if-it-is-set.patch (100%)
 rename meta-oe/recipes-extended/redis/{redis-7 => 
redis-7.0.11}/init-redis-server (100%)
 rename meta-oe/recipes-extended/redis/{redis-7 => 
redis-7.0.11}/lua-update-Makefile-to-use-environment-build-setting.patch (100%)
 rename meta-oe/recipes-extended/redis/{redis-7 => 
redis-7.0.11}/oe-use-libc-malloc.patch (100%)
 rename meta-oe/recipes-extended/redis/{redis-7 => redis-7.0.11}/redis.conf 
(100%)
 rename meta-oe/recipes-extended/redis/{redis-7 => redis-7.0.11}/redis.service 
(100%)

diff --git 
a/meta-oe/recipes-extended/redis/redis-7/0001-src-Do-not-reset-FINAL_LIBS.patch 
b/meta-oe/recipes-extended/redis/redis-7.0.11/0001-src-Do-not-reset-FINAL_LIBS.patch
similarity index 100%
rename from 
meta-oe/recipes-extended/redis/redis-7/0001-src-Do-not-reset-FINAL_LIBS.patch
rename to 
meta-oe/recipes-extended/redis/redis-7.0.11/0001-src-Do-not-reset-FINAL_LIBS.patch
diff --git 
a/meta-oe/recipes-extended/redis/redis-7/0006-Define-correct-gregs-for-RISCV32.patch
 
b/meta-oe/recipes-extended/redis/redis-7.0.11/0006-Define-correct-gregs-for-RISCV32.patch
similarity index 100%
rename from 
meta-oe/recipes-extended/redis/redis-7/0006-Define-correct-gregs-for-RISCV32.patch
rename to 
meta-oe/recipes-extended/redis/redis-7.0.11/0006-Define-correct-gregs-for-RISCV32.patch
diff --git a/meta-oe/recipes-extended/redis/redis-7/GNU_SOURCE-7.patch 
b/meta-oe/recipes-extended/redis/redis-7.0.11/GNU_SOURCE-7.patch
similarity index 100%
rename from meta-oe/recipes-extended/redis/redis-7/GNU_SOURCE-7.patch
rename to meta-oe/recipes-extended/redis/redis-7.0.11/GNU_SOURCE-7.patch
diff --git 
a/meta-oe/recipes-extended/redis/redis-7/hiredis-use-default-CC-if-it-is-set.patch
 
b/meta-oe/recipes-extended/redis/redis-7.0.11/hiredis-use-default-CC-if-it-is-set.patch
similarity index 100%
rename from 
meta-oe/recipes-extended/redis/redis-7/hiredis-use-default-CC-if-it-is-set.patch
rename to 
meta-oe/recipes-extended/redis/redis-7.0.11/hiredis-use-default-CC-if-it-is-set.patch
diff --git a/meta-oe/recipes-extended/redis/redis-7/init-redis-server 
b/meta-oe/recipes-extended/redis/redis-7.0.11/init-redis-server
similarity index 100%
rename from meta-oe/recipes-extended/redis/redis-7/init-redis-server
rename to meta-oe/recipes-extended/redis/redis-7.0.11/init-redis-server
diff --git 
a/meta-oe/recipes-extended/redis/redis-7/lua-update-Makefile-to-use-environment-build-setting.patch
 
b/meta-oe/recipes-extended/redis/redis-7.0.11/lua-update-Makefile-to-use-environment-build-setting.patch
similarity index 100%
rename from 
meta-oe/recipes-extended/redis/redis-7/lua-update-Makefile-to-use-environment-build-setting.patch
rename to 
meta-oe/recipes-extended/redis/redis-7.0.11/lua-update-Makefile-to-use-environment-build-setting.patch
diff --git a/meta-oe/recipes-extended/redis/redis-7/oe-use-libc-malloc.patch 
b/meta-oe/recipes-extended/redis/redis-7.0.11/oe-use-libc-malloc.patch
similarity index 100%
rename from meta-oe/recipes-extended/redis/redis-7/oe-use-libc-malloc.patch
rename to meta-oe/recipes-extended/redis/redis-7.0.11/oe-use-libc-malloc.patch
diff --git a/meta-oe/recipes-extended/redis/redis-7/redis.conf 
b/meta-oe/recipes-extended/redis/redis-7.0.11/redis.conf
similarity index 100%
rename from meta-oe/recipes-extended/redis/redis-7/redis.conf
rename to meta-oe/recipes-extended/redis/redis-7.0.11/redis.conf
diff --git a/meta-oe/recipes-extended/redis/redis-7/redis.service 
b/meta-oe/recipes-extended/redis/redis-7.0.11/redis

Re: [oe] [meta-python][PATCH 000/149] python3: improve run-time dependencies situation

[Chen Qi via lists.openembedded.org]

On 5/31/23 16:22, Bartosz Golaszewski wrote:

From: Bartosz Golaszewski 

A significant number of python recipes don't specify all the run-time
dependencies required to at least be able to import all the installed
modules. This series is the result of a semi-automated run through all
python recipes in meta-python, building minimal images and verifying that
there are no import exceptions.


I checked a few changes. Why are some recipes adding 'python3-unittest' 
as a runtime dependency?


For example, python3-ldap does not seem to need it. I checked the codes, 
https://github.com/cannatag/ldap3, all unittest references reside inside 
the test/ directory.


If it's a semi-automated run, then when it fails, I think the failed 
import commands could be recorded and put in the commit message. This 
could be achieved by using a template commit file which is then 
substituted to generate the actual commit file and using '-F' option to 
commit.


Regards,

Qi



Most patches just add missing RDEPENDS entries where needed. Some tweak
the coding style if it's inconsistent. There are a few new packages on
which existing recipes depend at run-time but which were not provided
in meta-python previously.

This probably doesn't cover all the corner cases. Ptest packages were not
tested with the assumption that they are being run somewhere and verified
already.

There are also other run-time dependencies that may fail - like python code
executing external programs that may be missing or ctypes opening shared
objects at run-time later than at import-time but in general this series
should at least improve the situation significantly.

There's some space for QA improvement in OE-core - like maybe raising
a warning if a python recipe doesn't specify any RDEPENDS which usually
means they are missing (but the module can also be very simple so this
cannot be a hard fail).

Bartosz Golaszewski (149):
   python3-pyparted: add missing run-time dependencies
   python3-send2trash: add missing run-time dependencies
   python3-pywbem: drop unneeded class from RDEPENDS
   python3-pywbem: don't use PYTHON_PN
   python3-pywbem: order RDEPENDS alphabetically
   python3-pywbem: add missing run-time dependencies
   python3-mock: cleanup RDEPENDS
   python3-mock: add missing run-time dependencies
   python3-cson: fix run-time dependencies
   python3-ldap: don't use PYTHON_PN
   python3-ldap: add missing run-time dependencies
   python3-pyrad: add missing run-time dependencies
   python3-html2text: add missing run-time dependencies
   python3-parse: don't use PYTHON_PN and improve coding style
   python3-parse: add missing run-time dependencies
   python3-meld3: add missing run-time dependencies
   python3-pyiface: add missing run-time dependencies
   python3-mpmath: add missing run-time dependencies
   python3-uswid: add missing run-time dependencies
   python3-xmlrunner: add missing run-time dependencies
   python3-editor: add missing run-time dependencies
   python3-pykwalify: don't use PYTHON_PN and improve coding style
   python3-pykwalify: add missing run-time dependencies
   python3-iperf: add missing run-time dependencies
   python3-sdnotify: add missing run-time dependencies
   python3-service-identity: add missing run-time dependencies
   python3-sqlsoup: add missing run-time dependencies
   python3-sqlalchemy: don't use PYTHON_PN and improve coding style
   python3-sqlalchemy: add missing run-time dependencies
   python3-pure-eval: add missing run-time dependencies
   python3-stack-data: fix coding style
   python3-stack-data: add missing run-time dependencies
   python3-sympy: add missing run-time dependencies
   python3-thrift: don't use PYTHON_PN and improve coding style
   python3-thrift: add missing run-time dependencies
   python3-tomlkit: add missing run-time dependencies
   python3-tornado: drop ${PN} from RDEPENDS
   python3-tornado: fix coding style
   python3-tornado: remove the testing submodule from FILES:${PN}-test
   python3-tornado: add missing run-time dependencies
   python3-trustme: add missing run-time dependencies
   python3-twofish: add missing run-time dependencies
   python3-txws: add missing run-time dependencies
   python3-web3: add missing run-time dependencies
   python3-uefi-firmware: add missing run-time dependencies
   python3-websockets: fix coding style
   python3-websockets: add missing run-time dependencies
   python3-xlrd: fix coding style
   python3-xlrd: add missing run-time dependencies
   python3-versiontools: add missing run-time dependencies
   python3-typeguard: add missing run-time dependencies
   python3-process-tests: add missing run-time dependencies
   python3-pyatspi: add missing run-time dependencies
   python3-pydantic: don't use PYTHON_PN and improve coding style
   python3-pydantic: add missing run-time dependencies
   python3-python-vlc: add missing run-time dependencies
   python3-redis: fix coding style
   python3-redis: add missing run-time dependencies
   python3-raven: add 

[oe][meta-networking][PATCH] frr: add CVE_PRODUCT

[Chen Qi via lists.openembedded.org]

From: Chen Qi 

The CVE_PRODUCT is frrouting in NVD database.

Signed-off-by: Chen Qi 
---
 meta-networking/recipes-protocols/frr/frr_8.4.2.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta-networking/recipes-protocols/frr/frr_8.4.2.bb 
b/meta-networking/recipes-protocols/frr/frr_8.4.2.bb
index d01d895a80..9669260945 100644
--- a/meta-networking/recipes-protocols/frr/frr_8.4.2.bb
+++ b/meta-networking/recipes-protocols/frr/frr_8.4.2.bb
@@ -18,6 +18,8 @@ SRCREV = "62ac43de9f3bc470586cf4f51fadf013bf542b32"
 
 UPSTREAM_CHECK_GITTAGREGEX = "frr-(?P\d+(\.\d+)+)$"
 
+CVE_PRODUCT = "frrouting"
+
 S = "${WORKDIR}/git"
 
 inherit autotools-brokensep python3native pkgconfig useradd systemd
-- 
2.40.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#102400): 
https://lists.openembedded.org/g/openembedded-devel/message/102400
Mute This Topic: https://lists.openembedded.org/mt/98757899/21656
Group Owner: openembedded-devel+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[oe][meta-oe][PATCH] android-tools: fix systemd service setting

[Chen Qi]

The service file belongs to ${PN}-adbd instead of ${PN}.

Signed-off-by: Chen Qi 
---
 .../recipes-devtool/android-tools/android-tools_29.0.6.r14.bb   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git 
a/meta-oe/dynamic-layers/selinux/recipes-devtool/android-tools/android-tools_29.0.6.r14.bb
 
b/meta-oe/dynamic-layers/selinux/recipes-devtool/android-tools/android-tools_29.0.6.r14.bb
index 75e837f49..caf55ed6d 100644
--- 
a/meta-oe/dynamic-layers/selinux/recipes-devtool/android-tools/android-tools_29.0.6.r14.bb
+++ 
b/meta-oe/dynamic-layers/selinux/recipes-devtool/android-tools/android-tools_29.0.6.r14.bb
@@ -67,7 +67,7 @@ COMPATIBLE_HOST:powerpc64le = "(null)"
 
 inherit systemd
 
-SYSTEMD_SERVICE:${PN} = "android-tools-adbd.service"
+SYSTEMD_SERVICE:${PN}-adbd = "android-tools-adbd.service"
 
 # Find libbsd headers during native builds
 CC:append:class-native = " -I${STAGING_INCDIR}"
-- 
2.37.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#101971): 
https://lists.openembedded.org/g/openembedded-devel/message/101971
Mute This Topic: https://lists.openembedded.org/mt/98100468/21656
Group Owner: openembedded-devel+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[oe][meta-oe][PATCH] nodejs: add CVE_PRODUCT

[Chen Qi]

Some old nodejs CVEs use 'nodejs', and recent nodejs CVEs use
'node.js'. Add CVE_PRODUCT to include both.

Signed-off-by: Chen Qi 
---
 meta-oe/recipes-devtools/nodejs/nodejs_18.12.1.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta-oe/recipes-devtools/nodejs/nodejs_18.12.1.bb 
b/meta-oe/recipes-devtools/nodejs/nodejs_18.12.1.bb
index e96913e56..96e70991b 100644
--- a/meta-oe/recipes-devtools/nodejs/nodejs_18.12.1.bb
+++ b/meta-oe/recipes-devtools/nodejs/nodejs_18.12.1.bb
@@ -3,6 +3,8 @@ HOMEPAGE = "http://nodejs.org;
 LICENSE = "MIT & ISC & BSD-2-Clause & BSD-3-Clause & Artistic-2.0"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=dfd7ae796baf5326016a3865ee1dc632"
 
+CVE_PRODUCT = "nodejs node.js"
+
 DEPENDS = "openssl"
 DEPENDS:append:class-target = " qemu-native"
 DEPENDS:append:class-native = " c-ares-native"
-- 
2.37.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#100967): 
https://lists.openembedded.org/g/openembedded-devel/message/100967
Mute This Topic: https://lists.openembedded.org/mt/96824439/21656
Group Owner: openembedded-devel+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[oe][meta-oe][PATCH V2] syslog-ng: workaround segfault for ppc64le

[Chen Qi]

For now syslog-ng segfaults on ppc64le. The problem could be reproduced
by simply adding syslog-ng to IMAGE_INSTALL and then building and starting
an image for qemuppc64.

The underlying root cause is unknown yet. This workaround, on the other hand,
helps improve the situation a little bit in the sense that users can at least
use syslog-ng on ppc64le targets.

Note that this workaround should be dropped once the upstream issues[1][2]
are fixed. This has also stated very clearly in the patch.

[1] https://sourceware.org/bugzilla/show_bug.cgi?id=30062
[2] https://github.com/syslog-ng/syslog-ng/issues/4285

Signed-off-by: Chen Qi 
---
 ...rkaround-powerpc64le-segfaults-error.patch | 46 +++
 .../syslog-ng/syslog-ng_3.38.1.bb |  1 +
 2 files changed, 47 insertions(+)
 create mode 100644 
meta-oe/recipes-support/syslog-ng/files/0001-plugin.c-workaround-powerpc64le-segfaults-error.patch

diff --git 
a/meta-oe/recipes-support/syslog-ng/files/0001-plugin.c-workaround-powerpc64le-segfaults-error.patch
 
b/meta-oe/recipes-support/syslog-ng/files/0001-plugin.c-workaround-powerpc64le-segfaults-error.patch
new file mode 100644
index 0..343e6fdad
--- /dev/null
+++ 
b/meta-oe/recipes-support/syslog-ng/files/0001-plugin.c-workaround-powerpc64le-segfaults-error.patch
@@ -0,0 +1,46 @@
+From 616446afab61ab98b28c81605e2efd4a689f37d1 Mon Sep 17 00:00:00 2001
+From: Chen Qi 
+Date: Fri, 20 Jan 2023 14:59:14 +0800
+Subject: [PATCH] plugin.c: workaround powerpc64le segfaults error
+
+syslog-ng segfaults on powerpc64le, workaround this error.
+See https://github.com/syslog-ng/syslog-ng/issues/4285 and
+https://sourceware.org/bugzilla/show_bug.cgi?id=30062 for more details.
+This patch should be dropped once the above issues are fixed.
+
+Upstream-Status: Inappropriate [OE Specific]
+
+Signed-off-by: Chen Qi 
+---
+ lib/plugin.c | 8 ++--
+ 1 file changed, 2 insertions(+), 6 deletions(-)
+
+diff --git a/lib/plugin.c b/lib/plugin.c
+index fbbfb92..3a03617 100644
+--- a/lib/plugin.c
 b/lib/plugin.c
+@@ -528,10 +528,7 @@ plugin_discover_candidate_modules(PluginContext *context)
+ }
+ }
+   g_free(module_name);
+-  if (mod)
+-g_module_close(mod);
+-  else
+-mod = NULL;
++  mod = NULL;
+ }
+ }
+   g_dir_close(dir);
+@@ -663,8 +660,7 @@ plugin_list_modules(FILE *out, gboolean verbose)
+   first = FALSE;
+ }
+   g_free(module_name);
+-  if (mod)
+-g_module_close(mod);
++  mod = NULL;
+ }
+ }
+   g_dir_close(dir);
+-- 
+2.17.1
+
diff --git a/meta-oe/recipes-support/syslog-ng/syslog-ng_3.38.1.bb 
b/meta-oe/recipes-support/syslog-ng/syslog-ng_3.38.1.bb
index 76945095a..182a253d3 100644
--- a/meta-oe/recipes-support/syslog-ng/syslog-ng_3.38.1.bb
+++ b/meta-oe/recipes-support/syslog-ng/syslog-ng_3.38.1.bb
@@ -23,6 +23,7 @@ SRC_URI = 
"https://github.com/balabit/syslog-ng/releases/download/${BP}/${BP}.ta
file://syslog-ng-tmp.conf \
file://syslog-ng.service-the-syslog-ng-service.patch \
 "
+SRC_URI:append:powerpc64le = " 
file://0001-plugin.c-workaround-powerpc64le-segfaults-error.patch"
 
 SRC_URI[sha256sum] = 
"5491f686d0b829b69b2e0fc0d66a62f51991aafaee005475bfa38fab399441f7"
 
-- 
2.17.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#100874): 
https://lists.openembedded.org/g/openembedded-devel/message/100874
Mute This Topic: https://lists.openembedded.org/mt/96649169/21656
Group Owner: openembedded-devel+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [oe][meta-oe][PATCH] syslog-ng: workaround segfault for ppc64le

[Chen Qi]

Please ignore this one. V2 will be sent with an extra issue link.

Regards,
Qi


-Original Message-
From: openembedded-devel@lists.openembedded.org 
 On Behalf Of Chen Qi
Sent: Tuesday, January 31, 2023 5:41 PM
To: openembedded-devel@lists.openembedded.org
Subject: [oe][meta-oe][PATCH] syslog-ng: workaround segfault for ppc64le

For now syslog-ng segfaults on ppc64le. The problem could be reproduced by 
simply adding syslog-ng to IMAGE_INSTALL and then building and starting an 
image for qemuppc64.

The underlying root cause is hard to find. This workaround helps improve the 
situation a little bit so that users can at least use syslog-ng on ppc64le 
targets.

Note that this workaround should be dropped once the upstream issue gets a real 
fix: https://github.com/syslog-ng/syslog-ng/issues/4285

Signed-off-by: Chen Qi 
---
 ...rkaround-powerpc64le-segfaults-error.patch | 45 +++
 .../syslog-ng/syslog-ng_3.38.1.bb |  1 +
 2 files changed, 46 insertions(+)
 create mode 100644 
meta-oe/recipes-support/syslog-ng/files/0001-plugin.c-workaround-powerpc64le-segfaults-error.patch

diff --git 
a/meta-oe/recipes-support/syslog-ng/files/0001-plugin.c-workaround-powerpc64le-segfaults-error.patch
 
b/meta-oe/recipes-support/syslog-ng/files/0001-plugin.c-workaround-powerpc64le-segfaults-error.patch
new file mode 100644
index 0..ca73f69b9
--- /dev/null
+++ b/meta-oe/recipes-support/syslog-ng/files/0001-plugin.c-workaround-p
+++ owerpc64le-segfaults-error.patch
@@ -0,0 +1,45 @@
+From 616446afab61ab98b28c81605e2efd4a689f37d1 Mon Sep 17 00:00:00 2001
+From: Chen Qi 
+Date: Fri, 20 Jan 2023 14:59:14 +0800
+Subject: [PATCH] plugin.c: workaround powerpc64le segfaults error
+
+syslog-ng segfaults on powerpc64le, workaround this error.
+See https://github.com/syslog-ng/syslog-ng/issues/4285 for more details.
+This patch should be dropped once the above issue gets a real fix.
+
+Upstream-Status: Inappropriate [OE Specific]
+
+Signed-off-by: Chen Qi 
+---
+ lib/plugin.c | 8 ++--
+ 1 file changed, 2 insertions(+), 6 deletions(-)
+
+diff --git a/lib/plugin.c b/lib/plugin.c index fbbfb92..3a03617 100644
+--- a/lib/plugin.c
 b/lib/plugin.c
+@@ -528,10 +528,7 @@ plugin_discover_candidate_modules(PluginContext *context)
+ }
+ }
+   g_free(module_name);
+-  if (mod)
+-g_module_close(mod);
+-  else
+-mod = NULL;
++  mod = NULL;
+ }
+ }
+   g_dir_close(dir);
+@@ -663,8 +660,7 @@ plugin_list_modules(FILE *out, gboolean verbose)
+   first = FALSE;
+ }
+   g_free(module_name);
+-  if (mod)
+-g_module_close(mod);
++  mod = NULL;
+ }
+ }
+   g_dir_close(dir);
+--
+2.17.1
+
diff --git a/meta-oe/recipes-support/syslog-ng/syslog-ng_3.38.1.bb 
b/meta-oe/recipes-support/syslog-ng/syslog-ng_3.38.1.bb
index 76945095a..182a253d3 100644
--- a/meta-oe/recipes-support/syslog-ng/syslog-ng_3.38.1.bb
+++ b/meta-oe/recipes-support/syslog-ng/syslog-ng_3.38.1.bb
@@ -23,6 +23,7 @@ SRC_URI = 
"https://github.com/balabit/syslog-ng/releases/download/${BP}/${BP}.ta
file://syslog-ng-tmp.conf \
file://syslog-ng.service-the-syslog-ng-service.patch \  "
+SRC_URI:append:powerpc64le = " 
file://0001-plugin.c-workaround-powerpc64le-segfaults-error.patch"
 
 SRC_URI[sha256sum] = 
"5491f686d0b829b69b2e0fc0d66a62f51991aafaee005475bfa38fab399441f7"
 
--
2.17.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#100873): 
https://lists.openembedded.org/g/openembedded-devel/message/100873
Mute This Topic: https://lists.openembedded.org/mt/96649157/21656
Group Owner: openembedded-devel+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[oe][meta-oe][PATCH] syslog-ng: workaround segfault for ppc64le

[Chen Qi]

For now syslog-ng segfaults on ppc64le. The problem could be reproduced
by simply adding syslog-ng to IMAGE_INSTALL and then building and starting
an image for qemuppc64.

The underlying root cause is hard to find. This workaround helps improve
the situation a little bit so that users can at least use syslog-ng on
ppc64le targets.

Note that this workaround should be dropped once the upstream issue gets
a real fix: https://github.com/syslog-ng/syslog-ng/issues/4285

Signed-off-by: Chen Qi 
---
 ...rkaround-powerpc64le-segfaults-error.patch | 45 +++
 .../syslog-ng/syslog-ng_3.38.1.bb |  1 +
 2 files changed, 46 insertions(+)
 create mode 100644 
meta-oe/recipes-support/syslog-ng/files/0001-plugin.c-workaround-powerpc64le-segfaults-error.patch

diff --git 
a/meta-oe/recipes-support/syslog-ng/files/0001-plugin.c-workaround-powerpc64le-segfaults-error.patch
 
b/meta-oe/recipes-support/syslog-ng/files/0001-plugin.c-workaround-powerpc64le-segfaults-error.patch
new file mode 100644
index 0..ca73f69b9
--- /dev/null
+++ 
b/meta-oe/recipes-support/syslog-ng/files/0001-plugin.c-workaround-powerpc64le-segfaults-error.patch
@@ -0,0 +1,45 @@
+From 616446afab61ab98b28c81605e2efd4a689f37d1 Mon Sep 17 00:00:00 2001
+From: Chen Qi 
+Date: Fri, 20 Jan 2023 14:59:14 +0800
+Subject: [PATCH] plugin.c: workaround powerpc64le segfaults error
+
+syslog-ng segfaults on powerpc64le, workaround this error.
+See https://github.com/syslog-ng/syslog-ng/issues/4285 for more details.
+This patch should be dropped once the above issue gets a real fix.
+
+Upstream-Status: Inappropriate [OE Specific]
+
+Signed-off-by: Chen Qi 
+---
+ lib/plugin.c | 8 ++--
+ 1 file changed, 2 insertions(+), 6 deletions(-)
+
+diff --git a/lib/plugin.c b/lib/plugin.c
+index fbbfb92..3a03617 100644
+--- a/lib/plugin.c
 b/lib/plugin.c
+@@ -528,10 +528,7 @@ plugin_discover_candidate_modules(PluginContext *context)
+ }
+ }
+   g_free(module_name);
+-  if (mod)
+-g_module_close(mod);
+-  else
+-mod = NULL;
++  mod = NULL;
+ }
+ }
+   g_dir_close(dir);
+@@ -663,8 +660,7 @@ plugin_list_modules(FILE *out, gboolean verbose)
+   first = FALSE;
+ }
+   g_free(module_name);
+-  if (mod)
+-g_module_close(mod);
++  mod = NULL;
+ }
+ }
+   g_dir_close(dir);
+-- 
+2.17.1
+
diff --git a/meta-oe/recipes-support/syslog-ng/syslog-ng_3.38.1.bb 
b/meta-oe/recipes-support/syslog-ng/syslog-ng_3.38.1.bb
index 76945095a..182a253d3 100644
--- a/meta-oe/recipes-support/syslog-ng/syslog-ng_3.38.1.bb
+++ b/meta-oe/recipes-support/syslog-ng/syslog-ng_3.38.1.bb
@@ -23,6 +23,7 @@ SRC_URI = 
"https://github.com/balabit/syslog-ng/releases/download/${BP}/${BP}.ta
file://syslog-ng-tmp.conf \
file://syslog-ng.service-the-syslog-ng-service.patch \
 "
+SRC_URI:append:powerpc64le = " 
file://0001-plugin.c-workaround-powerpc64le-segfaults-error.patch"
 
 SRC_URI[sha256sum] = 
"5491f686d0b829b69b2e0fc0d66a62f51991aafaee005475bfa38fab399441f7"
 
-- 
2.17.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#100872): 
https://lists.openembedded.org/g/openembedded-devel/message/100872
Mute This Topic: https://lists.openembedded.org/mt/96649157/21656
Group Owner: openembedded-devel+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [oe][meta-filesystems][dunfell][PATCH] ntfs-3g-ntfsprogs: Upgrade 2022.5.17 to 2022.10.3

[Chen Qi]

Hi Armin,

I also just noticed that the new released kirkstone does not contain this patch.
I think all currently maintained branches should cherry-pick this upgrade 
patch. What do you think?

Regards,
Qi

-Original Message-
From: openembedded-devel@lists.openembedded.org 
 On Behalf Of Armin Kuster
Sent: Thursday, November 17, 2022 10:44 PM
To: omkar ; 
openembedded-devel@lists.openembedded.org; omkar.pa...@kpit.com
Cc: ranjitsinh.rat...@kpit.com
Subject: Re: [oe][meta-filesystems][dunfell][PATCH] ntfs-3g-ntfsprogs: Upgrade 
2022.5.17 to 2022.10.3



On 11/17/22 3:23 AM, omkar wrote:
> From: Omkar Patil 
>
> Changes:
> Rejected zero-sized runs
> Avoided merging runlists with no runs
>
> Fix CVE-2022-40284

Won't this affect langdale and Kirkstone too?

-armin
>
> Signed-off-by: Omkar Patil 
> ---
>   ...3g-ntfsprogs_2022.5.17.bb => ntfs-3g-ntfsprogs_2022.10.3.bb} | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
>   rename 
> meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/{ntfs-3g-ntfspr
> ogs_2022.5.17.bb => ntfs-3g-ntfsprogs_2022.10.3.bb} (95%)
>
> diff --git 
> a/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsp
> rogs_2022.5.17.bb 
> b/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsp
> rogs_2022.10.3.bb
> similarity index 95%
> rename from 
> meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfspro
> gs_2022.5.17.bb rename to 
> meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfspro
> gs_2022.10.3.bb
> index cb52c5567..efb331d7b 100644
> --- 
> a/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsp
> rogs_2022.5.17.bb
> +++ b/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-n
> +++ tfsprogs_2022.10.3.bb
> @@ -10,7 +10,7 @@ SRC_URI = 
> "http://tuxera.com/opensource/ntfs-3g_ntfsprogs-${PV}.tgz \
>  
> file://0001-libntfs-3g-Makefile.am-fix-install-failed-while-host.patch \
>   "
>   S = "${WORKDIR}/ntfs-3g_ntfsprogs-${PV}"
> -SRC_URI[sha256sum] = 
> "0489fbb6972581e1b417ab578d543f6ae522e7fa648c3c9b49c789510fd5eb93"
> +SRC_URI[sha256sum] = 
> "f20e36ee68074b845e3629e6bced4706ad053804cbaf062fbae60738f854170c"
>   
>   UPSTREAM_CHECK_URI = "https://www.tuxera.com/community/open-source-ntfs-3g/;
>   UPSTREAM_CHECK_REGEX = "ntfs-3g_ntfsprogs-(?P\d+(\.\d+)+)\.tgz"
>
> 
>


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#100225): 
https://lists.openembedded.org/g/openembedded-devel/message/100225
Mute This Topic: https://lists.openembedded.org/mt/95086139/21656
Group Owner: openembedded-devel+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[oe][meta-networking][PATCH] networkmanager: fix /etc/resolv.conf handling

[Chen Qi]

The current handling of /etc/resolv.conf by NM has some problems.
When networkd is not configuring network, and there's 'ip=dhcp'
in kernel command line, the /run/NetworkManager/resolv.conf file
is not created, resulting in /etc/resolv.conf being a dead symlink.
This is because NM is treating the network interface as externally
configured and will not try to reconfigure it again.

This means if we want NM to work properly with /etc/resolv.conf,
we've got to either ensure there's no 'ip=dhcp' in kernel command
line, or we've got to ensure networkd is configuring network. This
is weird because normally we should not enable two network managers
at the same time. Note that NM syncs part of its codes with networkd,
which is the reason I think it happens to work when these two network
configuration tools are configuring the same interface at the same
time.

In fact, NM now works well with resolved. It sends the DNS info it
gets to resolved unconditionally by default (the behavior could be
disabled in configuration file).

Looking at the original commit that sets up the update-alternatives
mechanism, it says:
"""
  This brings the networkmanager in sync with how systemd-resolved and connman
  work. Additionally this allows it to function with a read-only rootFS.
"""
I guess the author was using systemd but disabling resolved, and the author
wanted to use read-only rootFS. In order to keep such combination still works,
change to use PACKAGECONFIG to handle things, and when 'man-resolv-conf' is
enabled, the above combination could still work.

Signed-off-by: Chen Qi 
---
 .../networkmanager/networkmanager_1.40.0.bb| 10 ++
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git 
a/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.40.0.bb 
b/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.40.0.bb
index b9273ac89..801739170 100644
--- 
a/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.40.0.bb
+++ 
b/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.40.0.bb
@@ -107,6 +107,8 @@ PACKAGECONFIG[vala] = "-Dvapi=true,-Dvapi=false"
 PACKAGECONFIG[dhcpcd] = "-Ddhcpcd=${base_sbindir}/dhcpcd,-Ddhcpcd=no,,dhcpcd"
 PACKAGECONFIG[dhclient] = "-Ddhclient=yes,-Ddhclient=no,,dhcp"
 PACKAGECONFIG[concheck] = "-Dconcheck=true,-Dconcheck=false"
+# The following PACKAGECONFIG is used to determine whether NM is managing 
/etc/resolv.conf itself or not
+PACKAGECONFIG[man-resolv-conf] = ",,"
 
 
 PACKAGES =+ " \
@@ -258,9 +260,9 @@ SYSTEMD_SERVICE:${PN}-daemon = "\
 "
 RCONFLICTS:${PN}-daemon += "connman"
 ALTERNATIVE_PRIORITY = "100"
-ALTERNATIVE:${PN}-daemon = 
"${@bb.utils.contains('DISTRO_FEATURES','systemd','resolv-conf','',d)}"
-ALTERNATIVE_TARGET[resolv-conf] = 
"${@bb.utils.contains('DISTRO_FEATURES','systemd','${sysconfdir}/resolv-conf.NetworkManager','',d)}"
-ALTERNATIVE_LINK_NAME[resolv-conf] = 
"${@bb.utils.contains('DISTRO_FEATURES','systemd','${sysconfdir}/resolv.conf','',d)}"
+ALTERNATIVE:${PN}-daemon = 
"${@bb.utils.contains('PACKAGECONFIG','man-resolv-conf','resolv-conf','',d)}"
+ALTERNATIVE_TARGET[resolv-conf] = 
"${@bb.utils.contains('PACKAGECONFIG','man-resolv-conf','${sysconfdir}/resolv-conf.NetworkManager','',d)}"
+ALTERNATIVE_LINK_NAME[resolv-conf] = 
"${@bb.utils.contains('PACKAGECONFIG','man-resolv-conf','${sysconfdir}/resolv.conf','',d)}"
 
 
 # The networkmanager package is an empty meta package which weakly depends on 
all the compiled features.
@@ -285,7 +287,7 @@ do_install:append() {
 
 rm -rf ${D}/run ${D}${localstatedir}/run
 
-if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; 
then
+if 
${@bb.utils.contains('PACKAGECONFIG','man-resolv-conf','true','false',d)}; then
 # For read-only filesystem, do not create links during bootup
 ln -sf ../run/NetworkManager/resolv.conf 
${D}${sysconfdir}/resolv-conf.NetworkManager
 
-- 
2.37.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#100129): 
https://lists.openembedded.org/g/openembedded-devel/message/100129
Mute This Topic: https://lists.openembedded.org/mt/95782986/21656
Group Owner: openembedded-devel+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[oe][meta-networking][PATCH 2/2] networkmanager: install config files into correct place

[Chen Qi]

The current location has no effect, because NetworkManager
is not looking for config files there.

In meson.build, we have:
  nm_pkglibdir = join_paths(nm_prefix, 'lib', nm_name)
  config_extra_h.set_quoted('NMLIBDIR',  nm_pkglibdir)

It's clear that the configuration directory should be
nonarch_libdir instead of libdir.

Signed-off-by: Chen Qi 
---
 .../networkmanager/networkmanager_1.40.0.bb   | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git 
a/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.40.0.bb 
b/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.40.0.bb
index f5a710f98..af823e5ad 100644
--- 
a/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.40.0.bb
+++ 
b/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.40.0.bb
@@ -287,11 +287,11 @@ do_install:append() {
 
 # Enable iwd if compiled
 if ${@bb.utils.contains('PACKAGECONFIG','iwd','true','false',d)}; then
-install -Dm 0644 ${WORKDIR}/enable-iwd.conf 
${D}${libdir}/NetworkManager/conf.d/enable-iwd.conf
+install -Dm 0644 ${WORKDIR}/enable-iwd.conf 
${D}${nonarch_libdir}/NetworkManager/conf.d/enable-iwd.conf
 fi
 
 # Enable dhcpd if compiled
 if ${@bb.utils.contains('PACKAGECONFIG','dhcpcd','true','false',d)}; then
-install -Dm 0644 ${WORKDIR}/enable-dhcpcd.conf 
${D}${libdir}/NetworkManager/conf.d/enable-dhcpcd.conf
+install -Dm 0644 ${WORKDIR}/enable-dhcpcd.conf 
${D}${nonarch_libdir}/NetworkManager/conf.d/enable-dhcpcd.conf
 fi
 }
-- 
2.37.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#13): 
https://lists.openembedded.org/g/openembedded-devel/message/13
Mute This Topic: https://lists.openembedded.org/mt/95557431/21656
Group Owner: openembedded-devel+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[oe][meta-networking][PATCH 1/2] networkmanager: fix dhcpcd PACKAGECONFIG

[Chen Qi]

Without this patch, even if dhcpcd is enabled, the NetworkManager
cannot find it. Below are the messages from NetworkMananger:

  dhcp: init: DHCP client 'dhcpcd' not available
  dhcp: init: Using DHCP client 'internal'

The problem is that dhcpcd needs to be specified as a path, otherwise
NetworkManager tries to find it in /usr/sbin/dhcpcd.

Signed-off-by: Chen Qi 
---
 .../networkmanager/networkmanager_1.40.0.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git 
a/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.40.0.bb 
b/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.40.0.bb
index 49b054d6f..f5a710f98 100644
--- 
a/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.40.0.bb
+++ 
b/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.40.0.bb
@@ -104,7 +104,7 @@ PACKAGECONFIG[ovs] = "-Dovs=true,-Dovs=false,jansson"
 PACKAGECONFIG[audit] = "-Dlibaudit=yes,-Dlibaudit=no"
 PACKAGECONFIG[selinux] = "-Dselinux=true,-Dselinux=false,libselinux"
 PACKAGECONFIG[vala] = "-Dvapi=true,-Dvapi=false"
-PACKAGECONFIG[dhcpcd] = "-Ddhcpcd=yes,-Ddhcpcd=no,,dhcpcd"
+PACKAGECONFIG[dhcpcd] = "-Ddhcpcd=${base_sbindir}/dhcpcd,-Ddhcpcd=no,,dhcpcd"
 PACKAGECONFIG[dhclient] = "-Ddhclient=yes,-Ddhclient=no,,dhcp"
 PACKAGECONFIG[concheck] = "-Dconcheck=true,-Dconcheck=false"
 
-- 
2.37.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#12): 
https://lists.openembedded.org/g/openembedded-devel/message/12
Mute This Topic: https://lists.openembedded.org/mt/95557430/21656
Group Owner: openembedded-devel+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[oe][meta-xfce][PATCH] xfce4-verve-plugin: fix do_configure faiure about missing libpcre

[Chen Qi]

libpcre is needed. Previously, it's available because glib-2.0 depends
on it. Now glib-2.0 has been upgraded and it now depends on libpcre2.
So add this explicit dependency to fix the do_configure failure.

Signed-off-by: Chen Qi 
---
 .../recipes-panel-plugins/verve/xfce4-verve-plugin_2.0.1.bb  | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta-xfce/recipes-panel-plugins/verve/xfce4-verve-plugin_2.0.1.bb 
b/meta-xfce/recipes-panel-plugins/verve/xfce4-verve-plugin_2.0.1.bb
index 21bbda331..eefe3322b 100644
--- a/meta-xfce/recipes-panel-plugins/verve/xfce4-verve-plugin_2.0.1.bb
+++ b/meta-xfce/recipes-panel-plugins/verve/xfce4-verve-plugin_2.0.1.bb
@@ -6,3 +6,4 @@ LIC_FILES_CHKSUM = 
"file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f"
 inherit xfce-panel-plugin
 
 SRC_URI[sha256sum] = 
"ebda5e5eb62d6e42afdc6f121d2f1cbd4d9d3c2b16a5e3ed8192b1b224b8f825"
+DEPENDS += "libpcre"
-- 
2.37.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#99595): 
https://lists.openembedded.org/g/openembedded-devel/message/99595
Mute This Topic: https://lists.openembedded.org/mt/95063717/21656
Group Owner: openembedded-devel+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[oe][kirkstone][meta-oe][PATCH] polkit: refresh patch

[Chen Qi]

Refresh patch to avoid QA issue about patch fuzz.

Signed-off-by: Chen Qi 
---
 .../0004-Make-netgroup-support-optional.patch | 20 +--
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git 
a/meta-oe/recipes-extended/polkit/polkit/0004-Make-netgroup-support-optional.patch
 
b/meta-oe/recipes-extended/polkit/polkit/0004-Make-netgroup-support-optional.patch
index fa273d450..218c860fb 100644
--- 
a/meta-oe/recipes-extended/polkit/polkit/0004-Make-netgroup-support-optional.patch
+++ 
b/meta-oe/recipes-extended/polkit/polkit/0004-Make-netgroup-support-optional.patch
@@ -1,4 +1,4 @@
-From 7ef2621ab7adcedc099ed39acfb73c6fa835cbc3 Mon Sep 17 00:00:00 2001
+From 5cf1a5fe6f8a24f1c95a749e3f347eeed2f591dd Mon Sep 17 00:00:00 2001
 From: "A. Wilcox" 
 Date: Sun, 15 May 2022 05:04:10 +
 Subject: [PATCH] Make netgroup support optional
@@ -37,12 +37,12 @@ Signed-off-by: Marta Rybczynska 

  9 files changed, 43 insertions(+), 8 deletions(-)
 
 diff --git a/configure.ac b/configure.ac
-index 59858df..5a7fc11 100644
+index 18e4223..0f87ea0 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -100,7 +100,7 @@ AC_CHECK_LIB(expat,XML_ParserCreate,[EXPAT_LIBS="-lexpat"],
-[AC_MSG_ERROR([Can't find expat library. Please install expat.])])
- AC_SUBST(EXPAT_LIBS)
+@@ -117,7 +117,7 @@ CFLAGS="$CFLAGS $PTHREAD_CFLAGS"
+ CC="$PTHREAD_CC"
+ AC_CHECK_FUNCS([pthread_condattr_setclock])
  
 -AC_CHECK_FUNCS(clearenv fdatasync)
 +AC_CHECK_FUNCS(clearenv fdatasync setnetgrent)
@@ -50,7 +50,7 @@ index 59858df..5a7fc11 100644
  if test "x$GCC" = "xyes"; then
LDFLAGS="-Wl,--as-needed $LDFLAGS"
 diff --git a/meson.build b/meson.build
-index 733bbff..d840926 100644
+index 7506231..2d9d67a 100644
 --- a/meson.build
 +++ b/meson.build
 @@ -82,6 +82,7 @@ config_h.set('_GNU_SOURCE', true)
@@ -164,10 +164,10 @@ index 056d9a8..36c2f3d 100644
  }
  
 diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp 
b/src/polkitbackend/polkitbackendjsauthority.cpp
-index 5027815..bcb040c 100644
+index 11e91c0..9ee0391 100644
 --- a/src/polkitbackend/polkitbackendjsauthority.cpp
 +++ b/src/polkitbackend/polkitbackendjsauthority.cpp
-@@ -1524,6 +1524,7 @@ js_polkit_user_is_in_netgroup (JSContext  *cx,
+@@ -1291,6 +1291,7 @@ js_polkit_user_is_in_netgroup (JSContext  *cx,
  
JS::CallArgs args = JS::CallArgsFromVp (argc, vp);
  
@@ -175,7 +175,7 @@ index 5027815..bcb040c 100644
JS::RootedString usrstr (authority->priv->cx);
usrstr = args[0].toString();
user = JS_EncodeStringToUTF8 (cx, usrstr);
-@@ -1538,6 +1539,7 @@ js_polkit_user_is_in_netgroup (JSContext  *cx,
+@@ -1305,6 +1306,7 @@ js_polkit_user_is_in_netgroup (JSContext  *cx,
  {
is_in_netgroup =  true;
  }
@@ -233,7 +233,7 @@ index 3701ba1..e1d211e 100644
return g_test_run ();
  }
 diff --git a/test/polkitbackend/test-polkitbackendjsauthority.c 
b/test/polkitbackend/test-polkitbackendjsauthority.c
-index f97e0e0..fc52149 100644
+index 2103b17..b187a2f 100644
 --- a/test/polkitbackend/test-polkitbackendjsauthority.c
 +++ b/test/polkitbackend/test-polkitbackendjsauthority.c
 @@ -137,12 +137,14 @@ test_get_admin_identities (void)
-- 
2.37.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#98958): 
https://lists.openembedded.org/g/openembedded-devel/message/98958
Mute This Topic: https://lists.openembedded.org/mt/93945515/21656
Group Owner: openembedded-devel+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[oe][meta-oe][PATCH] polkit: refresh patch

[Chen Qi]

Refresh patch to avoid QA issue about patch fuzz.

Signed-off-by: Chen Qi 
---
 .../0004-Make-netgroup-support-optional.patch | 30 +--
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git 
a/meta-oe/recipes-extended/polkit/polkit/0004-Make-netgroup-support-optional.patch
 
b/meta-oe/recipes-extended/polkit/polkit/0004-Make-netgroup-support-optional.patch
index 09be3b728..181aca16c 100644
--- 
a/meta-oe/recipes-extended/polkit/polkit/0004-Make-netgroup-support-optional.patch
+++ 
b/meta-oe/recipes-extended/polkit/polkit/0004-Make-netgroup-support-optional.patch
@@ -1,4 +1,4 @@
-From 501e6df3468f5da05881fc38cf68740e153ab403 Mon Sep 17 00:00:00 2001
+From a334fac72112c01cd322f7c97ef7ca21457ab52f Mon Sep 17 00:00:00 2001
 From: "A. Wilcox" 
 Date: Sun, 15 May 2022 05:04:10 +
 Subject: [PATCH] Make netgroup support optional
@@ -37,12 +37,12 @@ Signed-off-by: Marta Rybczynska 

  9 files changed, 43 insertions(+), 8 deletions(-)
 
 diff --git a/configure.ac b/configure.ac
-index 18e422300bb7..0f87ea0e8a26 100644
+index ca4b9f2..4c5d596 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -117,7 +117,7 @@ CFLAGS="$CFLAGS $PTHREAD_CFLAGS"
- CC="$PTHREAD_CC"
- AC_CHECK_FUNCS([pthread_condattr_setclock])
+@@ -100,7 +100,7 @@ AC_CHECK_LIB(expat,XML_ParserCreate,[EXPAT_LIBS="-lexpat"],
+[AC_MSG_ERROR([Can't find expat library. Please install expat.])])
+ AC_SUBST(EXPAT_LIBS)
  
 -AC_CHECK_FUNCS(clearenv fdatasync)
 +AC_CHECK_FUNCS(clearenv fdatasync setnetgrent)
@@ -50,7 +50,7 @@ index 18e422300bb7..0f87ea0e8a26 100644
  if test "x$GCC" = "xyes"; then
LDFLAGS="-Wl,--as-needed $LDFLAGS"
 diff --git a/meson.build b/meson.build
-index 750623179750..2d9d67a23409 100644
+index 733bbff..d840926 100644
 --- a/meson.build
 +++ b/meson.build
 @@ -82,6 +82,7 @@ config_h.set('_GNU_SOURCE', true)
@@ -62,7 +62,7 @@ index 750623179750..2d9d67a23409 100644
  
  foreach func: check_functions
 diff --git a/src/polkit/polkitidentity.c b/src/polkit/polkitidentity.c
-index 3aa1f7f1c762..793f17d5d1fe 100644
+index 3aa1f7f..793f17d 100644
 --- a/src/polkit/polkitidentity.c
 +++ b/src/polkit/polkitidentity.c
 @@ -182,7 +182,15 @@ polkit_identity_from_string  (const gchar   *str,
@@ -105,7 +105,7 @@ index 3aa1f7f1c762..793f17d5d1fe 100644
else
  {
 diff --git a/src/polkit/polkitunixnetgroup.c b/src/polkit/polkitunixnetgroup.c
-index 8a2b36938ac5..83f8d4a13efd 100644
+index 8a2b369..83f8d4a 100644
 --- a/src/polkit/polkitunixnetgroup.c
 +++ b/src/polkit/polkitunixnetgroup.c
 @@ -194,6 +194,9 @@ polkit_unix_netgroup_set_name (PolkitUnixNetgroup *group,
@@ -119,7 +119,7 @@ index 8a2b36938ac5..83f8d4a13efd 100644
return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_NETGROUP,
 "name", name,
 diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c 
b/src/polkitbackend/polkitbackendinteractiveauthority.c
-index 056d9a8f27f8..36c2f3dc1a79 100644
+index 056d9a8..36c2f3d 100644
 --- a/src/polkitbackend/polkitbackendinteractiveauthority.c
 +++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
 @@ -2233,25 +2233,26 @@ get_users_in_net_group (PolkitIdentity 
   *group,
@@ -164,10 +164,10 @@ index 056d9a8f27f8..36c2f3dc1a79 100644
  }
  
 diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp 
b/src/polkitbackend/polkitbackendjsauthority.cpp
-index 11e91c045da1..9ee0391b8c70 100644
+index 5027815..bcb040c 100644
 --- a/src/polkitbackend/polkitbackendjsauthority.cpp
 +++ b/src/polkitbackend/polkitbackendjsauthority.cpp
-@@ -1291,6 +1291,7 @@ js_polkit_user_is_in_netgroup (JSContext  *cx,
+@@ -1524,6 +1524,7 @@ js_polkit_user_is_in_netgroup (JSContext  *cx,
  
JS::CallArgs args = JS::CallArgsFromVp (argc, vp);
  
@@ -175,7 +175,7 @@ index 11e91c045da1..9ee0391b8c70 100644
JS::RootedString usrstr (authority->priv->cx);
usrstr = args[0].toString();
user = JS_EncodeStringToUTF8 (cx, usrstr);
-@@ -1305,6 +1306,7 @@ js_polkit_user_is_in_netgroup (JSContext  *cx,
+@@ -1538,6 +1539,7 @@ js_polkit_user_is_in_netgroup (JSContext  *cx,
  {
is_in_netgroup =  true;
  }
@@ -184,7 +184,7 @@ index 11e91c045da1..9ee0391b8c70 100644
ret = true;
  
 diff --git a/test/polkit/polkitidentitytest.c 
b/test/polkit/polkitidentitytest.c
-index e91967bec5b9..2635c4c4c64b 100644
+index e91967b..2635c4c 100644
 --- a/test/polkit/polkitidentitytest.c
 +++ b/test/polkit/polkitidentitytest.c
 @@ -145,11 +145,15 @@ struct ComparisonTestData comparison_test_data [] = {
@@ -219,7 +219,7 @@ index e91967bec5b9..2635c4c4c64b 100644
add_comparison_tests ();
  
 diff --git a/test/polkit/polkitunixnetgrouptest.c 
b/test/polkit/polkitunixnetgrouptest.c
-index 3701ba1671b7..e1d211e47634 100644
+index 3701ba1..e1d211e 100644
 --- a/test/polkit/polkitunixnetgrouptest.c
 +++ b/test/polkit/polkitunixnetgrouptest.c
 @@ -69,7 +69,9 @@

[oe][meta-oe][PATCH] passwdqc: fix the libpasswdqc FILES setting

[Chen Qi]

The actual file name is now libpasswdqc.so.1 instead of libpasswdqc.so.0.
This fixes the following error when installing passwdqc:

  nothing provides libpasswdqc needed by passwdqc-2.0.2-r0

Signed-off-by: Chen Qi 
---
 meta-oe/recipes-security/passwdqc/passwdqc_2.0.2.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta-oe/recipes-security/passwdqc/passwdqc_2.0.2.bb 
b/meta-oe/recipes-security/passwdqc/passwdqc_2.0.2.bb
index de4bff8c7..8462701b3 100644
--- a/meta-oe/recipes-security/passwdqc/passwdqc_2.0.2.bb
+++ b/meta-oe/recipes-security/passwdqc/passwdqc_2.0.2.bb
@@ -57,7 +57,7 @@ do_install() {
 PROVIDES += "pam-${BPN}"
 PACKAGES =+ "lib${BPN} pam-${BPN}"
 
-FILES:lib${BPN} = "${base_libdir}/libpasswdqc.so.0"
+FILES:lib${BPN} = "${base_libdir}/libpasswdqc.so.1"
 FILES:pam-${BPN} = "${base_libdir}/security/pam_passwdqc.so"
 FILES:${PN}-dbg += "${base_libdir}/security/.debug"
 
-- 
2.37.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#98899): 
https://lists.openembedded.org/g/openembedded-devel/message/98899
Mute This Topic: https://lists.openembedded.org/mt/93796587/21656
Group Owner: openembedded-devel+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[oe][meta-xfce][master][kirkstone][PATCH] catfish: fix buildpaths issue

[Chen Qi]

Signed-off-by: Chen Qi 
---
 meta-xfce/recipes-apps/catfish/catfish_4.16.3.bb | 9 +
 1 file changed, 9 insertions(+)

diff --git a/meta-xfce/recipes-apps/catfish/catfish_4.16.3.bb 
b/meta-xfce/recipes-apps/catfish/catfish_4.16.3.bb
index 98cd251d2..8fe879b81 100644
--- a/meta-xfce/recipes-apps/catfish/catfish_4.16.3.bb
+++ b/meta-xfce/recipes-apps/catfish/catfish_4.16.3.bb
@@ -12,3 +12,12 @@ SRC_URI[sha256sum] = 
"e9a99a62d10981391508dd43f3cbfa2d50a69bd6b7d1eeef7d30ba4c67
 FILES:${PN} += "${datadir}/metainfo"
 
 RDEPENDS:${PN} += "python3-pygobject python3-dbus"
+
+do_install:append() {
+#
+# Until catfish upstream figures out a way to overcome this buildpath 
issue, we need to do such adjustments here.
+#
+sed -i -e 's#${RECIPE_SYSROOT_NATIVE}##g' 
${D}${datadir}/applications/org.xfce.Catfish.desktop
+sed -i -e 's#${RECIPE_SYSROOT_NATIVE}##g' 
${D}${PYTHON_SITEPACKAGES_DIR}/catfish_lib/catfishconfig.py
+rm -f 
${D}${PYTHON_SITEPACKAGES_DIR}/catfish_lib/__pycache__/catfishconfig.*.pyc
+}
-- 
2.37.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#97906): 
https://lists.openembedded.org/g/openembedded-devel/message/97906
Mute This Topic: https://lists.openembedded.org/mt/92498883/21656
Group Owner: openembedded-devel+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[oe][meta-filesystems][PATCH] ntfs-3g-ntfsprogs: upgrade to 2022.5.17

[Chen Qi]

Upgrade from 2021.8.22 to 2022.5.17.
This upgrade mainly include CVE fixes.

According to https://github.com/tuxera/ntfs-3g/releases:
"""
Changelog:
* Improved defence against maliciously tampered NTFS partitions
* Improved defence against improper use of options
* Updated the documentation
"""

Signed-off-by: Chen Qi 
---
 ...g-ntfsprogs_2021.8.22.bb => ntfs-3g-ntfsprogs_2022.5.17.bb} | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)
 rename 
meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/{ntfs-3g-ntfsprogs_2021.8.22.bb
 => ntfs-3g-ntfsprogs_2022.5.17.bb} (93%)

diff --git 
a/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2021.8.22.bb
 
b/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2022.5.17.bb
similarity index 93%
rename from 
meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2021.8.22.bb
rename to 
meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2022.5.17.bb
index c77028785..b29716ad4 100644
--- 
a/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2021.8.22.bb
+++ 
b/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2022.5.17.bb
@@ -10,8 +10,7 @@ SRC_URI = 
"http://tuxera.com/opensource/ntfs-3g_ntfsprogs-${PV}.tgz \

file://0001-libntfs-3g-Makefile.am-fix-install-failed-while-host.patch \
 "
 S = "${WORKDIR}/ntfs-3g_ntfsprogs-${PV}"
-SRC_URI[md5sum] = "90da343e78877d388eb34cefae6799ae"
-SRC_URI[sha256sum] = 
"55b883aa05d94b2ec746ef3966cb41e66bed6db99f22ddd41d1b8b94bb202efb"
+SRC_URI[sha256sum] = 
"0489fbb6972581e1b417ab578d543f6ae522e7fa648c3c9b49c789510fd5eb93"
 
 UPSTREAM_CHECK_URI = "https://www.tuxera.com/community/open-source-ntfs-3g/;
 UPSTREAM_CHECK_REGEX = "ntfs-3g_ntfsprogs-(?P\d+(\.\d+)+)\.tgz"
-- 
2.37.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#97722): 
https://lists.openembedded.org/g/openembedded-devel/message/97722
Mute This Topic: https://lists.openembedded.org/mt/92200754/21656
Group Owner: openembedded-devel+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[oe][meta-filesystems][kirkstone][PATCH] ntfs-3g-ntfsprogs: upgrade to 2022.5.17

[Chen Qi]

Upgrade from 2021.8.22 to 2022.5.17.
This upgrade mainly include CVE fixes.

According to https://github.com/tuxera/ntfs-3g/releases:
"""
Changelog:
* Improved defence against maliciously tampered NTFS partitions
* Improved defence against improper use of options
* Updated the documentation
"""

Signed-off-by: Chen Qi 
---
 ...g-ntfsprogs_2021.8.22.bb => ntfs-3g-ntfsprogs_2022.5.17.bb} | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)
 rename 
meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/{ntfs-3g-ntfsprogs_2021.8.22.bb
 => ntfs-3g-ntfsprogs_2022.5.17.bb} (92%)

diff --git 
a/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2021.8.22.bb
 
b/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2022.5.17.bb
similarity index 92%
rename from 
meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2021.8.22.bb
rename to 
meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2022.5.17.bb
index aa1b4c2e9..59576b6ef 100644
--- 
a/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2021.8.22.bb
+++ 
b/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2022.5.17.bb
@@ -10,8 +10,7 @@ SRC_URI = 
"http://tuxera.com/opensource/ntfs-3g_ntfsprogs-${PV}.tgz \

file://0001-libntfs-3g-Makefile.am-fix-install-failed-while-host.patch \
 "
 S = "${WORKDIR}/ntfs-3g_ntfsprogs-${PV}"
-SRC_URI[md5sum] = "90da343e78877d388eb34cefae6799ae"
-SRC_URI[sha256sum] = 
"55b883aa05d94b2ec746ef3966cb41e66bed6db99f22ddd41d1b8b94bb202efb"
+SRC_URI[sha256sum] = 
"0489fbb6972581e1b417ab578d543f6ae522e7fa648c3c9b49c789510fd5eb93"
 
 UPSTREAM_CHECK_URI = "https://www.tuxera.com/community/open-source-ntfs-3g/;
 UPSTREAM_CHECK_REGEX = "ntfs-3g_ntfsprogs-(?P\d+(\.\d+)+)\.tgz"
-- 
2.37.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#97719): 
https://lists.openembedded.org/g/openembedded-devel/message/97719
Mute This Topic: https://lists.openembedded.org/mt/92200323/21656
Group Owner: openembedded-devel+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[oe][meta-webserver][PATCH] apache2: split out a new package apache2-utils

[Chen Qi]

Split out apache2-utils so this small package could be used by
other packages. For example, htpasswd could be used by docker-registry.

Signed-off-by: Chen Qi 
---
 .../recipes-httpd/apache2/apache2_2.4.53.bb  | 16 ++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/meta-webserver/recipes-httpd/apache2/apache2_2.4.53.bb 
b/meta-webserver/recipes-httpd/apache2/apache2_2.4.53.bb
index 8413f5379..3ade9807b 100644
--- a/meta-webserver/recipes-httpd/apache2/apache2_2.4.53.bb
+++ b/meta-webserver/recipes-httpd/apache2/apache2_2.4.53.bb
@@ -176,13 +176,25 @@ SYSTEMD_AUTO_ENABLE:${PN} = "enable"
 ALTERNATIVE:${PN}-doc = "htpasswd.1"
 ALTERNATIVE_LINK_NAME[htpasswd.1] = "${mandir}/man1/htpasswd.1"
 
-PACKAGES = "${PN}-scripts ${PN}-doc ${PN}-dev ${PN}-dbg ${PN}"
+PACKAGES = "${PN}-utils ${PN}-scripts ${PN}-doc ${PN}-dev ${PN}-dbg ${PN}"
 
 CONFFILES:${PN} = "${sysconfdir}/${BPN}/httpd.conf \
${sysconfdir}/${BPN}/magic \
${sysconfdir}/${BPN}/mime.types \
${sysconfdir}/${BPN}/extra/*"
 
+FILES:${PN}-utils = "${bindir}/ab \
+ ${bindir}/htdbm \
+ ${bindir}/htdigest \
+ ${bindir}/htpasswd \
+ ${bindir}/logresolve \
+ ${bindir}/httxt2dbm \
+ ${sbindir}/htcacheclean \
+ ${sbindir}/fcgistarter \
+ ${sbindir}/checkgid \
+ ${sbindir}/rotatelogs \
+"
+
 # We override here rather than append so that .so links are
 # included in the runtime package rather than here (-dev)
 # and to get build, icons, error into the -dev package
@@ -207,7 +219,7 @@ FILES:${PN} += "${datadir}/${BPN}/ ${libdir}/cgi-bin"
 
 FILES:${PN}-dbg += "${libdir}/${BPN}/modules/.debug"
 
-RDEPENDS:${PN} += "openssl libgcc"
+RDEPENDS:${PN} += "openssl libgcc ${PN}-utils"
 RDEPENDS:${PN}-scripts += "perl ${PN}"
 RDEPENDS:${PN}-dev = "perl"
 
-- 
2.36.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#97470): 
https://lists.openembedded.org/g/openembedded-devel/message/97470
Mute This Topic: https://lists.openembedded.org/mt/91662469/21656
Group Owner: openembedded-devel+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[oe][meta-networking][PATCH] blueman: fix python site-packages installation issue

[Chen Qi]

The blueman is relying on host python to determine the target
python site-packages directory which is not correct. Add a new
option to fix this issue.

Signed-off-by: Chen Qi 
---
 ...01-meson-add-pythoninstalldir-option.patch | 49 +++
 .../blueman/blueman_2.2.4.bb  |  3 +-
 2 files changed, 51 insertions(+), 1 deletion(-)
 create mode 100644 
meta-networking/recipes-connectivity/blueman/blueman/0001-meson-add-pythoninstalldir-option.patch

diff --git 
a/meta-networking/recipes-connectivity/blueman/blueman/0001-meson-add-pythoninstalldir-option.patch
 
b/meta-networking/recipes-connectivity/blueman/blueman/0001-meson-add-pythoninstalldir-option.patch
new file mode 100644
index 0..a52821915
--- /dev/null
+++ 
b/meta-networking/recipes-connectivity/blueman/blueman/0001-meson-add-pythoninstalldir-option.patch
@@ -0,0 +1,49 @@
+From 37f24a9bd62f0a8f3e37eaddd33f2f0c9d3aaa0a Mon Sep 17 00:00:00 2001
+From: Chen Qi 
+Date: Fri, 1 Apr 2022 23:12:17 -0700
+Subject: [PATCH] meson: add pythoninstalldir option
+
+In case of cross build, using host python to determine the python
+site-packages directory for target is not feasible, add a new option
+pythoninstalldir to fix the issue.
+
+Upstream-Status: Submitted 
[https://github.com/blueman-project/blueman/pull/1699]
+
+Signed-off-by: Chen Qi 
+---
+ meson.build   | 7 ++-
+ meson_options.txt | 1 +
+ 2 files changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/meson.build b/meson.build
+index bc990cd..a37aacd 100644
+--- a/meson.build
 b/meson.build
+@@ -26,7 +26,12 @@ pkgdatadir = join_paths([prefix, get_option('datadir'), 
package_name])
+ bindir = join_paths([prefix, get_option('bindir')])
+ libexecdir = join_paths([prefix, get_option('libexecdir')])
+ schemadir = join_paths([datadir, 'glib-2.0', 'schemas'])
+-pythondir = join_paths([prefix, python.sysconfig_path('purelib')])
++pythoninstalldir = get_option('pythoninstalldir')
++if pythoninstalldir != ''
++pythondir = join_paths([prefix, pythoninstalldir])
++else
++pythondir = join_paths([prefix, python.sysconfig_path('purelib')])
++endif
+ 
+ if get_option('policykit')
+ have_polkit = 'True'
+diff --git a/meson_options.txt b/meson_options.txt
+index b3e939f..96acbbc 100644
+--- a/meson_options.txt
 b/meson_options.txt
+@@ -5,5 +5,6 @@ option('pulseaudio', type: 'boolean', value: true, 
description: 'Enable PulseAud
+ option('appindicator', type: 'boolean', value: true, description: 'Enable 
Libappindicator support')
+ option('systemdsystemunitdir', type: 'string', description: 'Path to systemd 
system unit dir relative to ${prefix}')
+ option('systemduserunitdir', type: 'string', description: 'Path to systemd 
user unit dir relative to ${prefix}')
++option('pythoninstalldir', type: 'string', description: 'Path to python 
site-packages dir relative to ${prefix}')
+ option('sendto-plugins', type: 'array', choices: ['Caja', 'Nemo', 
'Nautilus'], value: ['Caja', 'Nemo', 'Nautilus'], description: 'Install sendto 
plugins for various filemanagers')
+ option('thunar-sendto', type: 'boolean', value: true, description: 'Install 
Thunar sendto plugin')
+-- 
+2.33.0
+
diff --git a/meta-networking/recipes-connectivity/blueman/blueman_2.2.4.bb 
b/meta-networking/recipes-connectivity/blueman/blueman_2.2.4.bb
index ea06ee67f..d5aeceeb4 100644
--- a/meta-networking/recipes-connectivity/blueman/blueman_2.2.4.bb
+++ b/meta-networking/recipes-connectivity/blueman/blueman_2.2.4.bb
@@ -10,10 +10,11 @@ SRC_URI = " \
 
https://github.com/blueman-project/blueman/releases/download/${PV}/blueman-${PV}.tar.xz
 \
 file://0001-Search-for-cython3.patch \
 file://0002-fix-fail-to-enable-bluetooth.patch \
+file://0001-meson-add-pythoninstalldir-option.patch \
 "
 SRC_URI[sha256sum] = 
"55d639feeda0b43b18a659e65985213a54b47dcb1348f3b4effb5238db242602"
 
-EXTRA_OEMESON = "-Druntime_deps_check=false -Dappindicator=false"
+EXTRA_OEMESON = "-Druntime_deps_check=false -Dappindicator=false 
-Dpythoninstalldir=${@noprefix('PYTHON_SITEPACKAGES_DIR', d)}"
 
 SYSTEMD_SERVICE:${PN} = "${BPN}-mechanism.service"
 SYSTEMD_AUTO_ENABLE:${PN} = "disable"
-- 
2.33.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#96343): 
https://lists.openembedded.org/g/openembedded-devel/message/96343
Mute This Topic: https://lists.openembedded.org/mt/90196648/21656
Group Owner: openembedded-devel+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[oe][meta-oe][hardknott][PATCH V2] udisks2: upgrade from 2.9.2 to 2.9.4

[Chen Qi]

Upgrade udisks2 from 2.9.2 to 2.9.4. This upgrade will solves
CVE-2021-3802.

Signed-off-by: Chen Qi 
---
 .../udisks/{udisks2_2.9.2.bb => udisks2_2.9.4.bb} | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename meta-oe/recipes-support/udisks/{udisks2_2.9.2.bb => udisks2_2.9.4.bb} 
(89%)

diff --git a/meta-oe/recipes-support/udisks/udisks2_2.9.2.bb 
b/meta-oe/recipes-support/udisks/udisks2_2.9.4.bb
similarity index 89%
rename from meta-oe/recipes-support/udisks/udisks2_2.9.2.bb
rename to meta-oe/recipes-support/udisks/udisks2_2.9.4.bb
index 4c64f91a9..a25860fd9 100644
--- a/meta-oe/recipes-support/udisks/udisks2_2.9.2.bb
+++ b/meta-oe/recipes-support/udisks/udisks2_2.9.4.bb
@@ -17,8 +17,8 @@ DEPENDS += "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', 
d)}"
 
 RDEPENDS_${PN} = "acl"
 
-SRC_URI = 
"git://github.com/storaged-project/udisks.git;branch=master;protocol=https"
-SRCREV = "da6d9480fefeb0ffdf8a84626b5096827d8d7030"
+SRC_URI = 
"git://github.com/storaged-project/udisks.git;branch=2.9.x-branch;protocol=https"
+SRCREV = "001c486e6d099ed33e2de4f5c73c03e3ee180f81"
 S = "${WORKDIR}/git"
 
 CVE_PRODUCT = "udisks"
-- 
2.33.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#94677): 
https://lists.openembedded.org/g/openembedded-devel/message/94677
Mute This Topic: https://lists.openembedded.org/mt/88254001/21656
Group Owner: openembedded-devel+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [oe][meta-oe][hardknott][PATCH] udisks2: upgrade from 2.9.2 to 2.9.4

[Chen Qi]

On 1/6/22 1:05 AM, akuster808 wrote:


On 1/4/22 11:59 PM, Chen Qi wrote:

Upgrade udisks2 from 2.9.2 to 2.9.4. This upgrade will solves
CVE-2021-3802.

This does not apply on top of current hardknott.
This recipe already has the protocol changes which this patch is missing.

-armin


Got it. I'll send out V2.

Regards,

Qi



Signed-off-by: Chen Qi 
---
  .../udisks/{udisks2_2.9.2.bb => udisks2_2.9.4.bb} | 4 ++--
  1 file changed, 2 insertions(+), 2 deletions(-)
  rename meta-oe/recipes-support/udisks/{udisks2_2.9.2.bb => udisks2_2.9.4.bb} 
(90%)

diff --git a/meta-oe/recipes-support/udisks/udisks2_2.9.2.bb 
b/meta-oe/recipes-support/udisks/udisks2_2.9.4.bb
similarity index 90%
rename from meta-oe/recipes-support/udisks/udisks2_2.9.2.bb
rename to meta-oe/recipes-support/udisks/udisks2_2.9.4.bb
index f9e127438..ebda86fa6 100644
--- a/meta-oe/recipes-support/udisks/udisks2_2.9.2.bb
+++ b/meta-oe/recipes-support/udisks/udisks2_2.9.4.bb
@@ -17,8 +17,8 @@ DEPENDS += "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', 
d)}"
  
  RDEPENDS_${PN} = "acl"
  
-SRC_URI = "git://github.com/storaged-project/udisks.git;branch=master"

-SRCREV = "da6d9480fefeb0ffdf8a84626b5096827d8d7030"
+SRC_URI = "git://github.com/storaged-project/udisks.git;branch=2.9.x-branch"
+SRCREV = "001c486e6d099ed33e2de4f5c73c03e3ee180f81"
  S = "${WORKDIR}/git"
  
  CVE_PRODUCT = "udisks"







-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#94676): 
https://lists.openembedded.org/g/openembedded-devel/message/94676
Mute This Topic: https://lists.openembedded.org/mt/88209858/21656
Group Owner: openembedded-devel+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[oe][meta-oe][hardknott][PATCH] udisks2: upgrade from 2.9.2 to 2.9.4

[Chen Qi]

Upgrade udisks2 from 2.9.2 to 2.9.4. This upgrade will solves
CVE-2021-3802.

Signed-off-by: Chen Qi 
---
 .../udisks/{udisks2_2.9.2.bb => udisks2_2.9.4.bb} | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename meta-oe/recipes-support/udisks/{udisks2_2.9.2.bb => udisks2_2.9.4.bb} 
(90%)

diff --git a/meta-oe/recipes-support/udisks/udisks2_2.9.2.bb 
b/meta-oe/recipes-support/udisks/udisks2_2.9.4.bb
similarity index 90%
rename from meta-oe/recipes-support/udisks/udisks2_2.9.2.bb
rename to meta-oe/recipes-support/udisks/udisks2_2.9.4.bb
index f9e127438..ebda86fa6 100644
--- a/meta-oe/recipes-support/udisks/udisks2_2.9.2.bb
+++ b/meta-oe/recipes-support/udisks/udisks2_2.9.4.bb
@@ -17,8 +17,8 @@ DEPENDS += "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', 
d)}"
 
 RDEPENDS_${PN} = "acl"
 
-SRC_URI = "git://github.com/storaged-project/udisks.git;branch=master"
-SRCREV = "da6d9480fefeb0ffdf8a84626b5096827d8d7030"
+SRC_URI = "git://github.com/storaged-project/udisks.git;branch=2.9.x-branch"
+SRCREV = "001c486e6d099ed33e2de4f5c73c03e3ee180f81"
 S = "${WORKDIR}/git"
 
 CVE_PRODUCT = "udisks"
-- 
2.33.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#94657): 
https://lists.openembedded.org/g/openembedded-devel/message/94657
Mute This Topic: https://lists.openembedded.org/mt/88209858/21656
Group Owner: openembedded-devel+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [oe][meta-filesystem][hardknott][PATCH] ntfs-3g-ntfsprogs: upgrade to 2021.8.22

[Chen Qi]

Thanks!
I was checking hardknott-next. Now I know meta-openembedded-contrib and 
'hardknott-nut' :)


Regards,
Qi

On 10/22/2021 12:31 PM, Khem Raj wrote:

Stable merges takes time it’s already staged see

https://git.openembedded.org/meta-openembedded-contrib/log/?h=stable/hardknott-nut 
<https://urldefense.com/v3/__https://git.openembedded.org/meta-openembedded-contrib/log/?h=stable*hardknott-nut__;Lw%21%21AjveYdw8EvQ%21IeYlFxxqUaX36O0WVlqmBG3kEv3k1v_m7otpNKJDycAl3FlrhMAjFbZFEZUqZPZfpw$>



On Thu, Oct 21, 2021 at 7:05 PM Chen Qi <mailto:qi.c...@windriver.com>> wrote:


Hi Armin & Randy,

Could this patch be merged into hardknott?
Or should I send out V2 with detailed change log?

Regards,
Qi
----
    *From:* Chen, Qi mailto:qi.c...@windriver.com>>
*Sent:* Thursday, October 21, 2021 10:10
*To:* MacLeod, Randy mailto:randy.macl...@windriver.com>>; Armin Kuster
mailto:akuster...@gmail.com>>;
openembedded-devel@lists.openembedded.org
<mailto:openembedded-devel@lists.openembedded.org>
mailto:openembedded-devel@lists.openembedded.org>>

*Subject:* Re: [oe][meta-filesystem][hardknott][PATCH]
ntfs-3g-ntfsprogs: upgrade to 2021.8.22
Hi Randy,

 1. It's used by anaconda. I searched OE, and didn't find any
other place.

 2. I don't think it's worth the effort to identify and fix them
one by one.

Regards,
Qi

*From:* MacLeod, Randy mailto:randy.macl...@windriver.com>>
*Sent:* Thursday, October 21, 2021 1:06
    *To:* Armin Kuster mailto:akuster...@gmail.com>>; Chen, Qi mailto:qi.c...@windriver.com>>;
openembedded-devel@lists.openembedded.org
<mailto:openembedded-devel@lists.openembedded.org>
mailto:openembedded-devel@lists.openembedded.org>>
*Subject:* Re: [oe][meta-filesystem][hardknott][PATCH]
ntfs-3g-ntfsprogs: upgrade to 2021.8.22
On 2021-10-19 11:09 a.m., Armin Kuster wrote:
>
>
> On 10/18/21 9:59 PM, Chen Qi wrote:
>> This upgrade revolves a bunch of CVEs. See more details in:
>>
https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp

<https://urldefense.com/v3/__https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp__;%21%21AjveYdw8EvQ%21IeYlFxxqUaX36O0WVlqmBG3kEv3k1v_m7otpNKJDycAl3FlrhMAjFbZFEZU-JVQIVw$>.
> Seems reasonable to me.
>
> -armin

I"m tempted to agree but I don't know enough about how ntfs-36 is
used. I think we need more information and a more detailed commit
log explaining why we think that the uprev is okay.

Qi,
Does it provide a library and header files that developers use?

Debian has a patch that we could make use of:
https://security-tracker.debian.org/tracker/CVE-2021-35266

<https://urldefense.com/v3/__https://security-tracker.debian.org/tracker/CVE-2021-35266__;%21%21AjveYdw8EvQ%21IeYlFxxqUaX36O0WVlqmBG3kEv3k1v_m7otpNKJDycAl3FlrhMAjFbZFEZVqLrClGw$>

$ apt-get source ntfs-3g

$ fd security.patch

ntfs-3g-2017.3.23AR.3/debian/patches/aug2021-security.patch


$ diffstat `fd aug`

  include/ntfs-3g/attrib.h |1

  include/ntfs-3g/index.h  |4 +

  include/ntfs-3g/volume.h |5 ++

  libntfs-3g/acls.c|4 +

  libntfs-3g/attrib.c  |  332

+++--

  libntfs-3g/bootsect.c|8 +++

  libntfs-3g/compress.c|   22 +-

  libntfs-3g/dir.c |  109
+++---

  libntfs-3g/index.c   |  183

+---

  libntfs-3g/inode.c   |   24 ++-

  libntfs-3g/lcnalloc.c|   15 --

  libntfs-3g/mft.c |   70 +++-

  libntfs-3g/volume.c  |   81
-

  ntfsprogs/ntfscp.c   |3 -

  ntfsprogs/ntfsfix.c  |   17 ++-

  src/lowntfs-3g.c |  384

+-

  src/ntfs-3g.c|   23 ++

  17 files changed, 818 insertions(+), 467 deletions(-)


compared to the diff of the uprev:

$ git diff 2017.3.23..2021.8.22 | diffstat | tail -1

  69 files changed, 3220 insertions(+), 705 deletions(-)



../Randy

>>
    >> These CVEs cannot be reolved one by one. Upgrading the package
>>

Re: [oe][meta-filesystem][hardknott][PATCH] ntfs-3g-ntfsprogs: upgrade to 2021.8.22

[Chen Qi]

Hi Armin & Randy,

Could this patch be merged into hardknott?
Or should I send out V2 with detailed change log?

Regards,
Qi

From: Chen, Qi 
Sent: Thursday, October 21, 2021 10:10
To: MacLeod, Randy ; Armin Kuster 
; openembedded-devel@lists.openembedded.org 

Subject: Re: [oe][meta-filesystem][hardknott][PATCH] ntfs-3g-ntfsprogs: upgrade 
to 2021.8.22

Hi Randy,


  1.  It's used by anaconda. I searched OE, and didn't find any other place.

  1.  I don't think it's worth the effort to identify and fix them one by one.

Regards,
Qi

From: MacLeod, Randy 
Sent: Thursday, October 21, 2021 1:06
To: Armin Kuster ; Chen, Qi ; 
openembedded-devel@lists.openembedded.org 

Subject: Re: [oe][meta-filesystem][hardknott][PATCH] ntfs-3g-ntfsprogs: upgrade 
to 2021.8.22

On 2021-10-19 11:09 a.m., Armin Kuster wrote:
>
>
> On 10/18/21 9:59 PM, Chen Qi wrote:
>> This upgrade revolves a bunch of CVEs. See more details in:
>> https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp.
> Seems reasonable to me.
>
> -armin

I"m tempted to agree but I don't know enough about how ntfs-36 is
used. I think we need more information and a more detailed commit
log explaining why we think that the uprev is okay.

Qi,
Does it provide a library and header files that developers use?

Debian has a patch that we could make use of:
https://security-tracker.debian.org/tracker/CVE-2021-35266

$ apt-get source ntfs-3g

$ fd security.patch

ntfs-3g-2017.3.23AR.3/debian/patches/aug2021-security.patch


$ diffstat `fd aug`

  include/ntfs-3g/attrib.h |1

  include/ntfs-3g/index.h  |4 +

  include/ntfs-3g/volume.h |5 ++

  libntfs-3g/acls.c|4 +

  libntfs-3g/attrib.c  |  332
+++--

  libntfs-3g/bootsect.c|8 +++

  libntfs-3g/compress.c|   22 +-

  libntfs-3g/dir.c |  109
+++---

  libntfs-3g/index.c   |  183
+---

  libntfs-3g/inode.c   |   24 ++-

  libntfs-3g/lcnalloc.c|   15 --

  libntfs-3g/mft.c |   70 +++-

  libntfs-3g/volume.c  |   81 -

  ntfsprogs/ntfscp.c   |3 -

  ntfsprogs/ntfsfix.c  |   17 ++-

  src/lowntfs-3g.c |  384
+-

  src/ntfs-3g.c|   23 ++

  17 files changed, 818 insertions(+), 467 deletions(-)


compared to the diff of the uprev:

$ git diff 2017.3.23..2021.8.22 | diffstat | tail -1

  69 files changed, 3220 insertions(+), 705 deletions(-)



../Randy

>>
>> These CVEs cannot be reolved one by one. Upgrading the package
>> is the only reasonable way.
>>
>> Signed-off-by: Chen Qi 
>> ---
>>   ...-ntfsprogs_2017.3.23.bb => ntfs-3g-ntfsprogs_2021.8.22.bb} | 4 ++--
>>   1 file changed, 2 insertions(+), 2 deletions(-)
>>   rename 
>> meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/{ntfs-3g-ntfsprogs_2017.3.23.bb
>>  => ntfs-3g-ntfsprogs_2021.8.22.bb} (92%)
>>
>> diff --git 
>> a/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2017.3.23.bb
>>  
>> b/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2021.8.22.bb
>> similarity index 92%
>> rename from 
>> meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2017.3.23.bb
>> rename to 
>> meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2021.8.22.bb
>> index 6f5cb6cee..19b2d6ca2 100644
>> --- 
>> a/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2017.3.23.bb
>> +++ 
>> b/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2021.8.22.bb
>> @@ -10,8 +10,8 @@ SRC_URI = 
>> "http://tuxera.com/opensource/ntfs-3g_ntfsprogs-${PV}.tgz \
>>  
>> file://0001-libntfs-3g-Makefile.am-fix-install-failed-while-host.patch \
>>   "
>>   S = "${WORKDIR}/ntfs-3g_ntfsprogs-${PV}"
>> -SRC_URI[md5sum] = "d97474ae1954f772c6d2fa386a6f462c"
>> -SRC_URI[sha256sum] = 
>> "3e5a021d7b761261836dcb305370af299793eedbded731df3d6943802e1262d5"
>> +SRC_URI[md5sum] = "90da343e78877d388eb34cefae6799ae"
>> +SRC_URI[sha256sum] = 
>> "55b883aa05d94b2ec746ef3966cb41e66bed6db99f22ddd41d1b8b94bb202efb"
>>
>>   UP

Re: [oe][meta-filesystem][hardknott][PATCH] ntfs-3g-ntfsprogs: upgrade to 2021.8.22

[Chen Qi]

Hi Randy,


  1.  It's used by anaconda. I searched OE, and didn't find any other place.

  1.  I don't think it's worth the effort to identify and fix them one by one.

Regards,
Qi

From: MacLeod, Randy 
Sent: Thursday, October 21, 2021 1:06
To: Armin Kuster ; Chen, Qi ; 
openembedded-devel@lists.openembedded.org 

Subject: Re: [oe][meta-filesystem][hardknott][PATCH] ntfs-3g-ntfsprogs: upgrade 
to 2021.8.22

On 2021-10-19 11:09 a.m., Armin Kuster wrote:
>
>
> On 10/18/21 9:59 PM, Chen Qi wrote:
>> This upgrade revolves a bunch of CVEs. See more details in:
>> https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp.
> Seems reasonable to me.
>
> -armin

I"m tempted to agree but I don't know enough about how ntfs-36 is
used. I think we need more information and a more detailed commit
log explaining why we think that the uprev is okay.

Qi,
Does it provide a library and header files that developers use?

Debian has a patch that we could make use of:
https://security-tracker.debian.org/tracker/CVE-2021-35266

$ apt-get source ntfs-3g

$ fd security.patch

ntfs-3g-2017.3.23AR.3/debian/patches/aug2021-security.patch


$ diffstat `fd aug`

  include/ntfs-3g/attrib.h |1

  include/ntfs-3g/index.h  |4 +

  include/ntfs-3g/volume.h |5 ++

  libntfs-3g/acls.c|4 +

  libntfs-3g/attrib.c  |  332
+++--

  libntfs-3g/bootsect.c|8 +++

  libntfs-3g/compress.c|   22 +-

  libntfs-3g/dir.c |  109
+++---

  libntfs-3g/index.c   |  183
+---

  libntfs-3g/inode.c   |   24 ++-

  libntfs-3g/lcnalloc.c|   15 --

  libntfs-3g/mft.c |   70 +++-

  libntfs-3g/volume.c  |   81 -

  ntfsprogs/ntfscp.c   |3 -

  ntfsprogs/ntfsfix.c  |   17 ++-

  src/lowntfs-3g.c |  384
+-

  src/ntfs-3g.c|   23 ++

  17 files changed, 818 insertions(+), 467 deletions(-)


compared to the diff of the uprev:

$ git diff 2017.3.23..2021.8.22 | diffstat | tail -1

  69 files changed, 3220 insertions(+), 705 deletions(-)



../Randy

>>
>> These CVEs cannot be reolved one by one. Upgrading the package
>> is the only reasonable way.
>>
>> Signed-off-by: Chen Qi 
>> ---
>>   ...-ntfsprogs_2017.3.23.bb => ntfs-3g-ntfsprogs_2021.8.22.bb} | 4 ++--
>>   1 file changed, 2 insertions(+), 2 deletions(-)
>>   rename 
>> meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/{ntfs-3g-ntfsprogs_2017.3.23.bb
>>  => ntfs-3g-ntfsprogs_2021.8.22.bb} (92%)
>>
>> diff --git 
>> a/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2017.3.23.bb
>>  
>> b/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2021.8.22.bb
>> similarity index 92%
>> rename from 
>> meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2017.3.23.bb
>> rename to 
>> meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2021.8.22.bb
>> index 6f5cb6cee..19b2d6ca2 100644
>> --- 
>> a/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2017.3.23.bb
>> +++ 
>> b/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2021.8.22.bb
>> @@ -10,8 +10,8 @@ SRC_URI = 
>> "http://tuxera.com/opensource/ntfs-3g_ntfsprogs-${PV}.tgz \
>>  
>> file://0001-libntfs-3g-Makefile.am-fix-install-failed-while-host.patch \
>>   "
>>   S = "${WORKDIR}/ntfs-3g_ntfsprogs-${PV}"
>> -SRC_URI[md5sum] = "d97474ae1954f772c6d2fa386a6f462c"
>> -SRC_URI[sha256sum] = 
>> "3e5a021d7b761261836dcb305370af299793eedbded731df3d6943802e1262d5"
>> +SRC_URI[md5sum] = "90da343e78877d388eb34cefae6799ae"
>> +SRC_URI[sha256sum] = 
>> "55b883aa05d94b2ec746ef3966cb41e66bed6db99f22ddd41d1b8b94bb202efb"
>>
>>   UPSTREAM_CHECK_URI = 
>> "https://www.tuxera.com/community/open-source-ntfs-3g/;
>>   UPSTREAM_CHECK_REGEX = "ntfs-3g_ntfsprogs-(?P\d+(\.\d+)+)\.tgz"
>>
>>
>>
>
>
>
> 
>


--
# Randy MacLeod
# Wind River Linux


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#93509): 
https://lists.openembedded.org/g/openembedded-devel/message/93509
Mute This Topic: https://lists.openembedded.org/mt/86433129/21656
Group Owner: openembedded-devel+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[oe][meta-filesystem][hardknott][PATCH] ntfs-3g-ntfsprogs: upgrade to 2021.8.22

[Chen Qi]

This upgrade revolves a bunch of CVEs. See more details in:
https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp.

These CVEs cannot be reolved one by one. Upgrading the package
is the only reasonable way.

Signed-off-by: Chen Qi 
---
 ...-ntfsprogs_2017.3.23.bb => ntfs-3g-ntfsprogs_2021.8.22.bb} | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename 
meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/{ntfs-3g-ntfsprogs_2017.3.23.bb
 => ntfs-3g-ntfsprogs_2021.8.22.bb} (92%)

diff --git 
a/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2017.3.23.bb
 
b/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2021.8.22.bb
similarity index 92%
rename from 
meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2017.3.23.bb
rename to 
meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2021.8.22.bb
index 6f5cb6cee..19b2d6ca2 100644
--- 
a/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2017.3.23.bb
+++ 
b/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2021.8.22.bb
@@ -10,8 +10,8 @@ SRC_URI = 
"http://tuxera.com/opensource/ntfs-3g_ntfsprogs-${PV}.tgz \

file://0001-libntfs-3g-Makefile.am-fix-install-failed-while-host.patch \
 "
 S = "${WORKDIR}/ntfs-3g_ntfsprogs-${PV}"
-SRC_URI[md5sum] = "d97474ae1954f772c6d2fa386a6f462c"
-SRC_URI[sha256sum] = 
"3e5a021d7b761261836dcb305370af299793eedbded731df3d6943802e1262d5"
+SRC_URI[md5sum] = "90da343e78877d388eb34cefae6799ae"
+SRC_URI[sha256sum] = 
"55b883aa05d94b2ec746ef3966cb41e66bed6db99f22ddd41d1b8b94bb202efb"
 
 UPSTREAM_CHECK_URI = "https://www.tuxera.com/community/open-source-ntfs-3g/;
 UPSTREAM_CHECK_REGEX = "ntfs-3g_ntfsprogs-(?P\d+(\.\d+)+)\.tgz"
-- 
2.33.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#93456): 
https://lists.openembedded.org/g/openembedded-devel/message/93456
Mute This Topic: https://lists.openembedded.org/mt/86433129/21656
Group Owner: openembedded-devel+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[oe][meta-filesystem][PATCH] ntfs-3g-ntfsprogs: upgrade to 2021.8.22

[Chen Qi]

This upgrade revolves a bunch of CVEs. See more details in:
https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp.

Signed-off-by: Chen Qi 
---
 ...-ntfsprogs_2017.3.23.bb => ntfs-3g-ntfsprogs_2021.8.22.bb} | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename 
meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/{ntfs-3g-ntfsprogs_2017.3.23.bb
 => ntfs-3g-ntfsprogs_2021.8.22.bb} (92%)

diff --git 
a/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2017.3.23.bb
 
b/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2021.8.22.bb
similarity index 92%
rename from 
meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2017.3.23.bb
rename to 
meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2021.8.22.bb
index 36fa5efd2..1ebbb410e 100644
--- 
a/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2017.3.23.bb
+++ 
b/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2021.8.22.bb
@@ -10,8 +10,8 @@ SRC_URI = 
"http://tuxera.com/opensource/ntfs-3g_ntfsprogs-${PV}.tgz \

file://0001-libntfs-3g-Makefile.am-fix-install-failed-while-host.patch \
 "
 S = "${WORKDIR}/ntfs-3g_ntfsprogs-${PV}"
-SRC_URI[md5sum] = "d97474ae1954f772c6d2fa386a6f462c"
-SRC_URI[sha256sum] = 
"3e5a021d7b761261836dcb305370af299793eedbded731df3d6943802e1262d5"
+SRC_URI[md5sum] = "90da343e78877d388eb34cefae6799ae"
+SRC_URI[sha256sum] = 
"55b883aa05d94b2ec746ef3966cb41e66bed6db99f22ddd41d1b8b94bb202efb"
 
 UPSTREAM_CHECK_URI = "https://www.tuxera.com/community/open-source-ntfs-3g/;
 UPSTREAM_CHECK_REGEX = "ntfs-3g_ntfsprogs-(?P\d+(\.\d+)+)\.tgz"
-- 
2.33.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#93443): 
https://lists.openembedded.org/g/openembedded-devel/message/93443
Mute This Topic: https://lists.openembedded.org/mt/86430637/21656
Group Owner: openembedded-devel+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[oe][meta-openembedded][PATCH] Convert to new override syntax using latest convert-overrides.py script

[Chen Qi]

This patch is the result of running the latest convert-ovrrides.py
script.

Signed-off-by: Chen Qi 
---
 meta-initramfs/classes/klibc.bbclass   |  2 +-
 .../recipes-daemons/lldpd/lldpd_1.0.8.bb   |  2 +-
 .../corosync/corosync_3.0.3.bb |  2 +-
 meta-oe/classes/image_types_sparse.bbclass |  2 +-
 .../recipes-core/meta/distro-feed-configs.bb   |  2 +-
 .../packagegroups/packagegroup-meta-oe.bb  | 14 +++---
 .../geany/geany-plugins_1.37.bb| 18 +-
 .../recipes-devtools/lapack/lapack_3.9.0.bb|  4 ++--
 meta-oe/recipes-devtools/luajit/luajit_git.bb  |  2 +-
 .../dnfdragora/dnfdragora_git.bb   |  2 +-
 .../fontforge/fontforge_20190801.bb|  2 +-
 .../libmime/libmime-types-perl_2.17.bb |  2 +-
 12 files changed, 27 insertions(+), 27 deletions(-)

diff --git a/meta-initramfs/classes/klibc.bbclass 
b/meta-initramfs/classes/klibc.bbclass
index 83112c06f..202d132d9 100644
--- a/meta-initramfs/classes/klibc.bbclass
+++ b/meta-initramfs/classes/klibc.bbclass
@@ -4,7 +4,7 @@ DEPENDS =+ "klcc-cross"
 # Default for klcc is to build static binaries.
 # Set CC = "${TARGET_PREFIX}klcc -shared" to build the dynamic version.
 CC:forcevariable = "${TARGET_PREFIX}klcc ${TOOLCHAIN_OPTIONS}"
-CC:forcevariable:armv4_linux-gnueabi = "${TARGET_PREFIX}klcc 
${TOOLCHAIN_OPTIONS} -march=armv4 -mthumb-interwork"
+CC:forcevariable:armv4:linux-gnueabi = "${TARGET_PREFIX}klcc 
${TOOLCHAIN_OPTIONS} -march=armv4 -mthumb-interwork"
 CC:append:armv7ve = " ${@' -mfloat-abi=${TUNE_CCARGS_MFLOAT}' if 
(d.getVar('TUNE_CCARGS_MFLOAT') != '') else ''}"
 CC:append:armv7a = " ${@' -mfloat-abi=${TUNE_CCARGS_MFLOAT}' if 
(d.getVar('TUNE_CCARGS_MFLOAT') != '') else ''}"
 
diff --git a/meta-networking/recipes-daemons/lldpd/lldpd_1.0.8.bb 
b/meta-networking/recipes-daemons/lldpd/lldpd_1.0.8.bb
index d5e9e2c30..cf2b156fe 100644
--- a/meta-networking/recipes-daemons/lldpd/lldpd_1.0.8.bb
+++ b/meta-networking/recipes-daemons/lldpd/lldpd_1.0.8.bb
@@ -61,4 +61,4 @@ RDEPENDS:${PN} += "os-release"
 
 FILES:${PN}-zsh-completion += "${datadir}/zsh/"
 # FIXME: zsh is broken in meta-oe so this cannot be enabled for now
-#RDEPENDS_${PN}-zsh-completion += "zsh"
+#RDEPENDS:${PN}-zsh-completion += "zsh"
diff --git a/meta-networking/recipes-extended/corosync/corosync_3.0.3.bb 
b/meta-networking/recipes-extended/corosync/corosync_3.0.3.bb
index 0af954c31..909296197 100644
--- a/meta-networking/recipes-extended/corosync/corosync_3.0.3.bb
+++ b/meta-networking/recipes-extended/corosync/corosync_3.0.3.bb
@@ -37,7 +37,7 @@ PACKAGECONFIG[systemd] = "--enable-systemd 
--with-systemddir=${systemd_system_un
 EXTRA_OECONF = "ac_cv_path_BASHPATH=${base_bindir}/bash ap_cv_cc_pie=no"
 EXTRA_OEMAKE = "tmpfilesdir_DATA="
 
-#do_configure_prepend() {
+#do_configure:prepend() {
 #( cd ${S}
 #${S}/autogen.sh )
 #}
diff --git a/meta-oe/classes/image_types_sparse.bbclass 
b/meta-oe/classes/image_types_sparse.bbclass
index 1459f800a..af3879372 100644
--- a/meta-oe/classes/image_types_sparse.bbclass
+++ b/meta-oe/classes/image_types_sparse.bbclass
@@ -1,7 +1,7 @@
 inherit image_types
 
 CONVERSIONTYPES += "sparse"
-CONVERSION_CMD_sparse() {
+CONVERSION_CMD:sparse() {
 in="${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}"
 out="${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.sparse"
 case "${type}" in
diff --git a/meta-oe/recipes-core/meta/distro-feed-configs.bb 
b/meta-oe/recipes-core/meta/distro-feed-configs.bb
index cffeeb6a0..a87de4583 100644
--- a/meta-oe/recipes-core/meta/distro-feed-configs.bb
+++ b/meta-oe/recipes-core/meta/distro-feed-configs.bb
@@ -28,6 +28,6 @@ PACKAGE_ARCH = "${MACHINE_ARCH}"
 #confs = [ ( "${sysconfdir}/opkg/%s-feed.conf" % feed ) for feed in archs ]
 #return " ".join( confs )
 #
-#CONFFILES_${PN} += '${@distro_feed_configs(d)}'
+#CONFFILES:${PN} += '${@distro_feed_configs(d)}'
 
 CONFFILES:${PN} += '${@ " ".join( [ ( "${sysconfdir}/opkg/%s-feed.conf" % feed 
) for feed in "all ${PACKAGE_EXTRA_ARCHS} ${MACHINE_ARCH}".split() ] ) }'
diff --git a/meta-oe/recipes-core/packagegroups/packagegroup-meta-oe.bb 
b/meta-oe/recipes-core/packagegroups/packagegroup-meta-oe.bb
index ad95b9c45..cdc43bf04 100644
--- a/meta-oe/recipes-core/packagegroups/packagegroup-meta-oe.bb
+++ b/meta-oe/recipes-core/packagegroups/packagegroup-meta-oe.bb
@@ -205,7 +205,7 @@ RDEPENDS:packagegroup-meta-oe-crypto ="\
 libsodium \
 pkcs11-helper \
 "
-RDEPENDS_packagegroup-meta-oe-crypto:remove:riscv32 = "botan"
+RDEPENDS:packagegroup-meta-oe-crypto:remove:riscv32 = "botan"
 
 RDEPENDS:packagegroup-meta-oe-dbs ="\
 influxdb \
@@ -948,12 +948,12 @@ RDEPENDS:packagegroup-meta-oe-test =&quo

[oe][meta-oe][PATCH] minifi-cpp: set CLEANBROKEN to 1

[Chen Qi]

Rebuilding minifi-cpp in old build dir sometimes result
in do_compile failure. So set CLEANBROKEN to "1" to workaround
this problem. If further investigation is done and the underlying
problem is addressed, this setting could be removed.

Signed-off-by: Chen Qi 
---
 meta-oe/recipes-extended/minifi-cpp/minifi-cpp_0.7.0.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta-oe/recipes-extended/minifi-cpp/minifi-cpp_0.7.0.bb 
b/meta-oe/recipes-extended/minifi-cpp/minifi-cpp_0.7.0.bb
index fdbb65e1c..ef82a8fb0 100644
--- a/meta-oe/recipes-extended/minifi-cpp/minifi-cpp_0.7.0.bb
+++ b/meta-oe/recipes-extended/minifi-cpp/minifi-cpp_0.7.0.bb
@@ -139,3 +139,5 @@ pkg_postinst_${PN}() {
 fi
 fi
 }
+
+CLEANBROKEN = "1"
-- 
2.30.2


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#91898): 
https://lists.openembedded.org/g/openembedded-devel/message/91898
Mute This Topic: https://lists.openembedded.org/mt/83546973/21656
Group Owner: openembedded-devel+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[oe][meta-gnome][PATCH] mutter: add polkit to REQUIRED_DISTRO_FEATRUES

[Chen Qi]

mutter depends on gnome-settings-daemon which requires 'polkit'
distro feature.

Signed-off-by: Chen Qi 
---
 meta-gnome/recipes-gnome/mutter/mutter_3.34.6.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta-gnome/recipes-gnome/mutter/mutter_3.34.6.bb 
b/meta-gnome/recipes-gnome/mutter/mutter_3.34.6.bb
index adbfcd6d7..c7f91f0db 100644
--- a/meta-gnome/recipes-gnome/mutter/mutter_3.34.6.bb
+++ b/meta-gnome/recipes-gnome/mutter/mutter_3.34.6.bb
@@ -27,7 +27,7 @@ SRC_URI[archive.sha256sum] = 
"23bde87d33b8981358831cec8915bb5ff1eaf9c1de74c90cd1
 SRC_URI += "file://0001-EGL-Include-EGL-eglmesaext.h.patch"
 
 # x11 is still manadatory - see meson.build
-REQUIRED_DISTRO_FEATURES = "x11"
+REQUIRED_DISTRO_FEATURES = "x11 polkit"
 
 # systemd can be replaced by libelogind (not available atow - make systemd
 # mandatory distro feature)
-- 
2.30.2


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#91572): 
https://lists.openembedded.org/g/openembedded-devel/message/91572
Mute This Topic: https://lists.openembedded.org/mt/83117723/21656
Group Owner: openembedded-devel+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[oe][meta-oe][PATCH] tigervnc: fix do_package error when enabling user merge

[Chen Qi]

When enabling user merge, we get the following error:

ERROR: QA Issue: tigervnc: Files/directories were installed but not shipped in 
any package:
  /lib
  /lib/systemd
  /lib/systemd/system
  /lib/systemd/system/vncserver@.service

Signed-off-by: Chen Qi 
---
 meta-oe/recipes-graphics/tigervnc/tigervnc_1.11.0.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta-oe/recipes-graphics/tigervnc/tigervnc_1.11.0.bb 
b/meta-oe/recipes-graphics/tigervnc/tigervnc_1.11.0.bb
index ce6c59bc3..c45fc028f 100644
--- a/meta-oe/recipes-graphics/tigervnc/tigervnc_1.11.0.bb
+++ b/meta-oe/recipes-graphics/tigervnc/tigervnc_1.11.0.bb
@@ -83,7 +83,7 @@ EXTRA_OECONF = "--disable-xorg --disable-xnest --disable-xvfb 
--disable-dmx \
 --disable-xwayland \
 "
 
-EXTRA_OECMAKE += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 
'-DCMAKE_INSTALL_UNITDIR=/lib/systemd/system', '-DINSTALL_SYSTEMD_UNITS=OFF', 
d)}"
+EXTRA_OECMAKE += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 
'-DCMAKE_INSTALL_UNITDIR=${systemd_unitdir}', '-DINSTALL_SYSTEMD_UNITS=OFF', 
d)}"
 
 do_configure_append () {
 olddir=`pwd`
-- 
2.30.2


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#91100): 
https://lists.openembedded.org/g/openembedded-devel/message/91100
Mute This Topic: https://lists.openembedded.org/mt/82451399/21656
Group Owner: openembedded-devel+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[oe][meta-python][hardknott][PATCH V2 2/3] python3-django: fix CVE-2021-28658

[Chen Qi]

From: Stefan Ghinea 

In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8,
MultiPartParser allowed directory traversal via uploaded files with
suitably crafted file names. Built-in upload handlers were not affected
by this vulnerability.

References:
https://nvd.nist.gov/vuln/detail/CVE-2021-28658

Upstream patches:
https://github.com/django/django/commit/4036d62bda0e9e9f6172943794b744a454ca49c2

Signed-off-by: Stefan Ghinea 
Signed-off-by: Khem Raj 
Signed-off-by: Trevor Gamblin 
---
 .../CVE-2021-28658.patch  | 289 ++
 .../python/python3-django_2.2.16.bb   |   2 +
 2 files changed, 291 insertions(+)
 create mode 100644 
meta-python/recipes-devtools/python/python3-django-2.2.16/CVE-2021-28658.patch

diff --git 
a/meta-python/recipes-devtools/python/python3-django-2.2.16/CVE-2021-28658.patch
 
b/meta-python/recipes-devtools/python/python3-django-2.2.16/CVE-2021-28658.patch
new file mode 100644
index 0..325aa0042
--- /dev/null
+++ 
b/meta-python/recipes-devtools/python/python3-django-2.2.16/CVE-2021-28658.patch
@@ -0,0 +1,289 @@
+From 4036d62bda0e9e9f6172943794b744a454ca49c2 Mon Sep 17 00:00:00 2001
+From: Mariusz Felisiak 
+Date: Tue, 16 Mar 2021 10:19:00 +0100
+Subject: [PATCH] Fixed CVE-2021-28658 -- Fixed potential directory-traversal
+ via uploaded files.
+
+Thanks Claude Paroz for the initial patch.
+Thanks Dennis Brinkrolf for the report.
+
+Backport of d4d800ca1addc4141e03c5440a849bb64d1582cd from main.
+
+Upstream-Status: Backport
+CVE: CVE-2021-28658
+
+Reference to upstream patch:
+[https://github.com/django/django/commit/4036d62bda0e9e9f6172943794b744a454ca49c2]
+
+[SG: Adapted stable/2.2.x patch for 2.2.16]
+Signed-off-by: Stefan Ghinea 
+---
+ django/http/multipartparser.py  | 13 --
+ docs/releases/2.2.16.txt| 12 +
+ tests/file_uploads/tests.py | 72 ++---
+ tests/file_uploads/uploadhandler.py | 31 +
+ tests/file_uploads/urls.py  |  1 +
+ tests/file_uploads/views.py | 12 -
+ 6 files changed, 120 insertions(+), 21 deletions(-)
+
+diff --git a/django/http/multipartparser.py b/django/http/multipartparser.py
+index f6f12ca..5a9cca8 100644
+--- a/django/http/multipartparser.py
 b/django/http/multipartparser.py
+@@ -7,6 +7,7 @@ file upload handlers for processing.
+ import base64
+ import binascii
+ import cgi
++import os
+ from urllib.parse import unquote
+ 
+ from django.conf import settings
+@@ -205,7 +206,7 @@ class MultiPartParser:
+ file_name = disposition.get('filename')
+ if file_name:
+ file_name = force_text(file_name, encoding, 
errors='replace')
+-file_name = 
self.IE_sanitize(unescape_entities(file_name))
++file_name = self.sanitize_file_name(file_name)
+ if not file_name:
+ continue
+ 
+@@ -293,9 +294,13 @@ class MultiPartParser:
+ self._files.appendlist(force_text(old_field_name, 
self._encoding, errors='replace'), file_obj)
+ break
+ 
+-def IE_sanitize(self, filename):
+-"""Cleanup filename from Internet Explorer full paths."""
+-return filename and filename[filename.rfind("\\") + 1:].strip()
++def sanitize_file_name(self, file_name):
++file_name = unescape_entities(file_name)
++# Cleanup Windows-style path separators.
++file_name = file_name[file_name.rfind('\\') + 1:].strip()
++return os.path.basename(file_name)
++
++IE_sanitize = sanitize_file_name
+ 
+ def _close_files(self):
+ # Free up all file handles.
+diff --git a/docs/releases/2.2.16.txt b/docs/releases/2.2.16.txt
+index 31231fb..4b7021b 100644
+--- a/docs/releases/2.2.16.txt
 b/docs/releases/2.2.16.txt
+@@ -2,6 +2,18 @@
+ Django 2.2.16 release notes
+ ===
+ 
++*April 6, 2021*
++
++Backported from Django 2.2.20 a fix for a security issue.
++
++CVE-2021-28658: Potential directory-traversal via uploaded files
++
++
++``MultiPartParser`` allowed directory-traversal via uploaded files with
++suitably crafted file names.
++
++Built-in upload handlers were not affected by this vulnerability.
++
+ *September 1, 2020*
+ 
+ Django 2.2.16 fixes two security issues and two data loss bugs in 2.2.15.
+diff --git a/tests/file_uploads/tests.py b/tests/file_uploads/tests.py
+index ea4976d..2a08d1b 100644
+--- a/tests/file_uploads/tests.py
 b/tests/file_uploads/tests.py
+@@ -22,6 +22,21 @@ UNICODE_FILENAME = 'test-0123456789_中文_Orléans.jpg'
+ MEDIA_ROOT = sys_tempfile.mkdtemp()
+ UPLOAD_TO = os.path.join(MEDIA_ROOT, 'test_upload')
+ 
++CANDIDATE_TRAVERSAL_FILE_NAMES = [
++'/tmp/hax0rd.txt',  # Absolute path, *nix-style.
++'C:\\Windows\\hax0rd.txt',  # Absolute path, win-style.
++'C:/Windows/hax0rd.txt',# 

[oe][meta-python][hardknott][PATCH V2 1/3] tigervnc: upgrade to 1.11.0

[Chen Qi]

Upgrade to latest stable version.

The 1.10 branch is not maitained any more, it stops update in 2019.
The 1.11 branch has fix for CVE-2020-26117, which is a high risk CVE.
https://nvd.nist.gov/vuln/detail/CVE-2020-26117

Some changes in this new version are as below.
1) 'bash' is added to RDEPENDS as /usr/libexec/vncsession-start requires it.
2) DEPENDS on libpam and requires 'pam' distro feature.
   This is because upstream has made 'pam' mandatory in the following commit.
   """
   commit d80817f101d1b3f1a9b1c5ec268f28fffa2d75f9
   Author: Pierre Ossman 
   Date:   Wed Jul 11 15:49:46 2018 +0200

   Make PAM mandatory

   It is present on all UNIX systems anyway, so let's simplify things.
   We will need it for more proper session startup anyway.
   """

Signed-off-by: Chen Qi 
Signed-off-by: Khem Raj 
---
 ...002-do-not-build-tests-sub-directory.patch | 21 +--
 ...vnc-add-fPIC-option-to-COMPILE_FLAGS.patch | 36 +++
 ...{tigervnc_1.10.1.bb => tigervnc_1.11.0.bb} | 13 ---
 3 files changed, 32 insertions(+), 38 deletions(-)
 rename meta-oe/recipes-graphics/tigervnc/{tigervnc_1.10.1.bb => 
tigervnc_1.11.0.bb} (89%)

diff --git 
a/meta-oe/recipes-graphics/tigervnc/files/0002-do-not-build-tests-sub-directory.patch
 
b/meta-oe/recipes-graphics/tigervnc/files/0002-do-not-build-tests-sub-directory.patch
index 4e875ba82..5a42e67d0 100644
--- 
a/meta-oe/recipes-graphics/tigervnc/files/0002-do-not-build-tests-sub-directory.patch
+++ 
b/meta-oe/recipes-graphics/tigervnc/files/0002-do-not-build-tests-sub-directory.patch
@@ -1,29 +1,30 @@
-From c3460d63f0b6cd50b9a64265f420f0439e12a1d5 Mon Sep 17 00:00:00 2001
-From: Hongxu Jia 
-Date: Tue, 25 Apr 2017 01:36:44 -0400
-Subject: [PATCH 2/4] do not build tests sub directory
+From 076d0e12a7be6cd2108e4ca0dcde1cb658918fa5 Mon Sep 17 00:00:00 2001
+From: Chen Qi 
+Date: Mon, 19 Apr 2021 23:02:45 -0700
+Subject: [PATCH] do not build tests sub directory
 
-Upstream-Status: Inappropriate [oe specific]
+Upstream-Status: Inappropriate [OE Specific]
 
-Signed-off-by: Hongxu Jia 
+Signed-off-by: Hongxu Jia 
+Signed-off-by: Chen Qi 
 ---
  CMakeLists.txt | 3 ---
  1 file changed, 3 deletions(-)
 
 diff --git a/CMakeLists.txt b/CMakeLists.txt
-index 94ec2ef..fb72a00 100644
+index 7bf99441..bda80598 100644
 --- a/CMakeLists.txt
 +++ b/CMakeLists.txt
-@@ -300,9 +300,6 @@ if(BUILD_VIEWER)
+@@ -304,9 +304,6 @@ if(BUILD_VIEWER)
add_subdirectory(media)
  endif()
  
 -add_subdirectory(tests)
 -
 -
- include(cmake/BuildPackages.cmake)
+ add_subdirectory(release)
  
  # uninstall
 -- 
-2.7.4
+2.30.2
 
diff --git 
a/meta-oe/recipes-graphics/tigervnc/files/0004-tigervnc-add-fPIC-option-to-COMPILE_FLAGS.patch
 
b/meta-oe/recipes-graphics/tigervnc/files/0004-tigervnc-add-fPIC-option-to-COMPILE_FLAGS.patch
index 97b0a388a..5f14665b8 100644
--- 
a/meta-oe/recipes-graphics/tigervnc/files/0004-tigervnc-add-fPIC-option-to-COMPILE_FLAGS.patch
+++ 
b/meta-oe/recipes-graphics/tigervnc/files/0004-tigervnc-add-fPIC-option-to-COMPILE_FLAGS.patch
@@ -1,44 +1,34 @@
-From 9563b69640227da2220ee0c39077afb736cc96d1 Mon Sep 17 00:00:00 2001
-From: Hongxu Jia 
-Date: Thu, 20 Jul 2017 17:12:17 +0800
-Subject: [PATCH 4/4] tigervnc: add fPIC option to COMPILE_FLAGS
+From 7f8acd59bb2e54f9be25a98dd71534700a9e355a Mon Sep 17 00:00:00 2001
+From: Chen Qi 
+Date: Mon, 19 Apr 2021 23:14:28 -0700
+Subject: [PATCH] tigervnc: add fPIC option to COMPILE_FLAGS
 
-The static libraries in Xregion/network/rdr/rfb were linked by shared
+The static libraries in network/rdr/rfb were linked by shared
 library libvnc.so, so we should add fPIC option to COMPILE_FLAGS to fix
 relocation issue.
 
 Upstream-Status: Pending
 
 Signed-off-by: Hongxu Jia 
+Signed-off-by: Chen Qi 
 ---
- common/Xregion/CMakeLists.txt | 1 +
  common/network/CMakeLists.txt | 1 +
  common/rdr/CMakeLists.txt | 1 +
  common/rfb/CMakeLists.txt | 1 +
- 4 files changed, 4 insertions(+)
+ 3 files changed, 3 insertions(+)
 
-diff --git a/common/Xregion/CMakeLists.txt b/common/Xregion/CMakeLists.txt
-index 40ca97e..9411328 100644
 a/common/Xregion/CMakeLists.txt
-+++ b/common/Xregion/CMakeLists.txt
-@@ -3,4 +3,5 @@ add_library(Xregion STATIC
- 
- if(UNIX)
-   libtool_create_control_file(Xregion)
-+  set_target_properties(Xregion PROPERTIES COMPILE_FLAGS -fPIC)
- endif()
 diff --git a/common/network/CMakeLists.txt b/common/network/CMakeLists.txt
-index b624c8e..6c06ec9 100644
+index d00ca452..e84e0290 100644
 --- a/common/network/CMakeLists.txt
 +++ b/common/network/CMakeLists.txt
-@@ -9,4 +9,5 @@ endif()
+@@ -16,4 +16,5 @@ endif()
  
  if(UNIX)
libtool_create_control_file(network)
 +  set_target_properties(network PROPERTIES COMPILE_FLAGS -fPIC)
  endif()
 diff --git a/common/rdr/CMakeLists.txt b/common/rdr/CMakeLists.txt
-index 989ba2f..20f6489 100644
+index 989ba2f4..20f6489d 100644
 --- a/common/rdr/CMakeLists.txt
 +++ b/common/rdr/CMakeLists.txt
 @@ -27,4 +27,5 @@ targe

[oe][meta-python][hardknott][PATCH V2 3/3] python3-django: upgrade to 2.2.20

[Chen Qi]

2.2.x is LTS, so upgrade to latest release 2.2.20.
This upgrade fixes several CVEs such as CVE-2021-3281.

Also, CVE-2021-28658.patch is dropped as it's already in 2.2.20.

Signed-off-by: Chen Qi 
Signed-off-by: Khem Raj 
Signed-off-by: Trevor Gamblin 
---
 .../CVE-2021-28658.patch  | 289 --
 .../python/python3-django_2.2.16.bb   |  11 -
 .../python/python3-django_2.2.20.bb   |   9 +
 3 files changed, 9 insertions(+), 300 deletions(-)
 delete mode 100644 
meta-python/recipes-devtools/python/python3-django-2.2.16/CVE-2021-28658.patch
 delete mode 100644 meta-python/recipes-devtools/python/python3-django_2.2.16.bb
 create mode 100644 meta-python/recipes-devtools/python/python3-django_2.2.20.bb

diff --git 
a/meta-python/recipes-devtools/python/python3-django-2.2.16/CVE-2021-28658.patch
 
b/meta-python/recipes-devtools/python/python3-django-2.2.16/CVE-2021-28658.patch
deleted file mode 100644
index 325aa0042..0
--- 
a/meta-python/recipes-devtools/python/python3-django-2.2.16/CVE-2021-28658.patch
+++ /dev/null
@@ -1,289 +0,0 @@
-From 4036d62bda0e9e9f6172943794b744a454ca49c2 Mon Sep 17 00:00:00 2001
-From: Mariusz Felisiak 
-Date: Tue, 16 Mar 2021 10:19:00 +0100
-Subject: [PATCH] Fixed CVE-2021-28658 -- Fixed potential directory-traversal
- via uploaded files.
-
-Thanks Claude Paroz for the initial patch.
-Thanks Dennis Brinkrolf for the report.
-
-Backport of d4d800ca1addc4141e03c5440a849bb64d1582cd from main.
-
-Upstream-Status: Backport
-CVE: CVE-2021-28658
-
-Reference to upstream patch:
-[https://github.com/django/django/commit/4036d62bda0e9e9f6172943794b744a454ca49c2]
-
-[SG: Adapted stable/2.2.x patch for 2.2.16]
-Signed-off-by: Stefan Ghinea 

- django/http/multipartparser.py  | 13 --
- docs/releases/2.2.16.txt| 12 +
- tests/file_uploads/tests.py | 72 ++---
- tests/file_uploads/uploadhandler.py | 31 +
- tests/file_uploads/urls.py  |  1 +
- tests/file_uploads/views.py | 12 -
- 6 files changed, 120 insertions(+), 21 deletions(-)
-
-diff --git a/django/http/multipartparser.py b/django/http/multipartparser.py
-index f6f12ca..5a9cca8 100644
 a/django/http/multipartparser.py
-+++ b/django/http/multipartparser.py
-@@ -7,6 +7,7 @@ file upload handlers for processing.
- import base64
- import binascii
- import cgi
-+import os
- from urllib.parse import unquote
- 
- from django.conf import settings
-@@ -205,7 +206,7 @@ class MultiPartParser:
- file_name = disposition.get('filename')
- if file_name:
- file_name = force_text(file_name, encoding, 
errors='replace')
--file_name = 
self.IE_sanitize(unescape_entities(file_name))
-+file_name = self.sanitize_file_name(file_name)
- if not file_name:
- continue
- 
-@@ -293,9 +294,13 @@ class MultiPartParser:
- self._files.appendlist(force_text(old_field_name, 
self._encoding, errors='replace'), file_obj)
- break
- 
--def IE_sanitize(self, filename):
--"""Cleanup filename from Internet Explorer full paths."""
--return filename and filename[filename.rfind("\\") + 1:].strip()
-+def sanitize_file_name(self, file_name):
-+file_name = unescape_entities(file_name)
-+# Cleanup Windows-style path separators.
-+file_name = file_name[file_name.rfind('\\') + 1:].strip()
-+return os.path.basename(file_name)
-+
-+IE_sanitize = sanitize_file_name
- 
- def _close_files(self):
- # Free up all file handles.
-diff --git a/docs/releases/2.2.16.txt b/docs/releases/2.2.16.txt
-index 31231fb..4b7021b 100644
 a/docs/releases/2.2.16.txt
-+++ b/docs/releases/2.2.16.txt
-@@ -2,6 +2,18 @@
- Django 2.2.16 release notes
- ===
- 
-+*April 6, 2021*
-+
-+Backported from Django 2.2.20 a fix for a security issue.
-+
-+CVE-2021-28658: Potential directory-traversal via uploaded files
-+
-+
-+``MultiPartParser`` allowed directory-traversal via uploaded files with
-+suitably crafted file names.
-+
-+Built-in upload handlers were not affected by this vulnerability.
-+
- *September 1, 2020*
- 
- Django 2.2.16 fixes two security issues and two data loss bugs in 2.2.15.
-diff --git a/tests/file_uploads/tests.py b/tests/file_uploads/tests.py
-index ea4976d..2a08d1b 100644
 a/tests/file_uploads/tests.py
-+++ b/tests/file_uploads/tests.py
-@@ -22,6 +22,21 @@ UNICODE_FILENAME = 'test-0123456789_中文_Orléans.jpg'
- MEDIA_ROOT = sys_tempfile.mkdtemp()
- UPLOAD_TO = os.path.join(MEDIA_ROOT, 'test_upload')
- 
-+CANDIDATE_TRAVERSAL_FILE_NAMES = [
-+'/tmp/hax0rd.txt',  # Absolute path, *nix-style.
-+'C:\\Windows\\hax0rd.txt',  # Absolute path, win-style.
-+'C:

Re: [oe] [meta-python][hardknott][PATCH] python3-django: fix CVE-2021-28658

[Chen Qi]

Hi Armin,

This patch has been merged in master.
I've sent out a V2 of the upgrade patch for master branch, which solves 
conflict with this CVE patch.
Once the upgrade patch is merged into master, I'll send it out for the 
hardknott branch.


To put it short, I think hardknott branch should merge this CVE patch.

Best Regards,
Chen Qi


On 04/22/2021 10:11 AM, Chen Qi wrote:

Hi All,

I'll send out a patch to upgrade it to 2.2.20.

Best Regards,
Chen Qi

On 04/21/2021 10:18 PM, Trevor Gamblin wrote:

From: Stefan Ghinea

Backport the fix from meta-python master-next branch.

In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8,
MultiPartParser allowed directory traversal via uploaded files with
suitably crafted file names. Built-in upload handlers were not affected
by this vulnerability.

References:
https://nvd.nist.gov/vuln/detail/CVE-2021-28658

Upstream patches:
https://github.com/django/django/commit/4036d62bda0e9e9f6172943794b744a454ca49c2

Signed-off-by: Stefan Ghinea
Signed-off-by: Khem Raj
Signed-off-by: Trevor Gamblin
---
  .../CVE-2021-28658.patch  | 289 ++
  .../python/python3-django_2.2.16.bb   |   2 +
  2 files changed, 291 insertions(+)
  create mode 100644 
meta-python/recipes-devtools/python/python3-django-2.2.16/CVE-2021-28658.patch

diff --git 
a/meta-python/recipes-devtools/python/python3-django-2.2.16/CVE-2021-28658.patch
 
b/meta-python/recipes-devtools/python/python3-django-2.2.16/CVE-2021-28658.patch
new file mode 100644
index 0..325aa0042
--- /dev/null
+++ 
b/meta-python/recipes-devtools/python/python3-django-2.2.16/CVE-2021-28658.patch
@@ -0,0 +1,289 @@
+From 4036d62bda0e9e9f6172943794b744a454ca49c2 Mon Sep 17 00:00:00 2001
+From: Mariusz Felisiak
+Date: Tue, 16 Mar 2021 10:19:00 +0100
+Subject: [PATCH] Fixed CVE-2021-28658 -- Fixed potential directory-traversal
+ via uploaded files.
+
+Thanks Claude Paroz for the initial patch.
+Thanks Dennis Brinkrolf for the report.
+
+Backport of d4d800ca1addc4141e03c5440a849bb64d1582cd from main.
+
+Upstream-Status: Backport
+CVE: CVE-2021-28658
+
+Reference to upstream patch:
+[https://github.com/django/django/commit/4036d62bda0e9e9f6172943794b744a454ca49c2]
+
+[SG: Adapted stable/2.2.x patch for 2.2.16]
+Signed-off-by: Stefan Ghinea
+---
+ django/http/multipartparser.py  | 13 --
+ docs/releases/2.2.16.txt| 12 +
+ tests/file_uploads/tests.py | 72 ++---
+ tests/file_uploads/uploadhandler.py | 31 +
+ tests/file_uploads/urls.py  |  1 +
+ tests/file_uploads/views.py | 12 -
+ 6 files changed, 120 insertions(+), 21 deletions(-)
+
+diff --git a/django/http/multipartparser.py b/django/http/multipartparser.py
+index f6f12ca..5a9cca8 100644
+--- a/django/http/multipartparser.py
 b/django/http/multipartparser.py
+@@ -7,6 +7,7 @@ file upload handlers for processing.
+ import base64
+ import binascii
+ import cgi
++import os
+ from urllib.parse import unquote
+
+ from django.conf import settings
+@@ -205,7 +206,7 @@ class MultiPartParser:
+ file_name = disposition.get('filename')
+ if file_name:
+ file_name = force_text(file_name, encoding, 
errors='replace')
+-file_name = 
self.IE_sanitize(unescape_entities(file_name))
++file_name = self.sanitize_file_name(file_name)
+ if not file_name:
+ continue
+
+@@ -293,9 +294,13 @@ class MultiPartParser:
+ self._files.appendlist(force_text(old_field_name, 
self._encoding, errors='replace'), file_obj)
+ break
+
+-def IE_sanitize(self, filename):
+-"""Cleanup filename from Internet Explorer full paths."""
+-return filename and filename[filename.rfind("\\") + 1:].strip()
++def sanitize_file_name(self, file_name):
++file_name = unescape_entities(file_name)
++# Cleanup Windows-style path separators.
++file_name = file_name[file_name.rfind('\\') + 1:].strip()
++return os.path.basename(file_name)
++
++IE_sanitize = sanitize_file_name
+
+ def _close_files(self):
+ # Free up all file handles.
+diff --git a/docs/releases/2.2.16.txt b/docs/releases/2.2.16.txt
+index 31231fb..4b7021b 100644
+--- a/docs/releases/2.2.16.txt
 b/docs/releases/2.2.16.txt
+@@ -2,6 +2,18 @@
+ Django 2.2.16 release notes
+ ===
+
++*April 6, 2021*
++
++Backported from Django 2.2.20 a fix for a security issue.
++
++CVE-2021-28658: Potential directory-traversal via uploaded files
++
++
++``MultiPartParser`` allowed directory-traversal via uploaded files with
++suitably crafted file names.
++
++Built-in upload handlers were not affected by this vulnerability.
++
+ *September 1, 2020*
+
+ Django 2.2.16 fixes tw

[oe][meta-python][PATCH V2] python3-django: upgrade to 2.2.20

[Chen Qi]

2.2.x is LTS, so upgrade to latest release 2.2.20.
This upgrade fixes several CVEs such as CVE-2021-3281.

Also, CVE-2021-28658.patch is dropped as it's already in 2.2.20.

Signed-off-by: Chen Qi 
---
 .../CVE-2021-28658.patch  | 289 --
 .../python/python3-django_2.2.16.bb   |  11 -
 .../python/python3-django_2.2.20.bb   |   9 +
 3 files changed, 9 insertions(+), 300 deletions(-)
 delete mode 100644 
meta-python/recipes-devtools/python/python3-django-2.2.16/CVE-2021-28658.patch
 delete mode 100644 meta-python/recipes-devtools/python/python3-django_2.2.16.bb
 create mode 100644 meta-python/recipes-devtools/python/python3-django_2.2.20.bb

diff --git 
a/meta-python/recipes-devtools/python/python3-django-2.2.16/CVE-2021-28658.patch
 
b/meta-python/recipes-devtools/python/python3-django-2.2.16/CVE-2021-28658.patch
deleted file mode 100644
index 325aa0042..0
--- 
a/meta-python/recipes-devtools/python/python3-django-2.2.16/CVE-2021-28658.patch
+++ /dev/null
@@ -1,289 +0,0 @@
-From 4036d62bda0e9e9f6172943794b744a454ca49c2 Mon Sep 17 00:00:00 2001
-From: Mariusz Felisiak 
-Date: Tue, 16 Mar 2021 10:19:00 +0100
-Subject: [PATCH] Fixed CVE-2021-28658 -- Fixed potential directory-traversal
- via uploaded files.
-
-Thanks Claude Paroz for the initial patch.
-Thanks Dennis Brinkrolf for the report.
-
-Backport of d4d800ca1addc4141e03c5440a849bb64d1582cd from main.
-
-Upstream-Status: Backport
-CVE: CVE-2021-28658
-
-Reference to upstream patch:
-[https://github.com/django/django/commit/4036d62bda0e9e9f6172943794b744a454ca49c2]
-
-[SG: Adapted stable/2.2.x patch for 2.2.16]
-Signed-off-by: Stefan Ghinea 

- django/http/multipartparser.py  | 13 --
- docs/releases/2.2.16.txt| 12 +
- tests/file_uploads/tests.py | 72 ++---
- tests/file_uploads/uploadhandler.py | 31 +
- tests/file_uploads/urls.py  |  1 +
- tests/file_uploads/views.py | 12 -
- 6 files changed, 120 insertions(+), 21 deletions(-)
-
-diff --git a/django/http/multipartparser.py b/django/http/multipartparser.py
-index f6f12ca..5a9cca8 100644
 a/django/http/multipartparser.py
-+++ b/django/http/multipartparser.py
-@@ -7,6 +7,7 @@ file upload handlers for processing.
- import base64
- import binascii
- import cgi
-+import os
- from urllib.parse import unquote
- 
- from django.conf import settings
-@@ -205,7 +206,7 @@ class MultiPartParser:
- file_name = disposition.get('filename')
- if file_name:
- file_name = force_text(file_name, encoding, 
errors='replace')
--file_name = 
self.IE_sanitize(unescape_entities(file_name))
-+file_name = self.sanitize_file_name(file_name)
- if not file_name:
- continue
- 
-@@ -293,9 +294,13 @@ class MultiPartParser:
- self._files.appendlist(force_text(old_field_name, 
self._encoding, errors='replace'), file_obj)
- break
- 
--def IE_sanitize(self, filename):
--"""Cleanup filename from Internet Explorer full paths."""
--return filename and filename[filename.rfind("\\") + 1:].strip()
-+def sanitize_file_name(self, file_name):
-+file_name = unescape_entities(file_name)
-+# Cleanup Windows-style path separators.
-+file_name = file_name[file_name.rfind('\\') + 1:].strip()
-+return os.path.basename(file_name)
-+
-+IE_sanitize = sanitize_file_name
- 
- def _close_files(self):
- # Free up all file handles.
-diff --git a/docs/releases/2.2.16.txt b/docs/releases/2.2.16.txt
-index 31231fb..4b7021b 100644
 a/docs/releases/2.2.16.txt
-+++ b/docs/releases/2.2.16.txt
-@@ -2,6 +2,18 @@
- Django 2.2.16 release notes
- ===
- 
-+*April 6, 2021*
-+
-+Backported from Django 2.2.20 a fix for a security issue.
-+
-+CVE-2021-28658: Potential directory-traversal via uploaded files
-+
-+
-+``MultiPartParser`` allowed directory-traversal via uploaded files with
-+suitably crafted file names.
-+
-+Built-in upload handlers were not affected by this vulnerability.
-+
- *September 1, 2020*
- 
- Django 2.2.16 fixes two security issues and two data loss bugs in 2.2.15.
-diff --git a/tests/file_uploads/tests.py b/tests/file_uploads/tests.py
-index ea4976d..2a08d1b 100644
 a/tests/file_uploads/tests.py
-+++ b/tests/file_uploads/tests.py
-@@ -22,6 +22,21 @@ UNICODE_FILENAME = 'test-0123456789_中文_Orléans.jpg'
- MEDIA_ROOT = sys_tempfile.mkdtemp()
- UPLOAD_TO = os.path.join(MEDIA_ROOT, 'test_upload')
- 
-+CANDIDATE_TRAVERSAL_FILE_NAMES = [
-+'/tmp/hax0rd.txt',  # Absolute path, *nix-style.
-+'C:\\Windows\\hax0rd.txt',  # Absolute path, win-style.
-+'C:/Windows/hax0rd.txt',# Absolute path, broken-style.
-+  

[oe][meta-python][PATCH] python3-django: upgrade to 2.2.20

[Chen Qi]

2.2.x is LTS, so upgrade to latest release 2.2.20.
This upgrade fixes several CVEs such as CVE-2021-3281.

Signed-off-by: Chen Qi 
---
 .../recipes-devtools/python/python3-django_2.2.16.bb | 9 -
 .../recipes-devtools/python/python3-django_2.2.20.bb | 9 +
 2 files changed, 9 insertions(+), 9 deletions(-)
 delete mode 100644 meta-python/recipes-devtools/python/python3-django_2.2.16.bb
 create mode 100644 meta-python/recipes-devtools/python/python3-django_2.2.20.bb

diff --git a/meta-python/recipes-devtools/python/python3-django_2.2.16.bb 
b/meta-python/recipes-devtools/python/python3-django_2.2.16.bb
deleted file mode 100644
index 0715abbd4..0
--- a/meta-python/recipes-devtools/python/python3-django_2.2.16.bb
+++ /dev/null
@@ -1,9 +0,0 @@
-require python-django.inc
-inherit setuptools3
-
-SRC_URI[md5sum] = "93faf5bbd54a19ea49f4932a813b9758"
-SRC_URI[sha256sum] = 
"62cf45e5ee425c52e411c0742e641a6588b7e8af0d2c274a27940931b2786594"
-
-RDEPENDS_${PN} += "\
-${PYTHON_PN}-sqlparse \
-"
diff --git a/meta-python/recipes-devtools/python/python3-django_2.2.20.bb 
b/meta-python/recipes-devtools/python/python3-django_2.2.20.bb
new file mode 100644
index 0..905d022a4
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python3-django_2.2.20.bb
@@ -0,0 +1,9 @@
+require python-django.inc
+inherit setuptools3
+
+SRC_URI[md5sum] = "947060d96ccc0a05e8049d839e541b25"
+SRC_URI[sha256sum] = 
"2569f9dc5f8e458a5e988b03d6b7a02bda59b006d6782f4ea0fd590ed7336a64"
+
+RDEPENDS_${PN} += "\
+${PYTHON_PN}-sqlparse \
+"
-- 
2.17.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#90975): 
https://lists.openembedded.org/g/openembedded-devel/message/90975
Mute This Topic: https://lists.openembedded.org/mt/82279178/21656
Group Owner: openembedded-devel+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [oe] [meta-python][hardknott][PATCH] python3-django: fix CVE-2021-28658

[Chen Qi]

Hi All,

I'll send out a patch to upgrade it to 2.2.20.

Best Regards,
Chen Qi

On 04/21/2021 10:18 PM, Trevor Gamblin wrote:

From: Stefan Ghinea 

Backport the fix from meta-python master-next branch.

In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8,
MultiPartParser allowed directory traversal via uploaded files with
suitably crafted file names. Built-in upload handlers were not affected
by this vulnerability.

References:
https://nvd.nist.gov/vuln/detail/CVE-2021-28658

Upstream patches:
https://github.com/django/django/commit/4036d62bda0e9e9f6172943794b744a454ca49c2

Signed-off-by: Stefan Ghinea 
Signed-off-by: Khem Raj 
Signed-off-by: Trevor Gamblin 
---
  .../CVE-2021-28658.patch  | 289 ++
  .../python/python3-django_2.2.16.bb   |   2 +
  2 files changed, 291 insertions(+)
  create mode 100644 
meta-python/recipes-devtools/python/python3-django-2.2.16/CVE-2021-28658.patch

diff --git 
a/meta-python/recipes-devtools/python/python3-django-2.2.16/CVE-2021-28658.patch
 
b/meta-python/recipes-devtools/python/python3-django-2.2.16/CVE-2021-28658.patch
new file mode 100644
index 0..325aa0042
--- /dev/null
+++ 
b/meta-python/recipes-devtools/python/python3-django-2.2.16/CVE-2021-28658.patch
@@ -0,0 +1,289 @@
+From 4036d62bda0e9e9f6172943794b744a454ca49c2 Mon Sep 17 00:00:00 2001
+From: Mariusz Felisiak 
+Date: Tue, 16 Mar 2021 10:19:00 +0100
+Subject: [PATCH] Fixed CVE-2021-28658 -- Fixed potential directory-traversal
+ via uploaded files.
+
+Thanks Claude Paroz for the initial patch.
+Thanks Dennis Brinkrolf for the report.
+
+Backport of d4d800ca1addc4141e03c5440a849bb64d1582cd from main.
+
+Upstream-Status: Backport
+CVE: CVE-2021-28658
+
+Reference to upstream patch:
+[https://github.com/django/django/commit/4036d62bda0e9e9f6172943794b744a454ca49c2]
+
+[SG: Adapted stable/2.2.x patch for 2.2.16]
+Signed-off-by: Stefan Ghinea 
+---
+ django/http/multipartparser.py  | 13 --
+ docs/releases/2.2.16.txt| 12 +
+ tests/file_uploads/tests.py | 72 ++---
+ tests/file_uploads/uploadhandler.py | 31 +
+ tests/file_uploads/urls.py  |  1 +
+ tests/file_uploads/views.py | 12 -
+ 6 files changed, 120 insertions(+), 21 deletions(-)
+
+diff --git a/django/http/multipartparser.py b/django/http/multipartparser.py
+index f6f12ca..5a9cca8 100644
+--- a/django/http/multipartparser.py
 b/django/http/multipartparser.py
+@@ -7,6 +7,7 @@ file upload handlers for processing.
+ import base64
+ import binascii
+ import cgi
++import os
+ from urllib.parse import unquote
+
+ from django.conf import settings
+@@ -205,7 +206,7 @@ class MultiPartParser:
+ file_name = disposition.get('filename')
+ if file_name:
+ file_name = force_text(file_name, encoding, 
errors='replace')
+-file_name = 
self.IE_sanitize(unescape_entities(file_name))
++file_name = self.sanitize_file_name(file_name)
+ if not file_name:
+ continue
+
+@@ -293,9 +294,13 @@ class MultiPartParser:
+ self._files.appendlist(force_text(old_field_name, 
self._encoding, errors='replace'), file_obj)
+ break
+
+-def IE_sanitize(self, filename):
+-"""Cleanup filename from Internet Explorer full paths."""
+-return filename and filename[filename.rfind("\\") + 1:].strip()
++def sanitize_file_name(self, file_name):
++file_name = unescape_entities(file_name)
++# Cleanup Windows-style path separators.
++file_name = file_name[file_name.rfind('\\') + 1:].strip()
++return os.path.basename(file_name)
++
++IE_sanitize = sanitize_file_name
+
+ def _close_files(self):
+ # Free up all file handles.
+diff --git a/docs/releases/2.2.16.txt b/docs/releases/2.2.16.txt
+index 31231fb..4b7021b 100644
+--- a/docs/releases/2.2.16.txt
 b/docs/releases/2.2.16.txt
+@@ -2,6 +2,18 @@
+ Django 2.2.16 release notes
+ ===
+
++*April 6, 2021*
++
++Backported from Django 2.2.20 a fix for a security issue.
++
++CVE-2021-28658: Potential directory-traversal via uploaded files
++
++
++``MultiPartParser`` allowed directory-traversal via uploaded files with
++suitably crafted file names.
++
++Built-in upload handlers were not affected by this vulnerability.
++
+ *September 1, 2020*
+
+ Django 2.2.16 fixes two security issues and two data loss bugs in 2.2.15.
+diff --git a/tests/file_uploads/tests.py b/tests/file_uploads/tests.py
+index ea4976d..2a08d1b 100644
+--- a/tests/file_uploads/tests.py
 b/tests/file_uploads/tests.py
+@@ -22,6 +22,21 @@ UNICODE_FILENAME = 'test-0123456789_中文_Orléans.jpg'
+ MEDIA_ROOT = sys_tempfile.mkdtemp()
+ UPLOAD_TO

[oe][meta-oe][PATCH V2] tigervnc: upgrade to 1.11.0

[Chen Qi]

Upgrade to latest stable version.

The 1.10 branch is not maitained any more, it stops update in 2019.
The 1.11 branch has fix for CVE-2020-26117, which is a high risk CVE.
https://nvd.nist.gov/vuln/detail/CVE-2020-26117

Some changes in this new version are as below.
1) 'bash' is added to RDEPENDS as /usr/libexec/vncsession-start requires it.
2) DEPENDS on libpam and requires 'pam' distro feature.
   This is because upstream has made 'pam' mandatory in the following commit.
   """
   commit d80817f101d1b3f1a9b1c5ec268f28fffa2d75f9
   Author: Pierre Ossman 
   Date:   Wed Jul 11 15:49:46 2018 +0200

   Make PAM mandatory

   It is present on all UNIX systems anyway, so let's simplify things.
   We will need it for more proper session startup anyway.
   """

Signed-off-by: Chen Qi 
---
 ...002-do-not-build-tests-sub-directory.patch | 21 +--
 ...vnc-add-fPIC-option-to-COMPILE_FLAGS.patch | 36 +++
 ...{tigervnc_1.10.1.bb => tigervnc_1.11.0.bb} | 13 ---
 3 files changed, 32 insertions(+), 38 deletions(-)
 rename meta-oe/recipes-graphics/tigervnc/{tigervnc_1.10.1.bb => 
tigervnc_1.11.0.bb} (89%)

diff --git 
a/meta-oe/recipes-graphics/tigervnc/files/0002-do-not-build-tests-sub-directory.patch
 
b/meta-oe/recipes-graphics/tigervnc/files/0002-do-not-build-tests-sub-directory.patch
index 4e875ba82..5a42e67d0 100644
--- 
a/meta-oe/recipes-graphics/tigervnc/files/0002-do-not-build-tests-sub-directory.patch
+++ 
b/meta-oe/recipes-graphics/tigervnc/files/0002-do-not-build-tests-sub-directory.patch
@@ -1,29 +1,30 @@
-From c3460d63f0b6cd50b9a64265f420f0439e12a1d5 Mon Sep 17 00:00:00 2001
-From: Hongxu Jia 
-Date: Tue, 25 Apr 2017 01:36:44 -0400
-Subject: [PATCH 2/4] do not build tests sub directory
+From 076d0e12a7be6cd2108e4ca0dcde1cb658918fa5 Mon Sep 17 00:00:00 2001
+From: Chen Qi 
+Date: Mon, 19 Apr 2021 23:02:45 -0700
+Subject: [PATCH] do not build tests sub directory
 
-Upstream-Status: Inappropriate [oe specific]
+Upstream-Status: Inappropriate [OE Specific]
 
-Signed-off-by: Hongxu Jia 
+Signed-off-by: Hongxu Jia 
+Signed-off-by: Chen Qi 
 ---
  CMakeLists.txt | 3 ---
  1 file changed, 3 deletions(-)
 
 diff --git a/CMakeLists.txt b/CMakeLists.txt
-index 94ec2ef..fb72a00 100644
+index 7bf99441..bda80598 100644
 --- a/CMakeLists.txt
 +++ b/CMakeLists.txt
-@@ -300,9 +300,6 @@ if(BUILD_VIEWER)
+@@ -304,9 +304,6 @@ if(BUILD_VIEWER)
add_subdirectory(media)
  endif()
  
 -add_subdirectory(tests)
 -
 -
- include(cmake/BuildPackages.cmake)
+ add_subdirectory(release)
  
  # uninstall
 -- 
-2.7.4
+2.30.2
 
diff --git 
a/meta-oe/recipes-graphics/tigervnc/files/0004-tigervnc-add-fPIC-option-to-COMPILE_FLAGS.patch
 
b/meta-oe/recipes-graphics/tigervnc/files/0004-tigervnc-add-fPIC-option-to-COMPILE_FLAGS.patch
index 97b0a388a..5f14665b8 100644
--- 
a/meta-oe/recipes-graphics/tigervnc/files/0004-tigervnc-add-fPIC-option-to-COMPILE_FLAGS.patch
+++ 
b/meta-oe/recipes-graphics/tigervnc/files/0004-tigervnc-add-fPIC-option-to-COMPILE_FLAGS.patch
@@ -1,44 +1,34 @@
-From 9563b69640227da2220ee0c39077afb736cc96d1 Mon Sep 17 00:00:00 2001
-From: Hongxu Jia 
-Date: Thu, 20 Jul 2017 17:12:17 +0800
-Subject: [PATCH 4/4] tigervnc: add fPIC option to COMPILE_FLAGS
+From 7f8acd59bb2e54f9be25a98dd71534700a9e355a Mon Sep 17 00:00:00 2001
+From: Chen Qi 
+Date: Mon, 19 Apr 2021 23:14:28 -0700
+Subject: [PATCH] tigervnc: add fPIC option to COMPILE_FLAGS
 
-The static libraries in Xregion/network/rdr/rfb were linked by shared
+The static libraries in network/rdr/rfb were linked by shared
 library libvnc.so, so we should add fPIC option to COMPILE_FLAGS to fix
 relocation issue.
 
 Upstream-Status: Pending
 
 Signed-off-by: Hongxu Jia 
+Signed-off-by: Chen Qi 
 ---
- common/Xregion/CMakeLists.txt | 1 +
  common/network/CMakeLists.txt | 1 +
  common/rdr/CMakeLists.txt | 1 +
  common/rfb/CMakeLists.txt | 1 +
- 4 files changed, 4 insertions(+)
+ 3 files changed, 3 insertions(+)
 
-diff --git a/common/Xregion/CMakeLists.txt b/common/Xregion/CMakeLists.txt
-index 40ca97e..9411328 100644
 a/common/Xregion/CMakeLists.txt
-+++ b/common/Xregion/CMakeLists.txt
-@@ -3,4 +3,5 @@ add_library(Xregion STATIC
- 
- if(UNIX)
-   libtool_create_control_file(Xregion)
-+  set_target_properties(Xregion PROPERTIES COMPILE_FLAGS -fPIC)
- endif()
 diff --git a/common/network/CMakeLists.txt b/common/network/CMakeLists.txt
-index b624c8e..6c06ec9 100644
+index d00ca452..e84e0290 100644
 --- a/common/network/CMakeLists.txt
 +++ b/common/network/CMakeLists.txt
-@@ -9,4 +9,5 @@ endif()
+@@ -16,4 +16,5 @@ endif()
  
  if(UNIX)
libtool_create_control_file(network)
 +  set_target_properties(network PROPERTIES COMPILE_FLAGS -fPIC)
  endif()
 diff --git a/common/rdr/CMakeLists.txt b/common/rdr/CMakeLists.txt
-index 989ba2f..20f6489 100644
+index 989ba2f4..20f6489d 100644
 --- a/common/rdr/CMakeLists.txt
 +++ b/common/rdr/CMakeLists.txt
 @@ -27,4 +27,5 @@ target_link_libraries(rd

Re: [oe][meta-oe][PATCH] tigervnc: upgrade to 1.11.0

[Chen Qi]

On 04/21/2021 01:36 PM, Khem Raj wrote:

also check this

https://autobuilder.yoctoproject.org/typhoon/#/builders/88/builds/1159


Thanks for discovering this.
The new version of tigervnc has made 'pam' a mandatory requirement. My 
builds enable pam by default, thus not revealing this problem.

I'll fix this problem in V2.

Best Regards,
Chen Qi



On Tue, Apr 20, 2021 at 8:26 PM ChenQi  wrote:

On 04/20/2021 10:43 PM, Khem Raj wrote:


On 4/19/21 11:55 PM, Chen Qi wrote:

Upgrade to latest stable version.

The 1.10 branch is not maitained any more, it stops update in 2019.
The 1.11 branch has fix for CVE-2020-26117, which is a high risk CVE.
https://nvd.nist.gov/vuln/detail/CVE-2020-26117

Signed-off-by: Chen Qi 
---
   ...002-do-not-build-tests-sub-directory.patch | 21 +--
   ...vnc-add-fPIC-option-to-COMPILE_FLAGS.patch | 36 +++
   ...{tigervnc_1.10.1.bb => tigervnc_1.11.0.bb} |  6 ++--
   3 files changed, 28 insertions(+), 35 deletions(-)
   rename meta-oe/recipes-graphics/tigervnc/{tigervnc_1.10.1.bb =>
tigervnc_1.11.0.bb} (96%)

diff --git
a/meta-oe/recipes-graphics/tigervnc/files/0002-do-not-build-tests-sub-directory.patch
b/meta-oe/recipes-graphics/tigervnc/files/0002-do-not-build-tests-sub-directory.patch

index 4e875ba82..5a42e67d0 100644
---
a/meta-oe/recipes-graphics/tigervnc/files/0002-do-not-build-tests-sub-directory.patch
+++
b/meta-oe/recipes-graphics/tigervnc/files/0002-do-not-build-tests-sub-directory.patch
@@ -1,29 +1,30 @@
-From c3460d63f0b6cd50b9a64265f420f0439e12a1d5 Mon Sep 17 00:00:00 2001
-From: Hongxu Jia 
-Date: Tue, 25 Apr 2017 01:36:44 -0400
-Subject: [PATCH 2/4] do not build tests sub directory
+From 076d0e12a7be6cd2108e4ca0dcde1cb658918fa5 Mon Sep 17 00:00:00 2001
+From: Chen Qi 
+Date: Mon, 19 Apr 2021 23:02:45 -0700
+Subject: [PATCH] do not build tests sub directory
   -Upstream-Status: Inappropriate [oe specific]
+Upstream-Status: Inappropriate [OE Specific]
   -Signed-off-by: Hongxu Jia 
+Signed-off-by: Hongxu Jia 
+Signed-off-by: Chen Qi 
   ---
CMakeLists.txt | 3 ---
1 file changed, 3 deletions(-)
 diff --git a/CMakeLists.txt b/CMakeLists.txt
-index 94ec2ef..fb72a00 100644
+index 7bf99441..bda80598 100644
   --- a/CMakeLists.txt
   +++ b/CMakeLists.txt
-@@ -300,9 +300,6 @@ if(BUILD_VIEWER)
+@@ -304,9 +304,6 @@ if(BUILD_VIEWER)
  add_subdirectory(media)
endif()
  -add_subdirectory(tests)
   -
   -
- include(cmake/BuildPackages.cmake)
+ add_subdirectory(release)
   # uninstall
   --
-2.7.4
+2.30.2
   diff --git
a/meta-oe/recipes-graphics/tigervnc/files/0004-tigervnc-add-fPIC-option-to-COMPILE_FLAGS.patch
b/meta-oe/recipes-graphics/tigervnc/files/0004-tigervnc-add-fPIC-option-to-COMPILE_FLAGS.patch

index 97b0a388a..5f14665b8 100644
---
a/meta-oe/recipes-graphics/tigervnc/files/0004-tigervnc-add-fPIC-option-to-COMPILE_FLAGS.patch
+++
b/meta-oe/recipes-graphics/tigervnc/files/0004-tigervnc-add-fPIC-option-to-COMPILE_FLAGS.patch
@@ -1,44 +1,34 @@
-From 9563b69640227da2220ee0c39077afb736cc96d1 Mon Sep 17 00:00:00 2001
-From: Hongxu Jia 
-Date: Thu, 20 Jul 2017 17:12:17 +0800
-Subject: [PATCH 4/4] tigervnc: add fPIC option to COMPILE_FLAGS
+From 7f8acd59bb2e54f9be25a98dd71534700a9e355a Mon Sep 17 00:00:00 2001
+From: Chen Qi 
+Date: Mon, 19 Apr 2021 23:14:28 -0700
+Subject: [PATCH] tigervnc: add fPIC option to COMPILE_FLAGS
   -The static libraries in Xregion/network/rdr/rfb were linked by shared
+The static libraries in network/rdr/rfb were linked by shared
   library libvnc.so, so we should add fPIC option to COMPILE_FLAGS to
fix
   relocation issue.
 Upstream-Status: Pending
 Signed-off-by: Hongxu Jia 
+Signed-off-by: Chen Qi 
   ---
- common/Xregion/CMakeLists.txt | 1 +
common/network/CMakeLists.txt | 1 +
common/rdr/CMakeLists.txt | 1 +
common/rfb/CMakeLists.txt | 1 +
- 4 files changed, 4 insertions(+)
+ 3 files changed, 3 insertions(+)
   -diff --git a/common/Xregion/CMakeLists.txt
b/common/Xregion/CMakeLists.txt
-index 40ca97e..9411328 100644
 a/common/Xregion/CMakeLists.txt
-+++ b/common/Xregion/CMakeLists.txt
-@@ -3,4 +3,5 @@ add_library(Xregion STATIC
-
- if(UNIX)
-   libtool_create_control_file(Xregion)
-+  set_target_properties(Xregion PROPERTIES COMPILE_FLAGS -fPIC)
- endif()
   diff --git a/common/network/CMakeLists.txt
b/common/network/CMakeLists.txt
-index b624c8e..6c06ec9 100644
+index d00ca452..e84e0290 100644
   --- a/common/network/CMakeLists.txt
   +++ b/common/network/CMakeLists.txt
-@@ -9,4 +9,5 @@ endif()
+@@ -16,4 +16,5 @@ endif()
   if(UNIX)
  libtool_create_control_file(network)
   +  set_target_properties(network PROPERTIES COMPILE_FLAGS -fPIC)
endif()
   diff --git a/common/rdr/CMakeLists.txt b/common/rdr/CMakeLists.txt
-index 989ba2f..20f6489 100644
+index 989ba2f4..20f6489d 100644
   --- a/common/rdr/CMakeLists.txt
   +++ b/common/rdr/CMakeLists.txt
   @@ -27,4 +27,5 @@ target_link_libraries(rdr ${RDR_LIBRARIES})
@@ -48,15 +38,15 @@ index 9

Re: [oe][meta-oe][PATCH] tigervnc: upgrade to 1.11.0

[Chen Qi]

On 04/20/2021 10:43 PM, Khem Raj wrote:



On 4/19/21 11:55 PM, Chen Qi wrote:

Upgrade to latest stable version.

The 1.10 branch is not maitained any more, it stops update in 2019.
The 1.11 branch has fix for CVE-2020-26117, which is a high risk CVE.
https://nvd.nist.gov/vuln/detail/CVE-2020-26117

Signed-off-by: Chen Qi 
---
  ...002-do-not-build-tests-sub-directory.patch | 21 +--
  ...vnc-add-fPIC-option-to-COMPILE_FLAGS.patch | 36 +++
  ...{tigervnc_1.10.1.bb => tigervnc_1.11.0.bb} |  6 ++--
  3 files changed, 28 insertions(+), 35 deletions(-)
  rename meta-oe/recipes-graphics/tigervnc/{tigervnc_1.10.1.bb => 
tigervnc_1.11.0.bb} (96%)


diff --git 
a/meta-oe/recipes-graphics/tigervnc/files/0002-do-not-build-tests-sub-directory.patch 
b/meta-oe/recipes-graphics/tigervnc/files/0002-do-not-build-tests-sub-directory.patch 


index 4e875ba82..5a42e67d0 100644
--- 
a/meta-oe/recipes-graphics/tigervnc/files/0002-do-not-build-tests-sub-directory.patch
+++ 
b/meta-oe/recipes-graphics/tigervnc/files/0002-do-not-build-tests-sub-directory.patch

@@ -1,29 +1,30 @@
-From c3460d63f0b6cd50b9a64265f420f0439e12a1d5 Mon Sep 17 00:00:00 2001
-From: Hongxu Jia 
-Date: Tue, 25 Apr 2017 01:36:44 -0400
-Subject: [PATCH 2/4] do not build tests sub directory
+From 076d0e12a7be6cd2108e4ca0dcde1cb658918fa5 Mon Sep 17 00:00:00 2001
+From: Chen Qi 
+Date: Mon, 19 Apr 2021 23:02:45 -0700
+Subject: [PATCH] do not build tests sub directory
  -Upstream-Status: Inappropriate [oe specific]
+Upstream-Status: Inappropriate [OE Specific]
  -Signed-off-by: Hongxu Jia 
+Signed-off-by: Hongxu Jia 
+Signed-off-by: Chen Qi 
  ---
   CMakeLists.txt | 3 ---
   1 file changed, 3 deletions(-)
diff --git a/CMakeLists.txt b/CMakeLists.txt
-index 94ec2ef..fb72a00 100644
+index 7bf99441..bda80598 100644
  --- a/CMakeLists.txt
  +++ b/CMakeLists.txt
-@@ -300,9 +300,6 @@ if(BUILD_VIEWER)
+@@ -304,9 +304,6 @@ if(BUILD_VIEWER)
 add_subdirectory(media)
   endif()
 -add_subdirectory(tests)
  -
  -
- include(cmake/BuildPackages.cmake)
+ add_subdirectory(release)
  # uninstall
  --
-2.7.4
+2.30.2
  diff --git 
a/meta-oe/recipes-graphics/tigervnc/files/0004-tigervnc-add-fPIC-option-to-COMPILE_FLAGS.patch 
b/meta-oe/recipes-graphics/tigervnc/files/0004-tigervnc-add-fPIC-option-to-COMPILE_FLAGS.patch 


index 97b0a388a..5f14665b8 100644
--- 
a/meta-oe/recipes-graphics/tigervnc/files/0004-tigervnc-add-fPIC-option-to-COMPILE_FLAGS.patch
+++ 
b/meta-oe/recipes-graphics/tigervnc/files/0004-tigervnc-add-fPIC-option-to-COMPILE_FLAGS.patch

@@ -1,44 +1,34 @@
-From 9563b69640227da2220ee0c39077afb736cc96d1 Mon Sep 17 00:00:00 2001
-From: Hongxu Jia 
-Date: Thu, 20 Jul 2017 17:12:17 +0800
-Subject: [PATCH 4/4] tigervnc: add fPIC option to COMPILE_FLAGS
+From 7f8acd59bb2e54f9be25a98dd71534700a9e355a Mon Sep 17 00:00:00 2001
+From: Chen Qi 
+Date: Mon, 19 Apr 2021 23:14:28 -0700
+Subject: [PATCH] tigervnc: add fPIC option to COMPILE_FLAGS
  -The static libraries in Xregion/network/rdr/rfb were linked by shared
+The static libraries in network/rdr/rfb were linked by shared
  library libvnc.so, so we should add fPIC option to COMPILE_FLAGS to 
fix

  relocation issue.
Upstream-Status: Pending
Signed-off-by: Hongxu Jia 
+Signed-off-by: Chen Qi 
  ---
- common/Xregion/CMakeLists.txt | 1 +
   common/network/CMakeLists.txt | 1 +
   common/rdr/CMakeLists.txt | 1 +
   common/rfb/CMakeLists.txt | 1 +
- 4 files changed, 4 insertions(+)
+ 3 files changed, 3 insertions(+)
  -diff --git a/common/Xregion/CMakeLists.txt 
b/common/Xregion/CMakeLists.txt

-index 40ca97e..9411328 100644
 a/common/Xregion/CMakeLists.txt
-+++ b/common/Xregion/CMakeLists.txt
-@@ -3,4 +3,5 @@ add_library(Xregion STATIC
-
- if(UNIX)
-   libtool_create_control_file(Xregion)
-+  set_target_properties(Xregion PROPERTIES COMPILE_FLAGS -fPIC)
- endif()
  diff --git a/common/network/CMakeLists.txt 
b/common/network/CMakeLists.txt

-index b624c8e..6c06ec9 100644
+index d00ca452..e84e0290 100644
  --- a/common/network/CMakeLists.txt
  +++ b/common/network/CMakeLists.txt
-@@ -9,4 +9,5 @@ endif()
+@@ -16,4 +16,5 @@ endif()
  if(UNIX)
 libtool_create_control_file(network)
  +  set_target_properties(network PROPERTIES COMPILE_FLAGS -fPIC)
   endif()
  diff --git a/common/rdr/CMakeLists.txt b/common/rdr/CMakeLists.txt
-index 989ba2f..20f6489 100644
+index 989ba2f4..20f6489d 100644
  --- a/common/rdr/CMakeLists.txt
  +++ b/common/rdr/CMakeLists.txt
  @@ -27,4 +27,5 @@ target_link_libraries(rdr ${RDR_LIBRARIES})
@@ -48,15 +38,15 @@ index 989ba2f..20f6489 100644
  +  set_target_properties(rdr PROPERTIES COMPILE_FLAGS -fPIC)
   endif()
  diff --git a/common/rfb/CMakeLists.txt b/common/rfb/CMakeLists.txt
-index 5047e5e..88838ab 100644
+index fc5a37bf..7f5ce131 100644
  --- a/common/rfb/CMakeLists.txt
  +++ b/common/rfb/CMakeLists.txt
-@@ -98,4 +98,5 @@ target_link_libraries(rfb ${RFB_LIBRARIES})
+@@ -99,4 +99,5 @@ target_link_libraries(rfb ${RFB_LIB

[oe][meta-oe][PATCH] tigervnc: upgrade to 1.11.0

[Chen Qi]

Upgrade to latest stable version.

The 1.10 branch is not maitained any more, it stops update in 2019.
The 1.11 branch has fix for CVE-2020-26117, which is a high risk CVE.
https://nvd.nist.gov/vuln/detail/CVE-2020-26117

Signed-off-by: Chen Qi 
---
 ...002-do-not-build-tests-sub-directory.patch | 21 +--
 ...vnc-add-fPIC-option-to-COMPILE_FLAGS.patch | 36 +++
 ...{tigervnc_1.10.1.bb => tigervnc_1.11.0.bb} |  6 ++--
 3 files changed, 28 insertions(+), 35 deletions(-)
 rename meta-oe/recipes-graphics/tigervnc/{tigervnc_1.10.1.bb => 
tigervnc_1.11.0.bb} (96%)

diff --git 
a/meta-oe/recipes-graphics/tigervnc/files/0002-do-not-build-tests-sub-directory.patch
 
b/meta-oe/recipes-graphics/tigervnc/files/0002-do-not-build-tests-sub-directory.patch
index 4e875ba82..5a42e67d0 100644
--- 
a/meta-oe/recipes-graphics/tigervnc/files/0002-do-not-build-tests-sub-directory.patch
+++ 
b/meta-oe/recipes-graphics/tigervnc/files/0002-do-not-build-tests-sub-directory.patch
@@ -1,29 +1,30 @@
-From c3460d63f0b6cd50b9a64265f420f0439e12a1d5 Mon Sep 17 00:00:00 2001
-From: Hongxu Jia 
-Date: Tue, 25 Apr 2017 01:36:44 -0400
-Subject: [PATCH 2/4] do not build tests sub directory
+From 076d0e12a7be6cd2108e4ca0dcde1cb658918fa5 Mon Sep 17 00:00:00 2001
+From: Chen Qi 
+Date: Mon, 19 Apr 2021 23:02:45 -0700
+Subject: [PATCH] do not build tests sub directory
 
-Upstream-Status: Inappropriate [oe specific]
+Upstream-Status: Inappropriate [OE Specific]
 
-Signed-off-by: Hongxu Jia 
+Signed-off-by: Hongxu Jia 
+Signed-off-by: Chen Qi 
 ---
  CMakeLists.txt | 3 ---
  1 file changed, 3 deletions(-)
 
 diff --git a/CMakeLists.txt b/CMakeLists.txt
-index 94ec2ef..fb72a00 100644
+index 7bf99441..bda80598 100644
 --- a/CMakeLists.txt
 +++ b/CMakeLists.txt
-@@ -300,9 +300,6 @@ if(BUILD_VIEWER)
+@@ -304,9 +304,6 @@ if(BUILD_VIEWER)
add_subdirectory(media)
  endif()
  
 -add_subdirectory(tests)
 -
 -
- include(cmake/BuildPackages.cmake)
+ add_subdirectory(release)
  
  # uninstall
 -- 
-2.7.4
+2.30.2
 
diff --git 
a/meta-oe/recipes-graphics/tigervnc/files/0004-tigervnc-add-fPIC-option-to-COMPILE_FLAGS.patch
 
b/meta-oe/recipes-graphics/tigervnc/files/0004-tigervnc-add-fPIC-option-to-COMPILE_FLAGS.patch
index 97b0a388a..5f14665b8 100644
--- 
a/meta-oe/recipes-graphics/tigervnc/files/0004-tigervnc-add-fPIC-option-to-COMPILE_FLAGS.patch
+++ 
b/meta-oe/recipes-graphics/tigervnc/files/0004-tigervnc-add-fPIC-option-to-COMPILE_FLAGS.patch
@@ -1,44 +1,34 @@
-From 9563b69640227da2220ee0c39077afb736cc96d1 Mon Sep 17 00:00:00 2001
-From: Hongxu Jia 
-Date: Thu, 20 Jul 2017 17:12:17 +0800
-Subject: [PATCH 4/4] tigervnc: add fPIC option to COMPILE_FLAGS
+From 7f8acd59bb2e54f9be25a98dd71534700a9e355a Mon Sep 17 00:00:00 2001
+From: Chen Qi 
+Date: Mon, 19 Apr 2021 23:14:28 -0700
+Subject: [PATCH] tigervnc: add fPIC option to COMPILE_FLAGS
 
-The static libraries in Xregion/network/rdr/rfb were linked by shared
+The static libraries in network/rdr/rfb were linked by shared
 library libvnc.so, so we should add fPIC option to COMPILE_FLAGS to fix
 relocation issue.
 
 Upstream-Status: Pending
 
 Signed-off-by: Hongxu Jia 
+Signed-off-by: Chen Qi 
 ---
- common/Xregion/CMakeLists.txt | 1 +
  common/network/CMakeLists.txt | 1 +
  common/rdr/CMakeLists.txt | 1 +
  common/rfb/CMakeLists.txt | 1 +
- 4 files changed, 4 insertions(+)
+ 3 files changed, 3 insertions(+)
 
-diff --git a/common/Xregion/CMakeLists.txt b/common/Xregion/CMakeLists.txt
-index 40ca97e..9411328 100644
 a/common/Xregion/CMakeLists.txt
-+++ b/common/Xregion/CMakeLists.txt
-@@ -3,4 +3,5 @@ add_library(Xregion STATIC
- 
- if(UNIX)
-   libtool_create_control_file(Xregion)
-+  set_target_properties(Xregion PROPERTIES COMPILE_FLAGS -fPIC)
- endif()
 diff --git a/common/network/CMakeLists.txt b/common/network/CMakeLists.txt
-index b624c8e..6c06ec9 100644
+index d00ca452..e84e0290 100644
 --- a/common/network/CMakeLists.txt
 +++ b/common/network/CMakeLists.txt
-@@ -9,4 +9,5 @@ endif()
+@@ -16,4 +16,5 @@ endif()
  
  if(UNIX)
libtool_create_control_file(network)
 +  set_target_properties(network PROPERTIES COMPILE_FLAGS -fPIC)
  endif()
 diff --git a/common/rdr/CMakeLists.txt b/common/rdr/CMakeLists.txt
-index 989ba2f..20f6489 100644
+index 989ba2f4..20f6489d 100644
 --- a/common/rdr/CMakeLists.txt
 +++ b/common/rdr/CMakeLists.txt
 @@ -27,4 +27,5 @@ target_link_libraries(rdr ${RDR_LIBRARIES})
@@ -48,15 +38,15 @@ index 989ba2f..20f6489 100644
 +  set_target_properties(rdr PROPERTIES COMPILE_FLAGS -fPIC)
  endif()
 diff --git a/common/rfb/CMakeLists.txt b/common/rfb/CMakeLists.txt
-index 5047e5e..88838ab 100644
+index fc5a37bf..7f5ce131 100644
 --- a/common/rfb/CMakeLists.txt
 +++ b/common/rfb/CMakeLists.txt
-@@ -98,4 +98,5 @@ target_link_libraries(rfb ${RFB_LIBRARIES})
+@@ -99,4 +99,5 @@ target_link_libraries(rfb ${RFB_LIBRARIES})
  
  if(UNIX)
libtool_create_control_file(rfb)
 +  set_target_properties(rfb PROPERTIES COMPILE_FLAGS -fPIC)
  endif()
 -- 

[oe][meta-oe][PATCH] minifi-cpp: set PSEUDO_CONSIDER_PATHS

[Chen Qi]

Signed-off-by: Chen Qi 
---
 meta-oe/recipes-extended/minifi-cpp/minifi-cpp_0.7.0.bb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta-oe/recipes-extended/minifi-cpp/minifi-cpp_0.7.0.bb 
b/meta-oe/recipes-extended/minifi-cpp/minifi-cpp_0.7.0.bb
index b3ea44c3c..34090cf28 100644
--- a/meta-oe/recipes-extended/minifi-cpp/minifi-cpp_0.7.0.bb
+++ b/meta-oe/recipes-extended/minifi-cpp/minifi-cpp_0.7.0.bb
@@ -75,6 +75,7 @@ TARGET_CFLAGS_append_riscv64 = " -fpic"
 TARGET_CXXFLAGS_append_riscv64 = " -fpic"
 
 do_install[cleandirs] += "${WORKDIR}/minifi-install"
+PSEUDO_CONSIDER_PATHS .= ",${WORKDIR}/minifi-install"
 
 do_install() {
 DESTDIR='${WORKDIR}/minifi-install' cmake_runcmake_build --target 
${OECMAKE_TARGET_INSTALL}
-- 
2.17.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#89162): 
https://lists.openembedded.org/g/openembedded-devel/message/89162
Mute This Topic: https://lists.openembedded.org/mt/80205591/21656
Group Owner: openembedded-devel+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[oe][meta-oe][PATCH] tclap: fix branch

[Chen Qi]

Upstream has deleted the 'master' branch, so use the 1.2 branch.

Signed-off-by: Chen Qi 
---
 meta-oe/recipes-devtools/tclap/tclap_1.2.2.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta-oe/recipes-devtools/tclap/tclap_1.2.2.bb 
b/meta-oe/recipes-devtools/tclap/tclap_1.2.2.bb
index 47ab2fd7b..bba8d5c21 100644
--- a/meta-oe/recipes-devtools/tclap/tclap_1.2.2.bb
+++ b/meta-oe/recipes-devtools/tclap/tclap_1.2.2.bb
@@ -4,7 +4,7 @@ LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://COPYING;md5=0ca8b9c5c5445cfa7af7e78fd27e60ed"
 
 SRCREV = "ec3ddcfe41b0544a4551a57439b6b3682fe31479"
-SRC_URI = "git://git.code.sf.net/p/tclap/code \
+SRC_URI = "git://git.code.sf.net/p/tclap/code;branch=1.2 \
 file://Makefile.am-disable-docs.patch \
 "
 
-- 
2.17.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#88546): 
https://lists.openembedded.org/g/openembedded-devel/message/88546
Mute This Topic: https://lists.openembedded.org/mt/79467943/21656
Group Owner: openembedded-devel+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[oe][meta-python][PATCH] python3-requests: upgrade to 2.25.0

[Chen Qi]

The License checksum changes but the license remains the same, as
the change is only about copying apache2 license contents there.

This upgrade also solves the following issue on target.

root@qemux86-64:~# python3 -c 'import requests'
/usr/lib64/python3.9/site-packages/requests/_init_.py:89: 
RequestsDependencyWarning: urllib3 (1.26.2) or chardet (3.0.4) doesn't match a 
supported version!
warnings.warn("urllib3 ({}) or chardet ({}) doesn't match a supported "

Signed-off-by: Chen Qi 
---
 ...thon3-requests_2.24.0.bb => python3-requests_2.25.0.bb} | 7 ++-
 1 file changed, 2 insertions(+), 5 deletions(-)
 rename meta-python/recipes-devtools/python/{python3-requests_2.24.0.bb => 
python3-requests_2.25.0.bb} (64%)

diff --git a/meta-python/recipes-devtools/python/python3-requests_2.24.0.bb 
b/meta-python/recipes-devtools/python/python3-requests_2.25.0.bb
similarity index 64%
rename from meta-python/recipes-devtools/python/python3-requests_2.24.0.bb
rename to meta-python/recipes-devtools/python/python3-requests_2.25.0.bb
index de9a53584..5284f9598 100644
--- a/meta-python/recipes-devtools/python/python3-requests_2.24.0.bb
+++ b/meta-python/recipes-devtools/python/python3-requests_2.25.0.bb
@@ -1,12 +1,9 @@
 DESCRIPTION = "Python HTTP for Humans."
 HOMEPAGE = "http://python-requests.org;
 LICENSE = "Apache-2.0"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=19b6be66ed463d93fa88c29f7860bcd7"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=34400b68072d710fecd0a2940a0d1658"
 
-FILESEXTRAPATHS_prepend := "${THISDIR}/python-requests:"
-
-SRC_URI[md5sum] = "b54bff26a389e5932e8b1c4983a99ce7"
-SRC_URI[sha256sum] = 
"b3559a131db72c33ee969480840fff4bb6dd111de7dd27c8ee1f820f4f00231b"
+SRC_URI[sha256sum] = 
"7f1a0b932f4a60a1a65caa4263921bb7d9ee911957e0ae4a23a6dd08185ad5f8"
 
 inherit pypi setuptools3
 
-- 
2.17.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#88282): 
https://lists.openembedded.org/g/openembedded-devel/message/88282
Mute This Topic: https://lists.openembedded.org/mt/78941857/21656
Group Owner: openembedded-devel+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[oe][meta-oe][PATCH] multipath-tools: disable parallel build as a workaround

[Chen Qi]

With parallel build enabled, we got the following error:

  ld: error in libsg.o(.eh_frame); no .eh_frame_hdr table will be created
  
  ld: BFD (GNU Binutils) 2.34.0.20200220 internal error, aborting at 
../../bfd/merge.c:933 in _bfd_merged_section_offset
  
  | make[1]: *** [Makefile:24: libcheckcciss_tur.so] Error 1
  | make[1]: *** Waiting for unfinished jobs

However, looking at the Makefile, it does not seem to have problem.

So disable the parallel build as a workaround.

Signed-off-by: Chen Qi 
---
 meta-oe/recipes-support/multipath-tools/multipath-tools_0.8.4.bb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta-oe/recipes-support/multipath-tools/multipath-tools_0.8.4.bb 
b/meta-oe/recipes-support/multipath-tools/multipath-tools_0.8.4.bb
index 0d0319137..48a348d80 100644
--- a/meta-oe/recipes-support/multipath-tools/multipath-tools_0.8.4.bb
+++ b/meta-oe/recipes-support/multipath-tools/multipath-tools_0.8.4.bb
@@ -117,3 +117,4 @@ FILES_kpartx = "${base_sbindir}/kpartx \
"
 
 RDEPENDS_${PN} += "kpartx"
+PARALLEL_MAKE = ""
-- 
2.21.0

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#85653): 
https://lists.openembedded.org/g/openembedded-devel/message/85653
Mute This Topic: https://lists.openembedded.org/mt/75369405/21656
Group Owner: openembedded-devel+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub  
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [oe] [meta-oe][PATCH] multipath-tools: fix compiling parallel issue

[Chen Qi]

On 06/24/2020 01:24 AM, Scott Murray wrote:

On Mon, 25 May 2020, hongxu wrote:


Add explicit dependency on libraries
[snip]
gcc/i686-overc-linux/10.1.0/ld: cannot find -lmpathpersist
collect2: error: ld returned 1 exit status
Makefile:36: recipe for target 'multipathd' failed
make[1]: *** [multipathd] Error 1
make[1]: Leaving directory 'git/multipathd'
Makefile:29: recipe for target 'multipathd' failed
make: *** [multipathd] Error 2
ln -sf libmpathpersist.so.0 libmpathpersist.so
[snip]

Signed-off-by: Hongxu Jia 

[Snip]

Just a heads up, this change seems perhaps insufficient, in one of my
first test builds of AGL with latest dunfell meta-oe, I hit this failure:

/ws/scottm/dev/agl/agl-repo/build-qemux86-64/tmp/work/corei7-64-agl-linux/multipath-tools/0.8.4-r0/recipe-sysroot-native/usr/bin/x86_64-agl-linux/../../libexec/x86_64-agl-linux/gcc/x86_64-agl-linux/9.3.0/ld:
err
or in libsg.o(.eh_frame); no .eh_frame_hdr table will be created
/ws/scottm/dev/agl/agl-repo/build-qemux86-64/tmp/work/corei7-64-agl-linux/multipath-tools/0.8.4-r0/recipe-sysroot-native/usr/bin/x86_64-agl-linux/../../libexec/x86_64-agl-linux/gcc/x86_64-agl-linux/9.3.0/ld:
BFD
  (GNU Binutils) 2.34.0.20200220 internal error, aborting at
../../bfd/merge.c:933 in _bfd_merged_section_offset

/ws/scottm/dev/agl/agl-repo/build-qemux86-64/tmp/work/corei7-64-agl-linux/multipath-tools/0.8.4-r0/recipe-sysroot-native/usr/bin/x86_64-agl-linux/../../libexec/x86_64-agl-linux/gcc/x86_64-agl-linux/9.3.0/ld:
Ple
ase report this bug.

collect2: error: ld returned 1 exit status
make[1]: *** [Makefile:24: libcheckreadsector0.so] Error 1
make[1]: *** Waiting for unfinished jobs

It built fine on a retry.  My guess is there's still a race between ld and
one of the inputs being generated.

Scott




I also got a similar error.
ld: error in libsg.o(.eh_frame); no .eh_frame_hdr table will be created

ld: BFD (GNU Binutils) 2.34.0.20200220 internal error, aborting at 
../../bfd/merge.c:933 in _bfd_merged_section_offset


| make[1]: *** [Makefile:24: libcheckcciss_tur.so] Error 1
| make[1]: *** Waiting for unfinished jobs

Looking at the Makefile, it has:
*LIBS= \**
**libcheckcciss_tur.so \**
**libcheckreadsector0.so \**
**libchecktur.so \**
**libcheckdirectio.so \**
**libcheckemc_clariion.so \**
**libcheckhp_sw.so \**
**libcheckrdac.so**
**
**all: $(LIBS)*

and

*libcheck%.so: libsg.o %.o**
**$(CC) $(LDFLAGS) $(SHARED_FLAGS) -o $@ $^*
and

*%.o:%.c**
**@echo building $@ because of $?**
**$(CC) $(CFLAGS) $(CPPFLAGS) -c -o $@ $<*

From the Makefile, there seems no race condition.

Khem, do you have some idea what's going on?

Best Regards,
Chen Qi








-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#85420): 
https://lists.openembedded.org/g/openembedded-devel/message/85420
Mute This Topic: https://lists.openembedded.org/mt/74472985/21656
Group Owner: openembedded-devel+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub  
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [oe][meta-python][PATCH] python-django: set CVE_PRODUCT to be django

[Chen Qi]

On 06/11/2020 11:43 AM, Khem Raj wrote:

On Wed, Jun 10, 2020 at 7:08 PM Chen Qi  wrote:

Signed-off-by: Chen Qi 
---
  meta-python/recipes-devtools/python/python-django.inc | 2 ++
  1 file changed, 2 insertions(+)


Can you rebase it on top of master-next please ?


Done. V2 sent.

Regards,
Chen Qi




diff --git a/meta-python/recipes-devtools/python/python-django.inc 
b/meta-python/recipes-devtools/python/python-django.inc
index 54c77c827..3f8c19fb5 100644
--- a/meta-python/recipes-devtools/python/python-django.inc
+++ b/meta-python/recipes-devtools/python/python-django.inc
@@ -29,3 +29,5 @@ RDEPENDS_${PN} += "\
  ${PYTHON_PN}-unixadmin \
  ${PYTHON_PN}-xml \
  "
+
+CVE_PRODUCT = "django"
--
2.17.1





-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#84989): 
https://lists.openembedded.org/g/openembedded-devel/message/84989
Mute This Topic: https://lists.openembedded.org/mt/74810980/21656
Group Owner: openembedded-devel+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub  
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[oe][meta-python][PATCH V2] python-django: set CVE_PRODUCT to be django

[Chen Qi]

Signed-off-by: Chen Qi 
---
 meta-python/recipes-devtools/python/python-django.inc | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta-python/recipes-devtools/python/python-django.inc 
b/meta-python/recipes-devtools/python/python-django.inc
index 73b7ac99f..c02b3fa52 100644
--- a/meta-python/recipes-devtools/python/python-django.inc
+++ b/meta-python/recipes-devtools/python/python-django.inc
@@ -30,3 +30,5 @@ RDEPENDS_${PN} += "\
 ${PYTHON_PN}-xml \
 ${PYTHON_PN}-distutils \
 "
+
+CVE_PRODUCT = "django"
-- 
2.17.1

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#84988): 
https://lists.openembedded.org/g/openembedded-devel/message/84988
Mute This Topic: https://lists.openembedded.org/mt/74813335/21656
Group Owner: openembedded-devel+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub  
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[oe][meta-python][PATCH] python-django: set CVE_PRODUCT to be django

[Chen Qi]

Signed-off-by: Chen Qi 
---
 meta-python/recipes-devtools/python/python-django.inc | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta-python/recipes-devtools/python/python-django.inc 
b/meta-python/recipes-devtools/python/python-django.inc
index 54c77c827..3f8c19fb5 100644
--- a/meta-python/recipes-devtools/python/python-django.inc
+++ b/meta-python/recipes-devtools/python/python-django.inc
@@ -29,3 +29,5 @@ RDEPENDS_${PN} += "\
 ${PYTHON_PN}-unixadmin \
 ${PYTHON_PN}-xml \
 "
+
+CVE_PRODUCT = "django"
-- 
2.17.1

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#84985): 
https://lists.openembedded.org/g/openembedded-devel/message/84985
Mute This Topic: https://lists.openembedded.org/mt/74810980/21656
Group Owner: openembedded-devel+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub  
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [oe][meta-oe][PATCH] multipath-tools: fix do_compile failure due to json-c upgrade

[Chen Qi]

Just noticed Khem has sent a similar patch. Ignore this one please.

On 06/09/2020 09:48 AM, Chen Qi wrote:

The new json-c does not define TRUE, so we should use 1 to avoid
do_compile failure.

Signed-off-by: Chen Qi 
---
  ...01-libdmmp_private.h-Do-not-use-TRUE.patch | 31 +++
  .../multipath-tools/multipath-tools_0.8.4.bb  |  1 +
  2 files changed, 32 insertions(+)
  create mode 100644 
meta-oe/recipes-support/multipath-tools/files/0001-libdmmp_private.h-Do-not-use-TRUE.patch

diff --git 
a/meta-oe/recipes-support/multipath-tools/files/0001-libdmmp_private.h-Do-not-use-TRUE.patch
 
b/meta-oe/recipes-support/multipath-tools/files/0001-libdmmp_private.h-Do-not-use-TRUE.patch
new file mode 100644
index 0..a78bfd2c6
--- /dev/null
+++ 
b/meta-oe/recipes-support/multipath-tools/files/0001-libdmmp_private.h-Do-not-use-TRUE.patch
@@ -0,0 +1,31 @@
+From cdee4a7e9f8aa880eb4f381aa4325c1ae42951f8 Mon Sep 17 00:00:00 2001
+From: Chen Qi 
+Date: Mon, 8 Jun 2020 18:43:10 -0700
+Subject: [PATCH] libdmmp_private.h: Do not use TRUE
+
+As json-c has been upgraded and TRUE is not defined any more, we should
+avoid using it and use 1 instead.
+
+Upstream-Status: Pending
+
+Signed-off-by: Chen Qi 
+---
+ libdmmp/libdmmp_private.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libdmmp/libdmmp_private.h b/libdmmp/libdmmp_private.h
+index ac85b63f..4378962b 100644
+--- a/libdmmp/libdmmp_private.h
 b/libdmmp/libdmmp_private.h
+@@ -82,7 +82,7 @@ static out_type func_name(struct dmmp_context *ctx, const 
char *var_name) { \
+ do { \
+   json_type j_type = json_type_null; \
+   json_object *j_obj_tmp = NULL; \
+-  if (json_object_object_get_ex(j_obj, key, _obj_tmp) != TRUE) { \
++  if (json_object_object_get_ex(j_obj, key, _obj_tmp) != 1) { \
+   _error(ctx, "Invalid JSON output from multipathd IPC: " \
+  "key '%s' not found", key); \
+   rc = DMMP_ERR_IPC_ERROR; \
+--
+2.21.0
+
diff --git a/meta-oe/recipes-support/multipath-tools/multipath-tools_0.8.4.bb 
b/meta-oe/recipes-support/multipath-tools/multipath-tools_0.8.4.bb
index af34a4b39..5018f51d2 100644
--- a/meta-oe/recipes-support/multipath-tools/multipath-tools_0.8.4.bb
+++ b/meta-oe/recipes-support/multipath-tools/multipath-tools_0.8.4.bb
@@ -45,6 +45,7 @@ SRC_URI = 
"git://git.opensvc.com/multipath-tools/.git;protocol=http \
 file://0031-Always-use-devmapper-for-kpartx.patch \
 file://0001-fix-bug-of-do_compile-and-do_install.patch \
 file://0001-add-explicit-dependency-on-libraries.patch \
+   file://0001-libdmmp_private.h-Do-not-use-TRUE.patch \
 "
  
  LIC_FILES_CHKSUM = "file://COPYING;md5=5f30f0716dfdd0d91eb439ebec522ec2"







-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#84880): 
https://lists.openembedded.org/g/openembedded-devel/message/84880
Mute This Topic: https://lists.openembedded.org/mt/74766322/21656
Group Owner: openembedded-devel+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub  
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[oe][meta-oe][PATCH] multipath-tools: fix do_compile failure due to json-c upgrade

[Chen Qi]

The new json-c does not define TRUE, so we should use 1 to avoid
do_compile failure.

Signed-off-by: Chen Qi 
---
 ...01-libdmmp_private.h-Do-not-use-TRUE.patch | 31 +++
 .../multipath-tools/multipath-tools_0.8.4.bb  |  1 +
 2 files changed, 32 insertions(+)
 create mode 100644 
meta-oe/recipes-support/multipath-tools/files/0001-libdmmp_private.h-Do-not-use-TRUE.patch

diff --git 
a/meta-oe/recipes-support/multipath-tools/files/0001-libdmmp_private.h-Do-not-use-TRUE.patch
 
b/meta-oe/recipes-support/multipath-tools/files/0001-libdmmp_private.h-Do-not-use-TRUE.patch
new file mode 100644
index 0..a78bfd2c6
--- /dev/null
+++ 
b/meta-oe/recipes-support/multipath-tools/files/0001-libdmmp_private.h-Do-not-use-TRUE.patch
@@ -0,0 +1,31 @@
+From cdee4a7e9f8aa880eb4f381aa4325c1ae42951f8 Mon Sep 17 00:00:00 2001
+From: Chen Qi 
+Date: Mon, 8 Jun 2020 18:43:10 -0700
+Subject: [PATCH] libdmmp_private.h: Do not use TRUE
+
+As json-c has been upgraded and TRUE is not defined any more, we should
+avoid using it and use 1 instead.
+
+Upstream-Status: Pending
+
+Signed-off-by: Chen Qi 
+---
+ libdmmp/libdmmp_private.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libdmmp/libdmmp_private.h b/libdmmp/libdmmp_private.h
+index ac85b63f..4378962b 100644
+--- a/libdmmp/libdmmp_private.h
 b/libdmmp/libdmmp_private.h
+@@ -82,7 +82,7 @@ static out_type func_name(struct dmmp_context *ctx, const 
char *var_name) { \
+ do { \
+   json_type j_type = json_type_null; \
+   json_object *j_obj_tmp = NULL; \
+-  if (json_object_object_get_ex(j_obj, key, _obj_tmp) != TRUE) { \
++  if (json_object_object_get_ex(j_obj, key, _obj_tmp) != 1) { \
+   _error(ctx, "Invalid JSON output from multipathd IPC: " \
+  "key '%s' not found", key); \
+   rc = DMMP_ERR_IPC_ERROR; \
+-- 
+2.21.0
+
diff --git a/meta-oe/recipes-support/multipath-tools/multipath-tools_0.8.4.bb 
b/meta-oe/recipes-support/multipath-tools/multipath-tools_0.8.4.bb
index af34a4b39..5018f51d2 100644
--- a/meta-oe/recipes-support/multipath-tools/multipath-tools_0.8.4.bb
+++ b/meta-oe/recipes-support/multipath-tools/multipath-tools_0.8.4.bb
@@ -45,6 +45,7 @@ SRC_URI = 
"git://git.opensvc.com/multipath-tools/.git;protocol=http \
file://0031-Always-use-devmapper-for-kpartx.patch \
file://0001-fix-bug-of-do_compile-and-do_install.patch \
file://0001-add-explicit-dependency-on-libraries.patch \
+   file://0001-libdmmp_private.h-Do-not-use-TRUE.patch \
"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=5f30f0716dfdd0d91eb439ebec522ec2"
-- 
2.21.0

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#84878): 
https://lists.openembedded.org/g/openembedded-devel/message/84878
Mute This Topic: https://lists.openembedded.org/mt/74766322/21656
Group Owner: openembedded-devel+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub  
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [oe] [PATCH 1/5] libnma: initial add 1.8.28

[Chen, Qi]

Hi Andreas,

There's also another problem. The PACKAGECONFIG item, 'gcr', cannot be 
disabled, otherwise, we will have do_configure error.

Best Regards,
Chen Qi

From: openembedded-devel-boun...@lists.openembedded.org 
 on behalf of Chen, Qi 

Sent: Friday, March 20, 2020 11:45
To: Andreas Müller ; 
openembedded-devel@lists.openembedded.org 

Subject: Re: [oe] [PATCH 1/5] libnma: initial add 1.8.28

Hi Andreas,

I got the following error.

gcr was skipped: missing required distro feature 'x11' (not in DISTRO_FEATURES)
ERROR: Required build target 'meta-world-pkgdata' has no buildable providers.
Missing or unbuildable dependency chain was: ['meta-world-pkgdata', 'libnma', 
'gcr']

Could you please take a look at it if convenient?

Best Regards,
Chen Qi

From: openembedded-devel-boun...@lists.openembedded.org 
 on behalf of Andreas Müller 

Sent: Thursday, March 19, 2020 4:44
To: openembedded-devel@lists.openembedded.org 

Subject: [oe] [PATCH 1/5] libnma: initial add 1.8.28

With upcoming network-manager-applet 1.16 this library gets mandatory: GNOME
splitted out common code from network-manager-applet to libnma.

Signed-off-by: Andreas Müller 
---
 .../libnma/libnma_1.8.28.bb| 18 ++
 1 file changed, 18 insertions(+)
 create mode 100644 meta-gnome/recipes-connectivity/libnma/libnma_1.8.28.bb

diff --git a/meta-gnome/recipes-connectivity/libnma/libnma_1.8.28.bb 
b/meta-gnome/recipes-connectivity/libnma/libnma_1.8.28.bb
new file mode 100644
index 0..de5ad0863
--- /dev/null
+++ b/meta-gnome/recipes-connectivity/libnma/libnma_1.8.28.bb
@@ -0,0 +1,18 @@
+SUMMARY = "NetworkManager GUI library"
+LICENSE = "GPLv2"
+LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
+
+DEPENDS = "glib-2.0 networkmanager"
+
+GNOMEBASEBUILDCLASS = "meson"
+inherit gnomebase gobject-introspection gtk-doc gettext vala
+
+SRC_URI[archive.md5sum] = "094c45d7694b153612cbdc3c713edcb5"
+SRC_URI[archive.sha256sum] = 
"4af69552d131a3b2b8b6a2df584044258bf588448dcdb4bddfa12a07c134b726"
+
+PACKAGECONFIG ?= "gcr iso_codes mobile_broadband_provider_info"
+PACKAGECONFIG[gcr] = "-Dgcr=true,-Dgcr=false,gcr"
+PACKAGECONFIG[iso_codes] = 
"-Diso_codes=true,-Diso_codes=false,iso-codes,iso-codes"
+PACKAGECONFIG[mobile_broadband_provider_info] = 
"-Dmobile_broadband_provider_info=true,-Dmobile_broadband_provider_info=false,mobile-broadband-provider-info,mobile-broadband-provider-info"
+
+GTKDOC_MESON_OPTION = "gtk_doc"
--
2.21.1

--
___
Openembedded-devel mailing list
Openembedded-devel@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-devel
--
___
Openembedded-devel mailing list
Openembedded-devel@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-devel
-- 
___
Openembedded-devel mailing list
Openembedded-devel@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-devel

Re: [oe] [PATCH 1/5] libnma: initial add 1.8.28

[Chen, Qi]

Hi Andreas,

I got the following error.

gcr was skipped: missing required distro feature 'x11' (not in DISTRO_FEATURES)
ERROR: Required build target 'meta-world-pkgdata' has no buildable providers.
Missing or unbuildable dependency chain was: ['meta-world-pkgdata', 'libnma', 
'gcr']

Could you please take a look at it if convenient?

Best Regards,
Chen Qi

From: openembedded-devel-boun...@lists.openembedded.org 
 on behalf of Andreas Müller 

Sent: Thursday, March 19, 2020 4:44
To: openembedded-devel@lists.openembedded.org 

Subject: [oe] [PATCH 1/5] libnma: initial add 1.8.28

With upcoming network-manager-applet 1.16 this library gets mandatory: GNOME
splitted out common code from network-manager-applet to libnma.

Signed-off-by: Andreas Müller 
---
 .../libnma/libnma_1.8.28.bb| 18 ++
 1 file changed, 18 insertions(+)
 create mode 100644 meta-gnome/recipes-connectivity/libnma/libnma_1.8.28.bb

diff --git a/meta-gnome/recipes-connectivity/libnma/libnma_1.8.28.bb 
b/meta-gnome/recipes-connectivity/libnma/libnma_1.8.28.bb
new file mode 100644
index 0..de5ad0863
--- /dev/null
+++ b/meta-gnome/recipes-connectivity/libnma/libnma_1.8.28.bb
@@ -0,0 +1,18 @@
+SUMMARY = "NetworkManager GUI library"
+LICENSE = "GPLv2"
+LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
+
+DEPENDS = "glib-2.0 networkmanager"
+
+GNOMEBASEBUILDCLASS = "meson"
+inherit gnomebase gobject-introspection gtk-doc gettext vala
+
+SRC_URI[archive.md5sum] = "094c45d7694b153612cbdc3c713edcb5"
+SRC_URI[archive.sha256sum] = 
"4af69552d131a3b2b8b6a2df584044258bf588448dcdb4bddfa12a07c134b726"
+
+PACKAGECONFIG ?= "gcr iso_codes mobile_broadband_provider_info"
+PACKAGECONFIG[gcr] = "-Dgcr=true,-Dgcr=false,gcr"
+PACKAGECONFIG[iso_codes] = 
"-Diso_codes=true,-Diso_codes=false,iso-codes,iso-codes"
+PACKAGECONFIG[mobile_broadband_provider_info] = 
"-Dmobile_broadband_provider_info=true,-Dmobile_broadband_provider_info=false,mobile-broadband-provider-info,mobile-broadband-provider-info"
+
+GTKDOC_MESON_OPTION = "gtk_doc"
--
2.21.1

--
___
Openembedded-devel mailing list
Openembedded-devel@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-devel
-- 
___
Openembedded-devel mailing list
Openembedded-devel@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-devel

[oe] [meta-python][PATCH] python3-grpcio: fix do_compile error for native

[Chen Qi]

When building python3-grpcio-native, we will meet do_compile error
because of no 'cc'.

In fact, 'cc' is not in our hosttools. So fix to use gcc and make
the patch also apply to native.

Signed-off-by: Chen Qi 
---
 .../0001-setup.py-Do-not-mix-C-and-C-compiler-options.patch | 6 +++---
 .../recipes-devtools/python/python3-grpcio_1.27.1.bb| 4 ++--
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git 
a/meta-python/recipes-devtools/python/python3-grpcio/0001-setup.py-Do-not-mix-C-and-C-compiler-options.patch
 
b/meta-python/recipes-devtools/python/python3-grpcio/0001-setup.py-Do-not-mix-C-and-C-compiler-options.patch
index 131daace0..f39a82a33 100644
--- 
a/meta-python/recipes-devtools/python/python3-grpcio/0001-setup.py-Do-not-mix-C-and-C-compiler-options.patch
+++ 
b/meta-python/recipes-devtools/python/python3-grpcio/0001-setup.py-Do-not-mix-C-and-C-compiler-options.patch
@@ -1,4 +1,4 @@
-From b02be74a2eff8abc612ef84f30e0fbce6a7f65f5 Mon Sep 17 00:00:00 2001
+1From b02be74a2eff8abc612ef84f30e0fbce6a7f65f5 Mon Sep 17 00:00:00 2001
 From: Khem Raj 
 Date: Fri, 4 Aug 2017 09:04:07 -0700
 Subject: [PATCH] setup.py: Do not mix C and C++ compiler options
@@ -24,7 +24,7 @@ Signed-off-by: Khem Raj 
  
  def check_linker_need_libatomic():
"""Test if linker on system needs libatomic."""
-+  compiler, cc_args = os.environ.get('CC').split(' ', 1) or 'cc'
++  compiler, cc_args = os.environ.get('CC').split(' ', 1) or 'gcc'
code_test = (b'#include \n' +
 b'int main() { return std::atomic{}; }')
 -  cc_test = subprocess.Popen(['cc', '-x', 'c++', '-std=c++11', '-'],
@@ -57,7 +57,7 @@ Signed-off-by: Khem Raj 
  """
  # TODO(lidiz) Remove the generated a.out for success tests.
 -cc_test = subprocess.Popen(['cc', '-x', 'c', '-std=c++11', '-'],
-+compiler, cc_args = os.environ.get('CC').split(' ', 1) or 'cc'
++compiler, cc_args = os.environ.get('CC').split(' ', 1) or 'gcc'
 +cc_test = subprocess.Popen([compiler, cc_args, '-x', 'c', 
'-std=c++11', '-'],
 stdin=subprocess.PIPE,
 stdout=subprocess.PIPE,
diff --git a/meta-python/recipes-devtools/python/python3-grpcio_1.27.1.bb 
b/meta-python/recipes-devtools/python/python3-grpcio_1.27.1.bb
index bc2b70cf8..42260cb27 100644
--- a/meta-python/recipes-devtools/python/python3-grpcio_1.27.1.bb
+++ b/meta-python/recipes-devtools/python/python3-grpcio_1.27.1.bb
@@ -6,8 +6,8 @@ LIC_FILES_CHKSUM = 
"file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
 
 DEPENDS += "${PYTHON_PN}-protobuf"
 
-SRC_URI_append_class-target = " 
file://0001-setup.py-Do-not-mix-C-and-C-compiler-options.patch \
-file://ppc-boringssl-support.patch \
+SRC_URI += "file://0001-setup.py-Do-not-mix-C-and-C-compiler-options.patch"
+SRC_URI_append_class-target = " file://ppc-boringssl-support.patch \
 file://riscv64_support.patch \
 "
 SRC_URI[md5sum] = "ccaf4e7eb4f031d926fb80035d193b98"
-- 
2.17.1

-- 
___
Openembedded-devel mailing list
Openembedded-devel@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-devel

[oe] [meta-python][PATCH] python3-grpcio: fix do_compile error for native

[Chen Qi]

When building python3-grpcio-native, we will meet do_compile error
because of no 'cc'.

In fact, 'cc' is not in our hosttools. So fix to use gcc and make
the patch also apply to native.

Signed-off-by: Chen Qi 
---
 .../0001-setup.py-Do-not-mix-C-and-C-compiler-options.patch | 6 +++---
 .../recipes-devtools/python/python3-grpcio_1.27.1.bb| 4 ++--
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git 
a/meta-python/recipes-devtools/python/python3-grpcio/0001-setup.py-Do-not-mix-C-and-C-compiler-options.patch
 
b/meta-python/recipes-devtools/python/python3-grpcio/0001-setup.py-Do-not-mix-C-and-C-compiler-options.patch
index 131daace0..f39a82a33 100644
--- 
a/meta-python/recipes-devtools/python/python3-grpcio/0001-setup.py-Do-not-mix-C-and-C-compiler-options.patch
+++ 
b/meta-python/recipes-devtools/python/python3-grpcio/0001-setup.py-Do-not-mix-C-and-C-compiler-options.patch
@@ -1,4 +1,4 @@
-From b02be74a2eff8abc612ef84f30e0fbce6a7f65f5 Mon Sep 17 00:00:00 2001
+1From b02be74a2eff8abc612ef84f30e0fbce6a7f65f5 Mon Sep 17 00:00:00 2001
 From: Khem Raj 
 Date: Fri, 4 Aug 2017 09:04:07 -0700
 Subject: [PATCH] setup.py: Do not mix C and C++ compiler options
@@ -24,7 +24,7 @@ Signed-off-by: Khem Raj 
  
  def check_linker_need_libatomic():
"""Test if linker on system needs libatomic."""
-+  compiler, cc_args = os.environ.get('CC').split(' ', 1) or 'cc'
++  compiler, cc_args = os.environ.get('CC').split(' ', 1) or 'gcc'
code_test = (b'#include \n' +
 b'int main() { return std::atomic{}; }')
 -  cc_test = subprocess.Popen(['cc', '-x', 'c++', '-std=c++11', '-'],
@@ -57,7 +57,7 @@ Signed-off-by: Khem Raj 
  """
  # TODO(lidiz) Remove the generated a.out for success tests.
 -cc_test = subprocess.Popen(['cc', '-x', 'c', '-std=c++11', '-'],
-+compiler, cc_args = os.environ.get('CC').split(' ', 1) or 'cc'
++compiler, cc_args = os.environ.get('CC').split(' ', 1) or 'gcc'
 +cc_test = subprocess.Popen([compiler, cc_args, '-x', 'c', 
'-std=c++11', '-'],
 stdin=subprocess.PIPE,
 stdout=subprocess.PIPE,
diff --git a/meta-python/recipes-devtools/python/python3-grpcio_1.27.1.bb 
b/meta-python/recipes-devtools/python/python3-grpcio_1.27.1.bb
index bc2b70cf8..42260cb27 100644
--- a/meta-python/recipes-devtools/python/python3-grpcio_1.27.1.bb
+++ b/meta-python/recipes-devtools/python/python3-grpcio_1.27.1.bb
@@ -6,8 +6,8 @@ LIC_FILES_CHKSUM = 
"file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
 
 DEPENDS += "${PYTHON_PN}-protobuf"
 
-SRC_URI_append_class-target = " 
file://0001-setup.py-Do-not-mix-C-and-C-compiler-options.patch \
-file://ppc-boringssl-support.patch \
+SRC_URI += "file://0001-setup.py-Do-not-mix-C-and-C-compiler-options.patch"
+SRC_URI_append_class-target = " file://ppc-boringssl-support.patch \
 file://riscv64_support.patch \
 "
 SRC_URI[md5sum] = "ccaf4e7eb4f031d926fb80035d193b98"
-- 
2.17.1

-- 
___
Openembedded-devel mailing list
Openembedded-devel@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-devel

[oe] [meta-oe][PATCH] xmlsec1: fix for multilib

[Chen Qi]

With previous change of nss/nspr in this recipe, multilib build
failure at do_configure.

Fix it by not using hardcoded /lib/.

Signed-off-by: Chen Qi 
---
 .../0001-nss-nspr-fix-for-multilib.patch  | 52 +++
 .../recipes-support/xmlsec1/xmlsec1_1.2.29.bb |  3 +-
 2 files changed, 54 insertions(+), 1 deletion(-)
 create mode 100644 
meta-oe/recipes-support/xmlsec1/xmlsec1/0001-nss-nspr-fix-for-multilib.patch

diff --git 
a/meta-oe/recipes-support/xmlsec1/xmlsec1/0001-nss-nspr-fix-for-multilib.patch 
b/meta-oe/recipes-support/xmlsec1/xmlsec1/0001-nss-nspr-fix-for-multilib.patch
new file mode 100644
index 0..53c119765
--- /dev/null
+++ 
b/meta-oe/recipes-support/xmlsec1/xmlsec1/0001-nss-nspr-fix-for-multilib.patch
@@ -0,0 +1,52 @@
+From 9ed3b4e628f9254d5c86006fe63c33a1eb02aee5 Mon Sep 17 00:00:00 2001
+From: Chen Qi 
+Date: Tue, 4 Feb 2020 23:39:49 -0800
+Subject: [PATCH] nss/nspr: fix for multilib
+
+Upstream-Status: Pending
+
+Signed-off-by: Chen Qi 
+---
+ configure.ac | 16 
+ 1 file changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index b46d97d..39f4318 100644
+--- a/configure.ac
 b/configure.ac
+@@ -920,24 +920,24 @@ fi
+ dnl Priority 1: User specifies the path to installation
+ if test "z$NSPR_FOUND" = "zno" -a "z$with_nspr" != "z" -a "z$with_nspr" != 
"zyes" ; then
+ AC_MSG_CHECKING(for nspr library installation in "$with_nspr" folder)
+-if test -f "$with_nspr/include/$NSPR_INCLUDE_MARKER" -a -f 
"$with_nspr/lib/$NSPR_LIB_MARKER" ; then
+-NSPR_INCLUDE_PATH="$with_nspr/include"
+-NSPR_LIB_PATH="$with_nspr/lib"
++if test -f "$with_nspr/${includedir}/$NSPR_INCLUDE_MARKER" -a -f 
"$with_nspr/${libdir}/$NSPR_LIB_MARKER" ; then
++NSPR_INCLUDE_PATH="$with_nspr/${includedir}"
++NSPR_LIB_PATH="$with_nspr/${libdir}"
+ NSPR_FOUND="yes"
+ AC_MSG_RESULT([yes])
+ else
+-AC_MSG_ERROR([not found: "$with_nspr/include/$NSPR_INCLUDE_MARKER" 
and/or "$with_nspr/lib/$NSPR_LIB_MARKER" files don't exist), typo?])
++AC_MSG_ERROR([not found: 
"$with_nspr/${includedir}/$NSPR_INCLUDE_MARKER" and/or 
"$with_nspr/${libdir}/$NSPR_LIB_MARKER" files don't exist), typo?])
+ fi
+ fi
+ if test "z$NSS_FOUND" = "zno" -a "z$with_nss" != "z" -a "z$with_nss" != 
"zyes" ; then
+ AC_MSG_CHECKING(for nss library installation in "$with_nss" folder)
+-if test -f "$with_nss/include/$NSS_INCLUDE_MARKER" -a -f 
"$with_nss/lib/$NSS_LIB_MARKER" ; then
+-NSS_INCLUDE_PATH="$with_nss/include"
+-NSS_LIB_PATH="$with_nss/lib"
++if test -f "$with_nss/${includedir}/$NSS_INCLUDE_MARKER" -a -f 
"$with_nss/${libdir}/$NSS_LIB_MARKER" ; then
++NSS_INCLUDE_PATH="$with_nss/${includedir}"
++NSS_LIB_PATH="$with_nss/${libdir}"
+ NSS_FOUND="yes"
+ AC_MSG_RESULT([yes])
+ else
+-AC_MSG_ERROR([not found: "$with_nss/include/$NSS_INCLUDE_MARKER" 
and/or "$with_nss/lib/$NSS_LIB_MARKER" files don't exist), typo?])
++AC_MSG_ERROR([not found: 
"$with_nss/${includedir}/$NSS_INCLUDE_MARKER" and/or 
"$with_nss/${libdir}/$NSS_LIB_MARKER" files don't exist), typo?])
+ fi
+ fi
+ 
+-- 
+2.21.0
+
diff --git a/meta-oe/recipes-support/xmlsec1/xmlsec1_1.2.29.bb 
b/meta-oe/recipes-support/xmlsec1/xmlsec1_1.2.29.bb
index 3e25e8d35..8fc611a27 100644
--- a/meta-oe/recipes-support/xmlsec1/xmlsec1_1.2.29.bb
+++ b/meta-oe/recipes-support/xmlsec1/xmlsec1_1.2.29.bb
@@ -17,6 +17,7 @@ SRC_URI = 
"http://www.aleksey.com/xmlsec/download/${BP}.tar.gz \
 file://change-finding-path-of-nss.patch \
 file://makefile-ptest.patch \
 file://xmlsec1-examples-allow-build-in-separate-dir.patch \
+file://0001-nss-nspr-fix-for-multilib.patch \
 file://run-ptest \
 "
 
@@ -31,7 +32,7 @@ inherit autotools-brokensep ptest pkgconfig
 PACKAGECONFIG ??= "gnutls libgcrypt nss openssl des"
 PACKAGECONFIG[gnutls] = ",,gnutls"
 PACKAGECONFIG[libgcrypt] = ",,libgcrypt"
-PACKAGECONFIG[nss] = "--with-nss=${STAGING_LIBDIR}/.. 
--with-nspr=${STAGING_LIBDIR}/..,,nss nspr"
+PACKAGECONFIG[nss] = "--with-nss=${STAGING_DIR_HOST} 
--with-nspr=${STAGING_DIR_HOST},,nss nspr"
 PACKAGECONFIG[openssl] = ",,openssl"
 PACKAGECONFIG[des] = ",--disable-des,,"
 
-- 
2.21.0

-- 
___
Openembedded-devel mailing list
Openembedded-devel@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-devel

[oe] [meta-oe][PATCH] rsyslog: disable ptest as it requires python2

[Chen Qi]

Signed-off-by: Chen Qi 
---
 meta-oe/recipes-extended/rsyslog/rsyslog_8.1911.0.bb | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/meta-oe/recipes-extended/rsyslog/rsyslog_8.1911.0.bb 
b/meta-oe/recipes-extended/rsyslog/rsyslog_8.1911.0.bb
index 29bba2d9a..b109e4dec 100644
--- a/meta-oe/recipes-extended/rsyslog/rsyslog_8.1911.0.bb
+++ b/meta-oe/recipes-extended/rsyslog/rsyslog_8.1911.0.bb
@@ -35,7 +35,9 @@ SRC_URI[sha256sum] = 
"e1f4776b1c62ad7220f4d624a89a96b0c3d4738006899356eaaef0f1f9
 UPSTREAM_CHECK_URI = "https://github.com/rsyslog/rsyslog/releases;
 UPSTREAM_CHECK_REGEX = "(?P\d+(\.\d+)+)"
 
-inherit autotools pkgconfig systemd update-rc.d ptest
+inherit autotools pkgconfig systemd update-rc.d
+# ptest is disabled for now because it requires python2, after upstream solves 
 this problem, re-enable it
+# inherit ptest
 
 EXTRA_OECONF += "--disable-generate-man-pages ap_cv_atomic_builtins=yes"
 EXTRA_OECONF += "--enable-imfile-tests"
-- 
2.21.0

-- 
___
Openembedded-devel mailing list
Openembedded-devel@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-devel

[oe] [meta-oe][PATCH] phoronix-test-suite: change python to python3-core in RDEPENDS

[Chen Qi]

The source codes are actually using python3 instead of python.

Signed-off-by: Chen Qi 
---
 .../phoronix-test-suite/phoronix-test-suite_9.2.1.bb| 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git 
a/meta-oe/recipes-benchmark/phoronix-test-suite/phoronix-test-suite_9.2.1.bb 
b/meta-oe/recipes-benchmark/phoronix-test-suite/phoronix-test-suite_9.2.1.bb
index 52b341b0e..6525b8ec0 100644
--- a/meta-oe/recipes-benchmark/phoronix-test-suite/phoronix-test-suite_9.2.1.bb
+++ b/meta-oe/recipes-benchmark/phoronix-test-suite/phoronix-test-suite_9.2.1.bb
@@ -29,7 +29,7 @@ do_install() {
 SYSTEMD_AUTO_ENABLE = "disable"
 SYSTEMD_SERVICE_${PN} = "phoromatic-client.service phoromatic-server.service"
 
-RDEPENDS_${PN} += "bash python php-cli util-linux-lscpu os-release lsb-release"
+RDEPENDS_${PN} += "bash python3-core php-cli util-linux-lscpu os-release 
lsb-release"
 
 FILES_${PN} += " \
 ${datadir}/phoronix-test-suite \
-- 
2.21.0

-- 
___
Openembedded-devel mailing list
Openembedded-devel@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-devel

[oe] [meta-python][PATCH V2] python3-pid: upgrade to 2.2.5

[Chen Qi]

0001-remove-requirement-of-nose.patch is removed as new version
has also removed such dependency.

Signed-off-by: Chen Qi 
---
 .../0001-remove-requirement-of-nose.patch | 29 ---
 ...hon3-pid_2.2.0.bb => python3-pid_2.2.5.bb} |  8 ++---
 2 files changed, 2 insertions(+), 35 deletions(-)
 delete mode 100644 
meta-python/recipes-devtools/python/python3-pid/0001-remove-requirement-of-nose.patch
 rename meta-python/recipes-devtools/python/{python3-pid_2.2.0.bb => 
python3-pid_2.2.5.bb} (57%)

diff --git 
a/meta-python/recipes-devtools/python/python3-pid/0001-remove-requirement-of-nose.patch
 
b/meta-python/recipes-devtools/python/python3-pid/0001-remove-requirement-of-nose.patch
deleted file mode 100644
index 3beef0700..0
--- 
a/meta-python/recipes-devtools/python/python3-pid/0001-remove-requirement-of-nose.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From 04d04a8fa1ef3d8dbdaebbaac9ae936e1c8234c1 Mon Sep 17 00:00:00 2001
-From: Hongxu Jia 
-Date: Wed, 28 Jun 2017 21:17:43 -0400
-Subject: [PATCH] remove requirement of nose
-
-The nose extends unittest to make testing easier.
-Do not need the test suite, so remove requirement of nose.
-
-Upstream-Status: Inappropriate [oe specific]
-
-Signed-off-by: Hongxu Jia 

- setup.py | 2 --
- 1 file changed, 2 deletions(-)
-
-diff --git a/setup.py b/setup.py
-index 3f7c7cb..c42a546 100644
 a/setup.py
-+++ b/setup.py
-@@ -53,6 +53,4 @@ setup(
- keywords='pid pidfile context manager decorator',
- packages=["pid"],
- install_requires=[],
--test_suite='nose.collector',
--setup_requires=['nose>=1.0'],
- )
--- 
-2.8.1
-
diff --git a/meta-python/recipes-devtools/python/python3-pid_2.2.0.bb 
b/meta-python/recipes-devtools/python/python3-pid_2.2.5.bb
similarity index 57%
rename from meta-python/recipes-devtools/python/python3-pid_2.2.0.bb
rename to meta-python/recipes-devtools/python/python3-pid_2.2.5.bb
index e43831989..b8dd0d747 100644
--- a/meta-python/recipes-devtools/python/python3-pid_2.2.0.bb
+++ b/meta-python/recipes-devtools/python/python3-pid_2.2.5.bb
@@ -4,11 +4,7 @@ HOMEPAGE = "https://github.com/trbs/pid/;
 LICENSE = "Apache-2.0"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=83d53cbd3105063f20305bc313464e29"
 
-SRC_URI[md5sum] = "04d30308013d16aa882b3806feda8ab2"
-SRC_URI[sha256sum] = 
"d8bb2ceec21a4ae84be6e9d320db1f56934b30e676e31c6f098ca7218b3d67d4"
+SRC_URI[md5sum] = "ad352ee1dc28b9746a15451c0c53e9d7"
+SRC_URI[sha256sum] = 
"96eb7dba326b88f5164bc1afdc986c7793e0d32d7f62366256a3903c7b0614ef"
 
 inherit pypi setuptools3
-
-SRC_URI += " \
-file://0001-remove-requirement-of-nose.patch \
-"
-- 
2.17.1

-- 
___
Openembedded-devel mailing list
Openembedded-devel@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-devel

[oe] [meta-python][PATCH] python3-pid: upgrade to 2.2.5

[Chen Qi]

0001-remove-requirement-of-nose.patch is removed as new version
has also removed such dependency.

Signed-off-by: Chen Qi 
---
 .../0001-remove-requirement-of-nose.patch | 29 ---
 ...hon3-pid_2.2.0.bb => python3-pid_2.2.5.bb} |  9 ++
 2 files changed, 3 insertions(+), 35 deletions(-)
 delete mode 100644 
meta-python/recipes-devtools/python/python3-pid/0001-remove-requirement-of-nose.patch
 rename meta-python/recipes-devtools/python/{python3-pid_2.2.0.bb => 
python3-pid_2.2.5.bb} (57%)

diff --git 
a/meta-python/recipes-devtools/python/python3-pid/0001-remove-requirement-of-nose.patch
 
b/meta-python/recipes-devtools/python/python3-pid/0001-remove-requirement-of-nose.patch
deleted file mode 100644
index 3beef0700..0
--- 
a/meta-python/recipes-devtools/python/python3-pid/0001-remove-requirement-of-nose.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From 04d04a8fa1ef3d8dbdaebbaac9ae936e1c8234c1 Mon Sep 17 00:00:00 2001
-From: Hongxu Jia 
-Date: Wed, 28 Jun 2017 21:17:43 -0400
-Subject: [PATCH] remove requirement of nose
-
-The nose extends unittest to make testing easier.
-Do not need the test suite, so remove requirement of nose.
-
-Upstream-Status: Inappropriate [oe specific]
-
-Signed-off-by: Hongxu Jia 

- setup.py | 2 --
- 1 file changed, 2 deletions(-)
-
-diff --git a/setup.py b/setup.py
-index 3f7c7cb..c42a546 100644
 a/setup.py
-+++ b/setup.py
-@@ -53,6 +53,4 @@ setup(
- keywords='pid pidfile context manager decorator',
- packages=["pid"],
- install_requires=[],
--test_suite='nose.collector',
--setup_requires=['nose>=1.0'],
- )
--- 
-2.8.1
-
diff --git a/meta-python/recipes-devtools/python/python3-pid_2.2.0.bb 
b/meta-python/recipes-devtools/python/python3-pid_2.2.5.bb
similarity index 57%
rename from meta-python/recipes-devtools/python/python3-pid_2.2.0.bb
rename to meta-python/recipes-devtools/python/python3-pid_2.2.5.bb
index e43831989..56fc2ad85 100644
--- a/meta-python/recipes-devtools/python/python3-pid_2.2.0.bb
+++ b/meta-python/recipes-devtools/python/python3-pid_2.2.5.bb
@@ -4,11 +4,8 @@ HOMEPAGE = "https://github.com/trbs/pid/;
 LICENSE = "Apache-2.0"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=83d53cbd3105063f20305bc313464e29"
 
-SRC_URI[md5sum] = "04d30308013d16aa882b3806feda8ab2"
-SRC_URI[sha256sum] = 
"d8bb2ceec21a4ae84be6e9d320db1f56934b30e676e31c6f098ca7218b3d67d4"
+SRC_URI += " file://0001-remove-requirement-of-nose.patch"
+SRC_URI[md5sum] = "ad352ee1dc28b9746a15451c0c53e9d7"
+SRC_URI[sha256sum] = 
"96eb7dba326b88f5164bc1afdc986c7793e0d32d7f62366256a3903c7b0614ef"
 
 inherit pypi setuptools3
-
-SRC_URI += " \
-file://0001-remove-requirement-of-nose.patch \
-"
-- 
2.17.1

-- 
___
Openembedded-devel mailing list
Openembedded-devel@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-devel

[oe] [meta-python][PATCH] python-jsonschemea: add missing dependency

[Chen Qi]

Signed-off-by: Chen Qi 
---
 meta-python/recipes-devtools/python/python-jsonschema.inc | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta-python/recipes-devtools/python/python-jsonschema.inc 
b/meta-python/recipes-devtools/python/python-jsonschema.inc
index 1841b5893..5599cc6f4 100644
--- a/meta-python/recipes-devtools/python/python-jsonschema.inc
+++ b/meta-python/recipes-devtools/python/python-jsonschema.inc
@@ -23,6 +23,7 @@ RDEPENDS_${PN} += " \
 ${PYTHON_PN}-strict-rfc3339 \
 ${PYTHON_PN}-unittest \
 ${PYTHON_PN}-setuptools-scm \
+${PYTHON_PN}-zipp \
 "
 
 BBCLASSEXTEND = "native nativesdk"
-- 
2.17.1

-- 
___
Openembedded-devel mailing list
Openembedded-devel@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-devel

[oe] [meta-oe][PATCH] protobuf-c: fix race condition

[Chen Qi]

Signed-off-by: Chen Qi 
---
 .../0001-avoid-race-condition.patch   | 36 +++
 .../protobuf/protobuf-c_1.3.2.bb  |  1 +
 2 files changed, 37 insertions(+)
 create mode 100644 
meta-oe/recipes-devtools/protobuf/protobuf-c/0001-avoid-race-condition.patch

diff --git 
a/meta-oe/recipes-devtools/protobuf/protobuf-c/0001-avoid-race-condition.patch 
b/meta-oe/recipes-devtools/protobuf/protobuf-c/0001-avoid-race-condition.patch
new file mode 100644
index 0..4fc7703d8
--- /dev/null
+++ 
b/meta-oe/recipes-devtools/protobuf/protobuf-c/0001-avoid-race-condition.patch
@@ -0,0 +1,36 @@
+From 216e31260b618ec73862f9f5336597f391444dac Mon Sep 17 00:00:00 2001
+From: Chen Qi 
+Date: Sun, 29 Sep 2019 17:20:42 +0800
+Subject: [PATCH] avoid race condition
+
+It's possible that the cxx-generate-packed-data.cc is compiled
+while the t/test-full.pb.h is being generated. This will result
+the following error.
+
+  DEBUG:   ./t/test-full.pb.h:4:0: error: unterminated #ifndef
+  ./t/test-full.pb.h:4:0: error: unterminated #ifndef
+
+Add a dependency to avoid such problem.
+
+Upstream-Status: Pending
+
+Signed-off-by: Chen Qi 
+---
+ Makefile.am | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/Makefile.am b/Makefile.am
+index b0cb065..1608ae0 100644
+--- a/Makefile.am
 b/Makefile.am
+@@ -156,6 +156,7 @@ noinst_PROGRAMS += \
+ t_generated_code2_cxx_generate_packed_data_SOURCES = \
+   t/generated-code2/cxx-generate-packed-data.cc \
+   t/test-full.pb.cc
++t/generated-code2/cxx-generate-packed-data.cc: t/test-full.pb.h
+ $(t_generated_code2_cxx_generate_packed_data_OBJECTS): t/test-full.pb.h
+ t_generated_code2_cxx_generate_packed_data_CXXFLAGS = \
+   $(AM_CXXFLAGS) \
+-- 
+2.17.1
+
diff --git a/meta-oe/recipes-devtools/protobuf/protobuf-c_1.3.2.bb 
b/meta-oe/recipes-devtools/protobuf/protobuf-c_1.3.2.bb
index 6d1ffc3f4..b92f82dec 100644
--- a/meta-oe/recipes-devtools/protobuf/protobuf-c_1.3.2.bb
+++ b/meta-oe/recipes-devtools/protobuf/protobuf-c_1.3.2.bb
@@ -15,6 +15,7 @@ DEPENDS = "protobuf-native protobuf"
 SRCREV = "1390409f4ee4e26d0635310995b516eb702c3f9e"
 
 SRC_URI = "git://github.com/protobuf-c/protobuf-c.git \
+   file://0001-avoid-race-condition.patch \
   "
 
 S = "${WORKDIR}/git"
-- 
2.17.1

-- 
___
Openembedded-devel mailing list
Openembedded-devel@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-devel

[oe] [meta-python][PATCH] python-jinja2: rdepend on asyncio module

[Chen Qi]

Fix error when `import jinja2'.

  ModuleNotFoundError: No module named 'asyncio'

Signed-off-by: Chen Qi 
---
 meta-python/recipes-devtools/python/python-jinja2.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta-python/recipes-devtools/python/python-jinja2.inc 
b/meta-python/recipes-devtools/python/python-jinja2.inc
index aee7bd3ff..dd9fff86b 100644
--- a/meta-python/recipes-devtools/python/python-jinja2.inc
+++ b/meta-python/recipes-devtools/python/python-jinja2.inc
@@ -8,7 +8,7 @@ SRC_URI[md5sum] = "0ae535be40fd215a8114a090c8b68e5a"
 SRC_URI[sha256sum] = 
"065c4f02ebe7f7cf559e49ee5a95fb800a9e4528727aec6f24402a5374c65013"
 
 RDEPENDS_${PN} += "${PYTHON_PN}-io ${PYTHON_PN}-pickle ${PYTHON_PN}-crypt \
-${PYTHON_PN}-math ${PYTHON_PN}-netclient \
+${PYTHON_PN}-math ${PYTHON_PN}-netclient ${PYTHON_PN}-asyncio \
 ${PYTHON_PN}-pprint ${PYTHON_PN}-shell ${PYTHON_PN}-markupsafe \
 ${PYTHON_PN}-json ${PYTHON_PN}-threading ${PYTHON_PN}-numbers"
 
-- 
2.17.1

-- 
___
Openembedded-devel mailing list
Openembedded-devel@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-devel

[oe] [meta-python][PATCH] python-hyperlink: rdepend on python-idna

[Chen Qi]

python hyperlink actually requires python idna. Otherwise, we get
the following error.

  Traceback (most recent call last):
  File "", line 1, in 
  File "/usr/lib64/python3.7/site-packages/hyperlink/_init_.py", line 2, in 

  from ._url import (URL,
  File "/usr/lib64/python3.7/site-packages/hyperlink/_url.py", line 33, in 

  from idna import encode as idna_encode, decode as idna_decode, IDNAError
  ModuleNotFoundError: No module named 'idna'

Signed-off-by: Chen Qi 
---
 meta-python/recipes-devtools/python/python-hyperlink.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta-python/recipes-devtools/python/python-hyperlink.inc 
b/meta-python/recipes-devtools/python/python-hyperlink.inc
index 25398541c..653170ca6 100644
--- a/meta-python/recipes-devtools/python/python-hyperlink.inc
+++ b/meta-python/recipes-devtools/python/python-hyperlink.inc
@@ -8,7 +8,7 @@ SRC_URI[md5sum] = "4772fb4d87c26a1ab22a6161424e3cba"
 
 inherit pypi
 
-RDEPENDS_${PN} += "${PYTHON_PN}-stringold ${PYTHON_PN}-netclient"
+RDEPENDS_${PN} += "${PYTHON_PN}-stringold ${PYTHON_PN}-netclient 
${PYTHON_PN}-idna"
 
 PACKAGES =. "${PN}-test "
 
-- 
2.17.1

-- 
___
Openembedded-devel mailing list
Openembedded-devel@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-devel

[oe] [meta-oe][PATCH] libblockdev: fix PACKAGECONFIG regarding python

[Chen Qi]

The python2 PACKAGECONFIG was added during an upgrade, defaulting to
be disabled. The RDEPENDS part should be 'python' instead 'python2'
because there's no python2 recipe.

Also, we don't need to inherit some python classes. We just need to specify
FILES variable. After this change, the python2 and python3 PACKAGECONFIG
items could correctly work.

Signed-off-by: Chen Qi 
---
 meta-oe/recipes-extended/libblockdev/libblockdev_2.22.bb | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/meta-oe/recipes-extended/libblockdev/libblockdev_2.22.bb 
b/meta-oe/recipes-extended/libblockdev/libblockdev_2.22.bb
index c5fc928a7..985bd03e4 100644
--- a/meta-oe/recipes-extended/libblockdev/libblockdev_2.22.bb
+++ b/meta-oe/recipes-extended/libblockdev/libblockdev_2.22.bb
@@ -8,7 +8,7 @@ SECTION = "devel/lib"
 
 LIC_FILES_CHKSUM = "file://LICENSE;md5=c07cb499d259452f324bb90c3067d85c"
 
-inherit autotools python3native gobject-introspection
+inherit autotools gobject-introspection
 
 SRCREV = "f6e4538485d0442b3674e182c01ffe5a0f258ad4"
 SRC_URI = " \
@@ -17,11 +17,11 @@ SRC_URI = " \
 
 S = "${WORKDIR}/git"
 
-FILES_${PN} += "${PYTHON_SITEPACKAGES_DIR}"
+FILES_${PN} += "${libdir}/python2.7/dist-packages 
${libdir}/python3.7/site-packages"
 
 PACKAGECONFIG ??= "python3 lvm dm kmod parted fs escrow btrfs crypto mdraid 
kbd mpath nvdimm"
 PACKAGECONFIG[python3] = "--with-python3, --without-python3,,python3"
-PACKAGECONFIG[python2] = "--with-python2, --without-python2,,python2"
+PACKAGECONFIG[python2] = "--with-python2, --without-python2,,python"
 PACKAGECONFIG[lvm] = "--with-lvm, --without-lvm, multipath-tools, lvm2"
 PACKAGECONFIG[lvm-dbus] = "--with-lvm_dbus, --without-lvm_dbus, 
multipath-tools, lvm2"
 PACKAGECONFIG[dm] = "--with-dm, --without-dm, multipath-tools, lvm2"
-- 
2.17.1

-- 
___
Openembedded-devel mailing list
Openembedded-devel@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-devel

[oe] [meta-networking][PATCH 1/2] postfix: use alternatives to manage /usr/lib/sendmail

[Chen Qi]

There are several packages which all provide /usr/lib/sendmail
when lsb is enabled. So use alternative to manage it.

Signed-off-by: Chen Qi 
---
 meta-networking/recipes-daemons/postfix/postfix.inc | 11 +--
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/meta-networking/recipes-daemons/postfix/postfix.inc 
b/meta-networking/recipes-daemons/postfix/postfix.inc
index 3d4f1df..9437941 100644
--- a/meta-networking/recipes-daemons/postfix/postfix.inc
+++ b/meta-networking/recipes-daemons/postfix/postfix.inc
@@ -196,11 +196,15 @@ do_install_append_class-native() {
 ln -sf ../sbin/sendmail.postfix ${D}${bindir}/mailq
 }
 
-ALTERNATIVE_${PN} += "sendmail mailq newaliases"
+ALTERNATIVE_${PN} = "sendmail mailq newaliases"
+# /usr/lib/sendmial is required by LSB core test
+ALTERNATIVE_${PN}_linuxstdbase = "sendmail mailq newaliases usr-lib-sendmail"
 ALTERNATIVE_TARGET[mailq] = "${bindir}/mailq"
 ALTERNATIVE_TARGET[newaliases] = "${bindir}/newaliases"
 ALTERNATIVE_TARGET[sendmail] = "${sbindir}/sendmail.postfix"
 ALTERNATIVE_LINK_NAME[sendmail] = "${sbindir}/sendmail"
+ALTERNATIVE_TARGET[usr-lib-sendmail] = "${sbindir}/sendmail.postfix"
+ALTERNATIVE_LINK_NAME[usr-lib-sendmail] = "/usr/lib/sendmail"
 
 ALTERNATIVE_PRIORITY = "120"
 
@@ -219,11 +223,6 @@ pkg_postinst_${PN} () {
 touch /etc/postfix/virtual_alias
 postmap /etc/postfix/virtual_alias
 else
-if ${@'true' if 'linuxstdbase' in d.getVar('DISTROOVERRIDES', False) 
else 'false'}; then
-# /usr/lib/sendmail is required by LSB core test
-[ ! -L $D/usr/lib/sendmail ] && ln -sf ${sbindir}/sendmail 
$D/usr/lib/
-fi
-
 touch $D/etc/aliases
 # This can fail depending on host setup
 if ! newaliases -C $D/etc/postfix/main.cf -oA$D/etc/aliases; then
-- 
2.7.4

-- 
___
Openembedded-devel mailing list
Openembedded-devel@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-devel

[oe] [meta-networking][PATCH 2/2] esmtp: use alternatives to manage /usr/lib/sendmail

[Chen Qi]

There are several packages which all provide /usr/lib/sendmail
when lsb is enabled. So use alternative to manage it.

Signed-off-by: Chen Qi 
---
 meta-networking/recipes-support/esmtp/esmtp_1.2.bb | 11 +--
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/meta-networking/recipes-support/esmtp/esmtp_1.2.bb 
b/meta-networking/recipes-support/esmtp/esmtp_1.2.bb
index 663161a..972d5aa 100644
--- a/meta-networking/recipes-support/esmtp/esmtp_1.2.bb
+++ b/meta-networking/recipes-support/esmtp/esmtp_1.2.bb
@@ -18,11 +18,15 @@ EXTRA_OECONF = "--with-libesmtp=${STAGING_EXECPREFIXDIR}"
 
 inherit autotools update-alternatives
 
-ALTERNATIVE_${PN} += "sendmail mailq newaliases"
+ALTERNATIVE_${PN} = "sendmail mailq newaliases"
+# /usr/lib/sendmial is required by LSB core test
+ALTERNATIVE_${PN}_linuxstdbase = "sendmail mailq newaliases usr-lib-sendmail"
 ALTERNATIVE_TARGET[mailq] = "${bindir}/mailq"
 ALTERNATIVE_TARGET[newaliases] = "${bindir}/newaliases"
 ALTERNATIVE_LINK_NAME[sendmail] = "${sbindir}/sendmail"
 ALTERNATIVE_TARGET[sendmail] = "${bindir}/esmtp"
+ALTERNATIVE_LINK_NAME[usr-lib-sendmail] = "/usr/lib/sendmail"
+ALTERNATIVE_TARGET[usr-lib-sendmail] = "${bindir}/esmtp"
 
 ALTERNATIVE_PRIORITY = "10"
 
@@ -39,9 +43,4 @@ do_install_append() {
 rm -rf ${D}${libdir}
 }
 
-pkg_postinst_${PN}_linuxstdbase () {
-# /usr/lib/sendmial is required by LSB core test
-[ ! -L $D/usr/lib/sendmail ] && ln -sf ${sbindir}/sendmail $D/usr/lib/
-}
-
 FILES_${PN} += "${libdir}/"
-- 
2.7.4

-- 
___
Openembedded-devel mailing list
Openembedded-devel@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-devel

[oe] [meta-networking][PATCH] postfix: fix postinstall to avoid do_rootfs failure

[Chen Qi]

When lsb is enabled, that is, 'linuxstdbase' is in OVERRIDES,
do_rootfs would fail if both 'msmtp' and 'postfix' are installed.
This is because they both try to create /usr/lib/sendmail link if
it does not exist. So we need to fix the check to avoid non-zero
exit status.

Signed-off-by: Chen Qi 
---
 meta-networking/recipes-daemons/postfix/postfix.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta-networking/recipes-daemons/postfix/postfix.inc 
b/meta-networking/recipes-daemons/postfix/postfix.inc
index 3d4f1df..021129c 100644
--- a/meta-networking/recipes-daemons/postfix/postfix.inc
+++ b/meta-networking/recipes-daemons/postfix/postfix.inc
@@ -221,7 +221,7 @@ pkg_postinst_${PN} () {
 else
 if ${@'true' if 'linuxstdbase' in d.getVar('DISTROOVERRIDES', False) 
else 'false'}; then
 # /usr/lib/sendmail is required by LSB core test
-[ ! -L $D/usr/lib/sendmail ] && ln -sf ${sbindir}/sendmail 
$D/usr/lib/
+[ ! -L $D/usr/lib/sendmail ] && ln -sf ${sbindir}/sendmail 
$D/usr/lib/ || true
 fi
 
 touch $D/etc/aliases
-- 
2.7.4

-- 
___
Openembedded-devel mailing list
Openembedded-devel@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-devel

[oe] [meta-oe][PATCH] turbostat: set PACKAGE_ARCH as MACHINE_ARCH

[Chen Qi]

This recipe depends on 'virtual/kernel', so it should
be MACHINE_ARCH.

Signed-off-by: Chen Qi 
---
 meta-oe/recipes-kernel/turbostat/turbostat_3.4.bb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta-oe/recipes-kernel/turbostat/turbostat_3.4.bb 
b/meta-oe/recipes-kernel/turbostat/turbostat_3.4.bb
index 3f25e6f..5f6588d 100644
--- a/meta-oe/recipes-kernel/turbostat/turbostat_3.4.bb
+++ b/meta-oe/recipes-kernel/turbostat/turbostat_3.4.bb
@@ -20,6 +20,7 @@ SRC_URI += "\
 file://COPYING \
 "
 
+PACKAGE_ARCH = "${MACHINE_ARCH}"
 DEPENDS = "virtual/kernel"
 
 # This looks in S, so we better make sure there's
-- 
2.7.4

-- 
___
Openembedded-devel mailing list
Openembedded-devel@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-devel

[oe] [meta-openembedded][PATCH] .gitignore: add *.pyc and *.pyo

[Chen Qi]

.gitignore needs to contain these two items, otherwise, we get unstaged
change about meta-oe/lib/oeqa/selftest/cases/__pycache__/ every time
we run oe-selftest.

Signed-off-by: Chen Qi 
---
 .gitignore | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.gitignore b/.gitignore
index b093583..c01df45 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,5 @@
+*.pyc
+*.pyo
 /*.patch
 *.swp
 *.orig
-- 
2.7.4

-- 
___
Openembedded-devel mailing list
Openembedded-devel@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-devel

[oe] [meta-oe][PATCH] polkit: fix CVE-2019-6133

[Chen Qi]

Signed-off-by: Chen Qi 
---
 ...pare-PolkitUnixProcess-uids-for-temporary.patch | 186 +
 meta-oe/recipes-extended/polkit/polkit_0.115.bb|   7 +-
 2 files changed, 190 insertions(+), 3 deletions(-)
 create mode 100644 
meta-oe/recipes-extended/polkit/polkit/0001-backend-Compare-PolkitUnixProcess-uids-for-temporary.patch

diff --git 
a/meta-oe/recipes-extended/polkit/polkit/0001-backend-Compare-PolkitUnixProcess-uids-for-temporary.patch
 
b/meta-oe/recipes-extended/polkit/polkit/0001-backend-Compare-PolkitUnixProcess-uids-for-temporary.patch
new file mode 100644
index 000..ae314e3
--- /dev/null
+++ 
b/meta-oe/recipes-extended/polkit/polkit/0001-backend-Compare-PolkitUnixProcess-uids-for-temporary.patch
@@ -0,0 +1,186 @@
+From eb1f1336e8e49b4db6243b543e0a71f7c0c9b5b1 Mon Sep 17 00:00:00 2001
+From: Colin Walters 
+Date: Fri, 4 Jan 2019 14:24:48 -0500
+Subject: [PATCH] backend: Compare PolkitUnixProcess uids for temporary
+ authorizations
+
+It turns out that the combination of `(pid, start time)` is not
+enough to be unique.  For temporary authorizations, we can avoid
+separate users racing on pid reuse by simply comparing the uid.
+
+https://bugs.chromium.org/p/project-zero/issues/detail?id=1692
+
+And the above original email report is included in full in a new comment.
+
+Reported-by: Jann Horn 
+
+Closes: https://gitlab.freedesktop.org/polkit/polkit/issues/75
+
+Upstream-Status: Backport
+CVE: CVE-2019-6133
+Signed-off-by: Chen Qi 
+---
+ src/polkit/polkitsubject.c |  2 +
+ src/polkit/polkitunixprocess.c | 71 +-
+ .../polkitbackendinteractiveauthority.c| 39 +++-
+ 3 files changed, 110 insertions(+), 2 deletions(-)
+
+diff --git a/src/polkit/polkitsubject.c b/src/polkit/polkitsubject.c
+index d4c1182..ccabd0a 100644
+--- a/src/polkit/polkitsubject.c
 b/src/polkit/polkitsubject.c
+@@ -99,6 +99,8 @@ polkit_subject_hash (PolkitSubject *subject)
+  * @b: A #PolkitSubject.
+  *
+  * Checks if @a and @b are equal, ie. represent the same subject.
++ * However, avoid calling polkit_subject_equal() to compare two processes;
++ * for more information see the `PolkitUnixProcess` documentation.
+  *
+  * This function can be used in e.g. g_hash_table_new().
+  *
+diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c
+index 972b777..7a6d48b 100644
+--- a/src/polkit/polkitunixprocess.c
 b/src/polkit/polkitunixprocess.c
+@@ -51,7 +51,10 @@
+  * @title: PolkitUnixProcess
+  * @short_description: Unix processs
+  *
+- * An object for representing a UNIX process.
++ * An object for representing a UNIX process.  NOTE: This object as
++ * designed is now known broken; a mechanism to exploit a delay in
++ * start time in the Linux kernel was identified.  Avoid
++ * calling polkit_subject_equal() to compare two processes.
+  *
+  * To uniquely identify processes, both the process id and the start
+  * time of the process (a monotonic increasing value representing the
+@@ -66,6 +69,72 @@
+  * polkit_unix_process_new_for_owner() with trusted data.
+  */
+ 
++/* See https://gitlab.freedesktop.org/polkit/polkit/issues/75
++
++  But quoting the original email in full here to ensure it's preserved:
++
++  From: Jann Horn 
++  Subject: [SECURITY] polkit: temporary auth hijacking via PID reuse and 
non-atomic fork
++  Date: Wednesday, October 10, 2018 5:34 PM
++
++When a (non-root) user attempts to e.g. control systemd units in the system
++instance from an active session over DBus, the access is gated by a polkit
++policy that requires "auth_admin_keep" auth. This results in an auth prompt
++being shown to the user, asking the user to confirm the action by entering the
++password of an administrator account.
++
++After the action has been confirmed, the auth decision for "auth_admin_keep" 
is
++cached for up to five minutes. Subject to some restrictions, similar actions 
can
++then be performed in this timespan without requiring re-auth:
++
++ - The PID of the DBus client requesting the new action must match the PID of
++   the DBus client requesting the old action (based on SO_PEERCRED information
++   forwarded by the DBus daemon).
++ - The "start time" of the client's PID (as seen in /proc/$pid/stat, field 22)
++   must not have changed. The granularity of this timestamp is in the
++   millisecond range.
++ - polkit polls every two seconds whether a process with the expected start 
time
++   still exists. If not, the temporary auth entry is purged.
++
++Without the start time check, this would obviously be buggy because an 
attacker
++could simply wait for the legitimate client to disappear, then create a new
++client with the same PID.
++
++Unfortunately, the start time check is bypassable because fork() is not 
atomic.
++Looking at the source code of copy_process() in the kernel:
++
++p->start_time = ktime_get_ns();
++p->

[oe] [meta-oe][PATCH] gd: set CVE_PRODUCT

[Chen Qi]

Signed-off-by: Chen Qi 
---
 meta-oe/recipes-support/gd/gd_2.2.5.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta-oe/recipes-support/gd/gd_2.2.5.bb 
b/meta-oe/recipes-support/gd/gd_2.2.5.bb
index 426af25..c846bda 100644
--- a/meta-oe/recipes-support/gd/gd_2.2.5.bb
+++ b/meta-oe/recipes-support/gd/gd_2.2.5.bb
@@ -50,3 +50,5 @@ FILES_${PN}-tools = "${bindir}/*"
 PROVIDES += "${PN}-tools"
 RPROVIDES_${PN}-tools = "${PN}-tools"
 RDEPENDS_${PN}-tools = "perl perl-module-strict"
+
+CVE_PRODUCT = "libgd"
-- 
2.7.4

-- 
___
Openembedded-devel mailing list
Openembedded-devel@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-devel

[oe] [meta-networking][PATCH V2 1/2] netkit-rsh: add tag to CVE patch

[Chen Qi]

Signed-off-by: Chen Qi 
---
 .../netkit-rsh/netkit-rsh/CVE-2019-7282-and-CVE-2019-7283.patch | 2 ++
 1 file changed, 2 insertions(+)

diff --git 
a/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/CVE-2019-7282-and-CVE-2019-7283.patch
 
b/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/CVE-2019-7282-and-CVE-2019-7283.patch
index 4381f5b..285667b 100644
--- 
a/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/CVE-2019-7282-and-CVE-2019-7283.patch
+++ 
b/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/CVE-2019-7282-and-CVE-2019-7283.patch
@@ -10,6 +10,8 @@ Origin: 
https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa88
 Upstream-Status: Backport [Debian]
 
[https://sources.debian.org/src/netkit-rsh/0.17-20/debian/patches/fix-CVE-2018-20685-and-CVE-2019-6111.patch]
 
+CVE: CVE-2019-7282 CVE-2019-7283
+
 Signed-off-by: Yi Zhao 
 ---
  rcp/rcp.c | 5 +
-- 
2.7.4

-- 
___
Openembedded-devel mailing list
Openembedded-devel@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-devel

[oe] [meta-networking][PATCH 1/2] netkit-rsh: add tag to CVE patch

[Chen Qi]

Signed-off-by: Chen Qi 
---
 .../netkit-rsh/netkit-rsh/CVE-2019-7282-and-CVE-2019-7283.patch | 2 ++
 1 file changed, 2 insertions(+)

diff --git 
a/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/CVE-2019-7282-and-CVE-2019-7283.patch
 
b/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/CVE-2019-7282-and-CVE-2019-7283.patch
index 4381f5b..dc71141 100644
--- 
a/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/CVE-2019-7282-and-CVE-2019-7283.patch
+++ 
b/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/CVE-2019-7282-and-CVE-2019-7283.patch
@@ -10,6 +10,8 @@ Origin: 
https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa88
 Upstream-Status: Backport [Debian]
 
[https://sources.debian.org/src/netkit-rsh/0.17-20/debian/patches/fix-CVE-2018-20685-and-CVE-2019-6111.patch]
 
+CVE: CVE-2018-7282 CVE-2018-7283
+
 Signed-off-by: Yi Zhao 
 ---
  rcp/rcp.c | 5 +
-- 
2.7.4

-- 
___
Openembedded-devel mailing list
Openembedded-devel@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-devel

[oe] [meta-networking][PATCH 2/2] ipsec-tools: fix CVE tag in patch

[Chen Qi]

Signed-off-by: Chen Qi 
---
 .../recipes-support/ipsec-tools/ipsec-tools/fix-CVE-2016-10396.patch| 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git 
a/meta-networking/recipes-support/ipsec-tools/ipsec-tools/fix-CVE-2016-10396.patch
 
b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/fix-CVE-2016-10396.patch
index 19220c4..fec4804 100644
--- 
a/meta-networking/recipes-support/ipsec-tools/ipsec-tools/fix-CVE-2016-10396.patch
+++ 
b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/fix-CVE-2016-10396.patch
@@ -1,6 +1,6 @@
 Upstream-Status: Backport 
[https://anonscm.debian.org/cgit/pkg-ipsec-tools/pkg-ipsec-tools.git/plain/debian/patches/CVE-2016-10396.patch?id=62ac12648a4eb7c5ba5dba0f81998d1acf310d8b]
 
-CVE: CVE-2016-10396.
+CVE: CVE-2016-10396
 
 Signed-off-by: Kai Kang 
 ---
-- 
2.7.4

-- 
___
Openembedded-devel mailing list
Openembedded-devel@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-devel

[oe] [meta-oe][PATCH] multipath-tools: fix up patch to avoid segfault

[Chen Qi]

When upgrading multipath, the following patch was accidently
wrongly rebased, leaving set_value not declared in parser.h
and resulting in segfault when running 'multipath' and 'multipathd'.

  0027-RH-warn-on-invalid-regex-instead-of-failing.patch

So fix things up and add the declaration back.

Signed-off-by: Chen Qi 
---
 ...-warn-on-invalid-regex-instead-of-failing.patch | 25 ++
 1 file changed, 11 insertions(+), 14 deletions(-)

diff --git 
a/meta-oe/recipes-support/multipath-tools/files/0027-RH-warn-on-invalid-regex-instead-of-failing.patch
 
b/meta-oe/recipes-support/multipath-tools/files/0027-RH-warn-on-invalid-regex-instead-of-failing.patch
index 57d04d0..95624ad 100644
--- 
a/meta-oe/recipes-support/multipath-tools/files/0027-RH-warn-on-invalid-regex-instead-of-failing.patch
+++ 
b/meta-oe/recipes-support/multipath-tools/files/0027-RH-warn-on-invalid-regex-instead-of-failing.patch
@@ -1,4 +1,4 @@
-From d16de70b76919269561b4e404825f78286ea9a40 Mon Sep 17 00:00:00 2001
+From 56d65ecb1c6d814929f6ff3159ade09dc203cc83 Mon Sep 17 00:00:00 2001
 From: Changqing Li 
 Date: Mon, 26 Nov 2018 10:31:30 +0800
 Subject: [PATCH] From  Mon Sep 17
@@ -18,14 +18,15 @@ Upstream-Status: Pending
 update this patch to new version
 
 Signed-off-by: Changqing Li 
+
 ---
  libmultipath/dict.c   | 29 ++---
  libmultipath/parser.c | 13 +
- libmultipath/parser.h |  2 +-
- 3 files changed, 36 insertions(+), 8 deletions(-)
+ libmultipath/parser.h |  1 +
+ 3 files changed, 36 insertions(+), 7 deletions(-)
 
 diff --git a/libmultipath/dict.c b/libmultipath/dict.c
-index a81c051..0689763 100644
+index eaad4f1..fb30577 100644
 --- a/libmultipath/dict.c
 +++ b/libmultipath/dict.c
 @@ -59,6 +59,21 @@ set_str(vector strvec, void *ptr)
@@ -50,7 +51,7 @@ index a81c051..0689763 100644
  set_yes_no(vector strvec, void *ptr)
  {
char * buff;
-@@ -1346,8 +1361,8 @@ ble_ ## option ## _handler (struct config *conf, vector 
strvec)  \
+@@ -1373,8 +1388,8 @@ ble_ ## option ## _handler (struct config *conf, vector 
strvec)  \
\
if (!conf->option)  \
return 1;   \
@@ -61,7 +62,7 @@ index a81c051..0689763 100644
if (!buff)  \
return 1;   \
\
-@@ -1363,7 +1378,7 @@ ble_ ## option ## _ ## name ## _handler (struct config 
*conf, vector strvec) \
+@@ -1390,7 +1405,7 @@ ble_ ## option ## _ ## name ## _handler (struct config 
*conf, vector strvec) \
if (!conf->option)  \
return 1;   \
\
@@ -70,7 +71,7 @@ index a81c051..0689763 100644
if (!buff)  \
return 1;   \
\
-@@ -1466,16 +1481,16 @@ device_handler(struct config *conf, vector strvec)
+@@ -1493,16 +1508,16 @@ device_handler(struct config *conf, vector strvec)
return 0;
  }
  
@@ -116,18 +117,14 @@ index 92ef7cf..0e2cf49 100644
  static int kw_level = 0;
  
 diff --git a/libmultipath/parser.h b/libmultipath/parser.h
-index 62906e9..b6899fc 100644
+index 62906e9..b791705 100644
 --- a/libmultipath/parser.h
 +++ b/libmultipath/parser.h
-@@ -76,7 +76,7 @@ extern int _install_keyword(vector keywords, char *string,
- extern void dump_keywords(vector keydump, int level);
+@@ -77,6 +77,7 @@ extern void dump_keywords(vector keydump, int level);
  extern void free_keywords(vector keywords);
  extern vector alloc_strvec(char *string);
--extern void *set_value(vector strvec);
+ extern void *set_value(vector strvec);
 +extern void *set_regex_value(vector strvec);
  extern int process_file(struct config *conf, char *conf_file);
  extern struct keyword * find_keyword(vector keywords, vector v, char * name);
  int snprint_keyword(char *buff, int len, char *fmt, struct keyword *kw,
--- 
-2.7.4
-
-- 
2.7.4

-- 
___
Openembedded-devel mailing list
Openembedded-devel@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-devel

[oe] [meta-networking][PATCH] ipsec-tools: add missing CVE tags to patches

[Chen Qi]

Signed-off-by: Chen Qi 
---
 .../recipes-support/ipsec-tools/ipsec-tools/fix-CVE-2015-4047.patch | 2 ++
 .../recipes-support/ipsec-tools/ipsec-tools/fix-CVE-2016-10396.patch| 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git 
a/meta-networking/recipes-support/ipsec-tools/ipsec-tools/fix-CVE-2015-4047.patch
 
b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/fix-CVE-2015-4047.patch
index 5286376..7e033af 100644
--- 
a/meta-networking/recipes-support/ipsec-tools/ipsec-tools/fix-CVE-2015-4047.patch
+++ 
b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/fix-CVE-2015-4047.patch
@@ -2,6 +2,8 @@
 
 Upstream-Status: Backport
 
+CVE: CVE-2015-4047
+
 http://www.openwall.com/lists/oss-security/2015/05/20/1
 
 racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause
diff --git 
a/meta-networking/recipes-support/ipsec-tools/ipsec-tools/fix-CVE-2016-10396.patch
 
b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/fix-CVE-2016-10396.patch
index bd07965..19220c4 100644
--- 
a/meta-networking/recipes-support/ipsec-tools/ipsec-tools/fix-CVE-2016-10396.patch
+++ 
b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/fix-CVE-2016-10396.patch
@@ -1,6 +1,6 @@
 Upstream-Status: Backport 
[https://anonscm.debian.org/cgit/pkg-ipsec-tools/pkg-ipsec-tools.git/plain/debian/patches/CVE-2016-10396.patch?id=62ac12648a4eb7c5ba5dba0f81998d1acf310d8b]
 
-Fix CVE-2016-10396.
+CVE: CVE-2016-10396.
 
 Signed-off-by: Kai Kang 
 ---
-- 
2.7.4

-- 
___
Openembedded-devel mailing list
Openembedded-devel@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-devel

[oe] [meta-oe][PATCH] openldap: add missing CVE tag to patch

[Chen Qi]

Signed-off-by: Chen Qi 
---
 meta-oe/recipes-support/openldap/openldap/openldap-CVE-2015-3276.patch | 2 ++
 1 file changed, 2 insertions(+)

diff --git 
a/meta-oe/recipes-support/openldap/openldap/openldap-CVE-2015-3276.patch 
b/meta-oe/recipes-support/openldap/openldap/openldap-CVE-2015-3276.patch
index 25e148e..ce8b47a 100644
--- a/meta-oe/recipes-support/openldap/openldap/openldap-CVE-2015-3276.patch
+++ b/meta-oe/recipes-support/openldap/openldap/openldap-CVE-2015-3276.patch
@@ -12,6 +12,8 @@ unknown vectors.
 
 Upstream-Status: Pending
 
+CVE: CVE-2015-3276
+
 Signed-off-by: Li Wang 
 ---
  libraries/libldap/tls_m.c |   27 ---
-- 
2.7.4

-- 
___
Openembedded-devel mailing list
Openembedded-devel@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-devel

[oe] [meta-webserver][PATCH] apache2: set CVE_PRODUCT

[Chen Qi]

Signed-off-by: Chen Qi 
---
 meta-webserver/recipes-httpd/apache2/apache2_2.4.34.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta-webserver/recipes-httpd/apache2/apache2_2.4.34.bb 
b/meta-webserver/recipes-httpd/apache2/apache2_2.4.34.bb
index a87e384..80c8b20 100644
--- a/meta-webserver/recipes-httpd/apache2/apache2_2.4.34.bb
+++ b/meta-webserver/recipes-httpd/apache2/apache2_2.4.34.bb
@@ -31,6 +31,8 @@ S = "${WORKDIR}/httpd-${PV}"
 
 inherit autotools update-rc.d pkgconfig systemd update-alternatives
 
+CVE_PRODUCT = "http_server"
+
 ALTERNATIVE_${PN}-doc = "htpasswd.1"
 ALTERNATIVE_LINK_NAME[htpasswd.1] = "${mandir}/man1/htpasswd.1"
 
-- 
2.7.4

-- 
___
Openembedded-devel mailing list
Openembedded-devel@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-devel