Re: [OE-core] [PATCH V2 1/1] bitbake.conf: add ssh to HOSTTOOLS_NONFATAL
On Tue, Oct 17, 2017 at 10:31:11AM +0800, ChenQi wrote: > On 10/17/2017 10:18 AM, Denys Dmytriyenko wrote: > >On Tue, Oct 17, 2017 at 09:46:32AM +0800, Chen Qi wrote: > >>We changed to make tools required by testimage to be included conditionally. > >>This resulted in users who use ssh for git fetching having failures. > >> > >>Add ssh to HOSTTOOLS_NONFATAL to make things work for the above situation. > >> > >>[YOCTO #12227] > >> > >>Signed-off-by: Chen Qi> >>--- > >1. Why don't people specify what has changed between v1 and v2 of the patch? > > It's in [OE-core] [PATCH V2 0/1] bitbake.conf: add ssh to > HOSTTOOLS_NONFATAL. The changelog between patch revisions? > >2. A corrected/sorted patch already went in earlier: > >http://cgit.openembedded.org/openembedded-core/commit/?id=50e7619aebae5351e9a41fe1b909a31b9e383f0a > > Sorry. My carelessness. > I should have checked the latest master. > > Best Regards, > Chen Qi > > > >> meta/conf/bitbake.conf | 2 +- > >> 1 file changed, 1 insertion(+), 1 deletion(-) > >> > >>diff --git a/meta/conf/bitbake.conf b/meta/conf/bitbake.conf > >>index 0eefb86..4fba9d6 100644 > >>--- a/meta/conf/bitbake.conf > >>+++ b/meta/conf/bitbake.conf > >>@@ -487,7 +487,7 @@ HOSTTOOLS += " \ > >> HOSTTOOLS += "${@['', 'ip ping ps scp ssh > >> stty'][bb.data.inherits_class('testimage', d)]}" > >> # Link to these if present > >>-HOSTTOOLS_NONFATAL += "aws ccache gcc-ar gpg ld.bfd ld.gold nc sftp socat > >>sudo" > >>+HOSTTOOLS_NONFATAL += "aws ccache gcc-ar gpg ld.bfd ld.gold nc sftp socat > >>ssh sudo" > >> # Temporary add few more detected in bitbake world > >> HOSTTOOLS_NONFATAL += "join nl size yes zcat" > >>-- > >>1.9.1 > >> > >>-- > >>___ > >>Openembedded-core mailing list > >>Openembedded-core@lists.openembedded.org > >>http://lists.openembedded.org/mailman/listinfo/openembedded-core > > -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH V2 1/1] bitbake.conf: add ssh to HOSTTOOLS_NONFATAL
On 10/17/2017 10:18 AM, Denys Dmytriyenko wrote: On Tue, Oct 17, 2017 at 09:46:32AM +0800, Chen Qi wrote: We changed to make tools required by testimage to be included conditionally. This resulted in users who use ssh for git fetching having failures. Add ssh to HOSTTOOLS_NONFATAL to make things work for the above situation. [YOCTO #12227] Signed-off-by: Chen Qi--- 1. Why don't people specify what has changed between v1 and v2 of the patch? It's in [OE-core] [PATCH V2 0/1] bitbake.conf: add ssh to HOSTTOOLS_NONFATAL. 2. A corrected/sorted patch already went in earlier: http://cgit.openembedded.org/openembedded-core/commit/?id=50e7619aebae5351e9a41fe1b909a31b9e383f0a Sorry. My carelessness. I should have checked the latest master. Best Regards, Chen Qi meta/conf/bitbake.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/conf/bitbake.conf b/meta/conf/bitbake.conf index 0eefb86..4fba9d6 100644 --- a/meta/conf/bitbake.conf +++ b/meta/conf/bitbake.conf @@ -487,7 +487,7 @@ HOSTTOOLS += " \ HOSTTOOLS += "${@['', 'ip ping ps scp ssh stty'][bb.data.inherits_class('testimage', d)]}" # Link to these if present -HOSTTOOLS_NONFATAL += "aws ccache gcc-ar gpg ld.bfd ld.gold nc sftp socat sudo" +HOSTTOOLS_NONFATAL += "aws ccache gcc-ar gpg ld.bfd ld.gold nc sftp socat ssh sudo" # Temporary add few more detected in bitbake world HOSTTOOLS_NONFATAL += "join nl size yes zcat" -- 1.9.1 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] kexec-tools: add systemd support for kdump
Add file kdump.service to support kdump in systemd. Signed-off-by: Wenlin Kang--- meta/recipes-kernel/kexec/kexec-tools.inc | 1 + .../recipes-kernel/kexec/kexec-tools/kdump.service | 12 +++ meta/recipes-kernel/kexec/kexec-tools_2.0.14.bb| 23 +- 3 files changed, 31 insertions(+), 5 deletions(-) create mode 100644 meta/recipes-kernel/kexec/kexec-tools/kdump.service diff --git a/meta/recipes-kernel/kexec/kexec-tools.inc b/meta/recipes-kernel/kexec/kexec-tools.inc index bdfe024..c689bec 100644 --- a/meta/recipes-kernel/kexec/kexec-tools.inc +++ b/meta/recipes-kernel/kexec/kexec-tools.inc @@ -11,6 +11,7 @@ DEPENDS = "zlib xz" SRC_URI = "${KERNELORG_MIRROR}/linux/utils/kernel/kexec/kexec-tools-${PV}.tar.gz \ file://kdump \ file://kdump.conf \ + file://kdump.service \ " PR = "r1" diff --git a/meta/recipes-kernel/kexec/kexec-tools/kdump.service b/meta/recipes-kernel/kexec/kexec-tools/kdump.service new file mode 100644 index 000..4e65a46 --- /dev/null +++ b/meta/recipes-kernel/kexec/kexec-tools/kdump.service @@ -0,0 +1,12 @@ +[Unit] +Description=Reboot and dump vmcore via kexec +DefaultDependencies=no + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=@LIBEXECDIR@/kdump-helper start +ExecStop=@LIBEXECDIR@/kdump-helper stop + +[Install] +WantedBy=multi-user.target diff --git a/meta/recipes-kernel/kexec/kexec-tools_2.0.14.bb b/meta/recipes-kernel/kexec/kexec-tools_2.0.14.bb index bd89720..0f6398f1 100644 --- a/meta/recipes-kernel/kexec/kexec-tools_2.0.14.bb +++ b/meta/recipes-kernel/kexec/kexec-tools_2.0.14.bb @@ -34,19 +34,32 @@ ALLOW_EMPTY_${PN} = "1" RRECOMMENDS_${PN} = "kexec kdump vmcore-dmesg" FILES_kexec = "${sbindir}/kexec" -FILES_kdump = "${sbindir}/kdump ${sysconfdir}/init.d/kdump \ - ${sysconfdir}/sysconfig/kdump.conf" +FILES_kdump = "${sbindir}/kdump \ + ${sysconfdir}/sysconfig/kdump.conf \ + ${sysconfdir}/init.d/kdump \ + ${libexecdir}/kdump-helper \ + ${systemd_unitdir}/system/kdump.service \ +" + FILES_vmcore-dmesg = "${sbindir}/vmcore-dmesg" -inherit update-rc.d +inherit update-rc.d systemd INITSCRIPT_PACKAGES = "kdump" INITSCRIPT_NAME_kdump = "kdump" INITSCRIPT_PARAMS_kdump = "start 56 2 3 4 5 . stop 56 0 1 6 ." do_install_append () { -install -d ${D}${sysconfdir}/init.d -install -m 0755 ${WORKDIR}/kdump ${D}${sysconfdir}/init.d/kdump install -d ${D}${sysconfdir}/sysconfig install -m 0644 ${WORKDIR}/kdump.conf ${D}${sysconfdir}/sysconfig + +if ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'true', 'false', d)}; then +install -D -m 0755 ${WORKDIR}/kdump ${D}${sysconfdir}/init.d/kdump +fi + +if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then +install -D -m 0755 ${WORKDIR}/kdump ${D}${libexecdir}/kdump-helper +install -D -m 0644 ${WORKDIR}/kdump.service ${D}${systemd_unitdir}/system/kdump.service +sed -i -e 's,@LIBEXECDIR@,${libexecdir},g' ${D}${systemd_unitdir}/system/kdump.service +fi } -- 1.9.1 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH V2 1/1] bitbake.conf: add ssh to HOSTTOOLS_NONFATAL
On Tue, Oct 17, 2017 at 09:46:32AM +0800, Chen Qi wrote: > We changed to make tools required by testimage to be included conditionally. > This resulted in users who use ssh for git fetching having failures. > > Add ssh to HOSTTOOLS_NONFATAL to make things work for the above situation. > > [YOCTO #12227] > > Signed-off-by: Chen Qi> --- 1. Why don't people specify what has changed between v1 and v2 of the patch? 2. A corrected/sorted patch already went in earlier: http://cgit.openembedded.org/openembedded-core/commit/?id=50e7619aebae5351e9a41fe1b909a31b9e383f0a > meta/conf/bitbake.conf | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/meta/conf/bitbake.conf b/meta/conf/bitbake.conf > index 0eefb86..4fba9d6 100644 > --- a/meta/conf/bitbake.conf > +++ b/meta/conf/bitbake.conf > @@ -487,7 +487,7 @@ HOSTTOOLS += " \ > HOSTTOOLS += "${@['', 'ip ping ps scp ssh > stty'][bb.data.inherits_class('testimage', d)]}" > > # Link to these if present > -HOSTTOOLS_NONFATAL += "aws ccache gcc-ar gpg ld.bfd ld.gold nc sftp socat > sudo" > +HOSTTOOLS_NONFATAL += "aws ccache gcc-ar gpg ld.bfd ld.gold nc sftp socat > ssh sudo" > > # Temporary add few more detected in bitbake world > HOSTTOOLS_NONFATAL += "join nl size yes zcat" > -- > 1.9.1 > > -- > ___ > Openembedded-core mailing list > Openembedded-core@lists.openembedded.org > http://lists.openembedded.org/mailman/listinfo/openembedded-core -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] ✗ patchtest: failure for bitbake.conf: add ssh to HOSTTOOLS_NONFATAL
== Series Details == Series: bitbake.conf: add ssh to HOSTTOOLS_NONFATAL Revision: 1 URL : https://patchwork.openembedded.org/series/9370/ State : failure == Summary == Thank you for submitting this patch series to OpenEmbedded Core. This is an automated response. Several tests have been executed on the proposed series by patchtest resulting in the following failures: * Issue Series does not apply on top of target branch [test_series_merge_on_head] Suggested fixRebase your series on top of targeted branch Targeted branch master (currently at 3b413a8057) If you believe any of these test results are incorrect, please reply to the mailing list (openembedded-core@lists.openembedded.org) raising your concerns. Otherwise we would appreciate you correcting the issues and submitting a new version of the patchset if applicable. Please ensure you add/increment the version number when sending the new version (i.e. [PATCH] -> [PATCH v2] -> [PATCH v3] -> ...). --- Test framework: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest Test suite: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest-oe -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH V2 1/1] bitbake.conf: add ssh to HOSTTOOLS_NONFATAL
We changed to make tools required by testimage to be included conditionally. This resulted in users who use ssh for git fetching having failures. Add ssh to HOSTTOOLS_NONFATAL to make things work for the above situation. [YOCTO #12227] Signed-off-by: Chen Qi--- meta/conf/bitbake.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/conf/bitbake.conf b/meta/conf/bitbake.conf index 0eefb86..4fba9d6 100644 --- a/meta/conf/bitbake.conf +++ b/meta/conf/bitbake.conf @@ -487,7 +487,7 @@ HOSTTOOLS += " \ HOSTTOOLS += "${@['', 'ip ping ps scp ssh stty'][bb.data.inherits_class('testimage', d)]}" # Link to these if present -HOSTTOOLS_NONFATAL += "aws ccache gcc-ar gpg ld.bfd ld.gold nc sftp socat sudo" +HOSTTOOLS_NONFATAL += "aws ccache gcc-ar gpg ld.bfd ld.gold nc sftp socat ssh sudo" # Temporary add few more detected in bitbake world HOSTTOOLS_NONFATAL += "join nl size yes zcat" -- 1.9.1 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH V2 0/1] bitbake.conf: add ssh to HOSTTOOLS_NONFATAL
V2 * Change to keep the alphabetical order. The following changes since commit 96967261993f8b583b51cdeccbb1fd06042d2192: bitbake: toaster/highlight.pack.js: Fix corrupted file (2017-10-10 11:05:08 +0100) are available in the git repository at: git://git.pokylinux.org/poky-contrib ChenQi/bug12227 http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=ChenQi/bug12227 Chen Qi (1): bitbake.conf: add ssh to HOSTTOOLS_NONFATAL meta/conf/bitbake.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- 1.9.1 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH v5 3/3] weston: Bump version to 3.0.0
On Mon, Oct 16, 2017 at 09:34:04PM +0100, Burton, Ross wrote: > On 16 October 2017 at 18:30, Otavio Salvador < > otavio.salva...@ossystems.com.br> wrote: > > > > > > + > > > file://weston-gl-renderer-Set-pitch-correctly-for-subsampled-textures.patch > > \ > > > + file://fix-missing-header.patch \ > > > > Those should be documented on commit log > > > > > Agreed. The missing header one should say what platform causes it to be a > problem (in case it never gets upstreamed and someone tests it again on > just glibc). > And is the pitch patch sufficiently broken that we need to backport it? My point exactly - doesn't seem to be a very broad problem... -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] ✗ patchtest: failure for "[v2] perl-native: upgrade from..." and 4 more
== Series Details == Series: "[v2] perl-native: upgrade from..." and 4 more Revision: 1 URL : https://patchwork.openembedded.org/series/9366/ State : failure == Summary == Thank you for submitting this patch series to OpenEmbedded Core. This is an automated response. Several tests have been executed on the proposed series by patchtest resulting in the following failures: * Issue Upstream-Status is in incorrect format [test_upstream_status_format] Suggested fixFix Upstream-Status format in meta/recipes-devtools/perl/perl/PPPort_pm-fix-require.patch so it is one of: Pending, Submitted, Accepted, Backport, Denied, Inappropriate * Issue Added patch file is missing Upstream-Status in the header [test_upstream_status_presence] Suggested fixAdd Upstream-Status: to the header of meta/recipes-devtools/perl/perl/native-nopacklist-native.patch (possible values: Pending, Submitted, Accepted, Backport, Denied, Inappropriate) If you believe any of these test results are incorrect, please reply to the mailing list (openembedded-core@lists.openembedded.org) raising your concerns. Otherwise we would appreciate you correcting the issues and submitting a new version of the patchset if applicable. Please ensure you add/increment the version number when sending the new version (i.e. [PATCH] -> [PATCH v2] -> [PATCH v3] -> ...). --- Test framework: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest Test suite: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest-oe -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH][krogoth] wpa_supplicant: fix WPA2 key replay security bug
WPA2 is vulnerable to replay attacks which result in unauthenticated users having access to the network. * CVE-2017-13077: reinstallation of the pairwise key in the Four-way handshake * CVE-2017-13078: reinstallation of the group key in the Four-way handshake * CVE-2017-13079: reinstallation of the integrity group key in the Four-way handshake * CVE-2017-13080: reinstallation of the group key in the Group Key handshake * CVE-2017-13081: reinstallation of the integrity group key in the Group Key handshake * CVE-2017-13082: accepting a retransmitted Fast BSS Transition Reassociation Request and reinstalling the pairwise key while processing it * CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake * CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame * CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame Backport patches from upstream to resolve these CVEs. Signed-off-by: Ross Burton--- .../wpa-supplicant/key-replay-cve-multiple.patch | 939 + .../wpa-supplicant/wpa-supplicant_2.5.bb | 1 + 2 files changed, 940 insertions(+) create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple.patch diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple.patch new file mode 100644 index 000..32fad29cf63 --- /dev/null +++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple.patch @@ -0,0 +1,939 @@ +The WPA2 four-way handshake protocol is vulnerable to replay attacks which can +result in unauthenticated clients gaining access to the network. + +Backport a number of patches from upstream to fix this. + +CVE: CVE-2017-13077 +CVE: CVE-2017-13078 +CVE: CVE-2017-13079 +CVE: CVE-2017-13080 +CVE: CVE-2017-13081 +CVE: CVE-2017-13082 +CVE: CVE-2017-13086 +CVE: CVE-2017-13087 +CVE: CVE-2017-13088 + +Thanks to Wind River for the backport from upstream master to wpa_supplicant +2.5. + +Upstream-Status: Backport +Signed-off-by: Ross Burton + +From 9a4a0f78bb2ad516d4a295fb5d042f8a61bd3f47 Mon Sep 17 00:00:00 2001 +From: Haiqing Bai +Date: Thu, 12 Oct 2017 10:13:17 +0800 +Subject: [PATCH 1/7] hostapd: Avoid key reinstallation in FT handshake + +Do not reinstall TK to the driver during Reassociation Response frame +processing if the first attempt of setting the TK succeeded. This avoids +issues related to clearing the TX/RX PN that could result in reusing +same PN values for transmitted frames (e.g., due to CCM nonce reuse and +also hitting replay protection on the receiver) and accepting replayed +frames on RX side. + +This issue was introduced by the commit +0e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in +authenticator') which allowed wpa_ft_install_ptk() to be called multiple +times with the same PTK. While the second configuration attempt is +needed with some drivers, it must be done only if the first attempt +failed. + +Signed-off-by: Mathy Vanhoef + +Upstream-Status: Backport + +Signed-off-by: Haiqing Bai +--- + src/ap/wpa_auth.c| 9 + + src/ap/wpa_auth.h| 3 ++- + src/ap/wpa_auth_ft.c | 10 ++ + src/ap/wpa_auth_i.h | 1 + + 4 files changed, 22 insertions(+), 1 deletion(-) + +diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c +index 2760a3f..b38a64d 100644 +--- a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c +@@ -1740,6 +1740,9 @@ int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event) + #else /* CONFIG_IEEE80211R */ + break; + #endif /* CONFIG_IEEE80211R */ ++ case WPA_DRV_STA_REMOVED: ++ sm->tk_already_set = FALSE; ++ return 0; + } + + #ifdef CONFIG_IEEE80211R +@@ -3208,6 +3211,12 @@ int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm) + return sm->wpa; + } + ++int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm) ++{ ++ if (!sm || !wpa_key_mgmt_ft(sm->wpa_key_mgmt)) ++ return 0; ++ return sm->tk_already_set; ++} + + int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm, +struct rsn_pmksa_cache_entry *entry) +diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h +index fd04f16..3e53461 100644 +--- a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h +@@ -258,7 +258,7 @@ void wpa_receive(struct wpa_authenticator *wpa_auth, +u8 *data, size_t data_len); + enum wpa_event { + WPA_AUTH, WPA_ASSOC, WPA_DISASSOC, WPA_DEAUTH, WPA_REAUTH, +- WPA_REAUTH_EAPOL, WPA_ASSOC_FT ++ WPA_REAUTH_EAPOL, WPA_ASSOC_FT,
[OE-core] [PATCH v2 5/5] ruby: upgrade to 2.4.2
From: Leonardo SandovalThe CVE-2017-14064 patch is already at 2.4.2 as explained on project's commit, so removing from the recipe & repo. commit 83735ba29a0bfdaffa8e9c2a1dc025c3b0b63153 Author: hsbt Date: Wed Apr 12 00:21:18 2017 + Merge json-2.0.4. * https://github.com/flori/json/releases/tag/v2.0.4 * https://github.com/flori/json/blob/09fabeb03e73ed88dc8ce8f19d76ac59e51dae20/CHANGES.md#2017-03-23-204 git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@58323 b2dd03c8-39d4-4d8f-98ff-823fe69b080e Signed-off-by: Leonardo Sandoval --- .../ruby/ruby/ruby-CVE-2017-14064.patch| 87 -- .../ruby/{ruby_2.4.1.bb => ruby_2.4.2.bb} | 5 +- 2 files changed, 2 insertions(+), 90 deletions(-) delete mode 100644 meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-14064.patch rename meta/recipes-devtools/ruby/{ruby_2.4.1.bb => ruby_2.4.2.bb} (88%) diff --git a/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-14064.patch b/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-14064.patch deleted file mode 100644 index 88e693c94e..00 --- a/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-14064.patch +++ /dev/null @@ -1,87 +0,0 @@ -From 8f782fd8e181d9cfe9387ded43a5ca9692266b85 Mon Sep 17 00:00:00 2001 -From: Florian Frank -Date: Thu, 2 Mar 2017 12:12:33 +0100 -Subject: [PATCH] Fix arbitrary heap exposure problem - -Upstream-Status: Backport -CVE: CVE-2017-14064 - -Signed-off-by: Ovidiu Panait - ext/json/generator/generator.c | 12 ++-- - ext/json/generator/generator.h | 1 - - 2 files changed, 6 insertions(+), 7 deletions(-) - -diff --git a/ext/json/generator/generator.c b/ext/json/generator/generator.c -index ef85bb7..c88818c 100644 a/ext/json/generator/generator.c -+++ b/ext/json/generator/generator.c -@@ -308,7 +308,7 @@ static char *fstrndup(const char *ptr, unsigned long len) { - char *result; - if (len <= 0) return NULL; - result = ALLOC_N(char, len); -- memccpy(result, ptr, 0, len); -+ memcpy(result, ptr, len); - return result; - } - -@@ -1062,7 +1062,7 @@ static VALUE cState_indent_set(VALUE self, VALUE indent) - } - } else { - if (state->indent) ruby_xfree(state->indent); --state->indent = strdup(RSTRING_PTR(indent)); -+state->indent = fstrndup(RSTRING_PTR(indent), len); - state->indent_len = len; - } - return Qnil; -@@ -1100,7 +1100,7 @@ static VALUE cState_space_set(VALUE self, VALUE space) - } - } else { - if (state->space) ruby_xfree(state->space); --state->space = strdup(RSTRING_PTR(space)); -+state->space = fstrndup(RSTRING_PTR(space), len); - state->space_len = len; - } - return Qnil; -@@ -1136,7 +1136,7 @@ static VALUE cState_space_before_set(VALUE self, VALUE space_before) - } - } else { - if (state->space_before) ruby_xfree(state->space_before); --state->space_before = strdup(RSTRING_PTR(space_before)); -+state->space_before = fstrndup(RSTRING_PTR(space_before), len); - state->space_before_len = len; - } - return Qnil; -@@ -1173,7 +1173,7 @@ static VALUE cState_object_nl_set(VALUE self, VALUE object_nl) - } - } else { - if (state->object_nl) ruby_xfree(state->object_nl); --state->object_nl = strdup(RSTRING_PTR(object_nl)); -+state->object_nl = fstrndup(RSTRING_PTR(object_nl), len); - state->object_nl_len = len; - } - return Qnil; -@@ -1208,7 +1208,7 @@ static VALUE cState_array_nl_set(VALUE self, VALUE array_nl) - } - } else { - if (state->array_nl) ruby_xfree(state->array_nl); --state->array_nl = strdup(RSTRING_PTR(array_nl)); -+state->array_nl = fstrndup(RSTRING_PTR(array_nl), len); - state->array_nl_len = len; - } - return Qnil; -diff --git a/ext/json/generator/generator.h b/ext/json/generator/generator.h -index 900b4d5..c367a62 100644 a/ext/json/generator/generator.h -+++ b/ext/json/generator/generator.h -@@ -1,7 +1,6 @@ - #ifndef _GENERATOR_H_ - #define _GENERATOR_H_ - --#include - #include - #include - --- -2.10.2 - diff --git a/meta/recipes-devtools/ruby/ruby_2.4.1.bb b/meta/recipes-devtools/ruby/ruby_2.4.2.bb similarity index 88% rename from meta/recipes-devtools/ruby/ruby_2.4.1.bb rename to meta/recipes-devtools/ruby/ruby_2.4.2.bb index 7d27ac84ec..b471154a22 100644 --- a/meta/recipes-devtools/ruby/ruby_2.4.1.bb +++ b/meta/recipes-devtools/ruby/ruby_2.4.2.bb @@ -6,11 +6,10 @@ SRC_URI += " \ file://ruby-CVE-2017-9227.patch \ file://ruby-CVE-2017-9228.patch \ file://ruby-CVE-2017-9229.patch \ - file://ruby-CVE-2017-14064.patch \ " -SRC_URI[md5sum] =
[OE-core] [PATCH v2 3/5] git.inc: remove sed statement removing SVN lines from .packlist
From: Leonardo SandovalThe git-perltools package created with perl 5.26.1 does not contain the .packlist file thus there is no need to sed on this file. More general, the buildhistory-diff tool shows the following changes on the related package, clearly indicating that .packlist is not there anymore. diff --git a/packages/i586-poky-linux/git/git-perltools/files-in-package.txt b/packages/i586-poky-linux/git/git-perltools/files-in-package.txt index 0780bf9..f5b70f6 100644 --- a/packages/i586-poky-linux/git/git-perltools/files-in-package.txt +++ b/packages/i586-poky-linux/git/git-perltools/files-in-package.txt @@ -1,7 +1,7 @@ drwxr-xr-x root root 61 ./usr drwxr-xr-x root root 26 ./usr/lib drwxr-xr-x root root 30 ./usr/libexec -drwxr-xr-x root root 269 ./usr/libexec/git-core +drwxr-xr-x root root 288 ./usr/libexec/git-core -rwxr-xr-x root root42296 ./usr/libexec/git-core/git-add--interactive -rwxr-xr-x root root 2323504 ./usr/libexec/git-core/git-am -rwxr-xr-x root root36973 ./usr/libexec/git-core/git-archimport @@ -12,18 +12,28 @@ drwxr-xr-x root root 269 ./usr/libexec/git-core -rwxr-xr-x root root 3702 ./usr/libexec/git-core/git-request-pull -rwxr-xr-x root root52159 ./usr/libexec/git-core/git-send-email -rwxr-xr-x root root28086 ./usr/libexec/git-core/git-submodule +-rwxr-xr-x root root64175 ./usr/libexec/git-core/git-svn drwxr-xr-x root root 31 ./usr/lib/perl drwxr-xr-x root root 28 ./usr/lib/perl/site_perl -drwxr-xr-x root root 104 ./usr/lib/perl/site_perl/5.24.1 -drwxr-xr-x root root 25 ./usr/lib/perl/site_perl/5.24.1/auto -drwxr-xr-x root root 31 ./usr/lib/perl/site_perl/5.24.1/auto/Git --rw-r--r-- root root 1115 ./usr/lib/perl/site_perl/5.24.1/auto/Git/.packlist --r--r--r-- root root19087 ./usr/lib/perl/site_perl/5.24.1/Error.pm -drwxr-xr-x root root 53 ./usr/lib/perl/site_perl/5.24.1/Git --r--r--r-- root root 2473 ./usr/lib/perl/site_perl/5.24.1/Git/I18N.pm --r--r--r-- root root 644 ./usr/lib/perl/site_perl/5.24.1/Git/IndexInfo.pm --r--r--r-- root root48000 ./usr/lib/perl/site_perl/5.24.1/Git.pm --rw-r--r-- root root 226 ./usr/lib/perl/site_perl/5.24.1/perllocal.pod +drwxr-xr-x root root 88 ./usr/lib/perl/site_perl/5.26.1 +-r--r--r-- root root19087 ./usr/lib/perl/site_perl/5.26.1/Error.pm +drwxr-xr-x root root 86 ./usr/lib/perl/site_perl/5.26.1/Git +-r--r--r-- root root 2473 ./usr/lib/perl/site_perl/5.26.1/Git/I18N.pm +-r--r--r-- root root 644 ./usr/lib/perl/site_perl/5.26.1/Git/IndexInfo.pm +-r--r--r-- root root48000 ./usr/lib/perl/site_perl/5.26.1/Git.pm +drwxr-xr-x root root 195 ./usr/lib/perl/site_perl/5.26.1/Git/SVN +-r--r--r-- root root16945 ./usr/lib/perl/site_perl/5.26.1/Git/SVN/Editor.pm +-r--r--r-- root root18575 ./usr/lib/perl/site_perl/5.26.1/Git/SVN/Fetcher.pm +-r--r--r-- root root 1798 ./usr/lib/perl/site_perl/5.26.1/Git/SVN/GlobSpec.pm +-r--r--r-- root root 9564 ./usr/lib/perl/site_perl/5.26.1/Git/SVN/Log.pm +drwxr-xr-x root root 29 ./usr/lib/perl/site_perl/5.26.1/Git/SVN/Memoize +-r--r--r-- root root 1748 ./usr/lib/perl/site_perl/5.26.1/Git/SVN/Memoize/YAML.pm +-r--r--r-- root root 8145 ./usr/lib/perl/site_perl/5.26.1/Git/SVN/Migration.pm +-r--r--r-- root root71721 ./usr/lib/perl/site_perl/5.26.1/Git/SVN.pm +-r--r--r-- root root 5319 ./usr/lib/perl/site_perl/5.26.1/Git/SVN/Prompt.pm +-r--r--r-- root root19358 ./usr/lib/perl/site_perl/5.26.1/Git/SVN/Ra.pm +-r--r--r-- root root 4586 ./usr/lib/perl/site_perl/5.26.1/Git/SVN/Utils.pm +-rw-r--r-- root root 226 ./usr/lib/perl/site_perl/5.26.1/perllocal.pod Signed-off-by: Leonardo Sandoval --- meta/recipes-devtools/git/git.inc | 1 - 1 file changed, 1 deletion(-) diff --git a/meta/recipes-devtools/git/git.inc b/meta/recipes-devtools/git/git.inc index 9b4c1284d2..06ff27c70b 100644 --- a/meta/recipes-devtools/git/git.inc +++ b/meta/recipes-devtools/git/git.inc @@ -73,7 +73,6 @@ perl_native_fixup () {
[OE-core] [PATCH v2 1/5] perl-native: upgrade from 5.24.1 to 5.26.1
From: Leonardo SandovalPatch Name # Status at 5.26.1 file://Configure-multilib.patch# Already merged in 5.26.1, so removed it file://perl-configpm-switch.patch # Applies as it is file://native-nopacklist.patch # Rebased it to 5.26.1 file://native-perlinc.patch# Already merged in 5.26.1, so removed it file://MM_Unix.pm.patch# Rebased it to 5.26.1 file://debian/errno_ver.diff # Applies as it is file://dynaloaderhack.patch# Applies as it is lfile://perl-PathTools-don-t-filter-out-blib-from-INC.patch# Already merged in 5.26.1, so removed it file://0001-Configure-Remove-fstack-protector-strong-for-native-.patch # Applies as it is Signed-off-by: Leonardo Sandoval --- ...perl-native_5.24.1.bb => perl-native_5.26.1.bb} | 10 +++--- ...emove-fstack-protector-strong-for-native-.patch | 1 + meta/recipes-devtools/perl/perl/MM_Unix.pm.patch | 9 ++--- .../perl/perl/native-nopacklist.patch | 40 +++--- 4 files changed, 37 insertions(+), 23 deletions(-) rename meta/recipes-devtools/perl/{perl-native_5.24.1.bb => perl-native_5.26.1.bb} (93%) diff --git a/meta/recipes-devtools/perl/perl-native_5.24.1.bb b/meta/recipes-devtools/perl/perl-native_5.26.1.bb similarity index 93% rename from meta/recipes-devtools/perl/perl-native_5.24.1.bb rename to meta/recipes-devtools/perl/perl-native_5.26.1.bb index e01d11fbed..8f5b872cbc 100644 --- a/meta/recipes-devtools/perl/perl-native_5.24.1.bb +++ b/meta/recipes-devtools/perl/perl-native_5.26.1.bb @@ -7,19 +7,17 @@ DEPENDS += "gdbm-native zlib-native" EXTRA_OEMAKE = "-e MAKEFLAGS=" SRC_URI += "\ - file://Configure-multilib.patch \ file://perl-configpm-switch.patch \ file://native-nopacklist.patch \ - file://native-perlinc.patch \ file://MM_Unix.pm.patch \ file://debian/errno_ver.diff \ file://dynaloaderhack.patch \ - file://perl-PathTools-don-t-filter-out-blib-from-INC.patch \ file://0001-Configure-Remove-fstack-protector-strong-for-native-.patch \ - " + " + +SRC_URI[md5sum] = "70e988b4318739b0cf3ad5e120bfde88" +SRC_URI[sha256sum] = "fe8208133e73e47afc3251c08d2c21c5a60160165a8ab8b669c43a420e4ec680" -SRC_URI[md5sum] = "af6a84c7c3e2b8b269c105a5db2f6d53" -SRC_URI[sha256sum] = "03a77bac4505c270f1890ece75afc7d4b555090b41aa41ea478747e23b2afb3f" inherit native diff --git a/meta/recipes-devtools/perl/perl/0001-Configure-Remove-fstack-protector-strong-for-native-.patch b/meta/recipes-devtools/perl/perl/0001-Configure-Remove-fstack-protector-strong-for-native-.patch index 14a05d291b..36cd8939c3 100644 --- a/meta/recipes-devtools/perl/perl/0001-Configure-Remove-fstack-protector-strong-for-native-.patch +++ b/meta/recipes-devtools/perl/perl/0001-Configure-Remove-fstack-protector-strong-for-native-.patch @@ -15,6 +15,7 @@ Upstream-Status: Inappropriate [configuration] [1] http://errors.yoctoproject.org/Errors/Details/109589/ Signed-off-by: Aníbal Limón +Signed-off-by: Leonardo Sandoval --- Configure | 54 -- 1 file changed, 54 deletions(-) diff --git a/meta/recipes-devtools/perl/perl/MM_Unix.pm.patch b/meta/recipes-devtools/perl/perl/MM_Unix.pm.patch index eb92ccb678..cdae438d2c 100644 --- a/meta/recipes-devtools/perl/perl/MM_Unix.pm.patch +++ b/meta/recipes-devtools/perl/perl/MM_Unix.pm.patch @@ -7,16 +7,17 @@ To get the MakeMaker.pm works in this case, we need perl wrapper here instead of real perl binary. Signed-off-by: Wenzong Fan +Signed-off-by: Leonardo Sandoval === --- perl-5.12.3/cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_Unix.pm.orig 2011-08-12 16:07:30.0 +0800 +++ perl-5.12.3/cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_Unix.pm 2011-08-12 16:08:56.0 +0800 -@@ -1019,6 +1019,9 @@ +@@ -1110,6 +1110,9 @@ WARNING } foreach my $name (@$names){ +# Getting MakeMaker.pm use perl wrapper instead of 'perl.real' directly +$name =~ s/perl\.real/perl/ if ($name =~ /perl\.real/); + - foreach my $dir (@$dirs){ - next unless defined $dir; # $self->{PERL_SRC} may be undefined - my ($abs, $val); + my ($abs, $use_dir); + if ($self->file_name_is_absolute($name)) { # /foo/bar + $abs = $name; diff --git a/meta/recipes-devtools/perl/perl/native-nopacklist.patch b/meta/recipes-devtools/perl/perl/native-nopacklist.patch index 5482dcb79c..993f3302bf 100644 --- a/meta/recipes-devtools/perl/perl/native-nopacklist.patch +++
[OE-core] [PATCH v2 4/5] libxml-namespacesupport-perl: upgrade to 1.12.9
From: Leonardo SandovalSigned-off-by: Leonardo Sandoval --- .../perl/libxml-namespacesupport-perl_1.12.9.bb| 35 ++ .../perl/libxml-namespacesupport-perl_1.12.bb | 23 -- 2 files changed, 35 insertions(+), 23 deletions(-) create mode 100644 meta/recipes-extended/perl/libxml-namespacesupport-perl_1.12.9.bb delete mode 100644 meta/recipes-extended/perl/libxml-namespacesupport-perl_1.12.bb diff --git a/meta/recipes-extended/perl/libxml-namespacesupport-perl_1.12.9.bb b/meta/recipes-extended/perl/libxml-namespacesupport-perl_1.12.9.bb new file mode 100644 index 00..a7d26ea38c --- /dev/null +++ b/meta/recipes-extended/perl/libxml-namespacesupport-perl_1.12.9.bb @@ -0,0 +1,35 @@ +SUMMARY = "Perl module for supporting simple generic namespaces" +HOMEPAGE = "http://veillard.com/XML/; +DESCRIPTION = "XML::NamespaceSupport offers a simple way to process namespace-based XML names. \ +It also helps maintain a prefix-to-namespace URI map, and provides a number of \ +basic checks. " + +SECTION = "libs" +LICENSE = "Artistic-1.0 | GPL-1.0+" +PR = "r3" + +LIC_FILES_CHKSUM = "file://META.yml;beginline=22;endline=22;md5=9ca1a4a941496e7feedac72c4fb8b137" + +# the upstream project complicate a bit url generartion on point release, using a underscore +# instead of a point on URL, i.e 1.12_9 instead of 1.12.9 +python () { +baseurl = "http://search.cpan.org/CPAN/authors/id/P/PE/PERIGRIN/XML-NamespaceSupport; +pv = d.getVar('PV') +pvsplit = pv.split('.') + +if len(pvsplit) != 3: +d.setVar('SRC_URI', "%s-%s.tar.gz" % (baseurl, pv)) +d.setVar('S', "${WORKDIR}/XML-NamespaceSupport-${PV}") +else: +pvx, pvy, pvz = pvsplit +d.setVar('SRC_URI', "%s-%s.%s_%s.tar.gz" % (baseurl, pvx, pvy, pvz)) +d.setVar('S', "${WORKDIR}/XML-NamespaceSupport-%s.%s_%s" % (pvx, pvy, pvz)) +} + +SRC_URI[md5sum] = "165927a311fb640961b28607035beab8" +SRC_URI[sha256sum] = "2e84a057f0a8c845a612d212742cb94fca4fc8a433150b5721bd448f77d1e4a9" + +inherit cpan + +BBCLASSEXTEND="native" + diff --git a/meta/recipes-extended/perl/libxml-namespacesupport-perl_1.12.bb b/meta/recipes-extended/perl/libxml-namespacesupport-perl_1.12.bb deleted file mode 100644 index 3498a286d4..00 --- a/meta/recipes-extended/perl/libxml-namespacesupport-perl_1.12.bb +++ /dev/null @@ -1,23 +0,0 @@ -SUMMARY = "Perl module for supporting simple generic namespaces" -HOMEPAGE = "http://veillard.com/XML/; -DESCRIPTION = "XML::NamespaceSupport offers a simple way to process namespace-based XML names. \ -It also helps maintain a prefix-to-namespace URI map, and provides a number of \ -basic checks. " - -SECTION = "libs" -LICENSE = "Artistic-1.0 | GPL-1.0+" -PR = "r3" - -LIC_FILES_CHKSUM = "file://META.yml;beginline=22;endline=22;md5=9ca1a4a941496e7feedac72c4fb8b137" - -SRC_URI = "http://search.cpan.org/CPAN/authors/id/P/PE/PERIGRIN/XML-NamespaceSupport-${PV}.tar.gz; -SRC_URI[md5sum] = "a8916c6d095bcf073e1108af02e78c97" -SRC_URI[sha256sum] = "47e995859f8dd0413aa3f22d350c4a62da652e854267aa0586ae544ae2bae5ef" - - -S = "${WORKDIR}/XML-NamespaceSupport-${PV}" - -inherit cpan - -BBCLASSEXTEND="native" - -- 2.12.3 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH v2 2/5] perl: upgrade to 5.26.1
From: Leonardo SandovalHighlights: * Patches rebased to 5.26.1 and just one removed * Several configs values taken from upstream script uconfig[64].sh were introduced in config.sh, avoiding pre-processor issues. * Several libraries paths now included a './' as prefix, because by default, @INC does not include the dot-slash anymore. More info at [1] * Manifypods is excluded from compilation due to compilation errors (see patch for more info) * New perl creates a static library (/auto/Unicode/Normalize/Normalize.a) thus there is a new staticdev package New packages included (compared to previous version): perl-module-math-bigint-lib perl-module-test2 perl-module-test2-api perl-module-test2-api-breakage perl-module-test2-api-context perl-module-test2-api-instance perl-module-test2-api-stack perl-module-test2-event perl-module-test2-event-bail perl-module-test2-event-diag perl-module-test2-event-encoding perl-module-test2-event-exception perl-module-test2-event-generic perl-module-test2-event-info perl-module-test2-event-note perl-module-test2-event-ok perl-module-test2-event-plan perl-module-test2-event-skip perl-module-test2-event-subtest perl-module-test2-event-tap-version perl-module-test2-event-waiting perl-module-test2-formatter perl-module-test2-formatter-tap perl-module-test2-hub perl-module-test2-hub-interceptor perl-module-test2-hub-interceptor-terminator perl-module-test2-hub-subtest perl-module-test2-ipc perl-module-test2-ipc-driver perl-module-test2-ipc-driver-files perl-module-test2-tools-tiny perl-module-test2-util perl-module-test2-util-externalmeta perl-module-test2-util-hashbase perl-module-test2-util-trace perl-module-test-builder-formatter perl-module-test-builder-tododiag perl-module-unicode-collate-locale-de-at-ph perl-module-unicode-collate-locale-fr-ca perl-module-unicode-collate-locale-he perl-module-unicode-collate-locale-ug-cyrl perl-module-unicode-collate-locale-vo perl-module-unicode-normalize-staticdev [1] https://wiki.gentoo.org/wiki/Project:Perl/5.26_Known_Issues Signed-off-by: Leonardo Sandoval --- ...depends_5.24.1.inc => perl-rdepends_5.26.1.inc} | 0 meta/recipes-devtools/perl/perl/Makefile.SH.patch | 82 +- .../perl/perl/PPPort_pm-fix-require.patch | 28 .../perl/perl/PPPort_xs-fix-require.patch | 36 .../perl/perl/avoid-manifypods.patch | 28 .../perl/collade-makefile-use-local-mkheader.patch | 29 meta/recipes-devtools/perl/perl/config.sh | 83 ++ meta/recipes-devtools/perl/perl/config.sh-32 | 2 + meta/recipes-devtools/perl/perl/config.sh-64 | 2 + .../perl/perl/debian/fixes/respect_umask.diff | 26 +-- .../perl/perl/debian/no_packlist_perllocal.diff| 25 +-- .../perl/perl/debian/prefix_changes.diff | 33 ++-- .../perl/perl/debian/writable_site_dirs.diff | 14 +- .../perl/perl/letgcc-find-errno.patch | 26 ++- .../perl/perl/native-nopacklist-native.patch | 29 .../perl/perl/native-nopacklist-partial.patch | 95 +++ ...-PathTools-don-t-filter-out-blib-from-INC.patch | 22 +-- ...erl-fix-conflict-between-skip_all-and-END.patch | 181 - .../perl/perl/perl-test-customized.patch | 123 +++--- .../perl/perl/pport_h-fix-require.patch| 42 + .../perl/perl/utils-Makefile-force-miniperl.patch | 28 .../perl/perl/write_buildcustomize.patch | 40 + .../perl/{perl_5.24.1.bb => perl_5.26.1.bb}| 14 +- 23 files changed, 621 insertions(+), 367 deletions(-) rename meta/recipes-devtools/perl/{perl-rdepends_5.24.1.inc => perl-rdepends_5.26.1.inc} (100%) create mode 100644 meta/recipes-devtools/perl/perl/PPPort_pm-fix-require.patch create mode 100644 meta/recipes-devtools/perl/perl/PPPort_xs-fix-require.patch create mode 100644 meta/recipes-devtools/perl/perl/avoid-manifypods.patch create mode 100644 meta/recipes-devtools/perl/perl/collade-makefile-use-local-mkheader.patch create mode 100644 meta/recipes-devtools/perl/perl/native-nopacklist-native.patch create mode 100644 meta/recipes-devtools/perl/perl/native-nopacklist-partial.patch delete mode 100644 meta/recipes-devtools/perl/perl/perl-fix-conflict-between-skip_all-and-END.patch create mode 100644 meta/recipes-devtools/perl/perl/pport_h-fix-require.patch create mode 100644 meta/recipes-devtools/perl/perl/utils-Makefile-force-miniperl.patch create mode 100644 meta/recipes-devtools/perl/perl/write_buildcustomize.patch rename meta/recipes-devtools/perl/{perl_5.24.1.bb => perl_5.26.1.bb} (94%) diff --git a/meta/recipes-devtools/perl/perl-rdepends_5.24.1.inc
Re: [OE-core] [PATCH] python3-numpy: upgrade to 1.13.3
On 10/16/2017 04:45 PM, Burton, Ross wrote: > On 11 October 2017 at 22:15, Jose Lamego> wrote: > >> -SRC_URI[md5sum] = "6d459e4a24f5035f720dda3c57716a92" >> -SRC_URI[sha256sum] = "de020ec06f1e9ce1115a50161a38bf >> 8d4c2525379900f9cb478cc613a1e7cd93" >> +SRC_URI[md5sum] = "c1d433e5973e548809e80c9118474b73" >> +SRC_URI[sha256sum] = "4c6b4eef790528bebb7ec9590d74cc >> 193868940fe68e4109a91c196df" >> > ERROR: python3-numpy-1.13.3-r0 do_fetch: Fetcher failure for URL: ' > https://github.com/numpy/numpy/releases/download/v1.13.3/numpy-1.13.3.tar.gz'. > Checksum mismatch! > File: '/home/ross/Yocto/downloads/numpy-1.13.3.tar.gz' has sha256 checksum > 4c6b4eef790528bebb7ec9590d74cc193868940fe68e4109a91c196df72d8094 when > 4c6b4eef790528bebb7ec9590d74cc193868940fe68e4109a91c196df was expected > If this change is expected (e.g. you have upgraded to a new version without > updating the checksums) then you can use these lines within the recipe: > SRC_URI[md5sum] = "c1d433e5973e548809e80c9118474b73" > SRC_URI[sha256sum] = > "4c6b4eef790528bebb7ec9590d74cc193868940fe68e4109a91c196df72d8094" > > Looks like the copy/paste for the checksum was truncated, no idea how this > built! > > I've fixed locally and am build testing now. I'm pretty sure this was my mistake. Thanks > > Ross > -- Jose Lamego | OTC Embedded Platform & Tools | GDC -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH] python3-numpy: upgrade to 1.13.3
On 11 October 2017 at 22:15, Jose Lamegowrote: > -SRC_URI[md5sum] = "6d459e4a24f5035f720dda3c57716a92" > -SRC_URI[sha256sum] = "de020ec06f1e9ce1115a50161a38bf > 8d4c2525379900f9cb478cc613a1e7cd93" > +SRC_URI[md5sum] = "c1d433e5973e548809e80c9118474b73" > +SRC_URI[sha256sum] = "4c6b4eef790528bebb7ec9590d74cc > 193868940fe68e4109a91c196df" > ERROR: python3-numpy-1.13.3-r0 do_fetch: Fetcher failure for URL: ' https://github.com/numpy/numpy/releases/download/v1.13.3/numpy-1.13.3.tar.gz'. Checksum mismatch! File: '/home/ross/Yocto/downloads/numpy-1.13.3.tar.gz' has sha256 checksum 4c6b4eef790528bebb7ec9590d74cc193868940fe68e4109a91c196df72d8094 when 4c6b4eef790528bebb7ec9590d74cc193868940fe68e4109a91c196df was expected If this change is expected (e.g. you have upgraded to a new version without updating the checksums) then you can use these lines within the recipe: SRC_URI[md5sum] = "c1d433e5973e548809e80c9118474b73" SRC_URI[sha256sum] = "4c6b4eef790528bebb7ec9590d74cc193868940fe68e4109a91c196df72d8094" Looks like the copy/paste for the checksum was truncated, no idea how this built! I've fixed locally and am build testing now. Ross -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH] wayland-protocols: upgrade to 1.11
On 16 October 2017 at 21:54, Denys Dmytriyenkowrote: > On Mon, Oct 16, 2017 at 09:31:49PM +0100, Burton, Ross wrote: > > On 16 October 2017 at 18:48, Denys Dmytriyenko wrote: > > > > > On Fri, Oct 13, 2017 at 12:28:25PM -0400, Denys Dmytriyenko wrote: > > > > On Fri, Oct 13, 2017 at 12:33:35PM +0100, Burton, Ross wrote: > > > > > On 12 October 2017 at 20:35, Denys Dmytriyenko > > > wrote: > > > > > > > > > > > From: Denys Dmytriyenko > > > > > > > > > > > > Signed-off-by: Denys Dmytriyenko > > > > > > > > > > > > > > > > One day I'll figure out why quilt appears to be non-deterministic > about > > > > > this but: > > > > > > > > > > ERROR: wayland-protocols-1.11-r0 do_patch: Command Error: 'quilt > > > --quiltrc > > > > > /data/poky-tmp/master/build/work/all-poky-linux/wayland- > > > protocols/1.11-r0/recipe-sysroot-native/etc/quiltrc > > > > > push' exited with 0 Output: > > > > > Applying patch usesysrootprefixforpkgdatadirvariable.patch > > > > > > > > I don't see this patch in master. Works fine in distroless and poky > from > > > > master. > > > > > > Ping. > > > > The patch fails here, so I'm waiting for a v2. > > As I said above - there's no usesysrootprefixforpkgdatadirvariable.patch > in > wayland-protocols recipe in master, master-next or rocko branches: > > http://cgit.openembedded.org/openembedded-core/tree/meta/ > recipes-graphics/wayland/wayland-protocols_1.10.bb > > Are you sure you don't have something in your local tree? > Damnit, yes. There's an earlier series to remove the nasty hacks. I realised this when I saw your first reply to my patch but then forgot again, sorry! One of them needs to land first, and they won. Wait for master to re-open, or rebase on top of ross/mut. Ross -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH] wayland-protocols: upgrade to 1.11
On Mon, Oct 16, 2017 at 09:31:49PM +0100, Burton, Ross wrote: > On 16 October 2017 at 18:48, Denys Dmytriyenkowrote: > > > On Fri, Oct 13, 2017 at 12:28:25PM -0400, Denys Dmytriyenko wrote: > > > On Fri, Oct 13, 2017 at 12:33:35PM +0100, Burton, Ross wrote: > > > > On 12 October 2017 at 20:35, Denys Dmytriyenko > > wrote: > > > > > > > > > From: Denys Dmytriyenko > > > > > > > > > > Signed-off-by: Denys Dmytriyenko > > > > > > > > > > > > > One day I'll figure out why quilt appears to be non-deterministic about > > > > this but: > > > > > > > > ERROR: wayland-protocols-1.11-r0 do_patch: Command Error: 'quilt > > --quiltrc > > > > /data/poky-tmp/master/build/work/all-poky-linux/wayland- > > protocols/1.11-r0/recipe-sysroot-native/etc/quiltrc > > > > push' exited with 0 Output: > > > > Applying patch usesysrootprefixforpkgdatadirvariable.patch > > > > > > I don't see this patch in master. Works fine in distroless and poky from > > > master. > > > > Ping. > > The patch fails here, so I'm waiting for a v2. As I said above - there's no usesysrootprefixforpkgdatadirvariable.patch in wayland-protocols recipe in master, master-next or rocko branches: http://cgit.openembedded.org/openembedded-core/tree/meta/recipes-graphics/wayland/wayland-protocols_1.10.bb Are you sure you don't have something in your local tree? -- Denys -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH v5 3/3] weston: Bump version to 3.0.0
On 16 October 2017 at 18:30, Otavio Salvador < otavio.salva...@ossystems.com.br> wrote: > > > + > > file://weston-gl-renderer-Set-pitch-correctly-for-subsampled-textures.patch > \ > > + file://fix-missing-header.patch \ > > Those should be documented on commit log > > Agreed. The missing header one should say what platform causes it to be a problem (in case it never gets upstreamed and someone tests it again on just glibc). And is the pitch patch sufficiently broken that we need to backport it? Ross -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH] wayland-protocols: upgrade to 1.11
On 16 October 2017 at 18:48, Denys Dmytriyenkowrote: > On Fri, Oct 13, 2017 at 12:28:25PM -0400, Denys Dmytriyenko wrote: > > On Fri, Oct 13, 2017 at 12:33:35PM +0100, Burton, Ross wrote: > > > On 12 October 2017 at 20:35, Denys Dmytriyenko > wrote: > > > > > > > From: Denys Dmytriyenko > > > > > > > > Signed-off-by: Denys Dmytriyenko > > > > > > > > > > One day I'll figure out why quilt appears to be non-deterministic about > > > this but: > > > > > > ERROR: wayland-protocols-1.11-r0 do_patch: Command Error: 'quilt > --quiltrc > > > /data/poky-tmp/master/build/work/all-poky-linux/wayland- > protocols/1.11-r0/recipe-sysroot-native/etc/quiltrc > > > push' exited with 0 Output: > > > Applying patch usesysrootprefixforpkgdatadirvariable.patch > > > > I don't see this patch in master. Works fine in distroless and poky from > > master. > > Ping. > The patch fails here, so I'm waiting for a v2. Ross -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH v5 3/3] weston: Bump version to 3.0.0
On Mon, Oct 16, 2017 at 03:30:34PM -0200, Otavio Salvador wrote: > On Mon, Oct 16, 2017 at 3:21 PM, Fabien Lahoudere >wrote: > > Signed-off-by: Fabien Lahoudere > > --- > > .../wayland/weston/fix-missing-header.patch| 18 +++ > > ...t-pitch-correctly-for-subsampled-textures.patch | 55 > > ++ > > .../wayland/{weston_2.0.0.bb => weston_3.0.0.bb} | 17 +++ > > 3 files changed, 82 insertions(+), 8 deletions(-) > > create mode 100644 > > meta/recipes-graphics/wayland/weston/fix-missing-header.patch > > create mode 100644 > > meta/recipes-graphics/wayland/weston/weston-gl-renderer-Set-pitch-correctly-for-subsampled-textures.patch > > rename meta/recipes-graphics/wayland/{weston_2.0.0.bb => weston_3.0.0.bb} > > (89%) > > > > diff --git a/meta/recipes-graphics/wayland/weston/fix-missing-header.patch > > b/meta/recipes-graphics/wayland/weston/fix-missing-header.patch > > new file mode 100644 > > index 00..5db3a17393 > > --- /dev/null > > +++ b/meta/recipes-graphics/wayland/weston/fix-missing-header.patch > > @@ -0,0 +1,18 @@ > > +Fix missing header > > + > > +Upstream-Status: Pending > > + > > +Signed-off-by: Fabien Lahoudere > > + > > +Index: weston-3.0.0/shared/timespec-util.h > > +=== > > +--- weston-3.0.0.orig/shared/timespec-util.h > > weston-3.0.0/shared/timespec-util.h > > +@@ -28,6 +28,7 @@ > > + > > + #include > > + #include > > ++#include > > + > > + #define NSEC_PER_SEC 10 > > + > > diff --git > > a/meta/recipes-graphics/wayland/weston/weston-gl-renderer-Set-pitch-correctly-for-subsampled-textures.patch > > > > b/meta/recipes-graphics/wayland/weston/weston-gl-renderer-Set-pitch-correctly-for-subsampled-textures.patch > > new file mode 100644 > > index 00..69284a9616 > > --- /dev/null > > +++ > > b/meta/recipes-graphics/wayland/weston/weston-gl-renderer-Set-pitch-correctly-for-subsampled-textures.patch > > @@ -0,0 +1,55 @@ > > +Multi-plane sub-sampled textures have partial width/height, e.g. > > +YUV420/I420 has a full-size Y plane, followed by a half-width/height U > > +plane, and a half-width/height V plane. > > + > > +zwp_linux_dmabuf_v1 allows clients to pass an explicit pitch for each > > +plane, but for wl_shm this must be inferred. gl-renderer was correctly > > +accounting for the width and height when subsampling, but the pitch was > > +being taken as the pitch for the first plane. > > + > > +This does not match the requirements for GStreamer's waylandsink, in > > +particular, as well as other clients. Fix the SHM upload path to > > +correctly set the pitch for each plane, according to subsampling. > > + > > +Tested with: > > + $ gst-launch-1.0 videotestsrc ! waylandsink > > + > > +Upstream-status: Backport [https://patchwork.freedesktop.org/patch/180767/] > > + > > +Signed-off-by: Daniel Stone > > +Fixes: fdeefe42418 ("gl-renderer: add support of WL_SHM_FORMAT_YUV420") > > +Reported-by: Fabien Lahoudere > > +Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=103063 > > + > > +--- > > + libweston/gl-renderer.c | 4 ++-- > > + 1 file changed, 2 insertions(+), 2 deletions(-) > > + > > +diff --git a/libweston/gl-renderer.c b/libweston/gl-renderer.c > > +index 244ce309..40bf0bb6 100644 > > +--- a/libweston/gl-renderer.c > > b/libweston/gl-renderer.c > > +@@ -1445,14 +1445,13 @@ gl_renderer_flush_damage(struct weston_surface > > *surface) > > + goto done; > > + } > > + > > +- glPixelStorei(GL_UNPACK_ROW_LENGTH_EXT, gs->pitch); > > +- > > + if (gs->needs_full_upload) { > > + glPixelStorei(GL_UNPACK_SKIP_PIXELS_EXT, 0); > > + glPixelStorei(GL_UNPACK_SKIP_ROWS_EXT, 0); > > + wl_shm_buffer_begin_access(buffer->shm_buffer); > > + for (j = 0; j < gs->num_textures; j++) { > > + glBindTexture(GL_TEXTURE_2D, gs->textures[j]); > > ++ glPixelStorei(GL_UNPACK_ROW_LENGTH_EXT, gs->pitch / > > gs->hsub[j]); > > + glTexImage2D(GL_TEXTURE_2D, 0, > > +gs->gl_format[j], > > +gs->pitch / gs->hsub[j], > > +@@ -1477,6 +1476,7 @@ gl_renderer_flush_damage(struct weston_surface > > *surface) > > + glPixelStorei(GL_UNPACK_SKIP_ROWS_EXT, r.y1); > > + for (j = 0; j < gs->num_textures; j++) { > > + glBindTexture(GL_TEXTURE_2D, gs->textures[j]); > > ++ glPixelStorei(GL_UNPACK_ROW_LENGTH_EXT, gs->pitch / > > gs->hsub[j]); > > + glTexSubImage2D(GL_TEXTURE_2D, 0, > > + r.x1 / gs->hsub[j], > > + r.y1 / gs->vsub[j], > > diff --git
Re: [OE-core] ✗ patchtest: failure for "README.qemu: qemuppc64 is not ..." and 1 more
On Mon, 16 Oct 2017 14:39:45 -0400 Randy MacLeodwrote: > On 2017-10-16 12:00 PM, Patchwork wrote: > > == Series Details == > > > > Series: "README.qemu: qemuppc64 is not ..." and 1 more > > Revision: 1 > > URL : https://patchwork.openembedded.org/series/9358/ > > State : failure > > > > == Summary == > > > > > > Thank you for submitting this patch series to OpenEmbedded Core. This is > > an automated response. Several tests have been executed on the proposed > > series by patchtest resulting in the following failures: > > > > > > > > * Issue Added patch file is missing Upstream-Status in the > > header [test_upstream_status_presence] > >Suggested fixAdd Upstream-Status: to the header of > > meta/recipes-connectivity/openssl/openssl-1.0.2l/0001-openssl-force-soft-link-to-avoid-rare-race.patch > > (possible values: Pending, Submitted, Accepted, Backport, Denied, > > Inappropriate) > > > > I have: > Upstream-status: Inappropriate [build rules rewrite in progress] > > patchtest rules should be case insensitive most of the time and > particularly for the first character of words in a labels so > [Uu]pstream-[Ss]tatus: is okay but not uPsTrEaM-sTaTuS: This is a topic what have been discussed before and agreed to be strict and make it case sensitive. One of the reason (perhaps not the strongest) for the latter is that it makes much easier the scripting part but there may be other reasons that I can recall. > > Also is there a list server for privately reviewing a patch by email? > I looked at setting up patchtest locally but got distracted when the > setup seemed to take more than a few minutes. Maybe I just need > to focus for longer... on your current branch, just run the patchtest script located at scripts/contrib/, that would provide basically the same log as the one gotten from patchwork. > > > ../Randy > > > > > > > If you believe any of these test results are incorrect, please reply to the > > mailing list (openembedded-core@lists.openembedded.org) raising your > > concerns. > > Otherwise we would appreciate you correcting the issues and submitting a new > > version of the patchset if applicable. Please ensure you add/increment the > > version number when sending the new version (i.e. [PATCH] -> [PATCH v2] -> > > [PATCH v3] -> ...). > > > > --- > > Test framework: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest > > Test suite: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest-oe > > > > > > > -- > # Randy MacLeod. WR Linux > # Wind River an Intel Company > -- > ___ > Openembedded-core mailing list > Openembedded-core@lists.openembedded.org > http://lists.openembedded.org/mailman/listinfo/openembedded-core -- Leonardo Sandoval -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH][pyro] wpa_supplicant: fix WPA2 key replay security bug
WPA2 is vulnerable to replay attacks which result in unauthenticated users having access to the network. * CVE-2017-13077: reinstallation of the pairwise key in the Four-way handshake * CVE-2017-13078: reinstallation of the group key in the Four-way handshake * CVE-2017-13079: reinstallation of the integrity group key in the Four-way handshake * CVE-2017-13080: reinstallation of the group key in the Group Key handshake * CVE-2017-13081: reinstallation of the integrity group key in the Group Key handshake * CVE-2017-13082: accepting a retransmitted Fast BSS Transition Reassociation Request and reinstalling the pairwise key while processing it * CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake * CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame * CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame Backport patches from upstream to resolve these CVEs. Signed-off-by: Ross Burton--- .../wpa-supplicant/key-replay-cve-multiple.patch | 1025 .../wpa-supplicant/wpa-supplicant_2.6.bb |1 + 2 files changed, 1026 insertions(+) create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple.patch diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple.patch new file mode 100644 index 000..436520fe64b --- /dev/null +++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple.patch @@ -0,0 +1,1025 @@ +The WPA2 four-way handshake protocol is vulnerable to replay attacks which can +result in unauthenticated clients gaining access to the network. + +Backport a number of patches from upstream to fix this. + +CVE: CVE-2017-13077 +CVE: CVE-2017-13078 +CVE: CVE-2017-13079 +CVE: CVE-2017-13080 +CVE: CVE-2017-13081 +CVE: CVE-2017-13082 +CVE: CVE-2017-13086 +CVE: CVE-2017-13087 +CVE: CVE-2017-13088 + +Upstream-Status: Backport +Signed-off-by: Ross Burton + +From cf4cab804c7afd5c45505528a8d16e46163243a2 Mon Sep 17 00:00:00 2001 +From: Mathy Vanhoef +Date: Fri, 14 Jul 2017 15:15:35 +0200 +Subject: [PATCH 1/8] hostapd: Avoid key reinstallation in FT handshake + +Do not reinstall TK to the driver during Reassociation Response frame +processing if the first attempt of setting the TK succeeded. This avoids +issues related to clearing the TX/RX PN that could result in reusing +same PN values for transmitted frames (e.g., due to CCM nonce reuse and +also hitting replay protection on the receiver) and accepting replayed +frames on RX side. + +This issue was introduced by the commit +0e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in +authenticator') which allowed wpa_ft_install_ptk() to be called multiple +times with the same PTK. While the second configuration attempt is +needed with some drivers, it must be done only if the first attempt +failed. + +Signed-off-by: Mathy Vanhoef +--- + src/ap/ieee802_11.c | 16 +--- + src/ap/wpa_auth.c| 11 +++ + src/ap/wpa_auth.h| 3 ++- + src/ap/wpa_auth_ft.c | 10 ++ + src/ap/wpa_auth_i.h | 1 + + 5 files changed, 37 insertions(+), 4 deletions(-) + +diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c +index 4e04169..333035f 100644 +--- a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c +@@ -1841,6 +1841,7 @@ static int add_associated_sta(struct hostapd_data *hapd, + { + struct ieee80211_ht_capabilities ht_cap; + struct ieee80211_vht_capabilities vht_cap; ++ int set = 1; + + /* +* Remove the STA entry to ensure the STA PS state gets cleared and +@@ -1848,9 +1849,18 @@ static int add_associated_sta(struct hostapd_data *hapd, +* FT-over-the-DS, where a station re-associates back to the same AP but +* skips the authentication flow, or if working with a driver that +* does not support full AP client state. ++ * ++ * Skip this if the STA has already completed FT reassociation and the ++ * TK has been configured since the TX/RX PN must not be reset to 0 for ++ * the same key. +*/ +- if (!sta->added_unassoc) ++ if (!sta->added_unassoc && ++ (!(sta->flags & WLAN_STA_AUTHORIZED) || ++ !wpa_auth_sta_ft_tk_already_set(sta->wpa_sm))) { + hostapd_drv_sta_remove(hapd, sta->addr); ++ wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED); ++ set = 0; ++ } + + #ifdef CONFIG_IEEE80211N + if (sta->flags & WLAN_STA_HT) +@@ -1873,11 +1883,11 @@ static int add_associated_sta(struct hostapd_data *hapd, +
[OE-core] [PATCH][morty] wpa_supplicant: fix WPA2 key replay security bug
WPA2 is vulnerable to replay attacks which result in unauthenticated users having access to the network. * CVE-2017-13077: reinstallation of the pairwise key in the Four-way handshake * CVE-2017-13078: reinstallation of the group key in the Four-way handshake * CVE-2017-13079: reinstallation of the integrity group key in the Four-way handshake * CVE-2017-13080: reinstallation of the group key in the Group Key handshake * CVE-2017-13081: reinstallation of the integrity group key in the Group Key handshake * CVE-2017-13082: accepting a retransmitted Fast BSS Transition Reassociation Request and reinstalling the pairwise key while processing it * CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake * CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame * CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame Backport patches from upstream to resolve these CVEs. Signed-off-by: Ross Burton--- .../wpa-supplicant/key-replay-cve-multiple.patch | 939 + .../wpa-supplicant/wpa-supplicant_2.5.bb | 1 + 2 files changed, 940 insertions(+) create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple.patch diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple.patch new file mode 100644 index 000..32fad29cf63 --- /dev/null +++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple.patch @@ -0,0 +1,939 @@ +The WPA2 four-way handshake protocol is vulnerable to replay attacks which can +result in unauthenticated clients gaining access to the network. + +Backport a number of patches from upstream to fix this. + +CVE: CVE-2017-13077 +CVE: CVE-2017-13078 +CVE: CVE-2017-13079 +CVE: CVE-2017-13080 +CVE: CVE-2017-13081 +CVE: CVE-2017-13082 +CVE: CVE-2017-13086 +CVE: CVE-2017-13087 +CVE: CVE-2017-13088 + +Thanks to Wind River for the backport from upstream master to wpa_supplicant +2.5. + +Upstream-Status: Backport +Signed-off-by: Ross Burton + +From 9a4a0f78bb2ad516d4a295fb5d042f8a61bd3f47 Mon Sep 17 00:00:00 2001 +From: Haiqing Bai +Date: Thu, 12 Oct 2017 10:13:17 +0800 +Subject: [PATCH 1/7] hostapd: Avoid key reinstallation in FT handshake + +Do not reinstall TK to the driver during Reassociation Response frame +processing if the first attempt of setting the TK succeeded. This avoids +issues related to clearing the TX/RX PN that could result in reusing +same PN values for transmitted frames (e.g., due to CCM nonce reuse and +also hitting replay protection on the receiver) and accepting replayed +frames on RX side. + +This issue was introduced by the commit +0e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in +authenticator') which allowed wpa_ft_install_ptk() to be called multiple +times with the same PTK. While the second configuration attempt is +needed with some drivers, it must be done only if the first attempt +failed. + +Signed-off-by: Mathy Vanhoef + +Upstream-Status: Backport + +Signed-off-by: Haiqing Bai +--- + src/ap/wpa_auth.c| 9 + + src/ap/wpa_auth.h| 3 ++- + src/ap/wpa_auth_ft.c | 10 ++ + src/ap/wpa_auth_i.h | 1 + + 4 files changed, 22 insertions(+), 1 deletion(-) + +diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c +index 2760a3f..b38a64d 100644 +--- a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c +@@ -1740,6 +1740,9 @@ int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event) + #else /* CONFIG_IEEE80211R */ + break; + #endif /* CONFIG_IEEE80211R */ ++ case WPA_DRV_STA_REMOVED: ++ sm->tk_already_set = FALSE; ++ return 0; + } + + #ifdef CONFIG_IEEE80211R +@@ -3208,6 +3211,12 @@ int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm) + return sm->wpa; + } + ++int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm) ++{ ++ if (!sm || !wpa_key_mgmt_ft(sm->wpa_key_mgmt)) ++ return 0; ++ return sm->tk_already_set; ++} + + int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm, +struct rsn_pmksa_cache_entry *entry) +diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h +index fd04f16..3e53461 100644 +--- a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h +@@ -258,7 +258,7 @@ void wpa_receive(struct wpa_authenticator *wpa_auth, +u8 *data, size_t data_len); + enum wpa_event { + WPA_AUTH, WPA_ASSOC, WPA_DISASSOC, WPA_DEAUTH, WPA_REAUTH, +- WPA_REAUTH_EAPOL, WPA_ASSOC_FT ++ WPA_REAUTH_EAPOL, WPA_ASSOC_FT,
Re: [OE-core] ✗ patchtest: failure for "README.qemu: qemuppc64 is not ..." and 1 more
On 2017-10-16 12:00 PM, Patchwork wrote: == Series Details == Series: "README.qemu: qemuppc64 is not ..." and 1 more Revision: 1 URL : https://patchwork.openembedded.org/series/9358/ State : failure == Summary == Thank you for submitting this patch series to OpenEmbedded Core. This is an automated response. Several tests have been executed on the proposed series by patchtest resulting in the following failures: * Issue Added patch file is missing Upstream-Status in the header [test_upstream_status_presence] Suggested fixAdd Upstream-Status: to the header of meta/recipes-connectivity/openssl/openssl-1.0.2l/0001-openssl-force-soft-link-to-avoid-rare-race.patch (possible values: Pending, Submitted, Accepted, Backport, Denied, Inappropriate) I have: Upstream-status: Inappropriate [build rules rewrite in progress] patchtest rules should be case insensitive most of the time and particularly for the first character of words in a labels so [Uu]pstream-[Ss]tatus: is okay but not uPsTrEaM-sTaTuS: Also is there a list server for privately reviewing a patch by email? I looked at setting up patchtest locally but got distracted when the setup seemed to take more than a few minutes. Maybe I just need to focus for longer... ../Randy If you believe any of these test results are incorrect, please reply to the mailing list (openembedded-core@lists.openembedded.org) raising your concerns. Otherwise we would appreciate you correcting the issues and submitting a new version of the patchset if applicable. Please ensure you add/increment the version number when sending the new version (i.e. [PATCH] -> [PATCH v2] -> [PATCH v3] -> ...). --- Test framework: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest Test suite: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest-oe -- # Randy MacLeod. WR Linux # Wind River an Intel Company -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH] nettle-ptest: fix a failing test
> It should look in paths relative to LD_LIBRARY_PATH, do you see it > doesn't happen ? > The problem is, for dlopen relative/absolute names LD_LIBRARY_PATH is not used. The man for dlopen says: If filename contains a slash ("/"), then it is interpreted as a (relative or absolute) pathname. Otherwise <...> if the dynamic linker at the time that the program was started, the environment variable LD_LIBRARY_PATH was defined to contain a colon-separated list of directories, then these are searched. -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH 1/2] systemctl-native: add target.wants to target regex
The regex for acceptable systemd WantedBy/RequiredBy targets does not include target.wants, so a line like this: WantedBy=multi-user.target.wants gets silently ignored, even though it works fine on a real system. Signed-off-by: Martin Kelly--- meta/recipes-core/systemd/systemd-systemctl/systemctl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-core/systemd/systemd-systemctl/systemctl b/meta/recipes-core/systemd/systemd-systemctl/systemctl index efad14ce17..6e5a1b7181 100755 --- a/meta/recipes-core/systemd/systemd-systemctl/systemctl +++ b/meta/recipes-core/systemd/systemd-systemctl/systemctl @@ -108,7 +108,7 @@ for service in $services; do # If any new unit types are added to systemd they should be added # to this regular expression. - unit_types_re='\.\(service\|socket\|device\|mount\|automount\|swap\|target\|path\|timer\|snapshot\)\s*$' + unit_types_re='\.\(service\|socket\|device\|mount\|automount\|swap\|target\|target\.wants\|path\|timer\|snapshot\)\s*$' if [ "$action" = "preset" ]; then action=`egrep -sh $service $ROOT/etc/systemd/user-preset/*.preset | cut -f1 -d' '` if [ -z "$action" ]; then -- 2.11.0 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH] wayland-protocols: upgrade to 1.11
On Fri, Oct 13, 2017 at 12:28:25PM -0400, Denys Dmytriyenko wrote: > On Fri, Oct 13, 2017 at 12:33:35PM +0100, Burton, Ross wrote: > > On 12 October 2017 at 20:35, Denys Dmytriyenkowrote: > > > > > From: Denys Dmytriyenko > > > > > > Signed-off-by: Denys Dmytriyenko > > > > > > > One day I'll figure out why quilt appears to be non-deterministic about > > this but: > > > > ERROR: wayland-protocols-1.11-r0 do_patch: Command Error: 'quilt --quiltrc > > /data/poky-tmp/master/build/work/all-poky-linux/wayland-protocols/1.11-r0/recipe-sysroot-native/etc/quiltrc > > push' exited with 0 Output: > > Applying patch usesysrootprefixforpkgdatadirvariable.patch > > I don't see this patch in master. Works fine in distroless and poky from > master. Ping. > > patching file wayland-protocols.pc.in > > Hunk #1 FAILED at 1. > > 1 out of 1 hunk FAILED -- rejects in file wayland-protocols.pc.in > > Patch usesysrootprefixforpkgdatadirvariable.patch can be reverse-applied > > > > Ross > -- > ___ > Openembedded-core mailing list > Openembedded-core@lists.openembedded.org > http://lists.openembedded.org/mailman/listinfo/openembedded-core -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] feature-arm-vfp.inc: drop unnecessary extra space from TUNE_CCARGS
The trailing space added to TUNE_CCARGS when appending -mfpu=XXX is unnecessary and leads to a double space in the final value. Signed-off-by: Andre McCurdy--- meta/conf/machine/include/arm/feature-arm-vfp.inc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/conf/machine/include/arm/feature-arm-vfp.inc b/meta/conf/machine/include/arm/feature-arm-vfp.inc index 667b609..7ae7456 100644 --- a/meta/conf/machine/include/arm/feature-arm-vfp.inc +++ b/meta/conf/machine/include/arm/feature-arm-vfp.inc @@ -5,8 +5,8 @@ TUNEVALID[vfp] = "Enable Vector Floating Point (vfp) unit." TUNE_CCARGS_MFPU .= "${@bb.utils.contains('TUNE_FEATURES', 'vfp', ' vfp', '', d)}" -TUNE_CCARGS .= "${@ (' -mfpu=%s ' % d.getVar('TUNE_CCARGS_MFPU').split()[-1]) if (d.getVar('TUNE_CCARGS_MFPU') != '') else ''}" -ARMPKGSFX_FPU = "${@ ('-%s'% d.getVar('TUNE_CCARGS_MFPU').split()[-1].replace('vfpv3-d16', 'vfpv3d16')) if (d.getVar('TUNE_CCARGS_MFPU') != '') else ''}" +TUNE_CCARGS .= "${@ (' -mfpu=%s' % d.getVar('TUNE_CCARGS_MFPU').split()[-1]) if (d.getVar('TUNE_CCARGS_MFPU') != '') else ''}" +ARMPKGSFX_FPU = "${@ ('-%s' % d.getVar('TUNE_CCARGS_MFPU').split()[-1].replace('vfpv3-d16', 'vfpv3d16')) if (d.getVar('TUNE_CCARGS_MFPU') != '') else ''}" TUNEVALID[callconvention-hard] = "Enable EABI hard float call convention, requires VFP." TUNE_CCARGS_MFLOAT = "${@ bb.utils.contains('TUNE_FEATURES', 'callconvention-hard', 'hard', 'softfp', d) if (d.getVar('TUNE_CCARGS_MFPU') != '') else '' }" -- 1.9.1 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH v5 3/3] weston: Bump version to 3.0.0
On Mon, Oct 16, 2017 at 3:21 PM, Fabien Lahouderewrote: > Signed-off-by: Fabien Lahoudere > --- > .../wayland/weston/fix-missing-header.patch| 18 +++ > ...t-pitch-correctly-for-subsampled-textures.patch | 55 > ++ > .../wayland/{weston_2.0.0.bb => weston_3.0.0.bb} | 17 +++ > 3 files changed, 82 insertions(+), 8 deletions(-) > create mode 100644 > meta/recipes-graphics/wayland/weston/fix-missing-header.patch > create mode 100644 > meta/recipes-graphics/wayland/weston/weston-gl-renderer-Set-pitch-correctly-for-subsampled-textures.patch > rename meta/recipes-graphics/wayland/{weston_2.0.0.bb => weston_3.0.0.bb} > (89%) > > diff --git a/meta/recipes-graphics/wayland/weston/fix-missing-header.patch > b/meta/recipes-graphics/wayland/weston/fix-missing-header.patch > new file mode 100644 > index 00..5db3a17393 > --- /dev/null > +++ b/meta/recipes-graphics/wayland/weston/fix-missing-header.patch > @@ -0,0 +1,18 @@ > +Fix missing header > + > +Upstream-Status: Pending > + > +Signed-off-by: Fabien Lahoudere > + > +Index: weston-3.0.0/shared/timespec-util.h > +=== > +--- weston-3.0.0.orig/shared/timespec-util.h > weston-3.0.0/shared/timespec-util.h > +@@ -28,6 +28,7 @@ > + > + #include > + #include > ++#include > + > + #define NSEC_PER_SEC 10 > + > diff --git > a/meta/recipes-graphics/wayland/weston/weston-gl-renderer-Set-pitch-correctly-for-subsampled-textures.patch > > b/meta/recipes-graphics/wayland/weston/weston-gl-renderer-Set-pitch-correctly-for-subsampled-textures.patch > new file mode 100644 > index 00..69284a9616 > --- /dev/null > +++ > b/meta/recipes-graphics/wayland/weston/weston-gl-renderer-Set-pitch-correctly-for-subsampled-textures.patch > @@ -0,0 +1,55 @@ > +Multi-plane sub-sampled textures have partial width/height, e.g. > +YUV420/I420 has a full-size Y plane, followed by a half-width/height U > +plane, and a half-width/height V plane. > + > +zwp_linux_dmabuf_v1 allows clients to pass an explicit pitch for each > +plane, but for wl_shm this must be inferred. gl-renderer was correctly > +accounting for the width and height when subsampling, but the pitch was > +being taken as the pitch for the first plane. > + > +This does not match the requirements for GStreamer's waylandsink, in > +particular, as well as other clients. Fix the SHM upload path to > +correctly set the pitch for each plane, according to subsampling. > + > +Tested with: > + $ gst-launch-1.0 videotestsrc ! waylandsink > + > +Upstream-status: Backport [https://patchwork.freedesktop.org/patch/180767/] > + > +Signed-off-by: Daniel Stone > +Fixes: fdeefe42418 ("gl-renderer: add support of WL_SHM_FORMAT_YUV420") > +Reported-by: Fabien Lahoudere > +Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=103063 > + > +--- > + libweston/gl-renderer.c | 4 ++-- > + 1 file changed, 2 insertions(+), 2 deletions(-) > + > +diff --git a/libweston/gl-renderer.c b/libweston/gl-renderer.c > +index 244ce309..40bf0bb6 100644 > +--- a/libweston/gl-renderer.c > b/libweston/gl-renderer.c > +@@ -1445,14 +1445,13 @@ gl_renderer_flush_damage(struct weston_surface > *surface) > + goto done; > + } > + > +- glPixelStorei(GL_UNPACK_ROW_LENGTH_EXT, gs->pitch); > +- > + if (gs->needs_full_upload) { > + glPixelStorei(GL_UNPACK_SKIP_PIXELS_EXT, 0); > + glPixelStorei(GL_UNPACK_SKIP_ROWS_EXT, 0); > + wl_shm_buffer_begin_access(buffer->shm_buffer); > + for (j = 0; j < gs->num_textures; j++) { > + glBindTexture(GL_TEXTURE_2D, gs->textures[j]); > ++ glPixelStorei(GL_UNPACK_ROW_LENGTH_EXT, gs->pitch / > gs->hsub[j]); > + glTexImage2D(GL_TEXTURE_2D, 0, > +gs->gl_format[j], > +gs->pitch / gs->hsub[j], > +@@ -1477,6 +1476,7 @@ gl_renderer_flush_damage(struct weston_surface > *surface) > + glPixelStorei(GL_UNPACK_SKIP_ROWS_EXT, r.y1); > + for (j = 0; j < gs->num_textures; j++) { > + glBindTexture(GL_TEXTURE_2D, gs->textures[j]); > ++ glPixelStorei(GL_UNPACK_ROW_LENGTH_EXT, gs->pitch / > gs->hsub[j]); > + glTexSubImage2D(GL_TEXTURE_2D, 0, > + r.x1 / gs->hsub[j], > + r.y1 / gs->vsub[j], > diff --git a/meta/recipes-graphics/wayland/weston_2.0.0.bb > b/meta/recipes-graphics/wayland/weston_3.0.0.bb > similarity index 89% > rename from meta/recipes-graphics/wayland/weston_2.0.0.bb > rename to meta/recipes-graphics/wayland/weston_3.0.0.bb > index 8160f5556d..ad0cdc2b0f 100644 > ---
[OE-core] ✗ patchtest: failure for "[v5] wayland : Bump to version..." and 2 more
== Series Details == Series: "[v5] wayland : Bump to version..." and 2 more Revision: 1 URL : https://patchwork.openembedded.org/series/9362/ State : failure == Summary == Thank you for submitting this patch series to OpenEmbedded Core. This is an automated response. Several tests have been executed on the proposed series by patchtest resulting in the following failures: * Issue Added patch file is missing Upstream-Status in the header [test_upstream_status_presence] Suggested fixAdd Upstream-Status: to the header of meta/recipes-graphics/wayland/weston/weston-gl-renderer-Set-pitch-correctly-for-subsampled-textures.patch (possible values: Pending, Submitted, Accepted, Backport, Denied, Inappropriate) * Issue A patch file has been added, but does not have a Signed-off-by tag [test_signed_off_by_presence] Suggested fixSign off the added patch file (meta/recipes-graphics/wayland/wayland-protocols/usesysrootprefixforpkgdatadirvariable.patch) If you believe any of these test results are incorrect, please reply to the mailing list (openembedded-core@lists.openembedded.org) raising your concerns. Otherwise we would appreciate you correcting the issues and submitting a new version of the patchset if applicable. Please ensure you add/increment the version number when sending the new version (i.e. [PATCH] -> [PATCH v2] -> [PATCH v3] -> ...). --- Test framework: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest Test suite: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest-oe -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH v5 1/3] wayland : Bump to version 1.14.0
Bad serie please ignore. Sorry On Mon, 2017-10-16 at 19:21 +0200, Fabien Lahoudere wrote: > Signed-off-by: Fabien Lahoudere> --- > .../recipes-graphics/wayland/{wayland_1.13.0.bb => wayland_1.14.0.bb} | 4 > ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > rename meta/recipes-graphics/wayland/{wayland_1.13.0.bb => > wayland_1.14.0.bb} (92%) > > diff --git a/meta/recipes-graphics/wayland/wayland_1.13.0.bb b/meta/recipes- > graphics/wayland/wayland_1.14.0.bb > similarity index 92% > rename from meta/recipes-graphics/wayland/wayland_1.13.0.bb > rename to meta/recipes-graphics/wayland/wayland_1.14.0.bb > index b9396b6c75..2a2489d658 100644 > --- a/meta/recipes-graphics/wayland/wayland_1.13.0.bb > +++ b/meta/recipes-graphics/wayland/wayland_1.14.0.bb > @@ -14,8 +14,8 @@ DEPENDS = "expat libxml2 libffi wayland-native" > > SRC_URI = "https://wayland.freedesktop.org/releases/${BPN}-${PV}.tar.xz \ > " > -SRC_URI[md5sum] = "cae152ed956da6de53f9727bc1c45039" > -SRC_URI[sha256sum] = > "69b052c031a61e89af7cc8780893d0da1e301492352aa449dee9345043e6fe51" > +SRC_URI[md5sum] = "0235f6075c32c3be61cff94fa0b9f108" > +SRC_URI[sha256sum] = > "ed80cabc0961a759a42092e2c39aabfc1ec9a13c86c98bbe2b812f008da27ab8" > > inherit autotools pkgconfig > -- Fabien -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH v5 2/3] wayland-protocols: Fix installation patch issue
This patch also remove workaround to find wayland-protocols: WAYLAND_PROTOCOLS_SYSROOT_DIR=${RECIPE_SYSROOT} in: - gtk+3 - libsdl2 - xserver-xorg - gstreamer1.0-plugins-bad - weston-2.0.0 Signed-off-by: Fabien Lahoudere--- meta/recipes-gnome/gtk+/gtk+3.inc | 1 - meta/recipes-graphics/libsdl2/libsdl2_2.0.5.bb | 2 +- .../usesysrootprefixforpkgdatadirvariable.patch| 27 ++ .../wayland/wayland-protocols_1.10.bb | 1 + meta/recipes-graphics/wayland/weston_2.0.0.bb | 1 - .../recipes-graphics/xorg-xserver/xserver-xorg.inc | 1 - .../gstreamer/gstreamer1.0-plugins-bad_1.12.2.bb | 1 - 7 files changed, 29 insertions(+), 5 deletions(-) create mode 100644 meta/recipes-graphics/wayland/wayland-protocols/usesysrootprefixforpkgdatadirvariable.patch diff --git a/meta/recipes-gnome/gtk+/gtk+3.inc b/meta/recipes-gnome/gtk+/gtk+3.inc index 0a357db049..420ead2ca2 100644 --- a/meta/recipes-gnome/gtk+/gtk+3.inc +++ b/meta/recipes-gnome/gtk+/gtk+3.inc @@ -35,7 +35,6 @@ EXTRA_OECONF += " \ --enable-modules \ --disable-cups \ --disable-colord \ - WAYLAND_PROTOCOLS_SYSROOT_DIR=${RECIPE_SYSROOT} \ ${@bb.utils.contains("DISTRO_FEATURES", "x11", "", "--disable-gtk-doc", d)} \ " diff --git a/meta/recipes-graphics/libsdl2/libsdl2_2.0.5.bb b/meta/recipes-graphics/libsdl2/libsdl2_2.0.5.bb index 12d3aaf6f0..6bfa13200b 100644 --- a/meta/recipes-graphics/libsdl2/libsdl2_2.0.5.bb +++ b/meta/recipes-graphics/libsdl2/libsdl2_2.0.5.bb @@ -35,7 +35,7 @@ EXTRA_OECONF = "--disable-oss --disable-esd --disable-arts \ --enable-pthreads \ --enable-sdl-dlopen \ --disable-rpath \ -WAYLAND_PROTOCOLS_SYSROOT_DIR=${RECIPE_SYSROOT}" +" # opengl packageconfig factored out to make it easy for distros # and BSP layers to pick either (desktop) opengl, gles2, or no GL diff --git a/meta/recipes-graphics/wayland/wayland-protocols/usesysrootprefixforpkgdatadirvariable.patch b/meta/recipes-graphics/wayland/wayland-protocols/usesysrootprefixforpkgdatadirvariable.patch new file mode 100644 index 00..0922a4d2c2 --- /dev/null +++ b/meta/recipes-graphics/wayland/wayland-protocols/usesysrootprefixforpkgdatadirvariable.patch @@ -0,0 +1,27 @@ +From 875130ee3cbcf62266901ef4b91b9a0fb6adad43 Mon Sep 17 00:00:00 2001 +From: Tomek Bury +Date: Fri, 4 Aug 2017 16:16:38 +0100 +Subject: Use sysroot prefix for pkgdatadir variable + +The pc_sysroot is automatically added to cflags and libs but not +to 'pkg-config --variable' + +Upstream-Status: Backport [https://cgit.freedesktop.org/wayland/wayland-protocols/commit/?id=875130ee3cbcf62266901ef4b91b9a0fb6adad43] + +Reviewed-by: Daniel Stone + +diff --git a/wayland-protocols.pc.in b/wayland-protocols.pc.in +index a26744c..379be06 100644 +--- a/wayland-protocols.pc.in b/wayland-protocols.pc.in +@@ -1,6 +1,6 @@ + prefix=@prefix@ + datarootdir=@datarootdir@ +-pkgdatadir=@datadir@/@PACKAGE@ ++pkgdatadir=${pc_sysrootdir}@datadir@/@PACKAGE@ + + Name: Wayland Protocols + Description: Wayland protocol files +-- +cgit v0.10.2 + diff --git a/meta/recipes-graphics/wayland/wayland-protocols_1.10.bb b/meta/recipes-graphics/wayland/wayland-protocols_1.10.bb index 4f9e9f32bf..1ff12c607b 100644 --- a/meta/recipes-graphics/wayland/wayland-protocols_1.10.bb +++ b/meta/recipes-graphics/wayland/wayland-protocols_1.10.bb @@ -10,6 +10,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=c7b12b6702da38ca028ace54aae3d484 \ file://stable/presentation-time/presentation-time.xml;endline=26;md5=4646cd7d9edc9fa55db941f2d3a7dc53" SRC_URI = "https://wayland.freedesktop.org/releases/${BPN}-${PV}.tar.xz \ + file://usesysrootprefixforpkgdatadirvariable.patch \ " SRC_URI[md5sum] = "84a7846c2b6a6a3e265fc9be36453e60" SRC_URI[sha256sum] = "5719c51d7354864983171c5083e93a72ac99229e2b460c4bb10513de08839c0a" diff --git a/meta/recipes-graphics/wayland/weston_2.0.0.bb b/meta/recipes-graphics/wayland/weston_2.0.0.bb index 54b07bd6b9..8160f5556d 100644 --- a/meta/recipes-graphics/wayland/weston_2.0.0.bb +++ b/meta/recipes-graphics/wayland/weston_2.0.0.bb @@ -25,7 +25,6 @@ DEPENDS += "wayland wayland-protocols libinput virtual/egl pango wayland-native" EXTRA_OECONF = "--enable-setuid-install \ --disable-rdp-compositor \ -WAYLAND_PROTOCOLS_SYSROOT_DIR=${RECIPE_SYSROOT} \ " EXTRA_OECONF_append_qemux86 = "\ WESTON_NATIVE_BACKEND=fbdev-backend.so \ diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc b/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc index 863d80ce43..e8025de55f 100644 --- a/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc +++
[OE-core] [PATCH v5 1/3] wayland : Bump to version 1.14.0
Signed-off-by: Fabien Lahoudere--- .../recipes-graphics/wayland/{wayland_1.13.0.bb => wayland_1.14.0.bb} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename meta/recipes-graphics/wayland/{wayland_1.13.0.bb => wayland_1.14.0.bb} (92%) diff --git a/meta/recipes-graphics/wayland/wayland_1.13.0.bb b/meta/recipes-graphics/wayland/wayland_1.14.0.bb similarity index 92% rename from meta/recipes-graphics/wayland/wayland_1.13.0.bb rename to meta/recipes-graphics/wayland/wayland_1.14.0.bb index b9396b6c75..2a2489d658 100644 --- a/meta/recipes-graphics/wayland/wayland_1.13.0.bb +++ b/meta/recipes-graphics/wayland/wayland_1.14.0.bb @@ -14,8 +14,8 @@ DEPENDS = "expat libxml2 libffi wayland-native" SRC_URI = "https://wayland.freedesktop.org/releases/${BPN}-${PV}.tar.xz \ " -SRC_URI[md5sum] = "cae152ed956da6de53f9727bc1c45039" -SRC_URI[sha256sum] = "69b052c031a61e89af7cc8780893d0da1e301492352aa449dee9345043e6fe51" +SRC_URI[md5sum] = "0235f6075c32c3be61cff94fa0b9f108" +SRC_URI[sha256sum] = "ed80cabc0961a759a42092e2c39aabfc1ec9a13c86c98bbe2b812f008da27ab8" inherit autotools pkgconfig -- 2.11.0 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH 2/2] systemctl-native: explicitly check target validity
Currently, we parse systemd service files looking for valid WantedBy and RequiredBy lines. However, invalid lines get silently rejected, causing recipes to build correctly but then not get enabled in the rootfs. Add explicit checks for validity and print a message when an invalid target is found so that the user can fix these issues. Signed-off-by: Martin Kelly--- .../systemd/systemd-systemctl/systemctl| 37 ++ 1 file changed, 30 insertions(+), 7 deletions(-) diff --git a/meta/recipes-core/systemd/systemd-systemctl/systemctl b/meta/recipes-core/systemd/systemd-systemctl/systemctl index 6e5a1b7181..3bed407d9e 100755 --- a/meta/recipes-core/systemd/systemd-systemctl/systemctl +++ b/meta/recipes-core/systemd/systemd-systemctl/systemctl @@ -1,4 +1,24 @@ #!/bin/sh + +check_target_validity() { +local line_reg="$1" +local service_file="$2" +local unit_types_re="$3" + +local line="$(sed $line_reg "$service_file")" +if [ -z "$line" ]; then +# Line was not found; there's nothing to check. +return +fi + +if ! echo $line | grep -q $unit_types_re; then +echo "One or more of the target types in the service were not recognized as valid." +echo "Service: $service_file" +echo "Targets: $line" +exit 1 +fi +} + echo "Started $0 $*" ROOT= @@ -120,15 +140,18 @@ for service in $services; do fi fi fi - # create the required symbolic links - wanted_by=$(sed '/^WantedBy[[:space:]]*=/s,[^=]*=,,p;d' "$ROOT/$service_file" \ - | tr ',' '\n' \ - | grep "$unit_types_re") - required_by=$(sed '/^RequiredBy[[:space:]]*=/s,[^=]*=,,p;d' "$ROOT/$service_file" \ - | tr ',' '\n' \ - | grep "$unit_types_re") +check_target_validity \ +'/^WantedBy[[:space:]]*=/s,[^=]*=,,p;d' \ +"$ROOT/$service_file" \ +"$unit_types_re" +check_target_validity \ +'/^RequiredBy[[:space:]]*=/s,[^=]*=,,p;d' \ +"$ROOT/$service_file" \ +"$unit_types_re" + + # create the required symbolic links for dependency in WantedBy RequiredBy; do if [ "$dependency" = "WantedBy" ]; then suffix="wants" -- 2.11.0 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH v4 3/3] weston: Bump version to 3.0.0
Hi Ross I fix this by adding "#include " in shared/timespec-util.hI will send a v5 Thanks Fabien On Mon, 2017-10-16 at 13:14 +0100, Burton, Ross wrote: > Fails on the autobuilder when build against musl: > http://errors.yoctoproject.org/Errors/Details/157183/ > > Ross > On 28 September 2017 at 17:01, Fabien Lahoudere >wrote: > > Signed-off-by: Fabien Lahoudere > > > > --- > > > > .../wayland/{weston_2.0.0.bb => weston_3.0.0.bb} | 15 > > +++ > > > > 1 file changed, 7 insertions(+), 8 deletions(-) > > > > rename meta/recipes-graphics/wayland/{weston_2.0.0.bb => weston_3.0.0.bb} > > (90%) > > > > > > > > diff --git a/meta/recipes-graphics/wayland/weston_2.0.0.bb b/meta/recipes- > > graphics/wayland/weston_3.0.0.bb > > > > similarity index 90% > > > > rename from meta/recipes-graphics/wayland/weston_2.0.0.bb > > > > rename to meta/recipes-graphics/wayland/weston_3.0.0.bb > > > > index 8160f55..6b3fad7 100644 > > > > --- a/meta/recipes-graphics/wayland/weston_2.0.0.bb > > > > +++ b/meta/recipes-graphics/wayland/weston_3.0.0.bb > > > > @@ -9,12 +9,11 @@ SRC_URI = > > "https://wayland.freedesktop.org/releases/${BPN}-${PV}.tar.xz \ > > > > file://weston.png \ > > > > file://weston.desktop \ > > > > file://0001-make-error-portable.patch \ > > > > - file://0001-configure.ac-Fix-wayland-protocols-path.patch \ > > > > file://xwayland.weston-start \ > > > > > > file://0001-weston-launch-Provide-a-default-version-that-doesn-t.patch \ > > > > " > > > > -SRC_URI[md5sum] = "15f38945942bf2a91fe2687145fb4c7d" > > > > -SRC_URI[sha256sum] = > > "b4e446ac27f118196f1609dab89bb3cb3e81652d981414ad860e733b355365d8" > > > > +SRC_URI[md5sum] = "9c42a4c51a1b9f35d040fa9d45ada36d" > > > > +SRC_URI[sha256sum] = > > "cde1d55e8dd70c3cbb3d1ec72f60e6041579caa1d6a262bd9c35e93723a5" > > > > > > > > inherit autotools pkgconfig useradd distro_features_check > > > > # depends on virtual/egl > > > > @@ -76,7 +75,7 @@ PACKAGECONFIG[pam] = "--with-pam,--without-pam,libpam" > > > > > > > > do_install_append() { > > > > # Weston doesn't need the .la files to load modules, so wipe them > > > > - rm -f ${D}/${libdir}/libweston-2/*.la > > > > + rm -f ${D}/${libdir}/libweston-3/*.la > > > > > > > > # If X11, ship a desktop file to launch it > > > > if [ "${@bb.utils.filter('DISTRO_FEATURES', 'x11', d)}" ]; then > > > > @@ -93,16 +92,16 @@ do_install_append() { > > > > } > > > > > > > > PACKAGES += "${@bb.utils.contains('PACKAGECONFIG', 'xwayland', > > '${PN}-xwayland', '', d)} \ > > > > - libweston-2 ${PN}-examples" > > > > + libweston-3 ${PN}-examples" > > > > > > > > FILES_${PN} = "${bindir}/weston ${bindir}/weston-terminal > > ${bindir}/weston-info > > ${bindir}/weston-launch ${bindir}/wcap-decode ${libexecdir} > > ${libdir}/${BPN}/*.so ${datadir}" > > > > > > > > -FILES_libweston-2 = "${libdir}/lib*${SOLIBS} ${libdir}/libweston-2/*.so" > > > > -SUMMARY_libweston-2 = "Helper library for implementing 'wayland window > > managers'." > > > > +FILES_libweston-3 = "${libdir}/lib*${SOLIBS} ${libdir}/libweston-3/*.so" > > > > +SUMMARY_libweston-3 = "Helper library for implementing 'wayland window > > managers'." > > > > > > > > FILES_${PN}-examples = "${bindir}/*" > > > > > > > > -FILES_${PN}-xwayland = "${libdir}/libweston-2/xwayland.so" > > > > +FILES_${PN}-xwayland = "${libdir}/libweston-3/xwayland.so" > > > > RDEPENDS_${PN}-xwayland += "xserver-xorg-xwayland" > > > > > > > > RDEPENDS_${PN} += "xkeyboard-config" > > > > -- > > > > 1.8.3.1 > > > > > > > > -- > > > > ___ > > > > Openembedded-core mailing list > > > > Openembedded-core@lists.openembedded.org > > > > http://lists.openembedded.org/mailman/listinfo/openembedded-core > > > > -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH 6/7] gcc6: Upgrade to 6.4
On Mon, Oct 16, 2017 at 1:50 PM, Khem Rajwrote: > On Mon, Oct 16, 2017 at 4:53 AM, Otavio Salvador > wrote: >> On Sun, Oct 15, 2017 at 5:06 PM, Andre McCurdy wrote: >>> On Sat, Oct 14, 2017 at 10:21 PM, akuster808 wrote: why do we continue to maintain 2 versions of gcc? >>> >>> Probably the same reason why Buildroot continues to maintain 4 >>> versions of gcc, it's useful for end users. >>> >>> https://git.buildroot.net/buildroot/tree/package/gcc >> >> We keep all user space and toolchain up to date so upgrading the GCC >> is straightforward. That said the gcc cannot vary from one machine to >> another so if a vendor wants to use an old release, it can be done >> using their distro. >> >> I am against maintaining two GCC versions as it increases the amount >> of testing needed. Instead I'd prefer to have clang merged on oe-core >> instead and easy its adoption / test. > > In practice, there are a large set of applications that customers have porting > to do when major compiler version changes (e.g. 6 to 7), unless there > is a feasible path for upgrade people > will refrain from upgrading to newer versions of releases. Its not a > trivial task > to upgrade systemdwide compiler in any distro. So its a good strategy to have > two versions overlapping for few releases, this smoothens the migration for > large application bases. Agreed and rocko has this; for 2.5 we don't need to provide two versions one more time. -- Otavio Salvador O.S. Systems http://www.ossystems.com.brhttp://code.ossystems.com.br Mobile: +55 (53) 9981-7854Mobile: +1 (347) 903-9750 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] wpa_supplicant: fix WPA2 key replay security bug
WPA2 is vulnerable to replay attacks which result in unauthenticated users having access to the network. * CVE-2017-13077: reinstallation of the pairwise key in the Four-way handshake * CVE-2017-13078: reinstallation of the group key in the Four-way handshake * CVE-2017-13079: reinstallation of the integrity group key in the Four-way handshake * CVE-2017-13080: reinstallation of the group key in the Group Key handshake * CVE-2017-13081: reinstallation of the integrity group key in the Group Key handshake * CVE-2017-13082: accepting a retransmitted Fast BSS Transition Reassociation Request and reinstalling the pairwise key while processing it * CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake * CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame * CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame Backport patches from upstream to resolve these CVEs. Signed-off-by: Ross Burton--- .../wpa-supplicant/key-replay-cve-multiple.patch | 1025 .../wpa-supplicant/wpa-supplicant_2.6.bb |1 + 2 files changed, 1026 insertions(+) create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple.patch diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple.patch new file mode 100644 index 000..436520fe64b --- /dev/null +++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple.patch @@ -0,0 +1,1025 @@ +The WPA2 four-way handshake protocol is vulnerable to replay attacks which can +result in unauthenticated clients gaining access to the network. + +Backport a number of patches from upstream to fix this. + +CVE: CVE-2017-13077 +CVE: CVE-2017-13078 +CVE: CVE-2017-13079 +CVE: CVE-2017-13080 +CVE: CVE-2017-13081 +CVE: CVE-2017-13082 +CVE: CVE-2017-13086 +CVE: CVE-2017-13087 +CVE: CVE-2017-13088 + +Upstream-Status: Backport +Signed-off-by: Ross Burton + +From cf4cab804c7afd5c45505528a8d16e46163243a2 Mon Sep 17 00:00:00 2001 +From: Mathy Vanhoef +Date: Fri, 14 Jul 2017 15:15:35 +0200 +Subject: [PATCH 1/8] hostapd: Avoid key reinstallation in FT handshake + +Do not reinstall TK to the driver during Reassociation Response frame +processing if the first attempt of setting the TK succeeded. This avoids +issues related to clearing the TX/RX PN that could result in reusing +same PN values for transmitted frames (e.g., due to CCM nonce reuse and +also hitting replay protection on the receiver) and accepting replayed +frames on RX side. + +This issue was introduced by the commit +0e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in +authenticator') which allowed wpa_ft_install_ptk() to be called multiple +times with the same PTK. While the second configuration attempt is +needed with some drivers, it must be done only if the first attempt +failed. + +Signed-off-by: Mathy Vanhoef +--- + src/ap/ieee802_11.c | 16 +--- + src/ap/wpa_auth.c| 11 +++ + src/ap/wpa_auth.h| 3 ++- + src/ap/wpa_auth_ft.c | 10 ++ + src/ap/wpa_auth_i.h | 1 + + 5 files changed, 37 insertions(+), 4 deletions(-) + +diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c +index 4e04169..333035f 100644 +--- a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c +@@ -1841,6 +1841,7 @@ static int add_associated_sta(struct hostapd_data *hapd, + { + struct ieee80211_ht_capabilities ht_cap; + struct ieee80211_vht_capabilities vht_cap; ++ int set = 1; + + /* +* Remove the STA entry to ensure the STA PS state gets cleared and +@@ -1848,9 +1849,18 @@ static int add_associated_sta(struct hostapd_data *hapd, +* FT-over-the-DS, where a station re-associates back to the same AP but +* skips the authentication flow, or if working with a driver that +* does not support full AP client state. ++ * ++ * Skip this if the STA has already completed FT reassociation and the ++ * TK has been configured since the TX/RX PN must not be reset to 0 for ++ * the same key. +*/ +- if (!sta->added_unassoc) ++ if (!sta->added_unassoc && ++ (!(sta->flags & WLAN_STA_AUTHORIZED) || ++ !wpa_auth_sta_ft_tk_already_set(sta->wpa_sm))) { + hostapd_drv_sta_remove(hapd, sta->addr); ++ wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED); ++ set = 0; ++ } + + #ifdef CONFIG_IEEE80211N + if (sta->flags & WLAN_STA_HT) +@@ -1873,11 +1883,11 @@ static int add_associated_sta(struct hostapd_data *hapd, +
[OE-core] ✗ patchtest: failure for "README.qemu: qemuppc64 is not ..." and 1 more
== Series Details == Series: "README.qemu: qemuppc64 is not ..." and 1 more Revision: 1 URL : https://patchwork.openembedded.org/series/9358/ State : failure == Summary == Thank you for submitting this patch series to OpenEmbedded Core. This is an automated response. Several tests have been executed on the proposed series by patchtest resulting in the following failures: * Issue Added patch file is missing Upstream-Status in the header [test_upstream_status_presence] Suggested fixAdd Upstream-Status: to the header of meta/recipes-connectivity/openssl/openssl-1.0.2l/0001-openssl-force-soft-link-to-avoid-rare-race.patch (possible values: Pending, Submitted, Accepted, Backport, Denied, Inappropriate) If you believe any of these test results are incorrect, please reply to the mailing list (openembedded-core@lists.openembedded.org) raising your concerns. Otherwise we would appreciate you correcting the issues and submitting a new version of the patchset if applicable. Please ensure you add/increment the version number when sending the new version (i.e. [PATCH] -> [PATCH v2] -> [PATCH v3] -> ...). --- Test framework: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest Test suite: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest-oe -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH] nettle-ptest: fix a failing test
On Mon, Oct 16, 2017 at 8:48 AM, Bystricky, Jurowrote: > I don’t think you can use LD_LIBRARY_PATH due to the hardcoded relative path > in "../libnettle.so”. It should look in paths relative to LD_LIBRARY_PATH, do you see it doesn't happen ? > > I could, however, change the patch from "/usr/lib/libnettle.so" to > “libnettle.so”, removing any paths. > > That way LD_LIBRARY_PATH can be used if needed. But in the end it will load > the library from /usr/lib/nettle.so anyway. > > > > > > > > I think it would be preferred if you could use LD_LIBRARY_PATH to search for > it > > > -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH 6/7] gcc6: Upgrade to 6.4
On Mon, Oct 16, 2017 at 4:53 AM, Otavio Salvadorwrote: > On Sun, Oct 15, 2017 at 5:06 PM, Andre McCurdy wrote: >> On Sat, Oct 14, 2017 at 10:21 PM, akuster808 wrote: >>> why do we continue to maintain 2 versions of gcc? >> >> Probably the same reason why Buildroot continues to maintain 4 >> versions of gcc, it's useful for end users. >> >> https://git.buildroot.net/buildroot/tree/package/gcc > > We keep all user space and toolchain up to date so upgrading the GCC > is straightforward. That said the gcc cannot vary from one machine to > another so if a vendor wants to use an old release, it can be done > using their distro. > > I am against maintaining two GCC versions as it increases the amount > of testing needed. Instead I'd prefer to have clang merged on oe-core > instead and easy its adoption / test. In practice, there are a large set of applications that customers have porting to do when major compiler version changes (e.g. 6 to 7), unless there is a feasible path for upgrade people will refrain from upgrading to newer versions of releases. Its not a trivial task to upgrade systemdwide compiler in any distro. So its a good strategy to have two versions overlapping for few releases, this smoothens the migration for large application bases. -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [RFC][PATCHv2] insane.bbclass: Add do_qa_pseudo function to check for common errors listed in pseudo.log
Yes, package-output.lock is very often the cause for "^inode mismatch": martin@jama ~/pseudo-qa $ cat log.world.qemu* | grep '^inode mismatch' | wc -l 1485 martin@jama ~/pseudo-qa $ cat log.world.qemu* | grep '^inode mismatch' | grep package-output.lock | wc -l 1168 log.do_install also causes "^inode mismatch" in many cases: martin@jama ~/pseudo-qa $ cat log.world.qemu* | grep '^inode mismatch' | grep -v package-output.lock | wc -l 317 martin@jama ~/pseudo-qa $ cat log.world.qemu* | grep '^inode mismatch' | grep -v package-output.lock | grep temp/log.do_install | wc -l 309 That leaves only couple other files: martin@jama ~/pseudo-qa $ cat log.world.qemu* | grep '^inode mismatch' | grep -v package-output.lock | grep -v temp/log.do_install inode mismatch: '/home/jenkins/oe/world/shr-core/tmp-glibc/work/armv5te-oe-linux-gnueabi/qtbase/5.9.2+gitAUTOINC+73573fce29-r0/image/usr/include/qt5/QtNetwork/qt_temp.rhjRGj' ino 691255 in db, 691256 in request. inode mismatch: '/home/jenkins/.python-history' ino 1066494 in db, 1066493 in request. inode mismatch: '/home/jenkins/.python-history' ino 1066494 in db, 1066493 in request. inode mismatch: '/home/jenkins/.python-history' ino 1066729 in db, 1062665 in request. inode mismatch: '/home/jenkins/.python-history' ino 1066729 in db, 1062665 in request. inode mismatch: '/home/jenkins/oe/world/shr-core/tmp-glibc/work/armv5te-oe-linux-gnueabi/qt3d/5.9.2+gitAUTOINC+9d8c9ada16-r0/image/usr/include/qt5/Qt3DInput/qt_temp.rhjRGj' ino 520536 in db, 520539 in request. inode mismatch: '/home/jenkins/oe/world/shr-core/tmp-glibc/work/armv5te-oe-linux-gnueabi/libqofono/0.87+gitrAUTOINC+54435de3be-r0/image/usr/lib/libqofono-qt5/tests/qt_temp.rhjRGj' ino 876399 in db, 876404 in request. inode mismatch: '/home/jenkins/oe/world/shr-core/tmp-glibc/work/armv5te-oe-linux-gnueabi/libqofono/0.87+gitrAUTOINC+54435de3be-r0/image/usr/lib/libqofono-qt5/tests/qt_temp.rhjRGj' ino 876404 in db, 876408 in request. Similarly with "creat for", but there is more wide selection of files triggering this one: martin@jama ~/pseudo-qa $ cat log.world.qemu* | grep -v "grep -e" | grep -v 'inode mismatch' | grep 'creat for.* replaces' | wc -l 1771 martin@jama ~/pseudo-qa $ cat log.world.qemu* | grep -v "grep -e" | grep -v 'inode mismatch' | grep 'creat for' | grep package-output.lock | wc -l 198 for "creat for" the log.do_install appears only twice, but various temp/run.* files are quite common cause: martin@jama ~/pseudo-qa $ cat log.world.qemu* | grep -v "grep -e" | grep -v 'inode mismatch' | grep 'creat for.* replaces' | grep temp/run | wc -l 294 pm-qa is triggering this on many files, e.g. /home/jenkins/oe/world/shr-core/tmp-glibc/work/core2-64-oe-linux/pm-qa/0.5.2-r0/image/usr/bin/cpuhotplug_07.sh martin@jama ~/pseudo-qa $ cat log.world.qemu* | grep -v "grep -e" | grep -v 'inode mismatch' | grep 'creat for.* replaces' | grep temp/run -v | grep pm-qa | wc -l 229 martin@jama ~/pseudo-qa $ cat log.world.qemu* | grep -v "grep -e" | grep -v 'inode mismatch' | grep 'creat for.* replaces' | grep temp/run -v | grep pm-qa | grep cpuhotplug_05.sh creat for '/home/jenkins/oe/world/shr-core/tmp-glibc/work/armv5te-oe-linux-gnueabi/pm-qa/0.5.2-r0/image/usr/bin/cpuhotplug_05.sh' replaces existing 902737 ['NAMELESS FILE']. creat for '/home/jenkins/oe/world/shr-core/tmp-glibc/work/armv5te-oe-linux-gnueabi/pm-qa/0.5.2-r0/image/usr/bin/cpuhotplug_05.sh' replaces existing 1264757 ['NAMELESS FILE']. creat for '/home/jenkins/oe/world/shr-core/tmp-glibc/work/i586-oe-linux/pm-qa/0.5.2-r0/image/usr/bin/cpuhotplug_05.sh' replaces existing 976636 ['NAMELESS FILE']. creat for '/home/jenkins/oe/world/shr-core/tmp-glibc/work/core2-64-oe-linux/pm-qa/0.5.2-r0/image/usr/bin/cpuhotplug_05.sh' replaces existing 576004 ['NAMELESS FILE']. creat for '/home/jenkins/oe/world/shr-core/tmp-glibc/work/core2-64-oe-linux/pm-qa/0.5.2-r0/image/usr/bin/cpuhotplug_05.sh' replaces existing 986226 ['NAMELESS FILE']. then stamps files martin@jama ~/pseudo-qa $ cat log.world.qemu* | grep -v "grep -e" | grep -v 'inode mismatch' | grep 'creat for.* replaces' | grep temp/run -v | grep -v pm-qa | grep -v package-output.lock | grep glibc/stamps | wc -l 130 so it looks pretty rancom, but most of these errors are replacing 'NAMELESS FILE' martin@jama ~/pseudo-qa $ cat log.world.qemu* | grep -v "grep -e" | grep -v 'inode mismatch' | grep 'creat for.* replaces' | grep 'NAMELESS FILE' | wc -l 1632 which leaves only 139 other files: martin@jama ~/pseudo-qa $ cat log.world.qemu* | grep -v "grep -e" | grep -v 'inode mismatch' | grep 'creat for.* replaces' | grep 'replaces.*NAMELESS FILE' -v | wc -l 139 from which couple of them are package-output.lock again: martin@jama ~/pseudo-qa $ cat log.world.qemu* | grep -v "grep -e" | grep -v 'inode mismatch' | grep 'creat for.* replaces' | grep 'replaces.*NAMELESS FILE' -v | grep replaces.*package-output.lock | wc -l 31 and then random selection of builds, most of them from glibc-locale: martin@jama
Re: [OE-core] [PATCH] nettle-ptest: fix a failing test
I don’t think you can use LD_LIBRARY_PATH due to the hardcoded relative path in "../libnettle.so”. I could, however, change the patch from "/usr/lib/libnettle.so" to “libnettle.so”, removing any paths. That way LD_LIBRARY_PATH can be used if needed. But in the end it will load the library from /usr/lib/nettle.so anyway. I think it would be preferred if you could use LD_LIBRARY_PATH to search for it -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH 2/2] openssl: force soft link to avoid rare race
On 2017-10-16 11:00 AM, Randy MacLeod wrote: This patch works around a rare parallel build race condition using the force option when soft linking. Rare here means a few times out of > 5000 builds. I pushed this change into the WR oe-core branch 3 weeks ago (Sept 25th) and haven't see any build failures of this type since then whereas I would expect to see about 5-10 without the work-around. ../Randy The error seen is: ln: failed to create symbolic link 'libssl.so': File exists make[4]: *** [Makefile.shared:171: link_a.gnu] Error 1 make[4]: Leaving directory '/.../build/tmp-glibc/work/x86_64-linux/openssl-native/1.0.2k-r0/openssl-1.0.2k' Just add the -f flag to the platform independent soft link code to avoid the collision. This is reasonable since this Makefile removes the link target before creating a new soft link. The Makefile was written this way to support platforms that don't allow forcing a softlink to overwrite an existing link. Only builds on Linux are supported so that's not a requirement for oe-core recipes. The openssl team is rewriting their build files so it's not appropriate for openssl upstream and fixing the root cause of the race condition was also not pursued. Signed-off-by: Randy MacLeod--- ...penssl-force-soft-link-to-avoid-rare-race.patch | 48 ++ .../recipes-connectivity/openssl/openssl_1.0.2l.bb | 1 + 2 files changed, 49 insertions(+) create mode 100644 meta/recipes-connectivity/openssl/openssl-1.0.2l/0001-openssl-force-soft-link-to-avoid-rare-race.patch diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2l/0001-openssl-force-soft-link-to-avoid-rare-race.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2l/0001-openssl-force-soft-link-to-avoid-rare-race.patch new file mode 100644 index 000..f3c1ac7 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl-1.0.2l/0001-openssl-force-soft-link-to-avoid-rare-race.patch @@ -0,0 +1,48 @@ +From 3d9199423d48766649a2b2ebb3924e892ed16fa4 Mon Sep 17 00:00:00 2001 +From: Randy MacLeod +Date: Tue, 20 Jun 2017 15:32:08 -0400 +Subject: [PATCH] openssl: Force soft link to avoid rare race + +This patch works around a rare parallel build race condition. +The error seen is: + +ln: failed to create symbolic link 'libssl.so': File exists +make[4]: *** [Makefile.shared:171: link_a.gnu] Error 1 +make[4]: Leaving directory +'/.../build/tmp-glibc/work/x86_64-linux/openssl-native/1.0.2k-r0/openssl-1.0.2k' + +The openssl team is rewriting their build files so it's not +appropriate for openssl upstream and fixing the root cause of +the Makefile race condition was also not pursued. + +Upstream-status: Inappropriate [build rules rewrite in progress] + +Signed-off-by: Randy MacLeod +--- + Makefile.shared | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/Makefile.shared b/Makefile.shared +index e8d222a..1bff92f 100644 +--- a/Makefile.shared b/Makefile.shared +@@ -118,14 +118,14 @@ + if [ -n "$$SHLIB_COMPAT" ]; then \ + for x in $$SHLIB_COMPAT; do \ + ( $(SET_X); rm -f $$SHLIB$$x$$SHLIB_SUFFIX; \ +-ln -s $$prev $$SHLIB$$x$$SHLIB_SUFFIX ); \ ++ln -sf $$prev $$SHLIB$$x$$SHLIB_SUFFIX ); \ + prev=$$SHLIB$$x$$SHLIB_SUFFIX; \ + done; \ + fi; \ + if [ -n "$$SHLIB_SOVER" ]; then \ + [ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \ + ( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \ +-ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \ ++ln -sf $$prev $$SHLIB$$SHLIB_SUFFIX ); \ + fi; \ + fi + +-- +2.9.3 + diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2l.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2l.bb index 8c34ea6..c537aa4 100644 --- a/meta/recipes-connectivity/openssl/openssl_1.0.2l.bb +++ b/meta/recipes-connectivity/openssl/openssl_1.0.2l.bb @@ -41,6 +41,7 @@ SRC_URI += "file://find.pl;subdir=openssl-${PV}/util/ \ file://openssl-util-perlpath.pl-cwd.patch \ file://Use-SHA256-not-MD5-as-default-digest.patch \ file://0001-Fix-build-with-clang-using-external-assembler.patch \ +file://0001-openssl-force-soft-link-to-avoid-rare-race.patch \ " SRC_URI[md5sum] = "f85123cd390e864dfbe517e7616e6566" SRC_URI[sha256sum] = "ce07195b659e75f4e1db43552860070061f156a98bb37b672b101ba6e3ddf30c" -- # Randy MacLeod. WR Linux # Wind River an Intel Company -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [RFC][PATCHv2] insane.bbclass: Add do_qa_pseudo function to check for common errors listed in pseudo.log
On 16 October 2017 at 16:01, Martin Jansawrote: > The world builds with this check applied show that *a lot* of components > report one of these errors and often many of errors, the most complete logs > from last couple days: > A lot of the errors in my logs were due to package-output.lock being accessed inside/outside pseudo context. Can you grep all of your logs and collate some common patterns? Ross -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [RFC][PATCHv2] insane.bbclass: Add do_qa_pseudo function to check for common errors listed in pseudo.log
The world builds with this check applied show that *a lot* of components report one of these errors and often many of errors, the most complete logs from last couple days: 366 in: http://logs.nslu2-linux.org/buildlogs/oe/world/rocko/log.report.20171012_161223.log http://logs.nslu2-linux.org/buildlogs/oe/world/rocko/log.world.qemuarm.20171010_225937.log/qa.log http://logs.nslu2-linux.org/buildlogs/oe/world/rocko/log.world.qemux86.20171011_084917.log/qa.log http://logs.nslu2-linux.org/buildlogs/oe/world/rocko/log.world.qemux86-64.20171010_012728.log/qa.log 376 in: http://logs.nslu2-linux.org/buildlogs/oe/world/rocko/log.report.20171001_085046.log http://logs.nslu2-linux.org/buildlogs/oe/world/rocko/log.world.qemuarm.20170926_004402.log/qa.log http://logs.nslu2-linux.org/buildlogs/oe/world/rocko/log.world.qemux86.20170926_004401.log/qa.log http://logs.nslu2-linux.org/buildlogs/oe/world/rocko/log.world.qemux86-64.20170927_070922.log/qa.log The number of errors differs in various builds, e.g.: tcl-8.6.7: This /work/armv5te-oe-linux-gnueabi/tcl/8.6.7-r0/pseudo/pseudo.log indicates 7 errors [qa_pseudo] tcl-8.6.7: This /work/armv5te-oe-linux-gnueabi/tcl/8.6.7-r0/pseudo/pseudo.log indicates 5 errors [qa_pseudo] tcl-8.6.7: This /work/i586-oe-linux/tcl/8.6.7-r0/pseudo/pseudo.log indicates 7 errors [qa_pseudo] tcl-8.6.7: This /work/i586-oe-linux/tcl/8.6.7-r0/pseudo/pseudo.log indicates 8 errors [qa_pseudo] tcl-8.6.7: This /work/core2-64-oe-linux/tcl/8.6.7-r0/pseudo/pseudo.log indicates 6 errors [qa_pseudo] tcl-8.6.7: This /work/core2-64-oe-linux/tcl/8.6.7-r0/pseudo/pseudo.log indicates 6 errors [qa_pseudo] glibc-locale-2.26: This /work/armv5e-oe-linux-gnueabi/glibc-locale/2.26-r0/pseudo/pseudo.log indicates 17 errors [qa_pseudo] glibc-locale-2.26: This /work/armv5e-oe-linux-gnueabi/glibc-locale/2.26-r0/pseudo/pseudo.log indicates 5 errors [qa_pseudo] glibc-locale-2.26: This /work/i586-oe-linux/glibc-locale/2.26-r0/pseudo/pseudo.log indicates 12 errors [qa_pseudo] glibc-locale-2.26: This /work/i586-oe-linux/glibc-locale/2.26-r0/pseudo/pseudo.log indicates 10 errors [qa_pseudo] glibc-locale-2.26: This /work/core2-64-oe-linux/glibc-locale/2.26-r0/pseudo/pseudo.log indicates 11 errors [qa_pseudo] glibc-locale-2.26: This /work/core2-64-oe-linux/glibc-locale/2.26-r0/pseudo/pseudo.log indicates 16 errors [qa_pseudo] If I filter out the architecture specific path to pseudo.log and the number of errors it still gives 368 different builds with errors: acl-2.2.52 alsa-oss-1.0.17 alsa-plugins-1.1.4 apache2-2.4.27 apmd-3.2.2-15 aspell-0.60.6.1 attr-2.4.47 aufs-util-4.4+gitAUTOINC+89afb1806c autofs-5.1.2 avahi-ui-0.6.32 base-passwd-3.5.29 binutils-2.29 blktrace-1.1.0+gitAUTOINC+43fc870ce0 bluez5-5.46 bmap-tools-3.4 bonnie++-1.03e boost-1.64.0 bootchart2-0.14.8 busybox-1.24.1 cantarell-fonts-0.0.24 can-utils-0.0+gitrAUTOINC+4c8fb05cb4 canutils-4.0.6 cdparanoia-10.2 chrony-2.4 ckermit-302 connman-1.34 conntrack-tools-1.4.4 console-tools-0.3.2 coreutils-8.27 corosync-2.4.2 cpufrequtils-008 cryptodev-module-1.9 ctdb-2.5.6 cups-2.2.4 curlpp-0.8.1 cwautomacros-20110201 cxxtest-4.3 daemontools-0.76 dbus-test-1.10.20 ddrescue-1.19 dfu-util-0.9 dhcp-4.3.6 diffutils-3.6 dmidecode-3.1 docbook-xml-dtd4-4.5 dovecot-2.2.29 ebtables-2.0.10-4 efivar-0.31 eglinfo-fb-1.0.0 espeak-1.48.04 evtest-1.33+AUTOINC+ab140a2dab expat-2.2.3 f2fs-tools-1.8.0 firefox-l10n-ff-45.9.0esr firefox-l10n-si-45.9.0esr flac-1.3.2 flatbuffers-1.7.1 fontforge-20170731 frame-2.5.0 freeradius-3.0.15 fribidi-0.19.7 fuse-2.9.7 gateone-1.2+gitAUTOINC+f7a9be46cb gawk-4.1.4 gd-2.2.4 gdb-8.0 gegl-0.3.18 geoip-1.6.9 gettext-0.19.8.1 giflib-5.1.4 git-2.13.3 glade-3.20.0 glib-2.0-2.52.3 glibc-2.26 glibc-locale-2.26 glib-networking-2.50.0 gnupg-2.2.0 gnuplot-5.0.5 go-1.9 gobject-introspection-1.52.1 gptfdisk-1.0.3 gstreamer-0.10.36 gtkmm-2.24.5 hiredis-0.13.1 hplip-3.12.6 icon-slicer-0.3 icu-59.1 inetutils-1.9.4 init-ifupdown-1.0 iotop-0.6 iperf3-3.2 ipsec-tools-0.8.2 iptables-1.6.1 iputils-s20151218 iscsitarget-1.4.20.3+svn502 jack-1.9.10+gitAUTOINC+2d1d323505 kbd-2.0.4 kconfig-frontends-4.11.0.1 kexec-tools-2.0.14 konkretcmpi-0.9.2 krb5-1.15.1 lcdproc-0.5.8+gitAUTOINC+f5156e2e41 less-487 libatasmart-0.19 libatomic-ops-7.6.0+gitAUTOINC+73c60c5ef1 libbsd-0.8.6 libcanberra-0.30 libconnman-qt5-1.1.10+gitAUTOINC+4d6def3053 libcrypt-openssl-random-perl-0.11 libdrm-2.4.83 libencode-perl-2.83 libevdev-1.5.7 libfastjson-0.99.4 libgnome-2.32.1 libiec61883-1.2.0 libinput-1.8.1 libldb-1.1.29 liblogging-1.0.5 libmms-0.6.4 libotr-4.1.1 libpciaccess-0.13.5 libqofono-0.87+gitrAUTOINC+54435de3be librelp-1.2.14 librsvg-2.40.18 libsombok3-2.4.0 libtext-wrapi18n-perl-0.06 libtool-cross-2.4.6 libusb-compat-0.1.5 libusbg-0.1.0 libuser-0.62 libvncserver-0.9.11 libwmf-0.2.8.4 libwnck3-3.20.1 libxcursor-1.1.14 libxml2-2.9.4 libxml-perl-0.08 libxslt-1.1.29 libxxf86vm-1.1.4 linux-atm-2.5.2 linux-yocto-4.12.12+gitAUTOINC+eda4d18ce4_16de014967 linux-yocto-4.12.12+gitAUTOINC+eda4d18ce4_67b62d8d7b
[OE-core] [PATCH 2/2] openssl: force soft link to avoid rare race
This patch works around a rare parallel build race condition using the force option when soft linking. The error seen is: ln: failed to create symbolic link 'libssl.so': File exists make[4]: *** [Makefile.shared:171: link_a.gnu] Error 1 make[4]: Leaving directory '/.../build/tmp-glibc/work/x86_64-linux/openssl-native/1.0.2k-r0/openssl-1.0.2k' Just add the -f flag to the platform independent soft link code to avoid the collision. This is reasonable since this Makefile removes the link target before creating a new soft link. The Makefile was written this way to support platforms that don't allow forcing a softlink to overwrite an existing link. Only builds on Linux are supported so that's not a requirement for oe-core recipes. The openssl team is rewriting their build files so it's not appropriate for openssl upstream and fixing the root cause of the race condition was also not pursued. Signed-off-by: Randy MacLeod--- ...penssl-force-soft-link-to-avoid-rare-race.patch | 48 ++ .../recipes-connectivity/openssl/openssl_1.0.2l.bb | 1 + 2 files changed, 49 insertions(+) create mode 100644 meta/recipes-connectivity/openssl/openssl-1.0.2l/0001-openssl-force-soft-link-to-avoid-rare-race.patch diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2l/0001-openssl-force-soft-link-to-avoid-rare-race.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2l/0001-openssl-force-soft-link-to-avoid-rare-race.patch new file mode 100644 index 000..f3c1ac7 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl-1.0.2l/0001-openssl-force-soft-link-to-avoid-rare-race.patch @@ -0,0 +1,48 @@ +From 3d9199423d48766649a2b2ebb3924e892ed16fa4 Mon Sep 17 00:00:00 2001 +From: Randy MacLeod +Date: Tue, 20 Jun 2017 15:32:08 -0400 +Subject: [PATCH] openssl: Force soft link to avoid rare race + +This patch works around a rare parallel build race condition. +The error seen is: + +ln: failed to create symbolic link 'libssl.so': File exists +make[4]: *** [Makefile.shared:171: link_a.gnu] Error 1 +make[4]: Leaving directory +'/.../build/tmp-glibc/work/x86_64-linux/openssl-native/1.0.2k-r0/openssl-1.0.2k' + +The openssl team is rewriting their build files so it's not +appropriate for openssl upstream and fixing the root cause of +the Makefile race condition was also not pursued. + +Upstream-status: Inappropriate [build rules rewrite in progress] + +Signed-off-by: Randy MacLeod +--- + Makefile.shared | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/Makefile.shared b/Makefile.shared +index e8d222a..1bff92f 100644 +--- a/Makefile.shared b/Makefile.shared +@@ -118,14 +118,14 @@ + if [ -n "$$SHLIB_COMPAT" ]; then \ + for x in $$SHLIB_COMPAT; do \ + ( $(SET_X); rm -f $$SHLIB$$x$$SHLIB_SUFFIX; \ +-ln -s $$prev $$SHLIB$$x$$SHLIB_SUFFIX ); \ ++ln -sf $$prev $$SHLIB$$x$$SHLIB_SUFFIX ); \ + prev=$$SHLIB$$x$$SHLIB_SUFFIX; \ + done; \ + fi; \ + if [ -n "$$SHLIB_SOVER" ]; then \ + [ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \ + ( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \ +-ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \ ++ln -sf $$prev $$SHLIB$$SHLIB_SUFFIX ); \ + fi; \ + fi + +-- +2.9.3 + diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2l.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2l.bb index 8c34ea6..c537aa4 100644 --- a/meta/recipes-connectivity/openssl/openssl_1.0.2l.bb +++ b/meta/recipes-connectivity/openssl/openssl_1.0.2l.bb @@ -41,6 +41,7 @@ SRC_URI += "file://find.pl;subdir=openssl-${PV}/util/ \ file://openssl-util-perlpath.pl-cwd.patch \ file://Use-SHA256-not-MD5-as-default-digest.patch \ file://0001-Fix-build-with-clang-using-external-assembler.patch \ +file://0001-openssl-force-soft-link-to-avoid-rare-race.patch \ " SRC_URI[md5sum] = "f85123cd390e864dfbe517e7616e6566" SRC_URI[sha256sum] = "ce07195b659e75f4e1db43552860070061f156a98bb37b672b101ba6e3ddf30c" -- 2.9.3 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH 1/2] README.qemu: qemuppc64 is not supported
Signed-off-by: Randy MacLeod--- README.qemu | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.qemu b/README.qemu index fca04b1..9f56b7d 100644 --- a/README.qemu +++ b/README.qemu @@ -7,7 +7,7 @@ are currently supported in 32 and 64 bit variants: * ARM (qemuarm + qemuarm64) * x86 (qemux86 + qemux86-64) - * PowerPC (qemuppc + qemuppc64) + * PowerPC (qemuppc only) * MIPS (qemumips + qemumips64) Use of the QEMU images is covered in the Yocto Project Reference Manual. -- 2.9.3 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH] prelink: fix upstream version check
On 10/16/17 5:22 AM, Alexander Kanavin wrote: > On 10/13/2017 05:56 PM, Mark Hatle wrote: >> On 10/13/17 9:18 AM, Alexander Kanavin wrote: >>> Instead of reporting that we can update to a bogus version >>> report that upstream version is not known. >> >> You do know that there are release branches for prelink right? >> >> http://git.yoctoproject.org/cgit/cgit.cgi/prelink-cross/refs/heads >> >> cross_prelink and master are both 'release' quality branches. >> >> Anything put there is a new version. >> >> >> There is nothing for us to 'tag', since there are no formal versions. >> >> >> Should be easy enough for the system to compare the SRCREV to the top of >> cross_prelink. If they don't match, an upgrade is needed. > > The system currently supports only comparing tags, not comparing > commits. I've filed a bug for it long time ago: > > https://bugzilla.yoctoproject.org/show_bug.cgi?id=8133 > > and no progress happened. In the meantime, for projects where commit == > release, the best we can do is to mark them as 'upstream version cannot > be established'. For prelink, also an exclusion of a bogus tag is > needed, so you, as the maintainer, won't get reminders to update to it. didn't realize this hadn't been implemented in the system yet. Definitely something that should be. --Mark > Alex > -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] Yocto Project Status WW42’17
Current Dev Position: YP 2.4 Final - rc2 is out of QA. Next Deadline: YP 2.4 Final Cut off has passed. SWAT team rotation: Joshua -> Armin on Oct. 13, 2017. SWAT team rotation: Armin -> Saul on Oct. 20, 2017. https://wiki.yoctoproject.org/wiki/Yocto_Build_Failure_Swat_Team Key Status/Updates: ·YP 2.4 (Rocko) Final rc2 came out of QA with a number of minor issues. See: https://wiki.yoctoproject.org/wiki/WW41_-_2017-10-13_-_Full_Test_Cycle_2.4_RC2 ·We believe we could release rc2 however we’re aware that there are some serious CVE issues that have just been announced and believe these are serious enough to warrant an rc3. Whilst we’ve been targeting the 20th, this will likely mean we’d ship slightly later than the date we’d planned but we’d prefer to do that than release with these known CVEs. ·As a reminder, we are still in feature freeze and working on bug fixing. As such, recipe upgrades are not going to be taken, nor are patches which cause changes in behavior or break compatibility. In future releases our policy regarding version upgrades will be to identify anything that needs to change in M4 in advance (e.g. kernel or u-boot) so this issue becomes clearer and only known changes come in. ·YP 2.5 Planning has begun. Please enter your enhancement requests into Bugzilla. Target milestone dates will be selected over the next few weeks. Planned upcoming dot releases: YP 2.2.3 is planned, but date TBD during YP 2.5 planning. YP 2.3.3 is planned, but date TBD during YP 2.5 planning. YP 2.4.1 is planned, but date TBD during YP 2.5 planning. Key YP 2.4 Dates are: YP 2.4 M4 (Final) is in QA. YP 2.4 M4 (Final) Release by Oct. 20, 2017 Key YP 2.5 Dates are still TBD Tracking Metrics: WDD 2531 (last week 2545) (https://wiki.yoctoproject.org/charts/combo.html) Key Status Links for YP: https://wiki.yoctoproject.org/wiki/Yocto_Project_v2.4_Status https://wiki.yoctoproject.org/wiki/Yocto_2.4_Schedule https://wiki.yoctoproject.org/wiki/Yocto_2.4_Features [If anyone has suggestions for other information you’d like to see on this weekly status update, let us know!] Thanks, Stephen K. Jolley Yocto Project Program Manager INTEL, MS JF1-255, 2111 N.E. 25th Avenue, Hillsboro, OR 97124 • Work Telephone:(503) 712-0534 •Cell: (208) 244-4460 • Email:stephen.k.jol...@intel.com -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH 2/4] perl: upgrade to 5.26.1
On Thu, 12 Oct 2017 15:11:04 -0400 Denys Dmytriyenkowrote: > On Thu, Oct 12, 2017 at 11:35:21AM -0700, > leonardo.sandoval.gonza...@linux.intel.com wrote: > > From: Leonardo Sandoval > > > > Highlights: > > > > * Patches rebased to 5.26.1 and just one removed > > > > * Several configs values taken from upstream script uconfig[64].sh were > > introduced in > > config.sh, avoiding pre-processor issues. > > > > * Several libraries paths now included a './' as prefix, because @INC > > does not > > include local paths. > > https://wiki.gentoo.org/wiki/Project:Perl/5.26_Known_Issues Thanks Denys. I though including the dot-slash was a OE-Core hack. I should have read this page before starting the upgrade. For the buildtime issues, I just hit the 'Dot-In-INC-Removal' so I believe the runtime ones are there. Also, I forgot to mentioned in the commit that there were some ptest failing so pass rate is not as high as previous version. I will send a v2 with the above link and the ptest results as cover letter. -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH 1/1] bitbake.conf: add ssh to HOSTTOOLS_NONFATAL
On Mon, Oct 16, 2017 at 10:20:41AM +0800, Chen Qi wrote: > We changed to make tools required by testimage to be included conditionally. > This resulted in users who use ssh for git fetching having failures. > > Add ssh to HOSTTOOLS_NONFATAL to make things work for the above situation. > > [YOCTO #12227] > > Signed-off-by: Chen Qi> --- > meta/conf/bitbake.conf | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/meta/conf/bitbake.conf b/meta/conf/bitbake.conf > index 0eefb86..2351c66 100644 > --- a/meta/conf/bitbake.conf > +++ b/meta/conf/bitbake.conf > @@ -487,7 +487,7 @@ HOSTTOOLS += " \ > HOSTTOOLS += "${@['', 'ip ping ps scp ssh > stty'][bb.data.inherits_class('testimage', d)]}" > > # Link to these if present > -HOSTTOOLS_NONFATAL += "aws ccache gcc-ar gpg ld.bfd ld.gold nc sftp socat > sudo" > +HOSTTOOLS_NONFATAL += "ssh aws ccache gcc-ar gpg ld.bfd ld.gold nc sftp > socat sudo" Maybe keep the alphabetical order as it was intentionally sorted in: commit 23dd96a3a175cecde258dc6d8263fbe7b308b58e Author: Andre McCurdy Date: Mon Mar 27 20:51:23 2017 -0700 bitbake.conf: sort HOSTTOOLS and remove duplicates other than that I'm fine with this. > > # Temporary add few more detected in bitbake world > HOSTTOOLS_NONFATAL += "join nl size yes zcat" > -- > 1.9.1 > > -- > ___ > Openembedded-core mailing list > Openembedded-core@lists.openembedded.org > http://lists.openembedded.org/mailman/listinfo/openembedded-core -- Martin 'JaMa' Jansa jabber: martin.ja...@gmail.com signature.asc Description: Digital signature -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH v4 3/3] weston: Bump version to 3.0.0
Fails on the autobuilder when build against musl: http://errors.yoctoproject.org/Errors/Details/157183/ Ross On 28 September 2017 at 17:01, Fabien Lahoudere < fabien.lahoud...@collabora.co.uk> wrote: > Signed-off-by: Fabien Lahoudere> --- > .../wayland/{weston_2.0.0.bb => weston_3.0.0.bb} | 15 > +++ > 1 file changed, 7 insertions(+), 8 deletions(-) > rename meta/recipes-graphics/wayland/{weston_2.0.0.bb => weston_3.0.0.bb} > (90%) > > diff --git a/meta/recipes-graphics/wayland/weston_2.0.0.bb > b/meta/recipes-graphics/wayland/weston_3.0.0.bb > similarity index 90% > rename from meta/recipes-graphics/wayland/weston_2.0.0.bb > rename to meta/recipes-graphics/wayland/weston_3.0.0.bb > index 8160f55..6b3fad7 100644 > --- a/meta/recipes-graphics/wayland/weston_2.0.0.bb > +++ b/meta/recipes-graphics/wayland/weston_3.0.0.bb > @@ -9,12 +9,11 @@ SRC_URI = "https://wayland.freedesktop. > org/releases/${BPN}-${PV}.tar.xz \ > file://weston.png \ > file://weston.desktop \ > file://0001-make-error-portable.patch \ > - file://0001-configure.ac-Fix-wayland-protocols-path.patch \ > file://xwayland.weston-start \ > > file://0001-weston-launch-Provide-a-default-version-that-doesn-t.patch > \ > " > -SRC_URI[md5sum] = "15f38945942bf2a91fe2687145fb4c7d" > -SRC_URI[sha256sum] = "b4e446ac27f118196f1609dab89bb3 > cb3e81652d981414ad860e733b355365d8" > +SRC_URI[md5sum] = "9c42a4c51a1b9f35d040fa9d45ada36d" > +SRC_URI[sha256sum] = "cde1d55e8dd70c3cbb3d1ec72f60e6 > 041579caa1d6a262bd9c35e93723a5" > > inherit autotools pkgconfig useradd distro_features_check > # depends on virtual/egl > @@ -76,7 +75,7 @@ PACKAGECONFIG[pam] = "--with-pam,--without-pam,libpam" > > do_install_append() { > # Weston doesn't need the .la files to load modules, so wipe them > - rm -f ${D}/${libdir}/libweston-2/*.la > + rm -f ${D}/${libdir}/libweston-3/*.la > > # If X11, ship a desktop file to launch it > if [ "${@bb.utils.filter('DISTRO_FEATURES', 'x11', d)}" ]; then > @@ -93,16 +92,16 @@ do_install_append() { > } > > PACKAGES += "${@bb.utils.contains('PACKAGECONFIG', 'xwayland', > '${PN}-xwayland', '', d)} \ > - libweston-2 ${PN}-examples" > + libweston-3 ${PN}-examples" > > FILES_${PN} = "${bindir}/weston ${bindir}/weston-terminal > ${bindir}/weston-info ${bindir}/weston-launch ${bindir}/wcap-decode > ${libexecdir} ${libdir}/${BPN}/*.so ${datadir}" > > -FILES_libweston-2 = "${libdir}/lib*${SOLIBS} ${libdir}/libweston-2/*.so" > -SUMMARY_libweston-2 = "Helper library for implementing 'wayland window > managers'." > +FILES_libweston-3 = "${libdir}/lib*${SOLIBS} ${libdir}/libweston-3/*.so" > +SUMMARY_libweston-3 = "Helper library for implementing 'wayland window > managers'." > > FILES_${PN}-examples = "${bindir}/*" > > -FILES_${PN}-xwayland = "${libdir}/libweston-2/xwayland.so" > +FILES_${PN}-xwayland = "${libdir}/libweston-3/xwayland.so" > RDEPENDS_${PN}-xwayland += "xserver-xorg-xwayland" > > RDEPENDS_${PN} += "xkeyboard-config" > -- > 1.8.3.1 > > -- > ___ > Openembedded-core mailing list > Openembedded-core@lists.openembedded.org > http://lists.openembedded.org/mailman/listinfo/openembedded-core > -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] libxml2: use HTTP instead of FTP in SRC_URI
HTTP is more reliable in general so use it instead of FTP. Signed-off-by: Ross Burton--- meta/recipes-core/libxml/libxml2_2.9.4.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-core/libxml/libxml2_2.9.4.bb b/meta/recipes-core/libxml/libxml2_2.9.4.bb index ec2d25a2da7..9adb29cfdd7 100644 --- a/meta/recipes-core/libxml/libxml2_2.9.4.bb +++ b/meta/recipes-core/libxml/libxml2_2.9.4.bb @@ -11,7 +11,7 @@ LIC_FILES_CHKSUM = "file://Copyright;md5=2044417e2e5006b65a8b9067b683fcf1 \ DEPENDS = "zlib virtual/libiconv" -SRC_URI = "ftp://xmlsoft.org/libxml2/libxml2-${PV}.tar.gz;name=libtar \ +SRC_URI = "http://www.xmlsoft.org/sources/libxml2-${PV}.tar.gz;name=libtar \ http://www.w3.org/XML/Test/xmlts20080827.tar.gz;name=testtar \ file://libxml-64bit.patch \ file://ansidecl.patch \ -- 2.11.0 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH v2] ltp: update to new upstream release 20170929
On 12 October 2017 at 10:52, Fathi Boudrawrote: > * Update SRCREV to match 20170929 release > * Drop patches available in 20170929 release: > - 0037-ltp-fix-PAGE_SIZE-redefinition-and-O_CREAT-undeclear.patch > - 0038-commands-gdb01-replace-stdin-with-dev-null.patch > * Add patches backported from upstream: > - 0037-commands-nm-fix-typo-INSTALL_TARTGETS-INSTALL_TARGET.patch > - 0038-fanotify-fix-build-failure-with-Werror-format-securi.patch > * Add additional runtime dependencies: > - ld01, file01 and logrotate tests requires file command. > - quotacheck is required by quota_remount_test01 test. > - LTP checks for a compliant 'tar' but finds that the version from > busybox lacks the '-d' option. > > Signed-off-by: Fathi Boudra > --- > Changes in v2: > * Add patches backported from upstream: >- 0037-commands-nm-fix-typo-INSTALL_TARTGETS-INSTALL_TARGET.patch >- 0038-fanotify-fix-build-failure-with-Werror-format-securi.patch > * Add additional runtime dependencies: >- ld01, file01 and logrotate tests requires file command. >- quotacheck is required by quota_remount_test01 test. >- LTP checks for a compliant 'tar' but finds that the version from > busybox lacks the '-d' option. > Sorry still fails: fcntl36.c: In function 'test_fn': fcntl36.c:303:2: error: format not a string literal and no format arguments [-Werror=format-security] tst_res(TINFO, msg); ^~~ Ross -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH 6/7] gcc6: Upgrade to 6.4
On Sun, Oct 15, 2017 at 5:06 PM, Andre McCurdywrote: > On Sat, Oct 14, 2017 at 10:21 PM, akuster808 wrote: >> why do we continue to maintain 2 versions of gcc? > > Probably the same reason why Buildroot continues to maintain 4 > versions of gcc, it's useful for end users. > > https://git.buildroot.net/buildroot/tree/package/gcc We keep all user space and toolchain up to date so upgrading the GCC is straightforward. That said the gcc cannot vary from one machine to another so if a vendor wants to use an old release, it can be done using their distro. I am against maintaining two GCC versions as it increases the amount of testing needed. Instead I'd prefer to have clang merged on oe-core instead and easy its adoption / test. -- Otavio Salvador O.S. Systems http://www.ossystems.com.brhttp://code.ossystems.com.br Mobile: +55 (53) 9981-7854Mobile: +1 (347) 903-9750 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH 0/2] Define GO386 for go cross-compilation
On Fri, Oct 13, 2017 at 4:25 PM, Paul Barkerwrote: ... > My hope is that these patches are suitable for inclusion in the rocko branch > (after the 2.4.0 release now). If not then please flag this and I'll look for > alternative solutions. I don't think that leaving all go binaries as broken on > qemux86 if they happen to use floating point operations is a valid option for > the rocko branch. I support the backport as well. -- Otavio Salvador O.S. Systems http://www.ossystems.com.brhttp://code.ossystems.com.br Mobile: +55 (53) 9981-7854Mobile: +1 (347) 903-9750 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH] bmap-tools: add missing runtime dependencies
On 10/14/2017 09:11 AM, Tim Orling wrote: On Oct 13, 2017, at 4:14 AM, Pascal Bachwrote: When running bmap on a target device the added dependncies are required. Signed-off-by: Pascal Bach --- meta/recipes-support/bmap-tools/bmap-tools_3.4.bb | 12 +++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/meta/recipes-support/bmap-tools/bmap-tools_3.4.bb b/meta/recipes-support/bmap-tools/bmap-tools_3.4.bb index 7454f9d..348c9e8 100644 --- a/meta/recipes-support/bmap-tools/bmap-tools_3.4.bb +++ b/meta/recipes-support/bmap-tools/bmap-tools_3.4.bb @@ -14,7 +14,17 @@ SRCREV = "9dad724104df265442226972a1e310813f9ffcba" S = "${WORKDIR}/git" -RDEPENDS_${PN} = "python-core python-compression python-mmap" +RDEPENDS_${PN} = "\ +python-core \ +python-compression \ +python-argparse \ +python-shell \ +python-fcntl \ +python-threading \ +python-xml \ +python-subprocess \ +python-mmap \ +“ These should all be the python3- version or ${PYTHON_PN}- (e.g. python3-core) should they not? Or is that an artifact of how the python module splitting is happening in oe-core? That is correct. This was forgotten when the recipe was moved to python3: http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/meta/recipes-support/bmap-tools/bmap-tools_3.4.bb?id=04ef46e2b2b753321408db02a2df3753b85ac0dd Pascal, can you modify everything to python3-*, check that it still works, and resend the patch please? Alex -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH] prelink: fix upstream version check
On 10/13/2017 05:56 PM, Mark Hatle wrote: On 10/13/17 9:18 AM, Alexander Kanavin wrote: Instead of reporting that we can update to a bogus version report that upstream version is not known. You do know that there are release branches for prelink right? http://git.yoctoproject.org/cgit/cgit.cgi/prelink-cross/refs/heads cross_prelink and master are both 'release' quality branches. Anything put there is a new version. There is nothing for us to 'tag', since there are no formal versions. Should be easy enough for the system to compare the SRCREV to the top of cross_prelink. If they don't match, an upgrade is needed. The system currently supports only comparing tags, not comparing commits. I've filed a bug for it long time ago: https://bugzilla.yoctoproject.org/show_bug.cgi?id=8133 and no progress happened. In the meantime, for projects where commit == release, the best we can do is to mark them as 'upstream version cannot be established'. For prelink, also an exclusion of a bogus tag is needed, so you, as the maintainer, won't get reminders to update to it. Alex -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH 2/4] perl: upgrade to 5.26.1
> > Leo, have you tried an oe-core world build with perl 5.26? > So I threw this at the autobuilder. The grid looks really bad but it's entirely git's do_install failing: http://errors.yoctoproject.org/Errors/Latest/Autobuilder/?filter=a128781a065ce3718c4db2d4629672abd0b52b91=commit Ross -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] sqlite3: fix CVE-2017-13685
From: Wenzong FanThe dump_callback function in SQLite 3.20.0 allows remote attackers to cause a denial of service (EXC_BAD_ACCESS and application crash) via a crafted file. Backport patch to fix the issue. Some references: https://sqlite.org/src/info/02f0f4c54f2819b3 http://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg105314.html Signed-off-by: Wenzong Fan --- .../sqlite/files/sqlite3-fix-CVE-2017-13685.patch | 57 ++ meta/recipes-support/sqlite/sqlite3_3.20.0.bb | 1 + 2 files changed, 58 insertions(+) create mode 100644 meta/recipes-support/sqlite/files/sqlite3-fix-CVE-2017-13685.patch diff --git a/meta/recipes-support/sqlite/files/sqlite3-fix-CVE-2017-13685.patch b/meta/recipes-support/sqlite/files/sqlite3-fix-CVE-2017-13685.patch new file mode 100644 index 00..aac428c821 --- /dev/null +++ b/meta/recipes-support/sqlite/files/sqlite3-fix-CVE-2017-13685.patch @@ -0,0 +1,57 @@ +Fix CVE-2017-13685 + +The dump_callback function in SQLite 3.20.0 allows remote attackers to +cause a denial of service (EXC_BAD_ACCESS and application crash) via a +crafted file. + +References: +https://sqlite.org/src/info/02f0f4c54f2819b3 +http://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg105314.html + +Upstream-Status: Backport [https://sqlite.org/src/info/cf0d3715caac9149] + +CVE: CVE-2017-13685 + +Signed-off-by: Wenzong Fan + +Index: src/shell.c +== +--- src/shell.c src/shell.c +@@ -2657,10 +2657,11 @@ + int *aiType /* Column types */ + ){ + int i; + ShellState *p = (ShellState*)pArg; + ++ if( azArg==0 ) return 0; + switch( p->cMode ){ + case MODE_Line: { + int w = 5; + if( azArg==0 ) break; + for(i=0; i n ) appendText(p, "|", 0); + for(i=0; i