[OE-core] [PATCH] nfs-utils: upgrade 2.5.3 -> 2.5.4

[zhengruoqin]

Signed-off-by: Zheng Ruoqin 
---
 .../nfs-utils/{nfs-utils_2.5.3.bb => nfs-utils_2.5.4.bb}| 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-connectivity/nfs-utils/{nfs-utils_2.5.3.bb => 
nfs-utils_2.5.4.bb} (98%)

diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils_2.5.3.bb 
b/meta/recipes-connectivity/nfs-utils/nfs-utils_2.5.4.bb
similarity index 98%
rename from meta/recipes-connectivity/nfs-utils/nfs-utils_2.5.3.bb
rename to meta/recipes-connectivity/nfs-utils/nfs-utils_2.5.4.bb
index d8c6391b3d..5500a9249f 100644
--- a/meta/recipes-connectivity/nfs-utils/nfs-utils_2.5.3.bb
+++ b/meta/recipes-connectivity/nfs-utils/nfs-utils_2.5.4.bb
@@ -31,7 +31,7 @@ SRC_URI = 
"${KERNELORG_MIRROR}/linux/utils/nfs-utils/${PV}/nfs-utils-${PV}.tar.x
file://0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch \
file://clang-warnings.patch \
"
-SRC_URI[sha256sum] = 
"b54d6d8ea2ee62d64111278301ba4631b7bb19174e7f717a724fe5d463900c80"
+SRC_URI[sha256sum] = 
"51997d94e4c8bcef5456dd36a9ccc38e231207c4e9b6a9a2c108841e6aebe3dd"
 
 # Only kernel-module-nfsd is required here (but can be built-in)  - the nfsd 
module will
 # pull in the remainder of the dependencies.
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#153059): 
https://lists.openembedded.org/g/openembedded-core/message/153059
Mute This Topic: https://lists.openembedded.org/mt/83595603/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] python3-dbusmock: upgrade 0.23.0 -> 0.23.1

[zhengruoqin]

Signed-off-by: Zheng Ruoqin 
---
 .../{python3-dbusmock_0.23.0.bb => python3-dbusmock_0.23.1.bb}  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-devtools/python/{python3-dbusmock_0.23.0.bb => 
python3-dbusmock_0.23.1.bb} (83%)

diff --git a/meta/recipes-devtools/python/python3-dbusmock_0.23.0.bb 
b/meta/recipes-devtools/python/python3-dbusmock_0.23.1.bb
similarity index 83%
rename from meta/recipes-devtools/python/python3-dbusmock_0.23.0.bb
rename to meta/recipes-devtools/python/python3-dbusmock_0.23.1.bb
index 80990d8fbb..b5fa1868b8 100644
--- a/meta/recipes-devtools/python/python3-dbusmock_0.23.0.bb
+++ b/meta/recipes-devtools/python/python3-dbusmock_0.23.1.bb
@@ -4,7 +4,7 @@ HOMEPAGE = "https://pypi.org/project/python-dbusmock/;
 LICENSE = "GPL-3.0"
 LIC_FILES_CHKSUM = "file://COPYING;md5=e6a600fd5e1d9cbde2d983680233ad02"
 
-SRC_URI[sha256sum] = 
"8c0b873a3f23869b416b51deeec39b3d5ab4c9875b705fc90ae917e4969c2574"
+SRC_URI[sha256sum] = 
"b5c36a9c9935d1867cf79d8666b08ad906660e6d4d967e9fded4361ad7eef54f"
 
 PYPI_PACKAGE = "python-dbusmock"
 
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#153058): 
https://lists.openembedded.org/g/openembedded-core/message/153058
Mute This Topic: https://lists.openembedded.org/mt/83595581/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] libcomps: upgrade 0.1.16 -> 0.1.17

[zhengruoqin]

refresh 0002-Do-not-set-PYTHON_INSTALL_DIR-by-running-python.patch

Signed-off-by: Zheng Ruoqin 
---
 ...-not-set-PYTHON_INSTALL_DIR-by-running-python.patch | 10 +-
 .../{libcomps_0.1.16.bb => libcomps_0.1.17.bb} |  2 +-
 2 files changed, 6 insertions(+), 6 deletions(-)
 rename meta/recipes-devtools/libcomps/{libcomps_0.1.16.bb => 
libcomps_0.1.17.bb} (94%)

diff --git 
a/meta/recipes-devtools/libcomps/libcomps/0002-Do-not-set-PYTHON_INSTALL_DIR-by-running-python.patch
 
b/meta/recipes-devtools/libcomps/libcomps/0002-Do-not-set-PYTHON_INSTALL_DIR-by-running-python.patch
index 3e9102605b..6cd052889a 100644
--- 
a/meta/recipes-devtools/libcomps/libcomps/0002-Do-not-set-PYTHON_INSTALL_DIR-by-running-python.patch
+++ 
b/meta/recipes-devtools/libcomps/libcomps/0002-Do-not-set-PYTHON_INSTALL_DIR-by-running-python.patch
@@ -10,18 +10,18 @@ Signed-off-by: Alexander Kanavin 
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/libcomps/src/python/src/CMakeLists.txt 
b/libcomps/src/python/src/CMakeLists.txt
-index b9b96ab..6d44567 100644
+index f813af4..9eebb6c 100644
 --- a/libcomps/src/python/src/CMakeLists.txt
 +++ b/libcomps/src/python/src/CMakeLists.txt
-@@ -115,7 +115,7 @@ IF (SKBUILD)
+@@ -85,7 +85,7 @@ IF (SKBUILD)
  INSTALL(FILES libcomps/__init__.py DESTINATION 
libcomps/src/python/src/libcomps)
  INSTALL(TARGETS pycomps LIBRARY DESTINATION 
libcomps/src/python/src/libcomps)
  ELSE ()
--EXECUTE_PROCESS(COMMAND ${PYTHON_EXECUTABLE} -c "from sys import stdout; 
from distutils import sysconfig; stdout.write(sysconfig.get_python_lib(True))" 
OUTPUT_VARIABLE PYTHON_INSTALL_DIR)
-+#EXECUTE_PROCESS(COMMAND ${PYTHON_EXECUTABLE} -c "from sys import stdout; 
from distutils import sysconfig; stdout.write(sysconfig.get_python_lib(True))" 
OUTPUT_VARIABLE PYTHON_INSTALL_DIR)
+-EXECUTE_PROCESS(COMMAND ${PYTHON_EXECUTABLE} -c "from sys import stdout; 
from sysconfig import get_path; stdout.write(get_path('platlib'))" 
OUTPUT_VARIABLE PYTHON_INSTALL_DIR)
++#EXECUTE_PROCESS(COMMAND ${PYTHON_EXECUTABLE} -c "from sys import stdout; 
from sysconfig import get_path; stdout.write(get_path('platlib'))" 
OUTPUT_VARIABLE PYTHON_INSTALL_DIR)
  
  INSTALL(FILES ${pycomps_SRCDIR}/libcomps/__init__.py DESTINATION 
${PYTHON_INSTALL_DIR}/libcomps)
  #INSTALL(FILES ${pycomps_SRCDIR}/tests/__test.py DESTINATION
 -- 
-2.26.2
+2.25.1
 
diff --git a/meta/recipes-devtools/libcomps/libcomps_0.1.16.bb 
b/meta/recipes-devtools/libcomps/libcomps_0.1.17.bb
similarity index 94%
rename from meta/recipes-devtools/libcomps/libcomps_0.1.16.bb
rename to meta/recipes-devtools/libcomps/libcomps_0.1.17.bb
index 851ec5b817..502bc4688b 100644
--- a/meta/recipes-devtools/libcomps/libcomps_0.1.16.bb
+++ b/meta/recipes-devtools/libcomps/libcomps_0.1.17.bb
@@ -9,7 +9,7 @@ SRC_URI = 
"git://github.com/rpm-software-management/libcomps.git \
file://0002-Do-not-set-PYTHON_INSTALL_DIR-by-running-python.patch \
"
 
-SRCREV = "f3289ed1d812648558ab48ade4fae850b375fa65"
+SRCREV = "dfaffdce1969042bda4a184865861573bb07a5a3"
 
 S = "${WORKDIR}/git"
 
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#153057): 
https://lists.openembedded.org/g/openembedded-core/message/153057
Mute This Topic: https://lists.openembedded.org/mt/83595575/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH] arch-armv4: Allow -march=armv4 --> remove qemuarmv5.conf ?

[Khem Raj]

On Wed, Jun 16, 2021 at 4:59 PM Randy MacLeod 
wrote:

> On 2021-06-09 10:17 p.m., Khem Raj wrote:
> > Even though it is deprecated in GCC 6 [1] it has not yet been
> > removed from gcc upstream. We do have active machines in OE
> > ecosystem which use armv4 ( SA11xx ) e.g. collie in meta-handheld
> > so until upstream gcc takes next step to remove them
> > lets support armv4 again, we are still carrying the relevant gcc patch
> > to support v4 BX fix.
> >
> > [1] https://gcc.gnu.org/gcc-6/changes.html#arm
>
>
> Huh, I was going to send an email about removing support for qemuarmv5.
> Do we follow gcc or drop older arches before that?
>

We use armv5te for default tune for that
Machine which is still supported and so is armv4t
Armv4 is a special case where I kept it even after it’s deprecated since
there are users in OE community who are actively using it with master so we
will stretch it to the point where gcc removes it and then perhaps remove
it so no immediate action is needed

As far as armv5 ( without t ) is concerned we can remove it


> Our current list of qemu machines on master is:
>
> meta/conf/machine/qemuarm64.conf
> meta/conf/machine/qemuarm.conf
> meta/conf/machine/qemuarmv5.conf
> meta/conf/machine/qemumips64.conf
> meta/conf/machine/qemumips.conf
> meta/conf/machine/qemuppc64.conf
> meta/conf/machine/qemuppc.conf
> meta/conf/machine/qemuriscv32.conf
> meta/conf/machine/qemuriscv64.conf
> meta/conf/machine/qemux86-64.conf
> meta/conf/machine/qemux86.conf
>
>
> qemuarmv5 was added in:
>
> commit 6fc70eb4f3494bee2be10ee24fe3ea1c8b5ff988
> Author: Jon Mason 
> Date:   Tue Mar 5 17:32:19 2019
>
>  qemuarm: Swap for an arm7ve (A15) configuration
>
>  Add new QEMU BSP for a Arm Cortex-A15 system and use this as qemuarm,
>  moving the old armv5te Versatile PB based machine to qemuarmv5.
>
>  The new machine uses the QEMU virt machine type, which should be
>  faster to emulate and updates the qemuarm support to a modern
>  architecture.
>
>  Signed-off-by: Jon Mason 
>  Signed-off-by: Richard Purdie 
>
>
> ../Randy
>
> >
> > Signed-off-by: Khem Raj 
> > Cc: Andrea Adami 
> > ---
> >   meta/conf/machine/include/arm/arch-armv4.inc | 2 +-
> >   1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/meta/conf/machine/include/arm/arch-armv4.inc
> b/meta/conf/machine/include/arm/arch-armv4.inc
> > index fac2bdf952..b71739c20a 100644
> > --- a/meta/conf/machine/include/arm/arch-armv4.inc
> > +++ b/meta/conf/machine/include/arm/arch-armv4.inc
> > @@ -2,7 +2,7 @@ DEFAULTTUNE ?= "armv4"
> >
> >   TUNEVALID[arm] = "Enable ARM instruction set"
> >   TUNEVALID[armv4] = "Enable instructions for ARMv4"
> > -TUNE_CCARGS .= "${@bb.utils.contains('TUNE_FEATURES', 'armv4', '
> -march=armv4t', '', d)}"
> > +TUNE_CCARGS .= "${@bb.utils.contains('TUNE_FEATURES', 'armv4', '
> -march=armv4${ARMPKGSFX_THUMB}', '', d)}"
> >   # enable --fix-v4bx when we have armv4 in TUNE_FEATURES, but then
> disable it when we have also armv5 or thumb
> >   # maybe we should extend bb.utils.contains to support check for any
> checkvalues in value, now it does
> >   # checkvalues.issubset(val) which cannot be used for negative test of
> foo neither bar in value
> >
> >
> >
> > 
> >
>
>
> --
> # Randy MacLeod
> # Wind River Linux
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#153056): 
https://lists.openembedded.org/g/openembedded-core/message/153056
Mute This Topic: https://lists.openembedded.org/mt/83594022/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] blktrace: upgrade 1.2.0 -> 1.3.0

[wangmy]

CVE-2018-10689.patch
ldflags.patch
make-btt-scripts-python3-ready.patch
removed since they're included in 1.3.0

Signed-off-by: Wang Mingyu 
---
 .../blktrace/blktrace/CVE-2018-10689.patch| 150 -
 .../blktrace/blktrace/ldflags.patch   | 114 --
 .../make-btt-scripts-python3-ready.patch  | 197 --
 meta/recipes-kernel/blktrace/blktrace_git.bb  |  10 +-
 4 files changed, 3 insertions(+), 468 deletions(-)
 delete mode 100644 meta/recipes-kernel/blktrace/blktrace/CVE-2018-10689.patch
 delete mode 100644 meta/recipes-kernel/blktrace/blktrace/ldflags.patch
 delete mode 100644 
meta/recipes-kernel/blktrace/blktrace/make-btt-scripts-python3-ready.patch

diff --git a/meta/recipes-kernel/blktrace/blktrace/CVE-2018-10689.patch 
b/meta/recipes-kernel/blktrace/blktrace/CVE-2018-10689.patch
deleted file mode 100644
index 7b58568d59..00
--- a/meta/recipes-kernel/blktrace/blktrace/CVE-2018-10689.patch
+++ /dev/null
@@ -1,150 +0,0 @@
-From d61ff409cb4dda31386373d706ea0cfb1aaac5b7 Mon Sep 17 00:00:00 2001
-From: Jens Axboe 
-Date: Wed, 2 May 2018 10:24:17 -0600
-Subject: [PATCH] btt: make device/devno use PATH_MAX to avoid overflow
-
-Herbo Zhang reports:
-
-I found a bug in blktrace/btt/devmap.c. The code is just as follows:
-
-https://git.kernel.org/pub/scm/linux/kernel/git/axboe/blktrace.git/tree/btt/devmap.c?id=8349ad2f2d19422a6241f94ea84d696b21de4757
-
-   struct devmap {
-
-struct list_head head;
-char device[32], devno[32];// #1
-};
-
-LIST_HEAD(all_devmaps);
-
-static int dev_map_add(char *line)
-{
-struct devmap *dmp;
-
-if (strstr(line, "Device") != NULL)
-return 1;
-
-dmp = malloc(sizeof(struct devmap));
-if (sscanf(line, "%s %s", dmp->device, dmp->devno) != 2) {  //#2
-free(dmp);
-return 1;
-}
-
-list_add_tail(>head, _devmaps);
-return 0;
-}
-
-int dev_map_read(char *fname)
-{
-char line[256];   // #3
-FILE *fp = my_fopen(fname, "r");
-
-if (!fp) {
-perror(fname);
-return 1;
-}
-
-while (fscanf(fp, "%255[a-zA-Z0-9 :.,/_-]\n", line) == 1) {
-if (dev_map_add(line))
-break;
-}
-
-fclose(fp);
-return 0;
-}
-
- The line length is 256, but the dmp->device, dmp->devno  max length
-is only 32. We can put strings longer than 32 into dmp->device and
-dmp->devno , and then they will be overflowed.
-
- we can trigger this bug just as follows:
-
- $ python -c "print 'A'*256" > ./test
-$ btt -M ./test
-
-*** Error in btt': free(): invalid next size (fast): 0x55ad7349b250 ***
-=== Backtrace: =
-/lib/x86_64-linux-gnu/libc.so.6(+0x777e5)[0x7f7f158ce7e5]
-/lib/x86_64-linux-gnu/libc.so.6(+0x7fe0a)[0x7f7f158d6e0a]
-/lib/x86_64-linux-gnu/libc.so.6(cfree+0x4c)[0x7f7f158da98c]
-btt(+0x32e0)[0x55ad7306f2e0]
-btt(+0x2c5f)[0x55ad7306ec5f]
-btt(+0x251f)[0x55ad7306e51f]
-/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf0)[0x7f7f15877830]
-btt(+0x26b9)[0x55ad7306e6b9]
-=== Memory map: 
-55ad7306c000-55ad7307f000 r-xp  08:14 3698139
-  /usr/bin/btt
-55ad7327e000-55ad7327f000 r--p 00012000 08:14 3698139
-  /usr/bin/btt
-55ad7327f000-55ad7328 rw-p 00013000 08:14 3698139
-  /usr/bin/btt
-55ad7328-55ad73285000 rw-p  00:00 0
-55ad7349a000-55ad734bb000 rw-p  00:00 0
-  [heap]
-7f7f1000-7f7f10021000 rw-p  00:00 0
-7f7f10021000-7f7f1400 ---p  00:00 0
-7f7f1564-7f7f15656000 r-xp  08:14 14942237
-  /lib/x86_64-linux-gnu/libgcc_s.so.1
-7f7f15656000-7f7f15855000 ---p 00016000 08:14 14942237
-  /lib/x86_64-linux-gnu/libgcc_s.so.1
-7f7f15855000-7f7f15856000 r--p 00015000 08:14 14942237
-  /lib/x86_64-linux-gnu/libgcc_s.so.1
-7f7f15856000-7f7f15857000 rw-p 00016000 08:14 14942237
-  /lib/x86_64-linux-gnu/libgcc_s.so.1
-7f7f15857000-7f7f15a16000 r-xp  08:14 14948477
-  /lib/x86_64-linux-gnu/libc-2.23.so
-7f7f15a16000-7f7f15c16000 ---p 001bf000 08:14 14948477
-  /lib/x86_64-linux-gnu/libc-2.23.so
-7f7f15c16000-7f7f15c1a000 r--p 001bf000 08:14 14948477
-  /lib/x86_64-linux-gnu/libc-2.23.so
-7f7f15c1a000-7f7f15c1c000 rw-p 001c3000 08:14 14948477
-  /lib/x86_64-linux-gnu/libc-2.23.so
-7f7f15c1c000-7f7f15c2 rw-p  00:00 0
-7f7f15c2-7f7f15c46000 r-xp  08:14 14948478
-  /lib/x86_64-linux-gnu/ld-2.23.so
-7f7f15e16000-7f7f15e19000 rw-p  00:00 0
-7f7f15e42000-7f7f15e45000 rw-p  00:00 0
-7f7f15e45000-7f7f15e46000 r--p 00025000 08:14 14948478
-  /lib/x86_64-linux-gnu/ld-2.23.so
-7f7f15e46000-7f7f15e47000 rw-p 00026000 08:14 14948478
-  /lib/x86_64-linux-gnu/ld-2.23.so
-7f7f15e47000-7f7f15e48000 rw-p  00:00 0
-7ffdebe5c000-7ffdebe7d000 rw-p  00:00 0
-  [stack]
-7ffdebebc000-7ffdebebe000 r--p  00:00 0
-  [vvar]
-7ffdebebe000-7ffdebec r-xp  00:00 0
-  [vdso]
-ff60-ff601000 r-xp  

[OE-core] [PATCH] librepo: upgrade 1.14.0 -> 1.14.1

[wangmy]

refresh 0002-Do-not-try-to-obtain-PYTHON_INSTALL_DIR-by-running-p.patch

Signed-off-by: Wang Mingyu 
---
 ...o-obtain-PYTHON_INSTALL_DIR-by-running-p.patch | 15 +--
 .../{librepo_1.14.0.bb => librepo_1.14.1.bb}  |  2 +-
 2 files changed, 10 insertions(+), 7 deletions(-)
 rename meta/recipes-devtools/librepo/{librepo_1.14.0.bb => librepo_1.14.1.bb} 
(94%)

diff --git 
a/meta/recipes-devtools/librepo/librepo/0002-Do-not-try-to-obtain-PYTHON_INSTALL_DIR-by-running-p.patch
 
b/meta/recipes-devtools/librepo/librepo/0002-Do-not-try-to-obtain-PYTHON_INSTALL_DIR-by-running-p.patch
index 46ab9a1132..2ea50f00ff 100644
--- 
a/meta/recipes-devtools/librepo/librepo/0002-Do-not-try-to-obtain-PYTHON_INSTALL_DIR-by-running-p.patch
+++ 
b/meta/recipes-devtools/librepo/librepo/0002-Do-not-try-to-obtain-PYTHON_INSTALL_DIR-by-running-p.patch
@@ -5,13 +5,13 @@ Subject: [PATCH] Do not try to obtain PYTHON_INSTALL_DIR by 
running python.
 
 Upstream-Status: Inappropriate [oe-core specific]
 Signed-off-by: Alexander Kanavin 
-
+Signed-off-by: Wang Mingyu 
 ---
  librepo/python/CMakeLists.txt | 12 ++--
  1 file changed, 6 insertions(+), 6 deletions(-)
 
 diff --git a/librepo/python/CMakeLists.txt b/librepo/python/CMakeLists.txt
-index 52fc39e..2024407 100644
+index 8523ca7..06e5f7b 100644
 --- a/librepo/python/CMakeLists.txt
 +++ b/librepo/python/CMakeLists.txt
 @@ -16,12 +16,12 @@ SET (librepomodule_SRCS
@@ -20,16 +20,19 @@ index 52fc39e..2024407 100644
  
 -EXECUTE_PROCESS(COMMAND ${PYTHON_EXECUTABLE} -c "
 -from sys import stdout
--from distutils import sysconfig
--path=sysconfig.get_python_lib(True, prefix='${CMAKE_INSTALL_PREFIX}')
+-from sysconfig import get_path
+-path=get_path(name='platlib', vars={'platbase':'${CMAKE_INSTALL_PREFIX}'})
 -stdout.write(path)"
 -OUTPUT_VARIABLE PYTHON_INSTALL_DIR)
 +#EXECUTE_PROCESS(COMMAND ${PYTHON_EXECUTABLE} -c "
 +#from sys import stdout
-+#from distutils import sysconfig
-+#path=sysconfig.get_python_lib(True, prefix='${CMAKE_INSTALL_PREFIX}')
++#from sysconfig import get_path
++#path=get_path(name='platlib', vars={'platbase':'${CMAKE_INSTALL_PREFIX}'})
 +#stdout.write(path)"
 +#OUTPUT_VARIABLE PYTHON_INSTALL_DIR)
  INCLUDE_DIRECTORIES (${PYTHON_INCLUDE_PATH})
  
  MESSAGE(STATUS "Python3 install dir is ${PYTHON_INSTALL_DIR}")
+-- 
+2.25.1
+
diff --git a/meta/recipes-devtools/librepo/librepo_1.14.0.bb 
b/meta/recipes-devtools/librepo/librepo_1.14.1.bb
similarity index 94%
rename from meta/recipes-devtools/librepo/librepo_1.14.0.bb
rename to meta/recipes-devtools/librepo/librepo_1.14.1.bb
index 109b40ce3d..8676452587 100644
--- a/meta/recipes-devtools/librepo/librepo_1.14.0.bb
+++ b/meta/recipes-devtools/librepo/librepo_1.14.1.bb
@@ -10,7 +10,7 @@ SRC_URI = 
"git://github.com/rpm-software-management/librepo.git \

file://0004-Set-gpgme-variables-with-pkg-config-not-with-cmake-m.patch \
"
 
-SRCREV = "88b769eceefc1b151937e6b54d108b48f2177d87"
+SRCREV = "c5fe6b85b47f2e4f7a37cff3f3214205d1b54db5"
 
 S = "${WORKDIR}/git"
 
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#153055): 
https://lists.openembedded.org/g/openembedded-core/message/153055
Mute This Topic: https://lists.openembedded.org/mt/83594290/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] createrepo-c: upgrade 0.17.2 -> 0.17.3

[wangmy]

refresh 0001-Do-not-set-PYTHON_INSTALL_DIR-by-running-python.patch

Signed-off-by: Wang Mingyu 
---
 ...not-set-PYTHON_INSTALL_DIR-by-running-python.patch | 11 +++
 ...{createrepo-c_0.17.2.bb => createrepo-c_0.17.3.bb} |  2 +-
 2 files changed, 8 insertions(+), 5 deletions(-)
 rename meta/recipes-devtools/createrepo-c/{createrepo-c_0.17.2.bb => 
createrepo-c_0.17.3.bb} (96%)

diff --git 
a/meta/recipes-devtools/createrepo-c/createrepo-c/0001-Do-not-set-PYTHON_INSTALL_DIR-by-running-python.patch
 
b/meta/recipes-devtools/createrepo-c/createrepo-c/0001-Do-not-set-PYTHON_INSTALL_DIR-by-running-python.patch
index 4b844574ea..b63fe53944 100644
--- 
a/meta/recipes-devtools/createrepo-c/createrepo-c/0001-Do-not-set-PYTHON_INSTALL_DIR-by-running-python.patch
+++ 
b/meta/recipes-devtools/createrepo-c/createrepo-c/0001-Do-not-set-PYTHON_INSTALL_DIR-by-running-python.patch
@@ -5,21 +5,24 @@ Subject: [PATCH] Do not set PYTHON_INSTALL_DIR by running 
python
 
 Upstream-Status: Inappropriate [oe-core specific]
 Signed-off-by: Alexander Kanavin 
-
+Signed-off-by: Wang Mingyu 
 ---
  src/python/CMakeLists.txt | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/src/python/CMakeLists.txt b/src/python/CMakeLists.txt
-index ecc262d..a86514c 100644
+index a31b14d..01fd8ca 100644
 --- a/src/python/CMakeLists.txt
 +++ b/src/python/CMakeLists.txt
 @@ -14,7 +14,7 @@ if (NOT SKBUILD)
  FIND_PACKAGE(PythonLibs 3 REQUIRED)
  endif (NOT SKBUILD)
  
--EXECUTE_PROCESS(COMMAND ${PYTHON_EXECUTABLE} -c "from sys import stdout; from 
distutils import sysconfig; stdout.write(sysconfig.get_python_lib(True))" 
OUTPUT_VARIABLE PYTHON_INSTALL_DIR)
-+#EXECUTE_PROCESS(COMMAND ${PYTHON_EXECUTABLE} -c "from sys import stdout; 
from distutils import sysconfig; stdout.write(sysconfig.get_python_lib(True))" 
OUTPUT_VARIABLE PYTHON_INSTALL_DIR)
+-EXECUTE_PROCESS(COMMAND ${PYTHON_EXECUTABLE} -c "from sys import stdout; from 
sysconfig import get_path; stdout.write(get_path('platlib'))" OUTPUT_VARIABLE 
PYTHON_INSTALL_DIR)
++#EXECUTE_PROCESS(COMMAND ${PYTHON_EXECUTABLE} -c "from sys import stdout; 
from sysconfig import get_path; stdout.write(get_path('platlib'))" 
OUTPUT_VARIABLE PYTHON_INSTALL_DIR)
  INCLUDE_DIRECTORIES (${PYTHON_INCLUDE_PATH})
  
  MESSAGE(STATUS "Python install dir is ${PYTHON_INSTALL_DIR}")
+-- 
+2.25.1
+
diff --git a/meta/recipes-devtools/createrepo-c/createrepo-c_0.17.2.bb 
b/meta/recipes-devtools/createrepo-c/createrepo-c_0.17.3.bb
similarity index 96%
rename from meta/recipes-devtools/createrepo-c/createrepo-c_0.17.2.bb
rename to meta/recipes-devtools/createrepo-c/createrepo-c_0.17.3.bb
index 76bdd69836..481c4bff29 100644
--- a/meta/recipes-devtools/createrepo-c/createrepo-c_0.17.2.bb
+++ b/meta/recipes-devtools/createrepo-c/createrepo-c_0.17.3.bb
@@ -8,7 +8,7 @@ SRC_URI = 
"git://github.com/rpm-software-management/createrepo_c \
file://0001-Do-not-set-PYTHON_INSTALL_DIR-by-running-python.patch \
"
 
-SRCREV = "8eff6ed99f5fd0ba844cb8513963435caab5fd3c"
+SRCREV = "8196982f0974c268898a5550d61b374bd58103e2"
 
 S = "${WORKDIR}/git"
 
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#153054): 
https://lists.openembedded.org/g/openembedded-core/message/153054
Mute This Topic: https://lists.openembedded.org/mt/83594289/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] enchant2: upgrade 2.2.15 -> 2.3.0

[wangmy]

Signed-off-by: Wang Mingyu 
---
 .../enchant/{enchant2_2.2.15.bb => enchant2_2.3.0.bb}   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-support/enchant/{enchant2_2.2.15.bb => enchant2_2.3.0.bb} 
(92%)

diff --git a/meta/recipes-support/enchant/enchant2_2.2.15.bb 
b/meta/recipes-support/enchant/enchant2_2.3.0.bb
similarity index 92%
rename from meta/recipes-support/enchant/enchant2_2.2.15.bb
rename to meta/recipes-support/enchant/enchant2_2.3.0.bb
index ed87f11a8a..5d0f10d0bc 100644
--- a/meta/recipes-support/enchant/enchant2_2.2.15.bb
+++ b/meta/recipes-support/enchant/enchant2_2.3.0.bb
@@ -12,7 +12,7 @@ DEPENDS = "glib-2.0"
 inherit autotools pkgconfig
 
 SRC_URI = 
"https://github.com/AbiWord/enchant/releases/download/v${PV}/enchant-${PV}.tar.gz;
-SRC_URI[sha256sum] = 
"3b0f2215578115f28e2a6aa549b35128600394304bd79d6f28b0d3b3d6f46c03"
+SRC_URI[sha256sum] = 
"df68063b6c13b245fa7246b0e098a03e74f7a91c6d8947bc5c4f42ce55e2e41d"
 
 UPSTREAM_CHECK_URI = "https://github.com/AbiWord/enchant/releases;
 
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#153053): 
https://lists.openembedded.org/g/openembedded-core/message/153053
Mute This Topic: https://lists.openembedded.org/mt/83594288/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH] arch-armv4: Allow -march=armv4 --> remove qemuarmv5.conf ?

[Randy MacLeod]

On 2021-06-09 10:17 p.m., Khem Raj wrote:

Even though it is deprecated in GCC 6 [1] it has not yet been
removed from gcc upstream. We do have active machines in OE
ecosystem which use armv4 ( SA11xx ) e.g. collie in meta-handheld
so until upstream gcc takes next step to remove them
lets support armv4 again, we are still carrying the relevant gcc patch
to support v4 BX fix.

[1] https://gcc.gnu.org/gcc-6/changes.html#arm



Huh, I was going to send an email about removing support for qemuarmv5.
Do we follow gcc or drop older arches before that?

Our current list of qemu machines on master is:

meta/conf/machine/qemuarm64.conf
meta/conf/machine/qemuarm.conf
meta/conf/machine/qemuarmv5.conf
meta/conf/machine/qemumips64.conf
meta/conf/machine/qemumips.conf
meta/conf/machine/qemuppc64.conf
meta/conf/machine/qemuppc.conf
meta/conf/machine/qemuriscv32.conf
meta/conf/machine/qemuriscv64.conf
meta/conf/machine/qemux86-64.conf
meta/conf/machine/qemux86.conf


qemuarmv5 was added in:

commit 6fc70eb4f3494bee2be10ee24fe3ea1c8b5ff988
Author: Jon Mason 
Date:   Tue Mar 5 17:32:19 2019

qemuarm: Swap for an arm7ve (A15) configuration

Add new QEMU BSP for a Arm Cortex-A15 system and use this as qemuarm,
moving the old armv5te Versatile PB based machine to qemuarmv5.

The new machine uses the QEMU virt machine type, which should be
faster to emulate and updates the qemuarm support to a modern
architecture.

Signed-off-by: Jon Mason 
Signed-off-by: Richard Purdie 


../Randy



Signed-off-by: Khem Raj 
Cc: Andrea Adami 
---
  meta/conf/machine/include/arm/arch-armv4.inc | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/conf/machine/include/arm/arch-armv4.inc 
b/meta/conf/machine/include/arm/arch-armv4.inc
index fac2bdf952..b71739c20a 100644
--- a/meta/conf/machine/include/arm/arch-armv4.inc
+++ b/meta/conf/machine/include/arm/arch-armv4.inc
@@ -2,7 +2,7 @@ DEFAULTTUNE ?= "armv4"
  
  TUNEVALID[arm] = "Enable ARM instruction set"

  TUNEVALID[armv4] = "Enable instructions for ARMv4"
-TUNE_CCARGS .= "${@bb.utils.contains('TUNE_FEATURES', 'armv4', ' -march=armv4t', 
'', d)}"
+TUNE_CCARGS .= "${@bb.utils.contains('TUNE_FEATURES', 'armv4', ' 
-march=armv4${ARMPKGSFX_THUMB}', '', d)}"
  # enable --fix-v4bx when we have armv4 in TUNE_FEATURES, but then disable it 
when we have also armv5 or thumb
  # maybe we should extend bb.utils.contains to support check for any 
checkvalues in value, now it does
  # checkvalues.issubset(val) which cannot be used for negative test of foo 
neither bar in value








--
# Randy MacLeod
# Wind River Linux

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#153051): 
https://lists.openembedded.org/g/openembedded-core/message/153051
Mute This Topic: https://lists.openembedded.org/mt/83594022/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] alsa-topology-conf: upgrade 1.2.5 -> 1.2.5.1

[wangmy]

Signed-off-by: Wang Mingyu 
---
 ...sa-topology-conf_1.2.5.bb => alsa-topology-conf_1.2.5.1.bb} | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)
 rename meta/recipes-multimedia/alsa/{alsa-topology-conf_1.2.5.bb => 
alsa-topology-conf_1.2.5.1.bb} (84%)

diff --git a/meta/recipes-multimedia/alsa/alsa-topology-conf_1.2.5.bb 
b/meta/recipes-multimedia/alsa/alsa-topology-conf_1.2.5.1.bb
similarity index 84%
rename from meta/recipes-multimedia/alsa/alsa-topology-conf_1.2.5.bb
rename to meta/recipes-multimedia/alsa/alsa-topology-conf_1.2.5.1.bb
index a6b2d7a608..c96826c4bd 100644
--- a/meta/recipes-multimedia/alsa/alsa-topology-conf_1.2.5.bb
+++ b/meta/recipes-multimedia/alsa/alsa-topology-conf_1.2.5.1.bb
@@ -8,9 +8,8 @@ LICENSE = "BSD-3-Clause"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=20d74d74db9741697903372ad001d3b4"
 
 SRC_URI = "https://www.alsa-project.org/files/pub/lib/${BP}.tar.bz2;
-SRC_URI[sha256sum] = 
"8bfa8306ca63e1d0cbe80be984660273b91bd5b7dd0800a6c5aa71dd8c8d775c"
+SRC_URI[sha256sum] = 
"f7c5bae1545abcd73824bc97f4e72c340e11abea188ba0f1c06f5e0ad776b179"
 # Something went wrong at upstream tarballing
-S = "${WORKDIR}/${BPN}-1.2.4.2.g15998"
 
 inherit allarch
 
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#153047): 
https://lists.openembedded.org/g/openembedded-core/message/153047
Mute This Topic: https://lists.openembedded.org/mt/83593928/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] alsa-ucm-conf: upgrade 1.2.5 -> 1.2.5.1

[wangmy]

Signed-off-by: Wang Mingyu 
---
 .../alsa/{alsa-ucm-conf_1.2.5.bb => alsa-ucm-conf_1.2.5.1.bb}  | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)
 rename meta/recipes-multimedia/alsa/{alsa-ucm-conf_1.2.5.bb => 
alsa-ucm-conf_1.2.5.1.bb} (85%)

diff --git a/meta/recipes-multimedia/alsa/alsa-ucm-conf_1.2.5.bb 
b/meta/recipes-multimedia/alsa/alsa-ucm-conf_1.2.5.1.bb
similarity index 85%
rename from meta/recipes-multimedia/alsa/alsa-ucm-conf_1.2.5.bb
rename to meta/recipes-multimedia/alsa/alsa-ucm-conf_1.2.5.1.bb
index 5de7185895..4d5f3742f0 100644
--- a/meta/recipes-multimedia/alsa/alsa-ucm-conf_1.2.5.bb
+++ b/meta/recipes-multimedia/alsa/alsa-ucm-conf_1.2.5.1.bb
@@ -8,9 +8,8 @@ LICENSE = "BSD-3-Clause"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=20d74d74db9741697903372ad001d3b4"
 
 SRC_URI = "https://www.alsa-project.org/files/pub/lib/${BP}.tar.bz2;
-SRC_URI[sha256sum] = 
"093ae3d85a5e6fd2cd1cc27feda400d7191382fb8b5e5e23497286c87c1507a5"
+SRC_URI[sha256sum] = 
"5841a444166dcbf479db751303dbc3556f685085ac7e00f0c9e7755676195d97"
 # Something went wrong at upstream tarballing
-S = "${WORKDIR}/${BPN}-1.2.4.81.g4884e"
 
 inherit allarch
 
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#153050): 
https://lists.openembedded.org/g/openembedded-core/message/153050
Mute This Topic: https://lists.openembedded.org/mt/83593932/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] alsa-utils: upgrade 1.2.5 -> 1.2.5.1

[wangmy]

0001-utils.c-Include-limits.h-explicitly-to-fix-build-on-.patch
removed since it is included in 1.2.5.1

Signed-off-by: Wang Mingyu 
---
 ...1.2.5.bb => alsa-utils-scripts_1.2.5.1.bb} |  0
 meta/recipes-multimedia/alsa/alsa-utils.inc   |  5 +--
 ...a-utils_1.2.5.bb => alsa-utils_1.2.5.1.bb} |  0
 ...limits.h-explicitly-to-fix-build-on-.patch | 37 ---
 4 files changed, 2 insertions(+), 40 deletions(-)
 rename meta/recipes-multimedia/alsa/{alsa-utils-scripts_1.2.5.bb => 
alsa-utils-scripts_1.2.5.1.bb} (100%)
 rename meta/recipes-multimedia/alsa/{alsa-utils_1.2.5.bb => 
alsa-utils_1.2.5.1.bb} (100%)
 delete mode 100644 
meta/recipes-multimedia/alsa/files/0001-utils.c-Include-limits.h-explicitly-to-fix-build-on-.patch

diff --git a/meta/recipes-multimedia/alsa/alsa-utils-scripts_1.2.5.bb 
b/meta/recipes-multimedia/alsa/alsa-utils-scripts_1.2.5.1.bb
similarity index 100%
rename from meta/recipes-multimedia/alsa/alsa-utils-scripts_1.2.5.bb
rename to meta/recipes-multimedia/alsa/alsa-utils-scripts_1.2.5.1.bb
diff --git a/meta/recipes-multimedia/alsa/alsa-utils.inc 
b/meta/recipes-multimedia/alsa/alsa-utils.inc
index a017b02faf..733bb2456c 100644
--- a/meta/recipes-multimedia/alsa/alsa-utils.inc
+++ b/meta/recipes-multimedia/alsa/alsa-utils.inc
@@ -23,9 +23,8 @@ PACKAGECONFIG[udev] = "--with-udev-rules-dir=`pkg-config 
--variable=udevdir udev
 PACKAGECONFIG[manpages] = "--enable-xmlto, --disable-xmlto, xmlto-native 
docbook-xml-dtd4-native docbook-xsl-stylesheets-native"

 # alsa-utils specified in SRC_URI due to alsa-utils-scripts recipe
-SRC_URI = 
"https://www.alsa-project.org/files/pub/utils/alsa-utils-${PV}.tar.bz2 \
-   
file://0001-utils.c-Include-limits.h-explicitly-to-fix-build-on-.patch"
-SRC_URI[sha256sum] = 
"09970af05838b30001ca93ba27cb85b24c45056c70a80066c3ece6abe5a19997"
+SRC_URI = 
"https://www.alsa-project.org/files/pub/utils/alsa-utils-${PV}.tar.bz2;
+SRC_URI[sha256sum] = 
"9c169ae37a49295f9b97b92ace772803daf6b6510a19574e0b78f87e562118d0"

 # On build machines with python-docutils (not python3-docutils !!) installed
 # rst2man (not rst2man.py) is detected and compile fails with
diff --git a/meta/recipes-multimedia/alsa/alsa-utils_1.2.5.bb 
b/meta/recipes-multimedia/alsa/alsa-utils_1.2.5.1.bb
similarity index 100%
rename from meta/recipes-multimedia/alsa/alsa-utils_1.2.5.bb
rename to meta/recipes-multimedia/alsa/alsa-utils_1.2.5.1.bb
diff --git 
a/meta/recipes-multimedia/alsa/files/0001-utils.c-Include-limits.h-explicitly-to-fix-build-on-.patch
 
b/meta/recipes-multimedia/alsa/files/0001-utils.c-Include-limits.h-explicitly-to-fix-build-on-.patch
deleted file mode 100644
index 445f3ecade..00
--- 
a/meta/recipes-multimedia/alsa/files/0001-utils.c-Include-limits.h-explicitly-to-fix-build-on-.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From b20cb6ef5e3f331181b93e39293602ad2c774af8 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Andreas=20M=C3=BCller?= 
-Date: Thu, 3 Jun 2021 16:07:10 +0200
-Subject: [PATCH] utils.c: Include limits.h explicitly to fix build on musl
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Fixes:
-| ../../alsa-utils-1.2.5/alsactl/utils.c: In function 'snd_card_clean_cfgdir':
-| ../../alsa-utils-1.2.5/alsactl/utils.c:309:19: error: 'PATH_MAX' undeclared 
(first use in this function)
-|   309 | char path[PATH_MAX];
-|   |   ^~~~
-| ../../alsa-utils-1.2.5/alsactl/utils.c:309:19: note: each undeclared 
identifier is reported only once for each function it appears in
-
-Upstream-Status: Submitted [https://github.com/alsa-project/alsa-utils/pull/92]
-
-Signed-off-by: Andreas M??ller 

- alsactl/utils.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/alsactl/utils.c b/alsactl/utils.c
-index 881b505..1a4896b 100644
 a/alsactl/utils.c
-+++ b/alsactl/utils.c
-@@ -30,6 +30,7 @@
- #include 
- #include 
- #include 
-+#include 
- #include "alsactl.h"
-
- int file_map(const char *filename, char **buf, size_t *bufsize)
---
-2.31.1
-
--
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#153049): 
https://lists.openembedded.org/g/openembedded-core/message/153049
Mute This Topic: https://lists.openembedded.org/mt/83593931/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] alsa-lib: upgrade 1.2.5 -> 1.2.5.1

[wangmy]

0001-ucm_exec.c-Include-limits.h-explicitly-to-fix-build-.patch
removed since it is included in 1.2.5.1

Signed-off-by: Wang Mingyu 
---
 ...de-limits.h-explicitly-to-fix-build-.patch | 41 ---
 ...{alsa-lib_1.2.5.bb => alsa-lib_1.2.5.1.bb} |  5 +--
 2 files changed, 2 insertions(+), 44 deletions(-)
 delete mode 100644 
meta/recipes-multimedia/alsa/alsa-lib/0001-ucm_exec.c-Include-limits.h-explicitly-to-fix-build-.patch
 rename meta/recipes-multimedia/alsa/{alsa-lib_1.2.5.bb => alsa-lib_1.2.5.1.bb} 
(88%)

diff --git 
a/meta/recipes-multimedia/alsa/alsa-lib/0001-ucm_exec.c-Include-limits.h-explicitly-to-fix-build-.patch
 
b/meta/recipes-multimedia/alsa/alsa-lib/0001-ucm_exec.c-Include-limits.h-explicitly-to-fix-build-.patch
deleted file mode 100644
index 8752ef0dc0..00
--- 
a/meta/recipes-multimedia/alsa/alsa-lib/0001-ucm_exec.c-Include-limits.h-explicitly-to-fix-build-.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From 26ab44c99e9f370e3da0c18982fa482e2e55f0a8 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Andreas=20M=C3=BCller?= 
-Date: Thu, 3 Jun 2021 12:29:03 +0200
-Subject: [PATCH] ucm_exec.c: Include limits.h explicitly to fix build on musl
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Fixes:
-| ../../../alsa-lib-1.2.5/src/ucm/ucm_exec.c: In function 'find_exec':
-| ../../../alsa-lib-1.2.5/src/ucm/ucm_exec.c:43:18: error: 'PATH_MAX' 
undeclared (first use in this function)
-|43 | char bin[PATH_MAX];
-|   |  ^~~~
-| ../../../alsa-lib-1.2.5/src/ucm/ucm_exec.c:43:18: note: each undeclared 
identifier is reported only once for each function it appears in
-| ../../../alsa-lib-1.2.5/src/ucm/ucm_exec.c: In function 'uc_mgr_exec':
-| ../../../alsa-lib-1.2.5/src/ucm/ucm_exec.c:177:18: error: 'PATH_MAX' 
undeclared (first use in this function)
-|   177 | char bin[PATH_MAX];
-|   |  ^~~~
-
-Upstream-Status: Submitted [https://github.com/alsa-project/alsa-lib/pull/145]
-
-Signed-off-by: Andreas M??ller 

- src/ucm/ucm_exec.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/src/ucm/ucm_exec.c b/src/ucm/ucm_exec.c
-index d83206d0..4ddf5d15 100644
 a/src/ucm/ucm_exec.c
-+++ b/src/ucm/ucm_exec.c
-@@ -30,6 +30,7 @@
- #include "ucm_local.h"
- #include 
- #include 
-+#include 
- #include 
-
- static pthread_mutex_t fork_lock = PTHREAD_MUTEX_INITIALIZER;
---
-2.31.1
-
diff --git a/meta/recipes-multimedia/alsa/alsa-lib_1.2.5.bb 
b/meta/recipes-multimedia/alsa/alsa-lib_1.2.5.1.bb
similarity index 88%
rename from meta/recipes-multimedia/alsa/alsa-lib_1.2.5.bb
rename to meta/recipes-multimedia/alsa/alsa-lib_1.2.5.1.bb
index 1d6a9655f6..151d63c0e8 100644
--- a/meta/recipes-multimedia/alsa/alsa-lib_1.2.5.bb
+++ b/meta/recipes-multimedia/alsa/alsa-lib_1.2.5.1.bb
@@ -9,9 +9,8 @@ LIC_FILES_CHKSUM = 
"file://COPYING;md5=a916467b91076e631dd8edb7424769c7 \
 
file://src/socket.c;md5=285675b45e83f571c6a957fe4ab79c93;beginline=9;endline=24 
\
 "

-SRC_URI = "https://www.alsa-project.org/files/pub/lib/${BP}.tar.bz2 \
-   
file://0001-ucm_exec.c-Include-limits.h-explicitly-to-fix-build-.patch"
-SRC_URI[sha256sum] = 
"9092894a8c083b33acf8d6deb901b58f5d20d6da583789f814e8e46f2850ef18"
+SRC_URI = "https://www.alsa-project.org/files/pub/lib/${BP}.tar.bz2;
+SRC_URI[sha256sum] = 
"628421d950cecaf234de3f899d520c0a6923313c964ad751ffac081df331438e"

 inherit autotools pkgconfig

--
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#153048): 
https://lists.openembedded.org/g/openembedded-core/message/153048
Mute This Topic: https://lists.openembedded.org/mt/83593929/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH 04/10] cmake: update 3.20.2 -> 3.20.3

[Richard Purdie]

On Sun, 2021-06-06 at 21:51 +0200, Alexander Kanavin wrote:
> On Sun, 6 Jun 2021 at 01:10, Richard Purdie 
>  wrote:
> > I tried again with the autobuilder, still fails:
> > 
> > https://autobuilder.yoctoproject.org/typhoon/#/builders/48/builds/3516
> > 
> > so whatever it is, it is still "live".
> > 
> 
> 
> I did some digging. The issue happens when:
> - host is centos8
> - SDKMACHINE is i686 (e.g. cmake is 32 bit)
> 
> Then there's a failing syscall attempting to set file times:
> utimensat_time64(AT_FDCWD, 
> "../install/usr/local/lib/cmake/assimp-4.1/assimp-config.cmake",
> [{tv_sec=1622966723, tv_nsec=6319439026193432576}, {tv_sec=1622966579, 
> tv_nsec=17840053692309438464}], 0) = -1
> EINVAL (Invalid argument)
> 
> On latest Fedora, there's no issue:
> utimensat_time64(AT_FDCWD, 
> "../install2/usr/local/lib/cmake/assimp-4.1/assimp-config.cmake",
> [{tv_sec=1623002886, tv_nsec=6369724778172907520}, {tv_sec=1623002886, 
> tv_nsec=17839174083007217664}], 0) = 0
> 
> utimensat_time64 only appeared with 5.1 kernels, however, 4.18 should be 
> returning ENOSYS in that case
> probably?

I hacked up a quick test bit of code (which makes assumptions 
about 32 bit):

#include 
#include 
#include 
#include 
#include 
#include 

struct timespec64 {
long long   tv_sec; /* seconds */
long long   tv_nsec;/* nanoseconds */
};

int main() {
  int fd = open("foo", O_RDWR | O_CREAT, 0644);
  write(fd, "foo", 3);
  struct timespec64 times[2] = {};
  times[0].tv_sec = 1622966723;
  times[0].tv_nsec = 631943;
  times[1].tv_sec = 1622966579;
  times[1].tv_nsec = 178400;
  int rc = syscall(SYS_utimensat_time64, fd, NULL, [0], 0);
  printf("rc=%d\n", rc);
  close(fd);
  return rc;
}

built with "gcc -m32 test-syscall.c -o test" and run with "strace ./test".
This works on all the systems I tried it in. As does:


  times[0].tv_sec = 1;
  times[0].tv_nsec = 2;
  times[1].tv_sec = 3;
  times[1].tv_nsec = 4;

however if you set (and ignore the compiler warning):

  times[0].tv_sec = 1622966723;
  times[0].tv_nsec = 6319439026193432576;
  times[1].tv_sec = 1622966579;
  times[1].tv_nsec = 17840053692309438464;

then you see EINVAL on the centos system but not on my ubuntu one. It will
do that until you reduce the values of tv_nsec right now. So it seems most 
systems accept large tv_nsec values but the Centos one does not.

I think tv_nsec may be being clamped to LONG_MAX of 4 bytes but should be 
a LONG_LONG_MAX of 8 bytes on a 32 bit since the field is a 64 bit long.

Michael: Hopefully that gives you something to raise with them?

Cheers,

Richard






-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#153046): 
https://lists.openembedded.org/g/openembedded-core/message/153046
Mute This Topic: https://lists.openembedded.org/mt/83304703/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core][dunfell][PATCH] expat: fix CVE-2013-0340

[Jasper Orschulko]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

I just noticed (additionally to the fact that I messed up the path in
my patch), that the original do_configure_prepend task actually is not
necessary, as there is no ${S}/conftools/libtool.m4 in the 2.9.9
release (neither git, nor sourceforge). While removing a non-existing
file does no harm, I will provide a new patch tomorrow without this
task, for tidiness' sake. ;) 

- -- 
With best regards

Jasper Orschulko
DevOps Engineer

Tel. +49 30 58 58 14 265
Fax +49 30 58 58 14 999
jasper.orschu...@iris-sensing.com

• • • • • • • • • • • • • • • • • • • • • • • • • •

iris-GmbH
infrared & intelligent sensors
Ostendstraße 1-14 | 12459 Berlin

https://iris-sensing.com/




On Wed, 2021-06-16 at 20:20 +0200, Jasper Orschulko wrote:
> Revision of the the patch file. Please verify. :)
> 
-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEE4WyPMIC5Ap4+Ooo1Ygqew07VMNUFAmDKaXMACgkQYgqew07V
MNXfFQf8C5Lh2OG7tDsP6uQcLEV/J+ieCWN2ylKH5lARVzEPQB5TpVGfgcbdrqPr
66Ia3NS/gKDHtpKDigBOpYau4jFC71252Hpfap13/OiH53/+1es3hwXm5k4xtYYL
WU8iAG7wlKwrj8zSljeElOvOw0EiDLaX/dnhtNKboquKxAgJrQkGG2a3G4KlFQ50
W4xR0Jrx67/UkWJLic1h51vc1RGw7zeDbOwJ+xl+2uXDGCjRtQHmXChpBSInAMjP
r0uza47Oi/+XQGuVYAdYR12lp89Vl7EGAvoy6seKablkVSu7zBMxBi70GyrQdKFw
eM7ixMdqSS1MZ6zdI/64Aaq9XB1wgg==
=EY5+
-END PGP SIGNATURE-

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#153045): 
https://lists.openembedded.org/g/openembedded-core/message/153045
Mute This Topic: https://lists.openembedded.org/mt/83581993/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 2/6] linux-yocto/5.4: update to v5.4.124

[Bruce Ashfield]

From: Bruce Ashfield 

Updating linux-yocto/5.4 to the latest korg -stable release that comprises
the following commits:

70154d2f82a9 Linux 5.4.124
23c7e3235a3a usb: core: reduce power-on-good delay time of root hub
241abccc8a33 neighbour: Prevent Race condition in neighbour subsytem
3c36980ba681 net: hso: bail out on interrupt URB allocation failure
1bd48a2af84e Revert "Revert "ALSA: usx2y: Fix potential NULL pointer 
dereference""
866648d965f0 net: hns3: check the return of skb_checksum_help()
72cda5259f5e drivers/net/ethernet: clean up unused assignments
776fba1486be i915: fix build warning in intel_dp_get_link_status()
c561d83be40f drm/i915/display: fix compiler warning about array overrun
e3d5ff235ec5 MIPS: ralink: export rt_sysc_membase for rt2880_wdt.c
86a62df8f4d4 MIPS: alchemy: xxs1500: add gpio-au1000.h header file
2221f233cc9e sch_dsmark: fix a NULL deref in qdisc_reset()
a052751302b7 net: ethernet: mtk_eth_soc: Fix packet statistics support for 
MT7628/88
162b11831f77 ALSA: usb-audio: scarlett2: 
snd_scarlett_gen2_controls_create() can be static
3bfb58517d06 ipv6: record frag_max_size in atomic fragments in input path
8bb1077448d4 net: lantiq: fix memory corruption in RX ring
fda8f74d3975 scsi: libsas: Use _safe() loop in sas_resume_port()
cf20c704a26e ixgbe: fix large MTU request from VF
7a143b92d1dc bpf: Set mac_len in bpf_skb_change_head
272729d56b2d ASoC: cs35l33: fix an error code in probe()
3ee1d6e23108 staging: emxx_udc: fix loop in _nbu2ss_nuke()
0bf49b3c8d8b cxgb4: avoid accessing registers when clearing filters
68b5fc6ec52f gve: Correct SKB queue index validation.
4f4752e4d8db gve: Upgrade memory barrier in poll routine
821149ee88c2 gve: Add NULL pointer checks when freeing irqs.
6abd1d1983f2 gve: Update mgmt_msix_idx if num_ntfy changes
13c4d8986125 gve: Check TX QPL was actually assigned
37d697759958 mld: fix panic in mld_newpack()
b0fb74377891 bnxt_en: Include new P5 HV definition in VF check.
f7b5b4e26bf5 net: bnx2: Fix error return code in bnx2_init_board()
7a79654b9076 net: hso: check for allocation failure in 
hso_create_bulk_serial_device()
48da4c0577fe net: sched: fix tx action reschedule issue with stopped queue
515e7c595d84 net: sched: fix tx action rescheduling issue during 
deactivation
1c25c7621fb7 net: sched: fix packet stuck problem for lockless qdisc
a04790d104e2 tls splice: check SPLICE_F_NONBLOCK instead of MSG_DONTWAIT
5c01181700ab openvswitch: meter: fix race when getting now_ms.
5bfdc481d812 net: mdio: octeon: Fix some double free issues
2e0fba911ca7 net: mdio: thunder: Fix a double free issue in the .remove 
function
20255d41ac56 net: fec: fix the potential memory leak in fec_enet_init()
41f7f37ddefe net: really orphan skbs tied to closing sk
694f68527e75 vfio-ccw: Check initialized flag in cp_init()
d5e4479228b5 ASoC: cs42l42: Regmap must use_single_read/write
87803141fb3e net: dsa: fix error code getting shifted with 4 in 
dsa_slave_get_sset_count
4450f733dc3d net: netcp: Fix an error message
de2bf5de17be drm/amd/amdgpu: fix a potential deadlock in gpu reset
7398c2aab4da drm/amdgpu: Fix a use-after-free
dde2656e0bbb drm/amd/amdgpu: fix refcount leak
f6d92ebb3eaf drm/amd/display: Disconnect non-DP with no EDID
63c61d89660a SMB3: incorrect file id in requests compounded with open
07160b004a0b platform/x86: touchscreen_dmi: Add info for the Mediacom 
Winpad 7.0 W700 tablet
d1dcd53a45e1 platform/x86: intel_punit_ipc: Append MODULE_DEVICE_TABLE for 
ACPI
feb5d3618a18 platform/x86: hp-wireless: add AMD's hardware id to the 
supported list
0ed102453aa1 btrfs: do not BUG_ON in link_to_fixup_dir
a10371342903 openrisc: Define memory barrier mb
fed34fb07c4b scsi: BusLogic: Fix 64-bit system enumeration error for 
Buslogic
55575c08502f btrfs: return whole extents in fiemap
a3dea6dc1e14 brcmfmac: properly check for bus register errors
26fb7a61de4e Revert "brcmfmac: add a check for the status of usb_register"
d4bab5d15bf5 net: liquidio: Add missing null pointer checks
6ba750549671 Revert "net: liquidio: fix a NULL pointer dereference"
d771def6c305 media: gspca: properly check for errors in po1030_probe()
44b17737b7aa Revert "media: gspca: Check the return value of write_bridge 
for timeout"
f6068eadc1d2 media: gspca: mt9m111: Check write_bridge for timeout
f19375e9a8f2 Revert "media: gspca: mt9m111: Check write_bridge for timeout"
193c790eccfc media: dvb: Add check on sp8870_readreg return
2d5e27f0e031 Revert "media: dvb: Add check on sp8870_readreg"
5b3a68a1cf37 ASoC: cs43130: handle errors in cs43130_probe() properly
7e4ac4e151f1 Revert "ASoC: cs43130: fix a NULL pointer dereference"
3aa60a0335ea libertas: register sysfs groups properly
e0c75f951f81 Revert "libertas: add checks for the return 

[OE-core] [PATCH 6/6] linux-yocto/5.10: cgroup1: fix leaked context root causing sporadic NULL deref in LTP

[Bruce Ashfield]

From: Bruce Ashfield 

Integrating the following commit(s) to linux-yocto/5.10:

ab49d2db98bd cgroup1: fix leaked context root causing sporadic NULL deref 
in LTP

PaulG tracked down the AB intermittent issues and generated a kernel
patch.

See: 
https://lore.kernel.org/lkml/20210616125157.438837-1-paul.gortma...@windriver.com/

While we wait for it to loop through mainline, we'll integrate it into
our 5.10 branches.

Signed-off-by: Paul Gortmaker 
Signed-off-by: Bruce Ashfield 
---
 .../linux/linux-yocto-rt_5.10.bb  |  4 ++--
 .../linux/linux-yocto-tiny_5.10.bb|  6 ++---
 meta/recipes-kernel/linux/linux-yocto_5.10.bb | 22 +--
 3 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb 
b/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb
index d1ff473e3c..877e8d2946 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb
@@ -11,8 +11,8 @@ python () {
 raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to 
linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "f458a6a097da0e7c535361dd30037499a48699f7"
-SRCREV_meta ?= "7fab6536c164fd743f17c52bc56a65867e30903a"
+SRCREV_machine ?= "6186341e981ad4fd3941c7c9af509923bbe2a2a5"
+SRCREV_meta ?= "67dad5ca86bd47dbbaa2194b9854c228055dfd37"
 
 SRC_URI = 
"git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \

git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.10;destsuffix=${KMETA}"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb 
b/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb
index 19aa7ab7d5..b44deb6f32 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb
@@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native"
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine_qemuarm ?= "e2c5237e9be3f4c69e86d7b990347454e2b8dff2"
-SRCREV_machine ?= "a68fc0180ae168b5af017e9071e183e1a51e4569"
-SRCREV_meta ?= "7fab6536c164fd743f17c52bc56a65867e30903a"
+SRCREV_machine_qemuarm ?= "9c63dda7dd5834bf731747d6ae03ae13d48e20e3"
+SRCREV_machine ?= "ab49d2db98bdee2c8c6e17fb59ded9e5292b0f41"
+SRCREV_meta ?= "67dad5ca86bd47dbbaa2194b9854c228055dfd37"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.10.bb 
b/meta/recipes-kernel/linux/linux-yocto_5.10.bb
index 7205df2a61..f99782c1be 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.10.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.10.bb
@@ -13,17 +13,17 @@ KBRANCH_qemux86  ?= "v5.10/standard/base"
 KBRANCH_qemux86-64 ?= "v5.10/standard/base"
 KBRANCH_qemumips64 ?= "v5.10/standard/mti-malta64"
 
-SRCREV_machine_qemuarm ?= "592f67240407a1f071d1b90e0af74df07deac519"
-SRCREV_machine_qemuarm64 ?= "a68fc0180ae168b5af017e9071e183e1a51e4569"
-SRCREV_machine_qemumips ?= "0f474718e48ea5732875db2b71cf3f5dd3293e31"
-SRCREV_machine_qemuppc ?= "a68fc0180ae168b5af017e9071e183e1a51e4569"
-SRCREV_machine_qemuriscv64 ?= "a68fc0180ae168b5af017e9071e183e1a51e4569"
-SRCREV_machine_qemuriscv32 ?= "a68fc0180ae168b5af017e9071e183e1a51e4569"
-SRCREV_machine_qemux86 ?= "a68fc0180ae168b5af017e9071e183e1a51e4569"
-SRCREV_machine_qemux86-64 ?= "a68fc0180ae168b5af017e9071e183e1a51e4569"
-SRCREV_machine_qemumips64 ?= "a3c3c412a703def1f5c8f94f2c0fcc2cb908693a"
-SRCREV_machine ?= "a68fc0180ae168b5af017e9071e183e1a51e4569"
-SRCREV_meta ?= "7fab6536c164fd743f17c52bc56a65867e30903a"
+SRCREV_machine_qemuarm ?= "2fc3409cf8c2a6d684929576fd409949060a0bd9"
+SRCREV_machine_qemuarm64 ?= "ab49d2db98bdee2c8c6e17fb59ded9e5292b0f41"
+SRCREV_machine_qemumips ?= "5cec6d1ab35feb99f023b233871cafa29e3c3682"
+SRCREV_machine_qemuppc ?= "ab49d2db98bdee2c8c6e17fb59ded9e5292b0f41"
+SRCREV_machine_qemuriscv64 ?= "ab49d2db98bdee2c8c6e17fb59ded9e5292b0f41"
+SRCREV_machine_qemuriscv32 ?= "ab49d2db98bdee2c8c6e17fb59ded9e5292b0f41"
+SRCREV_machine_qemux86 ?= "ab49d2db98bdee2c8c6e17fb59ded9e5292b0f41"
+SRCREV_machine_qemux86-64 ?= "ab49d2db98bdee2c8c6e17fb59ded9e5292b0f41"
+SRCREV_machine_qemumips64 ?= "769a7118662a2256e20df60be9c9727f9c5878b0"
+SRCREV_machine ?= "ab49d2db98bdee2c8c6e17fb59ded9e5292b0f41"
+SRCREV_meta ?= "67dad5ca86bd47dbbaa2194b9854c228055dfd37"
 
 # remap qemuarm to qemuarma15 for the 5.8 kernel
 # KMACHINE_qemuarm ?= "qemuarma15"
-- 
2.19.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#153044): 
https://lists.openembedded.org/g/openembedded-core/message/153044
Mute This Topic: https://lists.openembedded.org/mt/83590336/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 5/6] linux-yocto/5.4: update to v5.4.125

[Bruce Ashfield]

From: Bruce Ashfield 

Updating linux-yocto/5.4 to the latest korg -stable release that comprises
the following commits:

3909e2374335 Linux 5.4.125
d99029e6aab6 neighbour: allow NUD_NOARP entries to be forced GCed
8e0bb29446d1 i2c: qcom-geni: Suspend and resume the bus during 
SYSTEM_SLEEP_PM ops
bdc17b2f8264 xen-pciback: redo VF placement in the virtual topology
defcc2b5e54a lib/lz4: explicitly support in-place decompression
97e814e6b5cd x86/kvm: Disable all PV features on crash
9084fe1b3572 x86/kvm: Disable kvmclock on all CPUs on shutdown
7620a669111b x86/kvm: Teardown PV features on boot CPU as well
f82030a586a1 KVM: arm64: Fix debug register indexing
2295e87a5e39 KVM: SVM: Truncate GPR value for DR and CR accesses in !64-bit 
mode
0450af01ae7e btrfs: fix unmountable seed device after fstrim
3b7f3cab1d47 mm/filemap: fix storing to a THP shadow entry
0a890e220954 XArray: add xas_split
03a390d8796d XArray: add xa_get_order
fd8e06a7a723 mm: add thp_order
f192885f7cee bnxt_en: Remove the setting of dev_port.
14fd3da3e8d3 mm, hugetlb: fix simple resv_huge_pages underflow on 
UFFDIO_COPY
6d4da27bd9ef btrfs: fixup error handling in fixup_inode_link_counts
dad974d2494a btrfs: return errors from btrfs_del_csums in cleanup_ref_head
0fd9149a82e3 btrfs: fix error handling in btrfs_del_csums
295859a55549 btrfs: mark ordered extent and inode with error if we fail to 
finish
12ca65539b04 x86/apic: Mark _all_ legacy interrupts when IO/APIC is missing
b0c0d8b5bf94 drm/amdgpu: make sure we unpin the UVD BO
24c06e5452c3 drm/amdgpu: Don't query CE and UE errors
5d4c4b06ed9f nfc: fix NULL ptr dereference in llcp_sock_getname() after 
failed connect
cc2edb99ea60 ocfs2: fix data corruption by fallocate
2cd6eedfa634 pid: take a reference when initializing `cad_pid`
fe4e0bd4c26c usb: dwc2: Fix build in periphal-only mode
920697b004e4 ext4: fix bug on in ext4_es_cache_extent as 
ext4_split_extent_at failed
52fc8f05c158 ARM: dts: imx6q-dhcom: Add PU,VDD1P1,VDD2P5 regulators
2cac47eed455 ARM: dts: imx6dl-yapp4: Fix RGMII connection to QCA8334 switch
d349ff008cb3 ALSA: hda: Fix for mute key LED for HP Pavilion 15-CK0xx
0afd601d8e0a ALSA: timer: Fix master timer notification
d65bc969ec8b HID: multitouch: require Finger field to mark Win8 reports as 
MT
368c5d45a87e HID: magicmouse: fix NULL-deref on disconnect
142d5ca797a9 HID: i2c-hid: Skip ELAN power-on command after reset
4d94f530cd24 net: caif: fix memory leak in cfusbl_device_notify
f52f4fd67264 net: caif: fix memory leak in caif_device_notify
c97cdb70b72d net: caif: add proper error handling
64824f626c0c net: caif: added cfserl_release function
b6f97555c71f Bluetooth: use correct lock to prevent UAF of hdev object
8d3d0ac73a4a Bluetooth: fix the erroneous flush_work() order
28efacc21d2a tipc: fix unique bearer names sanity check
9ac67fdf64e0 tipc: add extack messages for bearer/media failure
0fa160a75748 bus: ti-sysc: Fix flakey idling of uarts and stop using 
swsup_sidle_act
22ea29c39717 ARM: dts: imx: emcon-avari: Fix nxp,pca8574 #gpio-cells
5b97dd983255 ARM: dts: imx7d-pico: Fix the 'tuning-step' property
55fa22d1d8b2 ARM: dts: imx7d-meerkat96: Fix the 'tuning-step' property
3a559111bd10 arm64: dts: zii-ultra: fix 12V_MAIN voltage
f78c28a0dda1 arm64: dts: ls1028a: fix memory node
3616dd03bc43 i40e: add correct exception tracing for XDP
adfd6355fc8b i40e: optimize for XDP_REDIRECT in xsk path
06f667dba42e i2c: qcom-geni: Add shutdown callback for i2c
de37510ec67d ice: Allow all LLDP packets from PF to Tx
bafd0a7461f0 ice: Fix VFR issues for AVF drivers that expect ATQLEN cleared
3583ab29177c ice: write register with correct offset
7ba7fa78a92d ipv6: Fix KASAN: slab-out-of-bounds Read in 
fib6_nh_flush_exceptions
112533f50c7e ixgbevf: add correct exception tracing for XDP
b5cc02c6986f ieee802154: fix error return code in 
ieee802154_llsec_getparams()
4ca8aa37cb43 ieee802154: fix error return code in ieee802154_add_iface()
66f3ab065b70 netfilter: nfnetlink_cthelper: hit EBUSY on updates if size 
mismatches
da8d31e80ff4 netfilter: nft_ct: skip expectations for confirmed conntrack
14c0381e2639 ACPICA: Clean up context mutex during object deletion
8e8678936f0d net/sched: act_ct: Fix ct template allocation for zone 0
385e1861f31b HID: i2c-hid: fix format string mismatch
279e2136dd21 HID: pidff: fix error return code in hid_pidff_init()
c8a95cb0c02d ipvs: ignore IP_VS_SVC_F_HASHED flag when adding service
087b803a5b49 vfio/platform: fix module_put call in error flow
60dcad10e2c7 samples: vfio-mdev: fix error handing in mdpy_fb_probe()
870973918b2a vfio/pci: zap_vma_ptes() needs MMU
5da371c3fdfb vfio/pci: Fix error return code in vfio_ecap_init()
a4ed60297770 efi: cper: fix snprintf() use in 

[OE-core] [PATCH 4/6] linux-yocto/5.10: update to v5.10.43

[Bruce Ashfield]

From: Bruce Ashfield 

Updating linux-yocto/5.10 to the latest korg -stable release that comprises
the following commits:

951358a824f9 Linux 5.10.43
d17d47da59f7 neighbour: allow NUD_NOARP entries to be forced GCed
6b53db8c4c14 xen-netback: take a reference to the RX task thread
316de9a88c83 netfilter: nf_tables: missing error reporting for not selected 
expressions
eddf2d9f76b0 i2c: qcom-geni: Suspend and resume the bus during 
SYSTEM_SLEEP_PM ops
f20eef4d0686 lib/lz4: explicitly support in-place decompression
334c59d58de5 x86/kvm: Disable all PV features on crash
3b0becf8b1ec x86/kvm: Disable kvmclock on all CPUs on shutdown
38b858da1c58 x86/kvm: Teardown PV features on boot CPU as well
b327c9774759 KVM: arm64: Fix debug register indexing
b3ee3f50ab1b KVM: SVM: Truncate GPR value for DR and CR accesses in !64-bit 
mode
fe910d20e2d8 btrfs: fix unmountable seed device after fstrim
05e41f6f1c4e drm/msm/dpu: always use mdp device to scale bandwidth
2eb4ec9c2c35 mm, hugetlb: fix simple resv_huge_pages underflow on 
UFFDIO_COPY
baa6763123e2 btrfs: fix deadlock when cloning inline extents and low on 
available space
0df50d47d174 btrfs: abort in rename_exchange if we fail to insert the 
second ref
48568f3944ee btrfs: fixup error handling in fixup_inode_link_counts
466d83fdbbe3 btrfs: return errors from btrfs_del_csums in cleanup_ref_head
5a89982fa2bb btrfs: fix error handling in btrfs_del_csums
b547a16b2491 btrfs: mark ordered extent and inode with error if we fail to 
finish
5e5e63bacbe8 powerpc/kprobes: Fix validation of prefixed instructions 
across page boundary
42f75a4381a4 x86/apic: Mark _all_ legacy interrupts when IO/APIC is missing
3a6b69221f96 drm/amdgpu: make sure we unpin the UVD BO
58da0b509e4b drm/amdgpu: Don't query CE and UE errors
48ee0db61c82 nfc: fix NULL ptr dereference in llcp_sock_getname() after 
failed connect
445477e9274e x86/sev: Check SME/SEV support in CPUID first
942c5864de85 x86/cpufeatures: Force disable X86_FEATURE_ENQCMD and remove 
update_pasid()
68dcd32b326a mm/page_alloc: fix counting of free pages after take off from 
buddy
5f2e1e818e9f mm/debug_vm_pgtable: fix alignment for pmd/pud_advanced_tests()
c8d5faee4624 ocfs2: fix data corruption by fallocate
7178be006d49 pid: take a reference when initializing `cad_pid`
a4ed12f5edc4 usb: dwc2: Fix build in periphal-only mode
3b713aafa7c9 ext4: fix accessing uninit percpu counter variable with 
fast_commit
2050c6e5b161 ext4: fix memory leak in ext4_mb_init_backend on error path.
fb86acc62369 ext4: fix fast commit alignment issues
d3b668b96ad3 ext4: fix bug on in ext4_es_cache_extent as 
ext4_split_extent_at failed
01d349a481f0 ext4: fix memory leak in ext4_fill_super
b2057d138f1b ARM: dts: imx6q-dhcom: Add PU,VDD1P1,VDD2P5 regulators
623603e255aa ARM: dts: imx6dl-yapp4: Fix RGMII connection to QCA8334 switch
846848c0520f ALSA: hda: update the power_state during the direct-complete
cfbb57fcb180 ALSA: hda: Fix for mute key LED for HP Pavilion 15-CK0xx
029c06103e0a ALSA: timer: Fix master timer notification
d11e5b96efde gfs2: fix scheduling while atomic bug in glocks
127f25be2ff0 HID: multitouch: require Finger field to mark Win8 reports as 
MT
b5d013c4c76b HID: magicmouse: fix NULL-deref on disconnect
a5e554f78981 HID: i2c-hid: Skip ELAN power-on command after reset
46403c1f80b0 net: caif: fix memory leak in cfusbl_device_notify
af2806345a37 net: caif: fix memory leak in caif_device_notify
d6db727457dd net: caif: add proper error handling
dac53568c6ac net: caif: added cfserl_release function
df3b45f6d1ce wireguard: allowedips: free empty intermediate nodes when 
removing single node
c5155c741a48 wireguard: allowedips: allocate nodes in kmem_cache
70a9a71ab3e5 wireguard: allowedips: remove nodes in O(1)
42a667715b1e wireguard: allowedips: initialize list head in selftest
842c21d6a042 wireguard: selftests: make sure rp_filter is disabled on vethc
b8d72ac1f210 wireguard: selftests: remove old conntrack kconfig value
f74da2c2546c wireguard: use synchronize_net rather than synchronize_rcu
d4275889ac9c wireguard: peer: allocate in kmem_cache
d64fdbaec09b wireguard: do not use -O3
74caf718cc74 Bluetooth: use correct lock to prevent UAF of hdev object
3795007c8dfc Bluetooth: fix the erroneous flush_work() order
7fa8ee00b5fa drm/amdgpu/jpeg3: add cancel_delayed_work_sync before power 
gate
c12946548001 drm/amdgpu/jpeg2.5: add cancel_delayed_work_sync before power 
gate
58f4d45d8d4d drm/amdgpu/vcn3: add cancel_delayed_work_sync before power gate
ec72cb50c1db io_uring: use better types for cflags
0b2a990e5d2f io_uring: fix link timeout refs
3c23e23c7ad9 riscv: vdso: fix and clean-up Makefile
282c9eeda6c2 serial: stm32: fix threaded interrupt handling
fdf1e5eec3ed tipc: fix 

[OE-core] [PATCH 0/6] kernel-yocto: consolidated pull request

[Bruce Ashfield]

From: Bruce Ashfield 

Richard,

Here's my queued set of update to linux -yocto. These are -stable, and of
course the AB INT fix provided by paulg.

The other change is one to the -dev kernel that allows the single AUTOREV
recipe to continue to work in older releases as we march through newer
kernels in master. Some users ran into this problem recently, and have
tested/confirmed the fix. There's no change to anyone but a linux-yocto-dev
kernel consumer.

Cheers,

Bruce

The following changes since commit 682ddc5f2a2493e5c7760c0745dacd24fe975479:

  releases: put release number after "Release Series" (2021-06-14 22:45:33 
+0100)

are available in the Git repository at:

  git://git.yoctoproject.org/poky-contrib zedd/kernel
  http://git.yoctoproject.org/cgit.cgi/poky-contrib/log/?h=zedd/kernel

Bruce Ashfield (6):
  linux-yocto-dev: base AUTOREV on specified version
  linux-yocto/5.4: update to v5.4.124
  linux-yocto/5.10: restore aufs
  linux-yocto/5.10: update to v5.10.43
  linux-yocto/5.4: update to v5.4.125
  linux-yocto/5.10: cgroup1: fix leaked context root causing sporadic
NULL deref in LTP

 meta/classes/kernel-yocto.bbclass | 24 +++
 .../linux/linux-yocto-rt_5.10.bb  |  6 ++---
 .../linux/linux-yocto-rt_5.4.bb   |  6 ++---
 .../linux/linux-yocto-tiny_5.10.bb|  8 +++
 .../linux/linux-yocto-tiny_5.4.bb |  8 +++
 meta/recipes-kernel/linux/linux-yocto_5.10.bb | 24 +--
 meta/recipes-kernel/linux/linux-yocto_5.4.bb  | 22 -
 7 files changed, 61 insertions(+), 37 deletions(-)

-- 
2.19.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#153038): 
https://lists.openembedded.org/g/openembedded-core/message/153038
Mute This Topic: https://lists.openembedded.org/mt/83590327/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 3/6] linux-yocto/5.10: restore aufs

[Bruce Ashfield]

From: Bruce Ashfield 

Integrating the following commit(s) to linux-yocto/5.10:

bdda1b6cf99b aufs5: aufs-core
2fa276071d07 aufs5: aufs-standalone
06ed4d532456 aufs5: aufs-mmap
372857834999 aufs5: aufs-kbuild
fd68c9840693 aufs5: aufs-base

Signed-off-by: Bruce Ashfield 
---
 .../linux/linux-yocto-rt_5.10.bb  |  2 +-
 .../linux/linux-yocto-tiny_5.10.bb|  4 ++--
 meta/recipes-kernel/linux/linux-yocto_5.10.bb | 20 +--
 3 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb 
b/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb
index c34ce4d0f2..1a581455c6 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb
@@ -11,7 +11,7 @@ python () {
 raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to 
linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "556236b4fc94b6655e3bd3018f17c3265e033f9e"
+SRCREV_machine ?= "49f039aa59a182fb1451407616a6fcc1ec278537"
 SRCREV_meta ?= "422f8a09a856800f027bbae98dbab24cf3ae0f25"
 
 SRC_URI = 
"git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb 
b/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb
index 774461a2c1..53050dd225 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb
@@ -15,8 +15,8 @@ DEPENDS += "openssl-native util-linux-native"
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine_qemuarm ?= "2940c362208b0f18baa6e2f455bd1c88b7c2eeca"
-SRCREV_machine ?= "a673c127156c156a4a490ef66e0194d239cfbfa1"
+SRCREV_machine_qemuarm ?= "03d62322242437d30f537fa01024730ddcaa4cde"
+SRCREV_machine ?= "bdda1b6cf99b44871409d218426a28102a5c554b"
 SRCREV_meta ?= "422f8a09a856800f027bbae98dbab24cf3ae0f25"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.10.bb 
b/meta/recipes-kernel/linux/linux-yocto_5.10.bb
index b808a8ad3f..c18a79f912 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.10.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.10.bb
@@ -13,16 +13,16 @@ KBRANCH_qemux86  ?= "v5.10/standard/base"
 KBRANCH_qemux86-64 ?= "v5.10/standard/base"
 KBRANCH_qemumips64 ?= "v5.10/standard/mti-malta64"
 
-SRCREV_machine_qemuarm ?= "af93f3c5ef33dfb378d78b455f7193602ae732a7"
-SRCREV_machine_qemuarm64 ?= "a673c127156c156a4a490ef66e0194d239cfbfa1"
-SRCREV_machine_qemumips ?= "158d19e8753b47a10cf28b27d8b9fe9d0a583c9e"
-SRCREV_machine_qemuppc ?= "a673c127156c156a4a490ef66e0194d239cfbfa1"
-SRCREV_machine_qemuriscv64 ?= "a673c127156c156a4a490ef66e0194d239cfbfa1"
-SRCREV_machine_qemuriscv32 ?= "a673c127156c156a4a490ef66e0194d239cfbfa1"
-SRCREV_machine_qemux86 ?= "a673c127156c156a4a490ef66e0194d239cfbfa1"
-SRCREV_machine_qemux86-64 ?= "a673c127156c156a4a490ef66e0194d239cfbfa1"
-SRCREV_machine_qemumips64 ?= "462641551c0563b755781845b5a315da205e6356"
-SRCREV_machine ?= "a673c127156c156a4a490ef66e0194d239cfbfa1"
+SRCREV_machine_qemuarm ?= "e62fcf364564354b6950338e09599c8c0ae9027d"
+SRCREV_machine_qemuarm64 ?= "bdda1b6cf99b44871409d218426a28102a5c554b"
+SRCREV_machine_qemumips ?= "3560351f3dc225aabbdd2aa44cd3d4e0f6971020"
+SRCREV_machine_qemuppc ?= "bdda1b6cf99b44871409d218426a28102a5c554b"
+SRCREV_machine_qemuriscv64 ?= "bdda1b6cf99b44871409d218426a28102a5c554b"
+SRCREV_machine_qemuriscv32 ?= "bdda1b6cf99b44871409d218426a28102a5c554b"
+SRCREV_machine_qemux86 ?= "bdda1b6cf99b44871409d218426a28102a5c554b"
+SRCREV_machine_qemux86-64 ?= "bdda1b6cf99b44871409d218426a28102a5c554b"
+SRCREV_machine_qemumips64 ?= "1bfe413ad99b88b366ff1451b69e0fc4b84188ea"
+SRCREV_machine ?= "bdda1b6cf99b44871409d218426a28102a5c554b"
 SRCREV_meta ?= "422f8a09a856800f027bbae98dbab24cf3ae0f25"
 
 # remap qemuarm to qemuarma15 for the 5.8 kernel
-- 
2.19.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#153041): 
https://lists.openembedded.org/g/openembedded-core/message/153041
Mute This Topic: https://lists.openembedded.org/mt/83590332/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 1/6] linux-yocto-dev: base AUTOREV on specified version

[Bruce Ashfield]

From: Bruce Ashfield 

linux-yocto-dev tracks the latest mainline kernel, and uses
standard/* for that support.

Archived -dev versions are under v/standard/base.

This policy works, except that a released branch will still follow
the new kernel versions, causing potential breakage with newer
kernels than are supported in that release.

Rather than lock the SRCREVs and update branches in old releases,
we can preserve the AUTOREV nature of -dev, and allow them to
switch automatically to the archived branch based on the LINUX_VERSION
in the -dev recipe (which is unchanged in the release branch).

This is consistent with the other branch switching done for the
kernels and with the -dev workflow.

Signed-off-by: Bruce Ashfield 
---
 meta/classes/kernel-yocto.bbclass | 24 
 1 file changed, 24 insertions(+)

diff --git a/meta/classes/kernel-yocto.bbclass 
b/meta/classes/kernel-yocto.bbclass
index ba139dd7f8..0df61cdef0 100644
--- a/meta/classes/kernel-yocto.bbclass
+++ b/meta/classes/kernel-yocto.bbclass
@@ -631,7 +631,31 @@ do_validate_branches() {
# if SRCREV is AUTOREV it shows up as AUTOINC there's nothing to
# check and we can exit early
if [ "${machine_srcrev}" = "AUTOINC" ]; then
+   
linux_yocto_dev='${@oe.utils.conditional("PREFERRED_PROVIDER_virtual/kernel", 
"linux-yocto-dev", "1", "", d)}'
+   if [ -n "$linux_yocto_dev" ]; then
+   git checkout -q -f ${machine_branch}
+   ver=$(grep "^VERSION =" ${S}/Makefile | sed s/.*=\ *//)
+   patchlevel=$(grep "^PATCHLEVEL =" ${S}/Makefile | sed s/.*=\ 
*//)
+   sublevel=$(grep "^SUBLEVEL =" ${S}/Makefile | sed s/.*=\ *//)
+   kver="$ver.$patchlevel"
+   bbnote "dev kernel: performing version -> branch -> SRCREV 
validation"
+   bbnote "dev kernel: recipe version ${LINUX_VERSION}, src 
version: $kver"
+   echo "${LINUX_VERSION}" | grep -q $kver
+   if [ $? -ne 0 ]; then
+   version="$(echo ${LINUX_VERSION} | sed 's/\+.*$//g')"
+   versioned_branch="v$version/$machine_branch"
+
+   machine_branch=$versioned_branch
+   force_srcrev="$(git rev-parse $machine_branch 2> /dev/null)"
+   if [ $? -ne 0 ]; then
+   bbfatal "kernel version mismatch detected, and no valid 
branch $machine_branch detected"
+   fi
+
+   bbnote "dev kernel: adjusting branch to $machine_branch, 
srcrev to: $force_srcrev"
+   fi
+   else
bbnote "SRCREV validation is not required for AUTOREV"
+   fi
elif [ "${machine_srcrev}" = "" ]; then
if [ "${SRCREV}" != "AUTOINC" ] && [ "${SRCREV}" != "INVALID" 
]; then
   # SRCREV_machine_ was not set. This means that 
a custom recipe
-- 
2.19.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#153039): 
https://lists.openembedded.org/g/openembedded-core/message/153039
Mute This Topic: https://lists.openembedded.org/mt/83590328/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH] populate_sdk_ext: copy BBMULTICONFIG files

[Joshua Watt]

On 6/16/21 3:27 PM, Justin Bronder wrote:

As the generated local.conf includes BBMULTICONFIG, the referenced files
in conf/multiconfig also need to be copied.  Otherwise with
BBMULTICONFIG="abc" for instance, building the esdk fails with:

ERROR: ParseError at 
tmp/build-glibc/work/qemux86_64-oe-linux/core-image-ssh/1.0-r0/sdk-ext/image/tmp-renamed-sdk/layers/openembedded-core/meta/conf/bitbake.conf:767:
 Could not include required file conf/multiconfig/abc.conf

Signed-off-by: Justin Bronder 
---
  meta/classes/populate_sdk_ext.bbclass | 12 +++-
  1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/meta/classes/populate_sdk_ext.bbclass 
b/meta/classes/populate_sdk_ext.bbclass
index fe840d9cfb..71f601fa9b 100644
--- a/meta/classes/populate_sdk_ext.bbclass
+++ b/meta/classes/populate_sdk_ext.bbclass
@@ -397,6 +397,13 @@ python copy_buildsystem () {
  f.write('require conf/locked-sigs.inc\n')
  f.write('require conf/unlocked-sigs.inc\n')
  
+# Copy multiple configurations if they exist

+if d.getVar('BBMULTICONFIG') is not None:
+bb.utils.mkdirhier(os.path.join(baseoutpath, 'conf', 'multiconfig'))
+for mc in d.getVar('BBMULTICONFIG').split():
+dest_stub = "/conf/multiconfig/%s.conf" % (mc,)
+shutil.copyfile(builddir + dest_stub, baseoutpath + dest_stub)
multiconfig files can live in layers also, so they may not be in the the 
users conf/multiconfig directory. I'm not sure if you need to copy them 
for the esdk to work, but at a minimum if you don't find a multiconfig 
in the users conf directory it shouldn't be an error

+
  if os.path.exists(builddir + '/cache/bb_unihashes.dat'):
  bb.parse.siggen.save_unitaskhashes()
  bb.utils.mkdirhier(os.path.join(baseoutpath, 'cache'))
@@ -556,6 +563,9 @@ python copy_buildsystem () {
  # sdk_ext_postinst() below) thus the checksum we take here would always
  # be different.
  manifest_file_list = ['conf/*']
+if d.getVar('BBMULTICONFIG') is not None:
+manifest_file_list.append('conf/multiconfig/*')
+
  esdk_manifest_excludes = (d.getVar('ESDK_MANIFEST_EXCLUDES') or 
'').split()
  esdk_manifest_excludes_list = []
  for exclude_item in esdk_manifest_excludes:
@@ -564,7 +574,7 @@ python copy_buildsystem () {
  with open(manifest_file, 'w') as f:
  for item in manifest_file_list:
  for fn in glob.glob(os.path.join(baseoutpath, item)):
-if fn == manifest_file:
+if fn == manifest_file or os.path.isdir(fn):
  continue
  if fn in esdk_manifest_excludes_list:
  continue




-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#153037): 
https://lists.openembedded.org/g/openembedded-core/message/153037
Mute This Topic: https://lists.openembedded.org/mt/83589859/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] populate_sdk_ext: copy BBMULTICONFIG files

[Justin Bronder]

As the generated local.conf includes BBMULTICONFIG, the referenced files
in conf/multiconfig also need to be copied.  Otherwise with
BBMULTICONFIG="abc" for instance, building the esdk fails with:

ERROR: ParseError at 
tmp/build-glibc/work/qemux86_64-oe-linux/core-image-ssh/1.0-r0/sdk-ext/image/tmp-renamed-sdk/layers/openembedded-core/meta/conf/bitbake.conf:767:
 Could not include required file conf/multiconfig/abc.conf

Signed-off-by: Justin Bronder 
---
 meta/classes/populate_sdk_ext.bbclass | 12 +++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/meta/classes/populate_sdk_ext.bbclass 
b/meta/classes/populate_sdk_ext.bbclass
index fe840d9cfb..71f601fa9b 100644
--- a/meta/classes/populate_sdk_ext.bbclass
+++ b/meta/classes/populate_sdk_ext.bbclass
@@ -397,6 +397,13 @@ python copy_buildsystem () {
 f.write('require conf/locked-sigs.inc\n')
 f.write('require conf/unlocked-sigs.inc\n')
 
+# Copy multiple configurations if they exist
+if d.getVar('BBMULTICONFIG') is not None:
+bb.utils.mkdirhier(os.path.join(baseoutpath, 'conf', 'multiconfig'))
+for mc in d.getVar('BBMULTICONFIG').split():
+dest_stub = "/conf/multiconfig/%s.conf" % (mc,)
+shutil.copyfile(builddir + dest_stub, baseoutpath + dest_stub)
+
 if os.path.exists(builddir + '/cache/bb_unihashes.dat'):
 bb.parse.siggen.save_unitaskhashes()
 bb.utils.mkdirhier(os.path.join(baseoutpath, 'cache'))
@@ -556,6 +563,9 @@ python copy_buildsystem () {
 # sdk_ext_postinst() below) thus the checksum we take here would always
 # be different.
 manifest_file_list = ['conf/*']
+if d.getVar('BBMULTICONFIG') is not None:
+manifest_file_list.append('conf/multiconfig/*')
+
 esdk_manifest_excludes = (d.getVar('ESDK_MANIFEST_EXCLUDES') or '').split()
 esdk_manifest_excludes_list = []
 for exclude_item in esdk_manifest_excludes:
@@ -564,7 +574,7 @@ python copy_buildsystem () {
 with open(manifest_file, 'w') as f:
 for item in manifest_file_list:
 for fn in glob.glob(os.path.join(baseoutpath, item)):
-if fn == manifest_file:
+if fn == manifest_file or os.path.isdir(fn):
 continue
 if fn in esdk_manifest_excludes_list:
 continue
-- 
2.31.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#153036): 
https://lists.openembedded.org/g/openembedded-core/message/153036
Mute This Topic: https://lists.openembedded.org/mt/83589859/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH] Use the built-in options for removing pack tools

[Khem Raj]

On 6/16/21 11:19 AM, e...@tanous.net wrote:

From: Ed Tanous 

For distros that want to use the ENABLE_LIB_ONLY option, the rm call
will fail, because ENABLE_HPACK_TOOLS (set implicitly as part of
ENABLE_LIB_ONLY) removes those two binaries from the build, so they then
can't be removed again.  This commit sets ENABLE_HPACK_TOOLS=OFF, which not
only allows for the option to be overridden in other meta layers, also
allows a simplified use of ENABLE_LIB_ONLY in meta layers that don't
want to ship the binaries.

Signed-off-by: Ed Tanous 
---
  meta-networking/recipes-support/nghttp2/nghttp2_1.43.0.bb | 6 +-
  1 file changed, 1 insertion(+), 5 deletions(-)


Thanks for this patch, this is wrong list for meta-openembedded patches, 
please send meta-openembedded patches to 
openembedded-de...@lists.openembedded.org ml




diff --git a/meta-networking/recipes-support/nghttp2/nghttp2_1.43.0.bb 
b/meta-networking/recipes-support/nghttp2/nghttp2_1.43.0.bb
index 959cccf35..08b855262 100644
--- a/meta-networking/recipes-support/nghttp2/nghttp2_1.43.0.bb
+++ b/meta-networking/recipes-support/nghttp2/nghttp2_1.43.0.bb
@@ -18,11 +18,7 @@ PACKAGECONFIG[manpages] = ""
  
  # examples are never installed, and don't need to be built in the

  # first place
-EXTRA_OECMAKE = "-DENABLE_EXAMPLES=OFF -DENABLE_APP=ON"
-
-do_install_append() {
-   rm ${D}${bindir}/deflatehd ${D}${bindir}/inflatehd
-}
+EXTRA_OECMAKE = "-DENABLE_EXAMPLES=OFF -DENABLE_APP=ON 
-DENABLE_HPACK_TOOLS=OFF"
  
  PACKAGES =+ "lib${PN} ${PN}-client ${PN}-proxy ${PN}-server"
  







-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#153035): 
https://lists.openembedded.org/g/openembedded-core/message/153035
Mute This Topic: https://lists.openembedded.org/mt/83587116/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 2/2] gcompat: Create symlinks to glibc ldso locations

[Khem Raj]

This ensures the glibc based binaries can find it in right place

Signed-off-by: Khem Raj 
---
 meta/recipes-core/musl/gcompat_git.bb | 14 --
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-core/musl/gcompat_git.bb 
b/meta/recipes-core/musl/gcompat_git.bb
index e1ae052c44..863ba8dbf0 100644
--- a/meta/recipes-core/musl/gcompat_git.bb
+++ b/meta/recipes-core/musl/gcompat_git.bb
@@ -14,14 +14,16 @@ SRCREV = "af5a49e489fdc04b9cf02547650d7aeaccd43793"
 
 S = "${WORKDIR}/git"
 
-inherit pkgconfig linuxloader
+inherit pkgconfig linuxloader siteinfo
 
 DEPENDS += "musl-obstack"
 
 GLIBC_LDSO = "${@get_glibc_loader(d)}"
 MUSL_LDSO = "${@get_musl_loader(d)}"
 
-EXTRA_OEMAKE = "LINKER_PATH=${MUSL_LDSO} LOADER_NAME=`basename 
${@get_glibc_loader(d)}`"
+EXTRA_OEMAKE = "LINKER_PATH=${MUSL_LDSO} \
+LOADER_NAME=`basename ${GLIBC_LDSO}` \
+"
 
 do_configure () {
:
@@ -33,8 +35,16 @@ do_compile () {
 
 do_install () {
oe_runmake install 'DESTDIR=${D}'
+   if [ "${SITEINFO_BITS}" = "64" ]; then
+   install -d ${D}/lib64
+   lnr ${D}${GLIBC_LDSO} ${D}/lib64/`basename ${GLIBC_LDSO}`
+   fi
 }
 
+FILES_${PN} += "/lib64"
+
+INSANE_SKIP_${PN} = "libdir"
+
 RPROVIDES_${PN} += "musl-glibc-compat"
 #
 # We will skip parsing for non-musl systems
-- 
2.32.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#153034): 
https://lists.openembedded.org/g/openembedded-core/message/153034
Mute This Topic: https://lists.openembedded.org/mt/83588770/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 1/2] linuxloader.bbclass: Add entry for ppc64 LE glibc loader

[Khem Raj]

Signed-off-by: Khem Raj 
---
 meta/classes/linuxloader.bbclass | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/classes/linuxloader.bbclass b/meta/classes/linuxloader.bbclass
index 1b64be6405..4447c8847c 100644
--- a/meta/classes/linuxloader.bbclass
+++ b/meta/classes/linuxloader.bbclass
@@ -40,6 +40,8 @@ def get_glibc_loader(d):
 dynamic_loader = "${base_libdir}/ld-linux-mipsn8.so.1"
 elif targetarch.startswith("mips"):
 dynamic_loader = "${base_libdir}/ld.so.1"
+elif targetarch == "powerpc64le":
+dynamic_loader = "${base_libdir}/ld64.so.2"
 elif targetarch == "powerpc64":
 dynamic_loader = "${base_libdir}/ld64.so.1"
 elif targetarch == "x86_64":
-- 
2.32.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#153033): 
https://lists.openembedded.org/g/openembedded-core/message/153033
Mute This Topic: https://lists.openembedded.org/mt/83542787/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core][dunfell][PATCH] expat: fix CVE-2013-0340

[Jasper Orschulko]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Revision of the the patch file. Please verify. :)

- -- 
With best regards

Jasper Orschulko
DevOps Engineer

Tel. +49 30 58 58 14 265
Fax +49 30 58 58 14 999
jasper.orschu...@iris-sensing.com

• • • • • • • • • • • • • • • • • • • • • • • • • •

iris-GmbH
infrared & intelligent sensors
Ostendstraße 1-14 | 12459 Berlin

https://iris-sensing.com/




On Wed, 2021-06-16 at 18:19 +, Jasper Orschulko wrote:
> expat < 4.0 is vulnerable to billion laughs attacks (see
> [https://github.com/libexpat/libexpat/issues/34]). This patch
> backports
> the commits b1d039607d3d8a042bf0466bfcc1c0f104e353c8
> and 60959f2b491876199879d97c8ed956eabb0c2e73 from upstream.
> 
> Additionally, the SRC_URI had to be adjusted due to renaming of the
> source archive
> 
> Signed-off-by: Jasper Orschulko 
> ---
>  .../expat/expat/CVE-2013-0340.patch   | 1758
> +
>  .../expat/expat/libtool-tag.patch |   41 +-
>  meta/recipes-core/expat/expat_2.2.9.bb    |   10 +-
>  3 files changed, 1783 insertions(+), 26 deletions(-)
>  create mode 100644 meta/recipes-core/expat/expat/CVE-2013-0340.patch
> 
> diff --git a/meta/recipes-core/expat/expat/CVE-2013-0340.patch
> b/meta/recipes-core/expat/expat/CVE-2013-0340.patch
> new file mode 100644
> index 00..5ef749719d
> --- /dev/null
> +++ b/meta/recipes-core/expat/expat/CVE-2013-0340.patch
> @@ -0,0 +1,1758 @@
> +From a644ccf25392523b1329872310e24d0fc5f40629 Mon Sep 17 00:00:00
> 2001
> +From: Sebastian Pipping 
> +Date: Mon, 19 Apr 2021 21:42:51 +0200
> +Subject: [PATCH] expat: Backport fix for CVE-2013-0340
> +
> +Issue: https://github.com/libexpat/libexpat/issues/34
> +
> +This patch cherry-picks the following commits from upstream release
> +2.4.0 onto 2.2.9:
> +
> +- b1d039607d3d8a042bf0466bfcc1c0f104e353c8
> +- 60959f2b491876199879d97c8ed956eabb0c2e73
> +
> +Upstream-Status: Backport
> +CVE: CVE-2013-0340
> +Signed-off-by: Jasper Orschulko 
> +---
> + lib/expat.h   |   21 +-
> + lib/internal.h    |   30 +
> + lib/libexpat.def  |    3 +
> + lib/libexpatw.def |    3 +
> + lib/xmlparse.c    | 1147 +--
> + 5 files changed, 1143 insertions(+), 61 deletions(-)
> +
> +diff --git a/lib/expat.h b/lib/expat.h
> +index 48a6e2a3..0fb70d9d 100644
> +--- a/lib/expat.h
>  b/lib/expat.h
> +@@ -115,7 +115,9 @@ enum XML_Error {
> +   XML_ERROR_RESERVED_PREFIX_XMLNS,
> +   XML_ERROR_RESERVED_NAMESPACE_URI,
> +   /* Added in 2.2.1. */
> +-  XML_ERROR_INVALID_ARGUMENT
> ++  XML_ERROR_INVALID_ARGUMENT,
> ++  /* Added in 2.4.0. */
> ++  XML_ERROR_AMPLIFICATION_LIMIT_BREACH
> + };
> + 
> + enum XML_Content_Type {
> +@@ -997,7 +999,10 @@ enum XML_FeatureEnum {
> +   XML_FEATURE_SIZEOF_XML_LCHAR,
> +   XML_FEATURE_NS,
> +   XML_FEATURE_LARGE_SIZE,
> +-  XML_FEATURE_ATTR_INFO
> ++  XML_FEATURE_ATTR_INFO,
> ++  /* Added in Expat 2.4.0. */
> ++ 
> XML_FEATURE_BILLION_LAUGHS_ATTACK_PROTECTION_MAXIMUM_AMPLIFICATION_DE
> FA
> ULT,
> ++ 
> XML_FEATURE_BILLION_LAUGHS_ATTACK_PROTECTION_ACTIVATION_THRESHOLD_DEF
> AU
> LT
> +   /* Additional features must be added to the end of this enum. */
> + };
> + 
> +@@ -1010,6 +1015,18 @@ typedef struct {
> + XMLPARSEAPI(const XML_Feature *)
> + XML_GetFeatureList(void);
> + 
> ++#ifdef XML_DTD
> ++/* Added in Expat 2.4.0. */
> ++XMLPARSEAPI(XML_Bool)
> ++XML_SetBillionLaughsAttackProtectionMaximumAmplification(
> ++    XML_Parser parser, float maximumAmplificationFactor);
> ++
> ++/* Added in Expat 2.4.0. */
> ++XMLPARSEAPI(XML_Bool)
> ++XML_SetBillionLaughsAttackProtectionActivationThreshold(
> ++    XML_Parser parser, unsigned long long
> activationThresholdBytes);
> ++#endif
> ++
> + /* Expat follows the semantic versioning convention.
> +    See http://semver.org.
> + */
> +diff --git a/lib/internal.h b/lib/internal.h
> +index 60913dab..d8b31fa2 100644
> +--- a/lib/internal.h
>  b/lib/internal.h
> +@@ -101,10 +101,40 @@
> + #  endif
> + #endif
> + 
> ++#include  // ULONG_MAX
> ++
> ++#if defined(_WIN32) && ! defined(__USE_MINGW_ANSI_STDIO)
> ++#  define EXPAT_FMT_ULL(midpart) "%" midpart "I64u"
> ++#  if defined(_WIN64) // Note: modifier "td" does not work for
> MinGW
> ++#    define EXPAT_FMT_PTRDIFF_T(midpart) "%" midpart "I64d"
> ++#  else
> ++#    define EXPAT_FMT_PTRDIFF_T(midpart) "%" midpart "d"
> ++#  endif
> ++#else
> ++#  define EXPAT_FMT_ULL(midpart) "%" midpart "llu"
> ++#  if ! defined(ULONG_MAX)
> ++#    error Compiler did not define ULONG_MAX for us
> ++#  elif ULONG_MAX == 18446744073709551615u // 2^64-1
> ++#    define EXPAT_FMT_PTRDIFF_T(midpart) "%" midpart "ld"
> ++#  else
> ++#    define EXPAT_FMT_PTRDIFF_T(midpart) "%" midpart "d"
> ++#  endif
> ++#endif
> ++
> + #ifndef UNUSED_P
> + #  define UNUSED_P(p) (void)p
> + #endif
> + 
> ++/* NOTE BEGIN If you ever patch these defaults to greater values
> ++  for non-attack XML payload in your environment,
> ++  please file a bug report with 

[OE-core] [PATCH] Use the built-in options for removing pack tools

[ed]

From: Ed Tanous 

For distros that want to use the ENABLE_LIB_ONLY option, the rm call
will fail, because ENABLE_HPACK_TOOLS (set implicitly as part of
ENABLE_LIB_ONLY) removes those two binaries from the build, so they then
can't be removed again.  This commit sets ENABLE_HPACK_TOOLS=OFF, which not
only allows for the option to be overridden in other meta layers, also
allows a simplified use of ENABLE_LIB_ONLY in meta layers that don't
want to ship the binaries.

Signed-off-by: Ed Tanous 
---
 meta-networking/recipes-support/nghttp2/nghttp2_1.43.0.bb | 6 +-
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/meta-networking/recipes-support/nghttp2/nghttp2_1.43.0.bb 
b/meta-networking/recipes-support/nghttp2/nghttp2_1.43.0.bb
index 959cccf35..08b855262 100644
--- a/meta-networking/recipes-support/nghttp2/nghttp2_1.43.0.bb
+++ b/meta-networking/recipes-support/nghttp2/nghttp2_1.43.0.bb
@@ -18,11 +18,7 @@ PACKAGECONFIG[manpages] = ""
 
 # examples are never installed, and don't need to be built in the
 # first place
-EXTRA_OECMAKE = "-DENABLE_EXAMPLES=OFF -DENABLE_APP=ON"
-
-do_install_append() {
-   rm ${D}${bindir}/deflatehd ${D}${bindir}/inflatehd
-}
+EXTRA_OECMAKE = "-DENABLE_EXAMPLES=OFF -DENABLE_APP=ON 
-DENABLE_HPACK_TOOLS=OFF"
 
 PACKAGES =+ "lib${PN} ${PN}-client ${PN}-proxy ${PN}-server"
 
-- 
2.32.0.272.g935e593368-goog


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#153031): 
https://lists.openembedded.org/g/openembedded-core/message/153031
Mute This Topic: https://lists.openembedded.org/mt/83587116/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core][dunfell][PATCH] expat: fix CVE-2013-0340

[Jasper Orschulko]

expat < 4.0 is vulnerable to billion laughs attacks (see
[https://github.com/libexpat/libexpat/issues/34]). This patch backports
the commits b1d039607d3d8a042bf0466bfcc1c0f104e353c8
and 60959f2b491876199879d97c8ed956eabb0c2e73 from upstream.

Additionally, the SRC_URI had to be adjusted due to renaming of the
source archive

Signed-off-by: Jasper Orschulko 
---
 .../expat/expat/CVE-2013-0340.patch   | 1758 +
 .../expat/expat/libtool-tag.patch |   41 +-
 meta/recipes-core/expat/expat_2.2.9.bb|   10 +-
 3 files changed, 1783 insertions(+), 26 deletions(-)
 create mode 100644 meta/recipes-core/expat/expat/CVE-2013-0340.patch

diff --git a/meta/recipes-core/expat/expat/CVE-2013-0340.patch
b/meta/recipes-core/expat/expat/CVE-2013-0340.patch
new file mode 100644
index 00..5ef749719d
--- /dev/null
+++ b/meta/recipes-core/expat/expat/CVE-2013-0340.patch
@@ -0,0 +1,1758 @@
+From a644ccf25392523b1329872310e24d0fc5f40629 Mon Sep 17 00:00:00 2001
+From: Sebastian Pipping 
+Date: Mon, 19 Apr 2021 21:42:51 +0200
+Subject: [PATCH] expat: Backport fix for CVE-2013-0340
+
+Issue: https://github.com/libexpat/libexpat/issues/34
+
+This patch cherry-picks the following commits from upstream release
+2.4.0 onto 2.2.9:
+
+- b1d039607d3d8a042bf0466bfcc1c0f104e353c8
+- 60959f2b491876199879d97c8ed956eabb0c2e73
+
+Upstream-Status: Backport
+CVE: CVE-2013-0340
+Signed-off-by: Jasper Orschulko 
+---
+ lib/expat.h   |   21 +-
+ lib/internal.h|   30 +
+ lib/libexpat.def  |3 +
+ lib/libexpatw.def |3 +
+ lib/xmlparse.c| 1147 +--
+ 5 files changed, 1143 insertions(+), 61 deletions(-)
+
+diff --git a/lib/expat.h b/lib/expat.h
+index 48a6e2a3..0fb70d9d 100644
+--- a/lib/expat.h
 b/lib/expat.h
+@@ -115,7 +115,9 @@ enum XML_Error {
+   XML_ERROR_RESERVED_PREFIX_XMLNS,
+   XML_ERROR_RESERVED_NAMESPACE_URI,
+   /* Added in 2.2.1. */
+-  XML_ERROR_INVALID_ARGUMENT
++  XML_ERROR_INVALID_ARGUMENT,
++  /* Added in 2.4.0. */
++  XML_ERROR_AMPLIFICATION_LIMIT_BREACH
+ };
+ 
+ enum XML_Content_Type {
+@@ -997,7 +999,10 @@ enum XML_FeatureEnum {
+   XML_FEATURE_SIZEOF_XML_LCHAR,
+   XML_FEATURE_NS,
+   XML_FEATURE_LARGE_SIZE,
+-  XML_FEATURE_ATTR_INFO
++  XML_FEATURE_ATTR_INFO,
++  /* Added in Expat 2.4.0. */
++ 
XML_FEATURE_BILLION_LAUGHS_ATTACK_PROTECTION_MAXIMUM_AMPLIFICATION_DEFA
ULT,
++ 
XML_FEATURE_BILLION_LAUGHS_ATTACK_PROTECTION_ACTIVATION_THRESHOLD_DEFAU
LT
+   /* Additional features must be added to the end of this enum. */
+ };
+ 
+@@ -1010,6 +1015,18 @@ typedef struct {
+ XMLPARSEAPI(const XML_Feature *)
+ XML_GetFeatureList(void);
+ 
++#ifdef XML_DTD
++/* Added in Expat 2.4.0. */
++XMLPARSEAPI(XML_Bool)
++XML_SetBillionLaughsAttackProtectionMaximumAmplification(
++XML_Parser parser, float maximumAmplificationFactor);
++
++/* Added in Expat 2.4.0. */
++XMLPARSEAPI(XML_Bool)
++XML_SetBillionLaughsAttackProtectionActivationThreshold(
++XML_Parser parser, unsigned long long activationThresholdBytes);
++#endif
++
+ /* Expat follows the semantic versioning convention.
+See http://semver.org.
+ */
+diff --git a/lib/internal.h b/lib/internal.h
+index 60913dab..d8b31fa2 100644
+--- a/lib/internal.h
 b/lib/internal.h
+@@ -101,10 +101,40 @@
+ #  endif
+ #endif
+ 
++#include  // ULONG_MAX
++
++#if defined(_WIN32) && ! defined(__USE_MINGW_ANSI_STDIO)
++#  define EXPAT_FMT_ULL(midpart) "%" midpart "I64u"
++#  if defined(_WIN64) // Note: modifier "td" does not work for MinGW
++#define EXPAT_FMT_PTRDIFF_T(midpart) "%" midpart "I64d"
++#  else
++#define EXPAT_FMT_PTRDIFF_T(midpart) "%" midpart "d"
++#  endif
++#else
++#  define EXPAT_FMT_ULL(midpart) "%" midpart "llu"
++#  if ! defined(ULONG_MAX)
++#error Compiler did not define ULONG_MAX for us
++#  elif ULONG_MAX == 18446744073709551615u // 2^64-1
++#define EXPAT_FMT_PTRDIFF_T(midpart) "%" midpart "ld"
++#  else
++#define EXPAT_FMT_PTRDIFF_T(midpart) "%" midpart "d"
++#  endif
++#endif
++
+ #ifndef UNUSED_P
+ #  define UNUSED_P(p) (void)p
+ #endif
+ 
++/* NOTE BEGIN If you ever patch these defaults to greater values
++  for non-attack XML payload in your environment,
++  please file a bug report with libexpat.  Thank you!
++*/
++#define
EXPAT_BILLION_LAUGHS_ATTACK_PROTECTION_MAXIMUM_AMPLIFICATION_DEFAULT  
\
++  100.0f
++#define
EXPAT_BILLION_LAUGHS_ATTACK_PROTECTION_ACTIVATION_THRESHOLD_DEFAULT   
\
++  8388608 // 8 MiB, 2^23
++/* NOTE END */
++
+ #ifdef __cplusplus
+ extern "C" {
+ #endif
+diff --git a/lib/libexpat.def b/lib/libexpat.def
+index 16faf595..5aefa6df 100644
+--- a/lib/libexpat.def
 b/lib/libexpat.def
+@@ -76,3 +76,6 @@ EXPORTS
+   XML_SetHashSalt @67
+ ; added with version 2.2.5
+   _INTERNAL_trim_to_complete_utf8_characters @68
++; added with version 2.4.0
++  XML_SetBillionLaughsAttackProtectionActivationThreshold @69
++  XML_SetBillionLaughsAttackProtectionMaximumAmplification @70
+diff --git a/lib/libexpatw.def 

Re: [OE-core] should the same recipe have two different WORKDIRs?

[Andre McCurdy]

On Wed, Jun 16, 2021 at 9:30 AM Robert P. J. Day  wrote:
>   perhaps i've just never noticed before, but a colleague asked me to
> debug some strangeness with his WRLinux build, and what i noticed was
> that the recipe that generated a package with a single (aarch64)
> executable created WORKDIRs under both directories:
>
>   * cortexa53...
>   * acme-coyote [actual target board]
>
> this surprises me ... i thought that, based on the attributes of any
> recipe, it would have only one WORKDIR in the appropriate place. what
> does the above mean? i'm not sure what to make of it.

Have you built the recipe for two different machines in the same build
directory?

If you completely remove tmp and then build again for a single machine
you should see only one WORKDIR created (which could be under either
the generic cortexa53 or the machine specific acme-coyote depending on
whether the recipe sets PACKAGE_ARCH or applies any patches or sets
config option etc using a machine specific override).

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#153029): 
https://lists.openembedded.org/g/openembedded-core/message/153029
Mute This Topic: https://lists.openembedded.org/mt/83584601/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] should the same recipe have two different WORKDIRs?

[Mark Hatle]

Part of the WORKDIR component is the target (package) architecture.  If the
recipe or one of it's inherits sets PACKAGE_ARCH = "${MACHINE_ARCH}" it will
move the component.

Where I've seen both directories used is when someone is building for multiple
target boards.. and some of the targets use the default PACKAGE_ARCH, and some
use MACHINE_ARCH.  This is very common with OpenGL and hardware acceleration.
Mesa for instance becomes machine dependent on some systems, but generic for 
others.

--Mark

On 6/16/21 11:30 AM, Robert P. J. Day wrote:
> 
>   perhaps i've just never noticed before, but a colleague asked me to
> debug some strangeness with his WRLinux build, and what i noticed was
> that the recipe that generated a package with a single (aarch64)
> executable created WORKDIRs under both directories:
> 
>   * cortexa53...
>   * acme-coyote   [actual target board]
> 
> this surprises me ... i thought that, based on the attributes of any
> recipe, it would have only one WORKDIR in the appropriate place. what
> does the above mean? i'm not sure what to make of it.
> 
> rday
> 
> 
> 
> 
> 

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#153028): 
https://lists.openembedded.org/g/openembedded-core/message/153028
Mute This Topic: https://lists.openembedded.org/mt/83584601/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] should the same recipe have two different WORKDIRs?

[Robert P. J. Day]

  perhaps i've just never noticed before, but a colleague asked me to
debug some strangeness with his WRLinux build, and what i noticed was
that the recipe that generated a package with a single (aarch64)
executable created WORKDIRs under both directories:

  * cortexa53...
  * acme-coyote [actual target board]

this surprises me ... i thought that, based on the attributes of any
recipe, it would have only one WORKDIR in the appropriate place. what
does the above mean? i'm not sure what to make of it.

rday

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#153027): 
https://lists.openembedded.org/g/openembedded-core/message/153027
Mute This Topic: https://lists.openembedded.org/mt/83584601/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core][dunfell][PATCH] expat: fix CVE-2013-0340

[Steve Sakoman]

On Wed, Jun 16, 2021 at 5:17 AM Jasper Orschulko
 wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Hi Steve!
>
> Thanks for the quick feedback! I just noticed that the archive folder
> structure from sourceforge differs to to the git content, thus the
> "inner" patch currently fails. Oops!
>
> I'm thinking about setting the git repository as SRC_URI, as the expat
> project is currently moving away from sourceforge towards github. Also,
> we would not be affected by random archive renaming ;) What do you
> think?

If the upstream project is moving from sourceforge to github, then yes
it makes sense to change the SRC_URI to reflect their new standard
source location.

Steve
> - --
> With best regards
>
> Jasper Orschulko
> DevOps Engineer
>
> Tel. +49 30 58 58 14 265
> Fax +49 30 58 58 14 999
> jasper.orschu...@iris-sensing.com
>
> • • • • • • • • • • • • • • • • • • • • • • • • • •
>
> iris-GmbH
> infrared & intelligent sensors
> Ostendstraße 1-14 | 12459 Berlin
>
> https://iris-sensing.com/
>
>
>
>
> On Wed, 2021-06-16 at 05:09 -1000, Steve Sakoman wrote:
> > On Wed, Jun 16, 2021 at 4:49 AM Jasper Orschulko
> >  wrote:
> > >
> > > -BEGIN PGP SIGNED MESSAGE-
> > > Hash: SHA256
> > >
> > > P.S.: I am not too familiar with expat, this particular CVE, not
> > > with
> > > the practise of backporting security patches, so someone(TM) should
> > > definitely take a closer look at this first.
> >
> > Will do!
> >
> > A few initial comments:
> >
> > 1. Please don't PGP sign patch emails :-)
> > 2. Change the patch file name to CVE-2013-0340.patch
> >
> > Other than that it looks OK at first glance.
> >
> > For reference the patch requirements for CVE's are outlined at:
> >
> > https://wiki.yoctoproject.org/wiki/Security
> >
> > in the "Patch name convention and commit message" section.
> >
> > Thanks for helping with CVEs!
> >
> > Steve
> >
> >
> >
> >
> > > With best regards
> > >
> > > Jasper Orschulko
> > > DevOps Engineer
> > >
> > > Tel. +49 30 58 58 14 265
> > > Fax +49 30 58 58 14 999
> > > jasper.orschu...@iris-sensing.com
> > >
> > > • • • • • • • • • • • • • • • • • • • • • • • • • •
> > >
> > > iris-GmbH
> > > infrared & intelligent sensors
> > > Ostendstraße 1-14 | 12459 Berlin
> > >
> > > https://iris-sensing.com/
> > >
> > >
> > >
> > >
> > > On Wed, 2021-06-16 at 14:44 +, Jasper Orschulko wrote:
> > > > expat < 4.0 is vulnerable to billion laughs attacks (see
> > > > [https://github.com/libexpat/libexpat/issues/34]). This patch
> > > > backports
> > > > the commits b1d039607d3d8a042bf0466bfcc1c0f104e353c8
> > > > and 60959f2b491876199879d97c8ed956eabb0c2e73 from upstream.
> > > >
> > > > Additionally, the SRC_URI had to be adjusted due to renaming of
> > > > the
> > > > source archive
> > > >
> > > > Signed-off-by: Jasper Orschulko
> > > > 
> > > > ---
> > > >  ...expat-Backport-fix-for-CVE-2013-0340.patch | 1758
> > > > +
> > > >  meta/recipes-core/expat/expat_2.2.9.bb|3 +-
> > > >  2 files changed, 1760 insertions(+), 1 deletion(-)
> > > >  create mode 100644 meta/recipes-core/expat/expat/0001-expat-
> > > > Backport-
> > > > fix-for-CVE-2013-0340.patch
> > > >
> > > > diff --git a/meta/recipes-core/expat/expat/0001-expat-Backport-
> > > > fix-
> > > > for-
> > > > CVE-2013-0340.patch b/meta/recipes-core/expat/expat/0001-expat-
> > > > Backport-fix-for-CVE-2013-0340.patch
> > > > new file mode 100644
> > > > index 00..b2ca066d96
> > > > --- /dev/null
> > > > +++ b/meta/recipes-core/expat/expat/0001-expat-Backport-fix-for-
> > > > CVE-
> > > > 2013-0340.patch
> > > > @@ -0,0 +1,1758 @@
> > > > +From 6f68eb0439f3c1807a143ff8c8972e74d404d8f0 Mon Sep 17
> > > > 00:00:00
> > > > 2001
> > > > +From: Sebastian Pipping 
> > > > +Date: Mon, 19 Apr 2021 21:42:51 +0200
> > > > +Subject: [PATCH] expat: Backport fix for CVE-2013-0340
> > > > +
> > > > +Issue: https://github.com/libexpat/libexpat/issues/34
> > > > +
> > > > +This patch cherry-picks the following commits from upstream
> > > > release
> > > > +2.4.0 onto 2.2.9:
> > > > +
> > > > +- b1d039607d3d8a042bf0466bfcc1c0f104e353c8
> > > > +- 60959f2b491876199879d97c8ed956eabb0c2e73
> > > > +
> > > > +Upstream-Status: Backport
> > > > +CVE: CVE-2013-0340
> > > > +Signed-off-by: Jasper Orschulko
> > > > 
> > > > +---
> > > > + expat/lib/expat.h   |   21 +-
> > > > + expat/lib/internal.h|   30 +
> > > > + expat/lib/libexpat.def  |3 +
> > > > + expat/lib/libexpatw.def |3 +
> > > > + expat/lib/xmlparse.c| 1147
> > > > +-
> > > > -
> > > > + 5 files changed, 1143 insertions(+), 61 deletions(-)
> > > > +
> > > > +diff --git a/expat/lib/expat.h b/expat/lib/expat.h
> > > > +index 48a6e2a3..796086c2 100644
> > > > +--- a/expat/lib/expat.h
> > > >  b/expat/lib/expat.h
> > > > +@@ -115,7 +115,9 @@ enum XML_Error {
> > > > +   XML_ERROR_RESERVED_PREFIX_XMLNS,
> > > > +   XML_ERROR_RESERVED_NAMESPACE_URI,
> > > > +   /* Added in 2.2.1. */
> > > > 

Re: [OE-core] Request to backport KERNEL_DTC_FLAGS to Dunfell

[Steve Sakoman]

On Wed, Jun 16, 2021 at 5:28 AM Jonas Mark (BT-FIR/ENG1-Grb)
 wrote:
>
> Hi Bruce and Steve,
>
> > Von: Bruce Ashfield 
>
> > On Fri, Jun 4, 2021 at 11:09 AM Steve Sakoman  wrote:
> > >
> > > On Fri, Jun 4, 2021 at 2:45 AM Jonas Mark (BT-FIR/ENG1-Grb)
> > >  wrote:
> > > >
> > > > Hi,
> > > >
> > > > We are using DT overlays and have the need to pass the -@ parameter
> > > > in DTC_FLAGS to Linux' make. The patch
> > > >
> > > > "kernel-devicetree: Introduce KERNEL_DTC_FLAGS to pass dtc flags"
>
> [cut out web links messed up by Outlook]
>
> > > > makes that possible in a nice way. Would it be reasonable to request
> > backporting of this patch to Dunfell?
> > >
> > > This is sort of in the grey area between feature and bug fix.  It does
> > > seem relatively safe, so I would consider taking the patch if there
> > > are no objections from the community.
> > >
> > > Added Bruce to the cc list to get his opinion.
> >
> > Good timing, I happened to notice this earlier and was thinking about it.
> >
> > While I also wouldn't call it a bug, I agree it is a small/standalone 
> > change that
> > shouldn't break anything.
> >
> > A quick scan of the dunfell tested kernels shows unchanged Makefile 
> > handling of
> > the option, so there's little risk there.
> >
> > I'd say that it would be fine for backport.
>
> Can I help with the backport in any way?

The reference patch is already in dunfell:

https://git.openembedded.org/openembedded-core/commit/?h=dunfell=2246b0d7a71c69eb2e89c55991d1387069895466

> My colleague Tingquan gave it a try and the patch from Hardknott applies 
> cleanly on Dunfell.
>
> The documentation patch for Poky proposed by Quentin does not apply though. 
> But it is just that ref-variables.rst was renamed to variables.rst.

Please see the documentation patch currently on the list for review:

https://lists.yoctoproject.org/g/docs/message/1469

Both should be in the 3.1.9 release coming up in the next week or so.

Steve



> > > > We were also wondering what could be an alternative approach for getting
> > this or a similar functionality. Patching a bbclass using a bbappend is not
> > possible, is it?
> > >
> > > No, there is no equivalent of bbappend for classes.
> > >
> > > Other solutions are possible, but taking this patch would be the
> > > cleanest solution to your problem.  Let's see what others think before
> > > we go there :-)
> > >
> > > Steve
>
> Cheers,
> Mark

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#153025): 
https://lists.openembedded.org/g/openembedded-core/message/153025
Mute This Topic: https://lists.openembedded.org/mt/83307657/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] Request to backport KERNEL_DTC_FLAGS to Dunfell

[Mark Jonas via lists.openembedded.org]

Hi Bruce and Steve,

> Von: Bruce Ashfield 

> On Fri, Jun 4, 2021 at 11:09 AM Steve Sakoman  wrote:
> >
> > On Fri, Jun 4, 2021 at 2:45 AM Jonas Mark (BT-FIR/ENG1-Grb)
> >  wrote:
> > >
> > > Hi,
> > >
> > > We are using DT overlays and have the need to pass the -@ parameter
> > > in DTC_FLAGS to Linux' make. The patch
> > >
> > > "kernel-devicetree: Introduce KERNEL_DTC_FLAGS to pass dtc flags"

[cut out web links messed up by Outlook]

> > > makes that possible in a nice way. Would it be reasonable to request
> backporting of this patch to Dunfell?
> >
> > This is sort of in the grey area between feature and bug fix.  It does
> > seem relatively safe, so I would consider taking the patch if there
> > are no objections from the community.
> >
> > Added Bruce to the cc list to get his opinion.
> 
> Good timing, I happened to notice this earlier and was thinking about it.
> 
> While I also wouldn't call it a bug, I agree it is a small/standalone change 
> that
> shouldn't break anything.
> 
> A quick scan of the dunfell tested kernels shows unchanged Makefile handling 
> of
> the option, so there's little risk there.
> 
> I'd say that it would be fine for backport.

Can I help with the backport in any way?

My colleague Tingquan gave it a try and the patch from Hardknott applies 
cleanly on Dunfell.

The documentation patch for Poky proposed by Quentin does not apply though. But 
it is just that ref-variables.rst was renamed to variables.rst.

> 
> Bruce
> 
> >
> > > We were also wondering what could be an alternative approach for getting
> this or a similar functionality. Patching a bbclass using a bbappend is not
> possible, is it?
> >
> > No, there is no equivalent of bbappend for classes.
> >
> > Other solutions are possible, but taking this patch would be the
> > cleanest solution to your problem.  Let's see what others think before
> > we go there :-)
> >
> > Steve

Cheers,
Mark

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#153024): 
https://lists.openembedded.org/g/openembedded-core/message/153024
Mute This Topic: https://lists.openembedded.org/mt/83307657/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core][dunfell][PATCH] expat: fix CVE-2013-0340

[Jasper Orschulko]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

P.S.: I was looking
at 
https://www.openembedded.org/wiki/Commit_Patch_Message_Guidelines#Example:_CVE_patch_header
and this page as far as I can tell only mentions the patch header
convention, not the file name itself. Maybe this needs an update? :)
 
- -- 
With best regards

Jasper Orschulko
DevOps Engineer

Tel. +49 30 58 58 14 265
Fax +49 30 58 58 14 999
jasper.orschu...@iris-sensing.com

• • • • • • • • • • • • • • • • • • • • • • • • • •

iris-GmbH
infrared & intelligent sensors
Ostendstraße 1-14 | 12459 Berlin

https://iris-sensing.com/




On Wed, 2021-06-16 at 05:09 -1000, Steve Sakoman wrote:
> On Wed, Jun 16, 2021 at 4:49 AM Jasper Orschulko
>  wrote:
> > 
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA256
> > 
> > P.S.: I am not too familiar with expat, this particular CVE, not with
> > the practise of backporting security patches, so someone(TM) should
> > definitely take a closer look at this first.
> 
> Will do!
> 
> A few initial comments:
> 
> 1. Please don't PGP sign patch emails :-)
> 2. Change the patch file name to CVE-2013-0340.patch
> 
> Other than that it looks OK at first glance.
> 
> For reference the patch requirements for CVE's are outlined at:
> 
> https://wiki.yoctoproject.org/wiki/Security
> 
> in the "Patch name convention and commit message" section.
> 
> Thanks for helping with CVEs!
> 
> Steve
> 
> 
> 
> 
> > With best regards
> > 
> > Jasper Orschulko
> > DevOps Engineer
> > 
> > Tel. +49 30 58 58 14 265
> > Fax +49 30 58 58 14 999
> > jasper.orschu...@iris-sensing.com
> > 
> > • • • • • • • • • • • • • • • • • • • • • • • • • •
> > 
> > iris-GmbH
> > infrared & intelligent sensors
> > Ostendstraße 1-14 | 12459 Berlin
> > 
> > https://iris-sensing.com/
> > 
> > 
> > 
> > 
> > On Wed, 2021-06-16 at 14:44 +, Jasper Orschulko wrote:
> > > expat < 4.0 is vulnerable to billion laughs attacks (see
> > > [https://github.com/libexpat/libexpat/issues/34]). This patch
> > > backports
> > > the commits b1d039607d3d8a042bf0466bfcc1c0f104e353c8
> > > and 60959f2b491876199879d97c8ed956eabb0c2e73 from upstream.
> > > 
> > > Additionally, the SRC_URI had to be adjusted due to renaming of the
> > > source archive
> > > 
> > > Signed-off-by: Jasper Orschulko 
> > > ---
> > >  ...expat-Backport-fix-for-CVE-2013-0340.patch | 1758
> > > +
> > >  meta/recipes-core/expat/expat_2.2.9.bb    |    3 +-
> > >  2 files changed, 1760 insertions(+), 1 deletion(-)
> > >  create mode 100644 meta/recipes-core/expat/expat/0001-expat-
> > > Backport-
> > > fix-for-CVE-2013-0340.patch
> > > 
> > > diff --git a/meta/recipes-core/expat/expat/0001-expat-Backport-fix-
> > > for-
> > > CVE-2013-0340.patch b/meta/recipes-core/expat/expat/0001-expat-
> > > Backport-fix-for-CVE-2013-0340.patch
> > > new file mode 100644
> > > index 00..b2ca066d96
> > > --- /dev/null
> > > +++ b/meta/recipes-core/expat/expat/0001-expat-Backport-fix-for-
> > > CVE-
> > > 2013-0340.patch
> > > @@ -0,0 +1,1758 @@
> > > +From 6f68eb0439f3c1807a143ff8c8972e74d404d8f0 Mon Sep 17 00:00:00
> > > 2001
> > > +From: Sebastian Pipping 
> > > +Date: Mon, 19 Apr 2021 21:42:51 +0200
> > > +Subject: [PATCH] expat: Backport fix for CVE-2013-0340
> > > +
> > > +Issue: https://github.com/libexpat/libexpat/issues/34
> > > +
> > > +This patch cherry-picks the following commits from upstream
> > > release
> > > +2.4.0 onto 2.2.9:
> > > +
> > > +- b1d039607d3d8a042bf0466bfcc1c0f104e353c8
> > > +- 60959f2b491876199879d97c8ed956eabb0c2e73
> > > +
> > > +Upstream-Status: Backport
> > > +CVE: CVE-2013-0340
> > > +Signed-off-by: Jasper Orschulko
> > > 
> > > +---
> > > + expat/lib/expat.h   |   21 +-
> > > + expat/lib/internal.h    |   30 +
> > > + expat/lib/libexpat.def  |    3 +
> > > + expat/lib/libexpatw.def |    3 +
> > > + expat/lib/xmlparse.c    | 1147
> > > +-
> > > -
> > > + 5 files changed, 1143 insertions(+), 61 deletions(-)
> > > +
> > > +diff --git a/expat/lib/expat.h b/expat/lib/expat.h
> > > +index 48a6e2a3..796086c2 100644
> > > +--- a/expat/lib/expat.h
> > >  b/expat/lib/expat.h
> > > +@@ -115,7 +115,9 @@ enum XML_Error {
> > > +   XML_ERROR_RESERVED_PREFIX_XMLNS,
> > > +   XML_ERROR_RESERVED_NAMESPACE_URI,
> > > +   /* Added in 2.2.1. */
> > > +-  XML_ERROR_INVALID_ARGUMENT
> > > ++  XML_ERROR_INVALID_ARGUMENT,
> > > ++  /* Backported from 2.4.0. */
> > > ++  XML_ERROR_AMPLIFICATION_LIMIT_BREACH
> > > + };
> > > +
> > > + enum XML_Content_Type {
> > > +@@ -997,7 +999,10 @@ enum XML_FeatureEnum {
> > > +   XML_FEATURE_SIZEOF_XML_LCHAR,
> > > +   XML_FEATURE_NS,
> > > +   XML_FEATURE_LARGE_SIZE,
> > > +-  XML_FEATURE_ATTR_INFO
> > > ++  XML_FEATURE_ATTR_INFO,
> > > ++  /* Added in Expat 2.4.0. */
> > > ++
> > > XML_FEATURE_BILLION_LAUGHS_ATTACK_PROTECTION_MAXIMUM_AMPLIFICATION_
> > > DE
> > > FA
> > > ULT,
> > > ++
> > > XML_FEATURE_BILLION_LAUGHS_ATTACK_PROTECTION_ACTIVATION_THRESHOLD_D
> > > EF
> > > AU
> > > LT
> 

Re: [OE-core][dunfell][PATCH] expat: fix CVE-2013-0340

[Jasper Orschulko]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hi Steve!

Thanks for the quick feedback! I just noticed that the archive folder
structure from sourceforge differs to to the git content, thus the
"inner" patch currently fails. Oops!

I'm thinking about setting the git repository as SRC_URI, as the expat
project is currently moving away from sourceforge towards github. Also,
we would not be affected by random archive renaming ;) What do you
think?

- -- 
With best regards

Jasper Orschulko
DevOps Engineer

Tel. +49 30 58 58 14 265
Fax +49 30 58 58 14 999
jasper.orschu...@iris-sensing.com

• • • • • • • • • • • • • • • • • • • • • • • • • •

iris-GmbH
infrared & intelligent sensors
Ostendstraße 1-14 | 12459 Berlin

https://iris-sensing.com/




On Wed, 2021-06-16 at 05:09 -1000, Steve Sakoman wrote:
> On Wed, Jun 16, 2021 at 4:49 AM Jasper Orschulko
>  wrote:
> > 
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA256
> > 
> > P.S.: I am not too familiar with expat, this particular CVE, not
> > with
> > the practise of backporting security patches, so someone(TM) should
> > definitely take a closer look at this first.
> 
> Will do!
> 
> A few initial comments:
> 
> 1. Please don't PGP sign patch emails :-)
> 2. Change the patch file name to CVE-2013-0340.patch
> 
> Other than that it looks OK at first glance.
> 
> For reference the patch requirements for CVE's are outlined at:
> 
> https://wiki.yoctoproject.org/wiki/Security
> 
> in the "Patch name convention and commit message" section.
> 
> Thanks for helping with CVEs!
> 
> Steve
> 
> 
> 
> 
> > With best regards
> > 
> > Jasper Orschulko
> > DevOps Engineer
> > 
> > Tel. +49 30 58 58 14 265
> > Fax +49 30 58 58 14 999
> > jasper.orschu...@iris-sensing.com
> > 
> > • • • • • • • • • • • • • • • • • • • • • • • • • •
> > 
> > iris-GmbH
> > infrared & intelligent sensors
> > Ostendstraße 1-14 | 12459 Berlin
> > 
> > https://iris-sensing.com/
> > 
> > 
> > 
> > 
> > On Wed, 2021-06-16 at 14:44 +, Jasper Orschulko wrote:
> > > expat < 4.0 is vulnerable to billion laughs attacks (see
> > > [https://github.com/libexpat/libexpat/issues/34]). This patch
> > > backports
> > > the commits b1d039607d3d8a042bf0466bfcc1c0f104e353c8
> > > and 60959f2b491876199879d97c8ed956eabb0c2e73 from upstream.
> > > 
> > > Additionally, the SRC_URI had to be adjusted due to renaming of
> > > the
> > > source archive
> > > 
> > > Signed-off-by: Jasper Orschulko
> > > 
> > > ---
> > >  ...expat-Backport-fix-for-CVE-2013-0340.patch | 1758
> > > +
> > >  meta/recipes-core/expat/expat_2.2.9.bb    |    3 +-
> > >  2 files changed, 1760 insertions(+), 1 deletion(-)
> > >  create mode 100644 meta/recipes-core/expat/expat/0001-expat-
> > > Backport-
> > > fix-for-CVE-2013-0340.patch
> > > 
> > > diff --git a/meta/recipes-core/expat/expat/0001-expat-Backport-
> > > fix-
> > > for-
> > > CVE-2013-0340.patch b/meta/recipes-core/expat/expat/0001-expat-
> > > Backport-fix-for-CVE-2013-0340.patch
> > > new file mode 100644
> > > index 00..b2ca066d96
> > > --- /dev/null
> > > +++ b/meta/recipes-core/expat/expat/0001-expat-Backport-fix-for-
> > > CVE-
> > > 2013-0340.patch
> > > @@ -0,0 +1,1758 @@
> > > +From 6f68eb0439f3c1807a143ff8c8972e74d404d8f0 Mon Sep 17
> > > 00:00:00
> > > 2001
> > > +From: Sebastian Pipping 
> > > +Date: Mon, 19 Apr 2021 21:42:51 +0200
> > > +Subject: [PATCH] expat: Backport fix for CVE-2013-0340
> > > +
> > > +Issue: https://github.com/libexpat/libexpat/issues/34
> > > +
> > > +This patch cherry-picks the following commits from upstream
> > > release
> > > +2.4.0 onto 2.2.9:
> > > +
> > > +- b1d039607d3d8a042bf0466bfcc1c0f104e353c8
> > > +- 60959f2b491876199879d97c8ed956eabb0c2e73
> > > +
> > > +Upstream-Status: Backport
> > > +CVE: CVE-2013-0340
> > > +Signed-off-by: Jasper Orschulko
> > > 
> > > +---
> > > + expat/lib/expat.h   |   21 +-
> > > + expat/lib/internal.h    |   30 +
> > > + expat/lib/libexpat.def  |    3 +
> > > + expat/lib/libexpatw.def |    3 +
> > > + expat/lib/xmlparse.c    | 1147
> > > +-
> > > -
> > > + 5 files changed, 1143 insertions(+), 61 deletions(-)
> > > +
> > > +diff --git a/expat/lib/expat.h b/expat/lib/expat.h
> > > +index 48a6e2a3..796086c2 100644
> > > +--- a/expat/lib/expat.h
> > >  b/expat/lib/expat.h
> > > +@@ -115,7 +115,9 @@ enum XML_Error {
> > > +   XML_ERROR_RESERVED_PREFIX_XMLNS,
> > > +   XML_ERROR_RESERVED_NAMESPACE_URI,
> > > +   /* Added in 2.2.1. */
> > > +-  XML_ERROR_INVALID_ARGUMENT
> > > ++  XML_ERROR_INVALID_ARGUMENT,
> > > ++  /* Backported from 2.4.0. */
> > > ++  XML_ERROR_AMPLIFICATION_LIMIT_BREACH
> > > + };
> > > +
> > > + enum XML_Content_Type {
> > > +@@ -997,7 +999,10 @@ enum XML_FeatureEnum {
> > > +   XML_FEATURE_SIZEOF_XML_LCHAR,
> > > +   XML_FEATURE_NS,
> > > +   XML_FEATURE_LARGE_SIZE,
> > > +-  XML_FEATURE_ATTR_INFO
> > > ++  XML_FEATURE_ATTR_INFO,
> > > ++  /* Added in Expat 2.4.0. */
> > > ++
> > > 

Re: [OE-core][dunfell][PATCH] expat: fix CVE-2013-0340

[Steve Sakoman]

On Wed, Jun 16, 2021 at 4:49 AM Jasper Orschulko
 wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> P.S.: I am not too familiar with expat, this particular CVE, not with
> the practise of backporting security patches, so someone(TM) should
> definitely take a closer look at this first.

Will do!

A few initial comments:

1. Please don't PGP sign patch emails :-)
2. Change the patch file name to CVE-2013-0340.patch

Other than that it looks OK at first glance.

For reference the patch requirements for CVE's are outlined at:

https://wiki.yoctoproject.org/wiki/Security

in the "Patch name convention and commit message" section.

Thanks for helping with CVEs!

Steve




> With best regards
>
> Jasper Orschulko
> DevOps Engineer
>
> Tel. +49 30 58 58 14 265
> Fax +49 30 58 58 14 999
> jasper.orschu...@iris-sensing.com
>
> • • • • • • • • • • • • • • • • • • • • • • • • • •
>
> iris-GmbH
> infrared & intelligent sensors
> Ostendstraße 1-14 | 12459 Berlin
>
> https://iris-sensing.com/
>
>
>
>
> On Wed, 2021-06-16 at 14:44 +, Jasper Orschulko wrote:
> > expat < 4.0 is vulnerable to billion laughs attacks (see
> > [https://github.com/libexpat/libexpat/issues/34]). This patch
> > backports
> > the commits b1d039607d3d8a042bf0466bfcc1c0f104e353c8
> > and 60959f2b491876199879d97c8ed956eabb0c2e73 from upstream.
> >
> > Additionally, the SRC_URI had to be adjusted due to renaming of the
> > source archive
> >
> > Signed-off-by: Jasper Orschulko 
> > ---
> >  ...expat-Backport-fix-for-CVE-2013-0340.patch | 1758
> > +
> >  meta/recipes-core/expat/expat_2.2.9.bb|3 +-
> >  2 files changed, 1760 insertions(+), 1 deletion(-)
> >  create mode 100644 meta/recipes-core/expat/expat/0001-expat-
> > Backport-
> > fix-for-CVE-2013-0340.patch
> >
> > diff --git a/meta/recipes-core/expat/expat/0001-expat-Backport-fix-
> > for-
> > CVE-2013-0340.patch b/meta/recipes-core/expat/expat/0001-expat-
> > Backport-fix-for-CVE-2013-0340.patch
> > new file mode 100644
> > index 00..b2ca066d96
> > --- /dev/null
> > +++ b/meta/recipes-core/expat/expat/0001-expat-Backport-fix-for-CVE-
> > 2013-0340.patch
> > @@ -0,0 +1,1758 @@
> > +From 6f68eb0439f3c1807a143ff8c8972e74d404d8f0 Mon Sep 17 00:00:00
> > 2001
> > +From: Sebastian Pipping 
> > +Date: Mon, 19 Apr 2021 21:42:51 +0200
> > +Subject: [PATCH] expat: Backport fix for CVE-2013-0340
> > +
> > +Issue: https://github.com/libexpat/libexpat/issues/34
> > +
> > +This patch cherry-picks the following commits from upstream release
> > +2.4.0 onto 2.2.9:
> > +
> > +- b1d039607d3d8a042bf0466bfcc1c0f104e353c8
> > +- 60959f2b491876199879d97c8ed956eabb0c2e73
> > +
> > +Upstream-Status: Backport
> > +CVE: CVE-2013-0340
> > +Signed-off-by: Jasper Orschulko 
> > +---
> > + expat/lib/expat.h   |   21 +-
> > + expat/lib/internal.h|   30 +
> > + expat/lib/libexpat.def  |3 +
> > + expat/lib/libexpatw.def |3 +
> > + expat/lib/xmlparse.c| 1147
> > +-
> > -
> > + 5 files changed, 1143 insertions(+), 61 deletions(-)
> > +
> > +diff --git a/expat/lib/expat.h b/expat/lib/expat.h
> > +index 48a6e2a3..796086c2 100644
> > +--- a/expat/lib/expat.h
> >  b/expat/lib/expat.h
> > +@@ -115,7 +115,9 @@ enum XML_Error {
> > +   XML_ERROR_RESERVED_PREFIX_XMLNS,
> > +   XML_ERROR_RESERVED_NAMESPACE_URI,
> > +   /* Added in 2.2.1. */
> > +-  XML_ERROR_INVALID_ARGUMENT
> > ++  XML_ERROR_INVALID_ARGUMENT,
> > ++  /* Backported from 2.4.0. */
> > ++  XML_ERROR_AMPLIFICATION_LIMIT_BREACH
> > + };
> > +
> > + enum XML_Content_Type {
> > +@@ -997,7 +999,10 @@ enum XML_FeatureEnum {
> > +   XML_FEATURE_SIZEOF_XML_LCHAR,
> > +   XML_FEATURE_NS,
> > +   XML_FEATURE_LARGE_SIZE,
> > +-  XML_FEATURE_ATTR_INFO
> > ++  XML_FEATURE_ATTR_INFO,
> > ++  /* Added in Expat 2.4.0. */
> > ++
> > XML_FEATURE_BILLION_LAUGHS_ATTACK_PROTECTION_MAXIMUM_AMPLIFICATION_DE
> > FA
> > ULT,
> > ++
> > XML_FEATURE_BILLION_LAUGHS_ATTACK_PROTECTION_ACTIVATION_THRESHOLD_DEF
> > AU
> > LT
> > +   /* Additional features must be added to the end of this enum. */
> > + };
> > +
> > +@@ -1010,6 +1015,18 @@ typedef struct {
> > + XMLPARSEAPI(const XML_Feature *)
> > + XML_GetFeatureList(void);
> > +
> > ++#ifdef XML_DTD
> > ++/* Backported from Expat 2.4.0. */
> > ++XMLPARSEAPI(XML_Bool)
> > ++XML_SetBillionLaughsAttackProtectionMaximumAmplification(
> > ++XML_Parser parser, float maximumAmplificationFactor);
> > ++
> > ++/* Backported from Expat 2.4.0. */
> > ++XMLPARSEAPI(XML_Bool)
> > ++XML_SetBillionLaughsAttackProtectionActivationThreshold(
> > ++XML_Parser parser, unsigned long long
> > activationThresholdBytes);
> > ++#endif
> > ++
> > + /* Expat follows the semantic versioning convention.
> > +See http://semver.org.
> > + */
> > +diff --git a/expat/lib/internal.h b/expat/lib/internal.h
> > +index 60913dab..d8b31fa2 100644
> > +--- a/expat/lib/internal.h
> >  b/expat/lib/internal.h
> > +@@ -101,10 +101,40 @@
> > + #  endif
> > + #endif
> 

Re: [OE-core][dunfell][PATCH] expat: fix CVE-2013-0340

[Jasper Orschulko]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

P.S.: I am not too familiar with expat, this particular CVE, not with
the practise of backporting security patches, so someone(TM) should
definitely take a closer look at this first.

- -- 
With best regards

Jasper Orschulko
DevOps Engineer

Tel. +49 30 58 58 14 265
Fax +49 30 58 58 14 999
jasper.orschu...@iris-sensing.com

• • • • • • • • • • • • • • • • • • • • • • • • • •

iris-GmbH
infrared & intelligent sensors
Ostendstraße 1-14 | 12459 Berlin

https://iris-sensing.com/




On Wed, 2021-06-16 at 14:44 +, Jasper Orschulko wrote:
> expat < 4.0 is vulnerable to billion laughs attacks (see
> [https://github.com/libexpat/libexpat/issues/34]). This patch
> backports
> the commits b1d039607d3d8a042bf0466bfcc1c0f104e353c8
> and 60959f2b491876199879d97c8ed956eabb0c2e73 from upstream.
> 
> Additionally, the SRC_URI had to be adjusted due to renaming of the
> source archive
> 
> Signed-off-by: Jasper Orschulko 
> ---
>  ...expat-Backport-fix-for-CVE-2013-0340.patch | 1758
> +
>  meta/recipes-core/expat/expat_2.2.9.bb    |    3 +-
>  2 files changed, 1760 insertions(+), 1 deletion(-)
>  create mode 100644 meta/recipes-core/expat/expat/0001-expat-
> Backport-
> fix-for-CVE-2013-0340.patch
> 
> diff --git a/meta/recipes-core/expat/expat/0001-expat-Backport-fix-
> for-
> CVE-2013-0340.patch b/meta/recipes-core/expat/expat/0001-expat-
> Backport-fix-for-CVE-2013-0340.patch
> new file mode 100644
> index 00..b2ca066d96
> --- /dev/null
> +++ b/meta/recipes-core/expat/expat/0001-expat-Backport-fix-for-CVE-
> 2013-0340.patch
> @@ -0,0 +1,1758 @@
> +From 6f68eb0439f3c1807a143ff8c8972e74d404d8f0 Mon Sep 17 00:00:00
> 2001
> +From: Sebastian Pipping 
> +Date: Mon, 19 Apr 2021 21:42:51 +0200
> +Subject: [PATCH] expat: Backport fix for CVE-2013-0340
> +
> +Issue: https://github.com/libexpat/libexpat/issues/34
> +
> +This patch cherry-picks the following commits from upstream release
> +2.4.0 onto 2.2.9:
> +
> +- b1d039607d3d8a042bf0466bfcc1c0f104e353c8
> +- 60959f2b491876199879d97c8ed956eabb0c2e73
> +
> +Upstream-Status: Backport
> +CVE: CVE-2013-0340
> +Signed-off-by: Jasper Orschulko 
> +---
> + expat/lib/expat.h   |   21 +-
> + expat/lib/internal.h    |   30 +
> + expat/lib/libexpat.def  |    3 +
> + expat/lib/libexpatw.def |    3 +
> + expat/lib/xmlparse.c    | 1147
> +-
> -
> + 5 files changed, 1143 insertions(+), 61 deletions(-)
> +
> +diff --git a/expat/lib/expat.h b/expat/lib/expat.h
> +index 48a6e2a3..796086c2 100644
> +--- a/expat/lib/expat.h
>  b/expat/lib/expat.h
> +@@ -115,7 +115,9 @@ enum XML_Error {
> +   XML_ERROR_RESERVED_PREFIX_XMLNS,
> +   XML_ERROR_RESERVED_NAMESPACE_URI,
> +   /* Added in 2.2.1. */
> +-  XML_ERROR_INVALID_ARGUMENT
> ++  XML_ERROR_INVALID_ARGUMENT,
> ++  /* Backported from 2.4.0. */
> ++  XML_ERROR_AMPLIFICATION_LIMIT_BREACH
> + };
> + 
> + enum XML_Content_Type {
> +@@ -997,7 +999,10 @@ enum XML_FeatureEnum {
> +   XML_FEATURE_SIZEOF_XML_LCHAR,
> +   XML_FEATURE_NS,
> +   XML_FEATURE_LARGE_SIZE,
> +-  XML_FEATURE_ATTR_INFO
> ++  XML_FEATURE_ATTR_INFO,
> ++  /* Added in Expat 2.4.0. */
> ++ 
> XML_FEATURE_BILLION_LAUGHS_ATTACK_PROTECTION_MAXIMUM_AMPLIFICATION_DE
> FA
> ULT,
> ++ 
> XML_FEATURE_BILLION_LAUGHS_ATTACK_PROTECTION_ACTIVATION_THRESHOLD_DEF
> AU
> LT
> +   /* Additional features must be added to the end of this enum. */
> + };
> + 
> +@@ -1010,6 +1015,18 @@ typedef struct {
> + XMLPARSEAPI(const XML_Feature *)
> + XML_GetFeatureList(void);
> + 
> ++#ifdef XML_DTD
> ++/* Backported from Expat 2.4.0. */
> ++XMLPARSEAPI(XML_Bool)
> ++XML_SetBillionLaughsAttackProtectionMaximumAmplification(
> ++    XML_Parser parser, float maximumAmplificationFactor);
> ++
> ++/* Backported from Expat 2.4.0. */
> ++XMLPARSEAPI(XML_Bool)
> ++XML_SetBillionLaughsAttackProtectionActivationThreshold(
> ++    XML_Parser parser, unsigned long long
> activationThresholdBytes);
> ++#endif
> ++
> + /* Expat follows the semantic versioning convention.
> +    See http://semver.org.
> + */
> +diff --git a/expat/lib/internal.h b/expat/lib/internal.h
> +index 60913dab..d8b31fa2 100644
> +--- a/expat/lib/internal.h
>  b/expat/lib/internal.h
> +@@ -101,10 +101,40 @@
> + #  endif
> + #endif
> + 
> ++#include  // ULONG_MAX
> ++
> ++#if defined(_WIN32) && ! defined(__USE_MINGW_ANSI_STDIO)
> ++#  define EXPAT_FMT_ULL(midpart) "%" midpart "I64u"
> ++#  if defined(_WIN64) // Note: modifier "td" does not work for
> MinGW
> ++#    define EXPAT_FMT_PTRDIFF_T(midpart) "%" midpart "I64d"
> ++#  else
> ++#    define EXPAT_FMT_PTRDIFF_T(midpart) "%" midpart "d"
> ++#  endif
> ++#else
> ++#  define EXPAT_FMT_ULL(midpart) "%" midpart "llu"
> ++#  if ! defined(ULONG_MAX)
> ++#    error Compiler did not define ULONG_MAX for us
> ++#  elif ULONG_MAX == 18446744073709551615u // 2^64-1
> ++#    define EXPAT_FMT_PTRDIFF_T(midpart) "%" midpart "ld"
> ++#  else
> ++#    define EXPAT_FMT_PTRDIFF_T(midpart) "%" 

[OE-core][dunfell][PATCH] expat: fix CVE-2013-0340

[Jasper Orschulko]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

expat < 4.0 is vulnerable to billion laughs attacks (see
[https://github.com/libexpat/libexpat/issues/34]). This patch backports
the commits b1d039607d3d8a042bf0466bfcc1c0f104e353c8
and 60959f2b491876199879d97c8ed956eabb0c2e73 from upstream.

Additionally, the SRC_URI had to be adjusted due to renaming of the
source archive

Signed-off-by: Jasper Orschulko 
- ---
 ...expat-Backport-fix-for-CVE-2013-0340.patch | 1758 +
 meta/recipes-core/expat/expat_2.2.9.bb|3 +-
 2 files changed, 1760 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-core/expat/expat/0001-expat-Backport-
fix-for-CVE-2013-0340.patch

diff --git a/meta/recipes-core/expat/expat/0001-expat-Backport-fix-for-
CVE-2013-0340.patch b/meta/recipes-core/expat/expat/0001-expat-
Backport-fix-for-CVE-2013-0340.patch
new file mode 100644
index 00..b2ca066d96
- --- /dev/null
+++ b/meta/recipes-core/expat/expat/0001-expat-Backport-fix-for-CVE-
2013-0340.patch
@@ -0,0 +1,1758 @@
+From 6f68eb0439f3c1807a143ff8c8972e74d404d8f0 Mon Sep 17 00:00:00 2001
+From: Sebastian Pipping 
+Date: Mon, 19 Apr 2021 21:42:51 +0200
+Subject: [PATCH] expat: Backport fix for CVE-2013-0340
+
+Issue: https://github.com/libexpat/libexpat/issues/34
+
+This patch cherry-picks the following commits from upstream release
+2.4.0 onto 2.2.9:
+
+- b1d039607d3d8a042bf0466bfcc1c0f104e353c8
+- 60959f2b491876199879d97c8ed956eabb0c2e73
+
+Upstream-Status: Backport
+CVE: CVE-2013-0340
+Signed-off-by: Jasper Orschulko 
+---
+ expat/lib/expat.h   |   21 +-
+ expat/lib/internal.h|   30 +
+ expat/lib/libexpat.def  |3 +
+ expat/lib/libexpatw.def |3 +
+ expat/lib/xmlparse.c| 1147 +-
- -
+ 5 files changed, 1143 insertions(+), 61 deletions(-)
+
+diff --git a/expat/lib/expat.h b/expat/lib/expat.h
+index 48a6e2a3..796086c2 100644
+--- a/expat/lib/expat.h
 b/expat/lib/expat.h
+@@ -115,7 +115,9 @@ enum XML_Error {
+   XML_ERROR_RESERVED_PREFIX_XMLNS,
+   XML_ERROR_RESERVED_NAMESPACE_URI,
+   /* Added in 2.2.1. */
+-  XML_ERROR_INVALID_ARGUMENT
++  XML_ERROR_INVALID_ARGUMENT,
++  /* Backported from 2.4.0. */
++  XML_ERROR_AMPLIFICATION_LIMIT_BREACH
+ };
+ 
+ enum XML_Content_Type {
+@@ -997,7 +999,10 @@ enum XML_FeatureEnum {
+   XML_FEATURE_SIZEOF_XML_LCHAR,
+   XML_FEATURE_NS,
+   XML_FEATURE_LARGE_SIZE,
+-  XML_FEATURE_ATTR_INFO
++  XML_FEATURE_ATTR_INFO,
++  /* Added in Expat 2.4.0. */
++ 
XML_FEATURE_BILLION_LAUGHS_ATTACK_PROTECTION_MAXIMUM_AMPLIFICATION_DEFA
ULT,
++ 
XML_FEATURE_BILLION_LAUGHS_ATTACK_PROTECTION_ACTIVATION_THRESHOLD_DEFAU
LT
+   /* Additional features must be added to the end of this enum. */
+ };
+ 
+@@ -1010,6 +1015,18 @@ typedef struct {
+ XMLPARSEAPI(const XML_Feature *)
+ XML_GetFeatureList(void);
+ 
++#ifdef XML_DTD
++/* Backported from Expat 2.4.0. */
++XMLPARSEAPI(XML_Bool)
++XML_SetBillionLaughsAttackProtectionMaximumAmplification(
++XML_Parser parser, float maximumAmplificationFactor);
++
++/* Backported from Expat 2.4.0. */
++XMLPARSEAPI(XML_Bool)
++XML_SetBillionLaughsAttackProtectionActivationThreshold(
++XML_Parser parser, unsigned long long activationThresholdBytes);
++#endif
++
+ /* Expat follows the semantic versioning convention.
+See http://semver.org.
+ */
+diff --git a/expat/lib/internal.h b/expat/lib/internal.h
+index 60913dab..d8b31fa2 100644
+--- a/expat/lib/internal.h
 b/expat/lib/internal.h
+@@ -101,10 +101,40 @@
+ #  endif
+ #endif
+ 
++#include  // ULONG_MAX
++
++#if defined(_WIN32) && ! defined(__USE_MINGW_ANSI_STDIO)
++#  define EXPAT_FMT_ULL(midpart) "%" midpart "I64u"
++#  if defined(_WIN64) // Note: modifier "td" does not work for MinGW
++#define EXPAT_FMT_PTRDIFF_T(midpart) "%" midpart "I64d"
++#  else
++#define EXPAT_FMT_PTRDIFF_T(midpart) "%" midpart "d"
++#  endif
++#else
++#  define EXPAT_FMT_ULL(midpart) "%" midpart "llu"
++#  if ! defined(ULONG_MAX)
++#error Compiler did not define ULONG_MAX for us
++#  elif ULONG_MAX == 18446744073709551615u // 2^64-1
++#define EXPAT_FMT_PTRDIFF_T(midpart) "%" midpart "ld"
++#  else
++#define EXPAT_FMT_PTRDIFF_T(midpart) "%" midpart "d"
++#  endif
++#endif
++
+ #ifndef UNUSED_P
+ #  define UNUSED_P(p) (void)p
+ #endif
+ 
++/* NOTE BEGIN If you ever patch these defaults to greater values
++  for non-attack XML payload in your environment,
++  please file a bug report with libexpat.  Thank you!
++*/
++#define
EXPAT_BILLION_LAUGHS_ATTACK_PROTECTION_MAXIMUM_AMPLIFICATION_DEFAULT  
\
++  100.0f
++#define
EXPAT_BILLION_LAUGHS_ATTACK_PROTECTION_ACTIVATION_THRESHOLD_DEFAULT   
\
++  8388608 // 8 MiB, 2^23
++/* NOTE END */
++
+ #ifdef __cplusplus
+ extern "C" {
+ #endif
+diff --git a/expat/lib/libexpat.def b/expat/lib/libexpat.def
+index 16faf595..b5e59d8d 100644
+--- a/expat/lib/libexpat.def
 b/expat/lib/libexpat.def
+@@ -76,3 +76,6 @@ EXPORTS
+   XML_SetHashSalt @67
+ ; added with version 2.2.5
+   

[OE-core] [PATCH] perf: Use python3targetconfig to ensure we use target libraries

[Richard Purdie]

We've seen some reproducibility issues on the autobuilder in perf where the
size of the python module varies slightly between systems. After some head
scratching and removing the --quiet option to the python module build,
you can see it using -Lrecipe-sysroot-native in the linking commandline
for the module. This means it is linking against the native library
on systems where that works, skipping it and using the target one
otherwise, probably with warnings in logs we've not seen.

The fix is to inherit the python3targetconfig class which ensures
that the target sysroot is used, then the byte differences between
the builds go away and things are sane(r) again.

Signed-off-by: Richard Purdie 
---
 meta/recipes-kernel/perf/perf.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-kernel/perf/perf.bb b/meta/recipes-kernel/perf/perf.bb
index 2dfd798ef7d..99808d636b3 100644
--- a/meta/recipes-kernel/perf/perf.bb
+++ b/meta/recipes-kernel/perf/perf.bb
@@ -48,7 +48,7 @@ PROVIDES = "virtual/perf"
 inherit linux-kernel-base kernel-arch manpages
 
 # needed for building the tools/perf Python bindings
-inherit ${@bb.utils.contains('PACKAGECONFIG', 'scripting', 'python3native', 
'', d)}
+inherit ${@bb.utils.contains('PACKAGECONFIG', 'scripting', 
'python3targetconfig', '', d)}
 inherit python3-dir
 export PYTHON_SITEPACKAGES_DIR
 
-- 
2.30.2


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#153018): 
https://lists.openembedded.org/g/openembedded-core/message/153018
Mute This Topic: https://lists.openembedded.org/mt/83581614/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [swat] ltp failures on autobuilder

[Richard Purdie]

On Wed, 2021-06-16 at 08:56 -0400, Paul Gortmaker wrote:
> [Re: [swat] ltp failures on autobuilder] On 11/06/2021 (Fri 14:19) Richard 
> Purdie wrote:
> 
> > On Fri, 2021-06-11 at 12:36 +0100, Richard Purdie via 
> > lists.yoctoproject.org wrote:
> > > as a .cfg to the kernel and that still reproduced the crash. However:
> > > 
> > > CONFIG_DEBUG_KERNEL=y
> > > CONFIG_CGROUP_DEBUG=y
> > > CONFIG_SCHED_DEBUG=y
> > > CONFIG_DEBUG_PREEMPT=y
> > > # CONFIG_RCU_TRACE is not set
> > > # CONFIG_X86_DEBUG_FPU is not set
> > > # CONFIG_CONSOLE_POLL is not set
> > > # CONFIG_DEBUG_INFO is not set
> > > # CONFIG_KGDB is not set
> > > # CONFIG_KGDB_HONOUR_BLOCKLIST is not set
> > > # CONFIG_KGDB_SERIAL_CONSOLE is not set
> > > # CONFIG_KGDB_LOW_LEVEL_TRAP is not set
> > > # CONFIG_KGDB_KDB is not set
> > > # CONFIG_KDB_KEYBOARD is not set
> > > # CONFIG_DEBUG_MISC is not set
> > > 
> > 
> > Isolated down to CONFIG_SCHED_DEBUG=y being the line which somehow "fixes" 
> > the crash. I can enable all the above apart from that and we can reproduce
> > it.
> > 
> > Also, I changed gatesgarth to use qemu 5.2.0 copied in from hardknott and 
> > that
> > breaks it. Dropping the 27 CVE patches "fixes" it again. It is possible it
> > is one of the CVE fixes. Continuing to try and isolate.
> 
> For the mail archive trail, and for those not follwing the ongoing
> research on IRC, we are hopeful that this fixes it.
> 
> https://lore.kernel.org/lkml/20210616125157.438837-1-paul.gortma...@windriver.com/

Awesome work in tracking that down, much appreciated, thanks!

Curious what upstream will make of it now...

Cheers,

Richard


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#153017): 
https://lists.openembedded.org/g/openembedded-core/message/153017
Mute This Topic: https://lists.openembedded.org/mt/83466238/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH 01/31] core-image-weston: bump QB_MEM to 1G in qemuarm64

[Alexander Kanavin]

It seems that mesa, for some reason, allocates a lot more RAM in qemuarm64
(150 Mb more or so), than it does in qemux86_64. I'll investigate.

Alex

On Wed, 16 Jun 2021 at 12:06, Alexander Kanavin via lists.openembedded.org
 wrote:

> I'd like to take a deeper look at this, please hold.
>
> Alex
>
> On Tue, 15 Jun 2021 at 10:12, Alexander Kanavin via lists.openembedded.org
>  wrote:
>
>> weston tests start additional compositors, other tests are also
>> heavy on RAM, weston itself takes 256M with opengl enabled,
>> so 512M causes OOM errors on arm64.
>>
>> Signed-off-by: Alexander Kanavin 
>> ---
>>  meta/recipes-graphics/images/core-image-weston.bb | 1 +
>>  1 file changed, 1 insertion(+)
>>
>> diff --git a/meta/recipes-graphics/images/core-image-weston.bb
>> b/meta/recipes-graphics/images/core-image-weston.bb
>> index 62305cc1ce..e332e19368 100644
>> --- a/meta/recipes-graphics/images/core-image-weston.bb
>> +++ b/meta/recipes-graphics/images/core-image-weston.bb
>> @@ -10,3 +10,4 @@ CORE_IMAGE_BASE_INSTALL += "gtk+3-demo"
>>  CORE_IMAGE_BASE_INSTALL += "${@bb.utils.contains('DISTRO_FEATURES',
>> 'x11', 'weston-xwayland matchbox-terminal', '', d)}"
>>
>>  QB_MEM = "-m 512"
>> +QB_MEM_qemuarm64 = "-m 1024"
>> --
>> 2.31.1
>>
>>
>>
>>
>>
> 
>
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#153016): 
https://lists.openembedded.org/g/openembedded-core/message/153016
Mute This Topic: https://lists.openembedded.org/mt/83551207/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 6/6] kernel.bbclass: fix do_sizecheck() comparison

[Steve Sakoman]

From: Andrea Adami 

The routine do_sizecheck() was historically needed by legacy
devices with limited flash memory.
The lowest extreme is probably with Zaurus collie having exactly
1024*1024 = 1048576 bytes for the kernel partition.

In the years the KERNEL_IMAGE_MAXSIZE has been converted to kilobytes
thus rounded so we have now KERNEL_IMAGE_MAXSIZE_collie = "1024".

The effect is that now the check fails because we hit curiously this
 | WARNING: This kernel zImage (size=1024(K) > 1024(K)) is too big for...
even though zImage is 1047288 bytes (kernel + kexecboot-klibc-initramfs).

Fix this case using test -gt (greater) instead of -ge (greater or equal).

Signed-off-by: Andrea Adami 
Signed-off-by: Richard Purdie 
(cherry picked from commit 254ca956d63b4ce6aa294213b60bb943f9f3a9e6)
Signed-off-by: Steve Sakoman 
---
 meta/classes/kernel.bbclass | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/classes/kernel.bbclass b/meta/classes/kernel.bbclass
index 518aaef724..85c6594c27 100644
--- a/meta/classes/kernel.bbclass
+++ b/meta/classes/kernel.bbclass
@@ -680,7 +680,7 @@ do_sizecheck() {
at_least_one_fits=
for imageType in ${KERNEL_IMAGETYPES} ; do
size=`du -ks ${B}/${KERNEL_OUTPUT_DIR}/$imageType | awk 
'{print $1}'`
-   if [ $size -ge ${KERNEL_IMAGE_MAXSIZE} ]; then
+   if [ $size -gt ${KERNEL_IMAGE_MAXSIZE} ]; then
bbwarn "This kernel $imageType (size=$size(K) > 
${KERNEL_IMAGE_MAXSIZE}(K)) is too big for your device."
else
at_least_one_fits=y
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#153015): 
https://lists.openembedded.org/g/openembedded-core/message/153015
Mute This Topic: https://lists.openembedded.org/mt/83581121/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 4/6] python3: fix CVE-2021-23336

[Steve Sakoman]

From: Lee Chee Yang 

The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before
3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable
to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by
using a vector called parameter cloaking. When the attacker can separate query
parameters using a semicolon (;), they can cause a difference in the
interpretation of the request between the proxy (running with default
configuration) and the server. This can result in malicious requests being
cached as completely safe ones, as the proxy would usually not see the
semicolon as a separator, and therefore would not include it in a cache key of
an unkeyed parameter.

References:
https://nvd.nist.gov/vuln/detail/CVE-2021-23336
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23336

Signed-off-by: Lee Chee Yang 
Signed-off-by: Tim Orling 
Signed-off-by: Steve Sakoman 
---
 .../python/python3/CVE-2021-23336.patch   | 530 ++
 meta/recipes-devtools/python/python3_3.8.2.bb |   1 +
 2 files changed, 531 insertions(+)
 create mode 100644 meta/recipes-devtools/python/python3/CVE-2021-23336.patch

diff --git a/meta/recipes-devtools/python/python3/CVE-2021-23336.patch 
b/meta/recipes-devtools/python/python3/CVE-2021-23336.patch
new file mode 100644
index 00..2a885b9d37
--- /dev/null
+++ b/meta/recipes-devtools/python/python3/CVE-2021-23336.patch
@@ -0,0 +1,530 @@
+From 3ab6f812653e79d008d5eba31dc25d34f3ca7170 Mon Sep 17 00:00:00 2001
+From: Senthil Kumaran 
+Date: Mon, 15 Feb 2021 10:15:02 -0800
+Subject: [PATCH] bpo-42967: only use '&' as a query string separator
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+ (GH-24297)  (#24529)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+* bpo-42967: only use '&' as a query string separator (#24297)
+
+bpo-42967: [security] Address a web cache-poisoning issue reported in
+urllib.parse.parse_qsl().
+
+urllib.parse will only us "&" as query string separator by default
+instead of both ";" and "&" as allowed in earlier versions. An optional
+argument seperator with default value "&" is added to specify the
+separator.
+
+Co-authored-by: Éric Araujo 
+Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com>
+Co-authored-by: Ken Jin <28750310+fidget-spin...@users.noreply.github.com>
+Co-authored-by: Éric Araujo 
+(cherry picked from commit fcbe0cb04d35189401c0c880ebfb4311e952d776)
+
+* [3.8] bpo-42967: only use '&' as a query string separator (GH-24297)
+
+bpo-42967: [security] Address a web cache-poisoning issue reported in 
urllib.parse.parse_qsl().
+
+urllib.parse will only us "&" as query string separator by default instead of 
both ";" and "&" as allowed in earlier versions. An optional argument seperator 
with default value "&" is added to specify the separator.
+
+Co-authored-by: Éric Araujo 
+Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com>
+Co-authored-by: Ken Jin <28750310+fidget-spin...@users.noreply.github.com>
+Co-authored-by: Éric Araujo .
+(cherry picked from commit fcbe0cb04d35189401c0c880ebfb4311e952d776)
+
+Co-authored-by: Adam Goldschmidt 
+
+* Update correct version information.
+
+* fix docs and make logic clearer
+
+Co-authored-by: Adam Goldschmidt 
+Co-authored-by: Fidget-Spinner 
<28750310+fidget-spin...@users.noreply.github.com>
+
+Upstream-Status: Backport 
[https://github.com/python/cpython/commit/e3110c3cfbb7daa690d54d0eff6c264c870a71bf]
+CVE: CVE-2020-23336
+Signed-off-by: Chee Yang Lee 
+
+---
+ Doc/library/cgi.rst   | 11 ++-
+ Doc/library/urllib.parse.rst  | 22 +-
+ Doc/whatsnew/3.6.rst  | 13 
+ Doc/whatsnew/3.7.rst  | 13 
+ Lib/cgi.py| 23 ---
+ Lib/test/test_cgi.py  | 29 ++--
+ Lib/test/test_urlparse.py | 68 +--
+ Lib/urllib/parse.py   | 19 --
+ .../2021-02-14-15-59-16.bpo-42967.YApqDS.rst  |  1 +
+ 9 files changed, 153 insertions(+), 46 deletions(-)
+ create mode 100644 
Misc/NEWS.d/next/Security/2021-02-14-15-59-16.bpo-42967.YApqDS.rst
+
+diff --git a/Doc/library/cgi.rst b/Doc/library/cgi.rst
+index 4048592..880074b 100644
+--- a/Doc/library/cgi.rst
 b/Doc/library/cgi.rst
+@@ -277,14 +277,16 @@ These are useful if you want more control, or if you 
want to employ some of the
+ algorithms implemented in this module in other circumstances.
+ 
+ 
+-.. function:: parse(fp=None, environ=os.environ, keep_blank_values=False, 
strict_parsing=False)
++.. function:: parse(fp=None, environ=os.environ, keep_blank_values=False, 
strict_parsing=False, separator="&")
+ 
+Parse a query in the environment or from a file (the file defaults to
+-   ``sys.stdin``).  The *keep_blank_values* and 

[OE-core][dunfell 3/6] ruby: 2.7.1 -> 2.7.3

[Steve Sakoman]

From: Lee Chee Yang 

This release includes security fixes.

CVE-2021-28965: XML round-trip vulnerability in REXML
CVE-2021-28966: Path traversal in Tempfile on Windows

CVE-2020-25613 fixed in 2.7.2, do drop the patch

release notes for 2.7.2 and 2.7.3
https://www.ruby-lang.org/en/news/2020/10/02/ruby-2-7-2-released/
https://www.ruby-lang.org/en/news/2021/04/05/ruby-2-7-3-released/

Signed-off-by: Lee Chee Yang 
Signed-off-by: Steve Sakoman 
---
 .../ruby/ruby/CVE-2020-25613.patch| 40 ---
 .../ruby/{ruby_2.7.1.bb => ruby_2.7.3.bb} |  5 +--
 2 files changed, 2 insertions(+), 43 deletions(-)
 delete mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2020-25613.patch
 rename meta/recipes-devtools/ruby/{ruby_2.7.1.bb => ruby_2.7.3.bb} (94%)

diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2020-25613.patch 
b/meta/recipes-devtools/ruby/ruby/CVE-2020-25613.patch
deleted file mode 100644
index 1abcb7547e..00
--- a/meta/recipes-devtools/ruby/ruby/CVE-2020-25613.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 8946bb38b4d87549f0d99ed73c62c41933f97cc7 Mon Sep 17 00:00:00 2001
-From: Yusuke Endoh 
-Date: Tue, 29 Sep 2020 13:15:58 +0900
-Subject: [PATCH] Make it more strict to interpret some headers
-
-Some regexps were too tolerant.
-
-Upstream-Status: Backport
-[https://github.com/ruby/webrick/commit/8946bb38b4d87549f0d99ed73c62c41933f97cc7]
-CVE: CVE-2020-25613
-Signed-off-by: Chee Yang Lee 

- lib/webrick/httprequest.rb | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/lib/webrick/httprequest.rb b/lib/webrick/httprequest.rb
-index 294bd91..d34eac7 100644
 a/lib/webrick/httprequest.rb
-+++ b/lib/webrick/httprequest.rb
-@@ -227,9 +227,9 @@ def parse(socket=nil)
- raise HTTPStatus::BadRequest, "bad URI `#{@unparsed_uri}'."
-   end
- 
--  if /close/io =~ self["connection"]
-+  if /\Aclose\z/io =~ self["connection"]
- @keep_alive = false
--  elsif /keep-alive/io =~ self["connection"]
-+  elsif /\Akeep-alive\z/io =~ self["connection"]
- @keep_alive = true
-   elsif @http_version < "1.1"
- @keep_alive = false
-@@ -508,7 +508,7 @@ def read_body(socket, block)
-   return unless socket
-   if tc = self['transfer-encoding']
- case tc
--when /chunked/io then read_chunked(socket, block)
-+when /\Achunked\z/io then read_chunked(socket, block)
- else raise HTTPStatus::NotImplemented, "Transfer-Encoding: #{tc}."
- end
-   elsif self['content-length'] || @remaining_size
diff --git a/meta/recipes-devtools/ruby/ruby_2.7.1.bb 
b/meta/recipes-devtools/ruby/ruby_2.7.3.bb
similarity index 94%
rename from meta/recipes-devtools/ruby/ruby_2.7.1.bb
rename to meta/recipes-devtools/ruby/ruby_2.7.3.bb
index a6c65e887b..318b9acdae 100644
--- a/meta/recipes-devtools/ruby/ruby_2.7.1.bb
+++ b/meta/recipes-devtools/ruby/ruby_2.7.3.bb
@@ -6,12 +6,11 @@ SRC_URI += " \
file://remove_has_include_macros.patch \
file://run-ptest \

file://0001-Modify-shebang-of-libexec-y2racc-and-libexec-racc2y.patch \
-   file://CVE-2020-25613.patch \

file://0001-template-Makefile.in-do-not-write-host-cross-cc-item.patch \
"
 
-SRC_URI[md5sum] = "debb9c325bf65021214451660f46e909"
-SRC_URI[sha256sum] = 
"d418483bdd576c1370571121a6eb24582116db0b7bb2005e90e250eae418"
+SRC_URI[md5sum] = "72ef97685008981de3ddb748d0dab31f"
+SRC_URI[sha256sum] = 
"8925a95e31d8f2c81749025a52a544ea1d05dad18794e6828709268b92e55338"
 
 PACKAGECONFIG ??= ""
 PACKAGECONFIG += "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#153012): 
https://lists.openembedded.org/g/openembedded-core/message/153012
Mute This Topic: https://lists.openembedded.org/mt/8358/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 5/6] valgrind: fix a typo

[Steve Sakoman]

From: Kai Kang 

Signed-off-by: Kai Kang 
Signed-off-by: Richard Purdie 
(cherry picked from commit 0478d9b04d6a6d10e439116b23b641a1e2553e26)
Signed-off-by: Steve Sakoman 
---
 meta/recipes-devtools/valgrind/valgrind_3.15.0.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-devtools/valgrind/valgrind_3.15.0.bb 
b/meta/recipes-devtools/valgrind/valgrind_3.15.0.bb
index 4621471d67..67999e579a 100644
--- a/meta/recipes-devtools/valgrind/valgrind_3.15.0.bb
+++ b/meta/recipes-devtools/valgrind/valgrind_3.15.0.bb
@@ -107,7 +107,7 @@ VALGRINDARCH_mipsel = "mips32"
 VALGRINDARCH_mips64el = "mips64"
 VALGRINDARCH_powerpc = "ppc"
 VALGRINDARCH_powerpc64 = "ppc64"
-VALGRINDARCH_powerpc64el = "ppc64le"
+VALGRINDARCH_powerpc64le = "ppc64le"
 
 INHIBIT_PACKAGE_STRIP_FILES = 
"${PKGD}${libdir}/valgrind/vgpreload_memcheck-${VALGRINDARCH}-linux.so"
 
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#153014): 
https://lists.openembedded.org/g/openembedded-core/message/153014
Mute This Topic: https://lists.openembedded.org/mt/83581115/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 1/6] gstreamer-plugins-good: fix CVE-2021-3497 CVE-2021-3498

[Steve Sakoman]

From: Lee Chee Yang 

Signed-off-by: Lee Chee Yang 
Signed-off-by: Steve Sakoman 
---
 .../CVE-2021-3497.patch   | 207 ++
 .../CVE-2021-3498.patch   |  44 
 .../gstreamer1.0-plugins-good_1.16.3.bb   |   2 +
 3 files changed, 253 insertions(+)
 create mode 100644 
meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2021-3497.patch
 create mode 100644 
meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2021-3498.patch

diff --git 
a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2021-3497.patch
 
b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2021-3497.patch
new file mode 100644
index 00..81f7c59a7b
--- /dev/null
+++ 
b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2021-3497.patch
@@ -0,0 +1,207 @@
+From 9181191511f9c0be6a89c98b311f49d66bd46dc3 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= 
+Date: Thu, 4 Mar 2021 13:05:19 +0200
+Subject: [PATCH] matroskademux: Fix extraction of multichannel WavPack
+
+The old code had a couple of issues that all lead to potential memory
+safety bugs.
+
+  - Use a constant for the Wavpack4Header size instead of using sizeof.
+It's written out into the data and not from the struct and who knows
+what special alignment/padding requirements some C compilers have.
+  - gst_buffer_set_size() does not realloc the buffer when setting a
+bigger size than allocated, it only allows growing up to the maximum
+allocated size. Instead use a GstAdapter to collect all the blocks
+and take out everything at once in the end.
+  - Check that enough data is actually available in the input and
+otherwise handle it an error in all cases instead of silently
+ignoring it.
+
+Among other things this fixes out of bounds writes because the code
+assumed gst_buffer_set_size() can grow the buffer and simply wrote after
+the end of the buffer.
+
+Thanks to Natalie Silvanovich for reporting.
+
+Fixes https://gitlab.freedesktop.org/gstreamer/gst-plugins-good/-/issues/859
+
+Part-of: 

+
+Upstream-Status: Backport
+https://gitlab.freedesktop.org/gstreamer/gst-plugins-good/-/commit/9181191511f9c0be6a89c98b311f49d66bd46dc3?merge_request_iid=903
+CVE: CVE-2021-3497
+Signed-off-by: Chee Yang Lee 
+
+---
+ gst/matroska/matroska-demux.c | 99 +++
+ gst/matroska/matroska-ids.h   |  2 +
+ 2 files changed, 55 insertions(+), 46 deletions(-)
+
+diff --git a/gst/matroska/matroska-demux.c b/gst/matroska/matroska-demux.c
+index 467815986..0e47ee7b5 100644
+--- a/gst/matroska/matroska-demux.c
 b/gst/matroska/matroska-demux.c
+@@ -3851,6 +3851,12 @@ gst_matroska_demux_add_wvpk_header (GstElement * 
element,
+ guint32 block_samples, tmp;
+ gsize size = gst_buffer_get_size (*buf);
+ 
++if (size < 4) {
++  GST_ERROR_OBJECT (element, "Too small wavpack buffer");
++  gst_buffer_unmap (*buf, );
++  return GST_FLOW_ERROR;
++}
++
+ gst_buffer_extract (*buf, 0, , sizeof (guint32));
+ block_samples = GUINT32_FROM_LE (tmp);
+ /* we need to reconstruct the header of the wavpack block */
+@@ -3858,10 +3864,10 @@ gst_matroska_demux_add_wvpk_header (GstElement * 
element,
+ /* -20 because ck_size is the size of the wavpack block -8
+  * and lace_size is the size of the wavpack block + 12
+  * (the three guint32 of the header that already are in the buffer) */
+-wvh.ck_size = size + sizeof (Wavpack4Header) - 20;
++wvh.ck_size = size + WAVPACK4_HEADER_SIZE - 20;
+ 
+ /* block_samples, flags and crc are already in the buffer */
+-newbuf = gst_buffer_new_allocate (NULL, sizeof (Wavpack4Header) - 12, 
NULL);
++newbuf = gst_buffer_new_allocate (NULL, WAVPACK4_HEADER_SIZE - 12, NULL);
+ 
+ gst_buffer_map (newbuf, , GST_MAP_WRITE);
+ data = outmap.data;
+@@ -3886,9 +3892,11 @@ gst_matroska_demux_add_wvpk_header (GstElement * 
element,
+ audiocontext->wvpk_block_index += block_samples;
+   } else {
+ guint8 *outdata = NULL;
+-guint outpos = 0;
+-gsize buf_size, size, out_size = 0;
++gsize buf_size, size;
+ guint32 block_samples, flags, crc, blocksize;
++GstAdapter *adapter;
++
++adapter = gst_adapter_new ();
+ 
+ gst_buffer_map (*buf, , GST_MAP_READ);
+ buf_data = map.data;
+@@ -3897,6 +3905,7 @@ gst_matroska_demux_add_wvpk_header (GstElement * element,
+ if (buf_size < 4) {
+   GST_ERROR_OBJECT (element, "Too small wavpack buffer");
+   gst_buffer_unmap (*buf, );
++  g_object_unref (adapter);
+   return GST_FLOW_ERROR;
+ }
+ 
+@@ -3918,59 +3927,57 @@ gst_matroska_demux_add_wvpk_header (GstElement * 
element,
+   data += 4;
+   size -= 4;
+ 
+-  if (blocksize == 0 || size < blocksize)
+-break;
+-
+-  g_assert ((newbuf == NULL) == (outdata == NULL));
++  if (blocksize 

[OE-core][dunfell 2/6] bind: 9.11.22 -> 9.11.32

[Steve Sakoman]

From: Lee Chee Yang 

updates include fixes for
CVE-2021-25214
CVE-2021-25215
CVE-2021-25216

CVE-2020-8625 fixed in 9.11.28, so drop that patch

Signed-off-by: Lee Chee Yang 

tmp

Signed-off-by: Lee Chee Yang 
Signed-off-by: Steve Sakoman 
---
 .../bind/bind/CVE-2020-8625.patch   | 17 -
 .../bind/{bind_9.11.22.bb => bind_9.11.32.bb}   |  5 ++---
 2 files changed, 2 insertions(+), 20 deletions(-)
 delete mode 100644 meta/recipes-connectivity/bind/bind/CVE-2020-8625.patch
 rename meta/recipes-connectivity/bind/{bind_9.11.22.bb => bind_9.11.32.bb} 
(96%)

diff --git a/meta/recipes-connectivity/bind/bind/CVE-2020-8625.patch 
b/meta/recipes-connectivity/bind/bind/CVE-2020-8625.patch
deleted file mode 100644
index 9078f2448e..00
--- a/meta/recipes-connectivity/bind/bind/CVE-2020-8625.patch
+++ /dev/null
@@ -1,17 +0,0 @@
-Upstream-Status: Backporting 
[https://downloads.isc.org/isc/bind9/9.16.12/patches/CVE-2020-8625.patch]
-CVE: CVE-2020-8625
-Signed-off-by: Minjae Kim 
-
-diff --git a/lib/dns/spnego.c b/lib/dns/spnego.c
-index e61d1c600f2..753dc8049fa 100644
 a/lib/dns/spnego.c
-+++ b/lib/dns/spnego.c
-@@ -848,7 +848,7 @@ der_get_oid(const unsigned char *p, size_t len, oid *data, 
size_t *size) {
-   return (ASN1_OVERRUN);
-   }
- 
--  data->components = malloc(len * sizeof(*data->components));
-+  data->components = malloc((len + 1) * sizeof(*data->components));
-   if (data->components == NULL) {
-   return (ENOMEM);
-   }
diff --git a/meta/recipes-connectivity/bind/bind_9.11.22.bb 
b/meta/recipes-connectivity/bind/bind_9.11.32.bb
similarity index 96%
rename from meta/recipes-connectivity/bind/bind_9.11.22.bb
rename to meta/recipes-connectivity/bind/bind_9.11.32.bb
index 5598ba976d..9feebe5ae2 100644
--- a/meta/recipes-connectivity/bind/bind_9.11.22.bb
+++ b/meta/recipes-connectivity/bind/bind_9.11.32.bb
@@ -4,7 +4,7 @@ DESCRIPTION = "BIND 9 provides a full-featured Domain Name 
Server system"
 SECTION = "console/network"
 
 LICENSE = "ISC & BSD"
-LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=bf39058a7f64b2a934ce14dc9ec1dd45"
+LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=b88e7ca5f21908e1b2720169f6807cf6"
 
 DEPENDS = "openssl libcap zlib"
 
@@ -19,10 +19,9 @@ SRC_URI = 
"https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \
file://0001-configure.in-remove-useless-L-use_openssl-lib.patch \
file://0001-named-lwresd-V-and-start-log-hide-build-options.patch \
file://0001-avoid-start-failure-with-bind-user.patch \
-   file://CVE-2020-8625.patch \
"
 
-SRC_URI[sha256sum] = 
"afc6d8015006f1cabf699ff19f517bb8fd9c1811e5231f26baf51c3550262ac9"
+SRC_URI[sha256sum] = 
"cbf8cb4b74dd1452d97c3a2a8c625ea346df8516b4b3508ef07443121a591342"
 
 UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/;
 # stay at 9.11 until 9.16, from 9.16 follow the ESV versions divisible by 4
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#153011): 
https://lists.openembedded.org/g/openembedded-core/message/153011
Mute This Topic: https://lists.openembedded.org/mt/83581109/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 0/6] Patch review

[Steve Sakoman]

Please review this next set of patches for dundell and have comments back by
end of day Thursday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/2247

The following changes since commit 2246b0d7a71c69eb2e89c55991d1387069895466:

  kernel-devicetree: Introduce KERNEL_DTC_FLAGS to pass dtc flags (2021-06-08 
04:32:17 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Andrea Adami (1):
  kernel.bbclass: fix do_sizecheck() comparison

Kai Kang (1):
  valgrind: fix a typo

Lee Chee Yang (4):
  gstreamer-plugins-good: fix CVE-2021-3497 CVE-2021-3498
  bind: 9.11.22 -> 9.11.32
  ruby: 2.7.1 -> 2.7.3
  python3: fix CVE-2021-23336

 meta/classes/kernel.bbclass   |   2 +-
 .../bind/bind/CVE-2020-8625.patch |  17 -
 .../bind/{bind_9.11.22.bb => bind_9.11.32.bb} |   5 +-
 .../python/python3/CVE-2021-23336.patch   | 530 ++
 meta/recipes-devtools/python/python3_3.8.2.bb |   1 +
 .../ruby/ruby/CVE-2020-25613.patch|  40 --
 .../ruby/{ruby_2.7.1.bb => ruby_2.7.3.bb} |   5 +-
 .../valgrind/valgrind_3.15.0.bb   |   2 +-
 .../CVE-2021-3497.patch   | 207 +++
 .../CVE-2021-3498.patch   |  44 ++
 .../gstreamer1.0-plugins-good_1.16.3.bb   |   2 +
 11 files changed, 790 insertions(+), 65 deletions(-)
 delete mode 100644 meta/recipes-connectivity/bind/bind/CVE-2020-8625.patch
 rename meta/recipes-connectivity/bind/{bind_9.11.22.bb => bind_9.11.32.bb} 
(96%)
 create mode 100644 meta/recipes-devtools/python/python3/CVE-2021-23336.patch
 delete mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2020-25613.patch
 rename meta/recipes-devtools/ruby/{ruby_2.7.1.bb => ruby_2.7.3.bb} (94%)
 create mode 100644 
meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2021-3497.patch
 create mode 100644 
meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2021-3498.patch

-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#153009): 
https://lists.openembedded.org/g/openembedded-core/message/153009
Mute This Topic: https://lists.openembedded.org/mt/83581102/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][hardknott][PATCH] curl: cleanup CVE patches for hardknott

[Trevor Gamblin]

The patch backported to address CVE-2021-22890 was missing a bracket to
properly close out the logic in lib/vtls/wolfssl.c. Fix this so to avoid
any surprise failures when using curl with hardknott.

Also fix the CVE designation in the patch descriptions for CVEs
CVE-2021-22890 and CVE-2021-22876 so that CVE checks run with bitbake
correctly detect that they are patched.

Signed-off-by: Trevor Gamblin 
---
 ...oxy-argument-to-Curl_ssl_get-addsession.patch | 16 
 ...p-credentials-from-the-auto-referer-hea.patch |  5 -
 2 files changed, 12 insertions(+), 9 deletions(-)

diff --git 
a/meta/recipes-support/curl/curl/0001-vtls-add-isproxy-argument-to-Curl_ssl_get-addsession.patch
 
b/meta/recipes-support/curl/curl/0001-vtls-add-isproxy-argument-to-Curl_ssl_get-addsession.patch
index a0c7d68f33..1e0e18cf12 100644
--- 
a/meta/recipes-support/curl/curl/0001-vtls-add-isproxy-argument-to-Curl_ssl_get-addsession.patch
+++ 
b/meta/recipes-support/curl/curl/0001-vtls-add-isproxy-argument-to-Curl_ssl_get-addsession.patch
@@ -1,15 +1,14 @@
-From a2d3885223db9616283bfe33435fbe9b3140eac7 Mon Sep 17 00:00:00 2001
+From e499142d377b56c7606437d14c99d3cb27aba9fd Mon Sep 17 00:00:00 2001
 From: Trevor Gamblin 
 Date: Tue, 1 Jun 2021 09:50:20 -0400
-Subject: [PATCH 1/2] vtls: add 'isproxy' argument to
- Curl_ssl_get/addsessionid()
+Subject: [PATCH] vtls: add 'isproxy' argument to Curl_ssl_get/addsessionid()
 
 To make sure we set and extract the correct session.
 
 Reported-by: Mingtao Yang
 Bug: https://curl.se/docs/CVE-2021-22890.html
 
-CVE-2021-22890
+CVE: CVE-2021-22890
 
 Upstream-Status: Backport
 (https://github.com/curl/curl/commit/b09c8ee15771c614c4bf3ddac893cdb12187c844)
@@ -25,8 +24,8 @@ Signed-off-by: Trevor Gamblin 
  lib/vtls/sectransp.c | 10 
  lib/vtls/vtls.c  | 12 +++---
  lib/vtls/vtls.h  |  2 ++
- lib/vtls/wolfssl.c   | 28 +--
- 10 files changed, 111 insertions(+), 51 deletions(-)
+ lib/vtls/wolfssl.c   | 29 ++--
+ 10 files changed, 112 insertions(+), 51 deletions(-)
 
 diff --git a/lib/vtls/bearssl.c b/lib/vtls/bearssl.c
 index 29b08c0e6..0432dfadc 100644
@@ -463,7 +462,7 @@ index 982ec..4dc29794c 100644
 size_t idsize,
 int sockindex);
 diff --git a/lib/vtls/wolfssl.c b/lib/vtls/wolfssl.c
-index e1fa45926..e4c70877f 100644
+index e1fa45926..f1b12b1d8 100644
 --- a/lib/vtls/wolfssl.c
 +++ b/lib/vtls/wolfssl.c
 @@ -516,7 +516,9 @@ wolfssl_connect_step1(struct Curl_easy *data, struct 
connectdata *conn,
@@ -477,7 +476,7 @@ index e1fa45926..e4c70877f 100644
/* we got a session id, use it! */
if(!SSL_set_session(backend->handle, ssl_sessionid)) {
  char error_buffer[WOLFSSL_MAX_ERROR_SZ];
-@@ -774,21 +776,23 @@ wolfssl_connect_step3(struct Curl_easy *data, struct 
connectdata *conn,
+@@ -774,21 +776,24 @@ wolfssl_connect_step3(struct Curl_easy *data, struct 
connectdata *conn,
  void *old_ssl_sessionid = NULL;
  
  our_ssl_sessionid = SSL_get_session(backend->handle);
@@ -501,6 +500,7 @@ index e1fa45926..e4c70877f 100644
 +infof(data, "old SSL session ID is stale, removing\n");
 +Curl_ssl_delsessionid(data, old_ssl_sessionid);
 +incache = FALSE;
++}
}
  }
  
diff --git 
a/meta/recipes-support/curl/curl/0002-transfer-strip-credentials-from-the-auto-referer-hea.patch
 
b/meta/recipes-support/curl/curl/0002-transfer-strip-credentials-from-the-auto-referer-hea.patch
index 6c4f6f2f48..c02c9bed68 100644
--- 
a/meta/recipes-support/curl/curl/0002-transfer-strip-credentials-from-the-auto-referer-hea.patch
+++ 
b/meta/recipes-support/curl/curl/0002-transfer-strip-credentials-from-the-auto-referer-hea.patch
@@ -6,7 +6,10 @@ Subject: [PATCH 2/2] transfer: strip credentials from the 
auto-referer header
 
 Added test 2081 to verify.
 
-CVE-2021-22876
+CVE: CVE-2021-22876
+
+Upstream-Status: Backport
+(https://github.com/curl/curl/commit/7214288898f5625a6cc196e22a74232eada7861c)
 
 Bug: https://curl.se/docs/CVE-2021-22876.html
 
-- 
2.31.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#153008): 
https://lists.openembedded.org/g/openembedded-core/message/153008
Mute This Topic: https://lists.openembedded.org/mt/83579815/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [swat] ltp failures on autobuilder

[Paul Gortmaker]

[Re: [swat] ltp failures on autobuilder] On 11/06/2021 (Fri 14:19) Richard 
Purdie wrote:

> On Fri, 2021-06-11 at 12:36 +0100, Richard Purdie via lists.yoctoproject.org 
> wrote:
> > as a .cfg to the kernel and that still reproduced the crash. However:
> > 
> > CONFIG_DEBUG_KERNEL=y
> > CONFIG_CGROUP_DEBUG=y
> > CONFIG_SCHED_DEBUG=y
> > CONFIG_DEBUG_PREEMPT=y
> > # CONFIG_RCU_TRACE is not set
> > # CONFIG_X86_DEBUG_FPU is not set
> > # CONFIG_CONSOLE_POLL is not set
> > # CONFIG_DEBUG_INFO is not set
> > # CONFIG_KGDB is not set
> > # CONFIG_KGDB_HONOUR_BLOCKLIST is not set
> > # CONFIG_KGDB_SERIAL_CONSOLE is not set
> > # CONFIG_KGDB_LOW_LEVEL_TRAP is not set
> > # CONFIG_KGDB_KDB is not set
> > # CONFIG_KDB_KEYBOARD is not set
> > # CONFIG_DEBUG_MISC is not set
> > 
> 
> Isolated down to CONFIG_SCHED_DEBUG=y being the line which somehow "fixes" 
> the crash. I can enable all the above apart from that and we can reproduce
> it.
> 
> Also, I changed gatesgarth to use qemu 5.2.0 copied in from hardknott and that
> breaks it. Dropping the 27 CVE patches "fixes" it again. It is possible it
> is one of the CVE fixes. Continuing to try and isolate.

For the mail archive trail, and for those not follwing the ongoing
research on IRC, we are hopeful that this fixes it.

https://lore.kernel.org/lkml/20210616125157.438837-1-paul.gortma...@windriver.com/

Paul.
--

> 
> Cheers,
> 
> Richard
> 

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#153007): 
https://lists.openembedded.org/g/openembedded-core/message/153007
Mute This Topic: https://lists.openembedded.org/mt/83466238/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core][hardknott][PATCH 1/2] curl: fix CVE-2021-22890

[Trevor Gamblin]

On 2021-06-15 6:12 p.m., Alejandro Enedino Hernandez Samaniego wrote:


**[Please note: This e-mail is from an EXTERNAL e-mail address]


On 6/1/21 9:09 AM, Trevor Gamblin wrote:

Backport and modify the patch for CVE-2021-22890 from curl 7.76 to make
it apply cleanly on 7.75.

CVE: CVE-2021-22890

Signed-off-by: Trevor Gamblin
---
  ...-argument-to-Curl_ssl_get-addsession.patch | 517 ++
  meta/recipes-support/curl/curl_7.75.0.bb  

   |   1 +
  2 files changed, 518 insertions(+)
  create mode 100644 
meta/recipes-support/curl/curl/0001-vtls-add-isproxy-argument-to-Curl_ssl_get-addsession.patch

diff --git 
a/meta/recipes-support/curl/curl/0001-vtls-add-isproxy-argument-to-Curl_ssl_get-addsession.patch
 
b/meta/recipes-support/curl/curl/0001-vtls-add-isproxy-argument-to-Curl_ssl_get-addsession.patch
new file mode 100644
index 00..a0c7d68f33
--- /dev/null
+++ 
b/meta/recipes-support/curl/curl/0001-vtls-add-isproxy-argument-to-Curl_ssl_get-addsession.patch
@@ -0,0 +1,517 @@
+From a2d3885223db9616283bfe33435fbe9b3140eac7 Mon Sep 17 00:00:00 2001
+From: Trevor Gamblin
+Date: Tue, 1 Jun 2021 09:50:20 -0400
+Subject: [PATCH 1/2] vtls: add 'isproxy' argument to
+ Curl_ssl_get/addsessionid()
+
+To make sure we set and extract the correct session.
+
+Reported-by: Mingtao Yang
+Bug:https://curl.se/docs/CVE-2021-22890.html
+
+CVE-2021-22890
+
+Upstream-Status: Backport
+(https://github.com/curl/curl/commit/b09c8ee15771c614c4bf3ddac893cdb12187c844)
+
+Signed-off-by: Trevor Gamblin
+---
+ lib/vtls/bearssl.c   |  8 +--
+ lib/vtls/gtls.c  | 12 ++
+ lib/vtls/mbedtls.c   | 12 ++
+ lib/vtls/mesalink.c  | 14 
+ lib/vtls/openssl.c   | 54 +---
+ lib/vtls/schannel.c  | 10 
+ lib/vtls/sectransp.c | 10 
+ lib/vtls/vtls.c  | 12 +++---
+ lib/vtls/vtls.h  |  2 ++
+ lib/vtls/wolfssl.c   | 28 +--
+ 10 files changed, 111 insertions(+), 51 deletions(-)
+
+diff --git a/lib/vtls/bearssl.c b/lib/vtls/bearssl.c
+index 29b08c0e6..0432dfadc 100644
+--- a/lib/vtls/bearssl.c
 b/lib/vtls/bearssl.c
+@@ -375,7 +375,8 @@ static CURLcode bearssl_connect_step1(struct Curl_easy 
*data,
+ void *session;
+
+ Curl_ssl_sessionid_lock(data);
+-if(!Curl_ssl_getsessionid(data, conn, , NULL, sockindex)) {
++if(!Curl_ssl_getsessionid(data, conn, SSL_IS_PROXY() ? TRUE : FALSE,
++  , NULL, sockindex)) {
+   br_ssl_engine_set_session_parameters(>ctx.eng, session);
+   infof(data, "BearSSL: re-using session ID\n");
+ }
+@@ -571,10 +572,13 @@ static CURLcode bearssl_connect_step3(struct Curl_easy 
*data,
+ br_ssl_engine_get_session_parameters(>ctx.eng, session);
+ Curl_ssl_sessionid_lock(data);
+ incache = !(Curl_ssl_getsessionid(data, conn,
++  SSL_IS_PROXY() ? TRUE : FALSE,
+   , NULL, sockindex));
+ if(incache)
+   Curl_ssl_delsessionid(data, oldsession);
+-ret = Curl_ssl_addsessionid(data, conn, session, 0, sockindex);
++ret = Curl_ssl_addsessionid(data, conn,
++SSL_IS_PROXY() ? TRUE : FALSE,
++session, 0, sockindex);
+ Curl_ssl_sessionid_unlock(data);
+ if(ret) {
+   free(session);
+diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c
+index 3ddee1974..28ca528a6 100644
+--- a/lib/vtls/gtls.c
 b/lib/vtls/gtls.c
+@@ -733,6 +733,7 @@ gtls_connect_step1(struct Curl_easy *data,
+
+ Curl_ssl_sessionid_lock(data);
+ if(!Curl_ssl_getsessionid(data, conn,
++  SSL_IS_PROXY() ? TRUE : FALSE,
+   _sessionid, _idsize, sockindex)) {
+   /* we got a session id, use it! */
+   gnutls_session_set_data(session, ssl_sessionid, ssl_idsize);
+@@ -1292,8 +1293,9 @@ gtls_connect_step3(struct Curl_easy *data,
+   gnutls_session_get_data(session, connect_sessionid, _idsize);
+
+   Curl_ssl_sessionid_lock(data);
+-  incache = !(Curl_ssl_getsessionid(data, conn, _sessionid, NULL,
+-sockindex));
++  incache = !(Curl_ssl_getsessionid(data, conn,
++SSL_IS_PROXY() ? TRUE : FALSE,
++_sessionid, NULL, sockindex));
+   if(incache) {
+ /* there was one before in the cache, so instead of risking that the
+previous one was rejected, we just kill that and store the new */
+@@ -1301,8 +1303,10 @@ gtls_connect_step3(struct Curl_easy *data,
+   }
+
+   /* store this session id */
+-  result = Curl_ssl_addsessionid(data, conn, connect_sessionid,
+- connect_idsize, sockindex);
++  result = 

[OE-core][dunfell][hardknott] expat: upstream package renamed

[Jasper Orschulko]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hi,

recently the expat upstream sources have been renamed to
${PN}-{PV}-RENAMED-VULNERABLE-PLEASE-USE-2.4.1-INSTEAD.tar.xz
which causes the fetch to fail. This effects all layers except master.

IMO we now have two options:
1. change the SRC_URI and backport security fixes (which seems sensible
for the dunfell LTS branch)
2. update the recipes to use 2.4.1

- -- 
With best regards

Jasper Orschulko
DevOps Engineer

Tel. +49 30 58 58 14 265
Fax +49 30 58 58 14 999
jasper.orschu...@iris-sensing.com

• • • • • • • • • • • • • • • • • • • • • • • • • •

iris-GmbH
infrared & intelligent sensors
Ostendstraße 1-14 | 12459 Berlin

https://iris-sensing.com/



-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEE4WyPMIC5Ap4+Ooo1Ygqew07VMNUFAmDJ4sYACgkQYgqew07V
MNVEMAf9GQsWGjXK1vX+EQAU63VejQexh+KogMmHbRgT2e/9DwOXxs78zfL0/BLh
wWg9ijseom12nApdZHzjeSGs6ZAJUVVIDJfEqjfHAT06ft1yJ0K06tf06zXxr2bI
YTu9yXwn4wugXwmAjfEKn5j0lUMZvgGaE2PsTi40u70GjAK5dTTzZ29apwkfQOG9
qSZ75aL1DjEa2RM8LmgmHZlpFSIZsBTHPgf1WQmlcOupURSRAMJ2wqPDUuu3Zy1Q
IeMiEF6sQVI7M5m69Ia8U2t9l/5eR4x8vfnJJEbBmC8EJAwbDp987dey35Q5cex7
N0ocaNz+Gei2Aenot+qd30mgE1so1w==
=7Zqx
-END PGP SIGNATURE-

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#153005): 
https://lists.openembedded.org/g/openembedded-core/message/153005
Mute This Topic: https://lists.openembedded.org/mt/83578374/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH 01/31] core-image-weston: bump QB_MEM to 1G in qemuarm64

[Alexander Kanavin]

I'd like to take a deeper look at this, please hold.

Alex

On Tue, 15 Jun 2021 at 10:12, Alexander Kanavin via lists.openembedded.org
 wrote:

> weston tests start additional compositors, other tests are also
> heavy on RAM, weston itself takes 256M with opengl enabled,
> so 512M causes OOM errors on arm64.
>
> Signed-off-by: Alexander Kanavin 
> ---
>  meta/recipes-graphics/images/core-image-weston.bb | 1 +
>  1 file changed, 1 insertion(+)
>
> diff --git a/meta/recipes-graphics/images/core-image-weston.bb
> b/meta/recipes-graphics/images/core-image-weston.bb
> index 62305cc1ce..e332e19368 100644
> --- a/meta/recipes-graphics/images/core-image-weston.bb
> +++ b/meta/recipes-graphics/images/core-image-weston.bb
> @@ -10,3 +10,4 @@ CORE_IMAGE_BASE_INSTALL += "gtk+3-demo"
>  CORE_IMAGE_BASE_INSTALL += "${@bb.utils.contains('DISTRO_FEATURES',
> 'x11', 'weston-xwayland matchbox-terminal', '', d)}"
>
>  QB_MEM = "-m 512"
> +QB_MEM_qemuarm64 = "-m 1024"
> --
> 2.31.1
>
>
> 
>
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#153004): 
https://lists.openembedded.org/g/openembedded-core/message/153004
Mute This Topic: https://lists.openembedded.org/mt/83551207/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-