[OE-core] [dunfell][patch] libsolv: fix CVE-2021-3200

[Lee Chee Yang]

From: Lee Chee Yang 

Signed-off-by: Lee Chee Yang 
---
 .../libsolv/files/CVE-2021-3200.patch | 67 +++
 .../libsolv/libsolv_0.7.10.bb |  1 +
 2 files changed, 68 insertions(+)
 create mode 100644 meta/recipes-extended/libsolv/files/CVE-2021-3200.patch

diff --git a/meta/recipes-extended/libsolv/files/CVE-2021-3200.patch 
b/meta/recipes-extended/libsolv/files/CVE-2021-3200.patch
new file mode 100644
index 000..74164ab495f
--- /dev/null
+++ b/meta/recipes-extended/libsolv/files/CVE-2021-3200.patch
@@ -0,0 +1,67 @@
+From 0077ef29eb46d2e1df2f230fc95a1d9748d49dec Mon Sep 17 00:00:00 2001
+From: Michael Schroeder 
+Date: Mon, 14 Dec 2020 11:12:00 +0100
+Subject: [PATCH] testcase_read: error out if repos are added or the system is
+ changed too late
+
+We must not add new solvables after the considered map was created, the solver
+was created, or jobs were added. We may not changed the system after jobs have
+been added.
+
+(Jobs may point inside the whatproviedes array, so we must not invalidate this
+area.)
+
+Upstream-Status: Backport 
+https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec
+CVE: CVE-2021-3200
+Signed-off-by: Chee Yang Lee 
+---
+ ext/testcase.c | 21 +
+ 1 file changed, 21 insertions(+)
+
+diff --git a/ext/testcase.c b/ext/testcase.c
+index 0be7a213..8fb6d793 100644
+--- a/ext/testcase.c
 b/ext/testcase.c
+@@ -1991,6 +1991,7 @@ testcase_read(Pool *pool, FILE *fp, const char 
*testcase, Queue *job, char **res
+   Id *genid = 0;
+   int ngenid = 0;
+   Queue autoinstq;
++  int oldjobsize = job ? job->count : 0;
+ 
+   if (resultp)
+ *resultp = 0;
+@@ -2065,6 +2066,21 @@ testcase_read(Pool *pool, FILE *fp, const char 
*testcase, Queue *job, char **res
+ int prio, subprio;
+ const char *rdata;
+ 
++if (pool->considered)
++  {
++pool_error(pool, 0, "testcase_read: cannot add repos after 
packages were disabled");
++continue;
++  }
++if (solv)
++  {
++pool_error(pool, 0, "testcase_read: cannot add repos after the 
solver was created");
++continue;
++  }
++if (job && job->count != oldjobsize)
++  {
++pool_error(pool, 0, "testcase_read: cannot add repos after jobs 
have been created");
++continue;
++  }
+ prepared = 0;
+   if (!poolflagsreset)
+   {
+@@ -2125,6 +2141,11 @@ testcase_read(Pool *pool, FILE *fp, const char 
*testcase, Queue *job, char **res
+ int i;
+ 
+ /* must set the disttype before the arch */
++if (job && job->count != oldjobsize)
++  {
++pool_error(pool, 0, "testcase_read: cannot change the system 
after jobs have been created");
++continue;
++  }
+ prepared = 0;
+ if (strcmp(pieces[2], "*") != 0)
+   {
diff --git a/meta/recipes-extended/libsolv/libsolv_0.7.10.bb 
b/meta/recipes-extended/libsolv/libsolv_0.7.10.bb
index 1cf5e2eb295..eadf04aa5a0 100644
--- a/meta/recipes-extended/libsolv/libsolv_0.7.10.bb
+++ b/meta/recipes-extended/libsolv/libsolv_0.7.10.bb
@@ -9,6 +9,7 @@ LIC_FILES_CHKSUM = 
"file://LICENSE.BSD;md5=62272bd11c97396d4aaf1c41bc11f7d8"
 DEPENDS = "expat zlib"
 
 SRC_URI = "git://github.com/openSUSE/libsolv.git \
+   file://CVE-2021-3200.patch \
 "
 
 SRCREV = "605dd2645ef899e2b7c95709476fb51e28d7e378"
-- 
2.17.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#154669): 
https://lists.openembedded.org/g/openembedded-core/message/154669
Mute This Topic: https://lists.openembedded.org/mt/84786228/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [gatesgarth][PATCH] ruby: 2.7.1 -> 2.7.4

[Minjae Kim]

This release includes security fixes.

CVE-2021-31810: Trusting FTP PASV responses vulnerability in Net::FTP
CVE-2021-32066: A StartTLS stripping vulnerability in Net::IMAP
CVE-2021-31799: A command injection vulnerability in RDoc
CVE-2021-28965: XML round-trip vulnerability in REXML
CVE-2021-28966: Path traversal in Tempfile on Windows

CVE-2020-25613 fixed in 2.7.2, do drop the patch

release notes for 2.7.2, 2.7.3 and 2.7.4
https://www.ruby-lang.org/en/news/2020/10/02/ruby-2-7-2-released/
https://www.ruby-lang.org/en/news/2021/04/05/ruby-2-7-3-released/
https://www.ruby-lang.org/en/news/2021/07/07/ruby-2-7-4-released/
---
 .../ruby/ruby/CVE-2020-25613.patch| 40 ---
 .../ruby/{ruby_2.7.1.bb => ruby_2.7.4.bb} |  5 +--
 2 files changed, 2 insertions(+), 43 deletions(-)
 delete mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2020-25613.patch
 rename meta/recipes-devtools/ruby/{ruby_2.7.1.bb => ruby_2.7.4.bb} (94%)

diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2020-25613.patch 
b/meta/recipes-devtools/ruby/ruby/CVE-2020-25613.patch
deleted file mode 100644
index 1abcb7547e..00
--- a/meta/recipes-devtools/ruby/ruby/CVE-2020-25613.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 8946bb38b4d87549f0d99ed73c62c41933f97cc7 Mon Sep 17 00:00:00 2001
-From: Yusuke Endoh 
-Date: Tue, 29 Sep 2020 13:15:58 +0900
-Subject: [PATCH] Make it more strict to interpret some headers
-
-Some regexps were too tolerant.
-
-Upstream-Status: Backport
-[https://github.com/ruby/webrick/commit/8946bb38b4d87549f0d99ed73c62c41933f97cc7]
-CVE: CVE-2020-25613
-Signed-off-by: Chee Yang Lee 

- lib/webrick/httprequest.rb | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/lib/webrick/httprequest.rb b/lib/webrick/httprequest.rb
-index 294bd91..d34eac7 100644
 a/lib/webrick/httprequest.rb
-+++ b/lib/webrick/httprequest.rb
-@@ -227,9 +227,9 @@ def parse(socket=nil)
- raise HTTPStatus::BadRequest, "bad URI `#{@unparsed_uri}'."
-   end
- 
--  if /close/io =~ self["connection"]
-+  if /\Aclose\z/io =~ self["connection"]
- @keep_alive = false
--  elsif /keep-alive/io =~ self["connection"]
-+  elsif /\Akeep-alive\z/io =~ self["connection"]
- @keep_alive = true
-   elsif @http_version < "1.1"
- @keep_alive = false
-@@ -508,7 +508,7 @@ def read_body(socket, block)
-   return unless socket
-   if tc = self['transfer-encoding']
- case tc
--when /chunked/io then read_chunked(socket, block)
-+when /\Achunked\z/io then read_chunked(socket, block)
- else raise HTTPStatus::NotImplemented, "Transfer-Encoding: #{tc}."
- end
-   elsif self['content-length'] || @remaining_size
diff --git a/meta/recipes-devtools/ruby/ruby_2.7.1.bb 
b/meta/recipes-devtools/ruby/ruby_2.7.4.bb
similarity index 94%
rename from meta/recipes-devtools/ruby/ruby_2.7.1.bb
rename to meta/recipes-devtools/ruby/ruby_2.7.4.bb
index a6c65e887b..dafa7d2f6b 100644
--- a/meta/recipes-devtools/ruby/ruby_2.7.1.bb
+++ b/meta/recipes-devtools/ruby/ruby_2.7.4.bb
@@ -6,12 +6,11 @@ SRC_URI += " \
file://remove_has_include_macros.patch \
file://run-ptest \

file://0001-Modify-shebang-of-libexec-y2racc-and-libexec-racc2y.patch \
-   file://CVE-2020-25613.patch \

file://0001-template-Makefile.in-do-not-write-host-cross-cc-item.patch \
"
 
-SRC_URI[md5sum] = "debb9c325bf65021214451660f46e909"
-SRC_URI[sha256sum] = 
"d418483bdd576c1370571121a6eb24582116db0b7bb2005e90e250eae418"
+SRC_URI[md5sum] = "823cd21d93c69e4168b03dd127369343"
+SRC_URI[sha256sum] = 
"3043099089608859fc8cce7f9fdccaa1f53a462457e3838ec3b25a7d609fbc5b"
 
 PACKAGECONFIG ??= ""
 PACKAGECONFIG += "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#154668): 
https://lists.openembedded.org/g/openembedded-core/message/154668
Mute This Topic: https://lists.openembedded.org/mt/84785305/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [dunfell][PATCH] ruby: 2.7.3 -> 2.7.4

[Minjae Kim]

This release includes security fixes.

CVE-2021-31810: Trusting FTP PASV responses vulnerability in Net::FTP
CVE-2021-32066: A StartTLS stripping vulnerability in Net::IMAP
CVE-2021-31799: A command injection vulnerability in RDoc

https://www.ruby-lang.org/en/news/2021/07/07/ruby-2-7-4-released/
---
 meta/recipes-devtools/ruby/{ruby_2.7.3.bb => ruby_2.7.4.bb} | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename meta/recipes-devtools/ruby/{ruby_2.7.3.bb => ruby_2.7.4.bb} (95%)

diff --git a/meta/recipes-devtools/ruby/ruby_2.7.3.bb 
b/meta/recipes-devtools/ruby/ruby_2.7.4.bb
similarity index 95%
rename from meta/recipes-devtools/ruby/ruby_2.7.3.bb
rename to meta/recipes-devtools/ruby/ruby_2.7.4.bb
index 318b9acdae..dafa7d2f6b 100644
--- a/meta/recipes-devtools/ruby/ruby_2.7.3.bb
+++ b/meta/recipes-devtools/ruby/ruby_2.7.4.bb
@@ -9,8 +9,8 @@ SRC_URI += " \

file://0001-template-Makefile.in-do-not-write-host-cross-cc-item.patch \
"
 
-SRC_URI[md5sum] = "72ef97685008981de3ddb748d0dab31f"
-SRC_URI[sha256sum] = 
"8925a95e31d8f2c81749025a52a544ea1d05dad18794e6828709268b92e55338"
+SRC_URI[md5sum] = "823cd21d93c69e4168b03dd127369343"
+SRC_URI[sha256sum] = 
"3043099089608859fc8cce7f9fdccaa1f53a462457e3838ec3b25a7d609fbc5b"
 
 PACKAGECONFIG ??= ""
 PACKAGECONFIG += "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#154667): 
https://lists.openembedded.org/g/openembedded-core/message/154667
Mute This Topic: https://lists.openembedded.org/mt/84784512/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] Yocto Project Newcomer & Unassigned Bugs - Help Needed

[Stephen Jolley]

All,

 

The triage team is starting to try and collect up and classify bugs which a
newcomer to the project would be able to work on in a way which means people
can find them. They're being listed on the triage page under the appropriate
heading:

https://wiki.yoctoproject.org/wiki/Bug_Triage#Newcomer_Bugs  Also please
review:
https://www.openembedded.org/wiki/How_to_submit_a_patch_to_OpenEmbedded and
how to create a bugzilla account at:

https://bugzilla.yoctoproject.org/createaccount.cgi

The idea is these bugs should be straight forward for a person to help work
on who doesn't have deep experience with the project.  If anyone can help,
please take ownership of the bug and send patches!  If anyone needs
help/advice there are people on irc who can likely do so, or some of the
more experienced contributors will likely be happy to help too.

 

Also, the triage team meets weekly and does its best to handle the bugs
reported into the Bugzilla. The number of people attending that meeting has
fallen, as have the number of people available to help fix bugs. One of the
things we hear users report is they don't know how to help. We (the triage
team) are therefore going to start reporting out the currently 374
unassigned or newcomer bugs.

 

We're hoping people may be able to spare some time now and again to help out
with these.  Bugs are split into two types, "true bugs" where things don't
work as they should and "enhancements" which are features we'd want to add
to the system.  There are also roughly four different "priority" classes
right now, "3.2", "3.3, "3.99" and "Future", the more pressing/urgent issues
being in "3.2" and then "3.3".

 

Please review this link and if a bug is something you would be able to help
with either take ownership of the bug, or send me (sjolley.yp...@gmail.com
 ) an e-mail with the bug number you would
like and I will assign it to you (please make sure you have a Bugzilla
account).  The list is at:
https://wiki.yoctoproject.org/wiki/Bug_Triage_Archive#Unassigned_or_Newcomer
_Bugs

 

Thanks,

 

Stephen K. Jolley

Yocto Project Program Manager

*Cell:(208) 244-4460

* Email:  sjolley.yp...@gmail.com
 

 


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#154666): 
https://lists.openembedded.org/g/openembedded-core/message/154666
Mute This Topic: https://lists.openembedded.org/mt/84783491/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] Yocto Project Newcomer & Unassigned Bugs - Help Needed

[Stephen Jolley]

All,

 

The triage team is starting to try and collect up and classify bugs which a
newcomer to the project would be able to work on in a way which means people
can find them. They're being listed on the triage page under the appropriate
heading:

https://wiki.yoctoproject.org/wiki/Bug_Triage#Newcomer_Bugs  Also please
review:
https://www.openembedded.org/wiki/How_to_submit_a_patch_to_OpenEmbedded and
how to create a bugzilla account at:

https://bugzilla.yoctoproject.org/createaccount.cgi

The idea is these bugs should be straight forward for a person to help work
on who doesn't have deep experience with the project.  If anyone can help,
please take ownership of the bug and send patches!  If anyone needs
help/advice there are people on irc who can likely do so, or some of the
more experienced contributors will likely be happy to help too.

 

Also, the triage team meets weekly and does its best to handle the bugs
reported into the Bugzilla. The number of people attending that meeting has
fallen, as have the number of people available to help fix bugs. One of the
things we hear users report is they don't know how to help. We (the triage
team) are therefore going to start reporting out the currently 374
unassigned or newcomer bugs.

 

We're hoping people may be able to spare some time now and again to help out
with these.  Bugs are split into two types, "true bugs" where things don't
work as they should and "enhancements" which are features we'd want to add
to the system.  There are also roughly four different "priority" classes
right now, "3.2", "3.3, "3.99" and "Future", the more pressing/urgent issues
being in "3.2" and then "3.3".

 

Please review this link and if a bug is something you would be able to help
with either take ownership of the bug, or send me (sjolley.yp...@gmail.com
 ) an e-mail with the bug number you would
like and I will assign it to you (please make sure you have a Bugzilla
account).  The list is at:
https://wiki.yoctoproject.org/wiki/Bug_Triage_Archive#Unassigned_or_Newcomer
_Bugs

 

Thanks,

 

Stephen K. Jolley

Yocto Project Program Manager

*Cell:(208) 244-4460

* Email:  sjolley.yp...@gmail.com
 

 


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#154665): 
https://lists.openembedded.org/g/openembedded-core/message/154665
Mute This Topic: https://lists.openembedded.org/mt/84783491/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 00/33] Pull request (cover letter only)

[Steve Sakoman]

The following changes since commit 9ae339ace9274be71bfd3b5e5da64dceac9fa963:

  kernel-devsrc: fix 32bit ARM devsrc builds (2021-07-20 06:36:58 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-next
  
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-next

Armin Kuster (1):
  qemu: Enable seccomp if FEATURE is set

Bruce Ashfield (2):
  linux-yocto/5.4: update to v5.4.134
  linux-yocto/5.4: update to v5.4.135

Changqing Li (1):
  archiver.bbclass: fix do_ar_configured failure for kernel

Khem Raj (1):
  ovmf: Fix VLA warnings with GCC 11

Michael Opdenacker (1):
  oe-setup-builddir: update YP docs and OE URLs

Mike Crowe (1):
  curl: Fix CVE-2021-22924 and CVE-2021-22925

Nathan Rossi (1):
  qemu.inc: Add seccomp PACKAGECONFIG option

Neetika Singh (1):
  curl: Fix for CVE-2021-22898

Nicolas Dechesne (4):
  yocto-check-layer: improve missed dependencies
  checklayer: new function get_layer_dependencies()
  checklayer: rename _find_layer_depends
  yocto-check-layer: ensure that all layer dependencies are tested too

Oleksandr Kravchuk (1):
  bitbake.conf: change GNOME_MIRROR to new one

Ralph Siemsen (1):
  oeqa/manual/toaster: fix small typo

Richard Purdie (2):
  yocto-check-layer: Remove duplicated code
  sstate: Fix rebuilds when changing layer config

Ross Burton (1):
  glew: fix Makefile race

Steve Sakoman (5):
  Revert "gstreamer-plugins-good: ignore CVE-2021-3497/8 since they are
fixed"
  Revert "gstreamer-plugins-base: ignore CVE-2021-3522 since it is
fixed"
  gstreamer: ignore CVE-2021-3497, CVE-2021-3498, and CVE-2021-3522
  libxml2: fix CVE-2021-3541
  avahi: fix CVE-2021-3468

Teoh Jay Shen (5):
  oeqa/ethernet_ip_connman : add test for network connections
  oeqa/runtime : add test for RTC(Real Time Clock)
  oeqa/suspend : add test for suspend state
  oeqa/terminal : improve the test case
  oeqa/usb_hid.py : add test to check the usb/human interface device
status after suspend state

TeohJayShen (1):
  oeqa/runtime: add test for matchbox-terminal

Ulrich Ölmann (1):
  initramfs-framework/setup-live: fix shebang

Wes Lindauer (1):
  oeqa/runtime/cases: Only disable/enable for current boot

Yi Zhao (1):
  ifupdown: added -1 option to dhclient for dhcpv6

leimaohui (1):
  archiver.bbclass: Fix patch error for recipes that inherit dos2unix.

 meta/classes/archiver.bbclass |   8 +-
 meta/classes/sstate.bbclass   |   1 +
 meta/conf/bitbake.conf|   2 +-
 .../lib/oeqa/manual/toaster-managed-mode.json |   2 +-
 meta/lib/oeqa/runtime/cases/date.py   |   4 +-
 .../oeqa/runtime/cases/ethernet_ip_connman.py |  36 +++
 meta/lib/oeqa/runtime/cases/rtc.py|  38 +++
 meta/lib/oeqa/runtime/cases/suspend.py|  33 +++
 meta/lib/oeqa/runtime/cases/terminal.py   |  21 ++
 meta/lib/oeqa/runtime/cases/usb_hid.py|  22 ++
 meta/recipes-connectivity/avahi/avahi.inc |   1 +
 .../avahi/files/CVE-2021-3468.patch   |  42 
 ...-1-option-to-dhclient-on-upping-an-i.patch |  65 +
 meta/recipes-core/ifupdown/ifupdown_0.8.35.bb |   1 +
 .../initramfs-framework/setup-live|   2 +-
 .../libxml/libxml2/CVE-2021-3541.patch|  73 ++
 meta/recipes-core/libxml/libxml2_2.9.10.bb|   1 +
 .../ovmf/0001-Fix-VLA-parameter-warning.patch |  51 
 meta/recipes-core/ovmf/ovmf_git.bb|   3 +-
 meta/recipes-devtools/qemu/qemu.inc   |   1 +
 meta/recipes-devtools/qemu/qemu_4.2.0.bb  |   1 +
 .../0001-Fix-build-race-in-Makefile.patch |  56 +
 meta/recipes-graphics/glew/glew_2.2.0.bb  |   1 +
 .../linux/linux-yocto-rt_5.4.bb   |   6 +-
 .../linux/linux-yocto-tiny_5.4.bb |   8 +-
 meta/recipes-kernel/linux/linux-yocto_5.4.bb  |  22 +-
 .../gstreamer1.0-plugins-base_1.16.3.bb   |   4 -
 .../gstreamer1.0-plugins-good_1.16.3.bb   |   5 -
 .../gstreamer/gstreamer1.0_1.16.3.bb  |   9 +
 .../curl/curl/CVE-2021-22898.patch|  26 ++
 .../curl/curl/CVE-2021-22924.patch| 226 ++
 .../curl/curl/CVE-2021-22925.patch|  43 
 meta/recipes-support/curl/curl_7.69.1.bb  |   4 +
 scripts/lib/checklayer/__init__.py|  11 +-
 scripts/oe-setup-builddir |   4 +-
 scripts/yocto-check-layer |  25 +-
 36 files changed, 813 insertions(+), 45 deletions(-)
 create mode 100644 meta/lib/oeqa/runtime/cases/ethernet_ip_connman.py
 create mode 100644 meta/lib/oeqa/runtime/cases/rtc.py
 create mode 100644 meta/lib/oeqa/runtime/cases/suspend.py
 create mode 100644 meta/lib/oeqa/runtime/cases/terminal.py
 create mode 100644 meta/lib/oeqa/runtime/cases/usb_hid.py
 create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2021-3468.patch
 create mode 100644 
meta/recipes-core/ifupdown/files/0001-inet6.defn-Added-1-option-to-dhclient-on-upping-an-i.patch
 

Re: [OE-core] ALTERNATIVE_LINK_NAME in bash recipe doesn't create /bin/sh

[Devendra Tewari]

To provide more context, these are the ALTERNATIVE variables in the recipe 
around ALTERNATIVE_LINK_NAME[sh]

ALTERNATIVE:${PN} = "bash sh"
ALTERNATIVE_LINK_NAME[bash] = "${base_bindir}/bash"
ALTERNATIVE_TARGET[bash] = "${base_bindir}/bash"
ALTERNATIVE_LINK_NAME[sh] = "${base_bindir}/sh"
ALTERNATIVE_TARGET[sh] = "${base_bindir}/bash.${BPN}"

Based on earlier messages on ALTERNATIVE_LINK_NAME and ALTERNATIVE_TARGET, I 
have arrived at the conclusion that a link should be created but isn't.

Thanks,
Devendra

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#154663): 
https://lists.openembedded.org/g/openembedded-core/message/154663
Mute This Topic: https://lists.openembedded.org/mt/84778853/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] ntpsec on OE/YP?

[Robert P. J. Day]

colleague asks about the state of ntpsec (https://www.ntpsec.org/)
on OE/YP, a quick search does not show official support of any kind,
any pointers?

rday


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#154662): 
https://lists.openembedded.org/g/openembedded-core/message/154662
Mute This Topic: https://lists.openembedded.org/mt/84779837/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] ALTERNATIVE_LINK_NAME in bash recipe doesn't create /bin/sh

[Devendra Tewari]

Hello,

I've added bash recipe (version 5.1.8) to a target but it does not seem to 
produce the /bin/sh link. I've checked that the recipe is supposed to provide 
the following link

ALTERNATIVE_LINK_NAME[sh] = "${base_bindir}/sh"

Is that by itself sufficient to produce the link? If so, it does not seem to do 
so.

Thanks,
Devendra

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#154661): 
https://lists.openembedded.org/g/openembedded-core/message/154661
Mute This Topic: https://lists.openembedded.org/mt/84778853/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] u-boot: Package extlinux.conf separately

[Paul Barker]

A separate u-boot-extlinux package is created for the extlinux.conf file
so that it can be installed on its own if needed. If this package is
populated, it is added as a dependency of the main u-boot package so
that installing just u-boot still results in the extlinux.conf file
being present in the rootfs.

Signed-off-by: Paul Barker 
---
 meta/recipes-bsp/u-boot/u-boot.inc | 5 -
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/meta/recipes-bsp/u-boot/u-boot.inc 
b/meta/recipes-bsp/u-boot/u-boot.inc
index 4340b17cb6..971fdbb102 100644
--- a/meta/recipes-bsp/u-boot/u-boot.inc
+++ b/meta/recipes-bsp/u-boot/u-boot.inc
@@ -210,7 +210,7 @@ do_install () {
 fi
 }
 
-PACKAGE_BEFORE_PN += "${PN}-env"
+PACKAGE_BEFORE_PN += "${PN}-env ${PN}-extlinux"
 
 RPROVIDES:${PN}-env += "u-boot-default-env"
 ALLOW_EMPTY:${PN}-env = "1"
@@ -219,6 +219,9 @@ FILES:${PN}-env = " \
 ${sysconfdir}/fw_env.config \
 "
 
+FILES:${PN}-extlinux = 
"${UBOOT_EXTLINUX_INSTALL_DIR}/${UBOOT_EXTLINUX_CONF_NAME}"
+RDEPENDS:${PN} += "${@bb.utils.contains('UBOOT_EXTLINUX', '1', 
'${PN}-extlinux', '', d)}"
+
 FILES:${PN} = "/boot ${datadir}"
 RDEPENDS:${PN} += "${PN}-env"
 
-- 
2.31.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#154660): 
https://lists.openembedded.org/g/openembedded-core/message/154660
Mute This Topic: https://lists.openembedded.org/mt/84776988/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [dunfell][PATCH] glibc: Document and whitelist CVE-2021-35942

[Ralph Siemsen]

This CVE is fixed in the upstream glibc-2.31 branch, and dunfell already
includes an update to this version in commit e1e89ff7d75c3d22 ("glibc:
update to lastest 2.31 release HEAD")

Signed-off-by: Ralph Siemsen 
---
 meta/recipes-core/glibc/glibc_2.31.bb | 10 ++
 1 file changed, 10 insertions(+)

diff --git a/meta/recipes-core/glibc/glibc_2.31.bb 
b/meta/recipes-core/glibc/glibc_2.31.bb
index 23242fff76..8742efc36f 100644
--- a/meta/recipes-core/glibc/glibc_2.31.bb
+++ b/meta/recipes-core/glibc/glibc_2.31.bb
@@ -18,6 +18,16 @@ CVE_CHECK_WHITELIST += "CVE-2019-1010022 CVE-2019-1010023 
CVE-2019-1010024"
 # Potential patch at https://sourceware.org/bugzilla/show_bug.cgi?id=22853
 CVE_CHECK_WHITELIST += "CVE-2019-1010025"
 
+# glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35942
+# The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash
+# or read arbitrary memory in parse_param (in posix/wordexp.c) when called with
+# an untrusted, crafted pattern, potentially resulting in a denial of service
+# or disclosure of information. Patch was backported to 2.31 branch already:
+# 
https://sourceware.org/git/?p=glibc.git;a=commit;h=4f0a61f75385c9a5879cbe7202042e88f692a3c8
+# which is already included in the dunfell branch of poky:
+# 
https://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?h=dunfell=e1e89ff7d75c3d2223f9e3bd875b9b0c5e15836b
+CVE_CHECK_WHITELIST += "CVE-2021-35942"
+
 DEPENDS += "gperf-native bison-native make-native"
 
 NATIVESDKFIXES ?= ""
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#154659): 
https://lists.openembedded.org/g/openembedded-core/message/154659
Mute This Topic: https://lists.openembedded.org/mt/84776732/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] OE-core CVE metrics for dunfell on Sun 08 Aug 2021 04:30:01 AM HST

[Steve Sakoman]

On Mon, Aug 9, 2021 at 8:37 AM Ralph Siemsen  wrote:
>
> On Sun, Aug 08, 2021 at 04:33:59AM -1000, Steve Sakoman wrote:
> >Branch: dunfell
> >
> >New this week: 3 CVEs
> >CVE-2021-28966: ruby:ruby-native 
> >https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28966 *
> >CVE-2021-31810: ruby:ruby-native 
> >https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31810 *
> >CVE-2021-35942: glibc
> >https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35942 *
>
> It looks like the glibc one is already fixed in the dunfell branch:
>
> commit e1e89ff7d75c3d22 ("glibc: update to lastest 2.31 release HEAD")
>
> Includes the following fixes:
>
> 4f0a61f753 wordexp: handle overflow in positional parameter number (bug
> 28011)
>
> which fixes the CVE, although it isn't mention in the commit:
>
> https://sourceware.org/git/?p=glibc.git;a=commit;h=4f0a61f75385c9a5879cbe7202042e88f692a3c8
>
> So I think all that's needed is CVE_CHECK_WHITELIST += "CVE-2021-35942"
> I can submit a patch for this if you wish...

That would be much appreciated!

Steve

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#154658): 
https://lists.openembedded.org/g/openembedded-core/message/154658
Mute This Topic: https://lists.openembedded.org/mt/84748068/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] OE-core CVE metrics for dunfell on Sun 08 Aug 2021 04:30:01 AM HST

[Ralph Siemsen]

On Sun, Aug 08, 2021 at 04:33:59AM -1000, Steve Sakoman wrote:

Branch: dunfell

New this week: 3 CVEs
CVE-2021-28966: ruby:ruby-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28966 *
CVE-2021-31810: ruby:ruby-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31810 *
CVE-2021-35942: glibc 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35942 *


It looks like the glibc one is already fixed in the dunfell branch:

commit e1e89ff7d75c3d22 ("glibc: update to lastest 2.31 release HEAD")

Includes the following fixes:

4f0a61f753 wordexp: handle overflow in positional parameter number (bug 
28011)


which fixes the CVE, although it isn't mention in the commit:

https://sourceware.org/git/?p=glibc.git;a=commit;h=4f0a61f75385c9a5879cbe7202042e88f692a3c8

So I think all that's needed is CVE_CHECK_WHITELIST += "CVE-2021-35942"
I can submit a patch for this if you wish...

Regards,
Ralph

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#154657): 
https://lists.openembedded.org/g/openembedded-core/message/154657
Mute This Topic: https://lists.openembedded.org/mt/84748068/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [poky][dunfell][PATCH] lighttpd: Add patch for reuse large memory chunks

[Steve Sakoman]

This version of the patch is still throwing warnings on the autobuilder:

stdio: WARNING: lighttpd-1.4.55-r0 do_patch: Fuzz detected:
stdio: WARNING: lighttpd-1.4.55-r0 do_patch: QA Issue: Patch log
indicates that patches do not apply cleanly. [patch-fuzz]

Steve

On Sun, Aug 8, 2021 at 9:20 PM Purushottam choudhary
 wrote:
>
> Added 0001-core-reuse-large-mem-chunks-fix-mem-usage-fixes-3033.patch
> to fix large memory usage for large file downloads
> from dynamic backends reuse or release large memory chunks.
>
> This issue is caused by a bug in the lighttpd 1.4.55 version and
> has been fixed in lighttpd 1.4.58. Hence, it is not needed for
> master and hardknott branch because lighttpd has 1.4.59 version.
>
> Link: 
> https://redmine.lighttpd.net/projects/lighttpd/repository/14/revisions/7ba521ffb4959f6f74a609d5d4acafc29a038337
>
> Signed-off-by: Purushottam Choudhary 
> ---
>  ...large-mem-chunks-fix-mem-usage-fixes-3033.patch | 224 
> +
>  meta/recipes-extended/lighttpd/lighttpd_1.4.55.bb  |   1 +
>  2 files changed, 225 insertions(+)
>  create mode 100644 
> meta/recipes-extended/lighttpd/lighttpd/0001-core-reuse-large-mem-chunks-fix-mem-usage-fixes-3033.patch
>
> diff --git 
> a/meta/recipes-extended/lighttpd/lighttpd/0001-core-reuse-large-mem-chunks-fix-mem-usage-fixes-3033.patch
>  
> b/meta/recipes-extended/lighttpd/lighttpd/0001-core-reuse-large-mem-chunks-fix-mem-usage-fixes-3033.patch
> new file mode 100644
> index 000..e3ede66
> --- /dev/null
> +++ 
> b/meta/recipes-extended/lighttpd/lighttpd/0001-core-reuse-large-mem-chunks-fix-mem-usage-fixes-3033.patch
> @@ -0,0 +1,224 @@
> +From f46bba11bf47ab6d6601e6ca653f1cdc7a2673ed Mon Sep 17 00:00:00 2001
> +From: Glenn Strauss 
> +Date: Wed, 23 Dec 2020 23:14:47 -0500
> +Subject: [PATCH] reuse large mem chunks (fix mem usage) (fixes #3033)
> +
> +(cherry picked from commit 7ba521ffb4959f6f74a609d5d4acafc29a038337)
> +
> +(thx flynn)
> +
> +fix large memory usage for large file downloads from dynamic backends
> +
> +reuse or release large memory chunks
> +
> +x-ref:
> +  "Memory Growth with PUT and full buffered streams"
> +  https://redmine.lighttpd.net/issues/3033
> +
> +Upstream-Status: Backport
> +Comment: No hunk refreshed
> +https://redmine.lighttpd.net/projects/lighttpd/repository/14/revisions/7ba521ffb4959f6f74a609d5d4acafc29a038337
> +Signed-off-by: Purushottam Choudhary 
> +
> +---
> + src/chunk.c| 99 
> --
> + src/chunk.h|  2 +
> + src/http-header-glue.c |  2 +-
> + 3 files changed, 82 insertions(+), 21 deletions(-)
> +
> +diff --git a/src/chunk.c b/src/chunk.c
> +index 09dd3f1..ffb3795 100644
> +--- a/src/chunk.c
>  b/src/chunk.c
> +@@ -28,16 +28,20 @@
> + static size_t chunk_buf_sz = 4096;
> + static chunk *chunks, *chunks_oversized;
> + static chunk *chunk_buffers;
> ++static int chunks_oversized_n;
> + static array *chunkqueue_default_tempdirs = NULL;
> + static off_t chunkqueue_default_tempfile_size = DEFAULT_TEMPFILE_SIZE;
> +
> + void chunkqueue_set_chunk_size (size_t sz)
> + {
> +-chunk_buf_sz = sz > 0 ? ((sz + 1023) & ~1023uL) : 4096;
> ++size_t x = 1024;
> ++while (x < sz && x < (1u << 30)) x <<= 1;
> ++chunk_buf_sz = sz > 0 ? x : 4096;
> + }
> +
> + void chunkqueue_set_tempdirs_default_reset (void)
> + {
> ++chunk_buf_sz = 8192;
> + chunkqueue_default_tempdirs = NULL;
> + chunkqueue_default_tempfile_size = DEFAULT_TEMPFILE_SIZE;
> + }
> +@@ -120,15 +124,49 @@ static void chunk_free(chunk *c) {
> +   free(c);
> + }
> +
> +-buffer * chunk_buffer_acquire(void) {
> ++static chunk * chunk_pop_oversized(size_t sz) {
> ++/* future: might have buckets of certain sizes, up to socket buf sizes 
> */
> ++if (chunks_oversized && chunks_oversized->mem->size >= sz) {
> ++--chunks_oversized_n;
> ++chunk *c = chunks_oversized;
> ++chunks_oversized = c->next;
> ++return c;
> ++}
> ++return NULL;
> ++}
> ++
> ++static void chunk_push_oversized(chunk * const c, const size_t sz) {
> ++if (chunks_oversized_n < 64 && chunk_buf_sz >= 4096) {
> ++++chunks_oversized_n;
> ++chunk **co = _oversized;
> ++while (*co && sz < (*co)->mem->size) co = &(*co)->next;
> ++c->next = *co;
> ++*co = c;
> ++}
> ++else
> ++chunk_free(c);
> ++}
> ++
> ++static buffer * chunk_buffer_acquire_sz(size_t sz) {
> + chunk *c;
> + buffer *b;
> +-if (chunks) {
> +-c = chunks;
> +-chunks = c->next;
> ++if (sz <= chunk_buf_sz) {
> ++if (chunks) {
> ++c = chunks;
> ++chunks = c->next;
> ++}
> ++else
> ++c = chunk_init(chunk_buf_sz);
> ++/* future: might choose to pop from chunks_oversized, if 
> available
> ++ * (even if larger than sz) rather than allocating new chunk
> ++ * (and if doing so, might replace 

Re: [OE-core] [PATCH] python3: use monotonic clock for condvar if possible

[Ross Burton]

On Tue, 3 Aug 2021 at 05:41, Zhang, Qiang  wrote:
> The timeout for threading.Lock, threading.Condition, etc, is not using
> a monotonic clock, it is affected if the system time (realtime clock)
> is set.
>
> This patch will make condvar use monotonic clock.
> Refence: https://bugs.python.org/issue41710

That doesn't quite make sense to me.

As referenced in that bug report,
https://github.com/python/cpython/commit/001fee14e0f2ba5f41fb733adc69d5965925a094
uses monotonic clocks by default.  That was in 3.8.0 onwards.

So, why is this change to pretend that the semaphore is broken needed?

Ross

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#154655): 
https://lists.openembedded.org/g/openembedded-core/message/154655
Mute This Topic: https://lists.openembedded.org/mt/84632397/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [master][PATCH 0/4] Reproducible LTO builds

[Khem Raj]

On 8/9/21 7:39 AM, Tony Battersby wrote:

On 8/6/21 10:19 PM, Khem Raj wrote:

I am seeing bunch of failures on meta-oe and meta-atmel

https://errors.yoctoproject.org/Errors/Details/600064/
https://errors.yoctoproject.org/Errors/Details/600065/
https://errors.yoctoproject.org/Errors/Details/600071/



I sent patches for meta-openembedded, but I am not sure how to build
meta-atmel:

bitbake libegl
ERROR: Layer atmel is not compatible with the core layer which only
supports these series: honister (layer is compatible with hardknott)


you can use my branch which has fixes for override problem

https://github.com/YoeDistro/meta-atmel/tree/yoe/mut




But the fix is probably the same as the ones I sent for the other
packages (which I copied from
meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.1.bb).

Tony Battersby



On Fri, Aug 6, 2021 at 2:04 PM Tony Battersby  wrote:

On 8/6/21 12:44 PM, Tony Battersby wrote:

On 8/6/21 1:33 AM, Richard Purdie wrote:

On Thu, 2021-08-05 at 17:54 -0400, Tony Battersby wrote:

On 8/5/21 6:21 AM, Richard Purdie wrote:

On Wed, 2021-08-04 at 20:13 -0400, Randy MacLeod wrote:

On 2021-07-27 9:34 a.m., Tony Battersby wrote:

Currently, enabling Link Time Optimization via:

require conf/distro/include/lto.inc
DISTRO_FEATURES_append = " lto"

makes the build non-reproducible (as in
https://reproducible-builds.org/).  This patch set fixes some of the
problems, but is not yet a complete solution.

This patch set addresses the following bugs:
https://bugzilla.yoctoproject.org/show_bug.cgi?id=14481
https://bugzilla.yoctoproject.org/show_bug.cgi?id=14490

openembedded-core patches
1/4: lto.inc: disable LTO for grub
2/4: gcc: Backport patch to make LTO builds more reproducible
3/4: bitbake.conf: add DEBUG_PREFIX_MAP to TARGET_LDFLAGS

openembedded-devel patches
4/4: net-snmp: fix QA Issue after LDFLAGS change

Patch 3 adds DEBUG_PREFIX_MAP to TARGET_LDFLAGS (it was already in
TARGET_CFLAGS).  This could possibly be done differently, such as by
removing it from TARGET_CFLAGS and adding it to TOOLCHAIN_OPTIONS,
TARGET_CC_ARCH, or TUNE_CCARGS, but I haven't tested those.  Let me know
if there is a better/preferred way to do it.

The TARGET_LDFLAGS change broke net-snmp from meta-networking, so I have
included a patch to fix that.  Other packages might have been broken as
well, although I haven't found any others.

With all these patches, there are still many shared libraries in /lib
and /usr/lib that are still not reproducible with LTO enabled because
x86_64-poky-linux-libtool filters out the -f*-prefix-map flags added by
patch 3 when linking shared libraries.  /usr/lib/libbz2.so.1.0.6 from
the libbz2 package from the bzip2 recipe is a good example.  I do not
have a patch for that problem.  I will leave that to someone else.

So this is what we need to achieve reproducible LTO builds:
*) This patch set
*) A fix for libtool
*) Add LTO to reproducible builds testing if appropriate (e.g.
meta/lib/oeqa/selftest/cases/reproducible.py, CI on Autobuilder)
*) Fixes for individual packages, if needed
*) Once everything works, update the documentation again (I previously
requested a documentation change for this bug, which will eventually
show up at
http://docs.yoctoproject.org/test-manual/reproducible-builds.html).

This is certainly a few steps in the right direction with a good outline
of what's next.

I suspect that Richard has been busy with other things like overrides
and the update to glibc-2.34.

Do you have any suggestions or questions about what we should do
with this patch series Richard?

Thanks for the reminder, I've been meaning to queue/test this which I will
do. The gcc version has been bumped but I ported the patch forward to it
and the patches are in master-next for testing. It is great to see this
support moving forward.

Much as it pains me to admit having any libtool knowledge, I may be able to
help with that bit. There is an untested patch below which may address that
issue, or at least give a good hint on how to do it if it doesn't work. I
don't have an environment to test easily right now.

Cheers,

Richard

I tested your libtool patch in master-next with the bzip2 recipe.  It
works as intended; libbz2.so.1.0.6 and all the other output files are
now reproducible with LTO enabled.  I also verified that libtool is
passing the -f*-prefix-map flags to the link command in log.do_compile
as intended.

I also verified that core-image-minimal builds successfully with the
libtool patch.

Thanks for testing that, sounds like it helps that issue. I'll queue that patch.

Unfortunately even with the ruby fix I queued, we still see reproduciblity
issues with the LDFLAGS change in curl-dev, gettext-ptest, ruby and ruby-dbg
packages:

https://autobuilder.yoctoproject.org/typhoon/#/builders/115/builds/515/steps/12/logs/stdio

We'll need to resolve those before I can merge the flags change.

Diffoscope output:

[OE-core] [PATCH 2/2] parted: update patch status

[Ross Burton]

This patch has now been submitted to parted-devel.

Signed-off-by: Ross Burton 
---
 meta/recipes-extended/parted/files/check-vfat.patch | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-extended/parted/files/check-vfat.patch 
b/meta/recipes-extended/parted/files/check-vfat.patch
index c64130a4e2a..fad50292d93 100644
--- a/meta/recipes-extended/parted/files/check-vfat.patch
+++ b/meta/recipes-extended/parted/files/check-vfat.patch
@@ -1,7 +1,7 @@
 Add checks for both mkfs.vfat and the vfat file system in the kernel before
 running tests.
 
-Upstream-Status: Pending
+Upstream-Status: Submitted 
[https://alioth-lists.debian.net/pipermail/parted-devel/2021-August/005653.html]
 Signed-off-by: Ross Burton 
 
 diff --git a/tests/t-lib-helpers.sh b/tests/t-lib-helpers.sh
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#154653): 
https://lists.openembedded.org/g/openembedded-core/message/154653
Mute This Topic: https://lists.openembedded.org/mt/84771861/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 1/2] parted: drop unneeded ld-is-gold patch

[Ross Burton]

This patch doesn't appear to be needed anymore, so drop it.

Signed-off-by: Ross Burton 
---
 ...ize-link-against-libuuid-explicitly-.patch | 34 ---
 meta/recipes-extended/parted/parted_3.4.bb|  1 -
 2 files changed, 35 deletions(-)
 delete mode 100644 
meta/recipes-extended/parted/files/0002-libparted_fs_resize-link-against-libuuid-explicitly-.patch

diff --git 
a/meta/recipes-extended/parted/files/0002-libparted_fs_resize-link-against-libuuid-explicitly-.patch
 
b/meta/recipes-extended/parted/files/0002-libparted_fs_resize-link-against-libuuid-explicitly-.patch
deleted file mode 100644
index bd2b5c55b18..000
--- 
a/meta/recipes-extended/parted/files/0002-libparted_fs_resize-link-against-libuuid-explicitly-.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 5c99d7e4c2b5e7a957dc922aff03debfebbd6154 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Andreas=20M=C3=BCller?= 
-Date: Fri, 3 Mar 2017 21:49:15 +0100
-Subject: [PATCH] libparted_fs_resize: link against libuuid explicitly to
- unbreak gold linking on test
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-| ../libparted/fs/.libs/libparted-fs-resize.so: error: undefined reference to 
'uuid_generate'
-
-Upstream-Status: Pending
-
-Signed-off-by: Andreas Müller 

- libparted/fs/Makefile.am | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/libparted/fs/Makefile.am b/libparted/fs/Makefile.am
-index d3cc8bc..c301b0b 100644
 a/libparted/fs/Makefile.am
-+++ b/libparted/fs/Makefile.am
-@@ -113,6 +113,8 @@ libparted_fs_resize_la_SOURCES = \
-   r/hfs/reloc_plus.c  \
-   r/hfs/reloc_plus.h
- 
-+libparted_fs_resize_la_LIBADD   = $(UUID_LIBS)
-+
- AM_CPPFLAGS = \
-   -I$(top_srcdir)/libparted/labels\
-   $(partedincludedir) \
--- 
-2.9.3
-
diff --git a/meta/recipes-extended/parted/parted_3.4.bb 
b/meta/recipes-extended/parted/parted_3.4.bb
index 8924bdb478c..ffab6271102 100644
--- a/meta/recipes-extended/parted/parted_3.4.bb
+++ b/meta/recipes-extended/parted/parted_3.4.bb
@@ -8,7 +8,6 @@ DEPENDS = "ncurses util-linux virtual/libiconv"
 
 SRC_URI = "${GNU_MIRROR}/parted/parted-${PV}.tar.xz \
file://fix-doc-mandir.patch \
-   
file://0002-libparted_fs_resize-link-against-libuuid-explicitly-.patch \
file://run-ptest \
file://check-vfat.patch \
"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#154652): 
https://lists.openembedded.org/g/openembedded-core/message/154652
Mute This Topic: https://lists.openembedded.org/mt/84771859/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH] python3: use monotonic clock for condvar if possible

[Steve Sakoman]

On Mon, Aug 2, 2021 at 6:41 PM Zhang, Qiang  wrote:
>
> From: Zqiang 
>
> The timeout for threading.Lock, threading.Condition, etc, is not using
> a monotonic clock, it is affected if the system time (realtime clock)
> is set.
>
> This patch will make condvar use monotonic clock.
> Refence: https://bugs.python.org/issue41710

Should this be backported to the 3.8.10 and 3.8.11 recipes in dunfell?

Steve

> Signed-off-by: Zqiang 
> ---
>  meta/recipes-devtools/python/python3_3.9.5.bb | 3 +++
>  1 file changed, 3 insertions(+)
>
> diff --git a/meta/recipes-devtools/python/python3_3.9.5.bb 
> b/meta/recipes-devtools/python/python3_3.9.5.bb
> index 82177f4a18..f3f0237c78 100644
> --- a/meta/recipes-devtools/python/python3_3.9.5.bb
> +++ b/meta/recipes-devtools/python/python3_3.9.5.bb
> @@ -73,6 +73,9 @@ DEPENDS = "bzip2-replacement-native libffi bzip2 openssl 
> sqlite3 zlib virtual/li
>  DEPENDS_append_class-target = " python3-native"
>  DEPENDS_append_class-nativesdk = " python3-native"
>
> +# force to use the mutex+cond implementation
> +CFLAGS += "-DHAVE_BROKEN_POSIX_SEMAPHORES"
> +
>  EXTRA_OECONF = " --without-ensurepip --enable-shared 
> --with-platlibdir=${baselib}"
>  EXTRA_OECONF_append_class-native = " --bindir=${bindir}/${PN}"
>
> --
> 2.17.1
>
>
> 
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#154651): 
https://lists.openembedded.org/g/openembedded-core/message/154651
Mute This Topic: https://lists.openembedded.org/mt/84632397/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 1/2] e2fsprogs: ensure small images have 256-byte inodes

[Ross Burton]

e2fsprogs calls filesystems larger than 3MB but smaller than 512MB
"small", which has some implications:

- blocksize 1024 instead of 4096
- inode_ratio 4096 instead of 16384
- inode_size 128 instead of 256

The outcome of the inode size dropping to 128 bytes is that they cannot
store 64-bit timestamps, so are not Y2038-safe.

A previous attempt to solve this problem[1] changed some of the canned
wic files to pass -T default to mkfs.ext4, but this only covered wic
images and not traditional images.  Also, actually small filesystems,
for example a core-image-minimal, will happily be tens of megabytes and
with the "default" options will result in an image which runs out of
blocks before it runs out of space:

mkfs.ext4: Could not allocate block in ext2 filesystem while populating file 
system

Considering that many OpenEmbedded images are in fact "small", being
2038-safe is worth the marginal increase is disk usage.  This patch
alters the small configuration in native builds so that it also has
256-byte inodes.  Target is unchanged so that standard behaviour is
maintained outside of the build.

This is actually the same underlying patch that Mathieu Dubois-Briand
sent in April, but the wic change in [1] was accepted instead. I believe
that is the wrong approach and this approach covers more cases.

[ YOCTO #14478 ]

[1] openembedded-core eecbe62
[2] https://lists.openembedded.org/g/openembedded-core/message/150298

Signed-off-by: Ross Burton 
---
 .../e2fsprogs/big-inodes-for-small-fs.patch   | 22 +++
 .../e2fsprogs/e2fsprogs_1.46.2.bb |  1 +
 2 files changed, 23 insertions(+)
 create mode 100644 
meta/recipes-devtools/e2fsprogs/e2fsprogs/big-inodes-for-small-fs.patch

diff --git 
a/meta/recipes-devtools/e2fsprogs/e2fsprogs/big-inodes-for-small-fs.patch 
b/meta/recipes-devtools/e2fsprogs/e2fsprogs/big-inodes-for-small-fs.patch
new file mode 100644
index 000..caeb560d322
--- /dev/null
+++ b/meta/recipes-devtools/e2fsprogs/e2fsprogs/big-inodes-for-small-fs.patch
@@ -0,0 +1,22 @@
+Ensure "small" file systems also have the default inode size (256 bytes) so 
that
+can store 64-bit timestamps and work past 2038.
+
+The "small" type is any size >3MB and <512MB, which covers a lot of relatively
+small filesystems built by OE, especially when they're sized to fit the 
contents
+and expand to the storage on boot.
+
+Upstream-Status: Inappropriate
+Signed-off-by: Ross Burton 
+
+diff --git a/misc/mke2fs.conf.in b/misc/mke2fs.conf.in
+index 01e35cf8..29f41dc0 100644
+--- a/misc/mke2fs.conf.in
 b/misc/mke2fs.conf.in
+@@ -16,7 +16,6 @@
+   }
+   small = {
+   blocksize = 1024
+-  inode_size = 128
+   inode_ratio = 4096
+   }
+   floppy = {
diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.46.2.bb 
b/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.46.2.bb
index d68d131e0ad..8cc046c7946 100644
--- a/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.46.2.bb
+++ b/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.46.2.bb
@@ -10,6 +10,7 @@ SRC_URI += "file://remove.ldconfig.call.patch \
 
 SRC_URI:append:class-native = " 
file://e2fsprogs-fix-missing-check-for-permission-denied.patch \
 file://quiet-debugfs.patch \
+file://big-inodes-for-small-fs.patch \
 "
 
 
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#154649): 
https://lists.openembedded.org/g/openembedded-core/message/154649
Mute This Topic: https://lists.openembedded.org/mt/84771287/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 2/2] wic: don't forcibly pass -T default

[Ross Burton]

This reverts part of oe-core eecbe62555, which was a previous attempt
to solve the Y2038 problem.  This is now solved centrally in e2fsprogs,
so doesn't need to be dealt with in wic.

We don't revert the commit entirely, to retain the warning if a
filesystem has small inodes.

Signed-off-by: Ross Burton 
---
 scripts/lib/wic/canned-wks/common.wks.inc | 2 +-
 scripts/lib/wic/canned-wks/directdisk-gpt.wks | 2 +-
 scripts/lib/wic/canned-wks/mkefidisk.wks  | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/scripts/lib/wic/canned-wks/common.wks.inc 
b/scripts/lib/wic/canned-wks/common.wks.inc
index 4fd29fa8c11..89880b417b6 100644
--- a/scripts/lib/wic/canned-wks/common.wks.inc
+++ b/scripts/lib/wic/canned-wks/common.wks.inc
@@ -1,3 +1,3 @@
 # This file is included into 3 canned wks files from this directory
 part /boot --source bootimg-pcbios --ondisk sda --label boot --active --align 
1024
-part / --source rootfs --use-uuid --fstype=ext4 --mkfs-extraopts "-T default" 
--label platform --align 1024
+part / --source rootfs --use-uuid --fstype=ext4 --label platform --align 1024
diff --git a/scripts/lib/wic/canned-wks/directdisk-gpt.wks 
b/scripts/lib/wic/canned-wks/directdisk-gpt.wks
index cf16c0c30bb..8d7d8de6ea7 100644
--- a/scripts/lib/wic/canned-wks/directdisk-gpt.wks
+++ b/scripts/lib/wic/canned-wks/directdisk-gpt.wks
@@ -4,7 +4,7 @@
 
 
 part /boot --source bootimg-pcbios --ondisk sda --label boot --active --align 
1024
-part / --source rootfs --ondisk sda --fstype=ext4 --mkfs-extraopts "-T 
default" --label platform --align 1024 --use-uuid
+part / --source rootfs --ondisk sda --fstype=ext4 --label platform --align 
1024 --use-uuid
 
 bootloader  --ptable gpt --timeout=0  --append="rootwait rootfstype=ext4 
video=vesafb vga=0x318 console=tty0 console=ttyS0,115200n8"
 
diff --git a/scripts/lib/wic/canned-wks/mkefidisk.wks 
b/scripts/lib/wic/canned-wks/mkefidisk.wks
index d1878e23e5a..9f534fe1847 100644
--- a/scripts/lib/wic/canned-wks/mkefidisk.wks
+++ b/scripts/lib/wic/canned-wks/mkefidisk.wks
@@ -4,7 +4,7 @@
 
 part /boot --source bootimg-efi --sourceparams="loader=grub-efi" --ondisk sda 
--label msdos --active --align 1024
 
-part / --source rootfs --ondisk sda --fstype=ext4 --mkfs-extraopts "-T 
default"  --label platform --align 1024 --use-uuid
+part / --source rootfs --ondisk sda --fstype=ext4 --label platform --align 
1024 --use-uuid
 
 part swap --ondisk sda --size 44 --label swap1 --fstype=swap
 
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#154650): 
https://lists.openembedded.org/g/openembedded-core/message/154650
Mute This Topic: https://lists.openembedded.org/mt/84771288/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [hardknott][PATCH 23/23] nettle: update 3.7.2 -> 3.7.3

[Anuj Mittal]

From: Alexander Kanavin 

fix CVE-2021-3580

(From OE-Core rev: 219c89310264f99c2c43bb80e437a8a1e8e3217a)

Signed-off-by: Alexander Kanavin 
Signed-off-by: Richard Purdie 
Signed-off-by: Changqing Li 
Signed-off-by: Anuj Mittal 
---
 .../recipes-support/nettle/{nettle_3.7.2.bb => nettle_3.7.3.bb} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-support/nettle/{nettle_3.7.2.bb => nettle_3.7.3.bb} (96%)

diff --git a/meta/recipes-support/nettle/nettle_3.7.2.bb 
b/meta/recipes-support/nettle/nettle_3.7.3.bb
similarity index 96%
rename from meta/recipes-support/nettle/nettle_3.7.2.bb
rename to meta/recipes-support/nettle/nettle_3.7.3.bb
index f8f3360086..031500d741 100644
--- a/meta/recipes-support/nettle/nettle_3.7.2.bb
+++ b/meta/recipes-support/nettle/nettle_3.7.3.bb
@@ -24,7 +24,7 @@ SRC_URI_append_class-target = "\
 file://dlopen-test.patch \
 "
 
-SRC_URI[sha256sum] = 
"8d2a604ef1cde4cd5fb77e422531ea25ad064679ff0adf956e78b3352e0ef162"
+SRC_URI[sha256sum] = 
"661f5eb03f048a3b924c3a8ad2515d4068e40f67e774e8a26827658007e3bcf0"
 
 UPSTREAM_CHECK_REGEX = "nettle-(?P\d+(\.\d+)+)\.tar"
 
-- 
2.31.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#154648): 
https://lists.openembedded.org/g/openembedded-core/message/154648
Mute This Topic: https://lists.openembedded.org/mt/84771275/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [hardknott][PATCH 22/23] qemu: fix CVE-2021-3527

[Anuj Mittal]

From: Lee Chee Yang 

(cherry picked from commit 6774efd1e3d0bd5c8c34f84dcf4f698d7eafb36a)
Signed-off-by: Lee Chee Yang 
Signed-off-by: Alexandre Belloni 
Signed-off-by: Richard Purdie 
Signed-off-by: Anuj Mittal 
---
 meta/recipes-devtools/qemu/qemu.inc   |  2 +
 .../qemu/qemu/CVE-2021-3527-1.patch   | 42 +
 .../qemu/qemu/CVE-2021-3527-2.patch   | 59 +++
 3 files changed, 103 insertions(+)
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-3527-1.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-3527-2.patch

diff --git a/meta/recipes-devtools/qemu/qemu.inc 
b/meta/recipes-devtools/qemu/qemu.inc
index 5f7d82dfed..a22721004e 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -64,6 +64,8 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \

file://0005-vhost-user-gpu-fix-memory-leak-in-virgl_cmd_resource.patch \

file://0006-vhost-user-gpu-fix-memory-leak-in-virgl_resource_att.patch \

file://0007-vhost-user-gpu-fix-OOB-write-in-virgl_cmd_get_capset.patch \
+   file://CVE-2021-3527-1.patch \
+   file://CVE-2021-3527-2.patch \
"
 UPSTREAM_CHECK_REGEX = "qemu-(?P\d+(\.\d+)+)\.tar"
 
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2021-3527-1.patch 
b/meta/recipes-devtools/qemu/qemu/CVE-2021-3527-1.patch
new file mode 100644
index 00..77a5385692
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2021-3527-1.patch
@@ -0,0 +1,42 @@
+From 05a40b172e4d691371534828078be47e7fff524c Mon Sep 17 00:00:00 2001
+From: Gerd Hoffmann 
+Date: Mon, 3 May 2021 15:29:15 +0200
+Subject: [PATCH] usb: limit combined packets to 1 MiB (CVE-2021-3527)
+
+usb-host and usb-redirect try to batch bulk transfers by combining many
+small usb packets into a single, large transfer request, to reduce the
+overhead and improve performance.
+
+This patch adds a size limit of 1 MiB for those combined packets to
+restrict the host resources the guest can bind that way.
+
+Signed-off-by: Gerd Hoffmann 
+Message-Id: <20210503132915.2335822-6-kra...@redhat.com>
+
+Upstream-Status: Backport
+https://gitlab.com/qemu-project/qemu/-/commit/05a40b172e4d691371534828078be47e7fff524c
+CVE: CVE-2021-3527
+Signed-off-by: Chee Yang Lee 
+
+---
+ hw/usb/combined-packet.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/hw/usb/combined-packet.c b/hw/usb/combined-packet.c
+index 5d57e883dc..e56802f89a 100644
+--- a/hw/usb/combined-packet.c
 b/hw/usb/combined-packet.c
+@@ -171,7 +171,9 @@ void usb_ep_combine_input_packets(USBEndpoint *ep)
+ if ((p->iov.size % ep->max_packet_size) != 0 || !p->short_not_ok ||
+ next == NULL ||
+ /* Work around for Linux usbfs bulk splitting + migration */
+-(totalsize == (16 * KiB - 36) && p->int_req)) {
++(totalsize == (16 * KiB - 36) && p->int_req) ||
++/* Next package may grow combined package over 1MiB */
++totalsize > 1 * MiB - ep->max_packet_size) {
+ usb_device_handle_data(ep->dev, first);
+ assert(first->status == USB_RET_ASYNC);
+ if (first->combined) {
+-- 
+GitLab
+
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2021-3527-2.patch 
b/meta/recipes-devtools/qemu/qemu/CVE-2021-3527-2.patch
new file mode 100644
index 00..6371aced12
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2021-3527-2.patch
@@ -0,0 +1,59 @@
+From 7ec54f9eb62b5d177e30eb8b1cad795a5f8d8986 Mon Sep 17 00:00:00 2001
+From: Gerd Hoffmann 
+Date: Mon, 3 May 2021 15:29:12 +0200
+Subject: [PATCH] usb/redir: avoid dynamic stack allocation (CVE-2021-3527)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Use autofree heap allocation instead.
+
+Fixes: 4f4321c11ff ("usb: use iovecs in USBPacket")
+Reviewed-by: Philippe Mathieu-Daudé 
+Signed-off-by: Gerd Hoffmann 
+Tested-by: Philippe Mathieu-Daudé 
+Message-Id: <20210503132915.2335822-3-kra...@redhat.com>
+
+Upstream-Status: Backport
+https://gitlab.com/qemu-project/qemu/-/commit/7ec54f9eb62b5d177e30eb8b1cad795a5f8d8986
+CVE: CVE-2021-3527
+Signed-off-by: Chee Yang Lee 
+
+---
+ hw/usb/redirect.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/hw/usb/redirect.c b/hw/usb/redirect.c
+index 17f06f3417..6a75b0dc4a 100644
+--- a/hw/usb/redirect.c
 b/hw/usb/redirect.c
+@@ -620,7 +620,7 @@ static void usbredir_handle_iso_data(USBRedirDevice *dev, 
USBPacket *p,
+ .endpoint = ep,
+ .length = p->iov.size
+ };
+-uint8_t buf[p->iov.size];
++g_autofree uint8_t *buf = g_malloc(p->iov.size);
+ /* No id, we look at the ep when receiving a status back */
+ usb_packet_copy(p, buf, p->iov.size);
+ usbredirparser_send_iso_packet(dev->parser, 0, _packet,
+@@ -818,7 

[OE-core] [hardknott][PATCH 21/23] qemu: fix virtio vhost-user-gpu CVEs

[Anuj Mittal]

From: Ross Burton 

Fix a slew of CVEs (CVE-2021-3544, CVE-2021-3545, CVE-2021-3546) by
backporting the relevant patches from qemu's git.

(From OE-Core rev: ce850a5ce84f949d3114024c89ae3dd98fcbef41)

Signed-off-by: Ross Burton 
Signed-off-by: Richard Purdie 
(cherry picked from commit ce850a5ce84f949d3114024c89ae3dd98fcbef41)
Signed-off-by: Lee Chee Yang 
Signed-off-by: Anuj Mittal 
---
 meta/recipes-devtools/qemu/qemu.inc   |  7 +++
 ...ix-memory-disclosure-in-virgl_cmd_ge.patch | 43 ++
 ...ix-resource-leak-in-vg_resource_crea.patch | 41 +
 ...ix-memory-leak-in-vg_resource_attach.patch | 48 +++
 ...ix-memory-leak-while-calling-vg_reso.patch | 50 
 ...ix-memory-leak-in-virgl_cmd_resource.patch | 58 +++
 ...ix-memory-leak-in-virgl_resource_att.patch | 49 
 ...ix-OOB-write-in-virgl_cmd_get_capset.patch | 49 
 8 files changed, 345 insertions(+)
 create mode 100644 
meta/recipes-devtools/qemu/qemu/0001-vhost-user-gpu-fix-memory-disclosure-in-virgl_cmd_ge.patch
 create mode 100644 
meta/recipes-devtools/qemu/qemu/0002-vhost-user-gpu-fix-resource-leak-in-vg_resource_crea.patch
 create mode 100644 
meta/recipes-devtools/qemu/qemu/0003-vhost-user-gpu-fix-memory-leak-in-vg_resource_attach.patch
 create mode 100644 
meta/recipes-devtools/qemu/qemu/0004-vhost-user-gpu-fix-memory-leak-while-calling-vg_reso.patch
 create mode 100644 
meta/recipes-devtools/qemu/qemu/0005-vhost-user-gpu-fix-memory-leak-in-virgl_cmd_resource.patch
 create mode 100644 
meta/recipes-devtools/qemu/qemu/0006-vhost-user-gpu-fix-memory-leak-in-virgl_resource_att.patch
 create mode 100644 
meta/recipes-devtools/qemu/qemu/0007-vhost-user-gpu-fix-OOB-write-in-virgl_cmd_get_capset.patch

diff --git a/meta/recipes-devtools/qemu/qemu.inc 
b/meta/recipes-devtools/qemu/qemu.inc
index 3921546df7..5f7d82dfed 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -57,6 +57,13 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
file://CVE-2020-27821.patch \
file://CVE-2021-20263.patch \
file://CVE-2021-3392.patch \
+   
file://0001-vhost-user-gpu-fix-memory-disclosure-in-virgl_cmd_ge.patch \
+   
file://0002-vhost-user-gpu-fix-resource-leak-in-vg_resource_crea.patch \
+   
file://0003-vhost-user-gpu-fix-memory-leak-in-vg_resource_attach.patch \
+   
file://0004-vhost-user-gpu-fix-memory-leak-while-calling-vg_reso.patch \
+   
file://0005-vhost-user-gpu-fix-memory-leak-in-virgl_cmd_resource.patch \
+   
file://0006-vhost-user-gpu-fix-memory-leak-in-virgl_resource_att.patch \
+   
file://0007-vhost-user-gpu-fix-OOB-write-in-virgl_cmd_get_capset.patch \
"
 UPSTREAM_CHECK_REGEX = "qemu-(?P\d+(\.\d+)+)\.tar"
 
diff --git 
a/meta/recipes-devtools/qemu/qemu/0001-vhost-user-gpu-fix-memory-disclosure-in-virgl_cmd_ge.patch
 
b/meta/recipes-devtools/qemu/qemu/0001-vhost-user-gpu-fix-memory-disclosure-in-virgl_cmd_ge.patch
new file mode 100644
index 00..981c237292
--- /dev/null
+++ 
b/meta/recipes-devtools/qemu/qemu/0001-vhost-user-gpu-fix-memory-disclosure-in-virgl_cmd_ge.patch
@@ -0,0 +1,43 @@
+CVE: CVE-2021-3545
+Upstream-Status: Backport
+Signed-off-by: Ross Burton 
+
+From 121841b25d72d13f8cad554363138c360f1250ea Mon Sep 17 00:00:00 2001
+From: Li Qiang 
+Date: Sat, 15 May 2021 20:03:56 -0700
+Subject: [PATCH 1/7] vhost-user-gpu: fix memory disclosure in
+ virgl_cmd_get_capset_info (CVE-2021-3545)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Otherwise some of the 'resp' will be leaked to guest.
+
+Fixes: CVE-2021-3545
+Reported-by: Li Qiang 
+virtio-gpu fix: 42a8dadc74 ("virtio-gpu: fix information leak
+in getting capset info dispatch")
+
+Signed-off-by: Li Qiang 
+Reviewed-by: Marc-André Lureau 
+Message-Id: <20210516030403.107723-2-liq...@163.com>
+Signed-off-by: Gerd Hoffmann 
+---
+ contrib/vhost-user-gpu/virgl.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/contrib/vhost-user-gpu/virgl.c b/contrib/vhost-user-gpu/virgl.c
+index 9e6660c7ab..6a332d601f 100644
+--- a/contrib/vhost-user-gpu/virgl.c
 b/contrib/vhost-user-gpu/virgl.c
+@@ -128,6 +128,7 @@ virgl_cmd_get_capset_info(VuGpu *g,
+ 
+ VUGPU_FILL_CMD(info);
+ 
++memset(, 0, sizeof(resp));
+ if (info.capset_index == 0) {
+ resp.capset_id = VIRTIO_GPU_CAPSET_VIRGL;
+ virgl_renderer_get_cap_set(resp.capset_id,
+-- 
+2.25.1
+
diff --git 
a/meta/recipes-devtools/qemu/qemu/0002-vhost-user-gpu-fix-resource-leak-in-vg_resource_crea.patch
 
b/meta/recipes-devtools/qemu/qemu/0002-vhost-user-gpu-fix-resource-leak-in-vg_resource_crea.patch
new file mode 100644
index 00..a9aee47e39
--- /dev/null
+++ 
b/meta/recipes-devtools/qemu/qemu/0002-vhost-user-gpu-fix-resource-leak-in-vg_resource_crea.patch
@@ -0,0 +1,41 @@
+CVE: CVE-2021-3544
+Upstream-Status: 

[OE-core] [hardknott][PATCH 20/23] util-linux: fix CVE 2021-37600

[Anuj Mittal]

From: Joe Slater 

Backport patch, which should be in next release (2.37.2).

Signed-off-by: Joe Slater 
Signed-off-by: Anuj Mittal 
---
 meta/recipes-core/util-linux/util-linux.inc   |  1 +
 .../util-linux/CVE-2021-37600.patch   | 38 +++
 2 files changed, 39 insertions(+)
 create mode 100644 meta/recipes-core/util-linux/util-linux/CVE-2021-37600.patch

diff --git a/meta/recipes-core/util-linux/util-linux.inc 
b/meta/recipes-core/util-linux/util-linux.inc
index 6b47f417aa..b21d6d46d2 100644
--- a/meta/recipes-core/util-linux/util-linux.inc
+++ b/meta/recipes-core/util-linux/util-linux.inc
@@ -36,5 +36,6 @@ SRC_URI = 
"${KERNELORG_MIRROR}/linux/utils/util-linux/v${MAJOR_VERSION}/util-lin
file://display_testname_for_subtest.patch \
file://avoid_parallel_tests.patch \
file://Automake-use-EXTRA_LTLIBRARIES-instead-of-noinst_LTL.patch \
+   file://CVE-2021-37600.patch \
"
 SRC_URI[sha256sum] = 
"f7516ba9d8689343594356f0e5e1a5f0da34adfbc89023437735872bb5024c5f"
diff --git a/meta/recipes-core/util-linux/util-linux/CVE-2021-37600.patch 
b/meta/recipes-core/util-linux/util-linux/CVE-2021-37600.patch
new file mode 100644
index 00..11934eee8d
--- /dev/null
+++ b/meta/recipes-core/util-linux/util-linux/CVE-2021-37600.patch
@@ -0,0 +1,38 @@
+From 1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c Mon Sep 17 00:00:00 2001
+From: Karel Zak 
+Date: Tue, 27 Jul 2021 11:58:31 +0200
+Subject: [PATCH] sys-utils/ipcutils: be careful when call calloc() for uint64
+ nmembs
+
+Fix: https://github.com/karelzak/util-linux/issues/1395
+Signed-off-by: Karel Zak 
+
+CVE: CVE-2021-37600
+
+after version 2.37.1
+https://github.com/karelzak/util-linux.git 1c9143d0c1d...
+unmodified
+
+Upstream-Status: Backport
+
+Signed-off-by: Joe Slater 
+---
+ sys-utils/ipcutils.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/sys-utils/ipcutils.c b/sys-utils/ipcutils.c
+index e784c4d..18868cf 100644
+--- a/sys-utils/ipcutils.c
 b/sys-utils/ipcutils.c
+@@ -218,7 +218,7 @@ static void get_sem_elements(struct sem_data *p)
+ {
+   size_t i;
+ 
+-  if (!p || !p->sem_nsems || p->sem_perm.id < 0)
++  if (!p || !p->sem_nsems || p->sem_nsems > SIZE_MAX || p->sem_perm.id < 
0)
+   return;
+ 
+   p->elements = xcalloc(p->sem_nsems, sizeof(struct sem_elem));
+-- 
+2.7.4
+
-- 
2.31.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#154645): 
https://lists.openembedded.org/g/openembedded-core/message/154645
Mute This Topic: https://lists.openembedded.org/mt/84771267/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [hardknott][PATCH 19/23] curl: fix CVES

[Anuj Mittal]

From: Mingli Yu 

Backport patches to fix below CVEs:
CVE-2021-22901
CVE-2021-22924
CVE-2021-22926

Signed-off-by: Mingli Yu 
Signed-off-by: Anuj Mittal 
---
 .../curl/curl/CVE-2021-22901.patch| 453 ++
 .../curl/curl/CVE-2021-22924.patch| 298 
 .../curl/curl/CVE-2021-22926.patch|  79 +++
 meta/recipes-support/curl/curl_7.75.0.bb  |   3 +
 4 files changed, 833 insertions(+)
 create mode 100644 meta/recipes-support/curl/curl/CVE-2021-22901.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2021-22924.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2021-22926.patch

diff --git a/meta/recipes-support/curl/curl/CVE-2021-22901.patch 
b/meta/recipes-support/curl/curl/CVE-2021-22901.patch
new file mode 100644
index 00..c5775c6306
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2021-22901.patch
@@ -0,0 +1,453 @@
+From a801ebdc2b1c008fa72c31f1bf7773d99e6e2a2d Mon Sep 17 00:00:00 2001
+From: Harry Sintonen 
+Date: Tue, 3 Aug 2021 08:41:45 +
+Subject: [PATCH] openssl: associate/detach the transfer from connection
+
+CVE-2021-22901
+
+Bug: https://curl.se/docs/CVE-2021-22901.html
+
+CVE: CVE-2021-22901
+
+Upstream-Status: Backport 
[https://github.com/curl/curl/commit/7f4a9a9b2a49547eae24d2e19bc5c346e9026479]
+
+Signed-off-by: Mingli Yu 
+---
+ lib/multi.c  |   5 +-
+ lib/vtls/gskit.c |   4 +-
+ lib/vtls/gtls.c  |   4 +-
+ lib/vtls/mbedtls.c   |   4 +-
+ lib/vtls/mesalink.c  |   4 +-
+ lib/vtls/nss.c   |   4 +-
+ lib/vtls/openssl.c   | 146 +++
+ lib/vtls/schannel.c  |   6 +-
+ lib/vtls/sectransp.c |   4 +-
+ lib/vtls/vtls.c  |  23 ++-
+ lib/vtls/vtls.h  |  12 
+ lib/vtls/wolfssl.c   |   4 +-
+ 12 files changed, 170 insertions(+), 50 deletions(-)
+
+diff --git a/lib/multi.c b/lib/multi.c
+index 85707a1..a4ff9ac 100644
+--- a/lib/multi.c
 b/lib/multi.c
+@@ -875,8 +875,10 @@ bool Curl_multiplex_wanted(const struct Curl_multi *multi)
+ void Curl_detach_connnection(struct Curl_easy *data)
+ {
+   struct connectdata *conn = data->conn;
+-  if(conn)
++  if(conn) {
+ Curl_llist_remove(>easyq, >conn_queue, NULL);
++Curl_ssl_detach_conn(data, conn);
++  }
+   data->conn = NULL;
+ }
+ 
+@@ -893,6 +895,7 @@ void Curl_attach_connnection(struct Curl_easy *data,
+   data->conn = conn;
+   Curl_llist_insert_next(>easyq, conn->easyq.tail, data,
+  >conn_queue);
++  Curl_ssl_associate_conn(data, conn);
+ }
+ 
+ static int waitconnect_getsock(struct connectdata *conn,
+diff --git a/lib/vtls/gskit.c b/lib/vtls/gskit.c
+index 9b5f649..bd9c602 100644
+--- a/lib/vtls/gskit.c
 b/lib/vtls/gskit.c
+@@ -1282,7 +1282,9 @@ const struct Curl_ssl Curl_ssl_gskit = {
+   Curl_none_set_engine_default,   /* set_engine_default */
+   Curl_none_engines_list, /* engines_list */
+   Curl_none_false_start,  /* false_start */
+-  NULL/* sha256sum */
++  NULL,   /* sha256sum */
++  NULL,   /* associate_connection */
++  NULL/* disassociate_connection */
+ };
+ 
+ #endif /* USE_GSKIT */
+diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c
+index 28ca528..24e036b 100644
+--- a/lib/vtls/gtls.c
 b/lib/vtls/gtls.c
+@@ -1683,7 +1683,9 @@ const struct Curl_ssl Curl_ssl_gnutls = {
+   Curl_none_set_engine_default,  /* set_engine_default */
+   Curl_none_engines_list,/* engines_list */
+   Curl_none_false_start, /* false_start */
+-  gtls_sha256sum /* sha256sum */
++  gtls_sha256sum,/* sha256sum */
++  NULL,  /* associate_connection */
++  NULL   /* disassociate_connection */
+ };
+ 
+ #endif /* USE_GNUTLS */
+diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c
+index bd0e080..fc973c7 100644
+--- a/lib/vtls/mbedtls.c
 b/lib/vtls/mbedtls.c
+@@ -1112,7 +1112,9 @@ const struct Curl_ssl Curl_ssl_mbedtls = {
+   Curl_none_set_engine_default, /* set_engine_default */
+   Curl_none_engines_list,   /* engines_list */
+   Curl_none_false_start,/* false_start */
+-  mbedtls_sha256sum /* sha256sum */
++  mbedtls_sha256sumi,   /* sha256sum */
++  NULL, /* associate_connection */
++  NULL  /* disassociate_connection */
+ };
+ 
+ #endif /* USE_MBEDTLS */
+diff --git a/lib/vtls/mesalink.c b/lib/vtls/mesalink.c
+index ad807d3..8a91487 100644
+--- a/lib/vtls/mesalink.c
 b/lib/vtls/mesalink.c
+@@ -666,7 +666,9 @@ const struct Curl_ssl Curl_ssl_mesalink = {
+   Curl_none_set_engine_default,  /* set_engine_default */
+   Curl_none_engines_list,/* engines_list */
+   Curl_none_false_start, /* false_start */
+-  NULL   /* sha256sum */
++  NULL,  /* sha256sum */
++  NULL,  

[OE-core] [hardknott][PATCH 18/23] curl: fix CVE-2021-22925

[Anuj Mittal]

From: Mingli Yu 

CVE-2021-22925

Reported-by: Red Hat Product Security
Bug: https://curl.se/docs/CVE-2021-22925.html

Signed-off-by: Mingli Yu 
Signed-off-by: Anuj Mittal 
---
 .../curl/curl/CVE-2021-22925.patch| 50 +++
 meta/recipes-support/curl/curl_7.75.0.bb  |  1 +
 2 files changed, 51 insertions(+)
 create mode 100644 meta/recipes-support/curl/curl/CVE-2021-22925.patch

diff --git a/meta/recipes-support/curl/curl/CVE-2021-22925.patch 
b/meta/recipes-support/curl/curl/CVE-2021-22925.patch
new file mode 100644
index 00..e3009c9533
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2021-22925.patch
@@ -0,0 +1,50 @@
+From 894f6ec730597eb243618d33cc84d71add8d6a8a Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg 
+Date: Sat, 12 Jun 2021 18:25:15 +0200
+Subject: [PATCH] telnet: fix option parser to not send uninitialized contents
+
+CVE-2021-22925
+
+Reported-by: Red Hat Product Security
+Bug: https://curl.se/docs/CVE-2021-22925.html
+
+CVE: CVE-2021-22925
+
+Upstream-Status: Backport 
[https://github.com/curl/curl/commit/894f6ec730597eb243618d33cc84d71add8d6a8a]
+
+Signed-off-by: Mingli Yu 
+---
+ lib/telnet.c | 17 +++--
+ 1 file changed, 11 insertions(+), 6 deletions(-)
+
+diff --git a/lib/telnet.c b/lib/telnet.c
+index 1d3024ec4..a81bb81c3 100644
+--- a/lib/telnet.c
 b/lib/telnet.c
+@@ -920,12 +920,17 @@ static void suboption(struct Curl_easy *data)
+ size_t tmplen = (strlen(v->data) + 1);
+ /* Add the variable only if it fits */
+ if(len + tmplen < (int)sizeof(temp)-6) {
+-  if(sscanf(v->data, "%127[^,],%127s", varname, varval) == 2) {
+-msnprintf((char *)[len], sizeof(temp) - len,
+-  "%c%s%c%s", CURL_NEW_ENV_VAR, varname,
+-  CURL_NEW_ENV_VALUE, varval);
+-len += tmplen;
+-  }
++  int rv;
++  char sep[2] = "";
++  varval[0] = 0;
++  rv = sscanf(v->data, "%127[^,]%1[,]%127s", varname, sep, varval);
++  if(rv == 1)
++len += msnprintf((char *)[len], sizeof(temp) - len,
++ "%c%s", CURL_NEW_ENV_VAR, varname);
++  else if(rv >= 2)
++len += msnprintf((char *)[len], sizeof(temp) - len,
++ "%c%s%c%s", CURL_NEW_ENV_VAR, varname,
++ CURL_NEW_ENV_VALUE, varval);
+ }
+   }
+   msnprintf((char *)[len], sizeof(temp) - len,
+-- 
+2.17.1
+
diff --git a/meta/recipes-support/curl/curl_7.75.0.bb 
b/meta/recipes-support/curl/curl_7.75.0.bb
index 42be2eb0b5..b2aad0bbc2 100644
--- a/meta/recipes-support/curl/curl_7.75.0.bb
+++ b/meta/recipes-support/curl/curl_7.75.0.bb
@@ -17,6 +17,7 @@ SRC_URI = "https://curl.haxx.se/download/curl-${PV}.tar.bz2 \
file://vtls-fix-warning.patch \
file://CVE-2021-22898.patch \
file://CVE-2021-22897.patch \
+   file://CVE-2021-22925.patch \
 "
 
 SRC_URI[sha256sum] = 
"50552d4501c178e4cc68baaecc487f466a3d6d19bbf4e50a01869effb316d026"
-- 
2.31.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#154643): 
https://lists.openembedded.org/g/openembedded-core/message/154643
Mute This Topic: https://lists.openembedded.org/mt/84771264/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [hardknott][PATCH 17/23] cve-check: improve comment about CVE patch file names

[Anuj Mittal]

From: Michael Opdenacker 

Signed-off-by: Michael Opdenacker 
Signed-off-by: Richard Purdie 
(cherry picked from commit 8aa613480663e11ecc62278d8c57ca719eb23899)
Signed-off-by: Anuj Mittal 
---
 meta/classes/cve-check.bbclass | 9 ++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 246393338c..4fa1a64f85 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -166,9 +166,12 @@ def get_patches_cves(d):
 pn = d.getVar("PN")
 cve_match = re.compile("CVE:( CVE\-\d{4}\-\d+)+")
 
-# Matches last CVE-1234-211432 in the file name, also if written
-# with small letters. Not supporting multiple CVE id's in a single
-# file name.
+# Matches the last "CVE--ID" in the file name, also if written
+# in lowercase. Possible to have multiple CVE IDs in a single
+# file name, but only the last one will be detected from the file name.
+# However, patch files contents addressing multiple CVE IDs are supported
+# (cve_match regular expression)
+
 cve_file_name_match = re.compile(".*([Cc][Vv][Ee]\-\d{4}\-\d+)")
 
 patched_cves = set()
-- 
2.31.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#154642): 
https://lists.openembedded.org/g/openembedded-core/message/154642
Mute This Topic: https://lists.openembedded.org/mt/84771263/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [hardknott][PATCH 16/23] cve-check: update link to NVD website for CVE details

[Anuj Mittal]

From: Michael Opdenacker 

The old URL schema
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-ID
now redirects to
https://nvd.nist.gov/vuln/detail/CVE-ID

Signed-off-by: Michael Opdenacker 
Signed-off-by: Richard Purdie 
(cherry picked from commit 57adb57a9d9b08c08ab606ec7b561792e4f4ff2d)
Signed-off-by: Anuj Mittal 
---
 meta/classes/cve-check.bbclass | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 7cc2a703db..246393338c 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -355,7 +355,7 @@ def cve_write_data(d, patched, unpatched, whitelisted, 
cve_data):
 if include_layers and layer not in include_layers:
 return
 
-nvd_link = "https://web.nvd.nist.gov/view/vuln/detail?vulnId=;
+nvd_link = "https://nvd.nist.gov/vuln/detail/;
 write_string = ""
 unpatched_cves = []
 bb.utils.mkdirhier(os.path.dirname(cve_file))
-- 
2.31.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#154641): 
https://lists.openembedded.org/g/openembedded-core/message/154641
Mute This Topic: https://lists.openembedded.org/mt/84771262/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [hardknott][PATCH 15/23] cve-check: fix comments

[Anuj Mittal]

From: Michael Opdenacker 

This implements various fixes in comments in cve-check.bbclass
In particular, the "whitlisted" typo is important as the "whitelisted"
word is going to be replaced in a near future.

Signed-off-by: Michael Opdenacker 
Signed-off-by: Richard Purdie 
(cherry picked from commit 5eecd2bf942254d08c252388594e5ec7ae330f45)
Signed-off-by: Anuj Mittal 
---
 meta/classes/cve-check.bbclass | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 112ee3379d..7cc2a703db 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -20,7 +20,7 @@
 # the only method to check against CVEs. Running this tool
 # doesn't guarantee your packages are free of CVEs.
 
-# The product name that the CVE database uses.  Defaults to BPN, but may need 
to
+# The product name that the CVE database uses defaults to BPN, but may need to
 # be overriden per recipe (for example tiff.bb sets CVE_PRODUCT=libtiff).
 CVE_PRODUCT ??= "${BPN}"
 CVE_VERSION ??= "${PV}"
@@ -56,11 +56,11 @@ CVE_CHECK_WHITELIST ?= ""
 # Layers to be excluded
 CVE_CHECK_LAYER_EXCLUDELIST ??= ""
 
-# Layers to be included 
+# Layers to be included
 CVE_CHECK_LAYER_INCLUDELIST ??= ""
 
 
-# set to "alphabetical" for version using single alphabetical character as 
increament release
+# set to "alphabetical" for version using single alphabetical character as 
increment release
 CVE_VERSION_SUFFIX ??= ""
 
 python cve_save_summary_handler () {
@@ -230,7 +230,7 @@ def check_cves(d, patched_cves):
 return ([], [], [])
 pv = d.getVar("CVE_VERSION").split("+git")[0]
 
-# If the recipe has been whitlisted we return empty lists
+# If the recipe has been whitelisted we return empty lists
 if pn in d.getVar("CVE_CHECK_PN_WHITELIST").split():
 bb.note("Recipe has been whitelisted, skipping check")
 return ([], [], [])
-- 
2.31.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#154640): 
https://lists.openembedded.org/g/openembedded-core/message/154640
Mute This Topic: https://lists.openembedded.org/mt/84771261/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [hardknott][PATCH 14/23] oeqa/runtime/cases/ptest: Increase test timeout from 300s to 450s

[Anuj Mittal]

From: Richard Purdie 

Some tests such as lttng-tools are marginal and timing out on the autobuilder
with the current 300s default. Increase to avoid this noise in the ptest
failures list.

Signed-off-by: Richard Purdie 
(cherry picked from commit 5fb902a52e35130af6b0735a087c709daa35655f)
Signed-off-by: Anuj Mittal 
---
 meta/lib/oeqa/runtime/cases/ptest.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/lib/oeqa/runtime/cases/ptest.py 
b/meta/lib/oeqa/runtime/cases/ptest.py
index 0800f3c27f..00742da2b5 100644
--- a/meta/lib/oeqa/runtime/cases/ptest.py
+++ b/meta/lib/oeqa/runtime/cases/ptest.py
@@ -57,7 +57,7 @@ class PtestRunnerTest(OERuntimeTestCase):
 ptest_dirs = [ '/usr/lib' ]
 if not libdir in ptest_dirs:
 ptest_dirs.append(libdir)
-status, output = self.target.run('ptest-runner -d \"{}\"'.format(' 
'.join(ptest_dirs)), 0)
+status, output = self.target.run('ptest-runner -t 450 -d 
\"{}\"'.format(' '.join(ptest_dirs)), 0)
 os.makedirs(ptest_log_dir)
 with open(ptest_runner_log, 'w') as f:
 f.write(output)
-- 
2.31.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#154639): 
https://lists.openembedded.org/g/openembedded-core/message/154639
Mute This Topic: https://lists.openembedded.org/mt/84771260/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [hardknott][PATCH 13/23] createrepo-c: fix createrepo-c failed in nativesdk

[Anuj Mittal]

From: hongxu 

In sdk, call createrepo-c failed with:
...
$ createrepo_c --update ./test_repo/rpm
Directory walk started Critical: Failed to detect compression for file
./test_repo/rpm/cortexa72/hello-2.10-r0.cortexa72.rpm: magic_load() failed: 
could not find any valid magic files!
...

Since commit [ea666fbc74 createrepo-c: set path to magic database for
native and nativesdk] applied, the MAGIC is incorrectly assigned.

The variable datadir will be expanded automatically for nativesdk,
do not need to add prefix ${SDKPATHNATIVE} to MAGIC

Signed-off-by: Hongxu Jia 
Signed-off-by: Richard Purdie 
(cherry picked from commit 54368f1b02e1ac4aa068515730a8c8bcd3683eb3)
Signed-off-by: Anuj Mittal 
---
 meta/recipes-devtools/createrepo-c/createrepo-c_0.17.0.bb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-devtools/createrepo-c/createrepo-c_0.17.0.bb 
b/meta/recipes-devtools/createrepo-c/createrepo-c_0.17.0.bb
index e0433806b2..7480affbc0 100644
--- a/meta/recipes-devtools/createrepo-c/createrepo-c_0.17.0.bb
+++ b/meta/recipes-devtools/createrepo-c/createrepo-c_0.17.0.bb
@@ -33,8 +33,8 @@ do_install_append_class-native() {
 do_install_append_class-nativesdk() {
 create_wrapper ${D}/${bindir}/createrepo_c \
 RPM_CONFIGDIR=${SDKPATHNATIVE}${libdir_nativesdk}/rpm \
-MAGIC=${SDKPATHNATIVE}${datadir}/misc/magic.mgc
+MAGIC=${datadir}/misc/magic.mgc
 create_wrapper ${D}/${bindir}/modifyrepo_c \
-MAGIC=${SDKPATHNATIVE}${datadir}/misc/magic.mgc
+MAGIC=${datadir}/misc/magic.mgc
 rm -rf ${D}/etc
 }
-- 
2.31.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#154638): 
https://lists.openembedded.org/g/openembedded-core/message/154638
Mute This Topic: https://lists.openembedded.org/mt/84771259/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [hardknott][PATCH 12/23] aspell: fix CVE-2019-25051

[Anuj Mittal]

From: Lee Chee Yang 

Signed-off-by: Lee Chee Yang 
Signed-off-by: Richard Purdie 
(cherry picked from commit 297f8c4eb4ff209b5ea69910902d216d86dbe2bf)
Signed-off-by: Anuj Mittal 
---
 meta/recipes-support/aspell/aspell_0.60.8.bb  |   4 +-
 .../aspell/files/CVE-2019-25051.patch | 101 ++
 2 files changed, 104 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-support/aspell/files/CVE-2019-25051.patch

diff --git a/meta/recipes-support/aspell/aspell_0.60.8.bb 
b/meta/recipes-support/aspell/aspell_0.60.8.bb
index 6548c54b64..9147c820e7 100644
--- a/meta/recipes-support/aspell/aspell_0.60.8.bb
+++ b/meta/recipes-support/aspell/aspell_0.60.8.bb
@@ -13,7 +13,9 @@ HOMEPAGE = "http://aspell.net/;
 LICENSE = "LGPLv2 | LGPLv2.1"
 LIC_FILES_CHKSUM = "file://COPYING;md5=7fbc338309ac38fefcd64b04bb903e34"
 
-SRC_URI = "${GNU_MIRROR}/aspell/aspell-${PV}.tar.gz"
+SRC_URI = "${GNU_MIRROR}/aspell/aspell-${PV}.tar.gz \
+   file://CVE-2019-25051.patch \
+"
 SRC_URI[md5sum] = "012fa9209203ae4e5a61c2a668fd10e3"
 SRC_URI[sha256sum] = 
"f9b77e515334a751b2e60daab5db23499e26c9209f5e7b7443b05235ad0226f2"
 
diff --git a/meta/recipes-support/aspell/files/CVE-2019-25051.patch 
b/meta/recipes-support/aspell/files/CVE-2019-25051.patch
new file mode 100644
index 00..8513f6de79
--- /dev/null
+++ b/meta/recipes-support/aspell/files/CVE-2019-25051.patch
@@ -0,0 +1,101 @@
+From 0718b375425aad8e54e1150313b862e4c6fd324a Mon Sep 17 00:00:00 2001
+From: Kevin Atkinson 
+Date: Sat, 21 Dec 2019 20:32:47 +
+Subject: [PATCH] objstack: assert that the alloc size will fit within a chunk
+ to prevent a buffer overflow
+
+Bug found using OSS-Fuze.
+
+Upstream-Status: Backport
+[https://github.com/gnuaspell/aspell/commit/0718b375425aad8e54e1150313b862e4c6fd324a]
+CVE: CVE-2019-25051
+Signed-off-by: Chee Yang Lee 
+---
+ common/objstack.hpp | 18 ++
+ 1 file changed, 14 insertions(+), 4 deletions(-)
+
+diff --git a/common/objstack.hpp b/common/objstack.hpp
+index 3997bf7..bd97ccd 100644
+--- a/common/objstack.hpp
 b/common/objstack.hpp
+@@ -5,6 +5,7 @@
+ #include "parm_string.hpp"
+ #include 
+ #include 
++#include 
+ 
+ namespace acommon {
+ 
+@@ -26,6 +27,12 @@ class ObjStack
+   byte * temp_end;
+   void setup_chunk();
+   void new_chunk();
++  bool will_overflow(size_t sz) const {
++return offsetof(Node,data) + sz > chunk_size;
++  }
++  void check_size(size_t sz) {
++assert(!will_overflow(sz));
++  }
+ 
+   ObjStack(const ObjStack &);
+   void operator=(const ObjStack &);
+@@ -56,7 +63,7 @@ class ObjStack
+   void * alloc_bottom(size_t size)  {
+ byte * tmp = bottom;
+ bottom += size;
+-if (bottom > top) {new_chunk(); tmp = bottom; bottom += size;}
++if (bottom > top) {check_size(size); new_chunk(); tmp = bottom; bottom += 
size;}
+ return tmp;
+   }
+   // This alloc_bottom will insure that the object is aligned based on the
+@@ -66,7 +73,7 @@ class ObjStack
+ align_bottom(align);
+ byte * tmp = bottom;
+ bottom += size;
+-if (bottom > top) {new_chunk(); goto loop;}
++if (bottom > top) {check_size(size); new_chunk(); goto loop;}
+ return tmp;
+   }
+   char * dup_bottom(ParmString str) {
+@@ -79,7 +86,7 @@ class ObjStack
+   // always be aligned as such.
+   void * alloc_top(size_t size) {
+ top -= size;
+-if (top < bottom) {new_chunk(); top -= size;}
++if (top < bottom) {check_size(size); new_chunk(); top -= size;}
+ return top;
+   }
+   // This alloc_top will insure that the object is aligned based on
+@@ -88,7 +95,7 @@ class ObjStack
+   {loop:
+ top -= size;
+ align_top(align);
+-if (top < bottom) {new_chunk(); goto loop;}
++if (top < bottom) {check_size(size); new_chunk(); goto loop;}
+ return top;
+   }
+   char * dup_top(ParmString str) {
+@@ -117,6 +124,7 @@ class ObjStack
+   void * alloc_temp(size_t size) {
+ temp_end = bottom + size;
+ if (temp_end > top) {
++  check_size(size);
+   new_chunk();
+   temp_end = bottom + size;
+ }
+@@ -131,6 +139,7 @@ class ObjStack
+ } else {
+   size_t s = temp_end - bottom;
+   byte * p = bottom;
++  check_size(size);
+   new_chunk();
+   memcpy(bottom, p, s);
+   temp_end = bottom + size;
+@@ -150,6 +159,7 @@ class ObjStack
+ } else {
+   size_t s = temp_end - bottom;
+   byte * p = bottom;
++  check_size(size);
+   new_chunk();
+   memcpy(bottom, p, s);
+   temp_end = bottom + size;
-- 
2.31.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#154637): 
https://lists.openembedded.org/g/openembedded-core/message/154637
Mute This Topic: https://lists.openembedded.org/mt/84771258/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [hardknott][PATCH 11/23] runqemu: Fix typo in error message

[Anuj Mittal]

From: Matthias Klein 

Signed-off-by: Matthias Klein 
Signed-off-by: Richard Purdie 
(cherry picked from commit 5cc0051d50974e198313f9513b24fd7ae9a96dd4)
Signed-off-by: Anuj Mittal 
---
 scripts/runqemu | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/runqemu b/scripts/runqemu
index c985f4e75a..f3527a4412 100755
--- a/scripts/runqemu
+++ b/scripts/runqemu
@@ -775,7 +775,7 @@ class BaseConfig(object):
 raise RunQemuError('BIOS not found: %s' % bios_match_name)
 
 if not os.path.exists(self.bios):
-raise RunQemuError("KERNEL %s not found" % self.bios)
+raise RunQemuError("BIOS %s not found" % self.bios)
 
 
 def check_mem(self):
-- 
2.31.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#154636): 
https://lists.openembedded.org/g/openembedded-core/message/154636
Mute This Topic: https://lists.openembedded.org/mt/84771257/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [hardknott][PATCH 10/23] license: Exclude COPYING.MIT from pseudo

[Anuj Mittal]

From: Richard Purdie 

Along with the other license exclusions, we need to exclude the
top level COPYING.MIT file else when:

COPY_LIC_DIRS = "1"
COPY_LIC_MANIFEST = "1"

is set, we see eSDK failures from a pseudo abort.

[YOCTO #14366]

Signed-off-by: Richard Purdie 
(cherry picked from commit 3eb580843de3f055e42fcce60b0f15c4190c0542)
Signed-off-by: Anuj Mittal 
---
 meta/classes/license.bbclass | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/classes/license.bbclass b/meta/classes/license.bbclass
index f7978e266b..0d0faa28d7 100644
--- a/meta/classes/license.bbclass
+++ b/meta/classes/license.bbclass
@@ -31,7 +31,7 @@ python do_populate_lic() {
 f.write("%s: %s\n" % (key, info[key]))
 }
 
-PSEUDO_IGNORE_PATHS .= ",${@','.join(((d.getVar('COMMON_LICENSE_DIR') or '') + 
' ' + (d.getVar('LICENSE_PATH') or '')).split())}"
+PSEUDO_IGNORE_PATHS .= ",${@','.join(((d.getVar('COMMON_LICENSE_DIR') or '') + 
' ' + (d.getVar('LICENSE_PATH') or '') + ' ' + d.getVar('COREBASE') + 
'/meta/COPYING').split())}"
 # it would be better to copy them in do_install_append, but 
find_license_filesa is python
 python perform_packagecopy_prepend () {
 enabled = oe.data.typed_value('LICENSE_CREATE_PACKAGE', d)
-- 
2.31.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#154635): 
https://lists.openembedded.org/g/openembedded-core/message/154635
Mute This Topic: https://lists.openembedded.org/mt/84771255/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [hardknott][PATCH 09/23] sstate: Fix rebuilds when changing layer config

[Anuj Mittal]

From: Richard Purdie 

When adding a layer which changed SSTATE_EXCLUDEDEPS_SYSROOT, the state
hashes were changing when they should not. This was caused by wider use
of setscene_depvalid which means the dependency on the variable was seen
when it was previously not.

Exclude the variable since this should be be included in the hashes.

Signed-off-by: Richard Purdie 
(cherry picked from commit 09725a29365c69ccbd603fe3a1de72189f26d5ac)
Signed-off-by: Anuj Mittal 
---
 meta/classes/sstate.bbclass | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/classes/sstate.bbclass b/meta/classes/sstate.bbclass
index 55d2937812..5c7a98839f 100644
--- a/meta/classes/sstate.bbclass
+++ b/meta/classes/sstate.bbclass
@@ -1018,6 +1018,7 @@ def sstate_checkhashes(sq_data, d, siginfo=False, 
currentcount=0, summary=True,
 bb.parse.siggen.checkhashes(sq_data, missed, found, d)
 
 return found
+setscene_depvalid[vardepsexclude] = "SSTATE_EXCLUDEDEPS_SYSROOT"
 
 BB_SETSCENE_DEPVALID = "setscene_depvalid"
 
-- 
2.31.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#154634): 
https://lists.openembedded.org/g/openembedded-core/message/154634
Mute This Topic: https://lists.openembedded.org/mt/84771254/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [hardknott][PATCH 08/23] linux-yocto/5.10: enable TYPEC_TCPCI in usbc fragment

[Anuj Mittal]

From: Bruce Ashfield 

To make the usbc fragment more generally usable, we enable
the Type-C Port Controller driver for TCPCI-compliant controller.

Signed-off-by: Bruce Ashfield 
Signed-off-by: Richard Purdie 
(cherry picked from commit 485baca981188896a555d3a48c8b560718bb6e9d)
Signed-off-by: Anuj Mittal 
---
 meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb   | 2 +-
 meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb | 2 +-
 meta/recipes-kernel/linux/linux-yocto_5.10.bb  | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb 
b/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb
index 944d171928..d365d91ce3 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb
@@ -12,7 +12,7 @@ python () {
 }
 
 SRCREV_machine ?= "969fef49cbbc8639e9622e6a0655337fbfcc7627"
-SRCREV_meta ?= "26a2a3cf764dde593325b8c08024f5990a5f6f02"
+SRCREV_meta ?= "3f38ad49cf38519dc4492a3f802b743fde7b467e"
 
 SRC_URI = 
"git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \

git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.10;destsuffix=${KMETA}"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb 
b/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb
index 073dff1a5b..580d71d2ac 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb
@@ -17,7 +17,7 @@ KCONF_BSP_AUDIT_LEVEL = "2"
 
 SRCREV_machine_qemuarm ?= "d5a79da206965b27043f558739b28a434efca75c"
 SRCREV_machine ?= "f44b5bb716fdb6f804383fa087c9fdb54584cd5b"
-SRCREV_meta ?= "26a2a3cf764dde593325b8c08024f5990a5f6f02"
+SRCREV_meta ?= "3f38ad49cf38519dc4492a3f802b743fde7b467e"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.10.bb 
b/meta/recipes-kernel/linux/linux-yocto_5.10.bb
index 1c072b3e22..362b3ac2cb 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.10.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.10.bb
@@ -23,7 +23,7 @@ SRCREV_machine_qemux86 ?= 
"0b44b705c4f7d5c83e562dd7036cb5188d622285"
 SRCREV_machine_qemux86-64 ?= "0b44b705c4f7d5c83e562dd7036cb5188d622285"
 SRCREV_machine_qemumips64 ?= "643c332e487cfa1557d14050d6e1148d1c5d75da"
 SRCREV_machine ?= "0b44b705c4f7d5c83e562dd7036cb5188d622285"
-SRCREV_meta ?= "26a2a3cf764dde593325b8c08024f5990a5f6f02"
+SRCREV_meta ?= "3f38ad49cf38519dc4492a3f802b743fde7b467e"
 
 # remap qemuarm to qemuarma15 for the 5.8 kernel
 # KMACHINE_qemuarm ?= "qemuarma15"
-- 
2.31.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#154633): 
https://lists.openembedded.org/g/openembedded-core/message/154633
Mute This Topic: https://lists.openembedded.org/mt/84771252/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [hardknott][PATCH 07/23] linux-yocto-rt/5.10: update to -rt47

[Anuj Mittal]

From: Bruce Ashfield 

Integrating the following commit(s) to linux-yocto/5.10:

969fef49cbbc Linux 5.10.52-rt47
bb5ff998ba62 Linux 5.10.47-rt46
340f6b6cdd37 sched: Don't defer CPU pick to migration_cpu_stop()
f3d0be7cdae8 sched: Simplify set_affinity_pending refcounts
6b2ca42a sched: Fix affine_move_task() self-concurrency
ea66e426a3b7 sched: Optimize migration_cpu_stop()
ac73ac41db62 sched: Collate affine_move_task() stoppers
6963e6b6e008 sched: Simplify migration_cpu_stop()
d3a5a12fd350 sched: Fix migration_cpu_stop() requeueing
28dda3752954 Linux 5.10.47-rt45
d5f6c5f008ee Linux 5.10.44-rt44
ec9978fdc6aa Linux 5.10.42-rt43

Signed-off-by: Bruce Ashfield 
Signed-off-by: Richard Purdie 
(cherry picked from commit 46b1ab616a5eb792e8cb29cfbe340fecd605bea7)
Signed-off-by: Anuj Mittal 
---
 meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb 
b/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb
index 2e46d72dfa..944d171928 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb
@@ -11,7 +11,7 @@ python () {
 raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to 
linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "e1b9700217e1dd963f9b034ffde9863abb53a92d"
+SRCREV_machine ?= "969fef49cbbc8639e9622e6a0655337fbfcc7627"
 SRCREV_meta ?= "26a2a3cf764dde593325b8c08024f5990a5f6f02"
 
 SRC_URI = 
"git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
-- 
2.31.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#154632): 
https://lists.openembedded.org/g/openembedded-core/message/154632
Mute This Topic: https://lists.openembedded.org/mt/84771250/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [hardknott][PATCH 06/23] linux-yocto/5.4: update to v5.4.135

[Anuj Mittal]

From: Bruce Ashfield 

Updating linux-yocto/5.4 to the latest korg -stable release that comprises
the following commits:

0a0beb1f9120 Linux 5.4.135
d2f7b384a74f udp: annotate data races around unix_sk(sk)->gso_size
c72374978b3f perf test bpf: Free obj_buf
17bc942c0b96 bpftool: Properly close va_list 'ap' by va_end() on error
84ed8340941a ipv6: tcp: drop silly ICMPv6 packet too big messages
315033cab379 tcp: annotate data races around tp->mtu_info
41f45e91c92c dma-buf/sync_file: Don't leak fences on merge failure
04b06716838b net: fddi: fix UAF in fza_probe
8aa13a86964c net: validate lwtstate->data before returning from 
skb_tunnel_info()
8cff7b28ab05 net: send SYNACK packet with accepted fwmark
b7e5563f2a78 net: ti: fix UAF in tlan:remove_one
2b70ca92847c net: qcom/emac: fix UAF in emac:remove
463c0addb4eb net: moxa: fix UAF in moxart_mac_probe
7ac4a6a74e75 net: ip_tunnel: fix mtu calculation for ETHER tunnel devices
d5dc50ca1f7a net: bcmgenet: Ensure all TX/RX queues DMAs are disabled
7ecd40801e5b net: bridge: sync fdb to new unicast-filtering ports
813d45499f51 net/sched: act_ct: fix err check for nf_conntrack_confirm
24973073562f netfilter: ctnetlink: suspicious RCU usage in 
ctnetlink_dump_helpinfo
c6f4a71153f4 net: ipv6: fix return value of ip6_skb_dst_mtu
9872273b670a net: dsa: mv88e6xxx: enable .rmu_disable() on Topaz
6148ddff2dcb net: dsa: mv88e6xxx: enable .port_set_policy() on Topaz
d73c180e6add dm writecache: return the exact table values that were set
8a85afc6621a mm: slab: fix kmem_cache_create failed when sysfs node not 
destroyed
f53729b828db usb: cdns3: Enable TDL_CHK only for OUT ep
52b01a808696 f2fs: Show casefolding support only when supported
91d846016729 arm64: dts: marvell: armada-37xx: move firmware node to 
generic dtsi file
f696cc7f1bc8 firmware: turris-mox-rwtm: add 
marvell,armada-3700-rwtm-firmware compatible string
e2b28026b861 arm64: dts: armada-3720-turris-mox: add firmware node
f7d1fa65e742 cifs: prevent NULL deref in cifs_compose_mount_options()
06d8a7eb5803 s390: introduce proper type handling call_on_stack() macro
2a47e0719ae7 sched/fair: Fix CFS bandwidth hrtimer expiry type
5b7d065868a6 scsi: qedf: Add check to synchronize abort and flush
0fe70c15f943 scsi: libfc: Fix array index out of bound exception
d7b647d05586 scsi: libsas: Add LUN number check in .slave_alloc callback
863c4bc883d5 scsi: aic7xxx: Fix unintentional sign extension issue on left 
shift of u8
712e9ed6134f rtc: max77686: Do not enforce (incorrect) interrupt trigger 
type
199d8ea4c7b1 kbuild: mkcompile_h: consider timestamp if 
KBUILD_BUILD_TIMESTAMP is set
484193b635a7 thermal/core: Correct function name 
thermal_zone_device_unregister()
556cf0283035 arm64: dts: imx8mq: assign PCIe clocks
9d3eb68a5385 arm64: dts: ls208xa: remove bus-num from dspi node
e054b361caec firmware: tegra: bpmp: Fix Tegra234-only builds
94d009577033 soc/tegra: fuse: Fix Tegra234-only builds
270a2e9fafea ARM: dts: stm32: move stmmac axi config in ethernet node on 
stm32mp15
4bc66215bc22 ARM: dts: stm32: fix i2c node name on stm32f746 to prevent 
warnings
856c753237ae ARM: dts: rockchip: fix supply properties in io-domains nodes
c5bb9cc2ce23 arm64: dts: juno: Update SCPI nodes as per the YAML schema
f572a9139396 ARM: dts: stm32: fix timer nodes on STM32 MCU to prevent 
warnings
95e795474c81 ARM: dts: stm32: fix RCC node name on stm32f429 MCU
a898aa9f88cc ARM: dts: stm32: fix gpio-keys node on STM32 MCU boards
5c17edaaead7 ARM: dts: am437x-gp-evm: fix ti,no-reset-on-init flag for gpios
3446233096ff ARM: dts: am57xx-cl-som-am57x: fix ti,no-reset-on-init flag 
for gpios
e79e29a4e162 kbuild: sink stdout from cmd for silent build
f817d4677582 rtc: mxc_v2: add missing MODULE_DEVICE_TABLE
0a22b5178276 ARM: imx: pm-imx5: Fix references to imx5_cpu_suspend_info
e20e85639e25 ARM: dts: imx6: phyFLEX: Fix UART hardware flow control
a5b19d33ae22 ARM: dts: Hurricane 2: Fix NAND nodes names
f83535a47ff8 ARM: dts: BCM63xx: Fix NAND nodes names
cb05b84ad7f1 ARM: NSP: dts: fix NAND nodes names
14e3bad3b548 ARM: Cygnus: dts: fix NAND nodes names
587a757afe73 ARM: brcmstb: dts: fix NAND nodes names
a9c32c7aeee6 reset: ti-syscon: fix to_ti_syscon_reset_data macro
b400afa42739 arm64: dts: rockchip: Fix power-controller node names for 
rk3328
dfb4e8ed0792 arm64: dts: rockchip: Fix power-controller node names for px30
789070f17886 ARM: dts: rockchip: Fix power-controller node names for rk3288
6aaffe6ce8a9 ARM: dts: rockchip: Fix power-controller node names for rk3188
439115ee56d8 ARM: dts: rockchip: Fix power-controller node names for rk3066a
3b4c34728382 ARM: dts: rockchip: Fix IOMMU nodes properties on rk322x
c9d29d62da59 ARM: dts: rockchip: Fix the timer clocks order

[OE-core] [hardknott][PATCH 05/23] linux-yocto/5.10: update to v5.10.53

[Anuj Mittal]

From: Bruce Ashfield 

Updating linux-yocto/5.10 to the latest korg -stable release that comprises
the following commits:

71046eac2db9 Linux 5.10.53
6cd9bd2a2ddb udp: annotate data races around unix_sk(sk)->gso_size
bfdb38a4268a drm/panel: nt35510: Do not fail if DSI read fails
0d90d8492fb9 perf test bpf: Free obj_buf
a9f36bf3613c bpf: Track subprog poke descriptors correctly and fix 
use-after-free
782d71e29b29 bpftool: Properly close va_list 'ap' by va_end() on error
2381b8e882d0 tools: bpf: Fix error in 'make -C tools/ bpf_install'
638632997c31 tcp: call sk_wmem_schedule before sk_mem_charge in zerocopy 
path
2fee3cf4c97b ipv6: tcp: drop silly ICMPv6 packet too big messages
ad4ba3404931 tcp: fix tcp_init_transfer() to not reset icsk_ca_initialized
d60f07bcb76f tcp: annotate data races around tp->mtu_info
ea66fcb29605 tcp: consistently disable header prediction for mptcp
c28c747e37db ARM: dts: tacoma: Add phase corrections for eMMC
e55160537d76 ARM: dts: aspeed: Fix AST2600 machines line names
ff4b8f35c96c kbuild: do not suppress Kconfig prompts for silent build
0d514185ae79 dma-buf/sync_file: Don't leak fences on merge failure
f33605908a9b net: fddi: fix UAF in fza_probe
66c73f187d1e net: dsa: properly check for the bridge_leave methods in 
dsa_switch_bridge_leave()
7d7d0e84ac0d Revert "mm/shmem: fix shmem_swapin() race with swapoff"
2179d96ec702 net: validate lwtstate->data before returning from 
skb_tunnel_info()
b61d8814c477 net: send SYNACK packet with accepted fwmark
f2a062fcfe1d net: ti: fix UAF in tlan:remove_one
b560521eca03 net: qcom/emac: fix UAF in emac:remove
dbbf5b957bd9 net: moxa: fix UAF in moxart_mac_probe
88ff9ec9c67a net: ip_tunnel: fix mtu calculation for ETHER tunnel devices
846829e75db5 net: bcmgenet: Ensure all TX/RX queues DMAs are disabled
b9fa66072fee net: netdevsim: use xso.real_dev instead of xso.dev in 
callback functions of struct xfrmdev_ops
59070cc43d1d net: bridge: sync fdb to new unicast-filtering ports
7b5a2910e782 net/sched: act_ct: remove and free nf_table callbacks
6d4476236f79 vmxnet3: fix cksum offload issues for tunnels with non-default 
udp ports
c3bc9ce7d400 net/sched: act_ct: fix err check for nf_conntrack_confirm
fc40fdefd94a netfilter: ctnetlink: suspicious RCU usage in 
ctnetlink_dump_helpinfo
34365de50806 net: ipv6: fix return value of ip6_skb_dst_mtu
73146745ff28 net: dsa: mv88e6xxx: enable devlink ATU hash param for Topaz
a8c7ba368748 net: dsa: mv88e6xxx: enable .rmu_disable() on Topaz
14cd8ce80ad7 net: dsa: mv88e6xxx: use correct .stats_set_histogram() on 
Topaz
c657413dcddf net: dsa: mv88e6xxx: enable .port_set_policy() on Topaz
fcb970edc0be net: bcmgenet: ensure EXT_ENERGY_DET_MASK is clear
4e275a4aca68 usb: cdns3: Enable TDL_CHK only for OUT ep
ce6ee46e0f39 mm/page_alloc: fix memory map initialization for descending 
nodes
9e1cf2d1ed37 mm/userfaultfd: fix uffd-wp special cases for fork()
84ff5f66c3f6 mm/thp: simplify copying of huge zero page pmd when fork
a62177b35730 f2fs: Show casefolding support only when supported
277b311ae170 Revert "swap: fix do_swap_page() race with swapoff"
d92aa22f2419 arm64: dts: marvell: armada-37xx: move firmware node to 
generic dtsi file
0e67c76384e9 firmware: turris-mox-rwtm: add 
marvell,armada-3700-rwtm-firmware compatible string
e58c162789be cifs: prevent NULL deref in cifs_compose_mount_options()
faa3e7da487a s390: introduce proper type handling call_on_stack() macro
be10fff3a461 s390/traps: do not test MONITOR CALL without CONFIG_BUG
9beba1469996 thermal/core/thermal_of: Stop zone device before unregistering 
it
7412c988fe12 perf/x86/intel/uncore: Clean up error handling path of iio 
mapping
892387e7619e sched/fair: Fix CFS bandwidth hrtimer expiry type
eb859b043c2e scsi: qedf: Add check to synchronize abort and flush
a4a54c54af25 scsi: libfc: Fix array index out of bound exception
0d7596a954f1 scsi: libsas: Add LUN number check in .slave_alloc callback
2f8df6332eb2 scsi: aic7xxx: Fix unintentional sign extension issue on left 
shift of u8
cdb995a6cbb5 rtc: max77686: Do not enforce (incorrect) interrupt trigger 
type
d3ba15fb0401 arch/arm64/boot/dts/marvell: fix NAND partitioning scheme
e378db118925 kbuild: mkcompile_h: consider timestamp if 
KBUILD_BUILD_TIMESTAMP is set
8c12a3a68d4f thermal/drivers/sprd: Add missing of_node_put for loop 
iteration
20babcd83092 thermal/drivers/imx_sc: Add missing of_node_put for loop 
iteration
469951ce4bb0 thermal/drivers/rcar_gen3_thermal: Do not shadow 
rcar_gen3_ths_tj_1
bd40e2da3ae5 thermal/core: Correct function name 
thermal_zone_device_unregister()
6c099d595fd7 arm64: dts: imx8mq: assign PCIe clocks
24c41aa9d01b arm64: dts: ls208xa: remove bus-num from dspi node
7e3f5739cccb firmware: tegra: bpmp: Fix 

[OE-core] [hardknott][PATCH 04/23] zstd: fix CVE_PRODUCT

[Anuj Mittal]

From: Chen Qi 

zstd uses 'zstandard' in NVD database. e.g. CVE-2021-24031

Signed-off-by: Chen Qi 
Signed-off-by: Richard Purdie 
(cherry picked from commit 304eb663e414171d38faeebb3c72e49e6e4e1112)
Signed-off-by: Anuj Mittal 
---
 meta/recipes-extended/zstd/zstd_1.4.9.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/recipes-extended/zstd/zstd_1.4.9.bb 
b/meta/recipes-extended/zstd/zstd_1.4.9.bb
index b86fdf8b2d..44224ec627 100644
--- a/meta/recipes-extended/zstd/zstd_1.4.9.bb
+++ b/meta/recipes-extended/zstd/zstd_1.4.9.bb
@@ -16,6 +16,8 @@ SRC_URI = "git://github.com/facebook/zstd.git;branch=release \
 SRCREV = "e4558ffd1dc49399faf4ee5d85abed4386b4dcf5"
 UPSTREAM_CHECK_GITTAGREGEX = "v(?P\d+(\.\d+)+)"
 
+CVE_PRODUCT = "zstandard"
+
 S = "${WORKDIR}/git"
 
 PACKAGECONFIG ??= ""
-- 
2.31.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#154629): 
https://lists.openembedded.org/g/openembedded-core/message/154629
Mute This Topic: https://lists.openembedded.org/mt/84771246/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [hardknott][PATCH 02/23] parselogs.py: qemuarm should be qemuarmv5

[Anuj Mittal]

From: Jon Mason 

All of the errors being masked off for qemuarm are legacy from before
the migration of qemuarm to qemuarmv5.  Rename the machine to that to
allow for qemuarmv5 to pass parselog test.  Light testing shows no
errors in dmesg for qemuarm.

Signed-off-by: Jon Mason 
Signed-off-by: Richard Purdie 
(cherry picked from commit 701a58504de15b244b970908f2de0971a35b5a09)
Signed-off-by: Anuj Mittal 
---
 meta/lib/oeqa/runtime/cases/parselogs.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/meta/lib/oeqa/runtime/cases/parselogs.py 
b/meta/lib/oeqa/runtime/cases/parselogs.py
index 1bb0425521..e06f92727e 100644
--- a/meta/lib/oeqa/runtime/cases/parselogs.py
+++ b/meta/lib/oeqa/runtime/cases/parselogs.py
@@ -121,7 +121,7 @@ ignore_errors = {
 'synth uevent: /devices/vio: failed to send uevent',
 'PCI :00 Cannot reserve Legacy IO [io  0x1-0x10fff]',
 ] + common_errors,
-'qemuarm' : [
+'qemuarmv5' : [
 'mmci-pl18x: probe of fpga:05 failed with error -22',
 'mmci-pl18x: probe of fpga:0b failed with error -22',
 'Failed to load module "glx"',
@@ -135,6 +135,7 @@ ignore_errors = {
 'OF: amba_device_add() failed (-19) for /amba/fpga/sci@a000',
 'Failed to initialize \'/amba/timer@101e3000\': -22',
 'jitterentropy: Initialization failed with host not compliant with 
requirements: 2',
+'clcd-pl11x: probe of 1012.display failed with error -2',
 ] + common_errors,
 'qemuarm64' : [
 'Fatal server error:',
-- 
2.31.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#154627): 
https://lists.openembedded.org/g/openembedded-core/message/154627
Mute This Topic: https://lists.openembedded.org/mt/84771244/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [hardknott][PATCH 03/23] devtool: print a warning on upgrades if PREFERRED_VERSION is set

[Anuj Mittal]

From: Alexander Kanavin 

Signed-off-by: Alexander Kanavin 
Signed-off-by: Richard Purdie 
(cherry picked from commit 0b0f53eed0aadbf45d9eead96ebf7725cc7447e6)
Signed-off-by: Anuj Mittal 
---
 scripts/lib/devtool/upgrade.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/scripts/lib/devtool/upgrade.py b/scripts/lib/devtool/upgrade.py
index a061f26076..834589f92b 100644
--- a/scripts/lib/devtool/upgrade.py
+++ b/scripts/lib/devtool/upgrade.py
@@ -582,6 +582,9 @@ def upgrade(args, config, basepath, workspace):
 logger.info('New recipe is %s' % rf)
 if license_diff:
 logger.info('License checksums have been updated in the new 
recipe; please refer to it for the difference between the old and the new 
license texts.')
+preferred_version = rd.getVar('PREFERRED_VERSION_%s' % rd.getVar('PN'))
+if preferred_version:
+logger.warning('Version is pinned to %s via PREFERRED_VERSION; it 
may need adjustment to match the new version before any further steps are 
taken' % preferred_version)
 finally:
 tinfoil.shutdown()
 return 0
-- 
2.31.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#154628): 
https://lists.openembedded.org/g/openembedded-core/message/154628
Mute This Topic: https://lists.openembedded.org/mt/84771245/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [hardknott][PATCH 00/23] review request

[Anuj Mittal]

Please review these changes for hardknott. Testing on autobuilder
resulted in some intermittent ptest failures in valgrind, tcl and
lttng-tools and also a qemu timeout failure in musl-qemux86-64.

Thanks,

Anuj

The following changes since commit 2fd915eda136e20ab52baea6bb908d08ef8f5cbc:

  oe-setup-builddir: update YP docs and OE URLs (2021-07-31 17:56:12 +0800)

are available in the Git repository at:

  git://push.openembedded.org/openembedded-core-contrib anujm/hardknott

Alexander Kanavin (2):
  devtool: print a warning on upgrades if PREFERRED_VERSION is set
  nettle: update 3.7.2 -> 3.7.3

Bruce Ashfield (4):
  linux-yocto/5.10: update to v5.10.53
  linux-yocto/5.4: update to v5.4.135
  linux-yocto-rt/5.10: update to -rt47
  linux-yocto/5.10: enable TYPEC_TCPCI in usbc fragment

Chen Qi (1):
  zstd: fix CVE_PRODUCT

Joe Slater (1):
  util-linux: fix CVE 2021-37600

Jon Mason (1):
  parselogs.py: qemuarm should be qemuarmv5

Khem Raj (1):
  stress-ng: Drop defining daddr_t

Lee Chee Yang (2):
  aspell: fix CVE-2019-25051
  qemu: fix CVE-2021-3527

Matthias Klein (1):
  runqemu: Fix typo in error message

Michael Opdenacker (3):
  cve-check: fix comments
  cve-check: update link to NVD website for CVE details
  cve-check: improve comment about CVE patch file names

Mingli Yu (2):
  curl: fix CVE-2021-22925
  curl: fix CVES

Richard Purdie (3):
  sstate: Fix rebuilds when changing layer config
  license: Exclude COPYING.MIT from pseudo
  oeqa/runtime/cases/ptest: Increase test timeout from 300s to 450s

Ross Burton (1):
  qemu: fix virtio vhost-user-gpu CVEs

hongxu (1):
  createrepo-c: fix createrepo-c failed in nativesdk

 meta/classes/cve-check.bbclass|  19 +-
 meta/classes/license.bbclass  |   2 +-
 meta/classes/sstate.bbclass   |   1 +
 meta/lib/oeqa/runtime/cases/parselogs.py  |   3 +-
 meta/lib/oeqa/runtime/cases/ptest.py  |   2 +-
 meta/recipes-core/util-linux/util-linux.inc   |   1 +
 .../util-linux/CVE-2021-37600.patch   |  38 ++
 .../createrepo-c/createrepo-c_0.17.0.bb   |   4 +-
 meta/recipes-devtools/qemu/qemu.inc   |   9 +
 ...ix-memory-disclosure-in-virgl_cmd_ge.patch |  43 ++
 ...ix-resource-leak-in-vg_resource_crea.patch |  41 ++
 ...ix-memory-leak-in-vg_resource_attach.patch |  48 ++
 ...ix-memory-leak-while-calling-vg_reso.patch |  50 ++
 ...ix-memory-leak-in-virgl_cmd_resource.patch |  58 +++
 ...ix-memory-leak-in-virgl_resource_att.patch |  49 ++
 ...ix-OOB-write-in-virgl_cmd_get_capset.patch |  49 ++
 .../qemu/qemu/CVE-2021-3527-1.patch   |  42 ++
 .../qemu/qemu/CVE-2021-3527-2.patch   |  59 +++
 .../stress-ng/stress-ng/no_daddr_t.patch  |  32 --
 .../stress-ng/stress-ng_0.12.05.bb|   2 -
 meta/recipes-extended/zstd/zstd_1.4.9.bb  |   2 +
 .../linux/linux-yocto-rt_5.10.bb  |   6 +-
 .../linux/linux-yocto-rt_5.4.bb   |   6 +-
 .../linux/linux-yocto-tiny_5.10.bb|   8 +-
 .../linux/linux-yocto-tiny_5.4.bb |   8 +-
 meta/recipes-kernel/linux/linux-yocto_5.10.bb |  24 +-
 meta/recipes-kernel/linux/linux-yocto_5.4.bb  |  22 +-
 meta/recipes-support/aspell/aspell_0.60.8.bb  |   4 +-
 .../aspell/files/CVE-2019-25051.patch | 101 
 .../curl/curl/CVE-2021-22901.patch| 453 ++
 .../curl/curl/CVE-2021-22924.patch| 298 
 .../curl/curl/CVE-2021-22925.patch|  50 ++
 .../curl/curl/CVE-2021-22926.patch|  79 +++
 meta/recipes-support/curl/curl_7.75.0.bb  |   4 +
 .../{nettle_3.7.2.bb => nettle_3.7.3.bb}  |   2 +-
 scripts/lib/devtool/upgrade.py|   3 +
 scripts/runqemu   |   2 +-
 37 files changed, 1537 insertions(+), 87 deletions(-)
 create mode 100644 meta/recipes-core/util-linux/util-linux/CVE-2021-37600.patch
 create mode 100644 
meta/recipes-devtools/qemu/qemu/0001-vhost-user-gpu-fix-memory-disclosure-in-virgl_cmd_ge.patch
 create mode 100644 
meta/recipes-devtools/qemu/qemu/0002-vhost-user-gpu-fix-resource-leak-in-vg_resource_crea.patch
 create mode 100644 
meta/recipes-devtools/qemu/qemu/0003-vhost-user-gpu-fix-memory-leak-in-vg_resource_attach.patch
 create mode 100644 
meta/recipes-devtools/qemu/qemu/0004-vhost-user-gpu-fix-memory-leak-while-calling-vg_reso.patch
 create mode 100644 
meta/recipes-devtools/qemu/qemu/0005-vhost-user-gpu-fix-memory-leak-in-virgl_cmd_resource.patch
 create mode 100644 
meta/recipes-devtools/qemu/qemu/0006-vhost-user-gpu-fix-memory-leak-in-virgl_resource_att.patch
 create mode 100644 
meta/recipes-devtools/qemu/qemu/0007-vhost-user-gpu-fix-OOB-write-in-virgl_cmd_get_capset.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-3527-1.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-3527-2.patch
 delete mode 100644 meta/recipes-extended/stress-ng/stress-ng/no_daddr_t.patch
 create mode 100644 

[OE-core] [hardknott][PATCH 01/23] stress-ng: Drop defining daddr_t

[Anuj Mittal]

From: Khem Raj 

This is fixed differently upstream [1]

[1] 
https://github.com/ColinIanKing/stress-ng/commit/7e150ab18b0e8954ca426eb5366000a8f0d01110
Signed-off-by: Khem Raj 
Signed-off-by: Alexandre Belloni 
Signed-off-by: Richard Purdie 
(cherry picked from commit 96b1d483ccf2166bf577e73075d5fe57c45bbfdf)
Signed-off-by: Anuj Mittal 
---
 .../stress-ng/stress-ng/no_daddr_t.patch  | 32 ---
 .../stress-ng/stress-ng_0.12.05.bb|  2 --
 2 files changed, 34 deletions(-)
 delete mode 100644 meta/recipes-extended/stress-ng/stress-ng/no_daddr_t.patch

diff --git a/meta/recipes-extended/stress-ng/stress-ng/no_daddr_t.patch 
b/meta/recipes-extended/stress-ng/stress-ng/no_daddr_t.patch
deleted file mode 100644
index dba4494b91..00
--- a/meta/recipes-extended/stress-ng/stress-ng/no_daddr_t.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From 55e11765af2bdc8adfac87dab1fb2682f7e6c236 Mon Sep 17 00:00:00 2001
-From: Khem Raj 
-Date: Tue, 9 Jun 2020 22:10:28 -0700
-Subject: [PATCH] Define daddr_t if __DADDR_T_TYPE is not defined
-
-glibc defined daddr_t but musl does not, ideally it should not be used
-and simple int type is enough. However, its better to leave glibc behavior
-as it is and only define it to int if daddr_t is not provided by libc
-
-Upstream-Status: Pending
-
-Signed-off-by: Khem Raj 
-

- stress-ng.h | 4 
- 1 file changed, 4 insertions(+)
-
-diff --git a/stress-ng.h b/stress-ng.h
-index 1a66293..802dc25 100644
 a/stress-ng.h
-+++ b/stress-ng.h
-@@ -3763,6 +3763,10 @@ struct shim_statx {
-   uint64_t __spare2[14];
- };
- 
-+#ifndef __DADDR_T_TYPE
-+typedef int daddr_t;
-+#endif
-+
- /* old ustat struct */
- struct shim_ustat {
- #if defined(HAVE_DADDR_T)
diff --git a/meta/recipes-extended/stress-ng/stress-ng_0.12.05.bb 
b/meta/recipes-extended/stress-ng/stress-ng_0.12.05.bb
index eb6bdb4a81..3770ba9ae1 100644
--- a/meta/recipes-extended/stress-ng/stress-ng_0.12.05.bb
+++ b/meta/recipes-extended/stress-ng/stress-ng_0.12.05.bb
@@ -7,7 +7,6 @@ LIC_FILES_CHKSUM = 
"file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
 
 SRC_URI = "https://kernel.ubuntu.com/~cking/tarballs/${BPN}/${BP}.tar.xz \

file://0001-Do-not-preserve-ownership-when-installing-example-jo.patch \
-   file://no_daddr_t.patch \
"
 SRC_URI[sha256sum] = 
"af7779aee38e6d94726ed7d5cf36384a64d50c86e42fff89c141d8609913f425"
 
@@ -24,4 +23,3 @@ do_install() {
 oe_runmake DESTDIR=${D} install
 ln -s stress-ng ${D}${bindir}/stress
 }
-
-- 
2.31.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#154626): 
https://lists.openembedded.org/g/openembedded-core/message/154626
Mute This Topic: https://lists.openembedded.org/mt/84771242/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][PATCH v2] classes/package: Add extended packaged data

[Joshua Watt]

Adds extended package data which is encoded as JSON which allows it to
encode more structure than the "flat" package data files. The extended
data might be much larger than the standard package data, so it is not
read by default and instead requires
oe.packagedata.read_subpkgdata_extended() to be called

Currently, the file sizes and ELF debug sources are saved off into the
extended package data

Signed-off-by: Joshua Watt 
Reviewed-by: Saul Wold 
---

V2: Remove fatal message when debug data was not captured, since this
can happen on purpose if the package is removed for license reasons

 meta/classes/package.bbclass | 35 +--
 meta/lib/oe/packagedata.py   |  9 +
 2 files changed, 42 insertions(+), 2 deletions(-)

diff --git a/meta/classes/package.bbclass b/meta/classes/package.bbclass
index a659a1ef5c..743f3ee51d 100644
--- a/meta/classes/package.bbclass
+++ b/meta/classes/package.bbclass
@@ -1225,6 +1225,14 @@ python split_and_strip_files () {
 # Modified the file so clear the cache
 cpath.updatecache(file)
 
+def strip_pkgd_prefix(f):
+nonlocal dvar
+
+if f.startswith(dvar):
+return f[len(dvar):]
+
+return f
+
 #
 # First lets process debug splitting
 #
@@ -1238,6 +1246,8 @@ python split_and_strip_files () {
 for file in staticlibs:
 results.append( (file,source_info(file, d)) )
 
+d.setVar("PKGDEBUGSOURCES", {strip_pkgd_prefix(f): sorted(s) for f, s 
in results})
+
 sources = set()
 for r in results:
 sources.update(r[1])
@@ -1622,6 +1632,8 @@ fi
 with open(data_file, 'w') as fd:
 fd.write("PACKAGES: %s\n" % packages)
 
+pkgdebugsource = d.getVar("PKGDEBUGSOURCES") or []
+
 pn = d.getVar('PN')
 global_variants = (d.getVar('MULTILIB_GLOBAL_VARIANTS') or "").split()
 variants = (d.getVar('MULTILIB_VARIANTS') or "").split()
@@ -1641,17 +1653,32 @@ fi
 pkgval = pkg
 d.setVar('PKG:%s' % pkg, pkg)
 
+extended_data = {
+"files_info": {}
+}
+
 pkgdestpkg = os.path.join(pkgdest, pkg)
 files = {}
+files_extra = {}
 total_size = 0
 seen = set()
 for f in pkgfiles[pkg]:
-relpth = os.path.relpath(f, pkgdestpkg)
+fpath = os.sep + os.path.relpath(f, pkgdestpkg)
+
 fstat = os.lstat(f)
-files[os.sep + relpth] = fstat.st_size
+files[fpath] = fstat.st_size
+
+extended_data["files_info"].setdefault(fpath, {})
+extended_data["files_info"][fpath]['size'] = fstat.st_size
+
 if fstat.st_ino not in seen:
 seen.add(fstat.st_ino)
 total_size += fstat.st_size
+
+if fpath in pkgdebugsource:
+extended_data["files_info"][fpath]['debugsrc'] = 
pkgdebugsource[fpath]
+del pkgdebugsource[fpath]
+
 d.setVar('FILES_INFO', json.dumps(files, sort_keys=True))
 
 process_postinst_on_target(pkg, d.getVar("MLPREFIX"))
@@ -1672,6 +1699,10 @@ fi
 
 sf.write('%s_%s: %d\n' % ('PKGSIZE', pkg, total_size))
 
+subdata_extended_file = pkgdatadir + "/runtime/%s.json" % pkg
+with open(subdata_extended_file, "w") as f:
+json.dump(extended_data, f, sort_keys=True, separators=(",", ":"))
+
 # Symlinks needed for rprovides lookup
 rprov = d.getVar('RPROVIDES:%s' % pkg) or d.getVar('RPROVIDES')
 if rprov:
diff --git a/meta/lib/oe/packagedata.py b/meta/lib/oe/packagedata.py
index 22261d271e..db26fef8db 100644
--- a/meta/lib/oe/packagedata.py
+++ b/meta/lib/oe/packagedata.py
@@ -57,6 +57,15 @@ def read_subpkgdata_dict(pkg, d):
 ret[newvar] = subd[var]
 return ret
 
+def read_subpkgdata_extended(pkg, d):
+import json
+fn = d.expand("${PKGDATA_DIR}/runtime/%s.json" % pkg)
+try:
+with open(fn, "r") as f:
+return json.load(f)
+except FileNotFoundError:
+return None
+
 def _pkgmap(d):
 """Return a dictionary mapping package to recipe name."""
 
-- 
2.32.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#154624): 
https://lists.openembedded.org/g/openembedded-core/message/154624
Mute This Topic: https://lists.openembedded.org/mt/84770378/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [master][PATCH 0/4] Reproducible LTO builds

[Tony Battersby]

On 8/6/21 10:19 PM, Khem Raj wrote:
> I am seeing bunch of failures on meta-oe and meta-atmel
>
> https://errors.yoctoproject.org/Errors/Details/600064/
> https://errors.yoctoproject.org/Errors/Details/600065/
> https://errors.yoctoproject.org/Errors/Details/600071/
>
>
I sent patches for meta-openembedded, but I am not sure how to build
meta-atmel:

bitbake libegl
ERROR: Layer atmel is not compatible with the core layer which only
supports these series: honister (layer is compatible with hardknott)

But the fix is probably the same as the ones I sent for the other
packages (which I copied from
meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.1.bb).

Tony Battersby


> On Fri, Aug 6, 2021 at 2:04 PM Tony Battersby  wrote:
>> On 8/6/21 12:44 PM, Tony Battersby wrote:
>>> On 8/6/21 1:33 AM, Richard Purdie wrote:
 On Thu, 2021-08-05 at 17:54 -0400, Tony Battersby wrote:
> On 8/5/21 6:21 AM, Richard Purdie wrote:
>> On Wed, 2021-08-04 at 20:13 -0400, Randy MacLeod wrote:
>>> On 2021-07-27 9:34 a.m., Tony Battersby wrote:
 Currently, enabling Link Time Optimization via:

 require conf/distro/include/lto.inc
 DISTRO_FEATURES_append = " lto"

 makes the build non-reproducible (as in
 https://reproducible-builds.org/).  This patch set fixes some of the
 problems, but is not yet a complete solution.

 This patch set addresses the following bugs:
 https://bugzilla.yoctoproject.org/show_bug.cgi?id=14481
 https://bugzilla.yoctoproject.org/show_bug.cgi?id=14490

 openembedded-core patches
 1/4: lto.inc: disable LTO for grub
 2/4: gcc: Backport patch to make LTO builds more reproducible
 3/4: bitbake.conf: add DEBUG_PREFIX_MAP to TARGET_LDFLAGS

 openembedded-devel patches
 4/4: net-snmp: fix QA Issue after LDFLAGS change

 Patch 3 adds DEBUG_PREFIX_MAP to TARGET_LDFLAGS (it was already in
 TARGET_CFLAGS).  This could possibly be done differently, such as by
 removing it from TARGET_CFLAGS and adding it to TOOLCHAIN_OPTIONS,
 TARGET_CC_ARCH, or TUNE_CCARGS, but I haven't tested those.  Let me 
 know
 if there is a better/preferred way to do it.

 The TARGET_LDFLAGS change broke net-snmp from meta-networking, so I 
 have
 included a patch to fix that.  Other packages might have been broken as
 well, although I haven't found any others.

 With all these patches, there are still many shared libraries in /lib
 and /usr/lib that are still not reproducible with LTO enabled because
 x86_64-poky-linux-libtool filters out the -f*-prefix-map flags added by
 patch 3 when linking shared libraries.  /usr/lib/libbz2.so.1.0.6 from
 the libbz2 package from the bzip2 recipe is a good example.  I do not
 have a patch for that problem.  I will leave that to someone else.

 So this is what we need to achieve reproducible LTO builds:
 *) This patch set
 *) A fix for libtool
 *) Add LTO to reproducible builds testing if appropriate (e.g.
 meta/lib/oeqa/selftest/cases/reproducible.py, CI on Autobuilder)
 *) Fixes for individual packages, if needed
 *) Once everything works, update the documentation again (I previously
 requested a documentation change for this bug, which will eventually
 show up at
 http://docs.yoctoproject.org/test-manual/reproducible-builds.html).
>>> This is certainly a few steps in the right direction with a good outline
>>> of what's next.
>>>
>>> I suspect that Richard has been busy with other things like overrides
>>> and the update to glibc-2.34.
>>>
>>> Do you have any suggestions or questions about what we should do
>>> with this patch series Richard?
>> Thanks for the reminder, I've been meaning to queue/test this which I 
>> will
>> do. The gcc version has been bumped but I ported the patch forward to it
>> and the patches are in master-next for testing. It is great to see this
>> support moving forward.
>>
>> Much as it pains me to admit having any libtool knowledge, I may be able 
>> to
>> help with that bit. There is an untested patch below which may address 
>> that
>> issue, or at least give a good hint on how to do it if it doesn't work. I
>> don't have an environment to test easily right now.
>>
>> Cheers,
>>
>> Richard
> I tested your libtool patch in master-next with the bzip2 recipe.  It
> works as intended; libbz2.so.1.0.6 and all the other output files are
> now reproducible with LTO enabled.  I also verified that libtool is
> passing the -f*-prefix-map flags to the link command in log.do_compile
> as intended.
>
> I also verified that 

[OE-core] [meta-oe][master][PATCH 2/2] ldns: fix QA Issue after LDFLAGS change

[Tony Battersby]

Adding -f*-prefix-map to LDFLAGS caused the following issue:

QA Issue: ldns.pc failed sanity test (tmpdir)

Fix by filtering out -f*-prefix-map from *.pc files.

[YOCTO #14481]

Signed-off-by: Tony Battersby 
---
 meta-oe/recipes-devtools/ldns/ldns_1.7.1.bb | 7 +++
 1 file changed, 7 insertions(+)

diff --git a/meta-oe/recipes-devtools/ldns/ldns_1.7.1.bb 
b/meta-oe/recipes-devtools/ldns/ldns_1.7.1.bb
index 2a52dd688..2ce669154 100644
--- a/meta-oe/recipes-devtools/ldns/ldns_1.7.1.bb
+++ b/meta-oe/recipes-devtools/ldns/ldns_1.7.1.bb
@@ -16,3 +16,10 @@ PACKAGECONFIG[drill] = "--with-drill,--without-drill"
 
 EXTRA_OECONF = "--with-ssl=${STAGING_EXECPREFIXDIR} \
 libtool=${TARGET_PREFIX}libtool"
+
+do_install:append() {
+sed -e 's@[^ ]*-ffile-prefix-map=[^ "]*@@g' \
+-e 's@[^ ]*-fdebug-prefix-map=[^ "]*@@g' \
+-e 's@[^ ]*-fmacro-prefix-map=[^ "]*@@g' \
+-i ${D}${libdir}/pkgconfig/*.pc
+}
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#154622): 
https://lists.openembedded.org/g/openembedded-core/message/154622
Mute This Topic: https://lists.openembedded.org/mt/84769500/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [meta-networking][master][PATCH 1/2] curlpp: fix QA Issue after LDFLAGS change

[Tony Battersby]

Adding -f*-prefix-map to LDFLAGS caused the following issue:

QA Issue: curlpp.pc failed sanity test (tmpdir)

Fix by filtering out -f*-prefix-map from *.pc files.

[YOCTO #14481]

Signed-off-by: Tony Battersby 
---
 meta-networking/recipes-support/curlpp/curlpp_0.8.1.bb | 7 +++
 1 file changed, 7 insertions(+)

diff --git a/meta-networking/recipes-support/curlpp/curlpp_0.8.1.bb 
b/meta-networking/recipes-support/curlpp/curlpp_0.8.1.bb
index 6ce52d717..263de81c7 100644
--- a/meta-networking/recipes-support/curlpp/curlpp_0.8.1.bb
+++ b/meta-networking/recipes-support/curlpp/curlpp_0.8.1.bb
@@ -16,3 +16,10 @@ S = "${WORKDIR}/git"
 inherit cmake pkgconfig binconfig
 
 BBCLASSEXTEND = "native nativesdk"
+
+do_install:append() {
+sed -e 's@[^ ]*-ffile-prefix-map=[^ "]*@@g' \
+-e 's@[^ ]*-fdebug-prefix-map=[^ "]*@@g' \
+-e 's@[^ ]*-fmacro-prefix-map=[^ "]*@@g' \
+-i ${D}${libdir}/pkgconfig/*.pc
+}
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#154621): 
https://lists.openembedded.org/g/openembedded-core/message/154621
Mute This Topic: https://lists.openembedded.org/mt/84769492/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] pseudo: Outdated records for newly-ignored paths in database cause mismatches

[Seebs]

On Mon, 9 Aug 2021 13:19:51 +0100
"Mike Crowe via lists.openembedded.org"
 wrote:

> Cleaning the work directory makes the problem go away because that
> deletes the pseudo databases.
> 
> Does the above make sense as an explanation for these errors? If so,
> is there a good way to avoid these errors?

Good diagnostic work, makes sense to me. It would make some sense for
pseudo to ignore mismatches involving ignored paths, but it wasn't
originally designed with the ignored paths concept, so it currently
doesn't.

-s

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#154620): 
https://lists.openembedded.org/g/openembedded-core/message/154620
Mute This Topic: https://lists.openembedded.org/mt/84766871/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH v2 1/2] buildtools-tarball: add testsdk task

[Ross Burton]

Add a testsdk task, which is essentially the same as testsdk.bbclass but
the test case directory is changed.  This lets us exercise the
buildtools tarballs at build time.

Signed-off-by: Ross Burton 
---
 meta/recipes-core/meta/buildtools-tarball.bb | 13 +
 1 file changed, 13 insertions(+)

diff --git a/meta/recipes-core/meta/buildtools-tarball.bb 
b/meta/recipes-core/meta/buildtools-tarball.bb
index 9775430d4bf..6e96cf6c326 100644
--- a/meta/recipes-core/meta/buildtools-tarball.bb
+++ b/meta/recipes-core/meta/buildtools-tarball.bb
@@ -99,3 +99,16 @@ TOOLCHAIN_NEED_CONFIGSITE_CACHE = ""
 
 # The recipe doesn't need any default deps
 INHIBIT_DEFAULT_DEPS = "1"
+
+python do_testsdk() {
+import oeqa.sdk.testsdk
+testsdk = oeqa.sdk.testsdk.TestSDK()
+
+cases_path = 
os.path.join(os.path.abspath(os.path.dirname(oeqa.sdk.testsdk.__file__)), 
"buildtools-cases")
+testsdk.context_executor_class.default_cases = cases_path
+
+testsdk.run(d)
+}
+addtask testsdk
+do_testsdk[nostamp] = "1"
+do_testsdk[depends] += "xz-native:do_populate_sysroot"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#154618): 
https://lists.openembedded.org/g/openembedded-core/message/154618
Mute This Topic: https://lists.openembedded.org/mt/84768439/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH v2 2/2] oeqa/sdk: add some buildtools tests

[Ross Burton]

These two tests are designed to exercise the buildtools-tarball.

SanityTests simply verifies that inside the SDK, some commands are used
from the SDK.

BuildTests creates a new OE build directory and builds virtual/libc to
verify that a basic build works correctly. DL_DIR is reused to avoid
needless downloading, but sstate is not shared to ensure a build does
happen.

Signed-off-by: Ross Burton 
---
 meta/lib/oeqa/sdk/buildtools-cases/README|  2 ++
 meta/lib/oeqa/sdk/buildtools-cases/build.py  | 23 
 meta/lib/oeqa/sdk/buildtools-cases/sanity.py | 22 +++
 3 files changed, 47 insertions(+)
 create mode 100644 meta/lib/oeqa/sdk/buildtools-cases/README
 create mode 100644 meta/lib/oeqa/sdk/buildtools-cases/build.py
 create mode 100644 meta/lib/oeqa/sdk/buildtools-cases/sanity.py

diff --git a/meta/lib/oeqa/sdk/buildtools-cases/README 
b/meta/lib/oeqa/sdk/buildtools-cases/README
new file mode 100644
index 000..d4f20faa9f7
--- /dev/null
+++ b/meta/lib/oeqa/sdk/buildtools-cases/README
@@ -0,0 +1,2 @@
+These test cases are used by buildtools-tarball, and are not used by the 
testsdk
+class.
diff --git a/meta/lib/oeqa/sdk/buildtools-cases/build.py 
b/meta/lib/oeqa/sdk/buildtools-cases/build.py
new file mode 100644
index 000..5a17ab98c6c
--- /dev/null
+++ b/meta/lib/oeqa/sdk/buildtools-cases/build.py
@@ -0,0 +1,23 @@
+#
+# SPDX-License-Identifier: MIT
+#
+
+import os, tempfile
+from oeqa.sdk.case import OESDKTestCase
+from oeqa.utils.subprocesstweak import errors_have_output
+errors_have_output()
+
+class BuildTests(OESDKTestCase):
+"""
+Verify that bitbake can build virtual/libc inside the buildtools.
+"""
+def test_libc(self):
+with tempfile.TemporaryDirectory(prefix='bitbake-build-', 
dir=self.tc.sdk_dir) as testdir:
+corebase = self.td['COREBASE']
+
+self._run('. %s/oe-init-build-env %s' % (corebase, testdir))
+with open(os.path.join(testdir, 'conf', 'local.conf'), 'ta') as 
conf:
+conf.write('\n')
+conf.write('DL_DIR = "%s"\n' % self.td['DL_DIR'])
+
+self._run('. %s/oe-init-build-env %s && bitbake virtual/libc' % 
(corebase, testdir))
diff --git a/meta/lib/oeqa/sdk/buildtools-cases/sanity.py 
b/meta/lib/oeqa/sdk/buildtools-cases/sanity.py
new file mode 100644
index 000..64baaa8f84f
--- /dev/null
+++ b/meta/lib/oeqa/sdk/buildtools-cases/sanity.py
@@ -0,0 +1,22 @@
+#
+# SPDX-License-Identifier: MIT
+#
+
+import shutil
+import os.path
+from oeqa.sdk.case import OESDKTestCase
+
+class SanityTests(OESDKTestCase):
+def test_tools(self):
+"""
+Test that wget and tar come from the buildtools, not the host. This
+verifies that the buildtools have installed correctly. We can't check
+for gcc as that is only installed by buildtools-extended.
+"""
+for command in ("tar", "wget"):
+# Canonicalise the SDK root
+sdk_base = os.path.realpath(self.tc.sdk_dir)
+# Canonicalise the location of this command
+tool_path = os.path.realpath(self._run("command -v %s" % 
command).strip())
+# Assert that the tool was found inside the SDK root
+self.assertEquals(os.path.commonprefix((sdk_base, tool_path)), 
sdk_base)
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#154619): 
https://lists.openembedded.org/g/openembedded-core/message/154619
Mute This Topic: https://lists.openembedded.org/mt/84768440/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] pseudo: Outdated records for newly-ignored paths in database cause mismatches

[Mike Crowe via lists.openembedded.org]

Our CI Dunfell builds started failing during image creation with pseudo
aborts like:

path mismatch [2 links]: ino 123107550 db 
'/.../build/tmp-glibc/work/mymachine-oe-linux/myimage/1.0-r2/oe-rootfs-repo/mymachine/mypackage-dbg_1.0-r7_mymachine.ipk'
 req '/.../build/mymachine-root/usr/bin'.

Inode 123107550 is the second of the two paths.

We're using the latest pseudo (b988b0a6b8afd8d459bc9a2528e834f63a3d59b2)
because we ran into problems sharing sstate cache between different build
OS versions prior to oe-core:d7e87a5851d717da047f552be394d5712efa0402.

The mismatches started happening just after we took
oe-core:9463be2292b942a1072eea1b9644e55aadb9 (as
b04d7a7aed5b05e8561029c5e570206ac9b9fa4e for Dunfell):

index 459d872b4a..244f5bb8ff 100644
--- a/meta/classes/image.bbclass
+++ b/meta/classes/image.bbclass
@@ -180,6 +180,8 @@ LINGUAS_INSTALL ?= "${@" ".join(map(lambda s: 
"locale-base-%s" % s, d.getVar('IM
 # aren't yet available.
 PSEUDO_PASSWD = "${IMAGE_ROOTFS}:${STAGING_DIR_NATIVE}"

+PSEUDO_IGNORE_PATHS .= 
",${WORKDIR}/intercept_scripts,${WORKDIR}/oe-rootfs-repo"
+

I was able to reproduce a similar problem by commenting out the above
PSEUDO_IGNORE_PATHS line, building and image, putting it back and forcing
do_rootfs for the image to run again without any intervening cleaning. It
didn't happen every time though.

I believe that the pseudo database was populated with many paths in
oe-rootfs-repo before this change. After the change, the files in
oe-rootfs-repo were replaced which freed up their inodes, but because the
paths were ignored the database wasn't updated. Those inodes were
then used for files and directories in during rootfs creation. Pseudo
incorrectly believed that these inodes were already associated with files
it knew about based on the out-of-date database records.

Cleaning the work directory makes the problem go away because that deletes
the pseudo databases.

Does the above make sense as an explanation for these errors? If so, is
there a good way to avoid these errors?

Could pseudo check whether mismatched paths are now ignored and if so not
treat the mismatch as fatal?

Should changing PSEUDO_IGNORE_PATHS cause all tasks for the recipe to be
re-run so that the out-of-date database is removed?

Even if it's not worth employing some technical measure, perhaps this is
worth mentioning as a potential false alarm at
https://wiki.yoctoproject.org/wiki/Pseudo_Abort ?

Thanks.

Mike.

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#154617): 
https://lists.openembedded.org/g/openembedded-core/message/154617
Mute This Topic: https://lists.openembedded.org/mt/84766871/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH 1/2] buildtools-tarball: add testsdk task

[Ross Burton]

Yeah not sure how that happened!

V2 incoming :)

On Thu, 22 Jul 2021 at 07:50, Richard Purdie
 wrote:
>
> On Wed, 2021-07-21 at 14:54 +0100, Ross Burton wrote:
> > Add a testsdk task, which is essentially the same as testsdk.bbclass but
> > the test case directory is changed.  This lets us exercise the
> > buildtools tarballs at build time.
> >
> > Signed-off-by: Ross Burton 
> > ---
> >  meta/recipes-core/meta/buildtools-tarball.bb | 11 +++
> >  1 file changed, 11 insertions(+)
> >
> > diff --git a/meta/recipes-core/meta/buildtools-tarball.bb 
> > b/meta/recipes-core/meta/buildtools-tarball.bb
> > index b5dae176bf..67a6d81ddd 100644
> > --- a/meta/recipes-core/meta/buildtools-tarball.bb
> > +++ b/meta/recipes-core/meta/buildtools-tarball.bb
> > @@ -99,3 +99,14 @@ TOOLCHAIN_NEED_CONFIGSITE_CACHE = ""
> >
> >
> >  # The recipe doesn't need any default deps
> >  INHIBIT_DEFAULT_DEPS = "1"
> > +
> > +python do_testsdk() {
> > +import oeqa.sdk.testsdk
> > +testsdk = oeqa.sdk.testsdk.TestSDK()
> > +
> > os.path.join(os.path.abspath(os.path.dirname(oeqa.sdk.testsdk.__file__)), 
> > "buildtools-cases")
> > +testsdk.context_executor_class.default_cases = 
> > "/home/ross/Yocto/poky/meta/lib/oeqa/sdk/buildtools-cases"
>
> This looks like a good idea, I'm happy to see it but I think the line above 
> may
> need a small tweak! :)
>
> Cheers,
>
> Richard
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#154616): 
https://lists.openembedded.org/g/openembedded-core/message/154616
Mute This Topic: https://lists.openembedded.org/mt/84356744/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] OE-core CVE metrics for master on Sun 08 Aug 2021 04:00:01 AM HST

[Ross Burton]

Did ten minutes digging into some recent issues:

> CVE-2021-3507: qemu:qemu-native:qemu-system-native 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3507 *

No fixes in flight for this.

> CVE-2021-35331: tcl:tcl-native 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35331 *

Disputed as the issue is in build-time tooling.

> CVE-2021-35942: glibc 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35942 *

Fixed in the upstream 2.33 branch, so easily merged.

> CVE-2021-36976: libarchive:libarchive-native 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36976 *

https://github.com/libarchive/libarchive/issues/1554.  Patches in flight.

Ross

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#154615): 
https://lists.openembedded.org/g/openembedded-core/message/154615
Mute This Topic: https://lists.openembedded.org/mt/84747518/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 5/5] sstate.bbclass: sstate mirror progress bar cleanup

[Jose Quaresma]

We only has the progress bar when we have more than 100 objects.
So check for this and store the result to show the progress bar.

Signed-off-by: Jose Quaresma 
---
 meta/classes/sstate.bbclass | 12 
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/meta/classes/sstate.bbclass b/meta/classes/sstate.bbclass
index 948779386d..a9c908fe97 100644
--- a/meta/classes/sstate.bbclass
+++ b/meta/classes/sstate.bbclass
@@ -953,20 +953,24 @@ def sstate_checkhashes(sq_data, d, siginfo=False, 
currentcount=0, summary=True,
 except:
 bb.debug(2, "SState: Unsuccessful fetch test for %s" % srcuri)
 pass
-if len(tasklist) >= min_tasks:
+
+if progress:
 bb.event.fire(bb.event.ProcessProgress(msg, len(tasklist) - 
thread_worker.tasks.qsize()), d)
 
 tasklist = []
-min_tasks = 100
 for tid in missed:
 spec, extrapath, tname = getpathcomponents(tid, d)
 sstatefile = d.expand(extrapath + generate_sstatefn(spec, 
gethash(tid), tname, siginfo, d))
 tasklist.append((tid, sstatefile))
 
+progress = False
+if len(tasklist) >= 100:
+progress = True
+
 if tasklist:
 nproc = min(oe.utils.cpu_count(), len(tasklist))
 
-if len(tasklist) >= min_tasks:
+if progress:
 msg = "Checking sstate mirror object availability"
 bb.event.fire(bb.event.ProcessStarted(msg, len(tasklist)), d)
 bb.event.enable_threadlock()
@@ -978,7 +982,7 @@ def sstate_checkhashes(sq_data, d, siginfo=False, 
currentcount=0, summary=True,
 pool.start()
 pool.wait_completion()
 
-if len(tasklist) >= min_tasks:
+if progress:
 bb.event.disable_threadlock()
 bb.event.fire(bb.event.ProcessFinished(msg), d)
 
-- 
2.32.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#154614): 
https://lists.openembedded.org/g/openembedded-core/message/154614
Mute This Topic: https://lists.openembedded.org/mt/84764886/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 4/5] sstate.bbclass: disable thread lock if we don't have events

[Jose Quaresma]

commit f2053844958325496a9387874a8f3182400b71ca
'classes/sstate.bbclass: Enable thread lock when checkstatus'
adds a thread lock to don't lose the events from multiple threads
that runs on the ThreadPool.

commit 1444b8a2ae226829e719d3d184fca27e5940ae0d
'sstate.bbclass: Only show sstate mirror progress bar for >= 100 objects'
disable the events if we don't have a minium number of objects.

So we can only use the thread lock when we have the events in place.

Signed-off-by: Jose Quaresma 
---
 meta/classes/sstate.bbclass | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/classes/sstate.bbclass b/meta/classes/sstate.bbclass
index 63085a7f3a..948779386d 100644
--- a/meta/classes/sstate.bbclass
+++ b/meta/classes/sstate.bbclass
@@ -969,17 +969,17 @@ def sstate_checkhashes(sq_data, d, siginfo=False, 
currentcount=0, summary=True,
 if len(tasklist) >= min_tasks:
 msg = "Checking sstate mirror object availability"
 bb.event.fire(bb.event.ProcessStarted(msg, len(tasklist)), d)
+bb.event.enable_threadlock()
 
-bb.event.enable_threadlock()
 pool = oe.utils.ThreadedPool(nproc, len(tasklist),
 worker_init=checkstatus_init, worker_end=checkstatus_end)
 for t in tasklist:
 pool.add_task(checkstatus, t)
 pool.start()
 pool.wait_completion()
-bb.event.disable_threadlock()
 
 if len(tasklist) >= min_tasks:
+bb.event.disable_threadlock()
 bb.event.fire(bb.event.ProcessFinished(msg), d)
 
 inheritlist = d.getVar("INHERIT")
-- 
2.32.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#154613): 
https://lists.openembedded.org/g/openembedded-core/message/154613
Mute This Topic: https://lists.openembedded.org/mt/84764885/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 3/5] sstate.bbclass: get the number of threads with cpu_count from oe utils

[Jose Quaresma]

It uses the python os.sched_getaffinity and it is more acurrate

Signed-off-by: Jose Quaresma 
---
 meta/classes/sstate.bbclass | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/meta/classes/sstate.bbclass b/meta/classes/sstate.bbclass
index c3c145e7f3..63085a7f3a 100644
--- a/meta/classes/sstate.bbclass
+++ b/meta/classes/sstate.bbclass
@@ -964,13 +964,12 @@ def sstate_checkhashes(sq_data, d, siginfo=False, 
currentcount=0, summary=True,
 tasklist.append((tid, sstatefile))
 
 if tasklist:
+nproc = min(oe.utils.cpu_count(), len(tasklist))
+
 if len(tasklist) >= min_tasks:
 msg = "Checking sstate mirror object availability"
 bb.event.fire(bb.event.ProcessStarted(msg, len(tasklist)), d)
 
-import multiprocessing
-nproc = min(multiprocessing.cpu_count(), len(tasklist))
-
 bb.event.enable_threadlock()
 pool = oe.utils.ThreadedPool(nproc, len(tasklist),
 worker_init=checkstatus_init, worker_end=checkstatus_end)
-- 
2.32.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#154612): 
https://lists.openembedded.org/g/openembedded-core/message/154612
Mute This Topic: https://lists.openembedded.org/mt/84764884/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 2/5] sstate.bbclass: only search on the mirrors for the missing files

[Jose Quaresma]

On the first search we found some files on the local sstate cache.
The missing files are know as well when this step finish.
When we have sstate mirrors we don't need to iterate all files again
because we already know what's missing.

Signed-off-by: Jose Quaresma 
---
 meta/classes/sstate.bbclass | 9 ++---
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/meta/classes/sstate.bbclass b/meta/classes/sstate.bbclass
index 2575750247..c3c145e7f3 100644
--- a/meta/classes/sstate.bbclass
+++ b/meta/classes/sstate.bbclass
@@ -949,11 +949,8 @@ def sstate_checkhashes(sq_data, d, siginfo=False, 
currentcount=0, summary=True,
 bb.debug(2, "SState: Successful fetch test for %s" % srcuri)
 foundMirrors += 1
 found.add(tid)
-
-if tid in missed:
-missed.remove(tid)
+missed.remove(tid)
 except:
-missed.add(tid)
 bb.debug(2, "SState: Unsuccessful fetch test for %s" % srcuri)
 pass
 if len(tasklist) >= min_tasks:
@@ -961,9 +958,7 @@ def sstate_checkhashes(sq_data, d, siginfo=False, 
currentcount=0, summary=True,
 
 tasklist = []
 min_tasks = 100
-for tid in sq_data['hash']:
-if tid in found:
-continue
+for tid in missed:
 spec, extrapath, tname = getpathcomponents(tid, d)
 sstatefile = d.expand(extrapath + generate_sstatefn(spec, 
gethash(tid), tname, siginfo, d))
 tasklist.append((tid, sstatefile))
-- 
2.32.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#154611): 
https://lists.openembedded.org/g/openembedded-core/message/154611
Mute This Topic: https://lists.openembedded.org/mt/84764882/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 1/5] sstate.bbclass: track found files on mirrors with a counter

[Jose Quaresma]

We don't need extra python collections to count the found files
on the sstate cache and sstate mirrors.
The main found collections provides all the files that were found,
then we only need to count the files on sstate mirror

Signed-off-by: Jose Quaresma 
---
 meta/classes/sstate.bbclass | 13 ++---
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/meta/classes/sstate.bbclass b/meta/classes/sstate.bbclass
index 2175ace4c4..2575750247 100644
--- a/meta/classes/sstate.bbclass
+++ b/meta/classes/sstate.bbclass
@@ -871,8 +871,6 @@ BB_HASHCHECK_FUNCTION = "sstate_checkhashes"
 
 def sstate_checkhashes(sq_data, d, siginfo=False, currentcount=0, 
summary=True, **kwargs):
 found = set()
-foundLocal = set()
-foundNet = set()
 missed = set()
 
 def gethash(task):
@@ -905,12 +903,11 @@ def sstate_checkhashes(sq_data, d, siginfo=False, 
currentcount=0, summary=True,
 if os.path.exists(sstatefile):
 bb.debug(2, "SState: Found valid sstate file %s" % sstatefile)
 found.add(tid)
-foundLocal.add(tid)
-continue
 else:
-missed.add(tid)
 bb.debug(2, "SState: Looked for but didn't find file %s" % 
sstatefile)
+missed.add(tid)
 
+foundMirrors = 0
 mirrors = d.getVar("SSTATE_MIRRORS")
 if mirrors:
 # Copy the data object and override DL_DIR and SRC_URI
@@ -950,8 +947,9 @@ def sstate_checkhashes(sq_data, d, siginfo=False, 
currentcount=0, summary=True,
 connection_cache=thread_worker.connection_cache)
 fetcher.checkstatus()
 bb.debug(2, "SState: Successful fetch test for %s" % srcuri)
+foundMirrors += 1
 found.add(tid)
-foundNet.add(tid)
+
 if tid in missed:
 missed.remove(tid)
 except:
@@ -1013,7 +1011,8 @@ def sstate_checkhashes(sq_data, d, siginfo=False, 
currentcount=0, summary=True,
 match = 0
 if total:
 match = len(found) / total * 100
-bb.plain("Sstate summary: Wanted %d Local %d Network %d Missed %d 
Current %d (%d%% match, %d%% complete)" % (total, len(foundLocal), 
len(foundNet),len(missed), currentcount, match, complete))
+bb.plain("Sstate summary: Wanted %d Local %d Mirrors %d Missed %d 
Current %d (%d%% match, %d%% complete)" %
+(total, len(found)-foundMirrors, foundMirrors, len(missed), 
currentcount, match, complete))
 
 if hasattr(bb.parse.siggen, "checkhashes"):
 bb.parse.siggen.checkhashes(sq_data, missed, found, d)
-- 
2.32.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#154610): 
https://lists.openembedded.org/g/openembedded-core/message/154610
Mute This Topic: https://lists.openembedded.org/mt/84764881/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH] libconvert-asn1-perl: 0.27 -> 0.31

[Changqing Li]

On 8/9/21 4:38 PM, Alexander Kanavin wrote:


**[Please note: This e-mail is from an EXTERNAL e-mail address]

Can you please explain the SRC_URI change in the commit message? Does 
upstream version check work and report the latest version properly?


Hi,

I have send a V2,  and update the commit message. Now, RRS cannot report 
latest version since old SRC_URI not used any more.


with this patch, It will work again.



Alex

On Mon, 9 Aug 2021 at 08:01, Changqing Li > wrote:


ping

On 8/2/21 9:41 AM, Changqing Li wrote:

From: Changqing Li  


Signed-off-by: Changqing Li  

---
  ...ert-asn1-perl_0.27.bb  

  =>libconvert-asn1-perl_0.31.bb  
}
 | 8 
  1 file changed, 4 insertions(+), 4 deletions(-)
  rename meta/recipes-extended/perl/{libconvert-asn1-perl_0.27.bb  

  =>libconvert-asn1-perl_0.31.bb  
}
 (71%)

diff --git a/meta/recipes-extended/perl/libconvert-asn1-perl_0.27.bb  

  b/meta/recipes-extended/perl/libconvert-asn1-perl_0.31.bb  

similarity index 71%
rename from meta/recipes-extended/perl/libconvert-asn1-perl_0.27.bb  

rename to meta/recipes-extended/perl/libconvert-asn1-perl_0.31.bb  

index 409a8f3896..2548878a2e 100644
--- a/meta/recipes-extended/perl/libconvert-asn1-perl_0.27.bb  

+++ b/meta/recipes-extended/perl/libconvert-asn1-perl_0.31.bb  

@@ -1,14 +1,14 @@
  SUMMARY = "Convert::ASN1 - Perl ASN.1 Encode/Decode library"
  SECTION = "libs"
-HOMEPAGE ="https://metacpan.org/source/GBARR/Convert-ASN1-0.27;  

+HOMEPAGE ="http://search.cpan.org/dist/Convert-ASN1/;  

  DESCRIPTION = "Convert::ASN1 is a perl library for encoding/decoding data 
using ASN.1 definitions."
  LICENSE = "Artistic-1.0 | GPL-1.0+"
  LIC_FILES_CHKSUM 
="file://README.md;beginline=91;endline=97;md5=ceff7fd286eb6d8e8e0d3d23e096a63f"
  
-SRC_URI ="http://search.cpan.org/CPAN/authors/id/G/GB/GBARR/Convert-ASN1-${PV}.tar.gz;  

+SRC_URI 
="https://cpan.metacpan.org/authors/id/T/TI/TIMLEGGE/Convert-ASN1-${PV}.tar.gz;  

  
-SRC_URI[md5sum] = "68723e96be0b258a9e20480276e8a62c"

-SRC_URI[sha256sum] = 
"74a4a78ae0c5e973100ac0a8f203a110f76fb047b79dae4fc1fd7d6814d3d58a"
+SRC_URI[md5sum] = "1e12b263a5042804bb1c59ddce899876"
+SRC_URI[sha256sum] = 
"6fe4c1ba744c3a8212bf2c9b2703d93530acc153435cf2f93633540b439fbbeb"
  
  S = "${WORKDIR}/Convert-ASN1-${PV}"
  






-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#154609): 
https://lists.openembedded.org/g/openembedded-core/message/154609
Mute This Topic: 

[OE-core] [V2][PATCH] libconvert-asn1-perl: 0.27 -> 0.31

[Changqing Li]

From: Changqing Li 

Old homepage is bad link, cannot be accessed. Now this project is
development on github, and the new homepage is get from
https://github.com/gbarr/perl-Convert-ASN1

Old SRC_URI is not used any more, the lastest update is in 2014.
>From 0.28, the download link changed to:
https://cpan.metacpan.org/authors/id/T/TI/TIMLEGGE/

Signed-off-by: Changqing Li 
---
 ...ert-asn1-perl_0.27.bb => libconvert-asn1-perl_0.31.bb} | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)
 rename meta/recipes-extended/perl/{libconvert-asn1-perl_0.27.bb => 
libconvert-asn1-perl_0.31.bb} (71%)

diff --git a/meta/recipes-extended/perl/libconvert-asn1-perl_0.27.bb 
b/meta/recipes-extended/perl/libconvert-asn1-perl_0.31.bb
similarity index 71%
rename from meta/recipes-extended/perl/libconvert-asn1-perl_0.27.bb
rename to meta/recipes-extended/perl/libconvert-asn1-perl_0.31.bb
index 409a8f3896..2548878a2e 100644
--- a/meta/recipes-extended/perl/libconvert-asn1-perl_0.27.bb
+++ b/meta/recipes-extended/perl/libconvert-asn1-perl_0.31.bb
@@ -1,14 +1,14 @@
 SUMMARY = "Convert::ASN1 - Perl ASN.1 Encode/Decode library"
 SECTION = "libs"
-HOMEPAGE = "https://metacpan.org/source/GBARR/Convert-ASN1-0.27;
+HOMEPAGE = "http://search.cpan.org/dist/Convert-ASN1/;
 DESCRIPTION = "Convert::ASN1 is a perl library for encoding/decoding data 
using ASN.1 definitions."
 LICENSE = "Artistic-1.0 | GPL-1.0+"
 LIC_FILES_CHKSUM = 
"file://README.md;beginline=91;endline=97;md5=ceff7fd286eb6d8e8e0d3d23e096a63f"
 
-SRC_URI = 
"http://search.cpan.org/CPAN/authors/id/G/GB/GBARR/Convert-ASN1-${PV}.tar.gz;
+SRC_URI = 
"https://cpan.metacpan.org/authors/id/T/TI/TIMLEGGE/Convert-ASN1-${PV}.tar.gz;
 
-SRC_URI[md5sum] = "68723e96be0b258a9e20480276e8a62c"
-SRC_URI[sha256sum] = 
"74a4a78ae0c5e973100ac0a8f203a110f76fb047b79dae4fc1fd7d6814d3d58a"
+SRC_URI[md5sum] = "1e12b263a5042804bb1c59ddce899876"
+SRC_URI[sha256sum] = 
"6fe4c1ba744c3a8212bf2c9b2703d93530acc153435cf2f93633540b439fbbeb"
 
 S = "${WORKDIR}/Convert-ASN1-${PV}"
 
-- 
2.17.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#154608): 
https://lists.openembedded.org/g/openembedded-core/message/154608
Mute This Topic: https://lists.openembedded.org/mt/84764772/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [hardknott][PATCH v2] glibc: Fix CVE-2021-35942

[Vinay Kumar]

Source: https://sourceware.org/git/glibc.git
Tracking -- https://sourceware.org/bugzilla/show_bug.cgi?id=28011

Backported upstream commit 5adda61f62b77384718b4c0d8336ade8f2b4b35c to
glibc-2.33 source.

Upstream-Status: Backport 
[https://sourceware.org/git/?p=glibc.git;a=commit;h=5adda61f62b77384718b4c0d8336ade8f2b4b35c]
Signed-off-by: Vinay Kumar 
---
 .../glibc/glibc/CVE-2021-35942.patch  | 44 +++
 meta/recipes-core/glibc/glibc_2.33.bb |  1 +
 2 files changed, 45 insertions(+)
 create mode 100644 meta/recipes-core/glibc/glibc/CVE-2021-35942.patch

diff --git a/meta/recipes-core/glibc/glibc/CVE-2021-35942.patch 
b/meta/recipes-core/glibc/glibc/CVE-2021-35942.patch
new file mode 100644
index 00..5cae1bc91c
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/CVE-2021-35942.patch
@@ -0,0 +1,44 @@
+From 5adda61f62b77384718b4c0d8336ade8f2b4b35c Mon Sep 17 00:00:00 2001
+From: Andreas Schwab 
+Date: Fri, 25 Jun 2021 15:02:47 +0200
+Subject: [PATCH] wordexp: handle overflow in positional parameter number (bug
+ 28011)
+
+Use strtoul instead of atoi so that overflow can be detected.
+
+Upstream-Status: Backport 
[https://sourceware.org/git/?p=glibc.git;a=commit;h=5adda61f62b77384718b4c0d8336ade8f2b4b35c]
+CVE: CVE-2021-35942
+Signed-off-by: Vinay Kumar 
+---
+ posix/wordexp-test.c | 1 +
+ posix/wordexp.c  | 2 +-
+ 2 files changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/posix/wordexp-test.c b/posix/wordexp-test.c
+index f93a546d7e..9df02dbbb3 100644
+--- a/posix/wordexp-test.c
 b/posix/wordexp-test.c
+@@ -183,6 +183,7 @@ struct test_case_struct
+ { 0, NULL, "$var", 0, 0, { NULL, }, IFS },
+ { 0, NULL, "\"\\n\"", 0, 1, { "\\n", }, IFS },
+ { 0, NULL, "", 0, 0, { NULL, }, IFS },
++{ 0, NULL, "${1234567890123456789012}", 0, 0, { NULL, }, IFS },
+ 
+ /* Flags not already covered (testit() has special handling for these) */
+ { 0, NULL, "one two", WRDE_DOOFFS, 2, { "one", "two", }, IFS },
+diff --git a/posix/wordexp.c b/posix/wordexp.c
+index bcbe96e48d..1f3b09f721 100644
+--- a/posix/wordexp.c
 b/posix/wordexp.c
+@@ -1399,7 +1399,7 @@ envsubst:
+   /* Is it a numeric parameter? */
+   else if (isdigit (env[0]))
+ {
+-  int n = atoi (env);
++  unsigned long n = strtoul (env, NULL, 10);
+ 
+   if (n >= __libc_argc)
+   /* Substitute NULL. */
+-- 
+2.17.1
+
diff --git a/meta/recipes-core/glibc/glibc_2.33.bb 
b/meta/recipes-core/glibc/glibc_2.33.bb
index bb35c50c98..7f516d2bbe 100644
--- a/meta/recipes-core/glibc/glibc_2.33.bb
+++ b/meta/recipes-core/glibc/glibc_2.33.bb
@@ -63,6 +63,7 @@ SRC_URI =  "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
file://0001-nptl-Remove-private-futex-optimization-BZ-27304.patch \
file://CVE-2021-33574_1.patch \
file://CVE-2021-33574_2.patch \
+   file://CVE-2021-35942.patch \
"
 S = "${WORKDIR}/git"
 B = "${WORKDIR}/build-${TARGET_SYS}"
-- 
2.31.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#154607): 
https://lists.openembedded.org/g/openembedded-core/message/154607
Mute This Topic: https://lists.openembedded.org/mt/84764197/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH] libconvert-asn1-perl: 0.27 -> 0.31

[Alexander Kanavin]

Can you please explain the SRC_URI change in the commit message? Does
upstream version check work and report the latest version properly?

Alex

On Mon, 9 Aug 2021 at 08:01, Changqing Li 
wrote:

> ping
> On 8/2/21 9:41 AM, Changqing Li wrote:
>
> From: Changqing Li  
>
> Signed-off-by: Changqing Li  
> 
> ---
>  ...ert-asn1-perl_0.27.bb => libconvert-asn1-perl_0.31.bb} | 8 
>  1 file changed, 4 insertions(+), 4 deletions(-)
>  rename meta/recipes-extended/perl/{libconvert-asn1-perl_0.27.bb => 
> libconvert-asn1-perl_0.31.bb} (71%)
>
> diff --git a/meta/recipes-extended/perl/libconvert-asn1-perl_0.27.bb 
> b/meta/recipes-extended/perl/libconvert-asn1-perl_0.31.bb
> similarity index 71%
> rename from meta/recipes-extended/perl/libconvert-asn1-perl_0.27.bb
> rename to meta/recipes-extended/perl/libconvert-asn1-perl_0.31.bb
> index 409a8f3896..2548878a2e 100644
> --- a/meta/recipes-extended/perl/libconvert-asn1-perl_0.27.bb
> +++ b/meta/recipes-extended/perl/libconvert-asn1-perl_0.31.bb
> @@ -1,14 +1,14 @@
>  SUMMARY = "Convert::ASN1 - Perl ASN.1 Encode/Decode library"
>  SECTION = "libs"
> -HOMEPAGE = "https://metacpan.org/source/GBARR/Convert-ASN1-0.27; 
> 
> +HOMEPAGE = "http://search.cpan.org/dist/Convert-ASN1/; 
> 
>  DESCRIPTION = "Convert::ASN1 is a perl library for encoding/decoding data 
> using ASN.1 definitions."
>  LICENSE = "Artistic-1.0 | GPL-1.0+"
>  LIC_FILES_CHKSUM = 
> "file://README.md;beginline=91;endline=97;md5=ceff7fd286eb6d8e8e0d3d23e096a63f"
>
> -SRC_URI = 
> "http://search.cpan.org/CPAN/authors/id/G/GB/GBARR/Convert-ASN1-${PV}.tar.gz; 
> 
> +SRC_URI = 
> "https://cpan.metacpan.org/authors/id/T/TI/TIMLEGGE/Convert-ASN1-${PV}.tar.gz;
>  
> 
>
> -SRC_URI[md5sum] = "68723e96be0b258a9e20480276e8a62c"
> -SRC_URI[sha256sum] = 
> "74a4a78ae0c5e973100ac0a8f203a110f76fb047b79dae4fc1fd7d6814d3d58a"
> +SRC_URI[md5sum] = "1e12b263a5042804bb1c59ddce899876"
> +SRC_URI[sha256sum] = 
> "6fe4c1ba744c3a8212bf2c9b2703d93530acc153435cf2f93633540b439fbbeb"
>
>  S = "${WORKDIR}/Convert-ASN1-${PV}"
>
>
>
>
> 
>
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#154606): 
https://lists.openembedded.org/g/openembedded-core/message/154606
Mute This Topic: https://lists.openembedded.org/mt/84602829/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core][PATCH] kernel-fitimage: images should not be signed with the same keys as the configurations

[Thomas Perrot]

Hello Alexandre,

On Sun, 2021-08-08 at 21:19 +0200, Alexandre Belloni wrote:
> Hello,
> 
> On 06/08/2021 18:10:38+0200, Thomas Perrot wrote:
> > Otherwise the "required" property, from UBOOT_DTB_BINARY, will be set
> > to "conf"
> > and no error will be raised in case of error.
> > 
> > Signed-off-by: Thomas Perrot 
> > ---
> >  meta/classes/kernel-fitimage.bbclass | 40 --
> > --
> >  1 file changed, 35 insertions(+), 5 deletions(-)
> > 
> > diff --git a/meta/classes/kernel-fitimage.bbclass
> > b/meta/classes/kernel-fitimage.bbclass
> > index a9d1002200c9..72f692e40e63 100644
> > --- a/meta/classes/kernel-fitimage.bbclass
> > +++ b/meta/classes/kernel-fitimage.bbclass
> > @@ -60,6 +60,14 @@ FIT_DESC ?= "Kernel fitImage for
> > ${DISTRO_NAME}/${PV}/${MACHINE}"
> >  # Sign individual images as well
> >  FIT_SIGN_INDIVIDUAL ?= "0"
> >  
> > +# Keys used to sign individually images nodes.
> > +# The keys to sign images nodes must be different from those used to
> > sign
> > +# configurations nodes, otherwise the "required" property, from
> > +# UBOOT_DTB_BINARY, will be set to "conf", because "conf" prevails
> > on "image".
> > +# Then images signature checking will not be mandatory and no error
> > will be
> > +# raised.
> > +# UBOOT_SIGN_IMG_KEYNAME = "dev2" # keys name in keydir (eg.
> > "dev2.crt", "dev2.key")
> > +
> >  #
> >  # Emit the fitImage ITS header
> >  #
> > @@ -121,7 +129,7 @@ fitimage_emit_section_kernel() {
> >  
> > kernel_csum="${FIT_HASH_ALG}"
> > kernel_sign_algo="${FIT_SIGN_ALG}"
> > -   kernel_sign_keyname="${UBOOT_SIGN_KEYNAME}"
> > +   kernel_sign_keyname="${UBOOT_SIGN_IMG_KEYNAME}"
> >  
> > ENTRYPOINT="${UBOOT_ENTRYPOINT}"
> > if [ -n "${UBOOT_ENTRYSYMBOL}" ]; then
> > @@ -167,7 +175,7 @@ fitimage_emit_section_dtb() {
> >  
> > dtb_csum="${FIT_HASH_ALG}"
> > dtb_sign_algo="${FIT_SIGN_ALG}"
> > -   dtb_sign_keyname="${UBOOT_SIGN_KEYNAME}"
> > +   dtb_sign_keyname="${UBOOT_SIGN_IMG_KEYNAME}"
> >  
> > dtb_loadline=""
> > dtb_ext=${DTB##*.}
> > @@ -214,7 +222,7 @@ fitimage_emit_section_boot_script() {
> >  
> >  bootscr_csum="${FIT_HASH_ALG}"
> > bootscr_sign_algo="${FIT_SIGN_ALG}"
> > -   bootscr_sign_keyname="${UBOOT_SIGN_KEYNAME}"
> > +   bootscr_sign_keyname="${UBOOT_SIGN_IMG_KEYNAME}"
> >  
> >  cat << EOF >> ${1}
> >  bootscr-${2} {
> > @@ -278,7 +286,7 @@ fitimage_emit_section_ramdisk() {
> >  
> > ramdisk_csum="${FIT_HASH_ALG}"
> > ramdisk_sign_algo="${FIT_SIGN_ALG}"
> > -   ramdisk_sign_keyname="${UBOOT_SIGN_KEYNAME}"
> > +   ramdisk_sign_keyname="${UBOOT_SIGN_IMG_KEYNAME}"
> > ramdisk_loadline=""
> > ramdisk_entryline=""
> >  
> > @@ -475,6 +483,10 @@ fitimage_assemble() {
> > bootscr_id=""
> > rm -f ${1} arch/${ARCH}/boot/${2}
> >  
> > +   if [ "${UBOOT_SIGN_KEYNAME}" = "${UBOOT_SIGN_IMG_KEYNAME}" ];
> > then
> > +   bbfatal "Keys used to sign images and configuration
> > nodes must be different."
> 
> This breaks oe-selftest, as seen in:
> https://autobuilder.yoctoproject.org/typhoon/#/builders/79/builds/2383/steps/14/logs/stdio
> 

Thank you for the feedback.

The tests also need to be updated, so I will submit a v2, including the
required changes on the test side.

Best regards,
Thomas Perrot

> 
> 
> 
> 

-- 
Thomas Perrot, Bootlin
Embedded Linux and kernel engineering
https://bootlin.com



signature.asc
Description: This is a digitally signed message part

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#154605): 
https://lists.openembedded.org/g/openembedded-core/message/154605
Mute This Topic: https://lists.openembedded.org/mt/84711813/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [poky][dunfell][PATCH] lighttpd: Add patch for reuse large memory chunks

[Purushottam choudhary]

Added 0001-core-reuse-large-mem-chunks-fix-mem-usage-fixes-3033.patch
to fix large memory usage for large file downloads
from dynamic backends reuse or release large memory chunks.

This issue is caused by a bug in the lighttpd 1.4.55 version and
has been fixed in lighttpd 1.4.58. Hence, it is not needed for
master and hardknott branch because lighttpd has 1.4.59 version.

Link: 
https://redmine.lighttpd.net/projects/lighttpd/repository/14/revisions/7ba521ffb4959f6f74a609d5d4acafc29a038337

Signed-off-by: Purushottam Choudhary 
---
 ...large-mem-chunks-fix-mem-usage-fixes-3033.patch | 224 +
 meta/recipes-extended/lighttpd/lighttpd_1.4.55.bb  |   1 +
 2 files changed, 225 insertions(+)
 create mode 100644 
meta/recipes-extended/lighttpd/lighttpd/0001-core-reuse-large-mem-chunks-fix-mem-usage-fixes-3033.patch

diff --git 
a/meta/recipes-extended/lighttpd/lighttpd/0001-core-reuse-large-mem-chunks-fix-mem-usage-fixes-3033.patch
 
b/meta/recipes-extended/lighttpd/lighttpd/0001-core-reuse-large-mem-chunks-fix-mem-usage-fixes-3033.patch
new file mode 100644
index 000..e3ede66
--- /dev/null
+++ 
b/meta/recipes-extended/lighttpd/lighttpd/0001-core-reuse-large-mem-chunks-fix-mem-usage-fixes-3033.patch
@@ -0,0 +1,224 @@
+From f46bba11bf47ab6d6601e6ca653f1cdc7a2673ed Mon Sep 17 00:00:00 2001
+From: Glenn Strauss 
+Date: Wed, 23 Dec 2020 23:14:47 -0500
+Subject: [PATCH] reuse large mem chunks (fix mem usage) (fixes #3033)
+
+(cherry picked from commit 7ba521ffb4959f6f74a609d5d4acafc29a038337)
+
+(thx flynn)
+
+fix large memory usage for large file downloads from dynamic backends
+
+reuse or release large memory chunks
+
+x-ref:
+  "Memory Growth with PUT and full buffered streams"
+  https://redmine.lighttpd.net/issues/3033
+
+Upstream-Status: Backport
+Comment: No hunk refreshed
+https://redmine.lighttpd.net/projects/lighttpd/repository/14/revisions/7ba521ffb4959f6f74a609d5d4acafc29a038337
+Signed-off-by: Purushottam Choudhary 
+
+---
+ src/chunk.c| 99 --
+ src/chunk.h|  2 +
+ src/http-header-glue.c |  2 +-
+ 3 files changed, 82 insertions(+), 21 deletions(-)
+
+diff --git a/src/chunk.c b/src/chunk.c
+index 09dd3f1..ffb3795 100644
+--- a/src/chunk.c
 b/src/chunk.c
+@@ -28,16 +28,20 @@
+ static size_t chunk_buf_sz = 4096;
+ static chunk *chunks, *chunks_oversized;
+ static chunk *chunk_buffers;
++static int chunks_oversized_n;
+ static array *chunkqueue_default_tempdirs = NULL;
+ static off_t chunkqueue_default_tempfile_size = DEFAULT_TEMPFILE_SIZE;
+
+ void chunkqueue_set_chunk_size (size_t sz)
+ {
+-chunk_buf_sz = sz > 0 ? ((sz + 1023) & ~1023uL) : 4096;
++size_t x = 1024;
++while (x < sz && x < (1u << 30)) x <<= 1;
++chunk_buf_sz = sz > 0 ? x : 4096;
+ }
+
+ void chunkqueue_set_tempdirs_default_reset (void)
+ {
++chunk_buf_sz = 8192;
+ chunkqueue_default_tempdirs = NULL;
+ chunkqueue_default_tempfile_size = DEFAULT_TEMPFILE_SIZE;
+ }
+@@ -120,15 +124,49 @@ static void chunk_free(chunk *c) {
+   free(c);
+ }
+
+-buffer * chunk_buffer_acquire(void) {
++static chunk * chunk_pop_oversized(size_t sz) {
++/* future: might have buckets of certain sizes, up to socket buf sizes */
++if (chunks_oversized && chunks_oversized->mem->size >= sz) {
++--chunks_oversized_n;
++chunk *c = chunks_oversized;
++chunks_oversized = c->next;
++return c;
++}
++return NULL;
++}
++
++static void chunk_push_oversized(chunk * const c, const size_t sz) {
++if (chunks_oversized_n < 64 && chunk_buf_sz >= 4096) {
++++chunks_oversized_n;
++chunk **co = _oversized;
++while (*co && sz < (*co)->mem->size) co = &(*co)->next;
++c->next = *co;
++*co = c;
++}
++else
++chunk_free(c);
++}
++
++static buffer * chunk_buffer_acquire_sz(size_t sz) {
+ chunk *c;
+ buffer *b;
+-if (chunks) {
+-c = chunks;
+-chunks = c->next;
++if (sz <= chunk_buf_sz) {
++if (chunks) {
++c = chunks;
++chunks = c->next;
++}
++else
++c = chunk_init(chunk_buf_sz);
++/* future: might choose to pop from chunks_oversized, if available
++ * (even if larger than sz) rather than allocating new chunk
++ * (and if doing so, might replace chunks_oversized_n) */
+ }
+ else {
+-c = chunk_init(chunk_buf_sz);
++/*(round up to nearest chunk_buf_sz)*/
++sz = (sz + (chunk_buf_sz-1)) & ~(chunk_buf_sz-1);
++c = chunk_pop_oversized(sz);
++if (NULL == c)
++c = chunk_init(sz);
+ }
+ c->next = chunk_buffers;
+ chunk_buffers = c;
+@@ -137,21 +175,47 @@ buffer * chunk_buffer_acquire(void) {
+ return b;
+ }
+
++buffer * chunk_buffer_acquire(void) {
++return chunk_buffer_acquire_sz(chunk_buf_sz);
++}
++
+ void chunk_buffer_release(buffer *b) {
+ if (NULL == b) 

[OE-core] [V2][Hardknott][PATCH] nettle: update 3.7.2 -> 3.7.3

[Changqing Li]

From: Alexander Kanavin 

Security fix for CVE-2021-3580.

Here is NEWS for 3.7.3:
NEWS for the Nettle 3.7.3 release

This is bugfix release, fixing bugs that could make the RSA
decryption functions crash on invalid inputs.

Upgrading to the new version is strongly recommended. For
applications that want to support older versions of Nettle,
the bug can be worked around by adding a check that the RSA
ciphertext is in the range 0 < ciphertext < n, before
attempting to decrypt it.

Thanks to Paul Schaub and Justus Winter for reporting these
problems.

The new version is intended to be fully source and binary
compatible with Nettle-3.6. The shared library names are
libnettle.so.8.4 and libhogweed.so.6.4, with sonames
libnettle.so.8 and libhogweed.so.6.

Bug fixes:

* Fix crash for zero input to rsa_sec_decrypt and
  rsa_decrypt_tr. Potential denial of service vector.

* Ensure that all of rsa_decrypt_tr and rsa_sec_decrypt return
  failure for out of range inputs, instead of either crashing,
  or silently reducing input modulo n. Potential denial of
  service vector.

* Ensure that rsa_decrypt returns failure for out of range
  inputs, instead of silently reducing input modulo n.

* Ensure that rsa_sec_decrypt returns failure if the message
  size is too large for the given key. Unlike the other bugs,
  this would typically be triggered by invalid local
  configuration, rather than by processing untrusted remote
  data.

(From OE-Core rev: 219c89310264f99c2c43bb80e437a8a1e8e3217a)

Signed-off-by: Alexander Kanavin 
Signed-off-by: Richard Purdie 
Signed-off-by: Changqing Li 
---
 .../recipes-support/nettle/{nettle_3.7.2.bb => nettle_3.7.3.bb} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-support/nettle/{nettle_3.7.2.bb => nettle_3.7.3.bb} (96%)

diff --git a/meta/recipes-support/nettle/nettle_3.7.2.bb 
b/meta/recipes-support/nettle/nettle_3.7.3.bb
similarity index 96%
rename from meta/recipes-support/nettle/nettle_3.7.2.bb
rename to meta/recipes-support/nettle/nettle_3.7.3.bb
index f8f3360086..031500d741 100644
--- a/meta/recipes-support/nettle/nettle_3.7.2.bb
+++ b/meta/recipes-support/nettle/nettle_3.7.3.bb
@@ -24,7 +24,7 @@ SRC_URI_append_class-target = "\
 file://dlopen-test.patch \
 "
 
-SRC_URI[sha256sum] = 
"8d2a604ef1cde4cd5fb77e422531ea25ad064679ff0adf956e78b3352e0ef162"
+SRC_URI[sha256sum] = 
"661f5eb03f048a3b924c3a8ad2515d4068e40f67e774e8a26827658007e3bcf0"
 
 UPSTREAM_CHECK_REGEX = "nettle-(?P\d+(\.\d+)+)\.tar"
 
-- 
2.17.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#154603): 
https://lists.openembedded.org/g/openembedded-core/message/154603
Mute This Topic: https://lists.openembedded.org/mt/84763442/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [poky][master][PATCH] test_buildhistory: Add test to verify that LICENSE is added

[sana kazi]

Hi,

Could you please review below patch?

Regards,
Sana Kazi

On Mon, 26 Jul 2021 at 09:16, Sana Kazi  wrote:

> From: Sana Kazi 
>
> Added test case which uses BUILDHISTORY_EXPORT_RECIPE_VARIABLES
> and BUILDHISTORY_EXPORT_PACKAGE_VARIABLES to add LICENSE for glibc as a
> sample recipe to buildhistory and the test verifies that expected
> license value is written in latest file.
>
> Signed-off-by: Sana Kazi 
> ---
>  .../recipes-test/glibc/glibc_%.bbappend   |  2 +
>  .../oeqa/selftest/cases/test_buildhistory.py  | 48 +++
>  2 files changed, 50 insertions(+)
>  create mode 100644 meta-selftest/recipes-test/glibc/glibc_%.bbappend
>  create mode 100644 meta/lib/oeqa/selftest/cases/test_buildhistory.py
>
> diff --git a/meta-selftest/recipes-test/glibc/glibc_%.bbappend
> b/meta-selftest/recipes-test/glibc/glibc_%.bbappend
> new file mode 100644
> index 00..205720982c
> --- /dev/null
> +++ b/meta-selftest/recipes-test/glibc/glibc_%.bbappend
> @@ -0,0 +1,2 @@
> +# This bbappend is used to alter the recipe using the test_recipe.inc
> file created by tests.
> +include test_recipe.inc
> diff --git a/meta/lib/oeqa/selftest/cases/test_buildhistory.py
> b/meta/lib/oeqa/selftest/cases/test_buildhistory.py
> new file mode 100644
> index 00..2f1bd54599
> --- /dev/null
> +++ b/meta/lib/oeqa/selftest/cases/test_buildhistory.py
> @@ -0,0 +1,48 @@
> +import unittest
> +from oeqa.selftest.case import OESelftestTestCase
> +from oeqa.selftest.cases.buildhistory import BuildhistoryBase
> +from oeqa.utils.commands import bitbake, get_bb_var
> +
> +class BuildhistoryTests(BuildhistoryBase):
> +
> +def test_write_license_to_latest_recipe(self):
> +target = 'glibc'
> +recipe_variables = []
> +self.write_recipeinc(target,
> 'BUILDHISTORY_EXPORT_RECIPE_VARIABLES += \"LICENSE\"')
> +self.run_buildhistory_operation(target)
> +add_buildhistory_config = 'PACKAGE_CLASSES = \"package_ipk\"'
> +self.append_config(add_buildhistory_config)
> +pkghistdir = get_bb_var('BUILDHISTORY_DIR')
> +PACKAGE_ARCH = get_bb_var('MULTIMACH_TARGET_SYS')
> +bitbake('-c package_write_ipk -f %s' % target)
> +infofile = "{}/packages/{}/{}/latest".format(pkghistdir,
> PACKAGE_ARCH, target)
> +expected = "LICENSE = GPLv2 & LGPLv2.1"
> +result = False
> +with open(infofile, "r") as f:
> +for line in f:
> +if line.strip() == expected:
> +result = True
> +break
> +if not result:
> +raise AssertionError("Expected License not found")
> +
> +def test_write_license_to_latest_package(self):
> +target = 'glibc'
> +recipe_variables = []
> +self.write_recipeinc(target,
> 'BUILDHISTORY_EXPORT_PACKAGE_VARIABLES += \"LICENSE\"')
> +self.run_buildhistory_operation(target)
> +add_buildhistory_config = 'PACKAGE_CLASSES = \"package_ipk\"'
> +self.append_config(add_buildhistory_config)
> +bitbake('-c package_write_ipk -f %s' % target)
> +pkghistdir = get_bb_var('BUILDHISTORY_DIR')
> +PACKAGE_ARCH = get_bb_var('MULTIMACH_TARGET_SYS')
> +infofile = "{}/packages/{}/{}/{}-dbg/latest".format(pkghistdir,
> PACKAGE_ARCH, target, target)
> +expected = "LICENSE = GPLv2 & LGPLv2.1"
> +result = False
> +with open(infofile, "r") as f:
> +for line in f:
> +if line.strip() == expected:
> +result = True
> +break
> +if not result:
> +raise AssertionError("Expected License not found")
> --
> 2.17.1
>
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#154602): 
https://lists.openembedded.org/g/openembedded-core/message/154602
Mute This Topic: https://lists.openembedded.org/mt/84451836/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [poky][master][PATCH] buildhistory.bbclass: Enable exporting more recipe and package data

[sana kazi]

Hi,

Could you please review the patch for master branch to enable exporting
more recipe and package data?

Regards,
Sana Kazi

On Mon, 26 Jul 2021 at 09:15, Sana Kazi  wrote:

> From: Sana Kazi 
>
> Used BUILDHISTORY_EXPORT_RECIPE_VARIABLES and
> BUILDHISTORY_EXPORT_PACKAGE_VARIABLES to export recipe and package
> data to the latest file of buildhistory and sorted it alphabetically.
>
> This makes extending data in buildhistory git tree simple and avoids
> patches to it for users who care about things like SRC_URI and like
> to track it in buildhistory git tree.
>
> Now we can add additional information as per our requirement to the
> buildhistory like LICENSE, SRC_URI AND MAINTAINER to the buildhistory
> by appending them in a recipe or distro specific conf file as follows:
>
> BUILDHISTORY_EXPORT_RECIPE_VARIABLES += "MAINTAINER"
> BUILDHISTORY_EXPORT_PACKAGE_VARIABLES += "MAINTAINER"
>
> Signed-off-by: Sana Kazi 
> ---
>  meta-poky/conf/distro/poky.conf   |   3 +
>  meta/classes/buildhistory.bbclass | 107 +++---
>  2 files changed, 71 insertions(+), 39 deletions(-)
>
> diff --git a/meta-poky/conf/distro/poky.conf
> b/meta-poky/conf/distro/poky.conf
> index 522cc92f74..2280e95569 100644
> --- a/meta-poky/conf/distro/poky.conf
> +++ b/meta-poky/conf/distro/poky.conf
> @@ -76,3 +76,6 @@ INHERIT += "reproducible_build"
>
>  BB_SIGNATURE_HANDLER ?= "OEEquivHash"
>  BB_HASHSERVE ??= "auto"
> +
> +BUILDHISTORY_EXPORT_RECIPE_VARIABLES ?= "PR PV PE LAYER DEPENDS PACKAGES
> LICENSE SRC_URI CONFIG"
> +BUILDHISTORY_EXPORT_PACKAGE_VARIABLES ?= "PE PV PR PKG PKGE PKGV PKGR
> RPROVIDES RDEPENDS RRECOMMENDS RSUGGESTS RREPLACES RCONFLICTS PKGSIZE FILES
> FILELIST"
> diff --git a/meta/classes/buildhistory.bbclass
> b/meta/classes/buildhistory.bbclass
> index 55b12d7893..9b1542643e 100644
> --- a/meta/classes/buildhistory.bbclass
> +++ b/meta/classes/buildhistory.bbclass
> @@ -220,7 +220,6 @@ python buildhistory_emit_pkghistory() {
>  pv = d.getVar('PV')
>  pr = d.getVar('PR')
>  layer = bb.utils.get_file_layer(d.getVar('FILE'), d)
> -license = d.getVar('LICENSE')
>
>  pkgdata_dir = d.getVar('PKGDATA_DIR')
>  packages = ""
> @@ -258,12 +257,11 @@ python buildhistory_emit_pkghistory() {
>  rcpinfo.pe = pe
>  rcpinfo.pv = pv
>  rcpinfo.pr = pr
> -rcpinfo.depends = sortlist(oe.utils.squashspaces(d.getVar('DEPENDS')
> or ""))
>  rcpinfo.packages = packages
>  rcpinfo.layer = layer
> -rcpinfo.license = license
>  rcpinfo.config =
> sortlist(oe.utils.squashspaces(d.getVar('PACKAGECONFIG') or ""))
> -rcpinfo.src_uri = oe.utils.squashspaces(d.getVar('SRC_URI') or "")
> +export_recipe_variables =
> d.getVar('BUILDHISTORY_EXPORT_RECIPE_VARIABLES') or ''
> +rcpinfo.export_recipe_variables = export_recipe_variables
>  write_recipehistory(rcpinfo, d)
>
>  bb.build.exec_func("read_subpackage_metadata", d)
> @@ -317,6 +315,9 @@ python buildhistory_emit_pkghistory() {
>
>  pkginfo.size = int(localdata.getVar('PKGSIZE') or '0')
>
> +export_package_variables =
> d.getVar('BUILDHISTORY_EXPORT_PACKAGE_VARIABLES') or ''
> +pkginfo.export_package_variables = export_package_variables
> +
>  write_pkghistory(pkginfo, d)
>
>  # Create files-in-.txt files containing a list of files
> of each recipe's package
> @@ -365,17 +366,22 @@ def write_recipehistory(rcpinfo, d):
>  pkghistdir = d.getVar('BUILDHISTORY_DIR_PACKAGE')
>
>  infofile = os.path.join(pkghistdir, "latest")
> +export_recipe_variables = set(rcpinfo.export_recipe_variables.split())
> +ret = []
>  with open(infofile, "w") as f:
> -if rcpinfo.pe != "0":
> -f.write(u"PE = %s\n" %  rcpinfo.pe)
> -f.write(u"PV = %s\n" %  rcpinfo.pv)
> -f.write(u"PR = %s\n" %  rcpinfo.pr)
> -f.write(u"DEPENDS = %s\n" %  rcpinfo.depends)
> -f.write(u"PACKAGES = %s\n" %  rcpinfo.packages)
> -f.write(u"LAYER = %s\n" %  rcpinfo.layer)
> -f.write(u"LICENSE = %s\n" %  rcpinfo.license)
> -f.write(u"CONFIG = %s\n" %  rcpinfo.config)
> -f.write(u"SRC_URI = %s\n" %  rcpinfo.src_uri)
> +for var in export_recipe_variables:
> +if var == "PE":
> +if rcpinfo.pe != "0":
> +ret.append("%s = %s" % (var, rcpinfo.pe))
> +elif var == "LAYER":
> +ret.append("%s = %s" % (var, rcpinfo.layer))
> +elif var == "CONFIG":
> +ret.append("%s = %s" % (var, rcpinfo.config))
> +else:
> +ret.append("%s = %s" % (var,"
> ".join((str(d.getVar(var)).split()
> +ret.sort()
> +for element in ret:
> +f.write(element + "\n")
>
>  write_latest_srcrev(d, pkghistdir)
>
> @@ -389,32 +395,55 @@ def write_pkghistory(pkginfo, d):
>  bb.utils.mkdirhier(pkgpath)
>
>  infofile = os.path.join(pkgpath, "latest")
> +export_package_variables 

Re: [OE-core] [PATCH] libconvert-asn1-perl: 0.27 -> 0.31

[Changqing Li]

ping

On 8/2/21 9:41 AM, Changqing Li wrote:

From: Changqing Li 

Signed-off-by: Changqing Li 
---
  ...ert-asn1-perl_0.27.bb => libconvert-asn1-perl_0.31.bb} | 8 
  1 file changed, 4 insertions(+), 4 deletions(-)
  rename meta/recipes-extended/perl/{libconvert-asn1-perl_0.27.bb => 
libconvert-asn1-perl_0.31.bb} (71%)

diff --git a/meta/recipes-extended/perl/libconvert-asn1-perl_0.27.bb 
b/meta/recipes-extended/perl/libconvert-asn1-perl_0.31.bb
similarity index 71%
rename from meta/recipes-extended/perl/libconvert-asn1-perl_0.27.bb
rename to meta/recipes-extended/perl/libconvert-asn1-perl_0.31.bb
index 409a8f3896..2548878a2e 100644
--- a/meta/recipes-extended/perl/libconvert-asn1-perl_0.27.bb
+++ b/meta/recipes-extended/perl/libconvert-asn1-perl_0.31.bb
@@ -1,14 +1,14 @@
  SUMMARY = "Convert::ASN1 - Perl ASN.1 Encode/Decode library"
  SECTION = "libs"
-HOMEPAGE = "https://metacpan.org/source/GBARR/Convert-ASN1-0.27;
+HOMEPAGE = "http://search.cpan.org/dist/Convert-ASN1/;
  DESCRIPTION = "Convert::ASN1 is a perl library for encoding/decoding data using 
ASN.1 definitions."
  LICENSE = "Artistic-1.0 | GPL-1.0+"
  LIC_FILES_CHKSUM = 
"file://README.md;beginline=91;endline=97;md5=ceff7fd286eb6d8e8e0d3d23e096a63f"
  
-SRC_URI = "http://search.cpan.org/CPAN/authors/id/G/GB/GBARR/Convert-ASN1-${PV}.tar.gz;

+SRC_URI = 
"https://cpan.metacpan.org/authors/id/T/TI/TIMLEGGE/Convert-ASN1-${PV}.tar.gz;
  
-SRC_URI[md5sum] = "68723e96be0b258a9e20480276e8a62c"

-SRC_URI[sha256sum] = 
"74a4a78ae0c5e973100ac0a8f203a110f76fb047b79dae4fc1fd7d6814d3d58a"
+SRC_URI[md5sum] = "1e12b263a5042804bb1c59ddce899876"
+SRC_URI[sha256sum] = 
"6fe4c1ba744c3a8212bf2c9b2703d93530acc153435cf2f93633540b439fbbeb"
  
  S = "${WORKDIR}/Convert-ASN1-${PV}"
  





-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#154600): 
https://lists.openembedded.org/g/openembedded-core/message/154600
Mute This Topic: https://lists.openembedded.org/mt/84602829/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-