[OE-core] OpenEmbedded Happy Hour September 29 during ELC hours and after

[Denys Dmytriyenko]

Oops, sorry, updated the subject to the correct date.


On Fri, Sep 24, 2021 at 06:19:10PM -0400, Denys Dmytriyenko wrote:
> All,
> 
> As you are aware, next week is LF Embedded Linux Conference, which coincides 
> with our OE Happy Hour. The Board has decided to extend the Happy Hour for 
> the 
> entire duration of Wednesday ELC sessions for people to come and go 
> throughout 
> the day and meet during breaks or for the entire hallway sessions. Hope to 
> see 
> you there!
> 
> https://www.openembedded.org/wiki/Happy_Hours

-- 
Regards,
Denys Dmytriyenko 
PGP: 0x420902729A92C964 - https://denix.org/0x420902729A92C964
Fingerprint: 25FC E4A5 8A72 2F69 1186  6D76 4209 0272 9A92 C964

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#156340): 
https://lists.openembedded.org/g/openembedded-core/message/156340
Mute This Topic: https://lists.openembedded.org/mt/85850524/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] OpenEmbedded Happy Hour August 25 9pm/2100 UTC

[Denys Dmytriyenko]

All,

As you are aware, next week is LF Embedded Linux Conference, which coincides 
with our OE Happy Hour. The Board has decided to extend the Happy Hour for the 
entire duration of Wednesday ELC sessions for people to come and go throughout 
the day and meet during breaks or for the entire hallway sessions. Hope to see 
you there!

https://www.openembedded.org/wiki/Happy_Hours

-- 
Regards,
Denys Dmytriyenko 
PGP: 0x420902729A92C964 - https://denix.org/0x420902729A92C964
Fingerprint: 25FC E4A5 8A72 2F69 1186  6D76 4209 0272 9A92 C964

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#156339): 
https://lists.openembedded.org/g/openembedded-core/message/156339
Mute This Topic: https://lists.openembedded.org/mt/85850489/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [RFC PATCH 10/14] package_ipk/deb/rpm: Drop recursive do_build task dependencies

[Khem Raj]

On 9/24/21 12:58 AM, Martin Jansa wrote:
On Fri, Sep 24, 2021 at 6:51 AM Khem Raj > wrote:


this is quite encouraging, dont go by number of lines of change :)
btw. did you also try with other change which reduces native
dependencies,

I've tried layer.conf change in our builds and it causes _a lot_ of 
pkgconfig issues, but in most cases they are easy to spot in failed task 
log and easy to fix. With ~ 100 fixed recipes I can build the images 
again :). I've already merged bunch of these fixes in various layers and 
queued it for others. I've seen a lot of these fixes for meta-oe layers 
from Khem as well, so I think it's also getting ready. But possibly less 
impressive improvement and more fixes still needed for other external 
layers. Maybe we could add pkgconfig inherit in e.g. cmake.bbclass, that 
would at least in my case eliminate maybe 90% cases where I needed to 
add pkgconfig inherit (because native pkgconfig is called from CMake's 
FindPkgConfig).


meta-openembedded layers are now fixed for the pkgcconfig issues. So we 
should be in a sightly better shape

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#156338): 
https://lists.openembedded.org/g/openembedded-core/message/156338
Mute This Topic: https://lists.openembedded.org/mt/85739581/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] user/group XXX does not exist, using root with RPM/DNF packaging in Hardknott and Honister

[Mark Hatle]

On 9/24/21 9:02 AM, Zoltan Boszormenyi via lists.openembedded.org wrote:
> Hi,
> 
> I have a special package that creates users and groups
> via inherit useradd. This package doesn't depend on any
> others but it is depended on, both via DEPENDS and RDEPENDS
> by packages using those users/groups in their do_install
> scripts.
> 
> This works for packaging becase these ownerships
> are encoded in the packages, confirmed by rpm -qp --dump ...

Does it show the useradd in the _PREINSTALL_ (you can use --scriptlets in the
rpm -qp)?

> However, during do_rootfs, a couple of
> "user/group XXX does not exist, using root"
> messages appear for the packages depending on others
> creating these users/groups.

Do the using packages contain RDEPENDS on the package that adds the user/group
to the system?

> log.do_rootfs shows that the package installation ordering
> does not follow RDEPENDS. Instead, it's practically an
> alphabetical order when running dnf.
> 
> This doesn't just involve my custom packages, but also clamav
> plus another one in which I ship a small limited set of
> virus signatures, also chown'd to clamav and with RDEPENDS
> on clamav.
> 
> What is the correct solution to this?

Typically the combination of the pre-install scriptlet, along with RDEPENDS will
ensure that the user has been added before the install completes.

--Mark

> Thanks in advance,
> Zoltán Böszörményi
> 
> 
> 
> 
> 

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#156337): 
https://lists.openembedded.org/g/openembedded-core/message/156337
Mute This Topic: https://lists.openembedded.org/mt/85839631/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] user/group XXX does not exist, using root with RPM/DNF packaging in Hardknott and Honister

[Khem Raj]

On Fri, Sep 24, 2021 at 9:36 AM Böszörményi Zoltán  wrote:
>
> On 2021. 09. 24. 18:22, Khem Raj wrote:
> >
> >
> > On 9/24/21 7:02 AM, Böszörményi Zoltán wrote:
> >> Hi,
> >>
> >> I have a special package that creates users and groups
> >> via inherit useradd. This package doesn't depend on any
> >> others but it is depended on, both via DEPENDS and RDEPENDS
> >> by packages using those users/groups in their do_install
> >> scripts.
> >>
> >> This works for packaging becase these ownerships
> >> are encoded in the packages, confirmed by rpm -qp --dump ...
> >>
> >> However, during do_rootfs, a couple of
> >> "user/group XXX does not exist, using root"
> >> messages appear for the packages depending on others
> >> creating these users/groups.
> >>
> >> log.do_rootfs shows that the package installation ordering
> >> does not follow RDEPENDS. Instead, it's practically an
> >> alphabetical order when running dnf.
> >>
> >> This doesn't just involve my custom packages, but also clamav
> >> plus another one in which I ship a small limited set of
> >> virus signatures, also chown'd to clamav and with RDEPENDS
> >> on clamav.
> >>
> >> What is the correct solution to this?
> >
> > You can define it via conf metadata e.g.
> >
> > INHERIT += "extrausers"
> >
> >
> > EXTRA_USERS_PARAMS += "\
> >  useradd foo; \
> >  usermod -p '' foo; \
> >  usermod -a -G adm foo; \
> >  usermod -a -G video foo; \
> >  usermod -a -G audio foo; \
> >  usermod -a -G systemd-journal foo; \
> > "
>
> Thanks, I will try it.
> You mean local.conf or layer.conf?

local.conf or site.conf or your distro conf anyone is ok
>
> >
> >
> >>
> >> Thanks in advance,
> >> Zoltán Böszörményi
> >
> >
> > 
> >
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#156336): 
https://lists.openembedded.org/g/openembedded-core/message/156336
Mute This Topic: https://lists.openembedded.org/mt/85839631/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] user/group XXX does not exist, using root with RPM/DNF packaging in Hardknott and Honister

[Zoltan Boszormenyi via lists.openembedded.org]

On 2021. 09. 24. 18:22, Khem Raj wrote:



On 9/24/21 7:02 AM, Böszörményi Zoltán wrote:

Hi,

I have a special package that creates users and groups
via inherit useradd. This package doesn't depend on any
others but it is depended on, both via DEPENDS and RDEPENDS
by packages using those users/groups in their do_install
scripts.

This works for packaging becase these ownerships
are encoded in the packages, confirmed by rpm -qp --dump ...

However, during do_rootfs, a couple of
"user/group XXX does not exist, using root"
messages appear for the packages depending on others
creating these users/groups.

log.do_rootfs shows that the package installation ordering
does not follow RDEPENDS. Instead, it's practically an
alphabetical order when running dnf.

This doesn't just involve my custom packages, but also clamav
plus another one in which I ship a small limited set of
virus signatures, also chown'd to clamav and with RDEPENDS
on clamav.

What is the correct solution to this?


You can define it via conf metadata e.g.

INHERIT += "extrausers"


EXTRA_USERS_PARAMS += "\
     useradd foo; \
     usermod -p '' foo; \
     usermod -a -G adm foo; \
     usermod -a -G video foo; \
     usermod -a -G audio foo; \
     usermod -a -G systemd-journal foo; \
"


Thanks, I will try it.
You mean local.conf or layer.conf?






Thanks in advance,
Zoltán Böszörményi








-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#156335): 
https://lists.openembedded.org/g/openembedded-core/message/156335
Mute This Topic: https://lists.openembedded.org/mt/85839631/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] user/group XXX does not exist, using root with RPM/DNF packaging in Hardknott and Honister

[Khem Raj]

On 9/24/21 7:02 AM, Böszörményi Zoltán wrote:

Hi,

I have a special package that creates users and groups
via inherit useradd. This package doesn't depend on any
others but it is depended on, both via DEPENDS and RDEPENDS
by packages using those users/groups in their do_install
scripts.

This works for packaging becase these ownerships
are encoded in the packages, confirmed by rpm -qp --dump ...

However, during do_rootfs, a couple of
"user/group XXX does not exist, using root"
messages appear for the packages depending on others
creating these users/groups.

log.do_rootfs shows that the package installation ordering
does not follow RDEPENDS. Instead, it's practically an
alphabetical order when running dnf.

This doesn't just involve my custom packages, but also clamav
plus another one in which I ship a small limited set of
virus signatures, also chown'd to clamav and with RDEPENDS
on clamav.

What is the correct solution to this?


You can define it via conf metadata e.g.

INHERIT += "extrausers"


EXTRA_USERS_PARAMS += "\
useradd foo; \
usermod -p '' foo; \
usermod -a -G adm foo; \
usermod -a -G video foo; \
usermod -a -G audio foo; \
usermod -a -G systemd-journal foo; \
"




Thanks in advance,
Zoltán Böszörményi

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#156334): 
https://lists.openembedded.org/g/openembedded-core/message/156334
Mute This Topic: https://lists.openembedded.org/mt/85839631/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH] libsamplerate0: Set correct soname for 0.1.9

[Khem Raj]

On 9/24/21 5:47 AM, Tom Pollard wrote:

Manually patch SHARED_VERSION_INFO, which was missed in
the 0.1.9 release and later incorrectly fixed until 0.2.1

Signed-off-by: Tom Pollard 
---
  .../libsamplerate0/shared_version_info.patch| 13 +
  .../libsamplerate/libsamplerate0_0.1.9.bb   |  1 +
  2 files changed, 14 insertions(+)
  create mode 100644 
meta/recipes-multimedia/libsamplerate/libsamplerate0/shared_version_info.patch

diff --git 
a/meta/recipes-multimedia/libsamplerate/libsamplerate0/shared_version_info.patch
 
b/meta/recipes-multimedia/libsamplerate/libsamplerate0/shared_version_info.patch
new file mode 100644
index 00..b42d564b4b
--- /dev/null
+++ 
b/meta/recipes-multimedia/libsamplerate/libsamplerate0/shared_version_info.patch
@@ -0,0 +1,13 @@
+Index: libsamplerate-0.1.8/configure.ac
+===
+--- libsamplerate-0.1.8.orig/configure.ac
 libsamplerate-0.1.8/configure.ac
+@@ -53,7 +53,7 @@ AC_PROG_LN_S
+ #  6. If any interfaces have been removed since the last public release, then 
set age
+ # to 0.
+
+-SHARED_VERSION_INFO="1:8:1"
++SHARED_VERSION_INFO="1:9:1"
+


it can be synthesized from PV, that will be better, since we dont have 
to change it manually everytime version upgrade is done.



+
+
diff --git a/meta/recipes-multimedia/libsamplerate/libsamplerate0_0.1.9.bb 
b/meta/recipes-multimedia/libsamplerate/libsamplerate0_0.1.9.bb
index 6dfc42b436..8345d6880f 100644
--- a/meta/recipes-multimedia/libsamplerate/libsamplerate0_0.1.9.bb
+++ b/meta/recipes-multimedia/libsamplerate/libsamplerate0_0.1.9.bb
@@ -10,6 +10,7 @@ PR = "r1"
  
  SRC_URI = "http://www.mega-nerd.com/SRC/libsamplerate-${PV}.tar.gz \

 file://0001-configure.ac-improve-alsa-handling.patch \
+   file://shared_version_info.patch \
  "
  
  SRC_URI[md5sum] = "2b78ae9fe63b36b9fbb6267fad93f259"







-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#156333): 
https://lists.openembedded.org/g/openembedded-core/message/156333
Mute This Topic: https://lists.openembedded.org/mt/85838060/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH] bzip2: Update soname for libbz2 1.0.8

[Khem Raj]

On 9/24/21 4:33 AM, Tom Pollard wrote:

Set shared library name as libbz2.so.1.0.8, version in configure.ac
already synced via do_configure PV substitution.

Signed-off-by: Tom Pollard 
---
  meta/recipes-extended/bzip2/bzip2/Makefile.am | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-extended/bzip2/bzip2/Makefile.am 
b/meta/recipes-extended/bzip2/bzip2/Makefile.am
index 7338df03eb..d12d3a45e4 100644
--- a/meta/recipes-extended/bzip2/bzip2/Makefile.am
+++ b/meta/recipes-extended/bzip2/bzip2/Makefile.am
@@ -1,6 +1,6 @@
  
  lib_LTLIBRARIES = libbz2.la

-libbz2_la_LDFLAGS = -version-info 1:6:0
+libbz2_la_LDFLAGS = -version-info 1:8:0
  


this will need attention everytime upgrade is done and we might forget 
it again, perhaps inserting it via do_configure_prepend might work out 
better.



  libbz2_la_SOURCES = blocksort.c  \
  huffman.c\






-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#156332): 
https://lists.openembedded.org/g/openembedded-core/message/156332
Mute This Topic: https://lists.openembedded.org/mt/85836699/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH V2] archiver: Configurable tarball compression

[Khem Raj]

On 9/20/21 3:25 AM, Ian Ray wrote:

In order to be more efficient, we use xz as compression method
to create GPL sources archives.

Signed-off-by: Fabien Lahoudere 
[V1 was https://patchwork.openembedded.org/patch/155985/]
[Rebased]


xz has its own mind when it comes to parallel threads, how do we control 
that here? Does it use the global setting to control the number of xz 
threads ?



Signed-off-by: Ian Ray 
---
  meta/classes/archiver.bbclass | 8 +---
  1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/meta/classes/archiver.bbclass b/meta/classes/archiver.bbclass
index dd31dc0..411d459 100644
--- a/meta/classes/archiver.bbclass
+++ b/meta/classes/archiver.bbclass
@@ -51,6 +51,7 @@ ARCHIVER_MODE[diff-exclude] ?= ".pc autom4te.cache patches"
  ARCHIVER_MODE[dumpdata] ?= "0"
  ARCHIVER_MODE[recipe] ?= "0"
  ARCHIVER_MODE[mirror] ?= "split"
+ARCHIVER_MODE[compression] ?= "gz"
  
  DEPLOY_DIR_SRC ?= "${DEPLOY_DIR}/sources"

  ARCHIVER_TOPDIR ?= "${WORKDIR}/archiver-sources"
@@ -409,15 +410,16 @@ def create_tarball(d, srcdir, suffix, ar_outdir):
  # that we archive the actual directory and not just the link.
  srcdir = os.path.realpath(srcdir)
  
+compression_method = d.getVarFlag('ARCHIVER_MODE', 'compression')

  bb.utils.mkdirhier(ar_outdir)
  if suffix:
-filename = '%s-%s.tar.gz' % (d.getVar('PF'), suffix)
+filename = '%s-%s.tar.%s' % (d.getVar('PF'), suffix, 
compression_method)
  else:
-filename = '%s.tar.gz' % d.getVar('PF')
+filename = '%s.tar.%s' % (d.getVar('PF'), compression_method)
  tarname = os.path.join(ar_outdir, filename)
  
  bb.note('Creating %s' % tarname)

-tar = tarfile.open(tarname, 'w:gz')
+tar = tarfile.open(tarname, 'w:%s' % compression_method)
  tar.add(srcdir, arcname=os.path.basename(srcdir), 
filter=exclude_useless_paths)
  tar.close()
  







-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#156331): 
https://lists.openembedded.org/g/openembedded-core/message/156331
Mute This Topic: https://lists.openembedded.org/mt/85841980/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] curl: Update tls backend PACKAGECONFIG options

[Tom Pollard]

curl 7.77.0 made the tls backend configuration explicit. openssl
is now a specific option replacing the default `--with-ssl`, and
`--without-ssl` is required to build without any tls, overriding any
other tls config. Adding 'without-ssl` as a mutually exclusive
option against the existing tls options should prevent users
silently disabling other enabled tls backends.

https://curl.se/changes.html#7_77_0

Signed-off-by: Tom Pollard 
---
 meta/recipes-support/curl/curl_7.78.0.bb | 16 +---
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/meta/recipes-support/curl/curl_7.78.0.bb 
b/meta/recipes-support/curl/curl_7.78.0.bb
index dece0babb2..315755c9b1 100644
--- a/meta/recipes-support/curl/curl_7.78.0.bb
+++ b/meta/recipes-support/curl/curl_7.78.0.bb
@@ -20,16 +20,17 @@ CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl 
curl:libcurl libcurl:libcurl dan
 
 inherit autotools pkgconfig binconfig multilib_header
 
-PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} ssl 
libidn proxy threaded-resolver verbose zlib"
-PACKAGECONFIG:class-native = "ipv6 proxy ssl threaded-resolver verbose zlib"
-PACKAGECONFIG:class-nativesdk = "ipv6 proxy ssl threaded-resolver verbose zlib"
+PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} openssl 
libidn proxy threaded-resolver verbose zlib"
+PACKAGECONFIG:class-native = "ipv6 proxy openssl threaded-resolver verbose 
zlib"
+PACKAGECONFIG:class-nativesdk = "ipv6 proxy openssl threaded-resolver verbose 
zlib"
 
 # 'ares' and 'threaded-resolver' are mutually exclusive
+# 'without-ssl' explicitly disables tls, silently overriding other tls config 
and is required if no backend(s) are configured
 PACKAGECONFIG[ares] = "--enable-ares,--disable-ares,c-ares,,,threaded-resolver"
 PACKAGECONFIG[brotli] = "--with-brotli,--without-brotli,brotli"
 PACKAGECONFIG[builtinmanual] = "--enable-manual,--disable-manual"
 PACKAGECONFIG[dict] = "--enable-dict,--disable-dict,"
-PACKAGECONFIG[gnutls] = "--with-gnutls,--without-gnutls,gnutls"
+PACKAGECONFIG[gnutls] = "--with-gnutls,--without-gnutls,gnutls,,,without-ssl"
 PACKAGECONFIG[gopher] = "--enable-gopher,--disable-gopher,"
 PACKAGECONFIG[imap] = "--enable-imap,--disable-imap,"
 PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
@@ -39,7 +40,7 @@ PACKAGECONFIG[ldaps] = "--enable-ldaps,--disable-ldaps,"
 PACKAGECONFIG[libgsasl] = "--with-libgsasl,--without-libgsasl,libgsasl"
 PACKAGECONFIG[libidn] = "--with-libidn2,--without-libidn2,libidn2"
 PACKAGECONFIG[libssh2] = "--with-libssh2,--without-libssh2,libssh2"
-PACKAGECONFIG[mbedtls] = 
"--with-mbedtls=${STAGING_DIR_TARGET},--without-mbedtls,mbedtls"
+PACKAGECONFIG[mbedtls] = 
"--with-mbedtls=${STAGING_DIR_TARGET},--without-mbedtls,mbedtls,,,without-ssl"
 PACKAGECONFIG[mqtt] = "--enable-mqtt,--disable-mqtt,"
 PACKAGECONFIG[nghttp2] = "--with-nghttp2,--without-nghttp2,nghttp2"
 PACKAGECONFIG[pop3] = "--enable-pop3,--disable-pop3,"
@@ -48,12 +49,13 @@ PACKAGECONFIG[rtmpdump] = 
"--with-librtmp,--without-librtmp,rtmpdump"
 PACKAGECONFIG[rtsp] = "--enable-rtsp,--disable-rtsp,"
 PACKAGECONFIG[smb] = "--enable-smb,--disable-smb,"
 PACKAGECONFIG[smtp] = "--enable-smtp,--disable-smtp,"
-PACKAGECONFIG[ssl] = "--with-ssl 
--with-random=/dev/urandom,--without-ssl,openssl"
-PACKAGECONFIG[nss] = "--with-nss,--without-nss,nss"
+PACKAGECONFIG[openssl] = "--with-openssl 
--with-random=/dev/urandom,,openssl,,,without-ssl"
+PACKAGECONFIG[nss] = "--with-nss,--without-nss,nss,,,without-ssl"
 PACKAGECONFIG[telnet] = "--enable-telnet,--disable-telnet,"
 PACKAGECONFIG[tftp] = "--enable-tftp,--disable-tftp,"
 PACKAGECONFIG[threaded-resolver] = 
"--enable-threaded-resolver,--disable-threaded-resolverares"
 PACKAGECONFIG[verbose] = "--enable-verbose,--disable-verbose"
+PACKAGECONFIG[without-ssl] = "--without-ssl,gnutls mbedtls openssl nss"
 PACKAGECONFIG[zlib] = "--with-zlib=${STAGING_LIBDIR}/../,--without-zlib,zlib"
 
 EXTRA_OECONF = " \
-- 
2.30.2


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#156330): 
https://lists.openembedded.org/g/openembedded-core/message/156330
Mute This Topic: https://lists.openembedded.org/mt/85842512/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH V2] archiver: Configurable tarball compression

[Ian Ray]

In order to be more efficient, we use xz as compression method
to create GPL sources archives.

Signed-off-by: Fabien Lahoudere 
[V1 was https://patchwork.openembedded.org/patch/155985/]
[Rebased]
Signed-off-by: Ian Ray 
---
 meta/classes/archiver.bbclass | 8 +---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/meta/classes/archiver.bbclass b/meta/classes/archiver.bbclass
index dd31dc0..411d459 100644
--- a/meta/classes/archiver.bbclass
+++ b/meta/classes/archiver.bbclass
@@ -51,6 +51,7 @@ ARCHIVER_MODE[diff-exclude] ?= ".pc autom4te.cache patches"
 ARCHIVER_MODE[dumpdata] ?= "0"
 ARCHIVER_MODE[recipe] ?= "0"
 ARCHIVER_MODE[mirror] ?= "split"
+ARCHIVER_MODE[compression] ?= "gz"
 
 DEPLOY_DIR_SRC ?= "${DEPLOY_DIR}/sources"
 ARCHIVER_TOPDIR ?= "${WORKDIR}/archiver-sources"
@@ -409,15 +410,16 @@ def create_tarball(d, srcdir, suffix, ar_outdir):
 # that we archive the actual directory and not just the link.
 srcdir = os.path.realpath(srcdir)
 
+compression_method = d.getVarFlag('ARCHIVER_MODE', 'compression')
 bb.utils.mkdirhier(ar_outdir)
 if suffix:
-filename = '%s-%s.tar.gz' % (d.getVar('PF'), suffix)
+filename = '%s-%s.tar.%s' % (d.getVar('PF'), suffix, 
compression_method)
 else:
-filename = '%s.tar.gz' % d.getVar('PF')
+filename = '%s.tar.%s' % (d.getVar('PF'), compression_method)
 tarname = os.path.join(ar_outdir, filename)
 
 bb.note('Creating %s' % tarname)
-tar = tarfile.open(tarname, 'w:gz')
+tar = tarfile.open(tarname, 'w:%s' % compression_method)
 tar.add(srcdir, arcname=os.path.basename(srcdir), 
filter=exclude_useless_paths)
 tar.close()
 
-- 
2.10.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#156329): 
https://lists.openembedded.org/g/openembedded-core/message/156329
Mute This Topic: https://lists.openembedded.org/mt/85841980/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 3/4] lttng-modules/dev-upstream: update to 2.13-latest

[Bruce Ashfield]

From: Bruce Ashfield 

To ensure we can build against 5.15, and to keep in sync with the
versioned recipe, we bump to the latest commit on the 2.13 release
branch.

Signed-off-by: Bruce Ashfield 
---
 meta/recipes-kernel/lttng/lttng-modules_2.13.0.bb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-kernel/lttng/lttng-modules_2.13.0.bb 
b/meta/recipes-kernel/lttng/lttng-modules_2.13.0.bb
index 82bdd38d36..6dfde8dcad 100644
--- a/meta/recipes-kernel/lttng/lttng-modules_2.13.0.bb
+++ b/meta/recipes-kernel/lttng/lttng-modules_2.13.0.bb
@@ -41,7 +41,7 @@ LIC_FILES_CHKSUM:class-devupstream = 
"file://LICENSE;md5=0464cff101a009c403cd2ed
 DEFAULT_PREFERENCE:class-devupstream = "-1"
 SRC_URI:class-devupstream = 
"git://git.lttng.org/lttng-modules;branch=stable-2.13"
 
-SRCREV:class-devupstream = "f982b51a98a29cb4aaf607cb9bbf2b509d8e6933"
-PV:class-devupstream = "2.13.0-rc2+git${SRCPV}"
+SRCREV:class-devupstream = "c570be0da77e963d77bac099d468bc0cd5f1bd63"
+PV:class-devupstream = "2.13.0+git${SRCPV}"
 S:class-devupstream = "${WORKDIR}/git"
 SRCREV_FORMAT ?= "lttng_git"
-- 
2.19.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#156327): 
https://lists.openembedded.org/g/openembedded-core/message/156327
Mute This Topic: https://lists.openembedded.org/mt/85841297/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 4/4] linux-yocto/5.13: drop recipes

[Bruce Ashfield]

From: Bruce Ashfield 

5.13 is EOL upstream, and we've moved to 5.14 for the release, so
we drop the versioned recipes. The kernel tree and branches will
stay available for use, but other layers must create recipes if
they wish to continue with 5.13.

Signed-off-by: Bruce Ashfield 
---
 .../linux/linux-yocto-rt_5.13.bb  | 45 
 .../linux/linux-yocto-tiny_5.13.bb| 32 -
 meta/recipes-kernel/linux/linux-yocto_5.13.bb | 68 ---
 3 files changed, 145 deletions(-)
 delete mode 100644 meta/recipes-kernel/linux/linux-yocto-rt_5.13.bb
 delete mode 100644 meta/recipes-kernel/linux/linux-yocto-tiny_5.13.bb
 delete mode 100644 meta/recipes-kernel/linux/linux-yocto_5.13.bb

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.13.bb 
b/meta/recipes-kernel/linux/linux-yocto-rt_5.13.bb
deleted file mode 100644
index 0b534c3fbc..00
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.13.bb
+++ /dev/null
@@ -1,45 +0,0 @@
-KBRANCH ?= "v5.13/standard/preempt-rt/base"
-
-require recipes-kernel/linux/linux-yocto.inc
-
-# Skip processing of this recipe if it is not explicitly specified as the
-# PREFERRED_PROVIDER for virtual/kernel. This avoids errors when trying
-# to build multiple virtual/kernel providers, e.g. as dependency of
-# core-image-rt-sdk, core-image-rt.
-python () {
-if d.getVar("KERNEL_PACKAGE_NAME") == "kernel" and 
d.getVar("PREFERRED_PROVIDER_virtual/kernel") != "linux-yocto-rt":
-raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to 
linux-yocto-rt to enable it")
-}
-
-SRCREV_machine ?= "eaf308f87d26c526da01d90bfb3581e2f40e32e7"
-SRCREV_meta ?= "c38435a3cacf424fa686ecac9a95ef8349b83bb3"
-
-SRC_URI = 
"git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
-   
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.13;destsuffix=${KMETA}"
-
-LINUX_VERSION ?= "5.13.15"
-
-LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-
-DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
-DEPENDS += "openssl-native util-linux-native"
-
-PV = "${LINUX_VERSION}+git${SRCPV}"
-
-KMETA = "kernel-meta"
-KCONF_BSP_AUDIT_LEVEL = "1"
-
-LINUX_KERNEL_TYPE = "preempt-rt"
-
-COMPATIBLE_MACHINE = 
"(qemux86|qemux86-64|qemuarm|qemuarmv5|qemuarm64|qemuppc|qemumips)"
-
-KERNEL_DEVICETREE:qemuarmv5 = "versatile-pb.dtb"
-
-# Functionality flags
-KERNEL_EXTRA_FEATURES ?= "features/netfilter/netfilter.scc 
features/taskstats/taskstats.scc"
-KERNEL_FEATURES:append = " ${KERNEL_EXTRA_FEATURES}"
-KERNEL_FEATURES:append:qemuall=" cfg/virtio.scc 
features/drm-bochs/drm-bochs.scc"
-KERNEL_FEATURES:append:qemux86=" cfg/sound.scc cfg/paravirt_kvm.scc"
-KERNEL_FEATURES:append:qemux86-64=" cfg/sound.scc cfg/paravirt_kvm.scc"
-KERNEL_FEATURES:append = "${@bb.utils.contains("DISTRO_FEATURES", "ptest", " 
features/scsi/scsi-debug.scc", "", d)}"
-KERNEL_FEATURES:append = "${@bb.utils.contains("DISTRO_FEATURES", "ptest", " 
features/gpio/mockup.scc", "", d)}"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.13.bb 
b/meta/recipes-kernel/linux/linux-yocto-tiny_5.13.bb
deleted file mode 100644
index 5b71d75aef..00
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.13.bb
+++ /dev/null
@@ -1,32 +0,0 @@
-KBRANCH ?= "v5.13/standard/tiny/base"
-KBRANCH:qemuarm  ?= "v5.13/standard/tiny/arm-versatile-926ejs"
-
-LINUX_KERNEL_TYPE = "tiny"
-KCONFIG_MODE = "--allnoconfig"
-
-require recipes-kernel/linux/linux-yocto.inc
-
-LINUX_VERSION ?= "5.13.15"
-LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-
-DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
-DEPENDS += "openssl-native util-linux-native"
-
-KMETA = "kernel-meta"
-KCONF_BSP_AUDIT_LEVEL = "2"
-
-SRCREV_machine:qemuarm ?= "94f45ad50950df80adbf1a8e1bbc110abff5bbc4"
-SRCREV_machine ?= "3bd6397a9acc2cd13228c09097d61c8d1aa3bbdf"
-SRCREV_meta ?= "c38435a3cacf424fa686ecac9a95ef8349b83bb3"
-
-PV = "${LINUX_VERSION}+git${SRCPV}"
-
-SRC_URI = 
"git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
-   
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.13;destsuffix=${KMETA}"
-
-COMPATIBLE_MACHINE = "qemux86|qemux86-64|qemuarm|qemuarmv5"
-
-# Functionality flags
-KERNEL_FEATURES = ""
-
-KERNEL_DEVICETREE:qemuarmv5 = "versatile-pb.dtb"
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.13.bb 
b/meta/recipes-kernel/linux/linux-yocto_5.13.bb
deleted file mode 100644
index a17bddf0f4..00
--- a/meta/recipes-kernel/linux/linux-yocto_5.13.bb
+++ /dev/null
@@ -1,68 +0,0 @@
-KBRANCH ?= "v5.13/standard/base"
-
-require recipes-kernel/linux/linux-yocto.inc
-
-# board specific branches
-KBRANCH:qemuarm  ?= "v5.13/standard/arm-versatile-926ejs"
-KBRANCH:qemuarm64 ?= "v5.13/standard/qemuarm64"
-KBRANCH:qemumips ?= "v5.13/standard/mti-malta32"
-KBRANCH:qemuppc  ?= "v5.13/standard/qemuppc"
-KBRANCH:qemuriscv64  ?= 

[OE-core] [PATCH 2/4] lttng-modules: fix build against 5.15+

[Bruce Ashfield]

From: Bruce Ashfield 

When testing linux-yocto-dev 5.15-rc, lttng-modules fails to build.
Upstream already has fixes for 5.15 in the release branch, so we
backport the two patches here and we can drop them on the next version
bump.

Signed-off-by: Bruce Ashfield 
---
 ...Remove-deprecated-CPU-hotplug-functi.patch | 394 +
 ...ile-Enable-Wimplicit-fallthrough-for.patch | 829 ++
 .../lttng/lttng-modules_2.13.0.bb |   5 +-
 3 files changed, 1227 insertions(+), 1 deletion(-)
 create mode 100644 
meta/recipes-kernel/lttng/lttng-modules/0001-fix-cpu-hotplug-Remove-deprecated-CPU-hotplug-functi.patch
 create mode 100644 
meta/recipes-kernel/lttng/lttng-modules/0002-fix-Revert-Makefile-Enable-Wimplicit-fallthrough-for.patch

diff --git 
a/meta/recipes-kernel/lttng/lttng-modules/0001-fix-cpu-hotplug-Remove-deprecated-CPU-hotplug-functi.patch
 
b/meta/recipes-kernel/lttng/lttng-modules/0001-fix-cpu-hotplug-Remove-deprecated-CPU-hotplug-functi.patch
new file mode 100644
index 00..4e52e5f122
--- /dev/null
+++ 
b/meta/recipes-kernel/lttng/lttng-modules/0001-fix-cpu-hotplug-Remove-deprecated-CPU-hotplug-functi.patch
@@ -0,0 +1,394 @@
+From 8be4c8a38ee1e297578e094a6e4c143ec5259aba Mon Sep 17 00:00:00 2001
+From: Michael Jeanson 
+Date: Mon, 13 Sep 2021 12:00:38 -0400
+Subject: [PATCH 1/2] fix: cpu/hotplug: Remove deprecated CPU-hotplug
+ functions. (v5.15)
+
+The CPU-hotplug functions get|put_online_cpus() were deprecated in v4.13
+and removed in v5.15.
+
+See upstream commits :
+
+commit 8c854303ce0e38e5bbedd725ff39da7e235865d8
+Author: Sebastian Andrzej Siewior 
+Date:   Tue Aug 3 16:16:21 2021 +0200
+
+cpu/hotplug: Remove deprecated CPU-hotplug functions.
+
+No users in tree use the deprecated CPU-hotplug functions anymore.
+
+Remove them.
+
+Introduced in v4.13 :
+
+  commit 8f553c498e1772cccb39a114da4a498d22992758
+  Author: Thomas Gleixner 
+  Date:   Wed May 24 10:15:12 2017 +0200
+
+cpu/hotplug: Provide cpus_read|write_[un]lock()
+
+The counting 'rwsem' hackery of get|put_online_cpus() is going to be
+replaced by percpu rwsem.
+
+Rename the functions to make it clear that it's locking and not some
+refcount style interface. These new functions will be used for the
+preparatory patches which make the code ready for the percpu rwsem
+conversion.
+
+Rename all instances in the cpu hotplug code while at it.
+
+Upstream-Status: backport 
[https://git.lttng.org/?p=lttng-modules.git;a=commit;h=ffcc873470121ef1ebb110df3d9038a38d9cb7cb]
+
+Change-Id: I5a37cf5afc075a402b7347989fac637dfa60a1ed
+Signed-off-by: Michael Jeanson 
+Signed-off-by: Mathieu Desnoyers 
+---
+ include/wrapper/cpu.h | 44 +++
+ src/lib/ringbuffer/ring_buffer_backend.c  |  8 ++---
+ src/lib/ringbuffer/ring_buffer_frontend.c | 17 -
+ src/lib/ringbuffer/ring_buffer_iterator.c | 15 
+ src/lttng-context-perf-counters.c | 11 +++---
+ src/lttng-statedump-impl.c|  6 ++--
+ 6 files changed, 74 insertions(+), 27 deletions(-)
+ create mode 100644 include/wrapper/cpu.h
+
+diff --git a/include/wrapper/cpu.h b/include/wrapper/cpu.h
+new file mode 100644
+index ..cbee1962
+--- /dev/null
 b/include/wrapper/cpu.h
+@@ -0,0 +1,44 @@
++/* SPDX-License-Identifier: (GPL-2.0-only or LGPL-2.1-only)
++ *
++ * wrapper/cpu.h
++ *
++ * Copyright (C) 2021 Michael Jeanson 
++ */
++
++#ifndef _LTTNG_WRAPPER_CPU_H
++#define _LTTNG_WRAPPER_CPU_H
++
++#include 
++#include 
++
++#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(4,13,0))
++
++static inline
++void lttng_cpus_read_lock(void)
++{
++  cpus_read_lock();
++}
++
++static inline
++void lttng_cpus_read_unlock(void)
++{
++  cpus_read_unlock();
++}
++
++#else /* LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(4,13,0) */
++
++static inline
++void lttng_cpus_read_lock(void)
++{
++  get_online_cpus();
++}
++
++static inline
++void lttng_cpus_read_unlock(void)
++{
++  put_online_cpus();
++}
++
++#endif /* LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(4,13,0) */
++
++#endif /* _LTTNG_WRAPPER_CPU_H */
+diff --git a/src/lib/ringbuffer/ring_buffer_backend.c 
b/src/lib/ringbuffer/ring_buffer_backend.c
+index 26efb2bc..9a339be0 100644
+--- a/src/lib/ringbuffer/ring_buffer_backend.c
 b/src/lib/ringbuffer/ring_buffer_backend.c
+@@ -12,10 +12,10 @@
+ #include 
+ #include 
+ #include 
+-#include 
+ #include 
+ #include 
+ 
++#include 
+ #include 
+ #include   /* for wrapper_vmalloc_sync_mappings() */
+ #include 
+@@ -445,14 +445,14 @@ int channel_backend_init(struct channel_backend *chanb,
+   chanb->cpu_hp_notifier.priority = 5;
+   register_hotcpu_notifier(>cpu_hp_notifier);
+ 
+-  get_online_cpus();
++  lttng_cpus_read_lock();
+   for_each_online_cpu(i) {
+   ret = 
lib_ring_buffer_create(per_cpu_ptr(chanb->buf, 

[OE-core] [PATCH 1/4] linux-yocto-dev: update to v5.15-rcX

[Bruce Ashfield]

From: Bruce Ashfield 

The main reference kernel has moved to 5.14, so we bump -dev to
5.15 for the release.

Signed-off-by: Bruce Ashfield 
---
 meta/recipes-kernel/linux/linux-yocto-dev.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-dev.bb 
b/meta/recipes-kernel/linux/linux-yocto-dev.bb
index 0911787009..f58b5ab0b8 100644
--- a/meta/recipes-kernel/linux/linux-yocto-dev.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-dev.bb
@@ -30,7 +30,7 @@ SRC_URI = 
"git://git.yoctoproject.org/linux-yocto-dev.git;branch=${KBRANCH};name
 SRCREV_machine ?= 
'${@oe.utils.conditional("PREFERRED_PROVIDER_virtual/kernel", 
"linux-yocto-dev", "${AUTOREV}", "29594404d7fe73cd80eaa4ee8c43dcc53970c60e", 
d)}'
 SRCREV_meta ?= '${@oe.utils.conditional("PREFERRED_PROVIDER_virtual/kernel", 
"linux-yocto-dev", "${AUTOREV}", "29594404d7fe73cd80eaa4ee8c43dcc53970c60e", 
d)}'
 
-LINUX_VERSION ?= "5.14+"
+LINUX_VERSION ?= "5.15+"
 LINUX_VERSION_EXTENSION ?= "-yoctodev-${LINUX_KERNEL_TYPE}"
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
-- 
2.19.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#156325): 
https://lists.openembedded.org/g/openembedded-core/message/156325
Mute This Topic: https://lists.openembedded.org/mt/85841295/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 0/4] linux-yocto: complete bump to v5.14/v5.15

[Bruce Ashfield]

From: Bruce Ashfield 

Richard,

These are the remaining patches now that we have 5.14 into master. This moves
-dev to 5.15 (and fixes the associated kernel packages to build against it).

We remove 5.13 from master as well, and I'll follow up with the yocto-bsps
equivalent shortly.

Bruce

The following changes since commit 06dcace68b021b020f14327c35358d58ecc698fa:

  meta-yocto-bsp: Update the default kernel to v5.14 (2021-09-24 10:15:29 +0100)

are available in the Git repository at:

  git://git.yoctoproject.org/poky-contrib zedd/kernel
  http://git.yoctoproject.org/cgit.cgi/poky-contrib/log/?h=zedd/kernel

Bruce Ashfield (4):
  linux-yocto-dev: update to v5.15-rcX
  lttng-modules: fix build against 5.15+
  lttng-modules/dev-upstream: update to 2.13-latest
  linux-yocto/5.13: drop recipes

 meta/recipes-kernel/linux/linux-yocto-dev.bb  |   2 +-
 .../linux/linux-yocto-rt_5.13.bb  |  45 -
 .../linux/linux-yocto-tiny_5.13.bb|  32 -
 meta/recipes-kernel/linux/linux-yocto_5.13.bb |  68 --
 ...Remove-deprecated-CPU-hotplug-functi.patch | 394 +
 ...ile-Enable-Wimplicit-fallthrough-for.patch | 829 ++
 .../lttng/lttng-modules_2.13.0.bb |   9 +-
 7 files changed, 1230 insertions(+), 149 deletions(-)
 delete mode 100644 meta/recipes-kernel/linux/linux-yocto-rt_5.13.bb
 delete mode 100644 meta/recipes-kernel/linux/linux-yocto-tiny_5.13.bb
 delete mode 100644 meta/recipes-kernel/linux/linux-yocto_5.13.bb
 create mode 100644 
meta/recipes-kernel/lttng/lttng-modules/0001-fix-cpu-hotplug-Remove-deprecated-CPU-hotplug-functi.patch
 create mode 100644 
meta/recipes-kernel/lttng/lttng-modules/0002-fix-Revert-Makefile-Enable-Wimplicit-fallthrough-for.patch

-- 
2.19.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#156324): 
https://lists.openembedded.org/g/openembedded-core/message/156324
Mute This Topic: https://lists.openembedded.org/mt/85841294/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 25/25] connman: add CVE_PRODUCT

[Steve Sakoman]

Upstream database uses both "connman" and "connection_manager" to report CVEs

Signed-off-by: Steve Sakoman 
---
 meta/recipes-connectivity/connman/connman.inc | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/recipes-connectivity/connman/connman.inc 
b/meta/recipes-connectivity/connman/connman.inc
index 55e5bf97c7..c495ae29ad 100644
--- a/meta/recipes-connectivity/connman/connman.inc
+++ b/meta/recipes-connectivity/connman/connman.inc
@@ -15,6 +15,8 @@ LIC_FILES_CHKSUM = 
"file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e \
 
 inherit autotools pkgconfig systemd update-rc.d update-alternatives
 
+CVE_PRODUCT = "connman connection_manager"
+
 DEPENDS  = "dbus glib-2.0 ppp"
 
 INC_PR = "r20"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#156323): 
https://lists.openembedded.org/g/openembedded-core/message/156323
Mute This Topic: https://lists.openembedded.org/mt/85839990/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 24/25] libsoup-2.4: remove obsolete intltool dependency

[Steve Sakoman]

From: Ross Burton 

This hasn't been needed since libsoup 2.65.2.

Signed-off-by: Ross Burton 
Signed-off-by: Richard Purdie 
(cherry picked from commit 250a3f9a804917c8a9427d0209365d27b1b8fa4a)
Signed-off-by: Steve Sakoman 
---
 meta/recipes-support/libsoup/libsoup-2.4_2.68.4.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-support/libsoup/libsoup-2.4_2.68.4.bb 
b/meta/recipes-support/libsoup/libsoup-2.4_2.68.4.bb
index 65b32557e7..e42ac30bf2 100644
--- a/meta/recipes-support/libsoup/libsoup-2.4_2.68.4.bb
+++ b/meta/recipes-support/libsoup/libsoup-2.4_2.68.4.bb
@@ -7,7 +7,7 @@ SECTION = "x11/gnome/libs"
 LICENSE = "LGPLv2"
 LIC_FILES_CHKSUM = "file://COPYING;md5=5f30f0716dfdd0d91eb439ebec522ec2"
 
-DEPENDS = "glib-2.0 glib-2.0-native libxml2 sqlite3 intltool-native libpsl"
+DEPENDS = "glib-2.0 glib-2.0-native libxml2 sqlite3 libpsl"
 
 SHRT_VER = "${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}"
 
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#156322): 
https://lists.openembedded.org/g/openembedded-core/message/156322
Mute This Topic: https://lists.openembedded.org/mt/85839989/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 23/25] testimage: symlink the task log and qemu console log to tmp/log/oeqa

[Steve Sakoman]

From: Alexander Kanavin 

This makes it easier for the AB scripts (particularly, collect-results)
to access and archive these items, as they can contain useful information
when ptests or other qemu tests fail (and also if they don't fail).

[YOCTO #14518]

Signed-off-by: Alexander Kanavin 
Signed-off-by: Richard Purdie 
(cherry picked from commit 1965b344abcff0ba584136f929b4a14645f1585e)
Signed-off-by: Steve Sakoman 
---
 meta/classes/testimage.bbclass | 12 ++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/meta/classes/testimage.bbclass b/meta/classes/testimage.bbclass
index c709384b91..db1d54e5cb 100644
--- a/meta/classes/testimage.bbclass
+++ b/meta/classes/testimage.bbclass
@@ -193,6 +193,7 @@ def testimage_main(d):
 import json
 import signal
 import logging
+import shutil
 
 from bb.utils import export_proxies
 from oeqa.core.utils.misc import updateTestData
@@ -397,10 +398,17 @@ def testimage_main(d):
 get_testimage_result_id(configuration),
 dump_streams=d.getVar('TESTREPORT_FULLLOGS'))
 results.logSummary(pn)
+
+# Copy additional logs to tmp/log/oeqa so it's easier to find them
+targetdir = os.path.join(get_testimage_json_result_dir(d), d.getVar("PN"))
+os.makedirs(targetdir, exist_ok=True)
+os.symlink(bootlog, os.path.join(targetdir, os.path.basename(bootlog)))
+os.symlink(d.getVar("BB_LOGFILE"), os.path.join(targetdir, 
os.path.basename(d.getVar("BB_LOGFILE") + "." + d.getVar('DATETIME'
+
 if not results or not complete:
-bb.fatal('%s - FAILED - tests were interrupted during execution' % pn, 
forcelog=True)
+bb.fatal('%s - FAILED - tests were interrupted during execution, check 
the logs in %s' % (pn, d.getVar("LOG_DIR")), forcelog=True)
 if not results.wasSuccessful():
-bb.fatal('%s - FAILED - check the task log and the ssh log' % pn, 
forcelog=True)
+bb.fatal('%s - FAILED - also check the logs in %s' % (pn, 
d.getVar("LOG_DIR")), forcelog=True)
 
 def get_runtime_paths(d):
 """
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#156321): 
https://lists.openembedded.org/g/openembedded-core/message/156321
Mute This Topic: https://lists.openembedded.org/mt/85839988/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 22/25] wic: keep rootfs_size as integer

[Steve Sakoman]

From: Alexander Kanavin 

The corrected line accidentally converted it to float,
which causes problems later on with python 3.10:

|   File "/home/alex/development/poky/scripts/lib/wic/partition.py", line 278, 
in prepare_rootfs_ext
| os.ftruncate(sparse.fileno(), rootfs_size * 1024)
| TypeError: 'float' object cannot be interpreted as an integer

Signed-off-by: Alexander Kanavin 
Signed-off-by: Richard Purdie 
(cherry picked from commit d1d260dd2d196d10379ed9e238bcb34f39f3a3b7)
Signed-off-by: Steve Sakoman 
---
 scripts/lib/wic/partition.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/lib/wic/partition.py b/scripts/lib/wic/partition.py
index 85f9847047..792bb3dcd3 100644
--- a/scripts/lib/wic/partition.py
+++ b/scripts/lib/wic/partition.py
@@ -104,7 +104,7 @@ class Partition():
 extra_blocks = self.extra_space
 
 rootfs_size = actual_rootfs_size + extra_blocks
-rootfs_size *= self.overhead_factor
+rootfs_size = int(rootfs_size * self.overhead_factor)
 
 logger.debug("Added %d extra blocks to %s to get to %d total 
blocks",
  extra_blocks, self.mountpoint, rootfs_size)
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#156320): 
https://lists.openembedded.org/g/openembedded-core/message/156320
Mute This Topic: https://lists.openembedded.org/mt/85839987/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 21/25] core-image-sato: Fix runqemu error for qemuarmv5

[Steve Sakoman]

From: Jon Mason 

When attempting to execute runqemu on qemuarmv5, the following error is
encountered:

runqemu - ERROR - Failed to run qemu: qemu-system-arm: versatilepb: memory size 
must not exceed 256MB

To work around this, limit the QB_MEM size for qemuarmv5, similar to
what is being done for qemumips.

Signed-off-by: Jon Mason 
Signed-off-by: Richard Purdie 
(cherry picked from commit 6450138afebffcc55ab32afadd5fb979274fff2b)
Signed-off-by: Steve Sakoman 
---
 meta/recipes-sato/images/core-image-sato.bb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/recipes-sato/images/core-image-sato.bb 
b/meta/recipes-sato/images/core-image-sato.bb
index e50b24a476..300d8e0d43 100644
--- a/meta/recipes-sato/images/core-image-sato.bb
+++ b/meta/recipes-sato/images/core-image-sato.bb
@@ -13,4 +13,5 @@ TOOLCHAIN_HOST_TASK_append = " nativesdk-intltool 
nativesdk-glib-2.0"
 TOOLCHAIN_HOST_TASK_remove_task-populate-sdk-ext = " nativesdk-intltool 
nativesdk-glib-2.0"
 
 QB_MEM = '${@bb.utils.contains("DISTRO_FEATURES", "opengl", "-m 512", "-m 
256", d)}'
+QB_MEM_qemuarmv5 = "-m 256"
 QB_MEM_qemumips = "-m 256"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#156319): 
https://lists.openembedded.org/g/openembedded-core/message/156319
Mute This Topic: https://lists.openembedded.org/mt/85839986/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 20/25] Update mailing list address

[Steve Sakoman]

From: Jon Mason 

Signed-off-by: Jon Mason 
Signed-off-by: Richard Purdie 
(cherry picked from commit 83169c33f7585da25560784f79eaad2c6f029f3c)
Signed-off-by: Steve Sakoman 
---
 meta/conf/distro/include/maintainers.inc  | 2 +-
 meta/recipes-core/glibc/ldconfig-native-2.12.1/ldconfig.patch | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/conf/distro/include/maintainers.inc 
b/meta/conf/distro/include/maintainers.inc
index ef1e7fe2f4..895cf89487 100644
--- a/meta/conf/distro/include/maintainers.inc
+++ b/meta/conf/distro/include/maintainers.inc
@@ -4,7 +4,7 @@
 #
 # Please submit any patches against recipes in meta to the
 # OE-Core mail list (openembedded-core@lists.openembedded.org)
-# For recipes in meta-yocto please use the Poky list (p...@yoctoproject.org)
+# For recipes in meta-yocto please use the Poky list 
(p...@lists.yoctoproject.org)
 #
 # If you have problems with or questions about a particular recipe, feel
 # free to contact the maintainer directly (cc:ing the appropriate mailing list
diff --git a/meta/recipes-core/glibc/ldconfig-native-2.12.1/ldconfig.patch 
b/meta/recipes-core/glibc/ldconfig-native-2.12.1/ldconfig.patch
index 52986e61c7..d1835c7a10 100644
--- a/meta/recipes-core/glibc/ldconfig-native-2.12.1/ldconfig.patch
+++ b/meta/recipes-core/glibc/ldconfig-native-2.12.1/ldconfig.patch
@@ -400,7 +400,7 @@ Index: ldconfig-native-2.12.1/ldconfig.c
return 0;
  }
  
-+#define REPORT_BUGS_TO "mailing list : p...@yoctoproject.org"
++#define REPORT_BUGS_TO "mailing list : p...@lists.yoctoproject.org"
  /* Print bug-reporting information in the help message.  */
  static char *
  more_help (int key, const char *text, void *input)
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#156318): 
https://lists.openembedded.org/g/openembedded-core/message/156318
Mute This Topic: https://lists.openembedded.org/mt/85839985/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 19/25] bash: Ensure deterministic build

[Steve Sakoman]

From: Richard Purdie 

Bash keeps a count of the number of times make was invoked on a directory
and changes the output versioning accordingly. We want deterministic output
so disable this behaviour.

Signed-off-by: Richard Purdie 
(cherry picked from commit 13a039e03195a47c750d5901e96fe81cf523481f)
Signed-off-by: Steve Sakoman 
---
 meta/recipes-extended/bash/bash.inc | 5 +
 1 file changed, 5 insertions(+)

diff --git a/meta/recipes-extended/bash/bash.inc 
b/meta/recipes-extended/bash/bash.inc
index c7cf8cddd3..4e6176d2e6 100644
--- a/meta/recipes-extended/bash/bash.inc
+++ b/meta/recipes-extended/bash/bash.inc
@@ -49,6 +49,11 @@ do_compile_ptest () {
oe_runmake buildtest
 }
 
+do_install_prepend () {
+   # Ensure determinism as this counter increases for each make call
+   rm -f ${B}/.build
+}
+
 do_install_append () {
# Move /usr/bin/bash to /bin/bash, if need
if [ "${base_bindir}" != "${bindir}" ]; then
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#156317): 
https://lists.openembedded.org/g/openembedded-core/message/156317
Mute This Topic: https://lists.openembedded.org/mt/85839984/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 18/25] useradd: Ensure preinst data is expanded correctly in pkgdata

[Steve Sakoman]

From: Richard Purdie 

The preinst data in pkgdata will not expand out the ${XXX_PARAM} variables
since they don't use a package suffix. It happens that the final expansion
used for the packages is corrected by a second trip through the datastore.

The first version is used for calculation of the task output hash and
recent improvements in hash reuse showed this data wasn't using included
in the hashes, meaning for example builds with dynamic IDs were mixing
sstate with builds using static IDs. The result was a mess.

Fix this by expanding the data in the preinst correctly to use the
package specific _PARAM values.

Signed-off-by: Richard Purdie 
(cherry picked from commit 375430f249e7e0b6622e566e2478b40ba7e606ab)
Signed-off-by: Steve Sakoman 
---
 meta/classes/useradd.bbclass | 4 
 1 file changed, 4 insertions(+)

diff --git a/meta/classes/useradd.bbclass b/meta/classes/useradd.bbclass
index e5f3ba24f9..0f0ed3446d 100644
--- a/meta/classes/useradd.bbclass
+++ b/meta/classes/useradd.bbclass
@@ -230,6 +230,10 @@ fakeroot python populate_packages_prepend () {
 preinst += 'perform_useradd () {\n%s}\n' % d.getVar('perform_useradd')
 preinst += 'perform_groupmems () {\n%s}\n' % 
d.getVar('perform_groupmems')
 preinst += d.getVar('useradd_preinst')
+# Expand out the *_PARAM variables to the package specific versions
+for rep in ["GROUPADD_PARAM", "USERADD_PARAM", "GROUPMEMS_PARAM"]:
+val = d.getVar(rep + "_" + pkg) or ""
+preinst = preinst.replace("${" + rep + "}", val)
 d.setVar('pkg_preinst_%s' % pkg, preinst)
 
 # RDEPENDS setup
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#156316): 
https://lists.openembedded.org/g/openembedded-core/message/156316
Mute This Topic: https://lists.openembedded.org/mt/85839982/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 17/25] rpm: Handle proper return value to avoid major issues

[Steve Sakoman]

From: Ranjitsinh Rathod 

0001-rpm-rpmio.c-restrict-virtual-memory-usage-if-limit-s.patch changed
to avoid critical issues
Handled return values of getrlimit() and lzma_cputhreads() functions
to avoid unexpected behaviours like devide by zero and potential read
of uninitialized variable 'virtual_memory'
Upstream-Status: Pending [merge of multithreading patches to upstream]

Signed-off-by: Ranjitsinh Rathod 
Signed-off-by: Richard Purdie 
(cherry picked from commit 5aae9c2cb464350bc443a0f60fd6602942e61f46)
Signed-off-by: Steve Sakoman 
---
 ...rict-virtual-memory-usage-if-limit-s.patch | 25 +++
 1 file changed, 14 insertions(+), 11 deletions(-)

diff --git 
a/meta/recipes-devtools/rpm/files/0001-rpm-rpmio.c-restrict-virtual-memory-usage-if-limit-s.patch
 
b/meta/recipes-devtools/rpm/files/0001-rpm-rpmio.c-restrict-virtual-memory-usage-if-limit-s.patch
index 6454785254..dc3f74fecd 100644
--- 
a/meta/recipes-devtools/rpm/files/0001-rpm-rpmio.c-restrict-virtual-memory-usage-if-limit-s.patch
+++ 
b/meta/recipes-devtools/rpm/files/0001-rpm-rpmio.c-restrict-virtual-memory-usage-if-limit-s.patch
@@ -11,36 +11,39 @@ CPU thread.
 Upstream-Status: Pending [merge of multithreading patches to upstream]
 
 Signed-off-by: Peter Bergin 
+Signed-off-by: Ranjitsinh Rathod 
 ---
- rpmio/rpmio.c | 34 ++
- 1 file changed, 34 insertions(+)
+ rpmio/rpmio.c | 36 
+ 1 file changed, 36 insertions(+)
 
 diff --git a/rpmio/rpmio.c b/rpmio/rpmio.c
 index e051c98..b3c56b6 100644
 --- a/rpmio/rpmio.c
 +++ b/rpmio/rpmio.c
-@@ -845,6 +845,40 @@ static LZFILE *lzopen_internal(const char *mode, int fd, 
int xz)
+@@ -845,6 +845,42 @@ static LZFILE *lzopen_internal(const char *mode, int fd, 
int xz)
}
  #endif
  
-+  struct rlimit virtual_memory;
-+  getrlimit(RLIMIT_AS, _memory);
-+  if (virtual_memory.rlim_cur != RLIM_INFINITY) {
++  struct rlimit virtual_memory = {RLIM_INFINITY , RLIM_INFINITY};
++  int status = getrlimit(RLIMIT_AS, _memory);
++  if ((status != -1) && (virtual_memory.rlim_cur != 
RLIM_INFINITY)) {
 +  const uint64_t virtual_memlimit = 
virtual_memory.rlim_cur;
++  uint32_t threads_max = lzma_cputhreads();
 +  const uint64_t virtual_memlimit_per_cpu_thread =
-+  virtual_memlimit / lzma_cputhreads();
-+  uint64_t memory_usage_virt;
++  virtual_memlimit / ((threads_max == 0) ? 1 : 
threads_max);
 +  rpmlog(RPMLOG_NOTICE, "XZ: virtual memory restricted to 
%lu and "
 + "per CPU thread %lu\n", virtual_memlimit, 
virtual_memlimit_per_cpu_thread);
++  uint64_t memory_usage_virt;
 +  /* keep reducing the number of compression threads 
until memory
 + usage falls below the limit per CPU thread*/
 +  while ((memory_usage_virt = 
lzma_stream_encoder_mt_memusage(_options)) >
 + virtual_memlimit_per_cpu_thread) {
-+  /* If number of threads goes down to zero 
lzma_stream_encoder will
-+   * will return UINT64_MAX. We must check here 
to avoid an infinite loop.
++  /* If number of threads goes down to zero or in 
case of any other error
++   * lzma_stream_encoder_mt_memusage will return 
UINT64_MAX. We must check
++   * for both the cases here to avoid an infinite 
loop.
 +   * If we get into situation that one thread 
requires more virtual memory
 +   * than available we set one thread, print 
error message and try anyway. */
-+  if (--mt_options.threads == 0) {
++  if ((--mt_options.threads == 0) || 
(memory_usage_virt == UINT64_MAX)) {
 +  mt_options.threads = 1;
 +  rpmlog(RPMLOG_WARNING,
 + "XZ: Could not adjust number of 
threads to get below "
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#156315): 
https://lists.openembedded.org/g/openembedded-core/message/156315
Mute This Topic: https://lists.openembedded.org/mt/85839981/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 16/25] linux-yocto/5.4: update to v5.4.144

[Steve Sakoman]

From: Bruce Ashfield 

Updating linux-yocto/5.4 to the latest korg -stable release that comprises
the following commits:

c6bf0ed9d1a7 Linux 5.4.144
0634c0f91995 audit: move put_tree() to avoid trim_trees refcount underflow 
and UAF
cab0003311a0 net: don't unconditionally copy_from_user a struct ifreq for 
socket ioctls
6752b3b0628e Revert "parisc: Add assembly implementations for memset, 
strlen, strcpy, strncpy and strcat"
67871ada3a53 Revert "floppy: reintroduce O_NDELAY fix"
d7f7eca72ecc btrfs: fix NULL pointer dereference when deleting device by 
invalid id
e644da7ace0f arm64: dts: qcom: msm8994-angler: Fix gpio-reserved-ranges 
85-88
4f76285f6df8 KVM: x86/mmu: Treat NX as used (not reserved) for all !TDP 
shadow MMUs
620681d7201a net: dsa: mt7530: fix VLAN traffic leaks again
38adbf21f37e bpf: Fix cast to pointer from integer of different size warning
812ee47ad76e bpf: Track contents of read-only maps as scalars
f4418015201b vt_kdsetmode: extend console locking
8a19e0045086 btrfs: fix race between marking inode needs to be logged and 
log syncing
f3a1ac258ebc net/rds: dma_map_sg is entitled to merge entries
ad6a2bc7588a drm/nouveau/disp: power down unused DP links during init
689179c462d8 drm: Copy drm_wait_vblank to user before returning
18ceb99f8483 qed: Fix null-pointer dereference in qed_rdma_create_qp()
f1a0db49abd5 qed: qed ll2 race condition fixes
73ba9e4ece4b vringh: Use wiov->used to check for read/write desc order
ee52acae6fb5 virtio_pci: Support surprise removal of virtio pci device
be9b79e84154 virtio: Improve vq->broken access to avoid any compiler 
optimization
0d4ba693db48 opp: remove WARN when no valid OPPs remain
baf56a1d8199 perf/x86/intel/uncore: Fix integer overflow on 23 bit left 
shift of a u32
0ad96094ab90 usb: gadget: u_audio: fix race condition on endpoint stop
c5c2b4ca5035 drm/i915: Fix syncmap memory leak
2f3cefa6abf0 net: hns3: fix get wrong pfc_en when query PFC configuration
6f0c0b35e277 net: hns3: fix duplicate node in VLAN list
951805c23dff net: hns3: clear hardware resource when loading driver
08162f65642c rtnetlink: Return correct error on changing device netns
f58e42d1928c net: marvell: fix MVNETA_TX_IN_PRGRS bit number
45454400a647 xgene-v2: Fix a resource leak in the error handling path of 
'xge_probe()'
53b480e68c1c ip_gre: add validation for csum_start
bb8ca7e2e67e RDMA/efa: Free IRQ vectors on error flow
e29565b4515e e1000e: Fix the max snoop/no-snoop latency for 10M
8a21e84334ec IB/hfi1: Fix possible null-pointer dereference in 
_extend_sdma_tx_descs()
944a50f56f1b RDMA/bnxt_re: Add missing spin lock initialization
28b189541027 scsi: core: Fix hang of freezing queue between blocking and 
running device
628c582854d3 usb: dwc3: gadget: Stop EP0 transfers during pullup disable
d9da281c8f9e usb: dwc3: gadget: Fix dwc3_calc_trbs_left()
21880abf19ba USB: serial: option: add new VID/PID to support Fibocom FG150
2e098e91eeec Revert "USB: serial: ch341: fix character loss at high 
transfer rates"
16b281a70a10 can: usb: esd_usb2: esd_usb2_rx_event(): fix the interchange 
of the CAN RX and TX error counters
765437d1f078 mm, oom: make the calculation of oom badness more accurate
1cccf5c03077 mmc: sdhci-msm: Update the software timeout value for sdhc
aec1e470d906 ovl: fix uninitialized pointer read in ovl_lookup_real_one()
57bd5b59f1ce once: Fix panic when module unload
5892f910f401 netfilter: conntrack: collect all entries in one cycle
7c95c89b6929 ARC: Fix CONFIG_STACKDEPOT
a6b049aeefa8 net: qrtr: fix another OOB Read in qrtr_endpoint_post

Signed-off-by: Bruce Ashfield 
Signed-off-by: Steve Sakoman 
---
 .../linux/linux-yocto-rt_5.4.bb   |  6 ++---
 .../linux/linux-yocto-tiny_5.4.bb |  8 +++
 meta/recipes-kernel/linux/linux-yocto_5.4.bb  | 22 +--
 3 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb 
b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
index d4add9b262..b6c84d0f1c 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
@@ -11,13 +11,13 @@ python () {
 raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to 
linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "f4f6c136157b70468cf54389034aeaa41bbc5538"
-SRCREV_meta ?= "70b2480497528245c948ec259c734d74ea4fa3f1"
+SRCREV_machine ?= "7f67141bca949eff8953f965c26475286d1a20cf"
+SRCREV_meta ?= "e4ccb53f204f722583178a9249fbf5d745f0d56a"
 
 SRC_URI = 
"git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \

git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
 
-LINUX_VERSION ?= "5.4.143"
+LINUX_VERSION ?= "5.4.144"
 
 LIC_FILES_CHKSUM = 

[OE-core][dunfell 15/25] linux-yocto/5.4: update to v5.4.143

[Steve Sakoman]

From: Bruce Ashfield 

Updating linux-yocto/5.4 to the latest korg -stable release that comprises
the following commits:

fd80923202c6 Linux 5.4.143
4bf194158102 netfilter: nft_exthdr: fix endianness of tcp option cast
e4fd994f02c5 fs: warn about impending deprecation of mandatory locks
41c7f46c89f6 mm: memcontrol: fix occasional OOMs due to proportional 
memory.low reclaim
1a3aa81444d3 mm, memcg: avoid stale protection values when cgroup is above 
protection
9c1c449dcca0 ASoC: intel: atom: Fix breakage for PCM buffer address setup
846ba58a7c06 PCI: Increase D3 delay for AMD Renoir/Cezanne XHCI
548b75f4905e btrfs: prevent rename2 from exchanging a subvol with a 
directory from different parents
0fc6a9c2025b ipack: tpci200: fix memory leak in the tpci200_register
280d66b31797 ipack: tpci200: fix many double free issues in 
tpci200_pci_probe
cb7aa5103146 slimbus: ngd: reset dma setup during runtime pm
abce32d0f7f4 slimbus: messaging: check for valid transaction id
0786d315f55c slimbus: messaging: start transaction ids from 1 instead of 
zero
20c2f141b1e5 tracing / histogram: Fix NULL pointer dereference on strcmp() 
on NULL event name
8fbfebe188c0 ALSA: hda - fix the 'Capture Switch' value change notifications
85e60614d1f6 mmc: dw_mmc: Fix hang on data CRC error
4f6c9caf7b6c ovl: add splice file read write helper
85813f1f9e86 iavf: Fix ping is lost after untrusted VF had tried to change 
MAC
a498115dcd9c i40e: Fix ATR queue selection
1b8a8fba7853 ovs: clear skb->tstamp in forwarding path
84dbbf5482e3 net: mdio-mux: Handle -EPROBE_DEFER correctly
453486e79ed2 net: mdio-mux: Don't ignore memory allocation errors
6b70c67849bb net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32
da92ce364595 virtio-net: use NETIF_F_GRO_HW instead of NETIF_F_LRO
9aeadce8e33b virtio-net: support XDP when not more queues
3ed7cf8386c9 vrf: Reset skb conntrack connection on VRF rcv
447b16028956 bnxt_en: Add missing DMA memory barriers
c9566df334d0 ptp_pch: Restore dependency on PCI
a73b9aa14269 net: 6pack: fix slab-out-of-bounds in decode_data
2bc75713434b bnxt: disable napi before canceling DIM
a9fb0f155980 bnxt: don't lock the tx queue from napi poll
1fe038030cc8 bpf: Clear zext_dst of dead insns
73a45f75a07b vhost: Fix the calculation in vhost_overflow()
b9a59636c4bf virtio: Protect vqs list access
b264e37b3517 dccp: add do-while-0 stubs for dccp_pr_debug macros
9112ebc2990a cpufreq: armada-37xx: forbid cpufreq for 1.2 GHz variant
cb9a9d5fe636 iommu: Check if group is NULL before remove device
911a8141efdd Bluetooth: hidp: use correct wait queue when removing ctrl_wait
5b14c1f16e2d drm/amd/display: Fix Dynamic bpp issue with 8K30 with Navi 1X
f92dc3a89dd8 net: usb: lan78xx: don't modify phy_device state concurrently
be7043679967 ARM: dts: nomadik: Fix up interrupt controller node names
69aa1a1a569f scsi: core: Fix capacity set to zero after offlinining device
935de7ec7a4d scsi: core: Avoid printing an error if target_alloc() returns 
-ENXIO
7a721a1e1885 scsi: scsi_dh_rdac: Avoid crash during rdac_bus_attach()
9900e06ae6e6 scsi: megaraid_mm: Fix end of loop tests for 
list_for_each_entry()
e37cf26bd56d dmaengine: of-dma: router_xlate to return -EPROBE_DEFER if 
controller is not yet available
12d1322d93a6 ARM: dts: am43x-epos-evm: Reduce i2c0 bus speed for tps65218
11145efd295b dmaengine: usb-dmac: Fix PM reference leak in usb_dmac_probe()
9c97a0539288 dmaengine: xilinx_dma: Fix read-after-free bug when 
terminating transfers
fc566b5a21f5 USB: core: Avoid WARNings for 0-length descriptor requests
1bd505c814cc media: drivers/media/usb: fix memory leak in zr364xx_probe
705660a6d98d media: zr364xx: fix memory leaks in probe()
79dff2a3f41a media: zr364xx: propagate errors from zr364xx_start_readpipe()
7305d6d4078f mtd: cfi_cmdset_0002: fix crash when erasing/writing AMD cards
23f77ad13f81 ath9k: Postpone key cache entry deletion for TXQ frames 
reference it
c6feaf806da6 ath: Modify ath_key_delete() to not need full key entry
b7d593705eb4 ath: Export ath_hw_keysetmac()
add283e2517a ath9k: Clear key cache explicitly on disabling hardware
0c049ce432b3 ath: Use safer key clearing with key cache entries
172b9149 x86/fpu: Make init_fpstate correct with optimized XSAVE
81d152c8daf8 ext4: fix EXT4_MAX_LOGICAL_BLOCK macro

Signed-off-by: Bruce Ashfield 
Signed-off-by: Steve Sakoman 
---
 .../linux/linux-yocto-rt_5.4.bb   |  6 ++---
 .../linux/linux-yocto-tiny_5.4.bb |  8 +++
 meta/recipes-kernel/linux/linux-yocto_5.4.bb  | 22 +--
 3 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb 
b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
index 69958c5631..d4add9b262 100644
--- 

[OE-core][dunfell 14/25] iputils: Fix regression of arp table update

[Steve Sakoman]

From: Visa Hankala 

Backport a fix from iputils 20210202 to make arp table updating
work again.

Fixes: 77c5792aa5e7 ("iputils: fix various arping regressions")
Signed-off-by: Visa Hankala 
Signed-off-by: Steve Sakoman 
---
 ...ng-make-update-neighbours-work-again.patch | 79 +++
 .../iputils/iputils_s20190709.bb  |  1 +
 2 files changed, 80 insertions(+)
 create mode 100644 
meta/recipes-extended/iputils/iputils/0001-arping-make-update-neighbours-work-again.patch

diff --git 
a/meta/recipes-extended/iputils/iputils/0001-arping-make-update-neighbours-work-again.patch
 
b/meta/recipes-extended/iputils/iputils/0001-arping-make-update-neighbours-work-again.patch
new file mode 100644
index 00..bf86115843
--- /dev/null
+++ 
b/meta/recipes-extended/iputils/iputils/0001-arping-make-update-neighbours-work-again.patch
@@ -0,0 +1,79 @@
+From 86ed08936d49e2c81ef49dfbd02aca1c74d0c098 Mon Sep 17 00:00:00 2001
+From: lac-0073 <61903197+lac-0...@users.noreply.github.com>
+Date: Mon, 26 Oct 2020 09:45:42 +0800
+Subject: [PATCH] arpping: make update neighbours work again
+
+The arping is using inconsistent sender_ip_addr and target_ip_addr in
+messages.  This causes the client receiving the arp message not to update
+the arp table entries.
+
+The specific performance is as follows:
+
+There is a machine 2 with IP 10.20.30.3 configured on eth0:0 that is in the
+same IP subnet as eth0.  This IP was originally used on another machine 1,
+and th IP needs to be changed back to the machine 1.  When using the arping
+command to announce what ethernet address has IP 10.20.30.3, the arp table
+on machine 3 is not updated.
+
+Machine 3 original arp table:
+
+10.20.30.3  machine 2 eth0:000:00:00:00:00:02
+10.20.30.2  machine 2 eth0  00:00:00:00:00:02
+10.20.30.1  machine 1 eth0  00:00:00:00:00:01
+
+Create interface eth0:0 on machine 1, and use the arping command to send arp
+packets.  Expected outcome on machine 3:
+
+10.20.30.3  machine 1 eth0:000:00:00:00:00:01
+10.20.30.2  machine 2 eth0  00:00:00:00:00:02
+10.20.30.1  machine 1 eth0  00:00:00:00:00:01
+
+Actual results on machine 3:
+
+10.20.30.3  machine 2 eth0:000:00:00:00:00:02
+10.20.30.2  machine 2 eth0  00:00:00:00:00:02
+10.20.30.1  machine 1 eth0  00:00:00:00:00:01
+
+Fixes: https://github.com/iputils/iputils/issues/298
+Fixes: 68f12fc4a0dbef4ae4c404da24040d22c5a14339
+Signed-off-by: Aichun Li 
+Upstream-Status: Backport 
[https://github.com/iputils/iputils/commit/86ed08936d49e2c81ef49dfbd02aca1c74d0c098]
+Signed-off-by: Visa Hankala 
+---
+ arping.c | 16 +---
+ 1 file changed, 9 insertions(+), 7 deletions(-)
+
+diff --git a/arping.c b/arping.c
+index a002786..53fdbb4 100644
+--- a/arping.c
 b/arping.c
+@@ -968,7 +968,7 @@ int main(int argc, char **argv)
+   }
+   memset(, 0, sizeof(saddr));
+   saddr.sin_family = AF_INET;
+-  if (!ctl.unsolicited && (ctl.source || ctl.gsrc.s_addr)) {
++  if (ctl.source || ctl.gsrc.s_addr) {
+   saddr.sin_addr = ctl.gsrc;
+   if (bind(probe_fd, (struct sockaddr *), 
sizeof(saddr)) == -1)
+   error(2, errno, "bind");
+@@ -979,12 +979,14 @@ int main(int argc, char **argv)
+   saddr.sin_port = htons(1025);
+   saddr.sin_addr = ctl.gdst;
+ 
+-  if (setsockopt(probe_fd, SOL_SOCKET, SO_DONTROUTE, 
(char *), sizeof(on)) == -1)
+-  error(0, errno, _("WARNING: 
setsockopt(SO_DONTROUTE)"));
+-  if (connect(probe_fd, (struct sockaddr *), 
sizeof(saddr)) == -1)
+-  error(2, errno, "connect");
+-  if (getsockname(probe_fd, (struct sockaddr *), 
) == -1)
+-  error(2, errno, "getsockname");
++  if (!ctl.unsolicited) {
++  if (setsockopt(probe_fd, SOL_SOCKET, 
SO_DONTROUTE, (char *), sizeof(on)) == -1)
++  error(0, errno, _("WARNING: 
setsockopt(SO_DONTROUTE)"));
++  if (connect(probe_fd, (struct sockaddr 
*), sizeof(saddr)) == -1)
++  error(2, errno, "connect");
++  if (getsockname(probe_fd, (struct sockaddr 
*), ) == -1)
++  error(2, errno, "getsockname");
++  }
+   ctl.gsrc = saddr.sin_addr;
+   }
+   close(probe_fd);
diff --git a/meta/recipes-extended/iputils/iputils_s20190709.bb 
b/meta/recipes-extended/iputils/iputils_s20190709.bb
index d652bfcaad..b33b913817 100644
--- a/meta/recipes-extended/iputils/iputils_s20190709.bb
+++ b/meta/recipes-extended/iputils/iputils_s20190709.bb
@@ -20,6 +20,7 @@ SRC_URI = "git://github.com/iputils/iputils \

[OE-core][dunfell 13/25] vim: Backport fix for CVE-2021-3770

[Steve Sakoman]

From: Richard Purdie 

Signed-off-by: Richard Purdie 
(cherry picked from commit 54d3d023ce55ba4a7160ed25a283f0918e7d8e2e)
Signed-off-by: Steve Sakoman 
---
 ...1e135a16091c93f6f5f7525a5c58fb7ca9f9.patch | 207 ++
 meta/recipes-support/vim/vim.inc  |   2 +
 2 files changed, 209 insertions(+)
 create mode 100644 
meta/recipes-support/vim/files/b7081e135a16091c93f6f5f7525a5c58fb7ca9f9.patch

diff --git 
a/meta/recipes-support/vim/files/b7081e135a16091c93f6f5f7525a5c58fb7ca9f9.patch 
b/meta/recipes-support/vim/files/b7081e135a16091c93f6f5f7525a5c58fb7ca9f9.patch
new file mode 100644
index 00..1cee759502
--- /dev/null
+++ 
b/meta/recipes-support/vim/files/b7081e135a16091c93f6f5f7525a5c58fb7ca9f9.patch
@@ -0,0 +1,207 @@
+From b7081e135a16091c93f6f5f7525a5c58fb7ca9f9 Mon Sep 17 00:00:00 2001
+From: Bram Moolenaar 
+Date: Sat, 4 Sep 2021 18:47:28 +0200
+Subject: [PATCH] patch 8.2.3402: invalid memory access when using :retab with
+ large value
+
+Problem:Invalid memory access when using :retab with large value.
+Solution:   Check the number is positive.
+
+CVE: CVE-2021-3770
+Signed-off-by: Richard Purdie 
+Upstream-Status: Backport 
[https://github.com/vim/vim/commit/b7081e135a16091c93f6f5f7525a5c58fb7ca9f9]
+---
+ src/indent.c   | 34 +-
+ src/option.c   | 12 ++--
+ src/optionstr.c|  4 ++--
+ src/testdir/test_retab.vim |  3 +++
+ src/version.c  |  2 ++
+ 5 files changed, 34 insertions(+), 21 deletions(-)
+
+Index: git/src/indent.c
+===
+--- git.orig/src/indent.c
 git/src/indent.c
+@@ -18,18 +18,19 @@
+ /*
+  * Set the integer values corresponding to the string setting of 'vartabstop'.
+  * "array" will be set, caller must free it if needed.
++ * Return FAIL for an error.
+  */
+ int
+ tabstop_set(char_u *var, int **array)
+ {
+-int valcount = 1;
+-int t;
+-char_u *cp;
++int   valcount = 1;
++int   t;
++char_u  *cp;
+ 
+ if (var[0] == NUL || (var[0] == '0' && var[1] == NUL))
+ {
+   *array = NULL;
+-  return TRUE;
++  return OK;
+ }
+ 
+ for (cp = var; *cp != NUL; ++cp)
+@@ -43,8 +44,8 @@ tabstop_set(char_u *var, int **array)
+   if (cp != end)
+   emsg(_(e_positive));
+   else
+-  emsg(_(e_invarg));
+-  return FALSE;
++  semsg(_(e_invarg2), cp);
++  return FAIL;
+   }
+   }
+ 
+@@ -55,26 +56,33 @@ tabstop_set(char_u *var, int **array)
+   ++valcount;
+   continue;
+   }
+-  emsg(_(e_invarg));
+-  return FALSE;
++  semsg(_(e_invarg2), var);
++  return FAIL;
+ }
+ 
+ *array = ALLOC_MULT(int, valcount + 1);
+ if (*array == NULL)
+-  return FALSE;
++  return FAIL;
+ (*array)[0] = valcount;
+ 
+ t = 1;
+ for (cp = var; *cp != NUL;)
+ {
+-  (*array)[t++] = atoi((char *)cp);
+-  while (*cp  != NUL && *cp != ',')
++  int n = atoi((char *)cp);
++
++  if (n < 0 || n > )
++  {
++  semsg(_(e_invarg2), cp);
++  return FAIL;
++  }
++  (*array)[t++] = n;
++  while (*cp != NUL && *cp != ',')
+   ++cp;
+   if (*cp != NUL)
+   ++cp;
+ }
+ 
+-return TRUE;
++return OK;
+ }
+ 
+ /*
+@@ -1556,7 +1564,7 @@ ex_retab(exarg_T *eap)
+ 
+ #ifdef FEAT_VARTABS
+ new_ts_str = eap->arg;
+-if (!tabstop_set(eap->arg, _vts_array))
++if (tabstop_set(eap->arg, _vts_array) == FAIL)
+   return;
+ while (vim_isdigit(*(eap->arg)) || *(eap->arg) == ',')
+   ++(eap->arg);
+Index: git/src/option.c
+===
+--- git.orig/src/option.c
 git/src/option.c
+@@ -2292,9 +2292,9 @@ didset_options2(void)
+ #endif
+ #ifdef FEAT_VARTABS
+ vim_free(curbuf->b_p_vsts_array);
+-tabstop_set(curbuf->b_p_vsts, >b_p_vsts_array);
++(void)tabstop_set(curbuf->b_p_vsts, >b_p_vsts_array);
+ vim_free(curbuf->b_p_vts_array);
+-tabstop_set(curbuf->b_p_vts,  >b_p_vts_array);
++(void)tabstop_set(curbuf->b_p_vts,  >b_p_vts_array);
+ #endif
+ }
+ 
+@@ -5756,7 +5756,7 @@ buf_copy_options(buf_T *buf, int flags)
+   buf->b_p_vsts = vim_strsave(p_vsts);
+   COPY_OPT_SCTX(buf, BV_VSTS);
+   if (p_vsts && p_vsts != empty_option)
+-  tabstop_set(p_vsts, >b_p_vsts_array);
++  (void)tabstop_set(p_vsts, >b_p_vsts_array);
+   else
+   buf->b_p_vsts_array = 0;
+   buf->b_p_vsts_nopaste = p_vsts_nopaste
+@@ -5914,7 +5914,7 @@ buf_copy_options(buf_T *buf, int flags)
+   buf->b_p_isk = save_p_isk;
+ #ifdef FEAT_VARTABS
+   if (p_vts && p_vts != empty_option && !buf->b_p_vts_array)
+-  tabstop_set(p_vts, >b_p_vts_array);
++  

[OE-core][dunfell 12/25] tar: ignore node-tar CVEs

[Steve Sakoman]

From: Armin Kuster 

These three CVEs are specific to the Node package node-tar.

exclude: CVE-2021-37701 CVE-2021-37712 CVE-2021-37713

Signed-off-by: Armin Kuster 
Signed-off-by: Richard Purdie 
(cherry picked from commit 9f9317a02d73c1e5aea026683a037e52c996c7bb)
Signed-off-by: Steve Sakoman 
---
 meta/recipes-extended/tar/tar_1.32.bb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/recipes-extended/tar/tar_1.32.bb 
b/meta/recipes-extended/tar/tar_1.32.bb
index 0fe0b801c2..87eb8b4188 100644
--- a/meta/recipes-extended/tar/tar_1.32.bb
+++ b/meta/recipes-extended/tar/tar_1.32.bb
@@ -68,3 +68,4 @@ BBCLASSEXTEND = "native nativesdk"
 
 # These are both specific to the NPM package node-tar
 CVE_CHECK_WHITELIST += "CVE-2021-32803 CVE-2021-32804"
+CVE_CHECK_WHITELIST += "CVE-2021-37701 CVE-2021-37712 CVE-2021-37713"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#156310): 
https://lists.openembedded.org/g/openembedded-core/message/156310
Mute This Topic: https://lists.openembedded.org/mt/85839970/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 11/25] squashfs-tools: fix CVE-2021-40153

[Steve Sakoman]

From: Kai Kang 

Source: http://git.yoctoproject.org/poky.git
MR: 113126
Type: Security Fix
Disposition: Backport from 
http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?h=hardknott=cfc17a7ab5d3b0d6354a7194b8c8746c501959d9
ChangeID: cfc17a7ab5d3b0d6354a7194b8c8746c501959d9
Description:

Backport patch to fix CVE-2021-40153, and remove version update in
unsquashfs.c for compatible.

CVE: CVE-2021-40153

Ref:
* https://security-tracker.debian.org/tracker/CVE-2021-40153

(From OE-Core rev: 09de4ef3f33540069a37e9fe6e13081984b77511)

Signed-off-by: Kai Kang 
Signed-off-by: Anuj Mittal 
Signed-off-by: Richard Purdie 
Signed-off-by: Armin Kuster 
Signed-off-by: Steve Sakoman 
---
 .../squashfs-tools/files/CVE-2021-40153.patch | 253 ++
 .../squashfs-tools/squashfs-tools_git.bb  |   1 +
 2 files changed, 254 insertions(+)
 create mode 100644 
meta/recipes-devtools/squashfs-tools/files/CVE-2021-40153.patch

diff --git a/meta/recipes-devtools/squashfs-tools/files/CVE-2021-40153.patch 
b/meta/recipes-devtools/squashfs-tools/files/CVE-2021-40153.patch
new file mode 100644
index 00..95e2534ee4
--- /dev/null
+++ b/meta/recipes-devtools/squashfs-tools/files/CVE-2021-40153.patch
@@ -0,0 +1,253 @@
+Backport patch to fix CVE-2021-40153, and remove version update in unsquashfs.c
+for compatible.
+
+Upstream-Status: Backport 
[https://github.com/plougher/squashfs-tools/commit/79b5a55]
+CVE: CVE-2021-40153
+
+Signed-off-by: Kai Kang 
+
+From 79b5a555058eef4e1e7ff220c344d39f8cd09646 Mon Sep 17 00:00:00 2001
+From: Phillip Lougher 
+Date: Sat, 16 Jan 2021 20:08:55 +
+Subject: [PATCH] Unsquashfs: fix write outside destination directory exploit
+
+An issue on Github (https://github.com/plougher/squashfs-tools/issues/72)
+shows how some specially crafted Squashfs filesystems containing
+invalid file names (with '/' and ..) can cause Unsquashfs to write
+files outside of the destination directory.
+
+This commit fixes this exploit by checking all names for
+validity.
+
+In doing so I have also added checks for '.' and for names that
+are shorter than they should be (names in the file system should
+not have '\0' terminators).
+
+Signed-off-by: Phillip Lougher 
+---
+ squashfs-tools/Makefile|  5 ++-
+ squashfs-tools/unsquash-1.c|  9 +-
+ squashfs-tools/unsquash-1234.c | 58 ++
+ squashfs-tools/unsquash-2.c|  9 +-
+ squashfs-tools/unsquash-3.c|  9 +-
+ squashfs-tools/unsquash-4.c|  9 +-
+ squashfs-tools/unsquashfs.h|  5 ++-
+ 7 files changed, 98 insertions(+), 6 deletions(-)
+ create mode 100644 squashfs-tools/unsquash-1234.c
+
+diff --git a/squashfs-tools/Makefile b/squashfs-tools/Makefile
+index aee4b960..20feaca2 100644
+--- a/squashfs-tools/Makefile
 b/squashfs-tools/Makefile
+@@ -156,7 +156,8 @@ MKSQUASHFS_OBJS = mksquashfs.o read_fs.o action.o swap.o 
pseudo.o compressor.o \
+   caches-queues-lists.o
+ 
+ UNSQUASHFS_OBJS = unsquashfs.o unsquash-1.o unsquash-2.o unsquash-3.o \
+-  unsquash-4.o unsquash-123.o unsquash-34.o swap.o compressor.o 
unsquashfs_info.o
++  unsquash-4.o unsquash-123.o unsquash-34.o unsquash-1234.o swap.o \
++  compressor.o unsquashfs_info.o
+ 
+ CFLAGS ?= -O2
+ CFLAGS += $(EXTRA_CFLAGS) $(INCLUDEDIR) -D_FILE_OFFSET_BITS=64 \
+@@ -350,6 +351,8 @@ unsquash-123.o: unsquashfs.h unsquash-123.c squashfs_fs.h 
squashfs_compat.h
+ 
+ unsquash-34.o: unsquashfs.h unsquash-34.c
+ 
++unsquash-1234.o: unsquash-1234.c
++
+ unsquashfs_xattr.o: unsquashfs_xattr.c unsquashfs.h squashfs_fs.h xattr.h
+ 
+ unsquashfs_info.o: unsquashfs.h squashfs_fs.h
+diff --git a/squashfs-tools/unsquash-1.c b/squashfs-tools/unsquash-1.c
+index 34eced36..28326cb1 100644
+--- a/squashfs-tools/unsquash-1.c
 b/squashfs-tools/unsquash-1.c
+@@ -2,7 +2,7 @@
+  * Unsquash a squashfs filesystem.  This is a highly compressed read only
+  * filesystem.
+  *
+- * Copyright (c) 2009, 2010, 2011, 2012, 2019
++ * Copyright (c) 2009, 2010, 2011, 2012, 2019, 2021
+  * Phillip Lougher 
+  *
+  * This program is free software; you can redistribute it and/or
+@@ -285,6 +285,13 @@ static struct dir *squashfs_opendir(unsigned int 
block_start, unsigned int offse
+   memcpy(dire->name, directory_table + bytes,
+   dire->size + 1);
+   dire->name[dire->size + 1] = '\0';
++
++  /* check name for invalid characters (i.e /, ., ..) */
++  if(check_name(dire->name, dire->size + 1) == FALSE) {
++  ERROR("File system corrupted: invalid 
characters in name\n");
++  goto corrupted;
++  }
++
+   TRACE("squashfs_opendir: directory entry %s, inode "
+   "%d:%d, type %d\n", dire->name,
+   dirh.start_block, dire->offset, dire->type);
+diff --git a/squashfs-tools/unsquash-1234.c 

[OE-core][dunfell 10/25] nettle: Security fix for CVE-2021-20305

[Steve Sakoman]

From: Armin Kuster 

Source: Debian.org
MR: 110174
Type: Security Fix
Disposition: Backport from 
https://sources.debian.org/patches/nettle/3.4.1-1+deb10u1/
ChangeID: 47746f3e58c03a62fef572797d0ae6e0cd865092
Description:

Affects: Nettle < 3.7.2

Minor fixup for nettle_secp_224r1 to _nettle_secp_224r1 to match 3.5.1
Signed-off-by: Armin Kuster 
Signed-off-by: Steve Sakoman 
---
 .../nettle-3.5.1/CVE-2021-20305-1.patch   | 215 ++
 .../nettle-3.5.1/CVE-2021-20305-2.patch   |  53 +
 .../nettle-3.5.1/CVE-2021-20305-3.patch   | 122 ++
 .../nettle-3.5.1/CVE-2021-20305-4.patch   |  48 
 .../nettle-3.5.1/CVE-2021-20305-5.patch   |  53 +
 meta/recipes-support/nettle/nettle_3.5.1.bb   |   5 +
 6 files changed, 496 insertions(+)
 create mode 100644 
meta/recipes-support/nettle/nettle-3.5.1/CVE-2021-20305-1.patch
 create mode 100644 
meta/recipes-support/nettle/nettle-3.5.1/CVE-2021-20305-2.patch
 create mode 100644 
meta/recipes-support/nettle/nettle-3.5.1/CVE-2021-20305-3.patch
 create mode 100644 
meta/recipes-support/nettle/nettle-3.5.1/CVE-2021-20305-4.patch
 create mode 100644 
meta/recipes-support/nettle/nettle-3.5.1/CVE-2021-20305-5.patch

diff --git a/meta/recipes-support/nettle/nettle-3.5.1/CVE-2021-20305-1.patch 
b/meta/recipes-support/nettle/nettle-3.5.1/CVE-2021-20305-1.patch
new file mode 100644
index 00..cfc0f382fa
--- /dev/null
+++ b/meta/recipes-support/nettle/nettle-3.5.1/CVE-2021-20305-1.patch
@@ -0,0 +1,215 @@
+Backport of:
+
+From a63893791280d441c713293491da97c79c0950fe Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Niels=20M=C3=B6ller?= 
+Date: Thu, 11 Mar 2021 19:37:41 +0100
+Subject: [PATCH] New functions ecc_mod_mul_canonical and
+ ecc_mod_sqr_canonical.
+
+* ecc-mod-arith.c (ecc_mod_mul_canonical, ecc_mod_sqr_canonical):
+New functions.
+* ecc-internal.h: Declare and document new functions.
+* curve448-eh-to-x.c (curve448_eh_to_x): Use ecc_mod_sqr_canonical.
+* curve25519-eh-to-x.c (curve25519_eh_to_x): Use ecc_mod_mul_canonical.
+* ecc-eh-to-a.c (ecc_eh_to_a): Likewise.
+* ecc-j-to-a.c (ecc_j_to_a): Likewise.
+* ecc-mul-m.c (ecc_mul_m): Likewise.
+
+(cherry picked from commit 2bf497ba4d6acc6f352bca015837fad33008565c)
+
+Upstream-Status: Backport
+https://sources.debian.org/data/main/n/nettle/3.4.1-1%2Bdeb10u1/debian/patches/CVE-2021-20305-1.patch
+CVE: CVE-2021-20305 dep1
+Signed-off-by: Armin Kuster 
+
+---
+ ChangeLog| 11 +++
+ curve25519-eh-to-x.c |  6 +-
+ curve448-eh-to-x.c   |  5 +
+ ecc-eh-to-a.c| 12 ++--
+ ecc-internal.h   | 15 +++
+ ecc-j-to-a.c | 15 +++
+ ecc-mod-arith.c  | 24 
+ ecc-mul-m.c  |  6 ++
+ 8 files changed, 59 insertions(+), 35 deletions(-)
+
+#diff --git a/ChangeLog b/ChangeLog
+#index fd138d82..5cc5c188 100644
+#--- a/ChangeLog
+#+++ b/ChangeLog
+#@@ -1,3 +1,14 @@
+#+2021-03-11  Niels Möller  
+#+
+#+ * ecc-mod-arith.c (ecc_mod_mul_canonical, ecc_mod_sqr_canonical):
+#+ New functions.
+#+ * ecc-internal.h: Declare and document new functions.
+#+ * curve448-eh-to-x.c (curve448_eh_to_x): Use ecc_mod_sqr_canonical.
+#+ * curve25519-eh-to-x.c (curve25519_eh_to_x): Use ecc_mod_mul_canonical.
+#+ * ecc-eh-to-a.c (ecc_eh_to_a): Likewise.
+#+ * ecc-j-to-a.c (ecc_j_to_a): Likewise.
+#+ * ecc-mul-m.c (ecc_mul_m): Likewise.
+#+
+# 2021-02-17  Niels Möller  
+# 
+#  * Released Nettle-3.7.1.
+Index: nettle-3.5.1/curve25519-eh-to-x.c
+===
+--- nettle-3.5.1.orig/curve25519-eh-to-x.c
 nettle-3.5.1/curve25519-eh-to-x.c
+@@ -53,7 +53,6 @@ curve25519_eh_to_x (mp_limb_t *xp, const
+ #define t2 (scratch + 2*ecc->p.size)
+ 
+   const struct ecc_curve *ecc = &_nettle_curve25519;
+-  mp_limb_t cy;
+ 
+   /* If u = U/W and v = V/W are the coordiantes of the point on the
+  Edwards curve we get the curve25519 x coordinate as
+@@ -69,10 +68,7 @@ curve25519_eh_to_x (mp_limb_t *xp, const
+   ecc->p.invert (>p, t1, t0, t2 + ecc->p.size);
+   
+   ecc_modp_add (ecc, t0, wp, vp);
+-  ecc_modp_mul (ecc, t2, t0, t1);
+-
+-  cy = mpn_sub_n (xp, t2, ecc->p.m, ecc->p.size);
+-  cnd_copy (cy, xp, t2, ecc->p.size);
++  ecc_mod_mul_canonical (>p, xp, t0, t1, t2);
+ #undef vp
+ #undef wp
+ #undef t0
+Index: nettle-3.5.1/ecc-eh-to-a.c
+===
+--- nettle-3.5.1.orig/ecc-eh-to-a.c
 nettle-3.5.1/ecc-eh-to-a.c
+@@ -59,9 +59,7 @@ ecc_eh_to_a (const struct ecc_curve *ecc
+   /* Needs 2*size + scratch for the invert call. */
+   ecc->p.invert (>p, izp, zp, tp + ecc->p.size);
+ 
+-  ecc_modp_mul (ecc, tp, xp, izp);
+-  cy = mpn_sub_n (r, tp, ecc->p.m, ecc->p.size);
+-  cnd_copy (cy, r, tp, ecc->p.size);
++  ecc_mod_mul_canonical (>p, r, xp, izp, tp);
+ 
+   if (op)
+ {
+@@ -81,7 +79,5 @@ ecc_eh_to_a (const struct ecc_curve *ecc
+   }
+   return;
+ }
+- 

[OE-core][dunfell 09/25] curl: Fix CVE-2021-22946 and CVE-2021-22947, whitelist CVE-2021-22945

[Steve Sakoman]

From: Mike Crowe 

curl v7.79.0 contained fixes for three CVEs:

The description of CVE-2021-22945[1] contains:
> This flaw was introduced in commit 2522903b79 but since MQTT support
> was marked 'experimental' then and not enabled in the build by default
> until curl 7.73.0 (October 14, 2020) we count that as the first flawed
> version.

which I believe means that curl v7.69.1 is not vulnerable.

curl v7.69.1 is vulnerable to both CVE-2021-22946[2] and CVE-22947[3].
These patches are from Ubuntu 20.04's curl 7.68.0 package. The patches
applied without conflicts, but I used devtool to regenerate them to
avoid fuzz warnings.

[1] https://curl.se/docs/CVE-2021-22945.html
[2] https://curl.se/docs/CVE-2021-22946.html
[3] https://curl.se/docs/CVE-2021-22947.html

Signed-off-by: Mike Crowe 
Signed-off-by: Steve Sakoman 
---
 .../curl/curl/CVE-2021-22946-pre1.patch   |  86 +
 .../curl/curl/CVE-2021-22946.patch| 328 
 .../curl/curl/CVE-2021-22947.patch| 352 ++
 meta/recipes-support/curl/curl_7.69.1.bb  |   5 +-
 4 files changed, 770 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-support/curl/curl/CVE-2021-22946-pre1.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2021-22946.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2021-22947.patch

diff --git a/meta/recipes-support/curl/curl/CVE-2021-22946-pre1.patch 
b/meta/recipes-support/curl/curl/CVE-2021-22946-pre1.patch
new file mode 100644
index 00..4afd755149
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2021-22946-pre1.patch
@@ -0,0 +1,86 @@
+Backport of:
+
+From 1397a7de6e312e019a3b339f855ba0a5cafa9127 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg 
+Date: Mon, 21 Sep 2020 09:15:51 +0200
+Subject: [PATCH] ftp: separate FTPS from FTP over "HTTPS proxy"
+
+When using HTTPS proxy, SSL is used but not in the view of the FTP
+protocol handler itself so separate the connection's use of SSL from the
+FTP control connection's sue.
+
+Reported-by: Mingtao Yang
+Fixes #5523
+Closes #6006
+
+Upstream-Status: backport from 7.68.0-1ubuntu2.7
+Signed-off-by: Mike Crowe 
+---
+ lib/ftp.c | 13 ++---
+ lib/urldata.h |  1 +
+ 2 files changed, 7 insertions(+), 7 deletions(-)
+
+diff --git a/lib/ftp.c b/lib/ftp.c
+index 3382772..677527f 100644
+--- a/lib/ftp.c
 b/lib/ftp.c
+@@ -2488,7 +2488,7 @@ static CURLcode ftp_state_loggedin(struct connectdata 
*conn)
+ {
+   CURLcode result = CURLE_OK;
+ 
+-  if(conn->ssl[FIRSTSOCKET].use) {
++  if(conn->bits.ftp_use_control_ssl) {
+ /* PBSZ = PROTECTION BUFFER SIZE.
+ 
+ The 'draft-murray-auth-ftp-ssl' (draft 12, page 7) says:
+@@ -2633,11 +2633,8 @@ static CURLcode ftp_statemach_act(struct connectdata 
*conn)
+   }
+ #endif
+ 
+-  if(data->set.use_ssl &&
+- (!conn->ssl[FIRSTSOCKET].use ||
+-  (conn->bits.proxy_ssl_connected[FIRSTSOCKET] &&
+-   !conn->proxy_ssl[FIRSTSOCKET].use))) {
+-/* We don't have a SSL/TLS connection yet, but FTPS is
++  if(data->set.use_ssl && !conn->bits.ftp_use_control_ssl) {
++/* We don't have a SSL/TLS control connection yet, but FTPS is
+requested. Try a FTPS connection now */
+ 
+ ftpc->count3 = 0;
+@@ -2682,6 +2679,7 @@ static CURLcode ftp_statemach_act(struct connectdata 
*conn)
+ result = Curl_ssl_connect(conn, FIRSTSOCKET);
+ if(!result) {
+   conn->bits.ftp_use_data_ssl = FALSE; /* clear-text data */
++  conn->bits.ftp_use_control_ssl = TRUE; /* SSL on control */
+   result = ftp_state_user(conn);
+ }
+   }
+@@ -3072,7 +3070,7 @@ static CURLcode ftp_block_statemach(struct connectdata 
*conn)
+  *
+  */
+ static CURLcode ftp_connect(struct connectdata *conn,
+- bool *done) /* see description above */
++bool *done) /* see description above */
+ {
+   CURLcode result;
+   struct ftp_conn *ftpc = >proto.ftpc;
+@@ -3093,6 +3091,7 @@ static CURLcode ftp_connect(struct connectdata *conn,
+ result = Curl_ssl_connect(conn, FIRSTSOCKET);
+ if(result)
+   return result;
++conn->bits.ftp_use_control_ssl = TRUE;
+   }
+ 
+   Curl_pp_init(pp); /* init the generic pingpong data */
+diff --git a/lib/urldata.h b/lib/urldata.h
+index ff2d686..d1fb4a9 100644
+--- a/lib/urldata.h
 b/lib/urldata.h
+@@ -461,6 +461,7 @@ struct ConnectBits {
+  EPRT doesn't work we disable it for the forthcoming
+  requests */
+   BIT(ftp_use_data_ssl); /* Enabled SSL for the data connection */
++  BIT(ftp_use_control_ssl); /* Enabled SSL for the control connection */
+ #endif
+   BIT(netrc); /* name+password provided by netrc */
+   BIT(userpwd_in_url); /* name+password found in url */
diff --git a/meta/recipes-support/curl/curl/CVE-2021-22946.patch 
b/meta/recipes-support/curl/curl/CVE-2021-22946.patch
new file mode 100644
index 

[OE-core][dunfell 08/25] nettle: Security fix for CVE-2021-3580

[Steve Sakoman]

From: Armin Kuster 

Source: https://git.lysator.liu.se/nettle/nettle
MR: 112331
Type: Security Fix
Disposition: Backport from 
https://git.lysator.liu.se/nettle/nettle/-/commit/0ad0b5df315665250dfdaa4a1e087f4799edaefe
ChangeID: ffbbadbfa862e715ec7da4695d7db67484f8517a
Description:

Affects nettle < 3.7.3

Signed-off-by: Armin Kuster 
Signed-off-by: Steve Sakoman 
---
 .../nettle/nettle-3.5.1/CVE-2021-3580_1.patch | 277 ++
 .../nettle/nettle-3.5.1/CVE-2021-3580_2.patch | 163 +++
 meta/recipes-support/nettle/nettle_3.5.1.bb   |   2 +
 3 files changed, 442 insertions(+)
 create mode 100644 
meta/recipes-support/nettle/nettle-3.5.1/CVE-2021-3580_1.patch
 create mode 100644 
meta/recipes-support/nettle/nettle-3.5.1/CVE-2021-3580_2.patch

diff --git a/meta/recipes-support/nettle/nettle-3.5.1/CVE-2021-3580_1.patch 
b/meta/recipes-support/nettle/nettle-3.5.1/CVE-2021-3580_1.patch
new file mode 100644
index 00..ac3a638e72
--- /dev/null
+++ b/meta/recipes-support/nettle/nettle-3.5.1/CVE-2021-3580_1.patch
@@ -0,0 +1,277 @@
+From cd6059aebdd3059fbcf674dddb850b821c13b6c2 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Niels=20M=C3=B6ller?= 
+Date: Tue, 8 Jun 2021 21:31:39 +0200
+Subject: [PATCH 1/2] Change _rsa_sec_compute_root_tr to take a fix input size.
+
+Improves consistency with _rsa_sec_compute_root, and fixes zero-input bug.
+
+(cherry picked from commit 485b5e2820a057e873b1ba812fdb39cae4adf98c)
+
+Upstream-Status: Backport
+CVE: CVE-2021-3580 dep#1
+Signed-off-by: Armin Kuster 
+
+---
+ ChangeLog| 17 +-
+ rsa-decrypt-tr.c |  7 ++---
+ rsa-internal.h   |  4 +--
+ rsa-sec-decrypt.c|  9 --
+ rsa-sign-tr.c| 61 +---
+ testsuite/rsa-encrypt-test.c | 14 -
+ 6 files changed, 69 insertions(+), 43 deletions(-)
+
+Index: nettle-3.5.1/rsa-decrypt-tr.c
+===
+--- nettle-3.5.1.orig/rsa-decrypt-tr.c
 nettle-3.5.1/rsa-decrypt-tr.c
+@@ -52,14 +52,13 @@ rsa_decrypt_tr(const struct rsa_public_k
+   mp_size_t key_limb_size;
+   int res;
+ 
+-  key_limb_size = NETTLE_OCTET_SIZE_TO_LIMB_SIZE(key->size);
++  key_limb_size = mpz_size(pub->n);
+ 
+   TMP_GMP_ALLOC (m, key_limb_size);
+   TMP_GMP_ALLOC (em, key->size);
++  mpz_limbs_copy(m, gibberish, key_limb_size);
+ 
+-  res = _rsa_sec_compute_root_tr (pub, key, random_ctx, random, m,
+-mpz_limbs_read(gibberish),
+-mpz_size(gibberish));
++  res = _rsa_sec_compute_root_tr (pub, key, random_ctx, random, m, m);
+ 
+   mpn_get_base256 (em, key->size, m, key_limb_size);
+ 
+Index: nettle-3.5.1/rsa-internal.h
+===
+--- nettle-3.5.1.orig/rsa-internal.h
 nettle-3.5.1/rsa-internal.h
+@@ -78,11 +78,11 @@ _rsa_sec_compute_root(const struct rsa_p
+   mp_limb_t *scratch);
+ 
+ /* Safe side-channel silent variant, using RSA blinding, and checking the
+- * result after CRT. */
++ * result after CRT. In-place calls, with x == m, is allowed. */
+ int
+ _rsa_sec_compute_root_tr(const struct rsa_public_key *pub,
+const struct rsa_private_key *key,
+void *random_ctx, nettle_random_func *random,
+-   mp_limb_t *x, const mp_limb_t *m, size_t mn);
++   mp_limb_t *x, const mp_limb_t *m);
+ 
+ #endif /* NETTLE_RSA_INTERNAL_H_INCLUDED */
+Index: nettle-3.5.1/rsa-sec-decrypt.c
+===
+--- nettle-3.5.1.orig/rsa-sec-decrypt.c
 nettle-3.5.1/rsa-sec-decrypt.c
+@@ -58,9 +58,12 @@ rsa_sec_decrypt(const struct rsa_public_
+   TMP_GMP_ALLOC (m, mpz_size(pub->n));
+   TMP_GMP_ALLOC (em, key->size);
+ 
+-  res = _rsa_sec_compute_root_tr (pub, key, random_ctx, random, m,
+-mpz_limbs_read(gibberish),
+-mpz_size(gibberish));
++  /* We need a copy because m can be shorter than key_size,
++   * but _rsa_sec_compute_root_tr expect all inputs to be
++   * normalized to a key_size long buffer length */
++  mpz_limbs_copy(m, gibberish, mpz_size(pub->n));
++
++  res = _rsa_sec_compute_root_tr (pub, key, random_ctx, random, m, m);
+ 
+   mpn_get_base256 (em, key->size, m, mpz_size(pub->n));
+ 
+Index: nettle-3.5.1/rsa-sign-tr.c
+===
+--- nettle-3.5.1.orig/rsa-sign-tr.c
 nettle-3.5.1/rsa-sign-tr.c
+@@ -131,35 +131,34 @@ int
+ _rsa_sec_compute_root_tr(const struct rsa_public_key *pub,
+const struct rsa_private_key *key,
+void *random_ctx, nettle_random_func *random,
+-   mp_limb_t *x, const mp_limb_t *m, size_t mn)
++   mp_limb_t *x, const mp_limb_t *m)
+ {
++  mp_size_t nn;
+   mpz_t mz;
+   mpz_t 

[OE-core][dunfell 07/25] qemu: fix CVE-2021-3682

[Steve Sakoman]

From: Sakib Sajal 

Source: https://git.yoctoproject.org/git/poky
MR: 112369
Type: Security Fix
Disposition: Backport from 
http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/meta/recipes-devtools/qemu?id=48960ce56265e9ec7ec352c0d0fcde6ed44569be
ChangeID: 799afc7adf3f2c915751744b618e38cccb01d854
Description:

(From OE-Core rev: e16cd155c5ef7cfe8b4d3a94485cb7b13fd95036)

Signed-off-by: Sakib Sajal 
Signed-off-by: Richard Purdie 
(cherry picked from commit 48960ce56265e9ec7ec352c0d0fcde6ed44569be)
Signed-off-by: Armin Kuster 
Signed-off-by: Steve Sakoman 
---
 meta/recipes-devtools/qemu/qemu.inc   |  1 +
 .../qemu/qemu/CVE-2021-3682.patch | 41 +++
 2 files changed, 42 insertions(+)
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-3682.patch

diff --git a/meta/recipes-devtools/qemu/qemu.inc 
b/meta/recipes-devtools/qemu/qemu.inc
index 211c03e57b..ef9bc3f64a 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -91,6 +91,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
file://CVE-2020-12829_5.patch \
file://CVE-2020-27617.patch \
file://CVE-2020-28916.patch \
+   file://CVE-2021-3682.patch \
"
 UPSTREAM_CHECK_REGEX = "qemu-(?P\d+(\.\d+)+)\.tar"
 
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2021-3682.patch 
b/meta/recipes-devtools/qemu/qemu/CVE-2021-3682.patch
new file mode 100644
index 00..50a49233d3
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2021-3682.patch
@@ -0,0 +1,41 @@
+From 5e796671e6b8d5de4b0b423dce1b3eba144a92c9 Mon Sep 17 00:00:00 2001
+From: Gerd Hoffmann 
+Date: Thu, 22 Jul 2021 09:27:56 +0200
+Subject: [PATCH] usbredir: fix free call
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+data might point into the middle of a larger buffer, there is a separate
+free_on_destroy pointer passed into bufp_alloc() to handle that.  It is
+only used in the normal workflow though, not when dropping packets due
+to the queue being full.  Fix that.
+
+Resolves: https://gitlab.com/qemu-project/qemu/-/issues/491
+Signed-off-by: Gerd Hoffmann 
+Reviewed-by: Marc-André Lureau 
+Message-Id: <20210722072756.647673-1-kra...@redhat.com>
+
+CVE: CVE-2021-3682
+Upstream-Status: Backport [5e796671e6b8d5de4b0b423dce1b3eba144a92c9]
+Signed-off-by: Sakib Sajal 
+---
+ hw/usb/redirect.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/hw/usb/redirect.c b/hw/usb/redirect.c
+index 4ec9326e05..1ec909a63a 100644
+--- a/hw/usb/redirect.c
 b/hw/usb/redirect.c
+@@ -476,7 +476,7 @@ static int bufp_alloc(USBRedirDevice *dev, uint8_t *data, 
uint16_t len,
+ if (dev->endpoint[EP2I(ep)].bufpq_dropping_packets) {
+ if (dev->endpoint[EP2I(ep)].bufpq_size >
+ dev->endpoint[EP2I(ep)].bufpq_target_size) {
+-free(data);
++free(free_on_destroy);
+ return -1;
+ }
+ dev->endpoint[EP2I(ep)].bufpq_dropping_packets = 0;
+-- 
+2.25.1
+
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#156305): 
https://lists.openembedded.org/g/openembedded-core/message/156305
Mute This Topic: https://lists.openembedded.org/mt/85839960/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 06/25] qemu: Security fix for CVE-2020-28916

[Steve Sakoman]

From: Armin Kuster 

Source: qemu.org
MR: 107262
Type: Security Fix
Disposition: Backport from 
https://git.qemu.org/?p=qemu.git;a=commit;h=c2cb511634012344e3d0fe49a037a33b12d8a98a
ChangeID: 3024b894ab045c1a74ab2276359d5e599ec9e822
Description:

Affects qemu < 5.0.0

Signed-off-by: Armin Kuster 
Signed-off-by: Steve Sakoman 
---
 meta/recipes-devtools/qemu/qemu.inc   |  1 +
 .../qemu/qemu/CVE-2020-28916.patch| 48 +++
 2 files changed, 49 insertions(+)
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-28916.patch

diff --git a/meta/recipes-devtools/qemu/qemu.inc 
b/meta/recipes-devtools/qemu/qemu.inc
index 3113d638d7..211c03e57b 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -90,6 +90,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
file://CVE-2020-12829_4.patch \
file://CVE-2020-12829_5.patch \
file://CVE-2020-27617.patch \
+   file://CVE-2020-28916.patch \
"
 UPSTREAM_CHECK_REGEX = "qemu-(?P\d+(\.\d+)+)\.tar"
 
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2020-28916.patch 
b/meta/recipes-devtools/qemu/qemu/CVE-2020-28916.patch
new file mode 100644
index 00..756b1c1495
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2020-28916.patch
@@ -0,0 +1,48 @@
+From c2cb511634012344e3d0fe49a037a33b12d8a98a Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit 
+Date: Wed, 11 Nov 2020 18:36:36 +0530
+Subject: [PATCH] hw/net/e1000e: advance desc_offset in case of null descriptor
+
+While receiving packets via e1000e_write_packet_to_guest() routine,
+'desc_offset' is advanced only when RX descriptor is processed. And
+RX descriptor is not processed if it has NULL buffer address.
+This may lead to an infinite loop condition. Increament 'desc_offset'
+to process next descriptor in the ring to avoid infinite loop.
+
+Reported-by: Cheol-woo Myung <330cj...@gmail.com>
+Signed-off-by: Prasad J Pandit 
+Signed-off-by: Jason Wang 
+
+Upstream-Status: Backport
+CVE: CVE-2020-28916
+Signed-off-by: Armin Kuster 
+
+---
+ hw/net/e1000e_core.c | 8 
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/hw/net/e1000e_core.c b/hw/net/e1000e_core.c
+index d8b9e4b2f4..095c01ebc6 100644
+--- a/hw/net/e1000e_core.c
 b/hw/net/e1000e_core.c
+@@ -1596,13 +1596,13 @@ e1000e_write_packet_to_guest(E1000ECore *core, struct 
NetRxPkt *pkt,
+   (const char *) _pad, e1000x_fcs_len(core->mac));
+ }
+ }
+-desc_offset += desc_size;
+-if (desc_offset >= total_size) {
+-is_last = true;
+-}
+ } else { /* as per intel docs; skip descriptors with null buf addr */
+ trace_e1000e_rx_null_descriptor();
+ }
++desc_offset += desc_size;
++if (desc_offset >= total_size) {
++is_last = true;
++}
+ 
+ e1000e_write_rx_descr(core, desc, is_last ? core->rx_pkt : NULL,
+rss_info, do_ps ? ps_hdr_len : 0, 
);
+-- 
+2.25.1
+
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#156304): 
https://lists.openembedded.org/g/openembedded-core/message/156304
Mute This Topic: https://lists.openembedded.org/mt/85839958/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 05/25] qemu: Security fix for CVE-2020-27617

[Steve Sakoman]

From: Armin Kuster 

Source: qemu.org
MR: 106462
Type: Security Fix
Disposition: Backport from 
https://git.qemu.org/?p=qemu.git;a=commit;h=7564bf7701f00214cdc8a678a9f7df765244def1
ChangeID: b9dc1b656c07d6a0aecaf7680ed33801bd5f6352
Description:

Affects qemu < 5.2.0

Signed-off-by: Armin Kuster 
Signed-off-by: Steve Sakoman 
---
 meta/recipes-devtools/qemu/qemu.inc   |  1 +
 .../qemu/qemu/CVE-2020-27617.patch| 49 +++
 2 files changed, 50 insertions(+)
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-27617.patch

diff --git a/meta/recipes-devtools/qemu/qemu.inc 
b/meta/recipes-devtools/qemu/qemu.inc
index f5e8a9ae49..3113d638d7 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -89,6 +89,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
file://CVE-2020-12829_3.patch \
file://CVE-2020-12829_4.patch \
file://CVE-2020-12829_5.patch \
+   file://CVE-2020-27617.patch \
"
 UPSTREAM_CHECK_REGEX = "qemu-(?P\d+(\.\d+)+)\.tar"
 
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2020-27617.patch 
b/meta/recipes-devtools/qemu/qemu/CVE-2020-27617.patch
new file mode 100644
index 00..7bfc2beecb
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2020-27617.patch
@@ -0,0 +1,49 @@
+From 7564bf7701f00214cdc8a678a9f7df765244def1 Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit 
+Date: Wed, 21 Oct 2020 11:35:50 +0530
+Subject: [PATCH] net: remove an assert call in eth_get_gso_type
+
+eth_get_gso_type() routine returns segmentation offload type based on
+L3 protocol type. It calls g_assert_not_reached if L3 protocol is
+unknown, making the following return statement unreachable. Remove the
+g_assert call, it maybe triggered by a guest user.
+
+Reported-by: Gaoning Pan 
+Signed-off-by: Prasad J Pandit 
+Signed-off-by: Jason Wang 
+
+Upsteram-Status: Backport
+CVE: CVE-2020-27617
+Signed-off-by: Armin Kuster 
+
+---
+ net/eth.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/net/eth.c b/net/eth.c
+index 0c1d413ee2..1e0821c5f8 100644
+--- a/net/eth.c
 b/net/eth.c
+@@ -16,6 +16,7 @@
+  */
+ 
+ #include "qemu/osdep.h"
++#include "qemu/log.h"
+ #include "net/eth.h"
+ #include "net/checksum.h"
+ #include "net/tap.h"
+@@ -71,9 +72,8 @@ eth_get_gso_type(uint16_t l3_proto, uint8_t *l3_hdr, uint8_t 
l4proto)
+ return VIRTIO_NET_HDR_GSO_TCPV6 | ecn_state;
+ }
+ }
+-
+-/* Unsupported offload */
+-g_assert_not_reached();
++qemu_log_mask(LOG_UNIMP, "%s: probably not GSO frame, "
++"unknown L3 protocol: 0x%04"PRIx16"\n", __func__, l3_proto);
+ 
+ return VIRTIO_NET_HDR_GSO_NONE | ecn_state;
+ }
+-- 
+2.25.1
+
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#156303): 
https://lists.openembedded.org/g/openembedded-core/message/156303
Mute This Topic: https://lists.openembedded.org/mt/85839956/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 04/25] qemu: Security fix CVE-2020-12829

[Steve Sakoman]

From: Armin Kuster 

Source: qemu.org
MR: 105490
Type: Security Fix
Disposition: Backport from 
https://git.qemu.org/?p=qemu.git;a=commit;h=b15a22bbcbe6a78dc3d88fe3134985e4cdd87de4
ChangeID: 6e222b766fc67c76cdc311d02cc47801992d0e66
Description:

Affect qemu < 5.0.0

Signed-off-by: Armin Kuster 
Signed-off-by: Steve Sakoman 
---
 meta/recipes-devtools/qemu/qemu.inc   |   5 +
 .../qemu/qemu/CVE-2020-12829_1.patch  | 164 +++
 .../qemu/qemu/CVE-2020-12829_2.patch  | 139 +
 .../qemu/qemu/CVE-2020-12829_3.patch  |  47 
 .../qemu/qemu/CVE-2020-12829_4.patch  | 100 +++
 .../qemu/qemu/CVE-2020-12829_5.patch  | 266 ++
 6 files changed, 721 insertions(+)
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-12829_1.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-12829_2.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-12829_3.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-12829_4.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-12829_5.patch

diff --git a/meta/recipes-devtools/qemu/qemu.inc 
b/meta/recipes-devtools/qemu/qemu.inc
index c8c170dda0..f5e8a9ae49 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -84,6 +84,11 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
file://CVE-2021-3582.patch \
file://CVE-2021-3607.patch \
file://CVE-2021-3608.patch \
+   file://CVE-2020-12829_1.patch \
+   file://CVE-2020-12829_2.patch \
+   file://CVE-2020-12829_3.patch \
+   file://CVE-2020-12829_4.patch \
+   file://CVE-2020-12829_5.patch \
"
 UPSTREAM_CHECK_REGEX = "qemu-(?P\d+(\.\d+)+)\.tar"
 
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2020-12829_1.patch 
b/meta/recipes-devtools/qemu/qemu/CVE-2020-12829_1.patch
new file mode 100644
index 00..6fee4f640d
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2020-12829_1.patch
@@ -0,0 +1,164 @@
+From e29da77e5fddf6480e3a0e80b63d703edaec751b Mon Sep 17 00:00:00 2001
+From: BALATON Zoltan 
+Date: Thu, 21 May 2020 21:39:44 +0200
+Subject: [PATCH] sm501: Convert printf + abort to qemu_log_mask
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Some places already use qemu_log_mask() to log unimplemented features
+or errors but some others have printf() then abort(). Convert these to
+qemu_log_mask() and avoid aborting to prevent guests to easily cause
+denial of service.
+
+Signed-off-by: BALATON Zoltan 
+Reviewed-by: Philippe Mathieu-Daudé 
+Message-id: 
305af87f59d81e92f2aaff09eb8a3603b8baa322.1590089984.git.bala...@eik.bme.hu
+Signed-off-by: Gerd Hoffmann 
+
+Upstream-Status: Backport
+CVE: CVE-2020-12829 dep#1
+Signed-off-by: Armin Kuster 
+
+---
+ hw/display/sm501.c | 57 ++
+ 1 file changed, 27 insertions(+), 30 deletions(-)
+
+diff --git a/hw/display/sm501.c b/hw/display/sm501.c
+index acc692531a..bd3ccfe311 100644
+--- a/hw/display/sm501.c
 b/hw/display/sm501.c
+@@ -727,8 +727,8 @@ static void sm501_2d_operation(SM501State *s)
+ int fb_len = get_width(s, crt) * get_height(s, crt) * get_bpp(s, crt);
+ 
+ if (addressing != 0x0) {
+-printf("%s: only XY addressing is supported.\n", __func__);
+-abort();
++qemu_log_mask(LOG_UNIMP, "sm501: only XY addressing is supported.\n");
++return;
+ }
+ 
+ if (rop_mode == 0) {
+@@ -754,8 +754,8 @@ static void sm501_2d_operation(SM501State *s)
+ 
+ if ((s->twoD_source_base & 0x0800) ||
+ (s->twoD_destination_base & 0x0800)) {
+-printf("%s: only local memory is supported.\n", __func__);
+-abort();
++qemu_log_mask(LOG_UNIMP, "sm501: only local memory is supported.\n");
++return;
+ }
+ 
+ switch (operation) {
+@@ -823,9 +823,9 @@ static void sm501_2d_operation(SM501State *s)
+ break;
+ 
+ default:
+-printf("non-implemented SM501 2D operation. %d\n", operation);
+-abort();
+-break;
++qemu_log_mask(LOG_UNIMP, "sm501: not implemented 2D operation: %d\n",
++  operation);
++return;
+ }
+ 
+ if (dst_base >= get_fb_addr(s, crt) &&
+@@ -892,9 +892,8 @@ static uint64_t sm501_system_config_read(void *opaque, 
hwaddr addr,
+ break;
+ 
+ default:
+-printf("sm501 system config : not implemented register read."
+-   " addr=%x\n", (int)addr);
+-abort();
++qemu_log_mask(LOG_UNIMP, "sm501: not implemented system config"
++  "register read. addr=%" HWADDR_PRIx "\n", addr);
+ }
+ 
+ return ret;
+@@ -948,15 +947,15 @@ static void sm501_system_config_write(void *opaque, 
hwaddr addr,
+ break;
+ case SM501_ENDIAN_CONTROL:
+ if (value & 0x0001) {
+-

[OE-core][dunfell 03/25] libsndfile: Security fix for CVE-2021-3246

[Steve Sakoman]

From: Armin Kuster 

Source: https://github.com/libsndfile/libsndfile
MR: 112098
Type: Security Fix
Disposition: Backport from https://github.com/libsndfile/libsndfile/pull/713
ChangeID: 10d137de063b7a1e543ee96fbcf948945a452869
Description:

Signed-off-by: Armin Kuster 
Signed-off-by: Steve Sakoman 
---
 .../libsndfile1/CVE-2021-3246_1.patch | 36 +++
 .../libsndfile1/CVE-2021-3246_2.patch | 44 +++
 .../libsndfile/libsndfile1_1.0.28.bb  |  2 +
 3 files changed, 82 insertions(+)
 create mode 100644 
meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2021-3246_1.patch
 create mode 100644 
meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2021-3246_2.patch

diff --git 
a/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2021-3246_1.patch 
b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2021-3246_1.patch
new file mode 100644
index 00..6354f856cb
--- /dev/null
+++ b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2021-3246_1.patch
@@ -0,0 +1,36 @@
+From a9815b3f228df00086e0a40bcc43162fc19896a1 Mon Sep 17 00:00:00 2001
+From: bobsayshilol 
+Date: Wed, 17 Feb 2021 23:21:48 +
+Subject: [PATCH 1/2] wavlike: Fix incorrect size check
+
+The SF_CART_INFO_16K struct has an additional 4 byte field to hold
+the size of 'tag_text' which the file header doesn't, so don't
+include it as part of the check when looking for the max length.
+
+https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26026
+
+Upstream-Status: Backport
+CVE: CVE-2021-3246 patch 1
+Signed-off-by: Armin Kuster 
+
+---
+ src/wavlike.c | 6 +-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+Index: libsndfile-1.0.28/src/wavlike.c
+===
+--- libsndfile-1.0.28.orig/src/wavlike.c
 libsndfile-1.0.28/src/wavlike.c
+@@ -803,7 +803,11 @@ wavlike_read_cart_chunk (SF_PRIVATE *psf
+   return 0 ;
+   } ;
+ 
+-  if (chunksize >= sizeof (SF_CART_INFO_16K))
++  /*
++  **  SF_CART_INFO_16K has an extra field 'tag_text_size' that isn't 
part
++  **  of the chunk, so don't include it in the size check.
++  */
++  if (chunksize >= sizeof (SF_CART_INFO_16K) - 4)
+   {   psf_log_printf (psf, "cart : %u too big to be handled\n", 
chunksize) ;
+   psf_binheader_readf (psf, "j", chunksize) ;
+   return 0 ;
diff --git 
a/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2021-3246_2.patch 
b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2021-3246_2.patch
new file mode 100644
index 00..d6b03d7d4d
--- /dev/null
+++ b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2021-3246_2.patch
@@ -0,0 +1,44 @@
+From deb669ee8be55a94565f6f8a6b60890c2e7c6f32 Mon Sep 17 00:00:00 2001
+From: bobsayshilol 
+Date: Thu, 18 Feb 2021 21:52:09 +
+Subject: [PATCH 2/2] ms_adpcm: Fix and extend size checks
+
+'blockalign' is the size of a block, and each block contains 7 samples
+per channel as part of the preamble, so check against 'samplesperblock'
+rather than 'blockalign'. Also add an additional check that the block
+is big enough to hold the samples it claims to hold.
+
+https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26803
+
+Upstream-Status: Backport
+CVE: CVE-2021-3246 patch 2
+Signed-off-by: Armin Kuster 
+
+---
+ src/ms_adpcm.c | 10 --
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/src/ms_adpcm.c b/src/ms_adpcm.c
+index 5e8f1a31..a21cb994 100644
+--- a/src/ms_adpcm.c
 b/src/ms_adpcm.c
+@@ -128,8 +128,14 @@ wavlike_msadpcm_init  (SF_PRIVATE *psf, int 
blockalign, int samplesperblock)
+   if (psf->file.mode == SFM_WRITE)
+   samplesperblock = 2 + 2 * (blockalign - 7 * psf->sf.channels) / 
psf->sf.channels ;
+ 
+-  if (blockalign < 7 * psf->sf.channels)
+-  {   psf_log_printf (psf, "*** Error blockalign (%d) should be > 
%d.\n", blockalign, 7 * psf->sf.channels) ;
++  /* There's 7 samples per channel in the preamble of each block */
++  if (samplesperblock < 7 * psf->sf.channels)
++  {   psf_log_printf (psf, "*** Error samplesperblock (%d) should be 
>= %d.\n", samplesperblock, 7 * psf->sf.channels) ;
++  return SFE_INTERNAL ;
++  } ;
++
++  if (2 * blockalign < samplesperblock * psf->sf.channels)
++  {   psf_log_printf (psf, "*** Error blockalign (%d) should be >= 
%d.\n", blockalign, samplesperblock * psf->sf.channels / 2) ;
+   return SFE_INTERNAL ;
+   } ;
+ 
+-- 
+2.25.1
+
diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb 
b/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb
index 044881a859..2525af8fe0 100644
--- a/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb
+++ b/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb
@@ -20,6 +20,8 @@ SRC_URI = 
"http://www.mega-nerd.com/libsndfile/files/libsndfile-${PV}.tar.gz \
file://CVE-2017-12562.patch \
   

[OE-core][dunfell 02/25] apr: Security fix for CVE-2021-35940

[Steve Sakoman]

From: Armin Kuster 

Source:  https://dist.apache.org
MR: 112793
Type: Security Fix
Disposition: Backport from 
https://dist.apache.org/repos/dist/release/apr/patches/apr-1.7.0-CVE-2021-35940.patch
ChangeID: c8247210204ffcc7d1425e3d60f077ad3dd54ebc
Description:

An out-of-bounds array read in the apr_time_exp*() functions was fixed in the
Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue
was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 
regressed
compared to 1.6.3 and is vulnerable to the same issue.

Signed-off-by: Armin Kuster 
Signed-off-by: Steve Sakoman 
---
 .../apr/apr/CVE-2021-35940.patch  | 58 +++
 meta/recipes-support/apr/apr_1.7.0.bb |  1 +
 2 files changed, 59 insertions(+)
 create mode 100644 meta/recipes-support/apr/apr/CVE-2021-35940.patch

diff --git a/meta/recipes-support/apr/apr/CVE-2021-35940.patch 
b/meta/recipes-support/apr/apr/CVE-2021-35940.patch
new file mode 100644
index 00..00befdacee
--- /dev/null
+++ b/meta/recipes-support/apr/apr/CVE-2021-35940.patch
@@ -0,0 +1,58 @@
+
+SECURITY: CVE-2021-35940 (cve.mitre.org)
+
+Restore fix for CVE-2017-12613 which was missing in 1.7.x branch, though
+was addressed in 1.6.x in 1.6.3 and later via r1807976.
+
+The fix was merged back to 1.7.x in r1891198.
+
+Since this was a regression in 1.7.0, a new CVE name has been assigned
+to track this, CVE-2021-35940.
+
+Thanks to Iveta Cesalova  for reporting this issue.
+
+https://svn.apache.org/viewvc?view=revision=1891198
+
+Upstream-Status: Backport
+CVE: CVE-2021-35940
+Signed-off-by: Armin Kuster 
+
+
+Index: time/unix/time.c
+===
+--- a/time/unix/time.c (revision 1891197)
 b/time/unix/time.c (revision 1891198)
+@@ -142,6 +142,9 @@
+ static const int dayoffset[12] =
+ {306, 337, 0, 31, 61, 92, 122, 153, 184, 214, 245, 275};
+ 
++if (xt->tm_mon < 0 || xt->tm_mon >= 12)
++return APR_EBADDATE;
++
+ /* shift new year to 1st March in order to make leap year calc easy */
+ 
+ if (xt->tm_mon < 2)
+Index: time/win32/time.c
+===
+--- a/time/win32/time.c(revision 1891197)
 b/time/win32/time.c(revision 1891198)
+@@ -54,6 +54,9 @@
+ static const int dayoffset[12] =
+ {0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334};
+ 
++if (tm->wMonth < 1 || tm->wMonth > 12)
++return APR_EBADDATE;
++
+ /* Note; the caller is responsible for filling in detailed tm_usec,
+  * tm_gmtoff and tm_isdst data when applicable.
+  */
+@@ -228,6 +231,9 @@
+ static const int dayoffset[12] =
+ {306, 337, 0, 31, 61, 92, 122, 153, 184, 214, 245, 275};
+ 
++if (xt->tm_mon < 0 || xt->tm_mon >= 12)
++return APR_EBADDATE;
++
+ /* shift new year to 1st March in order to make leap year calc easy */
+ 
+ if (xt->tm_mon < 2)
diff --git a/meta/recipes-support/apr/apr_1.7.0.bb 
b/meta/recipes-support/apr/apr_1.7.0.bb
index 432fa3255c..92cc61a864 100644
--- a/meta/recipes-support/apr/apr_1.7.0.bb
+++ b/meta/recipes-support/apr/apr_1.7.0.bb
@@ -23,6 +23,7 @@ SRC_URI = "${APACHE_MIRROR}/apr/${BPN}-${PV}.tar.bz2 \

file://0007-explicitly-link-libapr-against-phtread-to-make-gold-.patch \
file://libtoolize_check.patch \
file://0001-Add-option-to-disable-timed-dependant-tests.patch \
+   file://CVE-2021-35940.patch \
"
 
 SRC_URI[md5sum] = "7a14a83d664e87599ea25ff4432e48a7"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#156300): 
https://lists.openembedded.org/g/openembedded-core/message/156300
Mute This Topic: https://lists.openembedded.org/mt/85839950/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 01/25] libgcrypt: Security fix CVE-2021-33560

[Steve Sakoman]

From: Armin Kuster 

Source: https://sources.debian.org/patches/libgcrypt20/1.8.4-5+deb10u1
MR: 111591
Type: Security Fix
Disposition: Backport from 
https://sources.debian.org/data/main/libg/libgcrypt20/1.8.4-5%2Bdeb10u1/debian/patches/31_cipher-Fix-ElGamal-encryption-for-other-implementati.patch
ChangeID: d066a9baacc0d967dd80ac54c684cde031ac686e
Description:

Affects before 1.8.8 and 1.9.x before 1.9.3

Signed-off-by: Armin Kuster 
Signed-off-by: Steve Sakoman 
---
 .../libgcrypt/files/CVE-2021-33560.patch  | 109 ++
 .../libgcrypt/libgcrypt_1.8.5.bb  |   1 +
 2 files changed, 110 insertions(+)
 create mode 100644 meta/recipes-support/libgcrypt/files/CVE-2021-33560.patch

diff --git a/meta/recipes-support/libgcrypt/files/CVE-2021-33560.patch 
b/meta/recipes-support/libgcrypt/files/CVE-2021-33560.patch
new file mode 100644
index 00..c0d00485e6
--- /dev/null
+++ b/meta/recipes-support/libgcrypt/files/CVE-2021-33560.patch
@@ -0,0 +1,109 @@
+From 707c3c5c511ee70ad0e39ec613471f665305fbea Mon Sep 17 00:00:00 2001
+From: NIIBE Yutaka 
+Date: Fri, 21 May 2021 11:15:07 +0900
+Subject: [PATCH] cipher: Fix ElGamal encryption for other implementations.
+
+* cipher/elgamal.c (gen_k): Remove support of smaller K.
+(do_encrypt): Never use smaller K.
+(sign): Folllow the change of gen_k.
+
+--
+
+Cherry-pick master commit of:
+   632d80ef30e13de6926d503aa697f92b5dbfbc5e
+
+This change basically reverts encryption changes in two commits:
+
+   74386120dad6b3da62db37f7044267c8ef34689b
+   78531373a342aeb847950f404343a05e36022065
+
+Use of smaller K for ephemeral key in ElGamal encryption is only good,
+when we can guarantee that recipient's key is generated by our
+implementation (or compatible).
+
+For detail, please see:
+
+Luca De Feo, Bertram Poettering, Alessandro Sorniotti,
+"On the (in)security of ElGamal in OpenPGP";
+in the proceedings of  CCS'2021.
+
+CVE-id: CVE-2021-33560
+GnuPG-bug-id: 5328
+Suggested-by: Luca De Feo, Bertram Poettering, Alessandro Sorniotti
+Signed-off-by: NIIBE Yutaka 
+
+Upstream-Status: Backport
+CVE: CVE-2021-33560
+Signed-off-by: Armin Kuster 
+---
+ cipher/elgamal.c | 24 ++--
+ 1 file changed, 6 insertions(+), 18 deletions(-)
+
+diff --git a/cipher/elgamal.c b/cipher/elgamal.c
+index 4eb52d62..ae7a631e 100644
+--- a/cipher/elgamal.c
 b/cipher/elgamal.c
+@@ -66,7 +66,7 @@ static const char *elg_names[] =
+ 
+ 
+ static int test_keys (ELG_secret_key *sk, unsigned int nbits, int nodie);
+-static gcry_mpi_t gen_k (gcry_mpi_t p, int small_k);
++static gcry_mpi_t gen_k (gcry_mpi_t p);
+ static gcry_err_code_t generate (ELG_secret_key *sk, unsigned nbits,
+  gcry_mpi_t **factors);
+ static int  check_secret_key (ELG_secret_key *sk);
+@@ -189,11 +189,10 @@ test_keys ( ELG_secret_key *sk, unsigned int nbits, int 
nodie )
+ 
+ /
+  * Generate a random secret exponent k from prime p, so that k is
+- * relatively prime to p-1.  With SMALL_K set, k will be selected for
+- * better encryption performance - this must never be used signing!
++ * relatively prime to p-1.
+  */
+ static gcry_mpi_t
+-gen_k( gcry_mpi_t p, int small_k )
++gen_k( gcry_mpi_t p )
+ {
+   gcry_mpi_t k = mpi_alloc_secure( 0 );
+   gcry_mpi_t temp = mpi_alloc( mpi_get_nlimbs(p) );
+@@ -202,18 +201,7 @@ gen_k( gcry_mpi_t p, int small_k )
+   unsigned int nbits, nbytes;
+   char *rndbuf = NULL;
+ 
+-  if (small_k)
+-{
+-  /* Using a k much lesser than p is sufficient for encryption and
+-   * it greatly improves the encryption performance.  We use
+-   * Wiener's table and add a large safety margin. */
+-  nbits = wiener_map( orig_nbits ) * 3 / 2;
+-  if( nbits >= orig_nbits )
+-BUG();
+-}
+-  else
+-nbits = orig_nbits;
+-
++  nbits = orig_nbits;
+ 
+   nbytes = (nbits+7)/8;
+   if( DBG_CIPHER )
+@@ -492,7 +480,7 @@ do_encrypt(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, 
ELG_public_key *pkey )
+* error code.
+*/
+ 
+-  k = gen_k( pkey->p, 1 );
++  k = gen_k( pkey->p );
+   mpi_powm (a, pkey->g, k, pkey->p);
+ 
+   /* b = (y^k * input) mod p
+@@ -594,7 +582,7 @@ sign(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, 
ELG_secret_key *skey )
+ *
+ */
+ mpi_sub_ui(p_1, p_1, 1);
+-k = gen_k( skey->p, 0 /* no small K ! */ );
++k = gen_k( skey->p );
+ mpi_powm( a, skey->g, k, skey->p );
+ mpi_mul(t, skey->x, a );
+ mpi_subm(t, input, t, p_1 );
+-- 
+2.30.2
+
diff --git a/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb 
b/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb
index 16a58ad9b8..174b087b24 100644
--- a/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb
+++ b/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb
@@ -28,6 +28,7 @@ SRC_URI = "${GNUPG_MIRROR}/libgcrypt/libgcrypt-${PV}.tar.bz2 \

file://0002-AES-move-look-up-tables-to-.data-section-and-unshare.patch \

[OE-core][dunfell 00/25] Patch review

[Steve Sakoman]

Please review this next set of patches for dunfell and have comments back by 
end of
day Tuesday. Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/2639

The following changes since commit 49ca1f62cc17c951b7737a4ee3c236f732bc8ebe:

  build-appliance-image: Update to dunfell head revision (2021-09-15 10:42:23 
+0100)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Alexander Kanavin (2):
  wic: keep rootfs_size as integer
  testimage: symlink the task log and qemu console log to tmp/log/oeqa

Armin Kuster (9):
  libgcrypt: Security fix CVE-2021-33560
  apr: Security fix for CVE-2021-35940
  libsndfile: Security fix for CVE-2021-3246
  qemu: Security fix CVE-2020-12829
  qemu: Security fix for CVE-2020-27617
  qemu: Security fix for CVE-2020-28916
  nettle: Security fix for CVE-2021-3580
  nettle: Security fix for CVE-2021-20305
  tar: ignore node-tar CVEs

Bruce Ashfield (2):
  linux-yocto/5.4: update to v5.4.143
  linux-yocto/5.4: update to v5.4.144

Jon Mason (2):
  Update mailing list address
  core-image-sato: Fix runqemu error for qemuarmv5

Kai Kang (1):
  squashfs-tools: fix CVE-2021-40153

Mike Crowe (1):
  curl: Fix CVE-2021-22946 and CVE-2021-22947, whitelist CVE-2021-22945

Ranjitsinh Rathod (1):
  rpm: Handle proper return value to avoid major issues

Richard Purdie (3):
  vim: Backport fix for CVE-2021-3770
  useradd: Ensure preinst data is expanded correctly in pkgdata
  bash: Ensure deterministic build

Ross Burton (1):
  libsoup-2.4: remove obsolete intltool dependency

Sakib Sajal (1):
  qemu: fix CVE-2021-3682

Steve Sakoman (1):
  connman: add CVE_PRODUCT

Visa Hankala (1):
  iputils: Fix regression of arp table update

 meta/classes/testimage.bbclass|  12 +-
 meta/classes/useradd.bbclass  |   4 +
 meta/conf/distro/include/maintainers.inc  |   2 +-
 meta/recipes-connectivity/connman/connman.inc |   2 +
 .../ldconfig-native-2.12.1/ldconfig.patch |   2 +-
 meta/recipes-devtools/qemu/qemu.inc   |   8 +
 .../qemu/qemu/CVE-2020-12829_1.patch  | 164 
 .../qemu/qemu/CVE-2020-12829_2.patch  | 139 +++
 .../qemu/qemu/CVE-2020-12829_3.patch  |  47 +++
 .../qemu/qemu/CVE-2020-12829_4.patch  | 100 +
 .../qemu/qemu/CVE-2020-12829_5.patch  | 266 +
 .../qemu/qemu/CVE-2020-27617.patch|  49 +++
 .../qemu/qemu/CVE-2020-28916.patch|  48 +++
 .../qemu/qemu/CVE-2021-3682.patch |  41 ++
 ...rict-virtual-memory-usage-if-limit-s.patch |  25 +-
 .../squashfs-tools/files/CVE-2021-40153.patch | 253 +
 .../squashfs-tools/squashfs-tools_git.bb  |   1 +
 meta/recipes-extended/bash/bash.inc   |   5 +
 ...ng-make-update-neighbours-work-again.patch |  79 
 .../iputils/iputils_s20190709.bb  |   1 +
 meta/recipes-extended/tar/tar_1.32.bb |   1 +
 .../linux/linux-yocto-rt_5.4.bb   |   6 +-
 .../linux/linux-yocto-tiny_5.4.bb |   8 +-
 meta/recipes-kernel/linux/linux-yocto_5.4.bb  |  22 +-
 .../libsndfile1/CVE-2021-3246_1.patch |  36 ++
 .../libsndfile1/CVE-2021-3246_2.patch |  44 +++
 .../libsndfile/libsndfile1_1.0.28.bb  |   2 +
 meta/recipes-sato/images/core-image-sato.bb   |   1 +
 .../apr/apr/CVE-2021-35940.patch  |  58 +++
 meta/recipes-support/apr/apr_1.7.0.bb |   1 +
 .../curl/curl/CVE-2021-22946-pre1.patch   |  86 +
 .../curl/curl/CVE-2021-22946.patch| 328 
 .../curl/curl/CVE-2021-22947.patch| 352 ++
 meta/recipes-support/curl/curl_7.69.1.bb  |   5 +-
 .../libgcrypt/files/CVE-2021-33560.patch  | 109 ++
 .../libgcrypt/libgcrypt_1.8.5.bb  |   1 +
 .../libsoup/libsoup-2.4_2.68.4.bb |   2 +-
 .../nettle-3.5.1/CVE-2021-20305-1.patch   | 215 +++
 .../nettle-3.5.1/CVE-2021-20305-2.patch   |  53 +++
 .../nettle-3.5.1/CVE-2021-20305-3.patch   | 122 ++
 .../nettle-3.5.1/CVE-2021-20305-4.patch   |  48 +++
 .../nettle-3.5.1/CVE-2021-20305-5.patch   |  53 +++
 .../nettle/nettle-3.5.1/CVE-2021-3580_1.patch | 277 ++
 .../nettle/nettle-3.5.1/CVE-2021-3580_2.patch | 163 
 meta/recipes-support/nettle/nettle_3.5.1.bb   |   7 +
 ...1e135a16091c93f6f5f7525a5c58fb7ca9f9.patch | 207 ++
 meta/recipes-support/vim/vim.inc  |   2 +
 scripts/lib/wic/partition.py  |   2 +-
 48 files changed, 3423 insertions(+), 36 deletions(-)
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-12829_1.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-12829_2.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-12829_3.patch
 create mode 100644 

Re: [OE-core] Backport request to dunfell: "Unlicense"

[Steve Sakoman]

Hi Massimo,

The proper way to request a backport is to send a patch to the mailing
list (openembedded-core@lists.openembedded.org) so that others in the
community have an opportunity to comment.

I suspect there won't be an issue, but let's follow the process!

Steve

On Wed, Sep 22, 2021 at 5:08 AM TOSCANELLI Massimo
 wrote:
>
> Dear Steve,
>
>
>
> I would need the “Unlicense” license in dunfell.
>
> Is it possible to backport this commit?
>
> https://github.com/openembedded/openembedded-core/commit/7698f3145a9c48778d7bb79f54df169cf375349c
>
>
>
> Looking forward to your reply
>
>
>
> Massimo Toscanelli

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#156297): 
https://lists.openembedded.org/g/openembedded-core/message/156297
Mute This Topic: https://lists.openembedded.org/mt/85839736/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] user/group XXX does not exist, using root with RPM/DNF packaging in Hardknott and Honister

[Zoltan Boszormenyi via lists.openembedded.org]

Hi,

I have a special package that creates users and groups
via inherit useradd. This package doesn't depend on any
others but it is depended on, both via DEPENDS and RDEPENDS
by packages using those users/groups in their do_install
scripts.

This works for packaging becase these ownerships
are encoded in the packages, confirmed by rpm -qp --dump ...

However, during do_rootfs, a couple of
"user/group XXX does not exist, using root"
messages appear for the packages depending on others
creating these users/groups.

log.do_rootfs shows that the package installation ordering
does not follow RDEPENDS. Instead, it's practically an
alphabetical order when running dnf.

This doesn't just involve my custom packages, but also clamav
plus another one in which I ship a small limited set of
virus signatures, also chown'd to clamav and with RDEPENDS
on clamav.

What is the correct solution to this?

Thanks in advance,
Zoltán Böszörményi

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#156296): 
https://lists.openembedded.org/g/openembedded-core/message/156296
Mute This Topic: https://lists.openembedded.org/mt/85839631/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH v2] create-spdx: Don't collect natives sources

[Joshua Watt]

On Fri, Sep 24, 2021, 2:16 AM Richard Purdie <
richard.pur...@linuxfoundation.org> wrote:

> On Thu, 2021-09-23 at 17:14 -0500, Joshua Watt wrote:
> > On 9/23/21 5:07 PM, Joshua Watt wrote:
> > >
> > > On 9/23/21 4:29 PM, Saul Wold wrote:
> > > >
> > > >
> > > > On 9/23/21 2:05 PM, Joshua Watt wrote:
> > > > >
> > > > > On 9/23/21 3:53 PM, Saul Wold wrote:
> > > > > > Extend the SPDXPackage to include is_native so it can be used
> later in
> > > > > > the processing.
> > > > > >
> > > > > > When the collect_dep_sources() runs, it collects sources from
> both
> > > > > > native
> > > > > > and non-native recipes. Later when the GENERATED_FROM matching
> > > > > > occurs it
> > > > > > may find the file (via checksum) from the native recipe since
> it's the
> > > > > > same checksum as the target file. The that are generated
> DocumentRefs
> > > > > > point to the native recipe rather than the target recipe
> DocumentRef.
> > > > > >
> > > > > > Signed-off-by: Saul Wold 
> > > > > > ---
> > > > > >   meta/classes/create-spdx.bbclass | 11 +--
> > > > > >   meta/lib/oe/spdx.py  |  1 +
> > > > > >   2 files changed, 10 insertions(+), 2 deletions(-)
> > > > > >
> > > > > > diff --git a/meta/classes/create-spdx.bbclass
> > > > > > b/meta/classes/create-spdx.bbclass
> > > > > > index 3c73c21c04..e565f0bf6c 100644
> > > > > > --- a/meta/classes/create-spdx.bbclass
> > > > > > +++ b/meta/classes/create-spdx.bbclass
> > > > > > @@ -336,6 +336,10 @@ def collect_dep_sources(d, dep_recipes):
> > > > > >   sources = {}
> > > > > >   for dep in dep_recipes:
> > > > > > +# Don't collect sources from native recipes as they
> > > > > > +# match non-native sources also.
> > > > > > +if dep.recipe.is_native == "True":
> > > > > > +continue
> > > > > >   recipe_files = set(dep.recipe.hasFiles)
> > > > > >   for spdx_file in dep.doc.files:
> > > > > > @@ -382,7 +386,6 @@ python do_create_spdx() {
> > > > > >   include_sources = d.getVar("SPDX_INCLUDE_SOURCES") == "1"
> > > > > >   archive_sources = d.getVar("SPDX_ARCHIVE_SOURCES") == "1"
> > > > > >   archive_packaged = d.getVar("SPDX_ARCHIVE_PACKAGED") == "1"
> > > > > > -is_native = bb.data.inherits_class("native", d)
> > > > > >   creation_time =
> > > > > > datetime.now(tz=timezone.utc).strftime("%Y-%m-%dT%H:%M:%SZ")
> > > > > > @@ -401,6 +404,10 @@ python do_create_spdx() {
> > > > > >   recipe.name = d.getVar("PN")
> > > > > >   recipe.versionInfo = d.getVar("PV")
> > > > > >   recipe.SPDXID = oe.sbom.get_recipe_spdxid(d)
> > > > > > +if bb.data.inherits_class("native", d):
> > > > > > +recipe.is_native = "True"
> > > > > > +else:
> > > > > > +recipe.is_native = "False"
> > > > > >   for s in d.getVar('SRC_URI').split():
> > > > > >   if not s.startswith("file://"):
> > > > > > @@ -480,7 +487,7 @@ python do_create_spdx() {
> > > > > >   sources = collect_dep_sources(d, dep_recipes)
> > > > > >   found_licenses = {license.name:recipe_ref.externalDocumentId
>
> > > > > > + ":" + license.licenseId for license in
> > > > > > doc.hasExtractedLicensingInfos}
> > > > > > -if not is_native:
> > > > > > +if recipe.is_native is "False":
> > > > > >   bb.build.exec_func("read_subpackage_metadata", d)
> > > > > >   pkgdest = Path(d.getVar("PKGDEST"))
> > > > > > diff --git a/meta/lib/oe/spdx.py b/meta/lib/oe/spdx.py
> > > > > > index 9814fbfd66..452148f339 100644
> > > > > > --- a/meta/lib/oe/spdx.py
> > > > > > +++ b/meta/lib/oe/spdx.py
> > > > > > @@ -164,6 +164,7 @@ class SPDXPackage(SPDXObject):
> > > > > >   packageVerificationCode =
> _Object(SPDXPackageVerificationCode)
> > > > > >   hasFiles = _StringList()
> > > > > >   packageFileName = _String()
> > > > > > +is_native = _String()
> > > > >
> > > > > It's probably not well documented in this file, but this has to
> > > > > match to the SPDX standard; we can't add arbitrary fields here.
> When
> > > > > I was referring to an "annotation" I was specifcially referring to
> > > > > an SPDX annotation:
> > > > >
> > > > I should have figured that!
> > > >
> > > > > https://spdx.github.io/spdx-spec/8-annotations/
> > > > >
> > > > > We'd need to decide on some schema for encoding the data in the
> > > > > annotation
> > > > >
> > > > So we need to create an SPDXAnnotation type on spdx.py and define
> > > > what we want in the AnnotationComment field?
> > >
> > > Exactly. We can use the tool field to indicate that this is data we
> > > care about for a specific annotation, then put JSON or something in
> > > the annotation itself.
> >
> >
> > Also, I forgot to mention but I found it really hard to convert the
> > normal SPDX spec document into the structure we need for JSON encoding
> > in spdx.py. I found it *much* easier to decipher the actual SPDX JSON
> > schema document:
> >
> >
> 

[OE-core] [PATCH] libsamplerate0: Set correct soname for 0.1.9

[Tom Pollard]

Manually patch SHARED_VERSION_INFO, which was missed in
the 0.1.9 release and later incorrectly fixed until 0.2.1

Signed-off-by: Tom Pollard 
---
 .../libsamplerate0/shared_version_info.patch| 13 +
 .../libsamplerate/libsamplerate0_0.1.9.bb   |  1 +
 2 files changed, 14 insertions(+)
 create mode 100644 
meta/recipes-multimedia/libsamplerate/libsamplerate0/shared_version_info.patch

diff --git 
a/meta/recipes-multimedia/libsamplerate/libsamplerate0/shared_version_info.patch
 
b/meta/recipes-multimedia/libsamplerate/libsamplerate0/shared_version_info.patch
new file mode 100644
index 00..b42d564b4b
--- /dev/null
+++ 
b/meta/recipes-multimedia/libsamplerate/libsamplerate0/shared_version_info.patch
@@ -0,0 +1,13 @@
+Index: libsamplerate-0.1.8/configure.ac
+===
+--- libsamplerate-0.1.8.orig/configure.ac
 libsamplerate-0.1.8/configure.ac
+@@ -53,7 +53,7 @@ AC_PROG_LN_S
+ #  6. If any interfaces have been removed since the last public release, then 
set age
+ # to 0.
+ 
+-SHARED_VERSION_INFO="1:8:1"
++SHARED_VERSION_INFO="1:9:1"
+ 
+ 
+ 
diff --git a/meta/recipes-multimedia/libsamplerate/libsamplerate0_0.1.9.bb 
b/meta/recipes-multimedia/libsamplerate/libsamplerate0_0.1.9.bb
index 6dfc42b436..8345d6880f 100644
--- a/meta/recipes-multimedia/libsamplerate/libsamplerate0_0.1.9.bb
+++ b/meta/recipes-multimedia/libsamplerate/libsamplerate0_0.1.9.bb
@@ -10,6 +10,7 @@ PR = "r1"
 
 SRC_URI = "http://www.mega-nerd.com/SRC/libsamplerate-${PV}.tar.gz \
file://0001-configure.ac-improve-alsa-handling.patch \
+   file://shared_version_info.patch \
 "
 
 SRC_URI[md5sum] = "2b78ae9fe63b36b9fbb6267fad93f259"
-- 
2.30.2


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#156294): 
https://lists.openembedded.org/g/openembedded-core/message/156294
Mute This Topic: https://lists.openembedded.org/mt/85838060/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] bzip2: Update soname for libbz2 1.0.8

[Tom Pollard]

Set shared library name as libbz2.so.1.0.8, version in configure.ac
already synced via do_configure PV substitution.

Signed-off-by: Tom Pollard 
---
 meta/recipes-extended/bzip2/bzip2/Makefile.am | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-extended/bzip2/bzip2/Makefile.am 
b/meta/recipes-extended/bzip2/bzip2/Makefile.am
index 7338df03eb..d12d3a45e4 100644
--- a/meta/recipes-extended/bzip2/bzip2/Makefile.am
+++ b/meta/recipes-extended/bzip2/bzip2/Makefile.am
@@ -1,6 +1,6 @@
 
 lib_LTLIBRARIES = libbz2.la
-libbz2_la_LDFLAGS = -version-info 1:6:0
+libbz2_la_LDFLAGS = -version-info 1:8:0
 
 libbz2_la_SOURCES = blocksort.c  \
 huffman.c\
-- 
2.30.2


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#156293): 
https://lists.openembedded.org/g/openembedded-core/message/156293
Mute This Topic: https://lists.openembedded.org/mt/85836699/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [hardknott][PATCH] vim: fix CVEs

[Yu, Mingli]

From: Mingli Yu 

Backport patches to fix CVE-2021-3778 and CVE-2021-3796.

Signed-off-by: Mingli Yu 
---
 .../vim/files/CVE-2021-3778.patch | 33 +
 .../vim/files/CVE-2021-3796.patch | 49 +++
 meta/recipes-support/vim/vim.inc  |  2 +
 3 files changed, 84 insertions(+)
 create mode 100644 meta/recipes-support/vim/files/CVE-2021-3778.patch
 create mode 100644 meta/recipes-support/vim/files/CVE-2021-3796.patch

diff --git a/meta/recipes-support/vim/files/CVE-2021-3778.patch 
b/meta/recipes-support/vim/files/CVE-2021-3778.patch
new file mode 100644
index 00..918ebb1bfc
--- /dev/null
+++ b/meta/recipes-support/vim/files/CVE-2021-3778.patch
@@ -0,0 +1,33 @@
+From 9ba62f1042513fcadcc4e8fdcee171db66ef1d69 Mon Sep 17 00:00:00 2001
+From: Bram Moolenaar 
+Date: Fri, 24 Sep 2021 15:15:24 +0800
+Subject: [PATCH] patch 8.2.3409: reading beyond end of line with invalid utf-8
+ character
+
+Problem:Reading beyond end of line with invalid utf-8 character.
+Solution:   Check for NUL when advancing.
+
+Upstream-Status: 
Backport[https://github.com/vim/vim/commit/65b605665997fad54ef39a93199e305af2fe4d7f]
+
+Signed-off-by: Mingli Yu 
+---
+ src/regexp_nfa.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/regexp_nfa.c b/src/regexp_nfa.c
+index fb512f961..2806408de 100644
+--- a/src/regexp_nfa.c
 b/src/regexp_nfa.c
+@@ -5455,7 +5455,8 @@ find_match_text(colnr_T startcol, int regstart, char_u 
*match_text)
+   match = FALSE;
+   break;
+   }
+-  len2 += MB_CHAR2LEN(c2);
++  len2 += enc_utf8 ? utf_ptr2len(rex.line + col + len2)
++   : MB_CHAR2LEN(c2);
+   }
+   if (match
+   // check that no composing char follows
+-- 
+2.17.1
+
diff --git a/meta/recipes-support/vim/files/CVE-2021-3796.patch 
b/meta/recipes-support/vim/files/CVE-2021-3796.patch
new file mode 100644
index 00..b4eeae05aa
--- /dev/null
+++ b/meta/recipes-support/vim/files/CVE-2021-3796.patch
@@ -0,0 +1,49 @@
+From 6d02e1429771c00046b48f26e53ca4123c3ce4e1 Mon Sep 17 00:00:00 2001
+From: Bram Moolenaar 
+Date: Fri, 24 Sep 2021 16:01:09 +0800
+Subject: [PATCH] patch 8.2.3428: using freed memory when replacing
+
+Problem:Using freed memory when replacing. (Dhiraj Mishra)
+Solution:   Get the line pointer after calling ins_copychar().
+
+Upstream-Status: Backport 
[https://github.com/vim/vim/commit/35a9a00afcb20897d462a766793ff45534810dc3]
+
+Signed-off-by: Mingli Yu 
+---
+ src/normal.c | 10 +++---
+ 1 file changed, 7 insertions(+), 3 deletions(-)
+
+diff --git a/src/normal.c b/src/normal.c
+index c4963e621..305b514bc 100644
+--- a/src/normal.c
 b/src/normal.c
+@@ -5009,19 +5009,23 @@ nv_replace(cmdarg_T *cap)
+   {
+   /*
+* Get ptr again, because u_save and/or showmatch() will have
+-   * released the line.  At the same time we let know that the
+-   * line will be changed.
++   * released the line. This may also happen in ins_copychar().
++   * At the same time we let know that the line will be changed.
+*/
+-  ptr = ml_get_buf(curbuf, curwin->w_cursor.lnum, TRUE);
+   if (cap->nchar == Ctrl_E || cap->nchar == Ctrl_Y)
+   {
+ int c = ins_copychar(curwin->w_cursor.lnum
+  + (cap->nchar == Ctrl_Y ? -1 : 1));
++
++ptr = ml_get_buf(curbuf, curwin->w_cursor.lnum, TRUE);
+ if (c != NUL)
+   ptr[curwin->w_cursor.col] = c;
+   }
+   else
++  {
++  ptr = ml_get_buf(curbuf, curwin->w_cursor.lnum, TRUE);
+   ptr[curwin->w_cursor.col] = cap->nchar;
++  }
+   if (p_sm && msg_silent == 0)
+   showmatch(cap->nchar);
+   ++curwin->w_cursor.col;
+-- 
+2.17.1
+
diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc
index 6fe8fb90db..e45f9b828d 100644
--- a/meta/recipes-support/vim/vim.inc
+++ b/meta/recipes-support/vim/vim.inc
@@ -17,6 +17,8 @@ SRC_URI = "git://github.com/vim/vim.git \
file://0001-src-Makefile-improve-reproducibility.patch \
file://no-path-adjust.patch \
file://racefix.patch \
+   file://CVE-2021-3778.patch \
+   file://CVE-2021-3796.patch \
 "
 SRCREV = "98056533b96b6b5d8849641de93185dd7bcadc44"
 
-- 
2.17.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#156292): 
https://lists.openembedded.org/g/openembedded-core/message/156292
Mute This Topic: https://lists.openembedded.org/mt/85834872/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 

Re: [OE-core] [RFC PATCH 10/14] package_ipk/deb/rpm: Drop recursive do_build task dependencies

[Richard Purdie]

On Fri, 2021-09-24 at 09:58 +0200, Martin Jansa wrote:
> On Fri, Sep 24, 2021 at 6:51 AM Khem Raj  wrote:
> > this is quite encouraging, dont go by number of lines of change :)
> > btw. did you also try with other change which reduces native dependencies,
> > 
> 
>  
> I've tried layer.conf change in our builds and it causes _a lot_ of pkgconfig
> issues, but in most cases they are easy to spot in failed task log and easy to
> fix. With ~ 100 fixed recipes I can build the images again :). I've already
> merged bunch of these fixes in various layers and queued it for others. I've
> seen a lot of these fixes for meta-oe layers from Khem as well, so I think
> it's also getting ready. But possibly less impressive improvement and more
> fixes still needed for other external layers. Maybe we could add pkgconfig
> inherit in e.g. cmake.bbclass, that would at least in my case eliminate maybe
> 90% cases where I needed to add pkgconfig inherit (because native pkgconfig is
> called from CMake's FindPkgConfig). 

That could be an option, depends if there are many recipes which use cmake but
don't use pkgconfig.

FWIW I'm still planning to hold the layer.conf change causing that until after
release, unless I hear people saying the issues are mostly resolved.

I've merged the recursive build dependency changes as whilst it is an invasive
change, I think it puts sstate use and hence the project in a much better
position for the future.

Cheers,

Richard


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#156291): 
https://lists.openembedded.org/g/openembedded-core/message/156291
Mute This Topic: https://lists.openembedded.org/mt/85739581/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [RFC PATCH 10/14] package_ipk/deb/rpm: Drop recursive do_build task dependencies

[Martin Jansa]

On Fri, Sep 24, 2021 at 6:51 AM Khem Raj  wrote:

> this is quite encouraging, dont go by number of lines of change :)
> btw. did you also try with other change which reduces native dependencies,
>

I've tried layer.conf change in our builds and it causes _a lot_ of
pkgconfig issues, but in most cases they are easy to spot in failed task
log and easy to fix. With ~ 100 fixed recipes I can build the images again
:). I've already merged bunch of these fixes in various layers and queued
it for others. I've seen a lot of these fixes for meta-oe layers from Khem
as well, so I think it's also getting ready. But possibly less impressive
improvement and more fixes still needed for other external layers. Maybe we
could add pkgconfig inherit in e.g. cmake.bbclass, that would at least in
my case eliminate maybe 90% cases where I needed to add pkgconfig inherit
(because native pkgconfig is called from CMake's FindPkgConfig).

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#156290): 
https://lists.openembedded.org/g/openembedded-core/message/156290
Mute This Topic: https://lists.openembedded.org/mt/85739581/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH v2] create-spdx: Don't collect natives sources

[Richard Purdie]

On Thu, 2021-09-23 at 17:14 -0500, Joshua Watt wrote:
> On 9/23/21 5:07 PM, Joshua Watt wrote:
> > 
> > On 9/23/21 4:29 PM, Saul Wold wrote:
> > > 
> > > 
> > > On 9/23/21 2:05 PM, Joshua Watt wrote:
> > > > 
> > > > On 9/23/21 3:53 PM, Saul Wold wrote:
> > > > > Extend the SPDXPackage to include is_native so it can be used later in
> > > > > the processing.
> > > > > 
> > > > > When the collect_dep_sources() runs, it collects sources from both 
> > > > > native
> > > > > and non-native recipes. Later when the GENERATED_FROM matching 
> > > > > occurs it
> > > > > may find the file (via checksum) from the native recipe since it's the
> > > > > same checksum as the target file. The that are generated DocumentRefs
> > > > > point to the native recipe rather than the target recipe DocumentRef.
> > > > > 
> > > > > Signed-off-by: Saul Wold 
> > > > > ---
> > > > >   meta/classes/create-spdx.bbclass | 11 +--
> > > > >   meta/lib/oe/spdx.py  |  1 +
> > > > >   2 files changed, 10 insertions(+), 2 deletions(-)
> > > > > 
> > > > > diff --git a/meta/classes/create-spdx.bbclass 
> > > > > b/meta/classes/create-spdx.bbclass
> > > > > index 3c73c21c04..e565f0bf6c 100644
> > > > > --- a/meta/classes/create-spdx.bbclass
> > > > > +++ b/meta/classes/create-spdx.bbclass
> > > > > @@ -336,6 +336,10 @@ def collect_dep_sources(d, dep_recipes):
> > > > >   sources = {}
> > > > >   for dep in dep_recipes:
> > > > > +    # Don't collect sources from native recipes as they
> > > > > +    # match non-native sources also.
> > > > > +    if dep.recipe.is_native == "True":
> > > > > +    continue
> > > > >   recipe_files = set(dep.recipe.hasFiles)
> > > > >   for spdx_file in dep.doc.files:
> > > > > @@ -382,7 +386,6 @@ python do_create_spdx() {
> > > > >   include_sources = d.getVar("SPDX_INCLUDE_SOURCES") == "1"
> > > > >   archive_sources = d.getVar("SPDX_ARCHIVE_SOURCES") == "1"
> > > > >   archive_packaged = d.getVar("SPDX_ARCHIVE_PACKAGED") == "1"
> > > > > -    is_native = bb.data.inherits_class("native", d)
> > > > >   creation_time = 
> > > > > datetime.now(tz=timezone.utc).strftime("%Y-%m-%dT%H:%M:%SZ")
> > > > > @@ -401,6 +404,10 @@ python do_create_spdx() {
> > > > >   recipe.name = d.getVar("PN")
> > > > >   recipe.versionInfo = d.getVar("PV")
> > > > >   recipe.SPDXID = oe.sbom.get_recipe_spdxid(d)
> > > > > +    if bb.data.inherits_class("native", d):
> > > > > +    recipe.is_native = "True"
> > > > > +    else:
> > > > > +    recipe.is_native = "False"
> > > > >   for s in d.getVar('SRC_URI').split():
> > > > >   if not s.startswith("file://"):
> > > > > @@ -480,7 +487,7 @@ python do_create_spdx() {
> > > > >   sources = collect_dep_sources(d, dep_recipes)
> > > > >   found_licenses = {license.name:recipe_ref.externalDocumentId 
> > > > > + ":" + license.licenseId for license in 
> > > > > doc.hasExtractedLicensingInfos}
> > > > > -    if not is_native:
> > > > > +    if recipe.is_native is "False":
> > > > >   bb.build.exec_func("read_subpackage_metadata", d)
> > > > >   pkgdest = Path(d.getVar("PKGDEST"))
> > > > > diff --git a/meta/lib/oe/spdx.py b/meta/lib/oe/spdx.py
> > > > > index 9814fbfd66..452148f339 100644
> > > > > --- a/meta/lib/oe/spdx.py
> > > > > +++ b/meta/lib/oe/spdx.py
> > > > > @@ -164,6 +164,7 @@ class SPDXPackage(SPDXObject):
> > > > >   packageVerificationCode = _Object(SPDXPackageVerificationCode)
> > > > >   hasFiles = _StringList()
> > > > >   packageFileName = _String()
> > > > > +    is_native = _String()
> > > > 
> > > > It's probably not well documented in this file, but this has to 
> > > > match to the SPDX standard; we can't add arbitrary fields here. When 
> > > > I was referring to an "annotation" I was specifcially referring to 
> > > > an SPDX annotation:
> > > > 
> > > I should have figured that!
> > > 
> > > > https://spdx.github.io/spdx-spec/8-annotations/
> > > > 
> > > > We'd need to decide on some schema for encoding the data in the 
> > > > annotation
> > > > 
> > > So we need to create an SPDXAnnotation type on spdx.py and define 
> > > what we want in the AnnotationComment field?
> > 
> > Exactly. We can use the tool field to indicate that this is data we 
> > care about for a specific annotation, then put JSON or something in 
> > the annotation itself.
> 
> 
> Also, I forgot to mention but I found it really hard to convert the 
> normal SPDX spec document into the structure we need for JSON encoding 
> in spdx.py. I found it *much* easier to decipher the actual SPDX JSON 
> schema document:
> 
> https://github.com/spdx/spdx-spec/blob/development/v2.2.1/schemas/spdx-schema.json
> 
> 

Could someone put a few comments into the code just so that we don't forget some
of these constraints in future please?

Cheers,

Richard


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#156289): 

[OE-core] [hardknott][PATCH 0/3] Pull Request (cover letter only)

[Anuj Mittal]

Please merge these changes.

Thanks,

Anuj

The following changes since commit e99578cde6078828a3075e10f1bb97e1a373ce12:

  linux-yocto/5.4: update to v5.4.144 (2021-09-16 00:56:36 +0800)

are available in the Git repository at:

  git://push.openembedded.org/openembedded-core-contrib stable/hardknott-next

Armin Kuster (1):
  tar: ignore node-tar CVEs

Kiran Surendran (1):
  ffmpeg: fix CVE-2021-38114

Richard Purdie (1):
  sstate: Avoid problems with recipes using SRCPV when fetching sstate

 meta/classes/sstate.bbclass   |  4 ++
 meta/recipes-extended/tar/tar_1.34.bb |  1 +
 .../ffmpeg/ffmpeg/fix-CVE-2021-38114.patch| 67 +++
 .../recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb |  1 +
 4 files changed, 73 insertions(+)
 create mode 100644 
meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38114.patch

-- 
2.31.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#156288): 
https://lists.openembedded.org/g/openembedded-core/message/156288
Mute This Topic: https://lists.openembedded.org/mt/85833387/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-