[OE-core] [PATCH] initramfs-framework: Add overlayroot module

[Alejandro Hernandez Samaniego]

When installed, this module mounts a read-write (RW) overlay on
top of a root filesystem, which is kept read-only (RO).

It needs to be executed after the initramfs-module-rootfs since
it relies on it to mount the filesystem at initramfs startup but
before the finish module which normally switches root.

It requires rootrw= to be passed as a kernel parameter to
specify the device/partition to be used as RW by the overlay and
has a dependency on overlayfs support being present in the
running kernel.

It does not require the read-only IMAGE_FEATURE to be enabled.

Signed-off-by: Alejandro Enedino Hernandez Samaniego 
---
 .../initramfs-framework/overlayroot   | 93 +++
 .../initrdscripts/initramfs-framework_1.0.bb  |  9 ++
 2 files changed, 102 insertions(+)
 create mode 100644 
meta/recipes-core/initrdscripts/initramfs-framework/overlayroot

diff --git a/meta/recipes-core/initrdscripts/initramfs-framework/overlayroot 
b/meta/recipes-core/initrdscripts/initramfs-framework/overlayroot
new file mode 100644
index 00..ec5700e8fc
--- /dev/null
+++ b/meta/recipes-core/initrdscripts/initramfs-framework/overlayroot
@@ -0,0 +1,93 @@
+#!/bin/sh
+
+# Simple initramfs module intended to mount a read-write (RW)
+# overlayfs on top of /, keeping the original root filesystem
+# as read-only (RO).
+#
+# NOTE: The read-only IMAGE_FEATURE is not required for this to work
+#
+# It relies on the initramfs-module-rootfs to mount the original
+# root filesystem, and requires 'rootrw=' to be passed as a
+# kernel parameter, specifying the device/partition intended to
+# use as RW.
+#
+# It also has a dependency on overlayfs being enabled in the
+# running kernel via KERNEL_FEATURES (kmeta) or any other means.
+#
+# The RO root filesystem remains accessible by the system, mounted
+# at /rofs
+
+PATH=/sbin:/bin:/usr/sbin:/usr/bin
+
+# We get OLDROOT from the rootfs module
+OLDROOT="/rootfs"
+
+NEWROOT="${RWMOUNT}/root"
+RWMOUNT="/overlay"
+ROMOUNT="${RWMOUNT}/rofs"
+UPPER_DIR="${RWMOUNT}/upper"
+WORK_DIR="${RWMOUNT}/work"
+
+MODULES_DIR=/init.d
+
+exit_gracefully() {
+echo $1 >/dev/console
+echo >/dev/console
+echo "OverlayRoot mounting failed, starting system as read-only" 
>/dev/console
+echo >/dev/console
+
+# Make sure / is mounted as read only anyway.
+# Borrowed from rootfs-postcommands.bbclass
+# Tweak the mount option and fs_passno for rootfs in fstab
+if [ -f ${OLDROOT}/etc/fstab ]; then
+sed -i -e 
'/^[#[:space:]]*\/dev\/root/{s/defaults/ro/;s/\([[:space:]]*[[:digit:]]\)\([[:space:]]*\)[[:digit:]]$/\1\20/}'
 ${OLDROOT}/etc/fstab
+fi
+
+# Tweak the "mount -o remount,rw /" command in busybox-inittab inittab
+if [ -f ${OLDROOT}/etc/inittab ]; then
+sed -i 's|/bin/mount -o remount,rw /|/bin/mount -o remount,ro /|' 
${OLDROOT}/etc/inittab
+fi
+
+# Continue as if the overlayroot module didn't exist
+. $MODULES_DIR/99-finish
+eval "finish_run"
+}
+
+
+if [ -z "$bootparam_rootrw" ]; then
+exit_gracefully "rootrw= kernel parameter doesn't exist and its required 
to mount the overlayfs"
+fi
+
+mkdir -p ${RWMOUNT}
+
+# Mount RW device
+if mount -n -t ${bootparam_rootfstype:-ext4} -o 
${bootparam_rootflags:-defaults} ${bootparam_rootrw} ${RWMOUNT}
+then
+# Set up overlay directories
+mkdir -p ${UPPER_DIR}
+mkdir -p ${WORK_DIR}
+mkdir -p ${NEWROOT}
+mkdir -p ${ROMOUNT}
+
+# Remount OLDROOT as read-only
+mount -o bind ${OLDROOT} ${ROMOUNT}
+mount -o remount,ro ${ROMOUNT}
+
+# Mount RW overlay
+mount -t overlay overlay -o 
lowerdir=${ROMOUNT},upperdir=${UPPER_DIR},workdir=${WORK_DIR} ${NEWROOT} || 
exit_gracefully "initramfs-overlayroot: Mounting overlay failed"
+else
+exit_gracefully "initramfs-overlayroot: Mounting RW device failed"
+fi
+
+# Set up filesystems on overlay
+mkdir -p ${NEWROOT}/proc
+mkdir -p ${NEWROOT}/dev
+mkdir -p ${NEWROOT}/sys
+mkdir -p ${NEWROOT}/rofs
+
+mount -n --move ${ROMOUNT} ${NEWROOT}/rofs
+mount -n --move /proc ${NEWROOT}/proc
+mount -n --move /sys ${NEWROOT}/sys
+mount -n --move /dev ${NEWROOT}/dev
+
+exec chroot ${NEWROOT}/ ${bootparam_init:-/sbin/init} || exit_gracefully 
"Couldn't chroot into overlay"
diff --git a/meta/recipes-core/initrdscripts/initramfs-framework_1.0.bb 
b/meta/recipes-core/initrdscripts/initramfs-framework_1.0.bb
index 9e8c1dc3ab..4e76e20026 100644
--- a/meta/recipes-core/initrdscripts/initramfs-framework_1.0.bb
+++ b/meta/recipes-core/initrdscripts/initramfs-framework_1.0.bb
@@ -18,6 +18,7 @@ SRC_URI = "file://init \
file://e2fs \
file://debug \
file://lvm \
+   file://overlayroot \
   "
 
 S = "${WORKDIR}"
@@ -49,6 +50,9 @@ do_install() {
 # lvm
 install -m 0755 ${WORKDIR}/lvm ${D}/init.d/09-lvm
 
+# overlayroot needs to run after rootfs module but before finish
+install -m 0755 ${WORKDIR}/overlayroot ${D}/init.d/91-overlayroot
+
 # Create device nodes 

[OE-core] git fetcher hangs with File name too long

[Tomasz Dziendzielski]

Hi,
we're having issues with git fetcher. If we have long workspace path (long
jenkins job name in our case) it can happen that git fetcher will hang when
trying to create lockfile in downloads/git2/.lock due to
"File name too long" because it might exceed the limit of 255 characters.
The part that is causing this is in bitbake/lib/bb/fetch2/git.py:
gitsrcname = '%s%s' % (ud.host.replace(':', '.'),
ud.path.replace('/', '.').replace('*', '.').replace(' ','_'))
and this ud.path along with downloads directory can exceed the limit. How
can we change that? Do we really need the whole path there? Should we cut
somehow the directory name or maybe change it to a less human readable
hash? Some advice would be helpful.

Best regards,
Tomasz Dziendzielski

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#160960): 
https://lists.openembedded.org/g/openembedded-core/message/160960
Mute This Topic: https://lists.openembedded.org/mt/88691749/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][PATCH V2] mdadm: install mdcheck

[Chen Qi]

This script is used in mdcheck_xxx.service files. So we need to
install it. Also, as it requires bash, we add bash to RDEPENDS.

Signed-off-by: Chen Qi 
---
 .../files/0001-Makefile-install-mdcheck.patch | 30 +++
 meta/recipes-extended/mdadm/mdadm_4.2.bb  |  2 ++
 2 files changed, 32 insertions(+)
 create mode 100644 
meta/recipes-extended/mdadm/files/0001-Makefile-install-mdcheck.patch

diff --git 
a/meta/recipes-extended/mdadm/files/0001-Makefile-install-mdcheck.patch 
b/meta/recipes-extended/mdadm/files/0001-Makefile-install-mdcheck.patch
new file mode 100644
index 00..3f76ef54d8
--- /dev/null
+++ b/meta/recipes-extended/mdadm/files/0001-Makefile-install-mdcheck.patch
@@ -0,0 +1,30 @@
+From 97e776724ab9763c5bca9816370bb1635b7a8232 Mon Sep 17 00:00:00 2001
+From: Chen Qi 
+Date: Tue, 25 Jan 2022 16:25:01 +0800
+Subject: [PATCH] Makefile: install mdcheck
+
+The mdcheck_xxx.service files use mdcheck, but it's not installed.
+We need to install this script.
+
+Upstream-Status: Submitted [Sent patch to maintainer]
+
+Signed-off-by: Chen Qi 
+---
+ Makefile | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/Makefile b/Makefile
+index 2a51d813..db40c7fd 100644
+--- a/Makefile
 b/Makefile
+@@ -303,6 +303,7 @@ install-systemd: systemd/mdmon@.service
+ install-bin: mdadm mdmon
+   $(INSTALL) -D $(STRIP) -m 755 mdadm $(DESTDIR)$(BINDIR)/mdadm
+   $(INSTALL) -D $(STRIP) -m 755 mdmon $(DESTDIR)$(BINDIR)/mdmon
++  $(INSTALL) -D -m 755 misc/mdcheck $(DESTDIR)/usr/share/mdadm/mdcheck
+ 
+ uninstall:
+   rm -f $(DESTDIR)$(MAN8DIR)/mdadm.8 $(DESTDIR)$(MAN8DIR)/mdmon.8 
$(DESTDIR)$(MAN4DIR)/md.4 $(DESTDIR)$(MAN5DIR)/mdadm.conf.5 
$(DESTDIR)$(BINDIR)/mdadm
+-- 
+2.17.1
+
diff --git a/meta/recipes-extended/mdadm/mdadm_4.2.bb 
b/meta/recipes-extended/mdadm/mdadm_4.2.bb
index fa51364283..e15f8aadab 100644
--- a/meta/recipes-extended/mdadm/mdadm_4.2.bb
+++ b/meta/recipes-extended/mdadm/mdadm_4.2.bb
@@ -22,6 +22,7 @@ SRC_URI = 
"${KERNELORG_MIRROR}/linux/utils/raid/mdadm/${BPN}-${PV}.tar.xz \

file://0001-mdadm-add-option-y-for-use-syslog-to-recive-event-re.patch \
file://include_sysmacros.patch \
file://0001-mdadm-skip-test-11spare-migration.patch \
+   file://0001-Makefile-install-mdcheck.patch \
"
 
 SRC_URI[sha256sum] = 
"461c215670864bb74a4d1a3620684aa2b2f8296dffa06743f26dda5557acf01d"
@@ -92,6 +93,7 @@ do_install_ptest() {
done
 }
 
+RDEPENDS:${PN} += "bash"
 RDEPENDS:${PN}-ptest += "bash e2fsprogs-mke2fs"
 RRECOMMENDS:${PN}-ptest += " \
 coreutils \
-- 
2.33.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#160959): 
https://lists.openembedded.org/g/openembedded-core/message/160959
Mute This Topic: https://lists.openembedded.org/mt/88691711/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][PATCH] mdadm: install mdcheck

[Chen Qi]

This script is used in mdcheck_xxx.service files. So we need to
install it. Also, as it requires bash, we add bash to RDEPENDS.

Signed-off-by: Chen Qi 
---
 .../files/0001-Makefile-install-mdcheck.patch | 30 +++
 meta/recipes-extended/mdadm/mdadm_4.2.bb  |  2 ++
 2 files changed, 32 insertions(+)
 create mode 100644 
meta/recipes-extended/mdadm/files/0001-Makefile-install-mdcheck.patch

diff --git 
a/meta/recipes-extended/mdadm/files/0001-Makefile-install-mdcheck.patch 
b/meta/recipes-extended/mdadm/files/0001-Makefile-install-mdcheck.patch
new file mode 100644
index 00..3f76ef54d8
--- /dev/null
+++ b/meta/recipes-extended/mdadm/files/0001-Makefile-install-mdcheck.patch
@@ -0,0 +1,30 @@
+From 97e776724ab9763c5bca9816370bb1635b7a8232 Mon Sep 17 00:00:00 2001
+From: Chen Qi 
+Date: Tue, 25 Jan 2022 16:25:01 +0800
+Subject: [PATCH] Makefile: install mdcheck
+
+The mdcheck_xxx.service files use mdcheck, but it's not installed.
+We need to install this script.
+
+Upstream-Status: Submitted [Sent patch to maintainer]
+
+Signed-off-by: Chen Qi 
+---
+ Makefile | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/Makefile b/Makefile
+index 2a51d813..db40c7fd 100644
+--- a/Makefile
 b/Makefile
+@@ -303,6 +303,7 @@ install-systemd: systemd/mdmon@.service
+ install-bin: mdadm mdmon
+   $(INSTALL) -D $(STRIP) -m 755 mdadm $(DESTDIR)$(BINDIR)/mdadm
+   $(INSTALL) -D $(STRIP) -m 755 mdmon $(DESTDIR)$(BINDIR)/mdmon
++  $(INSTALL) -D -m 755 misc/mdcheck $(DESTDIR)/usr/share/mdadm/mdcheck
+ 
+ uninstall:
+   rm -f $(DESTDIR)$(MAN8DIR)/mdadm.8 $(DESTDIR)$(MAN8DIR)/mdmon.8 
$(DESTDIR)$(MAN4DIR)/md.4 $(DESTDIR)$(MAN5DIR)/mdadm.conf.5 
$(DESTDIR)$(BINDIR)/mdadm
+-- 
+2.17.1
+
diff --git a/meta/recipes-extended/mdadm/mdadm_4.2.bb 
b/meta/recipes-extended/mdadm/mdadm_4.2.bb
index fa51364283..e15f8aadab 100644
--- a/meta/recipes-extended/mdadm/mdadm_4.2.bb
+++ b/meta/recipes-extended/mdadm/mdadm_4.2.bb
@@ -22,6 +22,7 @@ SRC_URI = 
"${KERNELORG_MIRROR}/linux/utils/raid/mdadm/${BPN}-${PV}.tar.xz \

file://0001-mdadm-add-option-y-for-use-syslog-to-recive-event-re.patch \
file://include_sysmacros.patch \
file://0001-mdadm-skip-test-11spare-migration.patch \
+   file://0001-Makefile-install-mdcheck.patch \
"
 
 SRC_URI[sha256sum] = 
"461c215670864bb74a4d1a3620684aa2b2f8296dffa06743f26dda5557acf01d"
@@ -92,6 +93,7 @@ do_install_ptest() {
done
 }
 
+RDEPENDS:${PN} += "bash"
 RDEPENDS:${PN}-ptest += "bash e2fsprogs-mke2fs"
 RRECOMMENDS:${PN}-ptest += " \
 coreutils \
-- 
2.33.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#160958): 
https://lists.openembedded.org/g/openembedded-core/message/160958
Mute This Topic: https://lists.openembedded.org/mt/88667847/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core][PATCH] mdadm: install mdcheck

[Chen Qi]

Please ignore this patch, it will cause qa error for mdadm-ptest. I'll 
send out V2.


On 1/25/22 4:42 PM, Chen Qi wrote:

This script is used in mdcheck_xxx.service files. So we need to
install it. Also, as it requires bash, we add bash to RDEPENDS.

Signed-off-by: Chen Qi 
---
  .../files/0001-Makefile-install-mdcheck.patch | 30 +++
  meta/recipes-extended/mdadm/mdadm_4.2.bb  |  4 ++-
  2 files changed, 33 insertions(+), 1 deletion(-)
  create mode 100644 
meta/recipes-extended/mdadm/files/0001-Makefile-install-mdcheck.patch

diff --git 
a/meta/recipes-extended/mdadm/files/0001-Makefile-install-mdcheck.patch 
b/meta/recipes-extended/mdadm/files/0001-Makefile-install-mdcheck.patch
new file mode 100644
index 00..3f76ef54d8
--- /dev/null
+++ b/meta/recipes-extended/mdadm/files/0001-Makefile-install-mdcheck.patch
@@ -0,0 +1,30 @@
+From 97e776724ab9763c5bca9816370bb1635b7a8232 Mon Sep 17 00:00:00 2001
+From: Chen Qi 
+Date: Tue, 25 Jan 2022 16:25:01 +0800
+Subject: [PATCH] Makefile: install mdcheck
+
+The mdcheck_xxx.service files use mdcheck, but it's not installed.
+We need to install this script.
+
+Upstream-Status: Submitted [Sent patch to maintainer]
+
+Signed-off-by: Chen Qi 
+---
+ Makefile | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/Makefile b/Makefile
+index 2a51d813..db40c7fd 100644
+--- a/Makefile
 b/Makefile
+@@ -303,6 +303,7 @@ install-systemd: systemd/mdmon@.service
+ install-bin: mdadm mdmon
+   $(INSTALL) -D $(STRIP) -m 755 mdadm $(DESTDIR)$(BINDIR)/mdadm
+   $(INSTALL) -D $(STRIP) -m 755 mdmon $(DESTDIR)$(BINDIR)/mdmon
++  $(INSTALL) -D -m 755 misc/mdcheck $(DESTDIR)/usr/share/mdadm/mdcheck
+
+ uninstall:
+   rm -f $(DESTDIR)$(MAN8DIR)/mdadm.8 $(DESTDIR)$(MAN8DIR)/mdmon.8 
$(DESTDIR)$(MAN4DIR)/md.4 $(DESTDIR)$(MAN5DIR)/mdadm.conf.5 
$(DESTDIR)$(BINDIR)/mdadm
+--
+2.17.1
+
diff --git a/meta/recipes-extended/mdadm/mdadm_4.2.bb 
b/meta/recipes-extended/mdadm/mdadm_4.2.bb
index fa51364283..4e477bd260 100644
--- a/meta/recipes-extended/mdadm/mdadm_4.2.bb
+++ b/meta/recipes-extended/mdadm/mdadm_4.2.bb
@@ -22,6 +22,7 @@ SRC_URI = 
"${KERNELORG_MIRROR}/linux/utils/raid/mdadm/${BPN}-${PV}.tar.xz \
 
file://0001-mdadm-add-option-y-for-use-syslog-to-recive-event-re.patch \
 file://include_sysmacros.patch \
 file://0001-mdadm-skip-test-11spare-migration.patch \
+   file://0001-Makefile-install-mdcheck.patch \
 "
  
  SRC_URI[sha256sum] = "461c215670864bb74a4d1a3620684aa2b2f8296dffa06743f26dda5557acf01d"

@@ -92,7 +93,8 @@ do_install_ptest() {
done
  }
  
-RDEPENDS:${PN}-ptest += "bash e2fsprogs-mke2fs"

+RDEPENDS:${PN} += "bash"
+RDEPENDS:${PN}-ptest += "e2fsprogs-mke2fs"
  RRECOMMENDS:${PN}-ptest += " \
  coreutils \
  util-linux \






-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#160957): 
https://lists.openembedded.org/g/openembedded-core/message/160957
Mute This Topic: https://lists.openembedded.org/mt/88667847/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] ruby: Fix build on riscv/musl

[Khem Raj]

This fixes a build issue that started with 3.1 upgrade
Fixes
| ../ruby-3.1.0/vm_dump.c:916:38: error: use of undeclared identifier 'REG_S1'
| dump_machine_register(mctx->__gregs[REG_S1], "s1");

Signed-off-by: Khem Raj 
---
 ...ine-REG_S1-and-REG_S2-for-musl-riscv.patch | 30 +++
 meta/recipes-devtools/ruby/ruby_3.1.0.bb  |  9 +-
 2 files changed, 31 insertions(+), 8 deletions(-)
 create mode 100644 
meta/recipes-devtools/ruby/ruby/0001-vm_dump.c-Define-REG_S1-and-REG_S2-for-musl-riscv.patch

diff --git 
a/meta/recipes-devtools/ruby/ruby/0001-vm_dump.c-Define-REG_S1-and-REG_S2-for-musl-riscv.patch
 
b/meta/recipes-devtools/ruby/ruby/0001-vm_dump.c-Define-REG_S1-and-REG_S2-for-musl-riscv.patch
new file mode 100644
index 000..8821325c0fe
--- /dev/null
+++ 
b/meta/recipes-devtools/ruby/ruby/0001-vm_dump.c-Define-REG_S1-and-REG_S2-for-musl-riscv.patch
@@ -0,0 +1,30 @@
+From dfb22e4d6662bf72879eda806eaa78c7b52b519e Mon Sep 17 00:00:00 2001
+From: Khem Raj 
+Date: Tue, 25 Jan 2022 20:29:14 -0800
+Subject: [PATCH] vm_dump.c: Define REG_S1 and REG_S2 for musl/riscv
+
+Upstream-Status: Inappropriate [musl bug]
+Signed-off-by: Khem Raj 
+---
+ vm_dump.c | 5 +
+ 1 file changed, 5 insertions(+)
+
+diff --git a/vm_dump.c b/vm_dump.c
+index a98f5aa..957b785 100644
+--- a/vm_dump.c
 b/vm_dump.c
+@@ -39,6 +39,11 @@
+ 
+ #define MAX_POSBUF 128
+ 
++#if defined(__riscv) && !defined(__GLIBC__)
++# define REG_S1 9
++# define REG_S2 18
++#endif
++
+ #define VM_CFP_CNT(ec, cfp) \
+   ((rb_control_frame_t *)((ec)->vm_stack + (ec)->vm_stack_size) - \
+(rb_control_frame_t *)(cfp))
+-- 
+2.35.0
+
diff --git a/meta/recipes-devtools/ruby/ruby_3.1.0.bb 
b/meta/recipes-devtools/ruby/ruby_3.1.0.bb
index e250164d2c4..7a04a364326 100644
--- a/meta/recipes-devtools/ruby/ruby_3.1.0.bb
+++ b/meta/recipes-devtools/ruby/ruby_3.1.0.bb
@@ -11,6 +11,7 @@ SRC_URI += " \

file://0004-lib-mkmf.rb-sort-list-of-object-files-in-generated-M.patch \

file://0005-Mark-Gemspec-reproducible-change-fixing-784225-too.patch \
file://0006-Make-gemspecs-reproducible.patch \
+   file://0001-vm_dump.c-Define-REG_S1-and-REG_S2-for-musl-riscv.patch 
\
"
 
 SRC_URI[sha256sum] = 
"50a0504c6edcb4d61ce6b8cfdbddaa95707195fab0ecd7b5e92654b2a9412854"
@@ -36,18 +37,10 @@ EXTRA_OECONF = "\
 "
 
 EXTRA_OECONF:append:libc-musl = "\
-LIBS='-lucontext' \
 ac_cv_func_isnan=yes \
 ac_cv_func_isinf=yes \
 "
 
-EXTRA_OECONF:append:libc-musl:riscv64 = "\
---with-coroutine=copy \
-"
-EXTRA_OECONF:append:libc-musl:riscv32 = "\
---with-coroutine=copy \
-"
-
 PARALLEL_MAKEINST = ""
 
 do_install:append:class-target () {
-- 
2.35.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#160956): 
https://lists.openembedded.org/g/openembedded-core/message/160956
Mute This Topic: https://lists.openembedded.org/mt/88690372/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [qa-build-notification] QA notification for completed autobuilder build (yocto-3.5_M2.rc6)

[Teoh, Jay Shen]

Hi all,

Intel and WR YP QA is planning for QA execution for YP build yocto-3.5_M2.rc6. 
We are planning to execute following tests for this cycle:

OEQA-manual tests for following module:
1. OE-Core
2. BSP-hw

Runtime auto test for following platforms:
1. MinnowTurbot 32-bit
2. Coffee Lake
3. NUC 7
4. NUC 6
5. Edgerouter
6. Beaglebone

ETA for completion next Monday, Jan 31.

Thanks,
Jay

> -Original Message-
> From: qa-build-notificat...@lists.yoctoproject.org  notificat...@lists.yoctoproject.org> On Behalf Of Richard Purdie
> Sent: Tuesday, 25 January, 2022 4:49 PM
> To:  
> Cc: qa-build-notification 
> Subject: [qa-build-notification] QA notification for completed autobuilder
> build (yocto-3.5_M2.rc6)
> 
> A build flagged for QA (yocto-3.5_M2.rc6) was completed on the autobuilder
> and is available at:
> 
> 
> https://autobuilder.yocto.io/pub/releases/yocto-3.5_M2.rc6
> 
> 
> Build hash information:
> 
> bitbake: 1f06f326fa8b47e2a4dce756d57a9369a2225201
> meta-agl: 7a644d636237459c54128a71d083cb6f9e1b8e60
> meta-arm: 254482284d4588532bd7b9d980193e3e41adaa99
> meta-aws: 8893e0cd4c0981eeda941eaa9ad2eb9359670502
> meta-gplv2: f04e4369bf9dd3385165281b9fa2ed1043b0e400
> meta-intel: 4ff5b19ba63ea69c47198e641acbc12e33634cac
> meta-mingw: ddbf14b224215f47a5f80fc8154ade8d3bc318e8
> meta-openembedded: a558d51fecda3e66ace21d02b57ab61bf122fdc1
> oecore: a179485351a0563d12a2fef3e49971122255ed80
> poky: 27ff420543f0195dab024698d804aca33f2ae139
> 
> 
> 
> This is an automated message from the Yocto Project Autobuilder
> Git: git://git.yoctoproject.org/yocto-autobuilder2
> Email: richard.pur...@linuxfoundation.org
> 
> 
> 
> 
> 
> 
> 


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#160955): 
https://lists.openembedded.org/g/openembedded-core/message/160955
Mute This Topic: https://lists.openembedded.org/mt/88688609/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [yocto] Inclusive Language Proposal for YP/OE

[Paul Eggleton]

On Tuesday, 25 January 2022 21:26:33 NZDT Paul Barker wrote:
> The layer index may need some modification to handle different layers 
> having different names for the in-development branch. We could implement 
> the layer index changes first to support other layers which rename their 
> master branch.
> 
> I'm going to bite the bullet with meta-linux-mainline and rename the 
> master branch to "dev" this week to see what happens.

The layer index does already support this, it's just not exposed (at the time 
I introduced it - some time ago - I thought it might encourage people to 
deviate from the release branch names, but in hindsight that was probably not 
worth worrying about.) So at the moment an admin can set an alternative branch 
name. It would not be hard to expose it through the UI for layer maintainers 
though.

Cheers,
Paul



-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#160954): 
https://lists.openembedded.org/g/openembedded-core/message/160954
Mute This Topic: https://lists.openembedded.org/mt/88687808/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] libstd-rs: Apply patches to right version of libc

[Khem Raj]

1.58 rust libstd is locked to use 0.2.106, therefore patch the correct
version. once we start using 0.2.108+ these patches will not be required
as the port is available then on.

Signed-off-by: Khem Raj 
Cc: Alexander Kanavin 
---
 ...dd-base-definitions-for-riscv64-musl.patch | 20 ++-
 ...x-musl-mod.rs-add-riscv64-to-b64-set.patch |  8 
 ...UP-Correct-definitions-to-match-musl.patch |  6 +++---
 ...hecksums-for-modified-files-for-rust.patch | 15 +-
 4 files changed, 18 insertions(+), 31 deletions(-)

diff --git 
a/meta/recipes-devtools/rust/libstd-rs/0001-Add-base-definitions-for-riscv64-musl.patch
 
b/meta/recipes-devtools/rust/libstd-rs/0001-Add-base-definitions-for-riscv64-musl.patch
index b1cd45d1dcf..5a36fefd21e 100644
--- 
a/meta/recipes-devtools/rust/libstd-rs/0001-Add-base-definitions-for-riscv64-musl.patch
+++ 
b/meta/recipes-devtools/rust/libstd-rs/0001-Add-base-definitions-for-riscv64-musl.patch
@@ -3,21 +3,19 @@ From: Ralf Anton Beier 
 Date: Sun, 8 Aug 2021 11:05:06 +0200
 Subject: [PATCH 1/4] Add base definitions for riscv64 + musl
 
-https://github.com/rust-lang/libc/pull/1994/commits/030a07761f61f3293d53752e60edbd330a9d718d
+https://github.com/rust-lang/libc-0.2.106/pull/1994/commits/030a07761f61f3293d53752e60edbd330a9d718d
 
-Upstream-Status: Submitted [https://github.com/rust-lang/libc/pull/2537]
+Upstream-Status: Submitted 
[https://github.com/rust-lang/libc-0.2.106/pull/2537]
 Signed-off-by: Khem Raj 
 Signed-off-by: Ralf Anton Beier 
 ---
  .../src/unix/linux_like/linux/musl/b64/mod.rs |   3 +
  .../linux_like/linux/musl/b64/riscv64/mod.rs  | 832 ++
  2 files changed, 835 insertions(+)
- create mode 100644 
vendor/libc/src/unix/linux_like/linux/musl/b64/riscv64/mod.rs
+ create mode 100644 
vendor/libc-0.2.106/src/unix/linux_like/linux/musl/b64/riscv64/mod.rs
 
-diff --git a/vendor/libc/src/unix/linux_like/linux/musl/b64/mod.rs 
b/vendor/libc/src/unix/linux_like/linux/musl/b64/mod.rs
-index cfcdaaecf..7261b95d2 100644
 a/vendor/libc/src/unix/linux_like/linux/musl/b64/mod.rs
-+++ b/vendor/libc/src/unix/linux_like/linux/musl/b64/mod.rs
+--- a/vendor/libc-0.2.106/src/unix/linux_like/linux/musl/b64/mod.rs
 b/vendor/libc-0.2.106/src/unix/linux_like/linux/musl/b64/mod.rs
 @@ -163,6 +163,9 @@ cfg_if! {
  } else if #[cfg(any(target_arch = "x86_64"))] {
  mod x86_64;
@@ -28,11 +26,8 @@ index cfcdaaecf..7261b95d2 100644
  } else {
  // Unknown target_arch
  }
-diff --git a/vendor/libc/src/unix/linux_like/linux/musl/b64/riscv64/mod.rs 
b/vendor/libc/src/unix/linux_like/linux/musl/b64/riscv64/mod.rs
-new file mode 100644
-index 0..c656189c4
 --- /dev/null
-+++ b/vendor/libc/src/unix/linux_like/linux/musl/b64/riscv64/mod.rs
 b/vendor/libc-0.2.106/src/unix/linux_like/linux/musl/b64/riscv64/mod.rs
 @@ -0,0 +1,832 @@
 +//! RISC-V-specific definitions for 64-bit linux-like values
 +
@@ -866,6 +861,3 @@ index 0..c656189c4
 +pub const SYS_process_madvise: ::c_long = 440;
 +pub const SYS_epoll_pwait2: ::c_long = 441;
 +pub const SYS_mount_setattr: ::c_long = 442;
--- 
-2.20.1
-
diff --git 
a/meta/recipes-devtools/rust/libstd-rs/0002-FIXUP-linux-musl-mod.rs-add-riscv64-to-b64-set.patch
 
b/meta/recipes-devtools/rust/libstd-rs/0002-FIXUP-linux-musl-mod.rs-add-riscv64-to-b64-set.patch
index 0f159c60254..ad321d14bb1 100644
--- 
a/meta/recipes-devtools/rust/libstd-rs/0002-FIXUP-linux-musl-mod.rs-add-riscv64-to-b64-set.patch
+++ 
b/meta/recipes-devtools/rust/libstd-rs/0002-FIXUP-linux-musl-mod.rs-add-riscv64-to-b64-set.patch
@@ -9,13 +9,13 @@ Upstream-Status: Submitted 
[https://github.com/rust-lang/libc/pull/2537]
 Signed-off-by: Khem Raj 
 Signed-off-by: Ralf Anton Beier 
 ---
- vendor/libc/src/unix/linux_like/linux/musl/mod.rs | 3 ++-
+ vendor/libc-0.2.106/src/unix/linux_like/linux/musl/mod.rs | 3 ++-
  1 file changed, 2 insertions(+), 1 deletion(-)
 
-diff --git a/vendor/libc/src/unix/linux_like/linux/musl/mod.rs 
b/vendor/libc/src/unix/linux_like/linux/musl/mod.rs
+diff --git a/vendor/libc-0.2.106/src/unix/linux_like/linux/musl/mod.rs 
b/vendor/libc-0.2.106/src/unix/linux_like/linux/musl/mod.rs
 index df596e968..1ab13a712 100644
 a/vendor/libc/src/unix/linux_like/linux/musl/mod.rs
-+++ b/vendor/libc/src/unix/linux_like/linux/musl/mod.rs
+--- a/vendor/libc-0.2.106/src/unix/linux_like/linux/musl/mod.rs
 b/vendor/libc-0.2.106/src/unix/linux_like/linux/musl/mod.rs
 @@ -765,7 +765,8 @@ cfg_if! {
   target_arch = "aarch64",
   target_arch = "mips64",
diff --git 
a/meta/recipes-devtools/rust/libstd-rs/0003-FIXUP-Correct-definitions-to-match-musl.patch
 
b/meta/recipes-devtools/rust/libstd-rs/0003-FIXUP-Correct-definitions-to-match-musl.patch
index 288f4c5286d..de6b73eb5cf 100644
--- 
a/meta/recipes-devtools/rust/libstd-rs/0003-FIXUP-Correct-definitions-to-match-musl.patch
+++ 
b/meta/recipes-devtools/rust/libstd-rs/0003-FIXUP-Correct-definitions-to-match-musl.patch

Re: [OE-core] Inclusive Language Proposal for YP/OE

[Randy MacLeod]

On 2022-01-24 11:17, Jon Mason wrote:

From the beginning, OpenEmbedded and The Yocto Project have always

strived to be as inclusive as possible to all races, sexes,
orientations, religions, nationalities, and any other thing which
might divide people.  As continuation of this striving, there are
suggested changes below that are being proposed to make the projects
more inclusive and show the community as the professional, friendly,
and welcoming group that it is.   There are words in use by the
projects directly or one of its derivative layers that could be
offensive to some.  For more information on which words we selected
and why, please consult
https://inclusivenaming.org/word-lists/overview/

In the process of changing these, we are using this opportunity to
make the terms more obvious and useful, as well as removing cruft and
other unused code.  This is the pure definition of a win-win solution.

With this in mind, a group of people have tried to identify issues and
come up with a plan to address these.   We’ve divided the tasks into 3
areas: bitbake variables, oe-core variables, and everything else.


Jon,

I've looked over all the changes and agree with Ross on his one suggestion
and that the rest of the changes are fine.


The new terms are equally or in some cases more clear so hopefully that 
will
result in less confusion and a better experience for everyone at the 
one-time

cost of a hopefully not too bumpy transition.

Thanks!

../Randy






Bitbake Variables
Taking issues in turn, for bitbake:

For BB_DISKMON_DIRS, the actions "ABORT, STOPTASKS and WARN" would
become "HALT, NO_NEW_TASKS and "WARN".

BB_ENV_WHITELIST -> BB_ENV_PASSTHROUGH
BB_ENV_EXTRAWHITE -> BB_ENV_PASSTHROUGH_ADDITIONS

BB_HASHCONFIG_WHITELIST -> BB_HASHCONFIG_IGNORE_VARS
BB_SETSCENE_ENFORCE_WHITELIST -> BB_SETSCENE_ENFORCE_IGNORE_TASKS
BB_HASHBASE_WHITELIST -> BB_BASEHASH_IGNORE_VARS
MULTI_PROVIDER_WHITELIST -> BB_MULTI_PROVIDER_ALLOWED
BB_STAMP_WHITELIST and BB_STAMP_POLICY -> delete the code (already merged)

basewhitelist and taskwhitelist as used in sigdata/siginfo will need
to be renamed and older file usage of the variables renamed at import
for backwards compatibility. The variables in bitbake along with usage
of abort will be renamed as appropriate.

For most variables, errors will be shown to the user if the old
variable names are set. Mostly this can be done in event hooks but
some like the BB_ENV changes will need special handling.

These changes hopefully improve consistency (e.g. a consistent BB_
prefix and BASHHASH as terminology used elsewhere) and also improve
the description of the variables to be more understandable to users.

OE-Core Variables
For OE-Core, the proposals are:

For blacklist.bbclass, the proposal is to add the functionality to the
anonymous Python in base.bbclass instead. PNBLACKLIST[xxx] would
become SKIP_RECIPE[xxx]. INHERIT_BLACKLIST would simply be dropped.

SSTATE_DUPWHITELIST -> SSTATE_ALLOW_OVERLAP_FILES
CVE_CHECK_PN_WHITELIST -> CVE_CHECK_SKIPRECIPE
CVE_CHECK_WHITELIST -> CVE_CHECK_IGNORECVE
SYSROOT_DIRS_BLACKLIST -> SYSROOT_DIRS_IGNORE
LICENSE_FLAGS_WHITELIST -> LICENSE_FLAGS_ACCEPTED
UNKNOWN_CONFIGURE_WHITELIST -> UNKNOWN_CONFIGURE_OPT_IGNORE
SDK_LOCAL_CONF_BLACKLIST -> ESDK_LOCALCONF_REMOVE
SDK_LOCAL_CONF_WHITELIST -> ESDK_LOCALCONF_ALLOW
SDK_INHERIT_BLACKLIST -> ESDK_CLASS_INHERIT_DISABLE
TUNEABI_WHITELIST - already removed as obsolete

For the ICECC_USER_XXX and ICECC_SYSTEM_XXX, we think these can likely
be merged into single variables:

ICECC_USER_CLASS_BL -> ICECC_CLASS_DISABLE
ICECC_SYSTEM_CLASS_BL -> ICECC_CLASS_DISABLE
ICECC_USER_PACKAGE_WL -> ICECC_RECIPE_ENABLE
ICECC_USER_PACKAGE_BL -> ICECC_RECIPE_DISABLE
ICECC_SYSTEM_PACKAGE_BL -> ICECC_RECIPE_DISABLE

For license handling, we’d use the opportunity to clean up the
WHITELIST_(ANY LICENSE) syntax and replace it with a
INCOMPATIBLE_LICENSE_ALLOWED_RECIPES, which would be a list of recipes
which are of a blocked the INCOMPATIBLE_LICENSE list.

Everything else
The migration plan includes writing a script to assist with the
migration. In many cases it can likely make the translation. In cases
where that isn’t possible, it will aim to list the areas the user
needs to fix references.

A warning mechanism will be added to bitbake to detect usage of old
variable names (post parsing), except for BB_ENV issues which will
likely need special handling. A (limited) conversion script will be
created to help with the migration. For those instances where a 1-1
mapping is not achievable, a list of the occurrences and what it
should be changed to will occur.


Patch files in OE to be renamed:
11_tcpd_blacklist.patch -> 11_tcpd_blocklist.patch
mount.blacklist -> mount.disallow
0001-lxdm.conf.in-blacklist-root-for-release-images.patch ->
0001-lxdm.conf.in-deny-root-for-release-images.patch
022-RH-Remove-the-property-blacklist-exception-builtin.patch ->
022-RH-Remove-the-default-property-exception-builtin.patch

Re: [OE-core] [PATCH] wic: bootimg-partition: Add directory copy support to bootimage creation

[Richard Purdie]

On Tue, 2022-01-25 at 21:11 +0100, Sven Bachmann wrote:
> Hi,
> 
> this patch allows to create directories inside the boot partition when using 
> WIC. Without the patch
> the build process will abort with an error when a recipe tries to not only 
> copy files but to also
> create a directory inside the boot partition.
> 
> Recipe content:
> 
>     inherit deploy
>    
>     do_deploy() {
>     install -d ${DEPLOYDIR}/${BOOTFILES_DIR_NAME}/mydirectory
>         touch ${DEPLOYDIR}/${BOOTFILES_DIR_NAME}/mydirectory/${PN}-${PV}.stamp
>     }
>    
>     addtask deploy before do_build after do_install
>     do_deploy[dirs] += "${DEPLOYDIR}/${BOOTFILES_DIR_NAME}/mydirectory"
> 
> 
> The task do_image_wic will then complain (paths reduced and anonymized):
> 
>     | ERROR: _exec_cmd: install -m 0644 -D
> /my/home/dir/yocto/rpi-build/tmp/deploy/images/raspberrypi4/bootfiles/mydirectory
> /my/home/dir/yocot/rpi-build/tmp/work/raspberrypi4-poky-linux-gnueabi/my-image/1.0-r0/tmp-wic/boot.1/mydirectory
> returned '1' instead of 0
>     | output: install: omitting directory
> '/my/home/dir/yocto/rpi-build/tmp/deploy/images/raspberrypi4/bootfiles/mydirectory'
> 
> 
> As can be seen it uses "install -D" instead of creating the directory with 
> "install -d". This patch
> fixes this.
> 
> Best regards
>   Sven
> 
> 
> 
> From 360775581a573a62032155fc6968175125e9c1db Mon Sep 17 00:00:00 2001
> From: Sven Bachmann 
> Date: Tue, 25 Jan 2022 20:47:17 +0100
> Subject: [PATCH 1/1] wic: bootimg-partition: add directory copy support to 
> bootimage creation
> 
> Signed-off-by: Sven Bachmann 
> ---
>  .../lib/wic/plugins/source/bootimg-partition.py    | 14 +++---
>  1 file changed, 11 insertions(+), 3 deletions(-)
> 
> diff --git a/scripts/lib/wic/plugins/source/bootimg-partition.py
> b/scripts/lib/wic/plugins/source/bootimg-partition.py
> index 5dbe2558d2..6348050bd5 100644
> --- a/scripts/lib/wic/plugins/source/bootimg-partition.py
> +++ b/scripts/lib/wic/plugins/source/bootimg-partition.py
> @@ -184,9 +184,17 @@ class BootimgPartitionPlugin(SourcePlugin):
>  for task in cls.install_task:
>  src_path, dst_path = task
>  logger.debug('Install %s as %s', src_path, dst_path)
> -    install_cmd = "install -m 0644 -D %s %s" \
> -  % (os.path.join(kernel_dir, src_path),
> - os.path.join(hdddir, dst_path))
> +    if os.path.isfile(src_path):
> +    install_cmd = "install -m 0644 -D %s %s" \
> +  % (os.path.join(kernel_dir, src_path),
> + os.path.join(hdddir, dst_path))
> +    elif os.path.isdir:
> +    install_cmd = "install -m 0755 -d %s" \
> +  % (os.path.join(hdddir, dst_path))
> +    else:
> +    logger.error("Path is neither file nor directory: %s", 
> src_path)
> +    raise WicError("Type of path unknown, exiting")
> +
>  exec_cmd(install_cmd)
>  
>  logger.debug('Prepare boot partition using rootfs in %s', hdddir)

I'm afraid the patch within the email has been line wrapped and even with that
fixed, the whitespace is corrupted making it hard to apply. I do also wonder if
there are extra tests we should be adding to the test suite to cover this issue
(see "oe-selftest -r wic")?

Cheers,

Richard



-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#160951): 
https://lists.openembedded.org/g/openembedded-core/message/160951
Mute This Topic: https://lists.openembedded.org/mt/88680938/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] wic: bootimg-partition: Add directory copy support to bootimage creation

[Sven Bachmann]

Hi,

this patch allows to create directories inside the boot partition when using 
WIC. Without the patch
the build process will abort with an error when a recipe tries to not only copy 
files but to also
create a directory inside the boot partition.

Recipe content:

    inherit deploy
   
    do_deploy() {
    install -d ${DEPLOYDIR}/${BOOTFILES_DIR_NAME}/mydirectory
        touch ${DEPLOYDIR}/${BOOTFILES_DIR_NAME}/mydirectory/${PN}-${PV}.stamp
    }
   
    addtask deploy before do_build after do_install
    do_deploy[dirs] += "${DEPLOYDIR}/${BOOTFILES_DIR_NAME}/mydirectory"


The task do_image_wic will then complain (paths reduced and anonymized):

    | ERROR: _exec_cmd: install -m 0644 -D
/my/home/dir/yocto/rpi-build/tmp/deploy/images/raspberrypi4/bootfiles/mydirectory
/my/home/dir/yocot/rpi-build/tmp/work/raspberrypi4-poky-linux-gnueabi/my-image/1.0-r0/tmp-wic/boot.1/mydirectory
returned '1' instead of 0
    | output: install: omitting directory
'/my/home/dir/yocto/rpi-build/tmp/deploy/images/raspberrypi4/bootfiles/mydirectory'


As can be seen it uses "install -D" instead of creating the directory with 
"install -d". This patch
fixes this.

Best regards
  Sven



>From 360775581a573a62032155fc6968175125e9c1db Mon Sep 17 00:00:00 2001
From: Sven Bachmann 
Date: Tue, 25 Jan 2022 20:47:17 +0100
Subject: [PATCH 1/1] wic: bootimg-partition: add directory copy support to 
bootimage creation

Signed-off-by: Sven Bachmann 
---
 .../lib/wic/plugins/source/bootimg-partition.py    | 14 +++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/scripts/lib/wic/plugins/source/bootimg-partition.py
b/scripts/lib/wic/plugins/source/bootimg-partition.py
index 5dbe2558d2..6348050bd5 100644
--- a/scripts/lib/wic/plugins/source/bootimg-partition.py
+++ b/scripts/lib/wic/plugins/source/bootimg-partition.py
@@ -184,9 +184,17 @@ class BootimgPartitionPlugin(SourcePlugin):
 for task in cls.install_task:
 src_path, dst_path = task
 logger.debug('Install %s as %s', src_path, dst_path)
-    install_cmd = "install -m 0644 -D %s %s" \
-  % (os.path.join(kernel_dir, src_path),
- os.path.join(hdddir, dst_path))
+    if os.path.isfile(src_path):
+    install_cmd = "install -m 0644 -D %s %s" \
+  % (os.path.join(kernel_dir, src_path),
+ os.path.join(hdddir, dst_path))
+    elif os.path.isdir:
+    install_cmd = "install -m 0755 -d %s" \
+  % (os.path.join(hdddir, dst_path))
+    else:
+    logger.error("Path is neither file nor directory: %s", 
src_path)
+    raise WicError("Type of path unknown, exiting")
+
 exec_cmd(install_cmd)
 
 logger.debug('Prepare boot partition using rootfs in %s', hdddir)
-- 
2.34.1



-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#160950): 
https://lists.openembedded.org/g/openembedded-core/message/160950
Mute This Topic: https://lists.openembedded.org/mt/88680938/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] OpenEmbedded Happy Hour January 26 5pm/1700 UTC

[Denys Dmytriyenko]

All,

Our next OpenEmbedded Happy Hour is on January 26 for Europe/Americas 
timezones @ 1700/5pm UTC (12pm ET / 9am PT):

https://www.openembedded.org/wiki/Calendar
https://www.timeanddate.com/worldclock/fixedtime.html?msg=OpenEmbedded+Happy+Hour+January+26=20220126T17

-- 
Regards,
Denys Dmytriyenko 
PGP: 0x420902729A92C964 - https://denix.org/0x420902729A92C964
Fingerprint: 25FC E4A5 8A72 2F69 1186  6D76 4209 0272 9A92 C964

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#160949): 
https://lists.openembedded.org/g/openembedded-core/message/160949
Mute This Topic: https://lists.openembedded.org/mt/88678725/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] tiff: backport fix for CVE-2022-22844

[Ross Burton]

Signed-off-by: Ross Burton 
---
 ...al-buffer-overflow-for-ASCII-tags-wh.patch | 43 +++
 meta/recipes-multimedia/libtiff/tiff_4.3.0.bb |  3 +-
 2 files changed, 45 insertions(+), 1 deletion(-)
 create mode 100644 
meta/recipes-multimedia/libtiff/files/0001-tiffset-fix-global-buffer-overflow-for-ASCII-tags-wh.patch

diff --git 
a/meta/recipes-multimedia/libtiff/files/0001-tiffset-fix-global-buffer-overflow-for-ASCII-tags-wh.patch
 
b/meta/recipes-multimedia/libtiff/files/0001-tiffset-fix-global-buffer-overflow-for-ASCII-tags-wh.patch
new file mode 100644
index 000..72776f09ba8
--- /dev/null
+++ 
b/meta/recipes-multimedia/libtiff/files/0001-tiffset-fix-global-buffer-overflow-for-ASCII-tags-wh.patch
@@ -0,0 +1,43 @@
+CVE: CVE-2022-22844
+Upstream-Status: Backport
+Signed-off-by: Ross Burton 
+
+From b12a0326e6064b6e0b051d1184a219877472f69b Mon Sep 17 00:00:00 2001
+From: 4ugustus 
+Date: Tue, 25 Jan 2022 16:25:28 +
+Subject: [PATCH] tiffset: fix global-buffer-overflow for ASCII tags where
+ count is required (fixes #355)
+
+---
+ tools/tiffset.c | 16 +---
+ 1 file changed, 13 insertions(+), 3 deletions(-)
+
+diff --git a/tools/tiffset.c b/tools/tiffset.c
+index 8c9e23c5..e7a88c09 100644
+--- a/tools/tiffset.c
 b/tools/tiffset.c
+@@ -146,9 +146,19 @@ main(int argc, char* argv[])
+ 
+ arg_index++;
+ if (TIFFFieldDataType(fip) == TIFF_ASCII) {
+-if (TIFFSetField(tiff, TIFFFieldTag(fip), argv[arg_index]) != 
1)
+-fprintf( stderr, "Failed to set %s=%s\n",
+- TIFFFieldName(fip), argv[arg_index] );
++if(TIFFFieldPassCount( fip )) {
++size_t len;
++len = strlen(argv[arg_index]) + 1;
++if (len > UINT16_MAX || TIFFSetField(tiff, 
TIFFFieldTag(fip),
++(uint16_t)len, argv[arg_index]) != 1)
++fprintf( stderr, "Failed to set %s=%s\n",
++TIFFFieldName(fip), argv[arg_index] );
++} else {
++if (TIFFSetField(tiff, TIFFFieldTag(fip),
++argv[arg_index]) != 1)
++fprintf( stderr, "Failed to set %s=%s\n",
++TIFFFieldName(fip), argv[arg_index] );
++}
+ } else if (TIFFFieldWriteCount(fip) > 0
+  || TIFFFieldWriteCount(fip) == TIFF_VARIABLE) {
+ int ret = 1;
+-- 
+2.25.1
diff --git a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb 
b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
index 6852758c6a9..ef8e8460fbb 100644
--- a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
+++ b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
@@ -9,7 +9,8 @@ LIC_FILES_CHKSUM = 
"file://COPYRIGHT;md5=34da3db46fab7501992f9615d7e158cf"
 CVE_PRODUCT = "libtiff"
 
 SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
-  "
+   
file://0001-tiffset-fix-global-buffer-overflow-for-ASCII-tags-wh.patch"
+
 SRC_URI[sha256sum] = 
"0e46e5acb087ce7d1ac53cf4f56a09b221537fc86dfc5daaad1c2e89e1b37ac8"
 
 # exclude betas
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#160948): 
https://lists.openembedded.org/g/openembedded-core/message/160948
Mute This Topic: https://lists.openembedded.org/mt/88677825/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] Inclusive Language Proposal for YP/OE

[Richard Purdie]

On Tue, 2022-01-25 at 07:50 -0800, Chuck Wolber wrote:
> On Mon, Jan 24, 2022 at 8:18 AM Jon Mason  wrote:
> 
> %< SNIP %<
>  
> > Branch Names
> > The “master” branches on the relevant OpenEmbedded and Yocto Project
> > git trees will be changed to an alternative name at some point in the
> > future.  The current preferred name is “devel”. 
> > 
> 
> 
> Why devel instead of main [1]?
> 
> [1]
> https://lore.kernel.org/git/pull.656.v4.git.1593009996.gitgitgad...@gmail.com/

The idea is we're trying to use the language which makes sense and "devel" says
what the branch is/does.

Cheers,

Richard


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#160947): 
https://lists.openembedded.org/g/openembedded-core/message/160947
Mute This Topic: https://lists.openembedded.org/mt/88650128/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [oe] Inclusive Language Proposal for YP/OE

[Ross Burton]

On Mon, 24 Jan 2022 at 16:18, Jon Mason  wrote:
> CVE_CHECK_PN_WHITELIST -> CVE_CHECK_SKIPRECIPE
> CVE_CHECK_WHITELIST -> CVE_CHECK_IGNORECVE

This is the only one that sticks out to me.  I think it needs another
_, SKIP_RECIPE and IGNORE_CVE.

Other than that, +1.

Will we have a bit of logic to detect the obsolete names being set and
emit warnings/errors?

Ross

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#160946): 
https://lists.openembedded.org/g/openembedded-core/message/160946
Mute This Topic: https://lists.openembedded.org/mt/88675507/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH] python3-dbusmock: Add native recipe

[Khem Raj]

On Tue, Jan 25, 2022 at 4:08 AM Richard Purdie <
richard.pur...@linuxfoundation.org> wrote:

> On Tue, 2022-01-25 at 07:25 +0100, Markus Volk wrote:
> > The python3-dbusmock dependency could be dropped if folks is build with
> > EXTRA_OEMESON += "-Dtests=false"
>
> What you can often do is make it a PACKAGECONFIG and then change the
> PACKAGECONFIG for the native version of the recipe to something more
> minimal?


Still having a native variant will be required to enable them so this patch
should definitely help in that case

>
>
> Cheers,
>
> Richard
>
>
> 
>
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#160945): 
https://lists.openembedded.org/g/openembedded-core/message/160945
Mute This Topic: https://lists.openembedded.org/mt/88653359/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [oe] [OE-core] Inclusive Language Proposal for YP/OE

[Ross Burton]

On Tue, 25 Jan 2022 at 15:50, Chuck Wolber  wrote:
>> Branch Names
>> The “master” branches on the relevant OpenEmbedded and Yocto Project
>> git trees will be changed to an alternative name at some point in the
>> future.  The current preferred name is “devel”.
>
>
> Why devel instead of main [1]?
>
> [1] 
> https://lore.kernel.org/git/pull.656.v4.git.1593009996.gitgitgad...@gmail.com/

Personally, the only advantage of 'main' is muscle memory of m[tab].

Semantically it's not the 'main' branch, it's the active development
branch.  Thus, devel.

Ross

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#160944): 
https://lists.openembedded.org/g/openembedded-core/message/160944
Mute This Topic: https://lists.openembedded.org/mt/88674712/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] Yocto Project Status WW04`22

[Stephen Jolley]

Current Dev Position: YP 3.5 M3

Next Deadline: 21th Feb. 2022 YP 3.5 M3 build

 

Next Team Meetings:

*   Bug Triage meeting Thursday Jan. 27th 7:30 am PDT (

https://zoom.us/j/454367603?pwd=ZGxoa2ZXL3FkM3Y0bFd5aVpHVVZ6dz09)
*   Monthly Project Meeting Tuesday Feb. 1st at 8 am PDT (

https://zoom.us/j/990892712?pwd=cHU1MjhoM2x6ck81bkcrYjRrcmJsUT09
 )
*   Weekly Engineering Sync Tuesday Jan. 25th at 8 am PDT (

https://zoom.us/j/990892712?pwd=cHU1MjhoM2x6ck81bkcrYjRrcmJsUT09
 )
*   Twitch -  See https://www.twitch.tv/theyoctojester

 

Key Status/Updates:

*   YP 3.5 M2 finally built today after a number of autobuilder build
issues and is now in QA
*   Building M2 was fairly painful as various sstate error/warning code
paths were exposed in release builds, there were some infrastructure issues,
some test reporting bugs and other bugs like that in systemtap on arm and a
reproducibility issue, all of which combined to break the release builds in
different ways. Hopefully most of these are now addressed or in the process
of being fixed/tested.
*   Upstream glibc are planning to remove prelink support in 2.35 with

patches proposed on their mailing list. The project is unlikely to be able
to continue to maintain any prelink support once this happens and we will
therefore remove our prelink support before the next LTS unless the
situation changes and maintainers step forward.
*   An
 email
proposing inclusive language changes for bitbake and OE-Core has been sent
to the community for review. The aim is to implement this before M3.
*   The debian9 autobuilder issues were hardware related and fixes for
the arm systemtap issues are being tested but autobuilder intermittent
issues are still at an all time high.
*
 CVE metrics improved for master but work still remains
on the various stable branches which have high counts.
*   Intermittent issues continue to be at record high levels and help is
very much welcome in trying to resolve them. You can see the list of
failures we're continuing to see by searching for the "AB-INT" tag in
bugzilla:

https://bugzilla.yoctoproject.org/buglist.cgi?quicksearch=AB-INT

 

Ways to contribute:

*   There are bugs identified as possible for newcomers to the project:

https://wiki.yoctoproject.org/wiki/Newcomers
*   There are bugs that are currently unassigned for YP 3.5. See:

https://wiki.yoctoproject.org/wiki/Bug_Triage#Medium.2B_3.5_Unassigned_Enhan
cements.2FBugs
*   We'd welcome new maintainers for recipes in OE-Core. Please see the
list at:

http://git.yoctoproject.org/cgit.cgi/poky/tree/meta/conf/distro/include/main
tainers.inc and discuss with the existing maintainer, or ask on the OE-Core
mailing list. We will likely move a chunk of these to "Unassigned" soon to
help facilitate this.

 

YP 3.5 Milestone Dates:

*   YP 3.5 M2 is built
*   YP 3.5 M2 Release date 2022/01/28
*   YP 3.5 M3 build date 2022/02/21
*   YP 3.5 M3 Release date 2022/03/04
*   YP 3.5 M4 build date 2022/04/04
*   YP 3.5 M4 Release date 2022/04/29

 

Upcoming dot releases:

*   YP 3.1.14 build date 2022/01/24
*   YP 3.1.14 Release date 2022/02/04
*   YP 3.4.2 build date 2022/02/07
*   YP 3.4.2 Release date 2022/02/18
*   YP 3.3.5 build date 2022/02/14
*   YP 3.3.5 Release date 2022/02/25
*   YP 3.1.15 build date 2022/03/14
*   YP 3.1.15 Release date 2022/03/25
*   YP 3.4.3 build date 2022/03/21
*   YP 3.4.3 Release date 2022/04/01
*   YP 3.3.6 build date 2022/03/28
*   YP 3.3.6 Release date 2022/04/08
*   YP 3.1.16 build date 2022/04/25
*   YP 3.1.16 Release date 2022/05/06

 

Tracking Metrics:

*   WDD 2700 (last week 2675) (

https://wiki.yoctoproject.org/charts/combo.html)
*   OE-Core/Poky Patch Metrics

*   Total patches found: 1230 (last week 1229)
*   Patches in the Pending State: 340 (28%) [last week 345 (28%)]

 

The Yocto Project's technical governance is through its Technical Steering
Committee, more information is available at:

 

Re: [OE-core] Inclusive Language Proposal for YP/OE

[Chuck Wolber]

On Mon, Jan 24, 2022 at 8:18 AM Jon Mason  wrote:

%< SNIP %<


> Branch Names
> The “master” branches on the relevant OpenEmbedded and Yocto Project
> git trees will be changed to an alternative name at some point in the
> future.  The current preferred name is “devel”.
>

Why devel instead of main [1]?

[1]
https://lore.kernel.org/git/pull.656.v4.git.1593009996.gitgitgad...@gmail.com/

..Ch:W..



-- 
*"Perfection must be reached by degrees; she requires the slow hand of
time." - Voltaire*

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#160942): 
https://lists.openembedded.org/g/openembedded-core/message/160942
Mute This Topic: https://lists.openembedded.org/mt/88650128/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[oe-core][PATCHv3] libical: build gobject and vala introspection

[Markus Volk]

Signed-off-by: Markus Volk 
---
 meta/recipes-support/libical/libical_3.0.12.bb | 7 ++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/meta/recipes-support/libical/libical_3.0.12.bb 
b/meta/recipes-support/libical/libical_3.0.12.bb
index b2b2211b9b..832d244672 100644
--- a/meta/recipes-support/libical/libical_3.0.12.bb
+++ b/meta/recipes-support/libical/libical_3.0.12.bb
@@ -16,7 +16,7 @@ SRC_URI = 
"https://github.com/${BPN}/${BPN}/releases/download/v${PV}/${BP}.tar.g
 SRC_URI[sha256sum] = 
"35095a4cc1a061a3de0f332c2dc728226cf127fa0baa818e9f8856cee6d35830"
 UPSTREAM_CHECK_URI = "https://github.com/libical/libical/releases;
 
-inherit cmake pkgconfig
+inherit cmake pkgconfig gobject-introspection vala
 
 DEPENDS += "libical-native"
 
@@ -32,6 +32,11 @@ EXTRA_OECMAKE += "-DPERL_EXECUTABLE=${HOSTTOOLS_DIR}/perl"
 EXTRA_OECMAKE += "-DLIBICAL_BUILD_TESTING=false"
 # doc build fails with linker error (??) for libical-glib so disable it
 EXTRA_OECMAKE += "-DICAL_BUILD_DOCS=false"
+# gobject-introspection
+EXTRA_OECMAKE:append:class-target = " 
-DGObjectIntrospection_COMPILER=${STAGING_BINDIR}/g-ir-compiler-wrapper"
+EXTRA_OECMAKE:append:class-target = " 
-DGObjectIntrospection_SCANNER=${STAGING_BINDIR}/g-ir-scanner-wrapper"
+EXTRA_OECMAKE += "-DVAPIGEN=${STAGING_BINDIR_NATIVE}/vapigen"
+EXTRA_OECMAKE += "${@bb.utils.contains('GI_DATA_ENABLED', 'True', 
'-DGOBJECT_INTROSPECTION=ON -DICAL_GLIB_VAPI=ON', 
'-DGOBJECT_INTROSPECTION=OFF', d)}"
 
 # Tell the cross-libical where the tool it needs to build is
 EXTRA_OECMAKE:append:class-target = " 
-DIMPORT_ICAL_GLIB_SRC_GENERATOR=${STAGING_LIBDIR_NATIVE}/cmake/LibIcal/IcalGlibSrcGenerator.cmake"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#160941): 
https://lists.openembedded.org/g/openembedded-core/message/160941
Mute This Topic: https://lists.openembedded.org/mt/88673432/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH 2/2] core-image-sato-sdk: allocate more memory when in qemu

[Alexander Kanavin]

qemuarm shows something different:
https://autobuilder.yoctoproject.org/typhoon/#/builders/53/builds/4653/steps/13/logs/stdio

Alex

On Tue, 25 Jan 2022 at 16:10, Alexander Kanavin 
wrote:

> Seems to not work on arm(32):
>
> Central error: [5.282955] vmap allocation for size 1052672 failed: use 
> vmalloc= to increase size
>
> https://autobuilder.yoctoproject.org/typhoon/#/builders/110/builds/3528/steps/13/logs/stdio
>
> Alex
>
>
> On Mon, 24 Jan 2022 at 19:12, Ross Burton  wrote:
>
>> Compiling code is memory-intensive, especially kernel modules like the
>> SystemTap probes, so give the VM 1GB of RAM.
>>
>> Hopefully this solves the intermittent failures caused by OOMs during
>> the SystemTap test.
>>
>> [ YOCTO #14673 ]
>>
>> Signed-off-by: Ross Burton 
>> ---
>>  meta/recipes-sato/images/core-image-sato-sdk.bb | 3 +++
>>  1 file changed, 3 insertions(+)
>>
>> diff --git a/meta/recipes-sato/images/core-image-sato-sdk.bb
>> b/meta/recipes-sato/images/core-image-sato-sdk.bb
>> index b52de0def02..7df8d00971c 100644
>> --- a/meta/recipes-sato/images/core-image-sato-sdk.bb
>> +++ b/meta/recipes-sato/images/core-image-sato-sdk.bb
>> @@ -10,3 +10,6 @@ IMAGE_FEATURES += "dev-pkgs tools-sdk \
>>
>>  IMAGE_INSTALL += "kernel-devsrc"
>>
>> +# Compiling stuff, specifically SystemTap probes, can require lots of
>> memory
>> +# See https://bugzilla.yoctoproject.org/show_bug.cgi?id=14673
>> +QB_MEM = '-m 1024'
>> --
>> 2.25.1
>>
>>
>> 
>>
>>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#160940): 
https://lists.openembedded.org/g/openembedded-core/message/160940
Mute This Topic: https://lists.openembedded.org/mt/88653349/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH 2/2] core-image-sato-sdk: allocate more memory when in qemu

[Alexander Kanavin]

Seems to not work on arm(32):

Central error: [5.282955] vmap allocation for size 1052672 failed:
use vmalloc= to increase size

https://autobuilder.yoctoproject.org/typhoon/#/builders/110/builds/3528/steps/13/logs/stdio

Alex


On Mon, 24 Jan 2022 at 19:12, Ross Burton  wrote:

> Compiling code is memory-intensive, especially kernel modules like the
> SystemTap probes, so give the VM 1GB of RAM.
>
> Hopefully this solves the intermittent failures caused by OOMs during
> the SystemTap test.
>
> [ YOCTO #14673 ]
>
> Signed-off-by: Ross Burton 
> ---
>  meta/recipes-sato/images/core-image-sato-sdk.bb | 3 +++
>  1 file changed, 3 insertions(+)
>
> diff --git a/meta/recipes-sato/images/core-image-sato-sdk.bb
> b/meta/recipes-sato/images/core-image-sato-sdk.bb
> index b52de0def02..7df8d00971c 100644
> --- a/meta/recipes-sato/images/core-image-sato-sdk.bb
> +++ b/meta/recipes-sato/images/core-image-sato-sdk.bb
> @@ -10,3 +10,6 @@ IMAGE_FEATURES += "dev-pkgs tools-sdk \
>
>  IMAGE_INSTALL += "kernel-devsrc"
>
> +# Compiling stuff, specifically SystemTap probes, can require lots of
> memory
> +# See https://bugzilla.yoctoproject.org/show_bug.cgi?id=14673
> +QB_MEM = '-m 1024'
> --
> 2.25.1
>
>
> 
>
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#160939): 
https://lists.openembedded.org/g/openembedded-core/message/160939
Mute This Topic: https://lists.openembedded.org/mt/88653349/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core][PATCHv2] libical: build gobject and vala introspection

[Markus Volk]

but with this no gir files are created at all

Am 25.01.22 um 15:39 schrieb Markus Volk:

it also compiles here like this:

EXTRA_OECMAKE:class-target += 
"-DGObjectIntrospection_COMPILER=${STAGING_BINDIR}/g-ir-compiler-wrapper"
EXTRA_OECMAKE:class-target += 
"-DGObjectIntrospection_SCANNER=${STAGING_BINDIR}/g-ir-scanner-wrapper 
-DICAL_BUILD_DOCS=false"


no idea why i have to explicitly disable ICAL_BUILD_DOCS or it'll fail 
with linker error. But nevertheless. This may also help



Am 25.01.22 um 15:27 schrieb Markus Volk:
it doesn't break on my machine but according to the log it fails at 
trying to create gir for native.  Does this line help solving the issue?


EXTRA_OECMAKE:class-native += "-DGOBJECT_INTROSPECTION=OFF 
-DICAL_BUILD_DOCS=false"


Am 25.01.22 um 14:31 schrieb Richard Purdie:

On Fri, 2022-01-21 at 04:56 +0100, Markus Volk wrote:

Signed-off-by: Markus Volk 
---
  meta/recipes-support/libical/libical_3.0.12.bb | 7 ++-
  1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/meta/recipes-support/libical/libical_3.0.12.bb 
b/meta/recipes-support/libical/libical_3.0.12.bb

index b2b2211b9b..614a76ba5b 100644
--- a/meta/recipes-support/libical/libical_3.0.12.bb
+++ b/meta/recipes-support/libical/libical_3.0.12.bb
@@ -16,7 +16,7 @@ SRC_URI = 
"https://github.com/${BPN}/${BPN}/releases/download/v${PV}/${BP}.tar.g
  SRC_URI[sha256sum] = 
"35095a4cc1a061a3de0f332c2dc728226cf127fa0baa818e9f8856cee6d35830"

  UPSTREAM_CHECK_URI = "https://github.com/libical/libical/releases;
  -inherit cmake pkgconfig
+inherit cmake pkgconfig gobject-introspection vala
    DEPENDS += "libical-native"
  @@ -32,6 +32,11 @@ EXTRA_OECMAKE += 
"-DPERL_EXECUTABLE=${HOSTTOOLS_DIR}/perl"

  EXTRA_OECMAKE += "-DLIBICAL_BUILD_TESTING=false"
  # doc build fails with linker error (??) for libical-glib so 
disable it

  EXTRA_OECMAKE += "-DICAL_BUILD_DOCS=false"
+# gobject-introspection
+EXTRA_OECMAKE += 
"-DGObjectIntrospection_COMPILER=${STAGING_BINDIR}/g-ir-compiler-wrapper"
+EXTRA_OECMAKE += 
"-DGObjectIntrospection_SCANNER=${STAGING_BINDIR}/g-ir-scanner-wrapper" 


+EXTRA_OECMAKE += "-DVAPIGEN=${STAGING_BINDIR_NATIVE}/vapigen"
+EXTRA_OECMAKE += "${@bb.utils.contains('GI_DATA_ENABLED', 'True', 
'-DGOBJECT_INTROSPECTION=ON -DICAL_GLIB_VAPI=ON', 
'-DGOBJECT_INTROSPECTION=OFF', d)}"

    # Tell the cross-libical where the tool it needs to build is
  EXTRA_OECMAKE:append:class-target = " 
-DIMPORT_ICAL_GLIB_SRC_GENERATOR=${STAGING_LIBDIR_NATIVE}/cmake/LibIcal/IcalGlibSrcGenerator.cmake"


Looks like this breaks libical-native:

https://autobuilder.yoctoproject.org/typhoon/#/builders/76/builds/4618
https://autobuilder.yoctoproject.org/typhoon/#/builders/64/builds/4645

and many more in that build.

Cheers,

Richard













-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#160938): 
https://lists.openembedded.org/g/openembedded-core/message/160938
Mute This Topic: https://lists.openembedded.org/mt/88576745/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [hardknott][PATCH 1/2] glibc : Fix CVE-2021-3998

[Anuj Mittal]

Can you please rebase all the glibc CVE patches for hardknott on top
of:

https://git.yoctoproject.org/poky-contrib/log/?h=anujm/hardknott

and re-send the ones that are needed?

Thanks,

Anuj

On Tue, 2022-01-25 at 03:26 -0800, pgowda wrote:
> Upstream-Status: Backport
> [https://sourceware.org/git/?p=glibc.git;a=commit;h=fb7bff12e81c677a6
> 622f724edd4d4987dd9d971]
> Upstream-Status: Backport
> [https://sourceware.org/git/?p=glibc.git;a=commit;h=ee8d5e33adb284601
> c00c94687bc907e10aec9bb]
> Upstream-Status: Backport
> [https://sourceware.org/git/?p=glibc.git;a=commit;h=84d2d0fe20bdf94fe
> ed82b21b4d7d136db471f03]
> 
> Signed-off-by: pgowda 
> ---
>  .../glibc/glibc/0001-CVE-2021-3998.patch  | 282
> ++
>  .../glibc/glibc/0002-CVE-2021-3998.patch  | 138 +
>  .../glibc/glibc/0003-CVE-2021-3998.patch  |  35 +++
>  meta/recipes-core/glibc/glibc_2.33.bb |   3 +
>  4 files changed, 458 insertions(+)
>  create mode 100644 meta/recipes-core/glibc/glibc/0001-CVE-2021-
> 3998.patch
>  create mode 100644 meta/recipes-core/glibc/glibc/0002-CVE-2021-
> 3998.patch
>  create mode 100644 meta/recipes-core/glibc/glibc/0003-CVE-2021-
> 3998.patch
> 
> diff --git a/meta/recipes-core/glibc/glibc/0001-CVE-2021-3998.patch
> b/meta/recipes-core/glibc/glibc/0001-CVE-2021-3998.patch
> new file mode 100644
> index 00..32aa0eb348
> --- /dev/null
> +++ b/meta/recipes-core/glibc/glibc/0001-CVE-2021-3998.patch
> @@ -0,0 +1,282 @@
> +From fb7bff12e81c677a6622f724edd4d4987dd9d971 Mon Sep 17 00:00:00
> 2001
> +From: Siddhesh Poyarekar 
> +Date: Tue, 18 Jan 2022 13:29:36 +0530
> +Subject: [PATCH] support: Add helpers to create paths longer than
> PATH_MAX
> +
> +Add new helpers support_create_and_chdir_toolong_temp_directory and
> +support_chdir_toolong_temp_directory to create and descend into
> +directory trees longer than PATH_MAX.
> +
> +Reviewed-by: Adhemerval Zanella  
> +Signed-off-by: Siddhesh Poyarekar 
> +
> +Upstream-Status: Backport
> [https://sourceware.org/git/?p=glibc.git;a=commit;h=fb7bff12e81c677a6
> 622f724edd4d4987dd9d971]
> +CVE: CVE-2021-3998
> +
> +Signed-off-by: Pgowda 
> +---
> + support/temp_file.c | 159
> +---
> + support/temp_file.h |   9 +++
> + 2 files changed, 159 insertions(+), 9 deletions(-)
> +
> +diff --git a/support/temp_file.c b/support/temp_file.c
> +index e7bb8aadb9..e41128c2d4 100644
> +--- a/support/temp_file.c
>  b/support/temp_file.c
> +@@ -1,5 +1,6 @@
> + /* Temporary file handling for tests.
> +    Copyright (C) 1998-2021 Free Software Foundation, Inc.
> ++   Copyright The GNU Tools Authors.
> +    This file is part of the GNU C Library.
> + 
> +    The GNU C Library is free software; you can redistribute it
> and/or
> +@@ -20,15 +21,17 @@
> +    some 32-bit platforms. */
> + #define _FILE_OFFSET_BITS 64
> + 
> ++#include 
> + #include 
> + #include 
> + #include 
> + 
> ++#include 
> + #include 
> + #include 
> + #include 
> + #include 
> +-#include 
> ++#include 
> + 
> + /* List of temporary files.  */
> + static struct temp_name_list
> +@@ -36,14 +39,20 @@ static struct temp_name_list
> +   struct temp_name_list *next;
> +   char *name;
> +   pid_t owner;
> ++  bool toolong;
> + } *temp_name_list;
> + 
> + /* Location of the temporary files.  Set by the test skeleton via
> +    support_set_test_dir.  The string is not be freed.  */
> + static const char *test_dir = _PATH_TMP;
> + 
> +-void
> +-add_temp_file (const char *name)
> ++/* Name of subdirectories in a too long temporary directory tree. 
> */
> ++static char toolong_subdir[NAME_MAX + 1];
> ++static bool toolong_initialized;
> ++static size_t toolong_path_max;
> ++
> ++static void
> ++add_temp_file_internal (const char *name, bool toolong)
> + {
> +   struct temp_name_list *newp
> + = (struct temp_name_list *) xcalloc (sizeof (*newp), 1);
> +@@ -53,12 +62,19 @@ add_temp_file (const char *name)
> +   newp->name = newname;
> +   newp->next = temp_name_list;
> +   newp->owner = getpid ();
> ++  newp->toolong = toolong;
> +   temp_name_list = newp;
> + }
> +   else
> + free (newp);
> + }
> + 
> ++void
> ++add_temp_file (const char *name)
> ++{
> ++  add_temp_file_internal (name, false);
> ++}
> ++
> + int
> + create_temp_file_in_dir (const char *base, const char *dir, char
> **filename)
> + {
> +@@ -90,8 +106,8 @@ create_temp_file (const char *base, char
> +   return create_temp_file_in_dir (base, test_dir, filename);
> + }
> + 
> +-char *
> +-support_create_temp_directory (const char *base)
> ++static char *
> ++create_temp_directory_internal (const char *base, bool toolong)
> + {
> +   char *path = xasprintf ("%s/%sXX", test_dir, base);
> +   if (mkdtemp (path) == NULL)
> +@@ -99,16 +115,132 @@ support_create_temp_directory (const cha
> +   printf ("error: mkdtemp (\"%s\"): %m", path);
> +   exit (1);
> + }
> +-  add_temp_file (path);
> ++  add_temp_file_internal (path, toolong);
> +   return 

Re: [OE-core][PATCHv2] libical: build gobject and vala introspection

[Markus Volk]

it also compiles here like this:

EXTRA_OECMAKE:class-target += 
"-DGObjectIntrospection_COMPILER=${STAGING_BINDIR}/g-ir-compiler-wrapper"
EXTRA_OECMAKE:class-target += 
"-DGObjectIntrospection_SCANNER=${STAGING_BINDIR}/g-ir-scanner-wrapper 
-DICAL_BUILD_DOCS=false"


no idea why i have to explicitly disable ICAL_BUILD_DOCS or it'll fail 
with linker error. But nevertheless. This may also help



Am 25.01.22 um 15:27 schrieb Markus Volk:
it doesn't break on my machine but according to the log it fails at 
trying to create gir for native.  Does this line help solving the issue?


EXTRA_OECMAKE:class-native += "-DGOBJECT_INTROSPECTION=OFF 
-DICAL_BUILD_DOCS=false"


Am 25.01.22 um 14:31 schrieb Richard Purdie:

On Fri, 2022-01-21 at 04:56 +0100, Markus Volk wrote:

Signed-off-by: Markus Volk 
---
  meta/recipes-support/libical/libical_3.0.12.bb | 7 ++-
  1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/meta/recipes-support/libical/libical_3.0.12.bb 
b/meta/recipes-support/libical/libical_3.0.12.bb

index b2b2211b9b..614a76ba5b 100644
--- a/meta/recipes-support/libical/libical_3.0.12.bb
+++ b/meta/recipes-support/libical/libical_3.0.12.bb
@@ -16,7 +16,7 @@ SRC_URI = 
"https://github.com/${BPN}/${BPN}/releases/download/v${PV}/${BP}.tar.g
  SRC_URI[sha256sum] = 
"35095a4cc1a061a3de0f332c2dc728226cf127fa0baa818e9f8856cee6d35830"

  UPSTREAM_CHECK_URI = "https://github.com/libical/libical/releases;
  -inherit cmake pkgconfig
+inherit cmake pkgconfig gobject-introspection vala
    DEPENDS += "libical-native"
  @@ -32,6 +32,11 @@ EXTRA_OECMAKE += 
"-DPERL_EXECUTABLE=${HOSTTOOLS_DIR}/perl"

  EXTRA_OECMAKE += "-DLIBICAL_BUILD_TESTING=false"
  # doc build fails with linker error (??) for libical-glib so 
disable it

  EXTRA_OECMAKE += "-DICAL_BUILD_DOCS=false"
+# gobject-introspection
+EXTRA_OECMAKE += 
"-DGObjectIntrospection_COMPILER=${STAGING_BINDIR}/g-ir-compiler-wrapper"
+EXTRA_OECMAKE += 
"-DGObjectIntrospection_SCANNER=${STAGING_BINDIR}/g-ir-scanner-wrapper"

+EXTRA_OECMAKE += "-DVAPIGEN=${STAGING_BINDIR_NATIVE}/vapigen"
+EXTRA_OECMAKE += "${@bb.utils.contains('GI_DATA_ENABLED', 'True', 
'-DGOBJECT_INTROSPECTION=ON -DICAL_GLIB_VAPI=ON', 
'-DGOBJECT_INTROSPECTION=OFF', d)}"

    # Tell the cross-libical where the tool it needs to build is
  EXTRA_OECMAKE:append:class-target = " 
-DIMPORT_ICAL_GLIB_SRC_GENERATOR=${STAGING_LIBDIR_NATIVE}/cmake/LibIcal/IcalGlibSrcGenerator.cmake"


Looks like this breaks libical-native:

https://autobuilder.yoctoproject.org/typhoon/#/builders/76/builds/4618
https://autobuilder.yoctoproject.org/typhoon/#/builders/64/builds/4645

and many more in that build.

Cheers,

Richard









-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#160936): 
https://lists.openembedded.org/g/openembedded-core/message/160936
Mute This Topic: https://lists.openembedded.org/mt/88576745/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core][PATCHv2] libical: build gobject and vala introspection

[Markus Volk]

it doesn't break on my machine but according to the log it fails at 
trying to create gir for native.  Does this line help solving the issue?


EXTRA_OECMAKE:class-native += "-DGOBJECT_INTROSPECTION=OFF 
-DICAL_BUILD_DOCS=false"


Am 25.01.22 um 14:31 schrieb Richard Purdie:

On Fri, 2022-01-21 at 04:56 +0100, Markus Volk wrote:

Signed-off-by: Markus Volk 
---
  meta/recipes-support/libical/libical_3.0.12.bb | 7 ++-
  1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/meta/recipes-support/libical/libical_3.0.12.bb 
b/meta/recipes-support/libical/libical_3.0.12.bb
index b2b2211b9b..614a76ba5b 100644
--- a/meta/recipes-support/libical/libical_3.0.12.bb
+++ b/meta/recipes-support/libical/libical_3.0.12.bb
@@ -16,7 +16,7 @@ SRC_URI = 
"https://github.com/${BPN}/${BPN}/releases/download/v${PV}/${BP}.tar.g
  SRC_URI[sha256sum] = 
"35095a4cc1a061a3de0f332c2dc728226cf127fa0baa818e9f8856cee6d35830"
  UPSTREAM_CHECK_URI = "https://github.com/libical/libical/releases;
  
-inherit cmake pkgconfig

+inherit cmake pkgconfig gobject-introspection vala
  
  DEPENDS += "libical-native"
  
@@ -32,6 +32,11 @@ EXTRA_OECMAKE += "-DPERL_EXECUTABLE=${HOSTTOOLS_DIR}/perl"

  EXTRA_OECMAKE += "-DLIBICAL_BUILD_TESTING=false"
  # doc build fails with linker error (??) for libical-glib so disable it
  EXTRA_OECMAKE += "-DICAL_BUILD_DOCS=false"
+# gobject-introspection
+EXTRA_OECMAKE += 
"-DGObjectIntrospection_COMPILER=${STAGING_BINDIR}/g-ir-compiler-wrapper"
+EXTRA_OECMAKE += 
"-DGObjectIntrospection_SCANNER=${STAGING_BINDIR}/g-ir-scanner-wrapper"
+EXTRA_OECMAKE += "-DVAPIGEN=${STAGING_BINDIR_NATIVE}/vapigen"
+EXTRA_OECMAKE += "${@bb.utils.contains('GI_DATA_ENABLED', 'True', 
'-DGOBJECT_INTROSPECTION=ON -DICAL_GLIB_VAPI=ON', '-DGOBJECT_INTROSPECTION=OFF', d)}"
  
  # Tell the cross-libical where the tool it needs to build is

  EXTRA_OECMAKE:append:class-target = " 
-DIMPORT_ICAL_GLIB_SRC_GENERATOR=${STAGING_LIBDIR_NATIVE}/cmake/LibIcal/IcalGlibSrcGenerator.cmake"


Looks like this breaks libical-native:

https://autobuilder.yoctoproject.org/typhoon/#/builders/76/builds/4618
https://autobuilder.yoctoproject.org/typhoon/#/builders/64/builds/4645

and many more in that build.

Cheers,

Richard





-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#160935): 
https://lists.openembedded.org/g/openembedded-core/message/160935
Mute This Topic: https://lists.openembedded.org/mt/88576745/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [honister][PATCH 13/13] glibc : Fix CVE-2022-23219

[Anuj Mittal]

From: Sundeep KOKKONDA 

Upstream-Status: Backport 
[https://sourceware.org/git/?p=glibc.git;a=commit;h=226b46770c82899b555986583294b049c6ec9b40]
Upstream-Status: Backport 
[https://sourceware.org/git/?p=glibc.git;a=commit;h=ef972a4c50014a16132b5c75571cfb6b30bef136]

Signed-off-by: pgowda 
Signed-off-by: Richard Purdie 
(cherry picked from commit 6ad7240c732dd63e74ac32588b92241030c194ae)
Signed-off-by: Anuj Mittal 
---
 .../glibc/glibc/0001-CVE-2022-23219.patch | 55 
 .../glibc/glibc/0002-CVE-2022-23219.patch | 89 +++
 meta/recipes-core/glibc/glibc_2.34.bb |  2 +
 3 files changed, 146 insertions(+)
 create mode 100644 meta/recipes-core/glibc/glibc/0001-CVE-2022-23219.patch
 create mode 100644 meta/recipes-core/glibc/glibc/0002-CVE-2022-23219.patch

diff --git a/meta/recipes-core/glibc/glibc/0001-CVE-2022-23219.patch 
b/meta/recipes-core/glibc/glibc/0001-CVE-2022-23219.patch
new file mode 100644
index 00..261c2909db
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/0001-CVE-2022-23219.patch
@@ -0,0 +1,55 @@
+From 226b46770c82899b555986583294b049c6ec9b40 Mon Sep 17 00:00:00 2001
+From: Florian Weimer 
+Date: Mon, 17 Jan 2022 10:21:34 +0100
+Subject: [PATCH] CVE-2022-23219: Buffer overflow in sunrpc clnt_create for
+ "unix" (bug 22542)
+
+Processing an overlong pathname in the sunrpc clnt_create function
+results in a stack-based buffer overflow.
+
+Upstream-Status: Backport 
[https://sourceware.org/git/?p=glibc.git;a=commit;h=226b46770c82899b555986583294b049c6ec9b40]
+CVE: CVE-2022-23219
+
+Reviewed-by: Siddhesh Poyarekar 
+Signed-off-by: Pgowda 
+---
+ NEWS  |  4 +++-
+ sunrpc/clnt_gen.c | 10 +++---
+ 2 files changed, 10 insertions(+), 4 deletions(-)
+
+diff --git a/NEWS b/NEWS
+index ddd95a8329..38a9ddb2cf 100644
+--- a/NEWS
 b/NEWS
+@@ -206,6 +206,10 @@ Security related changes:
+   CVE-2022-23218: Passing an overlong file name to the svcunix_create
+   legacy function could result in a stack-based buffer overflow.
+ 
++  CVE-2022-23219: Passing an overlong file name to the clnt_create
++  legacy function could result in a stack-based buffer overflow when
++  using the "unix" protocol.  Reported by Martin Sebor.
++
+ The following bugs are resolved with this release:
+ 
+   [4737] libc: fork is not async-signal-safe
+diff --git a/sunrpc/clnt_gen.c b/sunrpc/clnt_gen.c
+index 13ced8994e..b44357cd88 100644
+--- a/sunrpc/clnt_gen.c
 b/sunrpc/clnt_gen.c
+@@ -57,9 +57,13 @@ clnt_create (const char *hostname, u_lon
+ 
+   if (strcmp (proto, "unix") == 0)
+ {
+-  memset ((char *), 0, sizeof (sun));
+-  sun.sun_family = AF_UNIX;
+-  strcpy (sun.sun_path, hostname);
++  if (__sockaddr_un_set (, hostname) < 0)
++  {
++struct rpc_createerr *ce = _rpc_createerr ();
++ce->cf_stat = RPC_SYSTEMERROR;
++ce->cf_error.re_errno = errno;
++return NULL;
++  }
+   sock = RPC_ANYSOCK;
+   client = clntunix_create (, prog, vers, , 0, 0);
+   if (client == NULL)
diff --git a/meta/recipes-core/glibc/glibc/0002-CVE-2022-23219.patch 
b/meta/recipes-core/glibc/glibc/0002-CVE-2022-23219.patch
new file mode 100644
index 00..6779e9afdf
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/0002-CVE-2022-23219.patch
@@ -0,0 +1,89 @@
+From ef972a4c50014a16132b5c75571cfb6b30bef136 Mon Sep 17 00:00:00 2001
+From: Martin Sebor 
+Date: Mon, 17 Jan 2022 10:21:34 +0100
+Subject: [PATCH] sunrpc: Test case for clnt_create "unix" buffer overflow (bug
+ 22542)
+
+Upstream-Status: Backport 
[https://sourceware.org/git/?p=glibc.git;a=commit;h=ef972a4c50014a16132b5c75571cfb6b30bef136]
+CVE: CVE-2022-23219
+
+Reviewed-by: Siddhesh Poyarekar 
+Signed-off-by: Pgowda 
+---
+ sunrpc/Makefile   |  5 -
+ sunrpc/tst-bug22542.c | 44 +++
+ 2 files changed, 48 insertions(+), 1 deletion(-)
+ create mode 100644 sunrpc/tst-bug22542.c
+
+diff --git a/sunrpc/Makefile b/sunrpc/Makefile
+index 9a31fe48b9..183ef3dc55 100644
+--- a/sunrpc/Makefile
 b/sunrpc/Makefile
+@@ -65,7 +65,7 @@ shared-only-routines = $(routines)
+ endif
+ 
+ tests = tst-xdrmem tst-xdrmem2 test-rpcent tst-udp-error tst-udp-timeout \
+-  tst-udp-nonblocking tst-bug28768
++  tst-udp-nonblocking tst-bug22542 tst-bug28768
+ xtests := tst-getmyaddr
+ 
+ ifeq ($(have-thread-library),yes)
+@@ -110,6 +110,8 @@ $(objpfx)tst-udp-nonblocking: $(common-o
+ $(objpfx)tst-udp-garbage: \
+   $(common-objpfx)linkobj/libc.so $(shared-thread-library)
+ 
++$(objpfx)tst-bug22542: $(common-objpfx)linkobj/libc.so
++
+ else # !have-GLIBC_2.31
+ 
+ routines = $(routines-for-nss)
+diff --git a/sunrpc/tst-bug22542.c b/sunrpc/tst-bug22542.c
+new file mode 100644
+index 00..d6cd79787b
+--- /dev/null
 b/sunrpc/tst-bug22542.c
+@@ -0,0 +1,44 @@
++/* Test to verify that overlong hostname is rejected by clnt_create
++   and doesn't cause a buffer overflow (bug  22542).
++
++   Copyright (C) 2022 Free Software Foundation, 

[OE-core] [honister][PATCH 12/13] glibc : Fix CVE-2022-23218

[Anuj Mittal]

From: Sundeep KOKKONDA 

Upstream-Status: Backport 
[https://sourceware.org/git/?p=glibc.git;a=commit;h=e368b12f6c16b6888dda99ba641e999b9c9643c8]
Upstream-Status: Backport
[https://sourceware.org/git/?p=glibc.git;a=commit;h=f545ad4928fa1f27a3075265182b38a4f939a5f7]

Signed-off-by: pgowda 
Signed-off-by: Richard Purdie 
(cherry picked from commit 83fa93b5fdb10a589bad2a9fc83552df8f1dbf28)
Signed-off-by: Anuj Mittal 
---
 .../glibc/glibc/0001-CVE-2022-23218.patch | 178 ++
 .../glibc/glibc/0002-CVE-2022-23218.patch | 126 +
 meta/recipes-core/glibc/glibc_2.34.bb |   2 +
 3 files changed, 306 insertions(+)
 create mode 100644 meta/recipes-core/glibc/glibc/0001-CVE-2022-23218.patch
 create mode 100644 meta/recipes-core/glibc/glibc/0002-CVE-2022-23218.patch

diff --git a/meta/recipes-core/glibc/glibc/0001-CVE-2022-23218.patch 
b/meta/recipes-core/glibc/glibc/0001-CVE-2022-23218.patch
new file mode 100644
index 00..4eb1fb7fbe
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/0001-CVE-2022-23218.patch
@@ -0,0 +1,178 @@
+From e368b12f6c16b6888dda99ba641e999b9c9643c8 Mon Sep 17 00:00:00 2001
+From: Florian Weimer 
+Date: Mon, 17 Jan 2022 10:21:34 +0100
+Subject: [PATCH] socket: Add the __sockaddr_un_set function
+
+Upstream-Status: Backport 
[https://sourceware.org/git/?p=glibc.git;a=commit;h=e368b12f6c16b6888dda99ba641e999b9c9643c8]
+CVE: CVE-2022-23219
+
+Reviewed-by: Siddhesh Poyarekar 
+Signed-off-by: Pgowda 
+---
+ include/sys/un.h | 12 +++
+ socket/Makefile  |  6 +++-
+ socket/sockaddr_un_set.c | 41 
+ socket/tst-sockaddr_un_set.c | 62 
+ 4 files changed, 120 insertions(+), 1 deletion(-)
+ create mode 100644 socket/sockaddr_un_set.c
+ create mode 100644 socket/tst-sockaddr_un_set.c
+
+diff --git a/include/sys/un.h b/include/sys/un.h
+index bdbee99980..152afd9fc7 100644
+--- a/include/sys/un.h
 b/include/sys/un.h
+@@ -1 +1,13 @@
+ #include 
++
++#ifndef _ISOMAC
++
++/* Set ADDR->sun_family to AF_UNIX and ADDR->sun_path to PATHNAME.
++   Return 0 on success or -1 on failure (due to overlong PATHNAME).
++   The caller should always use sizeof (struct sockaddr_un) as the
++   socket address length, disregaring the length of PATHNAME.
++   Only concrete (non-abstract) pathnames are supported.  */
++int __sockaddr_un_set (struct sockaddr_un *addr, const char *pathname)
++  attribute_hidden;
++
++#endif /* _ISOMAC */
+diff --git a/socket/Makefile b/socket/Makefile
+index 39333e10ca..156eec6c85 100644
+--- a/socket/Makefile
 b/socket/Makefile
+@@ -29,13 +29,17 @@ headers:= sys/socket.h sys/un.h bits/sockaddr.h 
bits/socket.h \
+ routines := accept bind connect getpeername getsockname getsockopt\
+   listen recv recvfrom recvmsg send sendmsg sendto\
+   setsockopt shutdown socket socketpair isfdtype opensock \
+-  sockatmark accept4 recvmmsg sendmmsg
++  sockatmark accept4 recvmmsg sendmmsg sockaddr_un_set
+ 
+ tests := \
+   tst-accept4 \
+   tst-sockopt \
+   # tests
+ 
++tests-internal := \
++  tst-sockaddr_un_set \
++  # tests-internal
++
+ tests-time64 := \
+   tst-sockopt-time64 \
+   # tests
+diff --git a/socket/sockaddr_un_set.c b/socket/sockaddr_un_set.c
+new file mode 100644
+index 00..0bd40dc34e
+--- /dev/null
 b/socket/sockaddr_un_set.c
+@@ -0,0 +1,41 @@
++/* Set the sun_path member of struct sockaddr_un.
++   Copyright (C) 2022 Free Software Foundation, Inc.
++   This file is part of the GNU C Library.
++
++   The GNU C Library is free software; you can redistribute it and/or
++   modify it under the terms of the GNU Lesser General Public
++   License as published by the Free Software Foundation; either
++   version 2.1 of the License, or (at your option) any later version.
++
++   The GNU C Library is distributed in the hope that it will be useful,
++   but WITHOUT ANY WARRANTY; without even the implied warranty of
++   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++   Lesser General Public License for more details.
++
++   You should have received a copy of the GNU Lesser General Public
++   License along with the GNU C Library; if not, see
++   .  */
++
++#include 
++#include 
++#include 
++#include 
++
++int
++__sockaddr_un_set (struct sockaddr_un *addr, const char *pathname)
++{
++  size_t name_length = strlen (pathname);
++
++  /* The kernel supports names of exactly sizeof (addr->sun_path)
++ bytes, without a null terminator, but userspace does not; see the
++ SUN_LEN macro.  */
++  if (name_length >= sizeof (addr->sun_path))
++{
++  __set_errno (EINVAL); /* Error code used by the kernel.  */
++  return -1;
++}
++
++  addr->sun_family = AF_UNIX;
++  memcpy (addr->sun_path, pathname, name_length + 1);
++  return 0;
++}
+diff --git a/socket/tst-sockaddr_un_set.c b/socket/tst-sockaddr_un_set.c
+new file mode 

[OE-core] [honister][PATCH 11/13] lighttpd: backport a fix for CVE-2022-22707

[Anuj Mittal]

From: Ross Burton 

Backport the fix for CVE-2022-22707, a buffer overflow in mod_extforward.

Signed-off-by: Ross Burton 
Signed-off-by: Richard Purdie 
(cherry picked from commit 7758596613cc442f647fd4625b36532f30e6129f)
Signed-off-by: Anuj Mittal 
---
 ...ix-out-of-bounds-OOB-write-fixes-313.patch | 97 +++
 .../lighttpd/lighttpd_1.4.59.bb   |  1 +
 2 files changed, 98 insertions(+)
 create mode 100644 
meta/recipes-extended/lighttpd/lighttpd/0001-mod_extforward-fix-out-of-bounds-OOB-write-fixes-313.patch

diff --git 
a/meta/recipes-extended/lighttpd/lighttpd/0001-mod_extforward-fix-out-of-bounds-OOB-write-fixes-313.patch
 
b/meta/recipes-extended/lighttpd/lighttpd/0001-mod_extforward-fix-out-of-bounds-OOB-write-fixes-313.patch
new file mode 100644
index 00..f4e93d1065
--- /dev/null
+++ 
b/meta/recipes-extended/lighttpd/lighttpd/0001-mod_extforward-fix-out-of-bounds-OOB-write-fixes-313.patch
@@ -0,0 +1,97 @@
+Upstream-Status: Backport
+CVE: CVE-2022-22707
+Signed-off-by: Ross Burton 
+
+From 27103f3f8b1a2857aa45b889e775435f7daf141f Mon Sep 17 00:00:00 2001
+From: povcfe 
+Date: Wed, 5 Jan 2022 11:11:09 +
+Subject: [PATCH] [mod_extforward] fix out-of-bounds (OOB) write (fixes #3134)
+
+(thx povcfe)
+
+(edited: gstrauss)
+
+There is a potential remote denial of service in lighttpd mod_extforward
+under specific, non-default and uncommon 32-bit lighttpd mod_extforward
+configurations.
+
+Under specific, non-default and uncommon lighttpd mod_extforward
+configurations, a remote attacker can trigger a 4-byte out-of-bounds
+write of value '-1' to the stack. This is not believed to be exploitable
+in any way beyond triggering a crash of the lighttpd server on systems
+where the lighttpd server has been built 32-bit and with compiler flags
+which enable a stack canary -- gcc/clang -fstack-protector-strong or
+-fstack-protector-all, but bug not visible with only -fstack-protector.
+
+With standard lighttpd builds using -O2 optimization on 64-bit x86_64,
+this bug has not been observed to cause adverse behavior, even with
+gcc/clang -fstack-protector-strong.
+
+For the bug to be reachable, the user must be using a non-default
+lighttpd configuration which enables mod_extforward and configures
+mod_extforward to accept and parse the "Forwarded" header from a trusted
+proxy. At this time, support for RFC7239 Forwarded is not common in CDN
+providers or popular web server reverse proxies. It bears repeating that
+for the user to desire to configure lighttpd mod_extforward to accept
+"Forwarded", the user must also be using a trusted proxy (in front of
+lighttpd) which understands and actively modifies the "Forwarded" header
+sent to lighttpd.
+
+lighttpd natively supports RFC7239 "Forwarded"
+hiawatha natively supports RFC7239 "Forwarded"
+
+nginx can be manually configured to add a "Forwarded" header
+https://www.nginx.com/resources/wiki/start/topics/examples/forwarded/
+
+A 64-bit build of lighttpd on x86_64 (not known to be affected by bug)
+in front of another 32-bit lighttpd will detect and reject a malicious
+"Forwarded" request header, thereby thwarting an attempt to trigger
+this bug in an upstream 32-bit lighttpd.
+
+The following servers currently do not natively support RFC7239 Forwarded:
+nginx
+apache2
+caddy
+node.js
+haproxy
+squid
+varnish-cache
+litespeed
+
+Given the general dearth of support for RFC7239 Forwarded in popular
+CDNs and web server reverse proxies, and given the prerequisites in
+lighttpd mod_extforward needed to reach this bug, the number of lighttpd
+servers vulnerable to this bug is estimated to be vanishingly small.
+Large systems using reverse proxies are likely running 64-bit lighttpd,
+which is not known to be adversely affected by this bug.
+
+In the future, it is desirable for more servers to implement RFC7239
+Forwarded.  lighttpd developers would like to thank povcfe for reporting
+this bug so that it can be fixed before more CDNs and web servers
+implement RFC7239 Forwarded.
+
+x-ref:
+  "mod_extforward plugin has out-of-bounds (OOB) write of 4-byte -1"
+  https://redmine.lighttpd.net/issues/3134
+  (not yet written or published)
+  CVE-2022-22707
+---
+ src/mod_extforward.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/mod_extforward.c b/src/mod_extforward.c
+index ba957e04..fdaef7f6 100644
+--- a/src/mod_extforward.c
 b/src/mod_extforward.c
+@@ -715,7 +715,7 @@ static handler_t mod_extforward_Forwarded (request_st * 
const r, plugin_data * c
+ while (s[i] == ' ' || s[i] == '\t') ++i;
+ if (s[i] == ';') { ++i; continue; }
+ if (s[i] == ',') {
+-if (j >= (int)(sizeof(offsets)/sizeof(int))) break;
++if (j >= (int)(sizeof(offsets)/sizeof(int))-1) break;
+ offsets[++j] = -1; /*("offset" separating params from next 
proxy)*/
+ ++i;
+ continue;
+-- 
+2.25.1
+
diff --git a/meta/recipes-extended/lighttpd/lighttpd_1.4.59.bb 

[OE-core] [honister][PATCH 10/13] vim: update to include latest CVE fixes

[Anuj Mittal]

From: Ross Burton 

Update the version to 4.2.4118, which incorporates the following CVE
fixes:

- CVE-2021-4187
- CVE-2022-0128
- CVE-2022-0156
- CVE-2022-0158

Also remove the explicit whitelisting of CVE-2021-3968 as this is now
handled with an accurate CPE specifying the fixed version.

Signed-off-by: Ross Burton 
Signed-off-by: Richard Purdie 
(cherry picked from commit 764519ad0da6b881918667ca272fcc273b56168a)
Signed-off-by: Anuj Mittal 
---
 meta/recipes-support/vim/vim.inc | 7 ++-
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc
index 0ddf95ab72..d68fade26a 100644
--- a/meta/recipes-support/vim/vim.inc
+++ b/meta/recipes-support/vim/vim.inc
@@ -20,15 +20,12 @@ SRC_URI = 
"git://github.com/vim/vim.git;branch=master;protocol=https \
file://racefix.patch \
"
 
-PV .= ".3752"
-SRCREV = "8603be338ac810446f23c092f21bc6082f787519"
+PV .= ".4118"
+SRCREV = "0023f82a76cf43a12b41e71f97a2e860d0444e1b"
 
 # Do not consider .z in x.y.z, as that is updated with every commit
 UPSTREAM_CHECK_GITTAGREGEX = "(?P\d+\.\d+)\.0"
 
-# CVE-2021-3968 is related to an issue which was introduced after 8.2, this 
can be removed after 8.3.
-CVE_CHECK_WHITELIST += "CVE-2021-3968"
-
 S = "${WORKDIR}/git"
 
 VIMDIR = "vim${@d.getVar('PV').split('.')[0]}${@d.getVar('PV').split('.')[1]}"
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#160931): 
https://lists.openembedded.org/g/openembedded-core/message/160931
Mute This Topic: https://lists.openembedded.org/mt/88671471/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [honister][PATCH 09/13] vim: upgrade to 8.2 patch 3752

[Anuj Mittal]

From: Ross Burton 

There's a fairly constant flow of CVEs being fixed in Vim, which are
getting increasing non-trivial to backport.

Instead of trying to backport (and potentially introduce more bugs), or
just ignoring them entirely, upgrade vim to the latest patch in the hope
that vim 8.3 will be released before we release Kirkstone.

Signed-off-by: Ross Burton 
Signed-off-by: Richard Purdie 
(cherry picked from commit 78a4796de27d710f97c336d288d797557a58694e)
Signed-off-by: Anuj Mittal 
---
 ...1-reading-character-past-end-of-line.patch |  62 --
 ...src-Makefile-improve-reproducibility.patch |  13 +-
 ...28-using-freed-memory-when-replacing.patch |  83 ---
 ...eading-uninitialized-memory-when-giv.patch |  63 --
 ...rash-when-using-CTRL-W-f-without-fin.patch |  92 
 ...llegal-memory-access-if-buffer-name-.patch |  86 
 ...ml_get-error-after-search-with-range.patch |  72 --
 ...nvalid-memory-access-when-scrolling-.patch |  97 
 .../vim/files/CVE-2021-3778.patch |  61 --
 ...1e135a16091c93f6f5f7525a5c58fb7ca9f9.patch | 207 --
 .../vim/files/disable_acl_header_check.patch  |  15 +-
 .../vim/files/no-path-adjust.patch|   8 +-
 meta/recipes-support/vim/files/racefix.patch  |   6 +-
 ...m-add-knob-whether-elf.h-are-checked.patch |  13 +-
 meta/recipes-support/vim/vim.inc  |  15 +-
 15 files changed, 28 insertions(+), 865 deletions(-)
 delete mode 100644 
meta/recipes-support/vim/files/0001-patch-8.2.3581-reading-character-past-end-of-line.patch
 delete mode 100644 
meta/recipes-support/vim/files/0002-patch-8.2.3428-using-freed-memory-when-replacing.patch
 delete mode 100644 
meta/recipes-support/vim/files/0002-patch-8.2.3582-reading-uninitialized-memory-when-giv.patch
 delete mode 100644 
meta/recipes-support/vim/files/0002-patch-8.2.3611-crash-when-using-CTRL-W-f-without-fin.patch
 delete mode 100644 
meta/recipes-support/vim/files/0003-patch-8.2.3487-illegal-memory-access-if-buffer-name-.patch
 delete mode 100644 
meta/recipes-support/vim/files/0004-patch-8.2.3489-ml_get-error-after-search-with-range.patch
 delete mode 100644 
meta/recipes-support/vim/files/0005-patch-8.2.3564-invalid-memory-access-when-scrolling-.patch
 delete mode 100644 meta/recipes-support/vim/files/CVE-2021-3778.patch
 delete mode 100644 
meta/recipes-support/vim/files/b7081e135a16091c93f6f5f7525a5c58fb7ca9f9.patch

diff --git 
a/meta/recipes-support/vim/files/0001-patch-8.2.3581-reading-character-past-end-of-line.patch
 
b/meta/recipes-support/vim/files/0001-patch-8.2.3581-reading-character-past-end-of-line.patch
deleted file mode 100644
index 28c61cd782..00
--- 
a/meta/recipes-support/vim/files/0001-patch-8.2.3581-reading-character-past-end-of-line.patch
+++ /dev/null
@@ -1,62 +0,0 @@
-CVE: CVE-2021-3927
-Upstream-Status: Backport
-Signed-off-by: Ross Burton 
-
-From 93b427c6e729260d0700c3b2804ec153bc8284fa Mon Sep 17 00:00:00 2001
-From: Bram Moolenaar 
-Date: Thu, 4 Nov 2021 15:10:11 +
-Subject: [PATCH] patch 8.2.3581: reading character past end of line
-
-Problem:Reading character past end of line.
-Solution:   Correct the cursor column.

- src/ex_docmd.c   |  1 +
- src/testdir/test_put.vim | 12 
- src/version.c|  2 ++
- 3 files changed, 15 insertions(+)
-
-diff --git a/src/ex_docmd.c b/src/ex_docmd.c
-index fde726477..59e245bee 100644
 a/src/ex_docmd.c
-+++ b/src/ex_docmd.c
-@@ -6905,6 +6905,7 @@ ex_put(exarg_T *eap)
-   eap->forceit = TRUE;
- }
- curwin->w_cursor.lnum = eap->line2;
-+check_cursor_col();
- do_put(eap->regname, eap->forceit ? BACKWARD : FORWARD, 1L,
-  PUT_LINE|PUT_CURSLINE);
- }
-diff --git a/src/testdir/test_put.vim b/src/testdir/test_put.vim
-index 225ebd1f3..922e5b269 100644
 a/src/testdir/test_put.vim
-+++ b/src/testdir/test_put.vim
-@@ -113,3 +113,15 @@ func Test_put_p_indent_visual()
-   call assert_equal('select that text', getline(2))
-   bwipe!
- endfunc
-+
-+func Test_put_above_first_line()
-+  new
-+  let @" = 'text'
-+  silent! normal 0o00
-+  0put
-+  call assert_equal('text', getline(1))
-+  bwipe!
-+endfunc
-+
-+
-+" vim: shiftwidth=2 sts=2 expandtab
-diff --git a/src/version.c b/src/version.c
-index a9e8be0e7..df4ec9a47 100644
 a/src/version.c
-+++ b/src/version.c
-@@ -742,6 +742,8 @@ static char *(features[]) =
- 
- static int included_patches[] =
- {   /* Add new patch number below this line */
-+/**/
-+3581,
- /**/
- 3564,
- /**/
diff --git 
a/meta/recipes-support/vim/files/0001-src-Makefile-improve-reproducibility.patch
 
b/meta/recipes-support/vim/files/0001-src-Makefile-improve-reproducibility.patch
index 63a7b78f12..2fc11dbdc2 100644
--- 
a/meta/recipes-support/vim/files/0001-src-Makefile-improve-reproducibility.patch
+++ 
b/meta/recipes-support/vim/files/0001-src-Makefile-improve-reproducibility.patch
@@ -16,11 +16,11 @@ Signed-off-by: Mingli Yu 
  

[OE-core] [honister][PATCH 08/13] expat: Upgrade 2.4.2 -> 2.4.3

[Anuj Mittal]

From: Richard Purdie 

Primarily a security fix release which includes:

CVE-2021-45960
CVE-2021-46143
CVE-2022-22822
CVE-2022-22823
CVE-2022-22824
CVE-2022-22825
CVE-2022-22826
CVE-2022-22827

Signed-off-by: Richard Purdie 
(cherry picked from commit 9dbd9540f3e19d92ef38c8537792bd028ed174ad)
Signed-off-by: Anuj Mittal 
---
 meta/recipes-core/expat/{expat_2.4.2.bb => expat_2.4.3.bb} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-core/expat/{expat_2.4.2.bb => expat_2.4.3.bb} (91%)

diff --git a/meta/recipes-core/expat/expat_2.4.2.bb 
b/meta/recipes-core/expat/expat_2.4.3.bb
similarity index 91%
rename from meta/recipes-core/expat/expat_2.4.2.bb
rename to meta/recipes-core/expat/expat_2.4.3.bb
index 771f14eb3e..088ce81500 100644
--- a/meta/recipes-core/expat/expat_2.4.2.bb
+++ b/meta/recipes-core/expat/expat_2.4.3.bb
@@ -15,7 +15,7 @@ SRC_URI = 
"https://github.com/libexpat/libexpat/releases/download/R_${VERSION_TA
 
 UPSTREAM_CHECK_URI = "https://github.com/libexpat/libexpat/releases/;
 
-SRC_URI[sha256sum] = 
"e40737134bdc08b8ea7d23a2c0a5cd11c04d5be152fe562d3253c1e4a0be6686"
+SRC_URI[sha256sum] = 
"6f262e216a494fbf42d8c22bc841b3e117c21f2467a19dc4c27c991b5622f986"
 
 EXTRA_OECMAKE:class-native += "-DEXPAT_BUILD_DOCS=OFF"
 
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#160929): 
https://lists.openembedded.org/g/openembedded-core/message/160929
Mute This Topic: https://lists.openembedded.org/mt/88671466/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [honister][PATCH 06/13] speex: fix CVE-2020-23903

[Anuj Mittal]

From: Kai Kang 

Backport patch to fix CVE-2020-23903.

CVE: CVE-2020-23903

Signed-off-by: Kai Kang 
Signed-off-by: Richard Purdie 
(cherry picked from commit b8f56e5e9eef32c1e01742f913e205d93548de1f)
Signed-off-by: Anuj Mittal 
---
 .../speex/speex/CVE-2020-23903.patch  | 30 +++
 meta/recipes-multimedia/speex/speex_1.2.0.bb  |  4 ++-
 2 files changed, 33 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-multimedia/speex/speex/CVE-2020-23903.patch

diff --git a/meta/recipes-multimedia/speex/speex/CVE-2020-23903.patch 
b/meta/recipes-multimedia/speex/speex/CVE-2020-23903.patch
new file mode 100644
index 00..eb16e95ffc
--- /dev/null
+++ b/meta/recipes-multimedia/speex/speex/CVE-2020-23903.patch
@@ -0,0 +1,30 @@
+Backport patch to fix CVE-2020-23903.
+
+CVE: CVE-2020-23903
+Upstream-Status: Backport [https://github.com/xiph/speex/commit/870ff84]
+
+Signed-off-by: Kai Kang 
+
+From 870ff845b32f314aec0036641ffe18aba4916887 Mon Sep 17 00:00:00 2001
+From: Tristan Matthews 
+Date: Mon, 13 Jul 2020 23:25:03 -0400
+Subject: [PATCH] wav_io: guard against invalid channel numbers
+
+Fixes #13
+---
+ src/wav_io.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/wav_io.c b/src/wav_io.c
+index b5183015..09d62eb0 100644
+--- a/src/wav_io.c
 b/src/wav_io.c
+@@ -111,7 +111,7 @@ int read_wav_header(FILE *file, int *rate, int *channels, 
int *format, spx_int32
+stmp = le_short(stmp);
+*channels = stmp;
+ 
+-   if (stmp>2)
++   if (stmp>2 || stmp<1)
+{
+   fprintf (stderr, "Only mono and (intensity) stereo supported\n");
+   return -1;
diff --git a/meta/recipes-multimedia/speex/speex_1.2.0.bb 
b/meta/recipes-multimedia/speex/speex_1.2.0.bb
index 3a0911d6f8..ea475f0f1b 100644
--- a/meta/recipes-multimedia/speex/speex_1.2.0.bb
+++ b/meta/recipes-multimedia/speex/speex_1.2.0.bb
@@ -7,7 +7,9 @@ LIC_FILES_CHKSUM = 
"file://COPYING;md5=314649d8ba9dd7045dfb6683f298d0a8 \
 
file://include/speex/speex.h;beginline=1;endline=34;md5=ef8c8ea4f7198d71cf3509c6ed05ea50"
 DEPENDS = "libogg speexdsp"
 
-SRC_URI = "http://downloads.xiph.org/releases/speex/speex-${PV}.tar.gz;
+SRC_URI = "http://downloads.xiph.org/releases/speex/speex-${PV}.tar.gz \
+   file://CVE-2020-23903.patch \
+   "
 UPSTREAM_CHECK_REGEX = "speex-(?P\d+(\.\d+)+)\.tar"
 
 SRC_URI[md5sum] = "8ab7bb2589110dfaf0ed7fa7757dc49c"
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#160927): 
https://lists.openembedded.org/g/openembedded-core/message/160927
Mute This Topic: https://lists.openembedded.org/mt/88671464/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [honister][PATCH 07/13] expat: upgrade 2.4.1 -> 2.4.2

[Anuj Mittal]

From: wangmy 

Changelog:
=
  #509 #510  Link againgst libm for function "isnan"
  #513 #514  Include expat_config.h as early as possible
   #498  Autotools: Include files with release archives:
   - buildconf.sh
   - fuzz/*.c
  #507 #519  Autotools: Sync CMake templates
  #495 #524  CMake: MinGW: Fix pkg-config section "Libs" for
   - non-release build types (e.g. -DCMAKE_BUILD_TYPE=Debug)
   - multi-config CMake generators (e.g. Ninja Multi-Config)
  #502 #503  docs: Document that function XML_GetBuffer may return NULL
   when asking for a buffer of 0 (zero) bytes size
  #522 #523  docs: Fix return value docs for both
   XML_SetBillionLaughsAttackProtection* functions
  #525 #526  Version info bumped from 9:1:8 to 9:2:8;
   see https://verbump.de/ for what these numbers do

Signed-off-by: Wang Mingyu 
Signed-off-by: Richard Purdie 
(cherry picked from commit 98a87bcfa50fc46ea86a085d330f5cbc41ddaaa5)
Signed-off-by: Anuj Mittal 
---
 meta/recipes-core/expat/{expat_2.4.1.bb => expat_2.4.2.bb} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-core/expat/{expat_2.4.1.bb => expat_2.4.2.bb} (91%)

diff --git a/meta/recipes-core/expat/expat_2.4.1.bb 
b/meta/recipes-core/expat/expat_2.4.2.bb
similarity index 91%
rename from meta/recipes-core/expat/expat_2.4.1.bb
rename to meta/recipes-core/expat/expat_2.4.2.bb
index 14e5aca9e6..771f14eb3e 100644
--- a/meta/recipes-core/expat/expat_2.4.1.bb
+++ b/meta/recipes-core/expat/expat_2.4.2.bb
@@ -15,7 +15,7 @@ SRC_URI = 
"https://github.com/libexpat/libexpat/releases/download/R_${VERSION_TA
 
 UPSTREAM_CHECK_URI = "https://github.com/libexpat/libexpat/releases/;
 
-SRC_URI[sha256sum] = 
"2f9b6a580b94577b150a7d5617ad4643a4301a6616ff459307df3e225bcfbf40"
+SRC_URI[sha256sum] = 
"e40737134bdc08b8ea7d23a2c0a5cd11c04d5be152fe562d3253c1e4a0be6686"
 
 EXTRA_OECMAKE:class-native += "-DEXPAT_BUILD_DOCS=OFF"
 
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#160928): 
https://lists.openembedded.org/g/openembedded-core/message/160928
Mute This Topic: https://lists.openembedded.org/mt/88671465/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [honister][PATCH 05/13] bootchart2: Add missing python3-math dependency

[Anuj Mittal]

From: Marek Vasut 

Without this dependency, generating the bootchart may fail with:
"
ModuleNotFoundError: No module named 'random'
"

Signed-off-by: Marek Vasut 
Cc: Mingli Yu 
Cc: Richard Purdie 
Signed-off-by: Richard Purdie 
(cherry picked from commit 487e9f16a00f895159b79f1865fe8b626b47ddc2)
Signed-off-by: Anuj Mittal 
---
 meta/recipes-devtools/bootchart2/bootchart2_0.14.9.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-devtools/bootchart2/bootchart2_0.14.9.bb 
b/meta/recipes-devtools/bootchart2/bootchart2_0.14.9.bb
index 59fcd8c78a..413c9b9499 100644
--- a/meta/recipes-devtools/bootchart2/bootchart2_0.14.9.bb
+++ b/meta/recipes-devtools/bootchart2/bootchart2_0.14.9.bb
@@ -150,7 +150,7 @@ do_install () {
 
 PACKAGES =+ "pybootchartgui"
 FILES:pybootchartgui += "${PYTHON_SITEPACKAGES_DIR}/pybootchartgui 
${bindir}/pybootchartgui"
-RDEPENDS:pybootchartgui = "python3-pycairo python3-compression python3-image 
python3-shell python3-compression python3-codecs"
+RDEPENDS:pybootchartgui = "python3-pycairo python3-compression python3-image 
python3-math python3-shell python3-compression python3-codecs"
 RDEPENDS:${PN}:class-target += "${@bb.utils.contains('DISTRO_FEATURES', 
'sysvinit', 'sysvinit-pidof', 'procps', d)}"
 RDEPENDS:${PN}:class-target += "lsb-release"
 DEPENDS:append:class-native = " python3-pycairo-native"
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#160926): 
https://lists.openembedded.org/g/openembedded-core/message/160926
Mute This Topic: https://lists.openembedded.org/mt/88671462/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [honister][PATCH 04/13] linux-yocto/5.10: update to v5.10.91

[Anuj Mittal]

From: Bruce Ashfield 

Updating linux-yocto/5.10 to the latest korg -stable release that comprises
the following commits:

df395c763ba0 Linux 5.10.91
674071c9eb26 Input: zinitix - make sure the IRQ is allocated before it gets 
enabled
ef81f7d406c2 ARM: dts: gpio-ranges property is now required
f63fa1a0d4df ipv6: raw: check passed optlen before reading
cf07884e6bec drm/amd/display: Added power down for DCN10
10b9ccd0674d mISDN: change function names to avoid conflicts
dd8a09cfbb99 atlantic: Fix buff_ring OOB in aq_ring_rx_clean
c2f4bb251eb4 net: udp: fix alignment problem in udp4_seq_show()
f82b48d1d86b ip6_vti: initialize __ip6_tnl_parm struct in 
vti6_siocdevprivate
8c87a83ef891 scsi: libiscsi: Fix UAF in 
iscsi_conn_get_param()/iscsi_conn_teardown()
b798b677f94d usb: mtu3: fix interval value for intr and isoc
498d77fc5e38 ipv6: Do cleanup if attribute validation fails in multipath 
route
72b0d14a0a88 ipv6: Continue processing multipath route even if gateway 
attribute is invalid
5a7d650bb181 power: bq25890: Enable continuous conversion for ADC at 
charging
4f260ea5537d phonet: refcount leak in pep_sock_accep
61952934608c rndis_host: support Hytera digital radios
62cbde77d9c1 power: reset: ltc2952: Fix use of floating point literals
998d157e3b2a power: supply: core: Break capacity loop
16d8568378f9 xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like 
fallocate
aa606b82cdfb net: ena: Fix error handling when calculating max IO queues 
number
e7f5480978fd net: ena: Fix undefined state when tx request id is out of 
bounds
2de3d961f8e7 sch_qfq: prevent shift-out-of-bounds in qfq_init_qdisc
4c34d5fd8c96 batman-adv: mcast: don't send link-local multicast to mcast 
routers
f403b5f96e9a lwtunnel: Validate RTA_ENCAP_TYPE attribute length
48d5adb08d60 ipv6: Check attribute length for RTA_GATEWAY when deleting 
multipath route
173bfa2782fa ipv6: Check attribute length for RTA_GATEWAY in multipath route
914420a2a6c5 ipv4: Check attribute length for RTA_FLOW in multipath route
a8fe915be6c2 ipv4: Check attribute length for RTA_GATEWAY in multipath route
786a335fef18 ftrace/samples: Add missing prototypes direct functions
c859c4de0bd7 i40e: Fix incorrect netdev's real number of RX/TX queues
d0ad64438fb5 i40e: Fix for displaying message regarding NVM version
32845aa60203 i40e: fix use-after-free in i40e_sync_filters_subtask()
f7edb6b9438b sfc: The RX page_ring is optional
2b3f34da0d79 mac80211: initialize variable have_higher_than_11mbit
16e5cad6eca1 RDMA/uverbs: Check for null return of kmalloc_array
a7c2cae997db netrom: fix copying in user data in nr_setsockopt
beeb0fdedae8 RDMA/core: Don't infoleak GRH fields
3ca132e6b065 iavf: Fix limit of total number of queues to active queues of 
VF
396e3016905d i40e: Fix to not show opcode msg on unsuccessful VF MAC change
7f13d14e563c ieee802154: atusb: fix uninit value in atusb_set_extended_addr
7db1e245cb71 tracing: Tag trace_percpu_buffer as a percpu pointer
760c6a625506 tracing: Fix check for trace_percpu_buffer validity in 
get_trace_buf()
c1e2da4b3f72 selftests: x86: fix [-Wstringop-overread] warn in 
test_process_vm_readv()
384111e12367 f2fs: quota: fix potential deadlock

Signed-off-by: Bruce Ashfield 
Signed-off-by: Richard Purdie 
(cherry picked from commit 13b53d922df1a53913fbe7a0dfbf2adaedfe5dfd)
Signed-off-by: Anuj Mittal 
---
 .../linux/linux-yocto-rt_5.10.bb  |  6 ++---
 .../linux/linux-yocto-tiny_5.10.bb|  8 +++
 meta/recipes-kernel/linux/linux-yocto_5.10.bb | 24 +--
 3 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb 
b/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb
index 75beee3a04..420d67031e 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb
@@ -11,13 +11,13 @@ python () {
 raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to 
linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "fbed4064df813f01c1a862548f28b2050ee9b09e"
-SRCREV_meta ?= "ad119826536616f28e4309e825b61e16357f4c7e"
+SRCREV_machine ?= "85c14e209f1ab7cee673735c4561e656b4e65217"
+SRCREV_meta ?= "de35f8006d0f932924752ddda94dd24e2da67fbc"
 
 SRC_URI = 
"git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \

git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.10;destsuffix=${KMETA}"
 
-LINUX_VERSION ?= "5.10.90"
+LINUX_VERSION ?= "5.10.91"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb 
b/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb
index c8787085fe..dabcb97a79 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb
+++ 

[OE-core] [honister][PATCH 03/13] linux-yocto/5.10: amdgpu: updates for CVE-2021-42327

[Anuj Mittal]

From: Bruce Ashfield 

Integrating the following commit(s) to linux-yocto/5.10:

fd84b99a8ccb drm/amd/display: Don't allow partial copy_from_user
024f4ff63d55 drm/amdgpu: Fix even more out of bound writes from debugfs

Signed-off-by: Paul Gortmaker 
Signed-off-by: Bruce Ashfield 
Signed-off-by: Richard Purdie 
(cherry picked from commit f5488466ea1b332a0bfc0d27dcc5378edd842d16)
Signed-off-by: Anuj Mittal 
---
 .../linux/linux-yocto-rt_5.10.bb  |  4 ++--
 .../linux/linux-yocto-tiny_5.10.bb|  6 ++---
 meta/recipes-kernel/linux/linux-yocto_5.10.bb | 22 +--
 3 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb 
b/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb
index 52ba3b9f61..75beee3a04 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb
@@ -11,8 +11,8 @@ python () {
 raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to 
linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "e137d5d92c05530840f2e191ec471f8f0ea2d62e"
-SRCREV_meta ?= "65d66ac9789372923b42be0683a87955e52705a5"
+SRCREV_machine ?= "fbed4064df813f01c1a862548f28b2050ee9b09e"
+SRCREV_meta ?= "ad119826536616f28e4309e825b61e16357f4c7e"
 
 SRC_URI = 
"git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \

git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.10;destsuffix=${KMETA}"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb 
b/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb
index d0166f6c4f..c8787085fe 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb
@@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native"
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine:qemuarm ?= "c0774ebd6bc1c7541deb4f9a649a1a6bfa42853f"
-SRCREV_machine ?= "ab201bf6e3f9d187c7c26a0ec6537fadb41de918"
-SRCREV_meta ?= "65d66ac9789372923b42be0683a87955e52705a5"
+SRCREV_machine:qemuarm ?= "ca2928bf9b108b45a8ecfe6c76ae9d66b9527f0c"
+SRCREV_machine ?= "5d7922b2755129e1066944a25675a4f9bdbbe706"
+SRCREV_meta ?= "ad119826536616f28e4309e825b61e16357f4c7e"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.10.bb 
b/meta/recipes-kernel/linux/linux-yocto_5.10.bb
index 43274a318f..9bc6511ec2 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.10.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.10.bb
@@ -13,17 +13,17 @@ KBRANCH:qemux86  ?= "v5.10/standard/base"
 KBRANCH:qemux86-64 ?= "v5.10/standard/base"
 KBRANCH:qemumips64 ?= "v5.10/standard/mti-malta64"
 
-SRCREV_machine:qemuarm ?= "d9597fe71e155c5a96452d23694188d6d4091673"
-SRCREV_machine:qemuarm64 ?= "210fcd9ee603afb731beaa5833e7e3f1d1918786"
-SRCREV_machine:qemumips ?= "8688d3707cea38bd7ed115a12005079c2215f77d"
-SRCREV_machine:qemuppc ?= "933b47667b7549bb36a809cca90bc372a7182620"
-SRCREV_machine:qemuriscv64 ?= "2a2f4a19d9d77ad40b9d079be860f736846f5d55"
-SRCREV_machine:qemuriscv32 ?= "2a2f4a19d9d77ad40b9d079be860f736846f5d55"
-SRCREV_machine:qemux86 ?= "2a2f4a19d9d77ad40b9d079be860f736846f5d55"
-SRCREV_machine:qemux86-64 ?= "2a2f4a19d9d77ad40b9d079be860f736846f5d55"
-SRCREV_machine:qemumips64 ?= "25fcfe4f5c4be9bbb67498f09b2dd088f8bb6dfd"
-SRCREV_machine ?= "2a2f4a19d9d77ad40b9d079be860f736846f5d55"
-SRCREV_meta ?= "65d66ac9789372923b42be0683a87955e52705a5"
+SRCREV_machine:qemuarm ?= "dbf49e7b0801b1b92994f7bc3c6bba943340e273"
+SRCREV_machine:qemuarm64 ?= "0b092f0c4e3471ef22aef0343477519b0ba8b533"
+SRCREV_machine:qemumips ?= "1806335706c3549985836385bb400c1d80819d73"
+SRCREV_machine:qemuppc ?= "270ee670f95ad200c7c32bf8a8ffbf6ed43d7964"
+SRCREV_machine:qemuriscv64 ?= "fd84b99a8ccbfae11300c3a72183616bc0560870"
+SRCREV_machine:qemuriscv32 ?= "fd84b99a8ccbfae11300c3a72183616bc0560870"
+SRCREV_machine:qemux86 ?= "fd84b99a8ccbfae11300c3a72183616bc0560870"
+SRCREV_machine:qemux86-64 ?= "fd84b99a8ccbfae11300c3a72183616bc0560870"
+SRCREV_machine:qemumips64 ?= "ea456bce3f1ed65b1ab00a0cf8cf551b5967aec3"
+SRCREV_machine ?= "fd84b99a8ccbfae11300c3a72183616bc0560870"
+SRCREV_meta ?= "ad119826536616f28e4309e825b61e16357f4c7e"
 
 # remap qemuarm to qemuarma15 for the 5.8 kernel
 # KMACHINE:qemuarm ?= "qemuarma15"
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#160924): 
https://lists.openembedded.org/g/openembedded-core/message/160924
Mute This Topic: https://lists.openembedded.org/mt/88671460/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [honister][PATCH 02/13] socat: update SRC_URI

[Anuj Mittal]

From: Mingli Yu 

The orginal one is unaccessible now.

Signed-off-by: Mingli Yu 
Signed-off-by: Anuj Mittal 
---
 meta/recipes-connectivity/socat/socat_1.7.4.1.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-connectivity/socat/socat_1.7.4.1.bb 
b/meta/recipes-connectivity/socat/socat_1.7.4.1.bb
index 1ad5f15b93..41c8552f25 100644
--- a/meta/recipes-connectivity/socat/socat_1.7.4.1.bb
+++ b/meta/recipes-connectivity/socat/socat_1.7.4.1.bb
@@ -9,7 +9,7 @@ LICENSE = "GPL-2.0-with-OpenSSL-exception"
 LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
 
file://README;beginline=257;endline=287;md5=82520b052f322ac2b5b3dfdc7c7eea86"
 
-SRC_URI = "http://www.dest-unreach.org/socat/download/socat-${PV}.tar.bz2 \
+SRC_URI = 
"http://www.dest-unreach.org/socat/download/Archive/socat-${PV}.tar.bz2 \
 "
 
 SRC_URI[md5sum] = "36cad050ecf4981ab044c3fbd75c643f"
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#160923): 
https://lists.openembedded.org/g/openembedded-core/message/160923
Mute This Topic: https://lists.openembedded.org/mt/88671459/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [honister][PATCH 00/13] Patch review

[Anuj Mittal]

Next set of changes for honister. Please review. Tested on autobuilder
and all tests passed with the exception of a stap failure on qemuarm.

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3153

Thanks,

Anuj

The following changes since commit 5a904f0fd02613664aa8c03d6d4935a68c01bf35:

  go: upgrade 1.16.10 -> 1.16.13 (2022-01-14 16:05:51 +0800)

are available in the Git repository at:

  git://push.openembedded.org/openembedded-core-contrib anujm/honister

Bruce Ashfield (2):
  linux-yocto/5.10: amdgpu: updates for CVE-2021-42327
  linux-yocto/5.10: update to v5.10.91

Changqing Li (1):
  pigz: fix one failure of command "unpigz -l"

Kai Kang (1):
  speex: fix CVE-2020-23903

Marek Vasut (1):
  bootchart2: Add missing python3-math dependency

Mingli Yu (1):
  socat: update SRC_URI

Richard Purdie (1):
  expat: Upgrade 2.4.2 -> 2.4.3

Ross Burton (3):
  vim: upgrade to 8.2 patch 3752
  vim: update to include latest CVE fixes
  lighttpd: backport a fix for CVE-2022-22707

Sundeep KOKKONDA (2):
  glibc : Fix CVE-2022-23218
  glibc : Fix CVE-2022-23219

wangmy (1):
  expat: upgrade 2.4.1 -> 2.4.2

 .../socat/socat_1.7.4.1.bb|   2 +-
 .../expat/{expat_2.4.1.bb => expat_2.4.3.bb}  |   2 +-
 .../glibc/glibc/0001-CVE-2022-23218.patch | 178 +++
 .../glibc/glibc/0001-CVE-2022-23219.patch |  55 +
 .../glibc/glibc/0002-CVE-2022-23218.patch | 126 +++
 .../glibc/glibc/0002-CVE-2022-23219.patch |  89 
 meta/recipes-core/glibc/glibc_2.34.bb |   4 +
 .../bootchart2/bootchart2_0.14.9.bb   |   2 +-
 ...ix-out-of-bounds-OOB-write-fixes-313.patch |  97 
 .../lighttpd/lighttpd_1.4.59.bb   |   1 +
 ...0001-Fix-bug-when-combining-l-with-d.patch |  50 +
 meta/recipes-extended/pigz/pigz_2.6.bb|   3 +-
 .../linux/linux-yocto-rt_5.10.bb  |   6 +-
 .../linux/linux-yocto-tiny_5.10.bb|   8 +-
 meta/recipes-kernel/linux/linux-yocto_5.10.bb |  24 +-
 .../speex/speex/CVE-2020-23903.patch  |  30 +++
 meta/recipes-multimedia/speex/speex_1.2.0.bb  |   4 +-
 ...1-reading-character-past-end-of-line.patch |  62 --
 ...src-Makefile-improve-reproducibility.patch |  13 +-
 ...28-using-freed-memory-when-replacing.patch |  83 ---
 ...eading-uninitialized-memory-when-giv.patch |  63 --
 ...rash-when-using-CTRL-W-f-without-fin.patch |  92 
 ...llegal-memory-access-if-buffer-name-.patch |  86 
 ...ml_get-error-after-search-with-range.patch |  72 --
 ...nvalid-memory-access-when-scrolling-.patch |  97 
 .../vim/files/CVE-2021-3778.patch |  61 --
 ...1e135a16091c93f6f5f7525a5c58fb7ca9f9.patch | 207 --
 .../vim/files/disable_acl_header_check.patch  |  15 +-
 .../vim/files/no-path-adjust.patch|   8 +-
 meta/recipes-support/vim/files/racefix.patch  |   6 +-
 ...m-add-knob-whether-elf.h-are-checked.patch |  13 +-
 meta/recipes-support/vim/vim.inc  |  18 +-
 32 files changed, 685 insertions(+), 892 deletions(-)
 rename meta/recipes-core/expat/{expat_2.4.1.bb => expat_2.4.3.bb} (91%)
 create mode 100644 meta/recipes-core/glibc/glibc/0001-CVE-2022-23218.patch
 create mode 100644 meta/recipes-core/glibc/glibc/0001-CVE-2022-23219.patch
 create mode 100644 meta/recipes-core/glibc/glibc/0002-CVE-2022-23218.patch
 create mode 100644 meta/recipes-core/glibc/glibc/0002-CVE-2022-23219.patch
 create mode 100644 
meta/recipes-extended/lighttpd/lighttpd/0001-mod_extforward-fix-out-of-bounds-OOB-write-fixes-313.patch
 create mode 100644 
meta/recipes-extended/pigz/files/0001-Fix-bug-when-combining-l-with-d.patch
 create mode 100644 meta/recipes-multimedia/speex/speex/CVE-2020-23903.patch
 delete mode 100644 
meta/recipes-support/vim/files/0001-patch-8.2.3581-reading-character-past-end-of-line.patch
 delete mode 100644 
meta/recipes-support/vim/files/0002-patch-8.2.3428-using-freed-memory-when-replacing.patch
 delete mode 100644 
meta/recipes-support/vim/files/0002-patch-8.2.3582-reading-uninitialized-memory-when-giv.patch
 delete mode 100644 
meta/recipes-support/vim/files/0002-patch-8.2.3611-crash-when-using-CTRL-W-f-without-fin.patch
 delete mode 100644 
meta/recipes-support/vim/files/0003-patch-8.2.3487-illegal-memory-access-if-buffer-name-.patch
 delete mode 100644 
meta/recipes-support/vim/files/0004-patch-8.2.3489-ml_get-error-after-search-with-range.patch
 delete mode 100644 
meta/recipes-support/vim/files/0005-patch-8.2.3564-invalid-memory-access-when-scrolling-.patch
 delete mode 100644 meta/recipes-support/vim/files/CVE-2021-3778.patch
 delete mode 100644 
meta/recipes-support/vim/files/b7081e135a16091c93f6f5f7525a5c58fb7ca9f9.patch

-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#160921): 
https://lists.openembedded.org/g/openembedded-core/message/160921
Mute This Topic: https://lists.openembedded.org/mt/88671457/21656
Group Owner: 

[OE-core] [honister][PATCH 01/13] pigz: fix one failure of command "unpigz -l"

[Anuj Mittal]

From: Changqing Li 

Refer [1], "unpigz -l" failed with error:
$ ./unpigz -l test.txt.gz
compressed original reduced name
228799 209715200 99.9% test.txt
unpigz: can't destroy locked resource (pigz.c:2622:mutex_destroy)
unpigz: abort: internal threads error

or

$ ./unpigz -l test.txt.gz
unpigz: skipping: test.txt.gz unrecognized format
unpigz: can't destroy locked resource (pigz.c:2622:mutex_destroy)
unpigz: abort: internal threads error

[1] https://github.com/madler/pigz/issues/96

Signed-off-by: Changqing Li 
Signed-off-by: Anuj Mittal 
---
 ...0001-Fix-bug-when-combining-l-with-d.patch | 50 +++
 meta/recipes-extended/pigz/pigz_2.6.bb|  3 +-
 2 files changed, 52 insertions(+), 1 deletion(-)
 create mode 100644 
meta/recipes-extended/pigz/files/0001-Fix-bug-when-combining-l-with-d.patch

diff --git 
a/meta/recipes-extended/pigz/files/0001-Fix-bug-when-combining-l-with-d.patch 
b/meta/recipes-extended/pigz/files/0001-Fix-bug-when-combining-l-with-d.patch
new file mode 100644
index 00..9c301f2054
--- /dev/null
+++ 
b/meta/recipes-extended/pigz/files/0001-Fix-bug-when-combining-l-with-d.patch
@@ -0,0 +1,50 @@
+From 65986f3d12d434b9bc428ceb6fcb1f6eeeb2c47d Mon Sep 17 00:00:00 2001
+From: Changqing Li 
+Date: Mon, 17 Jan 2022 15:36:56 +0800
+Subject: [PATCH] Fix bug when combining -l with -d.
+
+Though it makes no sense to do pigz -ld, that is implicit when
+doing unpigz -l. This commit fixes a bug for that combination.
+
+Upstream-Status: Backport 
[https://github.com/madler/pigz/commit/326bba44aa102c707dd6ebcd2fc3f413b3119db0]
+
+Signed-off-by: Changqing Li 
+---
+ pigz.c | 14 +++---
+ 1 file changed, 7 insertions(+), 7 deletions(-)
+
+diff --git a/pigz.c b/pigz.c
+index f90157f..d648216 100644
+--- a/pigz.c
 b/pigz.c
+@@ -4007,6 +4007,13 @@ local void process(char *path) {
+ }
+ SET_BINARY_MODE(g.ind);
+ 
++// if requested, just list information about the input file
++if (g.list && g.decode != 2) {
++list_info();
++load_end();
++return;
++}
++
+ // if decoding or testing, try to read gzip header
+ if (g.decode) {
+ in_init();
+@@ -4048,13 +4055,6 @@ local void process(char *path) {
+ }
+ }
+ 
+-// if requested, just list information about input file
+-if (g.list) {
+-list_info();
+-load_end();
+-return;
+-}
+-
+ // create output file out, descriptor outd
+ if (path == NULL || g.pipeout) {
+ // write to stdout
+-- 
+2.17.1
+
diff --git a/meta/recipes-extended/pigz/pigz_2.6.bb 
b/meta/recipes-extended/pigz/pigz_2.6.bb
index 3566e18b7e..d490a6a722 100644
--- a/meta/recipes-extended/pigz/pigz_2.6.bb
+++ b/meta/recipes-extended/pigz/pigz_2.6.bb
@@ -8,7 +8,8 @@ SECTION = "console/utils"
 LICENSE = "Zlib & Apache-2.0"
 LIC_FILES_CHKSUM = 
"file://pigz.c;md5=9ae6dee8ceba9610596ed0ada493d142;beginline=7;endline=21"
 
-SRC_URI = "http://zlib.net/${BPN}/fossils/${BP}.tar.gz;
+SRC_URI = "http://zlib.net/${BPN}/fossils/${BP}.tar.gz \
+   file://0001-Fix-bug-when-combining-l-with-d.patch"
 SRC_URI[sha256sum] = 
"2eed7b0d7449d1d70903f2a62cd6005d262eb3a8c9e98687bc8cbb5809db2a7d"
 PROVIDES:class-native += "gzip-native"
 
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#160922): 
https://lists.openembedded.org/g/openembedded-core/message/160922
Mute This Topic: https://lists.openembedded.org/mt/88671458/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core][PATCHv2] libical: build gobject and vala introspection

[Richard Purdie]

On Fri, 2022-01-21 at 04:56 +0100, Markus Volk wrote:
> Signed-off-by: Markus Volk 
> ---
>  meta/recipes-support/libical/libical_3.0.12.bb | 7 ++-
>  1 file changed, 6 insertions(+), 1 deletion(-)
> 
> diff --git a/meta/recipes-support/libical/libical_3.0.12.bb 
> b/meta/recipes-support/libical/libical_3.0.12.bb
> index b2b2211b9b..614a76ba5b 100644
> --- a/meta/recipes-support/libical/libical_3.0.12.bb
> +++ b/meta/recipes-support/libical/libical_3.0.12.bb
> @@ -16,7 +16,7 @@ SRC_URI = 
> "https://github.com/${BPN}/${BPN}/releases/download/v${PV}/${BP}.tar.g
>  SRC_URI[sha256sum] = 
> "35095a4cc1a061a3de0f332c2dc728226cf127fa0baa818e9f8856cee6d35830"
>  UPSTREAM_CHECK_URI = "https://github.com/libical/libical/releases;
>  
> -inherit cmake pkgconfig
> +inherit cmake pkgconfig gobject-introspection vala
>  
>  DEPENDS += "libical-native"
>  
> @@ -32,6 +32,11 @@ EXTRA_OECMAKE += "-DPERL_EXECUTABLE=${HOSTTOOLS_DIR}/perl"
>  EXTRA_OECMAKE += "-DLIBICAL_BUILD_TESTING=false"
>  # doc build fails with linker error (??) for libical-glib so disable it
>  EXTRA_OECMAKE += "-DICAL_BUILD_DOCS=false"
> +# gobject-introspection
> +EXTRA_OECMAKE += 
> "-DGObjectIntrospection_COMPILER=${STAGING_BINDIR}/g-ir-compiler-wrapper"
> +EXTRA_OECMAKE += 
> "-DGObjectIntrospection_SCANNER=${STAGING_BINDIR}/g-ir-scanner-wrapper"
> +EXTRA_OECMAKE += "-DVAPIGEN=${STAGING_BINDIR_NATIVE}/vapigen"
> +EXTRA_OECMAKE += "${@bb.utils.contains('GI_DATA_ENABLED', 'True', 
> '-DGOBJECT_INTROSPECTION=ON -DICAL_GLIB_VAPI=ON', 
> '-DGOBJECT_INTROSPECTION=OFF', d)}"
>  
>  # Tell the cross-libical where the tool it needs to build is
>  EXTRA_OECMAKE:append:class-target = " 
> -DIMPORT_ICAL_GLIB_SRC_GENERATOR=${STAGING_LIBDIR_NATIVE}/cmake/LibIcal/IcalGlibSrcGenerator.cmake"


Looks like this breaks libical-native:

https://autobuilder.yoctoproject.org/typhoon/#/builders/76/builds/4618
https://autobuilder.yoctoproject.org/typhoon/#/builders/64/builds/4645

and many more in that build.

Cheers,

Richard


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#160920): 
https://lists.openembedded.org/g/openembedded-core/message/160920
Mute This Topic: https://lists.openembedded.org/mt/88576745/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[PATCH] [OE-core] [PATCH] wpa-supplicant: upgrade 2.9 -> 2.10

[wangmy]

0001-AP-Silently-ignore-management-frame-from-unexpected-.patch
0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch
0001-replace-systemd-install-Alias-with-WantedBy.patch
0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch
0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch
CVE-2021-0326.patch
CVE-2021-27803.patch
CVE-2021-30004.patch
removed since they're included in 2.10.

License-Update: year updated to 2022.

Changelog:
=
 * SAE changes
   - improved protection against side channel attacks
 [https://w1.fi/security/2022-1/]
   - added support for the hash-to-element mechanism (sae_pwe=1 or
 sae_pwe=2); this is currently disabled by default, but will likely
 get enabled by default in the future
   - fixed PMKSA caching with OKC
   - added support for SAE-PK
 * EAP-pwd changes
   - improved protection against side channel attacks
   [https://w1.fi/security/2022-1/]
 * fixed P2P provision discovery processing of a specially constructed
   invalid frame
   [https://w1.fi/security/2021-1/]
 * fixed P2P group information processing of a specially constructed
   invalid frame
   [https://w1.fi/security/2020-2/]
 * fixed PMF disconnection protection bypass in AP mode
   [https://w1.fi/security/2019-7/]
 * added support for using OpenSSL 3.0
 * increased the maximum number of EAP message exchanges (mainly to
   support cases with very large certificates)
 * fixed various issues in experimental support for EAP-TEAP peer
 * added support for DPP release 2 (Wi-Fi Device Provisioning Protocol)
 * a number of MKA/MACsec fixes and extensions
 * added support for SAE (WPA3-Personal) AP mode configuration
 * added P2P support for EDMG (IEEE 802.11ay) channels
 * fixed EAP-FAST peer with TLS GCM/CCM ciphers
 * improved throughput estimation and BSS selection
 * dropped support for libnl 1.1
 * added support for nl80211 control port for EAPOL frame TX/RX
 * fixed OWE key derivation with groups 20 and 21; this breaks backwards
   compatibility for these groups while the default group 19 remains
   backwards compatible
 * added support for Beacon protection
 * added support for Extended Key ID for pairwise keys
 * removed WEP support from the default build (CONFIG_WEP=y can be used
   to enable it, if really needed)
 * added a build option to remove TKIP support (CONFIG_NO_TKIP=y)
 * added support for Transition Disable mechanism to allow the AP to
   automatically disable transition mode to improve security
 * extended D-Bus interface
 * added support for PASN
 * added a file-based backend for external password storage to allow
   secret information to be moved away from the main configuration file
   without requiring external tools
 * added EAP-TLS peer support for TLS 1.3 (disabled by default for now)
 * added support for SCS, MSCS, DSCP policy
 * changed driver interface selection to default to automatic fallback
   to other compiled in options
 * a large number of other fixes, cleanup, and extensions

Signed-off-by: Wang Mingyu 
---
 ...re-management-frame-from-unexpected-.patch |  82 --
 ...allow-event-subscriptions-with-URLs-.patch | 151 --
 ...-systemd-install-Alias-with-WantedBy.patch |  52 --
 ...nt-message-generation-using-a-long-U.patch |  62 ---
 ...HTTP-initiation-failures-for-events-.patch |  50 --
 .../wpa-supplicant/CVE-2021-0326.patch|  45 --
 .../wpa-supplicant/CVE-2021-27803.patch   |  58 ---
 .../wpa-supplicant/CVE-2021-30004.patch   | 123 --
 ...pplicant_2.9.bb => wpa-supplicant_2.10.bb} |  19 +--
 9 files changed, 5 insertions(+), 637 deletions(-)
 delete mode 100644 
meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-AP-Silently-ignore-management-frame-from-unexpected-.patch
 delete mode 100644 
meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch
 delete mode 100644 
meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-replace-systemd-install-Alias-with-WantedBy.patch
 delete mode 100644 
meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch
 delete mode 100644 
meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch
 delete mode 100644 
meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2021-0326.patch
 delete mode 100644 
meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2021-27803.patch
 delete mode 100644 
meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2021-30004.patch
 rename meta/recipes-connectivity/wpa-supplicant/{wpa-supplicant_2.9.bb => 
wpa-supplicant_2.10.bb} (80%)

diff --git 
a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-AP-Silently-ignore-management-frame-from-unexpected-.patch
 

Re: [OE-core][PATCH] python: prevent build failure when pycache files missing

[Richard Purdie]

On Sat, 2022-01-22 at 19:15 +0200, Athanasios Oikonomou wrote:
> Building a patched version of python3 with byte-code files saved to their
> legacy locations and names causes the following errors:
> 
> > rm: cannot remove '/.../build/tmp/work/x86_64-linux/python3-native/3.9.9-
> > r0/recipe-sysroot-
> > native/usr/lib/python3.9/test/__pycache__/test_range.cpython*': No such file
> > or directory
> > rm: cannot remove '/.../build/tmp/work/x86_64-linux/meson-native/0.57.1-
> > r1/recipe-sysroot-native/usr/lib/python*/site-
> > packages/mesonbuild/dependencies/__pycache__/mpi.cpython*': No such file or
> > directory
> 
> Force remove pycache files, preventing build failure in case they are absent.
> 
> Python3 patched with legacy byte-code locations in order to create a
> sourceless .pyc deployment for small flash boxes. Unappropriate for upstream.

Do people commonly patch python to build with legacy byte-code locations? If you
do that aren't files generated at a different location and hence break
reproduciblity? This seems to be a rather niche requirement?

I'm a little worried we add the -f and then if files change location, we don't
realise...

Cheers,

Richard



-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#160918): 
https://lists.openembedded.org/g/openembedded-core/message/160918
Mute This Topic: https://lists.openembedded.org/mt/88608680/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH] python3-dbusmock: Add native recipe

[Richard Purdie]

On Tue, 2022-01-25 at 07:25 +0100, Markus Volk wrote:
> The python3-dbusmock dependency could be dropped if folks is build with
> EXTRA_OEMESON += "-Dtests=false"

What you can often do is make it a PACKAGECONFIG and then change the
PACKAGECONFIG for the native version of the recipe to something more minimal?

Cheers,

Richard


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#160917): 
https://lists.openembedded.org/g/openembedded-core/message/160917
Mute This Topic: https://lists.openembedded.org/mt/88653359/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [hardknott][PATCH 2/2] glibc : Fix CVE-2021-3999

[Pgowda]

Upstream-Status: Backport 
[https://sourceware.org/git/?p=glibc.git;a=commit;h=976db046bc3a3738f69255ae00b0a09b8e77fd9c]
Upstream-Status: Backport 
[https://sourceware.org/git/?p=glibc.git;a=commit;h=23e0e8f5f1fb5ed150253d986ecccdc90c2dcd5e]
Upstream-Status: Backport 
[https://sourceware.org/git/?p=glibc.git;a=commit;h=1b9cd6a7214db1812a20eb3591cf42f9190a5d1a]

Signed-off-by: pgowda 
---
 .../glibc/glibc/0001-CVE-2021-3999.patch  |  35 ++
 .../glibc/glibc/0002-CVE-2021-3999.patch  | 356 ++
 .../glibc/glibc/0003-CVE-2021-3999.patch  |  28 ++
 meta/recipes-core/glibc/glibc_2.33.bb |   3 +
 4 files changed, 422 insertions(+)
 create mode 100644 meta/recipes-core/glibc/glibc/0001-CVE-2021-3999.patch
 create mode 100644 meta/recipes-core/glibc/glibc/0002-CVE-2021-3999.patch
 create mode 100644 meta/recipes-core/glibc/glibc/0003-CVE-2021-3999.patch

diff --git a/meta/recipes-core/glibc/glibc/0001-CVE-2021-3999.patch 
b/meta/recipes-core/glibc/glibc/0001-CVE-2021-3999.patch
new file mode 100644
index 00..dfe6cfb426
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/0001-CVE-2021-3999.patch
@@ -0,0 +1,35 @@
+From 976db046bc3a3738f69255ae00b0a09b8e77fd9c Mon Sep 17 00:00:00 2001
+From: Siddhesh Poyarekar 
+Date: Mon, 24 Jan 2022 10:57:09 +0530
+Subject: [PATCH] tst-realpath-toolong: Fix hurd build
+
+Define PATH_MAX to a constant if it isn't already defined, like in hurd.
+
+Signed-off-by: Siddhesh Poyarekar 
+
+Upstream-Status: Backport 
[https://sourceware.org/git/?p=glibc.git;a=commit;h=976db046bc3a3738f69255ae00b0a09b8e77fd9c]
+CVE: CVE-2021-3999
+
+Signed-off-by: Pgowda 
+---
+ stdlib/tst-realpath-toolong.c | 4 
+ 1 file changed, 4 insertions(+)
+
+diff --git a/stdlib/tst-realpath-toolong.c b/stdlib/tst-realpath-toolong.c
+index 8bed772460..4388890294 100644
+--- a/stdlib/tst-realpath-toolong.c
 b/stdlib/tst-realpath-toolong.c
+@@ -29,6 +29,10 @@
+ 
+ #define BASENAME "tst-realpath-toolong."
+ 
++#ifndef PATH_MAX
++# define PATH_MAX 1024
++#endif
++
+ int
+ do_test (void)
+ {
+-- 
+2.27.0
+
diff --git a/meta/recipes-core/glibc/glibc/0002-CVE-2021-3999.patch 
b/meta/recipes-core/glibc/glibc/0002-CVE-2021-3999.patch
new file mode 100644
index 00..c56856e82b
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/0002-CVE-2021-3999.patch
@@ -0,0 +1,356 @@
+From 23e0e8f5f1fb5ed150253d986ecccdc90c2dcd5e Mon Sep 17 00:00:00 2001
+From: Siddhesh Poyarekar 
+Date: Fri, 21 Jan 2022 23:32:56 +0530
+Subject: [PATCH] getcwd: Set errno to ERANGE for size == 1 (CVE-2021-3999)
+
+No valid path returned by getcwd would fit into 1 byte, so reject the
+size early and return NULL with errno set to ERANGE.  This change is
+prompted by CVE-2021-3999, which describes a single byte buffer
+underflow and overflow when all of the following conditions are met:
+
+- The buffer size (i.e. the second argument of getcwd) is 1 byte
+- The current working directory is too long
+- '/' is also mounted on the current working directory
+
+Sequence of events:
+
+- In sysdeps/unix/sysv/linux/getcwd.c, the syscall returns ENAMETOOLONG
+  because the linux kernel checks for name length before it checks
+  buffer size
+
+- The code falls back to the generic getcwd in sysdeps/posix
+
+- In the generic func, the buf[0] is set to '\0' on line 250
+
+- this while loop on line 262 is bypassed:
+
+while (!(thisdev == rootdev && thisino == rootino))
+
+  since the rootfs (/) is bind mounted onto the directory and the flow
+  goes on to line 449, where it puts a '/' in the byte before the
+  buffer.
+
+- Finally on line 458, it moves 2 bytes (the underflowed byte and the
+  '\0') to the buf[0] and buf[1], resulting in a 1 byte buffer overflow.
+
+- buf is returned on line 469 and errno is not set.
+
+This resolves BZ #28769.
+
+Reviewed-by: Andreas Schwab 
+Reviewed-by: Adhemerval Zanella  
+Signed-off-by: Qualys Security Advisory 
+Signed-off-by: Siddhesh Poyarekar 
+
+Upstream-Status: Backport 
[https://sourceware.org/git/?p=glibc.git;a=commit;h=23e0e8f5f1fb5ed150253d986ecccdc90c2dcd5e]
+CVE: CVE-2021-3999
+
+Signed-off-by: Pgowda 
+---
+ NEWS  |   6 +
+ sysdeps/posix/getcwd.c|   7 +
+ sysdeps/unix/sysv/linux/Makefile  |   7 +-
+ .../unix/sysv/linux/tst-getcwd-smallbuff.c| 241 ++
+ 4 files changed, 260 insertions(+), 1 deletion(-)
+ create mode 100644 sysdeps/unix/sysv/linux/tst-getcwd-smallbuff.c
+
+diff --git a/NEWS b/NEWS
+index b4f81c2668..8d7467d2c1 100644
+--- a/NEWS
 b/NEWS
+@@ -152,6 +152,12 @@ Security related changes:
+   function could result in a memory leak and potential access of
+   uninitialized memory.  Reported by Qualys.
+ 
++  CVE-2021-3999: Passing a buffer of size exactly 1 byte to the getcwd
++  function may result in an off-by-one buffer underflow and overflow
++  when the current working directory is longer than PATH_MAX and also
++  corresponds to the / directory through an 

[OE-core] [hardknott][PATCH 1/2] glibc : Fix CVE-2021-3998

[Pgowda]

Upstream-Status: Backport 
[https://sourceware.org/git/?p=glibc.git;a=commit;h=fb7bff12e81c677a6622f724edd4d4987dd9d971]
Upstream-Status: Backport 
[https://sourceware.org/git/?p=glibc.git;a=commit;h=ee8d5e33adb284601c00c94687bc907e10aec9bb]
Upstream-Status: Backport 
[https://sourceware.org/git/?p=glibc.git;a=commit;h=84d2d0fe20bdf94feed82b21b4d7d136db471f03]

Signed-off-by: pgowda 
---
 .../glibc/glibc/0001-CVE-2021-3998.patch  | 282 ++
 .../glibc/glibc/0002-CVE-2021-3998.patch  | 138 +
 .../glibc/glibc/0003-CVE-2021-3998.patch  |  35 +++
 meta/recipes-core/glibc/glibc_2.33.bb |   3 +
 4 files changed, 458 insertions(+)
 create mode 100644 meta/recipes-core/glibc/glibc/0001-CVE-2021-3998.patch
 create mode 100644 meta/recipes-core/glibc/glibc/0002-CVE-2021-3998.patch
 create mode 100644 meta/recipes-core/glibc/glibc/0003-CVE-2021-3998.patch

diff --git a/meta/recipes-core/glibc/glibc/0001-CVE-2021-3998.patch 
b/meta/recipes-core/glibc/glibc/0001-CVE-2021-3998.patch
new file mode 100644
index 00..32aa0eb348
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/0001-CVE-2021-3998.patch
@@ -0,0 +1,282 @@
+From fb7bff12e81c677a6622f724edd4d4987dd9d971 Mon Sep 17 00:00:00 2001
+From: Siddhesh Poyarekar 
+Date: Tue, 18 Jan 2022 13:29:36 +0530
+Subject: [PATCH] support: Add helpers to create paths longer than PATH_MAX
+
+Add new helpers support_create_and_chdir_toolong_temp_directory and
+support_chdir_toolong_temp_directory to create and descend into
+directory trees longer than PATH_MAX.
+
+Reviewed-by: Adhemerval Zanella  
+Signed-off-by: Siddhesh Poyarekar 
+
+Upstream-Status: Backport 
[https://sourceware.org/git/?p=glibc.git;a=commit;h=fb7bff12e81c677a6622f724edd4d4987dd9d971]
+CVE: CVE-2021-3998
+
+Signed-off-by: Pgowda 
+---
+ support/temp_file.c | 159 +---
+ support/temp_file.h |   9 +++
+ 2 files changed, 159 insertions(+), 9 deletions(-)
+
+diff --git a/support/temp_file.c b/support/temp_file.c
+index e7bb8aadb9..e41128c2d4 100644
+--- a/support/temp_file.c
 b/support/temp_file.c
+@@ -1,5 +1,6 @@
+ /* Temporary file handling for tests.
+Copyright (C) 1998-2021 Free Software Foundation, Inc.
++   Copyright The GNU Tools Authors.
+This file is part of the GNU C Library.
+ 
+The GNU C Library is free software; you can redistribute it and/or
+@@ -20,15 +21,17 @@
+some 32-bit platforms. */
+ #define _FILE_OFFSET_BITS 64
+ 
++#include 
+ #include 
+ #include 
+ #include 
+ 
++#include 
+ #include 
+ #include 
+ #include 
+ #include 
+-#include 
++#include 
+ 
+ /* List of temporary files.  */
+ static struct temp_name_list
+@@ -36,14 +39,20 @@ static struct temp_name_list
+   struct temp_name_list *next;
+   char *name;
+   pid_t owner;
++  bool toolong;
+ } *temp_name_list;
+ 
+ /* Location of the temporary files.  Set by the test skeleton via
+support_set_test_dir.  The string is not be freed.  */
+ static const char *test_dir = _PATH_TMP;
+ 
+-void
+-add_temp_file (const char *name)
++/* Name of subdirectories in a too long temporary directory tree.  */
++static char toolong_subdir[NAME_MAX + 1];
++static bool toolong_initialized;
++static size_t toolong_path_max;
++
++static void
++add_temp_file_internal (const char *name, bool toolong)
+ {
+   struct temp_name_list *newp
+ = (struct temp_name_list *) xcalloc (sizeof (*newp), 1);
+@@ -53,12 +62,19 @@ add_temp_file (const char *name)
+   newp->name = newname;
+   newp->next = temp_name_list;
+   newp->owner = getpid ();
++  newp->toolong = toolong;
+   temp_name_list = newp;
+ }
+   else
+ free (newp);
+ }
+ 
++void
++add_temp_file (const char *name)
++{
++  add_temp_file_internal (name, false);
++}
++
+ int
+ create_temp_file_in_dir (const char *base, const char *dir, char **filename)
+ {
+@@ -90,8 +106,8 @@ create_temp_file (const char *base, char
+   return create_temp_file_in_dir (base, test_dir, filename);
+ }
+ 
+-char *
+-support_create_temp_directory (const char *base)
++static char *
++create_temp_directory_internal (const char *base, bool toolong)
+ {
+   char *path = xasprintf ("%s/%sXX", test_dir, base);
+   if (mkdtemp (path) == NULL)
+@@ -99,16 +115,132 @@ support_create_temp_directory (const cha
+   printf ("error: mkdtemp (\"%s\"): %m", path);
+   exit (1);
+ }
+-  add_temp_file (path);
++  add_temp_file_internal (path, toolong);
+   return path;
+ }
+ 
+-/* Helper functions called by the test skeleton follow.  */
++char *
++support_create_temp_directory (const char *base)
++{
++  return create_temp_directory_internal (base, false);
++}
++
++static void
++ensure_toolong_initialized (void)
++{
++  if (!toolong_initialized)
++FAIL_EXIT1 ("uninitialized toolong directory tree\n");
++}
++
++static void
++initialize_toolong (const char *base)
++{
++  long name_max = pathconf (base, _PC_NAME_MAX);
++  name_max = (name_max < 0 ? 64
++: (name_max < sizeof (toolong_subdir) 

[OE-core] [PATCH] cve-check: add json format

[Marta Rybczynska]

Add an option to output the CVE check in a JSON-based format.
This format is easier to parse in software than the original
text-based one and allows post-processing by other tools.

Output formats are now handed by CVE_CHECK_FORMAT_TEXT and
CVE_CHECK_FORMAT_JSON. Both of them are enabled by default.

The JSON output format gets generated in a similar way to the
text format with the exception of the manifest: appending to
JSON arrays requires parsing the file. Because of that we
first write JSON fragments and then assemble them in one pass
at the end.

Signed-off-by: Marta Rybczynska 
---
 meta/classes/cve-check.bbclass | 155 -
 1 file changed, 152 insertions(+), 3 deletions(-)

diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 6c04ff9f09..4900797fb9 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -34,15 +34,27 @@ CVE_CHECK_TMP_FILE ?= "${TMPDIR}/cve_check"
 CVE_CHECK_SUMMARY_DIR ?= "${LOG_DIR}/cve"
 CVE_CHECK_SUMMARY_FILE_NAME ?= "cve-summary"
 CVE_CHECK_SUMMARY_FILE ?= 
"${CVE_CHECK_SUMMARY_DIR}/${CVE_CHECK_SUMMARY_FILE_NAME}"
+CVE_CHECK_SUMMARY_FILE_NAME_JSON = "cve-summary.json"
+CVE_CHECK_SUMMARY_INDEX_PATH = "${CVE_CHECK_SUMMARY_DIR}/cve-summary-index.txt"
+
+CVE_CHECK_LOG_JSON ?= "${T}/cve.json"
 
 CVE_CHECK_DIR ??= "${DEPLOY_DIR}/cve"
 CVE_CHECK_RECIPE_FILE ?= "${CVE_CHECK_DIR}/${PN}"
+CVE_CHECK_RECIPE_FILE_JSON ?= "${CVE_CHECK_DIR}/${PN}_cve.json"
 CVE_CHECK_MANIFEST ?= 
"${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.cve"
+CVE_CHECK_MANIFEST_JSON ?= 
"${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.json"
 CVE_CHECK_COPY_FILES ??= "1"
 CVE_CHECK_CREATE_MANIFEST ??= "1"
 
 CVE_CHECK_REPORT_PATCHED ??= "1"
 
+# Provide text output
+CVE_CHECK_FORMAT_TEXT ??= "1"
+
+# Provide JSON output
+CVE_CHECK_FORMAT_JSON ??= "1"
+
 # Whitelist for packages (PN)
 CVE_CHECK_PN_WHITELIST ?= ""
 
@@ -120,6 +132,7 @@ python cve_check_cleanup () {
 Delete the file used to gather all the CVE information.
 """
 bb.utils.remove(e.data.getVar("CVE_CHECK_TMP_FILE"))
+bb.utils.remove(e.data.getVar("CVE_CHECK_SUMMARY_INDEX_PATH"))
 }
 
 addhandler cve_check_cleanup
@@ -136,6 +149,9 @@ python cve_check_write_rootfs_manifest () {
 deploy_file = d.getVar("CVE_CHECK_RECIPE_FILE")
 if os.path.exists(deploy_file):
 bb.utils.remove(deploy_file)
+deploy_file_json = d.getVar("CVE_CHECK_RECIPE_FILE_JSON")
+if os.path.exists(deploy_file_json):
+bb.utils.remove(deploy_file_json)
 
 if os.path.exists(d.getVar("CVE_CHECK_TMP_FILE")):
 bb.note("Writing rootfs CVE manifest")
@@ -153,6 +169,35 @@ python cve_check_write_rootfs_manifest () {
 os.remove(manifest_link)
 os.symlink(os.path.basename(manifest_name), manifest_link)
 bb.plain("Image CVE report stored in: %s" % manifest_name)
+
+if os.path.exists(d.getVar("CVE_CHECK_SUMMARY_INDEX_PATH")):
+import json
+from jsonmerge import Merger
+schema = {
+"properties": {
+"package": {
+ "mergeStrategy": "append"
+ }
+ }
+}
+merger = Merger(schema)
+bb.note("Generating JSON CVE manifest")
+deploy_dir = d.getVar("DEPLOY_DIR_IMAGE")
+link_name = d.getVar("IMAGE_LINK_NAME")
+manifest_name = d.getVar("CVE_CHECK_MANIFEST_JSON")
+index_file = d.getVar("CVE_CHECK_SUMMARY_INDEX_PATH")
+manifest = {}
+with open(index_file) as f:
+filename = f.readline()
+while filename:
+with open(filename.rstrip()) as j:
+data = json.load(j)
+manifest = merger.merge(manifest, data)
+filename = f.readline()
+
+with open(manifest_name, "w") as f:
+json.dump(manifest, f, indent=2)
+bb.plain("Image CVE report stored in: %s" % manifest_name)
 }
 
 ROOTFS_POSTPROCESS_COMMAND:prepend = "${@'cve_check_write_rootfs_manifest; ' 
if d.getVar('CVE_CHECK_CREATE_MANIFEST') == '1' else ''}"
@@ -278,10 +323,10 @@ def get_cve_info(d, cves):
 conn.close()
 return cve_data
 
-def cve_write_data(d, patched, unpatched, whitelisted, cve_data):
+def cve_write_data_text(d, patched, unpatched, whitelisted, cve_data):
 """
-Write CVE information in WORKDIR; and to CVE_CHECK_DIR, and
-CVE manifest if enabled.
+Write CVE information in the text format: to WORKDIR; and to
+CVE_CHECK_DIR, and CVE manifest if enabled.
 """
 
 
@@ -344,3 +389,107 @@ def cve_write_data(d, patched, unpatched, whitelisted, 
cve_data):
 
 with open(d.getVar("CVE_CHECK_TMP_FILE"), "a") as f:
 f.write("%s" % write_string)
+
+def cve_check_write_json_output(d, output, direct_file, deploy_file, 
manifest_file):
+"""
+Write CVE information in the JSON format: to WORKDIR; and to
+

[OE-core][PATCH] mdadm: install mdcheck

[Chen Qi]

This script is used in mdcheck_xxx.service files. So we need to
install it. Also, as it requires bash, we add bash to RDEPENDS.

Signed-off-by: Chen Qi 
---
 .../files/0001-Makefile-install-mdcheck.patch | 30 +++
 meta/recipes-extended/mdadm/mdadm_4.2.bb  |  4 ++-
 2 files changed, 33 insertions(+), 1 deletion(-)
 create mode 100644 
meta/recipes-extended/mdadm/files/0001-Makefile-install-mdcheck.patch

diff --git 
a/meta/recipes-extended/mdadm/files/0001-Makefile-install-mdcheck.patch 
b/meta/recipes-extended/mdadm/files/0001-Makefile-install-mdcheck.patch
new file mode 100644
index 00..3f76ef54d8
--- /dev/null
+++ b/meta/recipes-extended/mdadm/files/0001-Makefile-install-mdcheck.patch
@@ -0,0 +1,30 @@
+From 97e776724ab9763c5bca9816370bb1635b7a8232 Mon Sep 17 00:00:00 2001
+From: Chen Qi 
+Date: Tue, 25 Jan 2022 16:25:01 +0800
+Subject: [PATCH] Makefile: install mdcheck
+
+The mdcheck_xxx.service files use mdcheck, but it's not installed.
+We need to install this script.
+
+Upstream-Status: Submitted [Sent patch to maintainer]
+
+Signed-off-by: Chen Qi 
+---
+ Makefile | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/Makefile b/Makefile
+index 2a51d813..db40c7fd 100644
+--- a/Makefile
 b/Makefile
+@@ -303,6 +303,7 @@ install-systemd: systemd/mdmon@.service
+ install-bin: mdadm mdmon
+   $(INSTALL) -D $(STRIP) -m 755 mdadm $(DESTDIR)$(BINDIR)/mdadm
+   $(INSTALL) -D $(STRIP) -m 755 mdmon $(DESTDIR)$(BINDIR)/mdmon
++  $(INSTALL) -D -m 755 misc/mdcheck $(DESTDIR)/usr/share/mdadm/mdcheck
+ 
+ uninstall:
+   rm -f $(DESTDIR)$(MAN8DIR)/mdadm.8 $(DESTDIR)$(MAN8DIR)/mdmon.8 
$(DESTDIR)$(MAN4DIR)/md.4 $(DESTDIR)$(MAN5DIR)/mdadm.conf.5 
$(DESTDIR)$(BINDIR)/mdadm
+-- 
+2.17.1
+
diff --git a/meta/recipes-extended/mdadm/mdadm_4.2.bb 
b/meta/recipes-extended/mdadm/mdadm_4.2.bb
index fa51364283..4e477bd260 100644
--- a/meta/recipes-extended/mdadm/mdadm_4.2.bb
+++ b/meta/recipes-extended/mdadm/mdadm_4.2.bb
@@ -22,6 +22,7 @@ SRC_URI = 
"${KERNELORG_MIRROR}/linux/utils/raid/mdadm/${BPN}-${PV}.tar.xz \

file://0001-mdadm-add-option-y-for-use-syslog-to-recive-event-re.patch \
file://include_sysmacros.patch \
file://0001-mdadm-skip-test-11spare-migration.patch \
+   file://0001-Makefile-install-mdcheck.patch \
"
 
 SRC_URI[sha256sum] = 
"461c215670864bb74a4d1a3620684aa2b2f8296dffa06743f26dda5557acf01d"
@@ -92,7 +93,8 @@ do_install_ptest() {
done
 }
 
-RDEPENDS:${PN}-ptest += "bash e2fsprogs-mke2fs"
+RDEPENDS:${PN} += "bash"
+RDEPENDS:${PN}-ptest += "e2fsprogs-mke2fs"
 RRECOMMENDS:${PN}-ptest += " \
 coreutils \
 util-linux \
-- 
2.17.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#160913): 
https://lists.openembedded.org/g/openembedded-core/message/160913
Mute This Topic: https://lists.openembedded.org/mt/88667847/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] Inclusive Language Proposal for YP/OE

[Paul Barker]

On 24/01/2022 16:17, Jon Mason wrote:

 From the beginning, OpenEmbedded and The Yocto Project have always
strived to be as inclusive as possible to all races, sexes,
orientations, religions, nationalities, and any other thing which
might divide people.  As continuation of this striving, there are
suggested changes below that are being proposed to make the projects
more inclusive and show the community as the professional, friendly,
and welcoming group that it is.   There are words in use by the
projects directly or one of its derivative layers that could be
offensive to some.  For more information on which words we selected
and why, please consult
https://inclusivenaming.org/word-lists/overview/

In the process of changing these, we are using this opportunity to
make the terms more obvious and useful, as well as removing cruft and
other unused code.  This is the pure definition of a win-win solution.

With this in mind, a group of people have tried to identify issues and
come up with a plan to address these.   We’ve divided the tasks into 3
areas: bitbake variables, oe-core variables, and everything else.

Bitbake Variables
Taking issues in turn, for bitbake:

For BB_DISKMON_DIRS, the actions "ABORT, STOPTASKS and WARN" would
become "HALT, NO_NEW_TASKS and "WARN".

BB_ENV_WHITELIST -> BB_ENV_PASSTHROUGH
BB_ENV_EXTRAWHITE -> BB_ENV_PASSTHROUGH_ADDITIONS

BB_HASHCONFIG_WHITELIST -> BB_HASHCONFIG_IGNORE_VARS
BB_SETSCENE_ENFORCE_WHITELIST -> BB_SETSCENE_ENFORCE_IGNORE_TASKS
BB_HASHBASE_WHITELIST -> BB_BASEHASH_IGNORE_VARS
MULTI_PROVIDER_WHITELIST -> BB_MULTI_PROVIDER_ALLOWED
BB_STAMP_WHITELIST and BB_STAMP_POLICY -> delete the code (already merged)

basewhitelist and taskwhitelist as used in sigdata/siginfo will need
to be renamed and older file usage of the variables renamed at import
for backwards compatibility. The variables in bitbake along with usage
of abort will be renamed as appropriate.

For most variables, errors will be shown to the user if the old
variable names are set. Mostly this can be done in event hooks but
some like the BB_ENV changes will need special handling.

These changes hopefully improve consistency (e.g. a consistent BB_
prefix and BASHHASH as terminology used elsewhere) and also improve
the description of the variables to be more understandable to users.

OE-Core Variables
For OE-Core, the proposals are:

For blacklist.bbclass, the proposal is to add the functionality to the
anonymous Python in base.bbclass instead. PNBLACKLIST[xxx] would
become SKIP_RECIPE[xxx]. INHERIT_BLACKLIST would simply be dropped.

SSTATE_DUPWHITELIST -> SSTATE_ALLOW_OVERLAP_FILES
CVE_CHECK_PN_WHITELIST -> CVE_CHECK_SKIPRECIPE
CVE_CHECK_WHITELIST -> CVE_CHECK_IGNORECVE
SYSROOT_DIRS_BLACKLIST -> SYSROOT_DIRS_IGNORE
LICENSE_FLAGS_WHITELIST -> LICENSE_FLAGS_ACCEPTED
UNKNOWN_CONFIGURE_WHITELIST -> UNKNOWN_CONFIGURE_OPT_IGNORE
SDK_LOCAL_CONF_BLACKLIST -> ESDK_LOCALCONF_REMOVE
SDK_LOCAL_CONF_WHITELIST -> ESDK_LOCALCONF_ALLOW
SDK_INHERIT_BLACKLIST -> ESDK_CLASS_INHERIT_DISABLE
TUNEABI_WHITELIST - already removed as obsolete

For the ICECC_USER_XXX and ICECC_SYSTEM_XXX, we think these can likely
be merged into single variables:

ICECC_USER_CLASS_BL -> ICECC_CLASS_DISABLE
ICECC_SYSTEM_CLASS_BL -> ICECC_CLASS_DISABLE
ICECC_USER_PACKAGE_WL -> ICECC_RECIPE_ENABLE
ICECC_USER_PACKAGE_BL -> ICECC_RECIPE_DISABLE
ICECC_SYSTEM_PACKAGE_BL -> ICECC_RECIPE_DISABLE

For license handling, we’d use the opportunity to clean up the
WHITELIST_(ANY LICENSE) syntax and replace it with a
INCOMPATIBLE_LICENSE_ALLOWED_RECIPES, which would be a list of recipes
which are of a blocked the INCOMPATIBLE_LICENSE list.



This is an excellent proposal, the new variable names for bitbake & 
oe-core are clear and easy to understand.




Everything else
The migration plan includes writing a script to assist with the
migration. In many cases it can likely make the translation. In cases
where that isn’t possible, it will aim to list the areas the user
needs to fix references.

A warning mechanism will be added to bitbake to detect usage of old
variable names (post parsing), except for BB_ENV issues which will
likely need special handling. A (limited) conversion script will be
created to help with the migration. For those instances where a 1-1
mapping is not achievable, a list of the occurrences and what it
should be changed to will occur.


Patch files in OE to be renamed:
11_tcpd_blacklist.patch -> 11_tcpd_blocklist.patch
mount.blacklist -> mount.disallow
0001-lxdm.conf.in-blacklist-root-for-release-images.patch ->
0001-lxdm.conf.in-deny-root-for-release-images.patch
022-RH-Remove-the-property-blacklist-exception-builtin.patch ->
022-RH-Remove-the-default-property-exception-builtin.patch
0001-Cargo.toml-do-not-abort-on-panic.patch ->
0001-Cargo.toml-do-not-exit-on-panic.patch
0004-Cargo.toml-do-not-abort-on-panic.patch ->
0004-Cargo.toml-do-not-exit-on-panic.patch
Also, there are a few others outside of OE that should probably be patched too.