Re: [OE-core] [PATCH 10/16] gawk: Fix ptest dependency
On Fri, 2023-03-10 at 17:40 -0800, Khem Raj wrote:
> On Fri, Mar 10, 2023 at 4:27 PM Richard Purdie
> wrote:
> >
> > The gawk ptests need some locale information, add the missing dependency
> > so tests work in minimal images.
> >
> > Signed-off-by: Richard Purdie
> > ---
> > meta/recipes-extended/gawk/gawk_5.2.1.bb | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/meta/recipes-extended/gawk/gawk_5.2.1.bb
> > b/meta/recipes-extended/gawk/gawk_5.2.1.bb
> > index fbe6e7040b0..d13110ddbec 100644
> > --- a/meta/recipes-extended/gawk/gawk_5.2.1.bb
> > +++ b/meta/recipes-extended/gawk/gawk_5.2.1.bb
> > @@ -62,7 +62,7 @@ do_install_ptest() {
> > rm -f ${D}${PTEST_PATH}/test/timeout.*
> > }
> >
> > -RDEPENDS:${PN}-ptest += "make"
> > +RDEPENDS:${PN}-ptest += "make locale-base-en-us"
> >
>
> I think it should be added below so it does not break musl builds.
Interestingly, musl builds didn't break but I'll tweak the patch, well
spotted!
Cheers,
Richard
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#178362):
https://lists.openembedded.org/g/openembedded-core/message/178362
Mute This Topic: https://lists.openembedded.org/mt/97533194/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH 10/16] gawk: Fix ptest dependency
On Fri, Mar 10, 2023 at 4:27 PM Richard Purdie
wrote:
>
> The gawk ptests need some locale information, add the missing dependency
> so tests work in minimal images.
>
> Signed-off-by: Richard Purdie
> ---
> meta/recipes-extended/gawk/gawk_5.2.1.bb | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/meta/recipes-extended/gawk/gawk_5.2.1.bb
> b/meta/recipes-extended/gawk/gawk_5.2.1.bb
> index fbe6e7040b0..d13110ddbec 100644
> --- a/meta/recipes-extended/gawk/gawk_5.2.1.bb
> +++ b/meta/recipes-extended/gawk/gawk_5.2.1.bb
> @@ -62,7 +62,7 @@ do_install_ptest() {
> rm -f ${D}${PTEST_PATH}/test/timeout.*
> }
>
> -RDEPENDS:${PN}-ptest += "make"
> +RDEPENDS:${PN}-ptest += "make locale-base-en-us"
>
I think it should be added below so it does not break musl builds.
> RDEPENDS:${PN}-ptest:append:libc-glibc = " locale-base-en-us.iso-8859-1"
>
> --
> 2.38.1
>
>
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#178361):
https://lists.openembedded.org/g/openembedded-core/message/178361
Mute This Topic: https://lists.openembedded.org/mt/97533194/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 12/16] libxml-sax-perl: Fix ptest dependencies
Add a missing ptest perl module dependency to fix execution in minimal
ptest images.
Signed-off-by: Richard Purdie
---
meta/recipes-extended/perl/libxml-sax-perl_1.02.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-extended/perl/libxml-sax-perl_1.02.bb
b/meta/recipes-extended/perl/libxml-sax-perl_1.02.bb
index bc2aa0821eb..b5b111d2274 100644
--- a/meta/recipes-extended/perl/libxml-sax-perl_1.02.bb
+++ b/meta/recipes-extended/perl/libxml-sax-perl_1.02.bb
@@ -29,7 +29,7 @@ do_install_ptest() {
chown -R root:root ${D}${PTEST_PATH}/testfiles
}
-RDEPENDS:${PN} += "perl-module-encode perl-module-perlio"
+RDEPENDS:${PN} += "perl-module-encode perl-module-perlio
perl-module-encode-encoding"
RDEPENDS:${PN}-ptest += " \
perl-module-base \
--
2.38.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#178356):
https://lists.openembedded.org/g/openembedded-core/message/178356
Mute This Topic: https://lists.openembedded.org/mt/97533197/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 15/16] lttng-tools: Improve ptest debugging and fix dependencies
Improve the ptest runner script:
* log output is available should any test fail to aid debugging
* document how to limit the runner to a single test
* stop hiding errors to stderr
* allow easier single test execution by avoiding path issues with PWD
Also depend upon binutils since one of the tests uses addr2line.
Signed-off-by: Richard Purdie
---
.../lttng/lttng-tools/run-ptest | 19 ---
.../lttng/lttng-tools_2.13.9.bb | 4 ++--
2 files changed, 18 insertions(+), 5 deletions(-)
diff --git a/meta/recipes-kernel/lttng/lttng-tools/run-ptest
b/meta/recipes-kernel/lttng/lttng-tools/run-ptest
index c4dbe50f21b..bf99322ef21 100755
--- a/meta/recipes-kernel/lttng/lttng-tools/run-ptest
+++ b/meta/recipes-kernel/lttng/lttng-tools/run-ptest
@@ -2,6 +2,19 @@
# Without --ignore-exit, the tap harness causes any FAILs within a
# test plan to raise ERRORs; this is just noise.
export
LD_LIBRARY_PATH=FIXMEPTESTPATH/tests/utils/testapp/userspace-probe-elf-binary/.libs
-makeargs="LOG_DRIVER_FLAGS=--ignore-exit top_srcdir=$PWD top_builddir=$PWD"
-make -k -t all >/dev/null 2>&1
-exec make -k -s $makeargs check 2>/dev/null | sed -e
's#/tmp/tmp\...#/tmp/tmp.XX#g'
+makeargs="LOG_DRIVER_FLAGS=--ignore-exit top_srcdir=FIXMEPTESTPATH
top_builddir=FIXMEPTESTPATH"
+make -k -t all >error.log 2>&1
+# Can specify a test e.g.:
+# -C tests/regression/ check TESTS='kernel/test_callstack'
+make -k -s $makeargs check 2>error.log | sed -e
's#/tmp/tmp\...#/tmp/tmp.XX#g'
+exitcode=$?
+if [ -e error.log ]; then
+cat error.log
+fi
+if [ -e tests/unit/test-suite.log ]; then
+cat tests/unit/test-suite.log
+fi
+if [ -e tests/regression/test-suite.log ]; then
+cat tests/regression/test-suite.log
+fi
+exit $exitcode
diff --git a/meta/recipes-kernel/lttng/lttng-tools_2.13.9.bb
b/meta/recipes-kernel/lttng/lttng-tools_2.13.9.bb
index 340b254b46a..58c0378d66f 100644
--- a/meta/recipes-kernel/lttng/lttng-tools_2.13.9.bb
+++ b/meta/recipes-kernel/lttng/lttng-tools_2.13.9.bb
@@ -15,7 +15,7 @@ include lttng-platforms.inc
DEPENDS = "liburcu popt libxml2 util-linux bison-native"
RDEPENDS:${PN} = "libgcc"
RRECOMMENDS:${PN} += "${LTTNGMODULES}"
-RDEPENDS:${PN}-ptest += "make perl bash gawk babeltrace procps
perl-module-overloading coreutils util-linux kmod ${LTTNGMODULES} sed
python3-core grep"
+RDEPENDS:${PN}-ptest += "make perl bash gawk babeltrace procps
perl-module-overloading coreutils util-linux kmod ${LTTNGMODULES} sed
python3-core grep binutils"
RDEPENDS:${PN}-ptest:append:libc-glibc = " glibc-utils"
RDEPENDS:${PN}-ptest:append:libc-musl = " musl-utils"
# babelstats.pl wants getopt-long
@@ -84,7 +84,7 @@ do_install_ptest () {
done
# Patch in the correct path for the custom libraries a helper executable
needs
-sed -i -e 's!FIXMEPTESTPATH!${PTEST_PATH}!' "${D}${PTEST_PATH}/run-ptest"
+sed -i -e 's!FIXMEPTESTPATH!${PTEST_PATH}!g' "${D}${PTEST_PATH}/run-ptest"
# Prevent 'make check' from recursing into non-test subdirectories.
sed -i -e 's!^SUBDIRS = .*!SUBDIRS = tests!' "${D}${PTEST_PATH}/Makefile"
--
2.38.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#178359):
https://lists.openembedded.org/g/openembedded-core/message/178359
Mute This Topic: https://lists.openembedded.org/mt/97533200/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 16/16] busybox: Fix ptest dependencies
Ironically, busybox ptests don't all work without coreutils being present. This
dependency fixes execution in minimal images but the failing start-stop-daemon
test case should probably be investigated in due course and the dependency
removed when possible.
Signed-off-by: Richard Purdie
---
meta/recipes-core/busybox/busybox.inc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-core/busybox/busybox.inc
b/meta/recipes-core/busybox/busybox.inc
index 62dc839245d..4569acd475c 100644
--- a/meta/recipes-core/busybox/busybox.inc
+++ b/meta/recipes-core/busybox/busybox.inc
@@ -55,7 +55,7 @@ RDEPENDS:${PN} = "${@["",
"busybox-inittab"][(d.getVar('VIRTUAL-RUNTIME_init_man
inherit cml1 systemd update-rc.d ptest
# busybox's unzip test case needs zip command, which busybox itself does not
provide
-RDEPENDS:${PN}-ptest = "zip"
+RDEPENDS:${PN}-ptest = "zip coreutils"
# internal helper
def busybox_cfg(feature, tokens, cnf, rem):
--
2.38.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#178360):
https://lists.openembedded.org/g/openembedded-core/message/178360
Mute This Topic: https://lists.openembedded.org/mt/97533201/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 13/16] babeltrace2: Fix ptest execution in minimal images and add debug info
Tweak the ptest dependencies so they work correctly in minimal images. There
appears to be some usage of find or xargs that doesn't work with busybox.
Also improve the test runner so the test-suite.log is dumped upon error
which makes debugging much easier.
Signed-off-by: Richard Purdie
---
meta/recipes-kernel/lttng/babeltrace2/run-ptest | 12 +++-
meta/recipes-kernel/lttng/babeltrace2_2.0.4.bb | 3 ++-
2 files changed, 13 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-kernel/lttng/babeltrace2/run-ptest
b/meta/recipes-kernel/lttng/babeltrace2/run-ptest
index 72fe2234362..71a9c81bfbe 100755
--- a/meta/recipes-kernel/lttng/babeltrace2/run-ptest
+++ b/meta/recipes-kernel/lttng/babeltrace2/run-ptest
@@ -6,4 +6,14 @@
# test plan to raise ERRORs; this is just noise.
makeargs="LOG_DRIVER_FLAGS=--ignore-exit abs_top_srcdir=$PWD
abs_top_builddir=$PWD GREP=grep SED=sed PYTHON=python3"
-exec make -C tests -k -s $makeargs $target 2>/dev/null
+exec 2> error.log
+make -C tests -k -s $makeargs $target
+exitcode=$?
+if [ -e error.log ]; then
+cat error.log
+fi
+if [ -e tests/test-suite.log ]; then
+cat tests/test-suite.log
+fi
+
+exit $exitcode
\ No newline at end of file
diff --git a/meta/recipes-kernel/lttng/babeltrace2_2.0.4.bb
b/meta/recipes-kernel/lttng/babeltrace2_2.0.4.bb
index b48f07ea0df..04c2a279041 100644
--- a/meta/recipes-kernel/lttng/babeltrace2_2.0.4.bb
+++ b/meta/recipes-kernel/lttng/babeltrace2_2.0.4.bb
@@ -29,7 +29,8 @@ FILES:${PN} += "${libdir}/babeltrace2/plugins/*.so"
ASNEEDED = ""
-RDEPENDS:${PN}-ptest += "bash gawk python3"
+# coreutils since we need full mktemp
+RDEPENDS:${PN}-ptest += "bash gawk python3 make grep coreutils findutils"
do_compile_ptest () {
make -C tests all
--
2.38.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#178357):
https://lists.openembedded.org/g/openembedded-core/message/178357
Mute This Topic: https://lists.openembedded.org/mt/97533198/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 14/16] babeltrace: Fix ptest dependency
Add a missing dependency on make so ptests can run in a minimal image.
Signed-off-by: Richard Purdie
---
meta/recipes-kernel/lttng/babeltrace_1.5.11.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-kernel/lttng/babeltrace_1.5.11.bb
b/meta/recipes-kernel/lttng/babeltrace_1.5.11.bb
index 8e2fe4164d5..194a773a245 100644
--- a/meta/recipes-kernel/lttng/babeltrace_1.5.11.bb
+++ b/meta/recipes-kernel/lttng/babeltrace_1.5.11.bb
@@ -21,7 +21,7 @@ EXTRA_OECONF = "--disable-debug-info"
ASNEEDED = ""
-RDEPENDS:${PN}-ptest += "bash gawk"
+RDEPENDS:${PN}-ptest += "bash gawk make"
addtask do_patch_ptest_path after do_patch before do_configure
do_patch_ptest_path () {
--
2.38.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#178358):
https://lists.openembedded.org/g/openembedded-core/message/178358
Mute This Topic: https://lists.openembedded.org/mt/97533199/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 11/16] libconvert-asn1-perl: Fix ptest dependencies
Add dependencies for missing perl modules to fix execution in
minimal images.
Signed-off-by: Richard Purdie
---
meta/recipes-extended/perl/libconvert-asn1-perl_0.33.bb | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/meta/recipes-extended/perl/libconvert-asn1-perl_0.33.bb
b/meta/recipes-extended/perl/libconvert-asn1-perl_0.33.bb
index 2714582957c..d82692c0333 100644
--- a/meta/recipes-extended/perl/libconvert-asn1-perl_0.33.bb
+++ b/meta/recipes-extended/perl/libconvert-asn1-perl_0.33.bb
@@ -15,7 +15,8 @@ inherit cpan ptest-perl
EXTRA_PERLFLAGS = "-I ${PERLHOSTLIB}"
-RDEPENDS:${PN} += "perl-module-exporter perl-module-constant
perl-module-encode perl-module-encode-encoding perl-module-utf8
perl-module-socket perl-module-time-local perl-module-posix"
+RDEPENDS:${PN} += "perl-module-exporter perl-module-constant
perl-module-encode perl-module-encode-encoding perl-module-utf8 \
+ perl-module-socket perl-module-time-local perl-module-posix
perl-module-scalar-util perl-module-test-more"
RDEPENDS:${PN}-ptest += "perl-module-math-bigint perl-module-io-socket
perl-module-data-dumper perl-module-math-bigint-calc"
BBCLASSEXTEND = "native"
--
2.38.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#178355):
https://lists.openembedded.org/g/openembedded-core/message/178355
Mute This Topic: https://lists.openembedded.org/mt/97533196/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 07/16] libmodule-build-perl: Fix ptest dependencies
Some of the ptests fail in a minimal image. Add the missing perl
module dependencies.
Signed-off-by: Richard Purdie
---
.../recipes-devtools/perl/libmodule-build-perl_0.4232.bb | 9 +
1 file changed, 9 insertions(+)
diff --git a/meta/recipes-devtools/perl/libmodule-build-perl_0.4232.bb
b/meta/recipes-devtools/perl/libmodule-build-perl_0.4232.bb
index 748412b414f..0ead690067b 100644
--- a/meta/recipes-devtools/perl/libmodule-build-perl_0.4232.bb
+++ b/meta/recipes-devtools/perl/libmodule-build-perl_0.4232.bb
@@ -91,12 +91,21 @@ RDEPENDS:${PN}-ptest += " \
packagegroup-core-buildessential \
perl-dev \
perl-module-blib \
+perl-module-encode-encoding \
+perl-module-extutils-cbuilder-base \
perl-module-extutils-command-mm \
+perl-module-extutils-mm-unix \
perl-module-file-temp \
perl-module-lib \
+perl-module-parse-cpan-meta \
perl-module-perlio \
perl-module-perlio-encoding \
+perl-module-pod-simple-transcodesmart \
perl-module-pod-text \
+perl-module-tap-base \
+perl-module-tap-formatter-base \
+perl-module-tap-formatter-file \
+perl-module-tap-formatter-session \
perl-module-tap-harness-env \
perl-module-tap-parser \
perl-module-tap-parser-scheduler \
--
2.38.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#178351):
https://lists.openembedded.org/g/openembedded-core/message/178351
Mute This Topic: https://lists.openembedded.org/mt/97533192/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 10/16] gawk: Fix ptest dependency
The gawk ptests need some locale information, add the missing dependency
so tests work in minimal images.
Signed-off-by: Richard Purdie
---
meta/recipes-extended/gawk/gawk_5.2.1.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-extended/gawk/gawk_5.2.1.bb
b/meta/recipes-extended/gawk/gawk_5.2.1.bb
index fbe6e7040b0..d13110ddbec 100644
--- a/meta/recipes-extended/gawk/gawk_5.2.1.bb
+++ b/meta/recipes-extended/gawk/gawk_5.2.1.bb
@@ -62,7 +62,7 @@ do_install_ptest() {
rm -f ${D}${PTEST_PATH}/test/timeout.*
}
-RDEPENDS:${PN}-ptest += "make"
+RDEPENDS:${PN}-ptest += "make locale-base-en-us"
RDEPENDS:${PN}-ptest:append:libc-glibc = " locale-base-en-us.iso-8859-1"
--
2.38.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#178353):
https://lists.openembedded.org/g/openembedded-core/message/178353
Mute This Topic: https://lists.openembedded.org/mt/97533194/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 08/16] bc: Fix ptest test output naming
The quoting in the script was mangled leading to "0" tests being found by our log parsing code. Fix the quoting to allow the correct test counts to appear. Signed-off-by: Richard Purdie --- meta/recipes-extended/bc/bc/run-ptest | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/recipes-extended/bc/bc/run-ptest b/meta/recipes-extended/bc/bc/run-ptest index 66a1b9d7087..ba5abe68058 100644 --- a/meta/recipes-extended/bc/bc/run-ptest +++ b/meta/recipes-extended/bc/bc/run-ptest @@ -2,8 +2,8 @@ for TEST in *.b; do if bc -l $TEST -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#178352): https://lists.openembedded.org/g/openembedded-core/message/178352 Mute This Topic: https://lists.openembedded.org/mt/97533193/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 09/16] findutils: Fix ptest dependency issue
The options used with 'od' don't work with our busybox config.
Add a dependency on the full utility from coreutils to fix execution
in minimal images.
Signed-off-by: Richard Purdie
---
meta/recipes-extended/findutils/findutils_4.9.0.bb | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/meta/recipes-extended/findutils/findutils_4.9.0.bb
b/meta/recipes-extended/findutils/findutils_4.9.0.bb
index e4ce8ee4ebf..074817df27c 100644
--- a/meta/recipes-extended/findutils/findutils_4.9.0.bb
+++ b/meta/recipes-extended/findutils/findutils_4.9.0.bb
@@ -14,7 +14,8 @@ CACHED_CONFIGUREVARS += "gl_cv_func_wcwidth_works=yes"
EXTRA_OECONF += "ac_cv_path_SORT=${bindir}/sort"
-RDEPENDS:${PN}-ptest += "bash sed grep"
+# need od from coreutils for -t option
+RDEPENDS:${PN}-ptest += "bash sed grep coreutils"
do_install_ptest:class-target() {
mkdir -p ${D}${PTEST_PATH}/tests/
--
2.38.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#178354):
https://lists.openembedded.org/g/openembedded-core/message/178354
Mute This Topic: https://lists.openembedded.org/mt/97533195/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 04/16] perl: Add missing procps-ps dependency for ptests
Some of the ptests fail in a minimal image as they depend on options
to ps which busybox doesn't support. Add the full utility.
Signed-off-by: Richard Purdie
---
meta/recipes-devtools/perl/perl-ptest.inc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-devtools/perl/perl-ptest.inc
b/meta/recipes-devtools/perl/perl-ptest.inc
index c233fab5453..e07355d3f54 100644
--- a/meta/recipes-devtools/perl/perl-ptest.inc
+++ b/meta/recipes-devtools/perl/perl-ptest.inc
@@ -56,7 +56,7 @@ python populate_packages:prepend() {
'${PN}-ptest%s', '%s', recursive=True, match_path=True)
}
-RDEPENDS:${PN}-ptest += "${PN}-modules ${PN}-doc sed"
+RDEPENDS:${PN}-ptest += "${PN}-modules ${PN}-doc sed procps-ps"
# The perl-ptest package contains Perl internal modules and generating file
# dependencies for it causes problems.
--
2.38.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#178348):
https://lists.openembedded.org/g/openembedded-core/message/178348
Mute This Topic: https://lists.openembedded.org/mt/97533189/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 05/16] acl/attr: ptest fixes and improvements
Add a missing perl module dependency for the ptest packages and also
improve the run-ptest script so that the error log is saved allowing
easier debugging if this fails in future.
Signed-off-by: Richard Purdie
---
meta/recipes-support/attr/acl/run-ptest | 6 ++
meta/recipes-support/attr/acl_2.3.1.bb | 1 +
meta/recipes-support/attr/attr.inc | 1 +
meta/recipes-support/attr/attr/run-ptest | 7 +++
4 files changed, 15 insertions(+)
diff --git a/meta/recipes-support/attr/acl/run-ptest
b/meta/recipes-support/attr/acl/run-ptest
index 43128233654..3af75c84fea 100644
--- a/meta/recipes-support/attr/acl/run-ptest
+++ b/meta/recipes-support/attr/acl/run-ptest
@@ -7,4 +7,10 @@
mkdir -p /tmp/acl-ptest/test
cp test/test.* /tmp/acl-ptest/test
+set +e
make test-suite.log
+exitcode=$?
+if [ $exitcode -ne 0 -a -e test-suite.log ]; then
+cat test-suite.log
+fi
+exit $exitcode
diff --git a/meta/recipes-support/attr/acl_2.3.1.bb
b/meta/recipes-support/attr/acl_2.3.1.bb
index 5fb8f9ae355..9cb19ed72f5 100644
--- a/meta/recipes-support/attr/acl_2.3.1.bb
+++ b/meta/recipes-support/attr/acl_2.3.1.bb
@@ -65,6 +65,7 @@ RDEPENDS:${PN}-ptest = "acl \
bash \
coreutils \
perl \
+perl-module-constant \
perl-module-filehandle \
perl-module-getopt-std \
perl-module-posix \
diff --git a/meta/recipes-support/attr/attr.inc
b/meta/recipes-support/attr/attr.inc
index 53d9dccb27e..ab62563690b 100644
--- a/meta/recipes-support/attr/attr.inc
+++ b/meta/recipes-support/attr/attr.inc
@@ -51,6 +51,7 @@ do_install_ptest() {
RDEPENDS:${PN}-ptest = "attr \
bash \
coreutils \
+perl-module-constant \
perl-module-filehandle \
perl-module-getopt-std \
perl-module-posix \
diff --git a/meta/recipes-support/attr/attr/run-ptest
b/meta/recipes-support/attr/attr/run-ptest
index f64244f2393..3e7a3a17a04 100644
--- a/meta/recipes-support/attr/attr/run-ptest
+++ b/meta/recipes-support/attr/attr/run-ptest
@@ -1,3 +1,10 @@
#!/bin/sh
+set +e
make test-suite.log
+exitcode=$?
+if [ $exitcode -ne 0 -a -e test-suite.log ]; then
+cat test-suite.log
+fi
+exit $exitcode
+
--
2.38.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#178349):
https://lists.openembedded.org/g/openembedded-core/message/178349
Mute This Topic: https://lists.openembedded.org/mt/97533190/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 02/16] openssl: Add missing ptest dependency on openssl-bin
One of the openssl ptests needs the openssl binary so fails
on a minimal image without this. Add the missing dependency.
Signed-off-by: Richard Purdie
---
meta/recipes-connectivity/openssh/openssh_9.2p1.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-connectivity/openssh/openssh_9.2p1.bb
b/meta/recipes-connectivity/openssh/openssh_9.2p1.bb
index e6cf2ff2d6b..4666237d686 100644
--- a/meta/recipes-connectivity/openssh/openssh_9.2p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_9.2p1.bb
@@ -158,7 +158,7 @@ FILES:${PN}-keygen = "${bindir}/ssh-keygen"
RDEPENDS:${PN} += "${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-keygen
${PN}-sftp-server"
RDEPENDS:${PN}-sshd += "${PN}-keygen ${@bb.utils.contains('DISTRO_FEATURES',
'pam', 'pam-plugin-keyinit pam-plugin-loginuid', '', d)}"
# gdb would make attach-ptrace test pass rather than skip but not worth the
build dependencies
-RDEPENDS:${PN}-ptest += "${PN}-sftp ${PN}-misc ${PN}-sftp-server make sed sudo
coreutils"
+RDEPENDS:${PN}-ptest += "${PN}-sftp ${PN}-misc ${PN}-sftp-server make sed sudo
coreutils openssl-bin"
RPROVIDES:${PN}-ssh = "ssh"
RPROVIDES:${PN}-sshd = "sshd"
--
2.38.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#178346):
https://lists.openembedded.org/g/openembedded-core/message/178346
Mute This Topic: https://lists.openembedded.org/mt/97533187/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 03/16] valgrind: Add missing utf-32 gconv dependency for ptests
Some of the ptests fail in a minimal image. Add the missing gconv
dependency needed to allow those tests to pass.
Signed-off-by: Richard Purdie
---
meta/recipes-devtools/valgrind/valgrind_3.20.0.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-devtools/valgrind/valgrind_3.20.0.bb
b/meta/recipes-devtools/valgrind/valgrind_3.20.0.bb
index 701dbf38332..07e50426e44 100644
--- a/meta/recipes-devtools/valgrind/valgrind_3.20.0.bb
+++ b/meta/recipes-devtools/valgrind/valgrind_3.20.0.bb
@@ -133,7 +133,7 @@ RDEPENDS:${PN}-ptest += " bash coreutils curl file \
perl-module-carp perl-module-symbol \
procps sed ${PN}-dbg ${PN}-src ${TCLIBC}-src gcc-runtime-dbg \
util-linux-taskset"
-RDEPENDS:${PN}-ptest:append:libc-glibc = " glibc-utils"
+RDEPENDS:${PN}-ptest:append:libc-glibc = " glibc-utils glibc-gconv-utf-32"
# One of the tests contains a bogus interpreter path on purpose.
# Skip file dependency check
--
2.38.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#178347):
https://lists.openembedded.org/g/openembedded-core/message/178347
Mute This Topic: https://lists.openembedded.org/mt/97533188/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 01/16] m4/opkg/ethtool/attr/libgpg-error: Add missing bash ptest dependency
Signed-off-by: Richard Purdie
---
meta/recipes-devtools/m4/m4-1.4.19.inc | 2 +-
meta/recipes-devtools/opkg/opkg_0.6.1.bb | 2 +-
meta/recipes-extended/ethtool/ethtool_6.2.bb | 2 +-
meta/recipes-support/attr/attr.inc | 1 +
meta/recipes-support/libgpg-error/libgpg-error_1.46.bb | 2 +-
5 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/meta/recipes-devtools/m4/m4-1.4.19.inc
b/meta/recipes-devtools/m4/m4-1.4.19.inc
index c098a4077ef..fd3efa54692 100644
--- a/meta/recipes-devtools/m4/m4-1.4.19.inc
+++ b/meta/recipes-devtools/m4/m4-1.4.19.inc
@@ -53,7 +53,7 @@ do_install_ptest() {
}
-RDEPENDS:${PN}-ptest += "make coreutils diffutils"
+RDEPENDS:${PN}-ptest += "make coreutils diffutils bash"
RDEPENDS:${PN}-ptest:append:libc-glibc = "\
locale-base-fr-fr \
locale-base-fr-fr.iso-8859-1 \
diff --git a/meta/recipes-devtools/opkg/opkg_0.6.1.bb
b/meta/recipes-devtools/opkg/opkg_0.6.1.bb
index c95a40d2689..c3f4a7dd575 100644
--- a/meta/recipes-devtools/opkg/opkg_0.6.1.bb
+++ b/meta/recipes-devtools/opkg/opkg_0.6.1.bb
@@ -65,7 +65,7 @@ do_install_ptest () {
RDEPENDS:${PN} = "${VIRTUAL-RUNTIME_update-alternatives} opkg-arch-config
libarchive"
RDEPENDS:${PN}:class-native = ""
RDEPENDS:${PN}:class-nativesdk = ""
-RDEPENDS:${PN}-ptest += "make binutils python3-core python3-compression"
+RDEPENDS:${PN}-ptest += "make binutils python3-core python3-compression bash"
RREPLACES:${PN} = "opkg-nogpg opkg-collateral"
RCONFLICTS:${PN} = "opkg-collateral"
RPROVIDES:${PN} = "opkg-collateral"
diff --git a/meta/recipes-extended/ethtool/ethtool_6.2.bb
b/meta/recipes-extended/ethtool/ethtool_6.2.bb
index 881e6388518..aea03b729d3 100644
--- a/meta/recipes-extended/ethtool/ethtool_6.2.bb
+++ b/meta/recipes-extended/ethtool/ethtool_6.2.bb
@@ -17,7 +17,7 @@ UPSTREAM_CHECK_URI =
"https://www.kernel.org/pub/software/network/ethtool/";
inherit autotools ptest bash-completion pkgconfig
-RDEPENDS:${PN}-ptest += "make"
+RDEPENDS:${PN}-ptest += "make bash"
PACKAGECONFIG ?= "netlink"
PACKAGECONFIG[netlink] = "--enable-netlink,--disable-netlink,libmnl,"
diff --git a/meta/recipes-support/attr/attr.inc
b/meta/recipes-support/attr/attr.inc
index a4e38f2b199..53d9dccb27e 100644
--- a/meta/recipes-support/attr/attr.inc
+++ b/meta/recipes-support/attr/attr.inc
@@ -49,6 +49,7 @@ do_install_ptest() {
}
RDEPENDS:${PN}-ptest = "attr \
+bash \
coreutils \
perl-module-filehandle \
perl-module-getopt-std \
diff --git a/meta/recipes-support/libgpg-error/libgpg-error_1.46.bb
b/meta/recipes-support/libgpg-error/libgpg-error_1.46.bb
index 580fe208d47..e0f2d86303e 100644
--- a/meta/recipes-support/libgpg-error/libgpg-error_1.46.bb
+++ b/meta/recipes-support/libgpg-error/libgpg-error_1.46.bb
@@ -26,7 +26,7 @@ BINCONFIG = "${bindir}/gpg-error-config"
inherit autotools binconfig-disabled pkgconfig gettext multilib_header
multilib_script ptest
-RDEPENDS:${PN}-ptest:append = " make"
+RDEPENDS:${PN}-ptest:append = " make bash"
MULTILIB_SCRIPTS = "${PN}-dev:${bindir}/gpgrt-config"
--
2.38.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#178345):
https://lists.openembedded.org/g/openembedded-core/message/178345
Mute This Topic: https://lists.openembedded.org/mt/97533186/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 06/16] m4: Add missing ptest dependency
Some of the ptests fail in a minimal image. Add the missing gconv
dependency needed to allow those tests to pass.
Signed-off-by: Richard Purdie
---
meta/recipes-devtools/m4/m4-1.4.19.inc | 1 +
1 file changed, 1 insertion(+)
diff --git a/meta/recipes-devtools/m4/m4-1.4.19.inc
b/meta/recipes-devtools/m4/m4-1.4.19.inc
index fd3efa54692..3b4303b7fd8 100644
--- a/meta/recipes-devtools/m4/m4-1.4.19.inc
+++ b/meta/recipes-devtools/m4/m4-1.4.19.inc
@@ -57,6 +57,7 @@ RDEPENDS:${PN}-ptest += "make coreutils diffutils bash"
RDEPENDS:${PN}-ptest:append:libc-glibc = "\
locale-base-fr-fr \
locale-base-fr-fr.iso-8859-1 \
+ glibc-gconv-iso8859-1 \
"
INSANE_SKIP:${PN}-ptest += "ldflags"
--
2.38.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#178350):
https://lists.openembedded.org/g/openembedded-core/message/178350
Mute This Topic: https://lists.openembedded.org/mt/97533191/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH] valgrind: Disable drd/tests/bar_bad ptest
On 2023-03-10 05:04, Alexander Kanavin wrote: Ok, I'll bite. Should we just drop valgrind from ptests? It's by far, the most brittle, finicky ptest we have, and doesn't seem to expose actual issues, instead just giving everyone a never ending stream of intermittent failures or tests that won't work on anything except x86 configured in a particular way. Hi Alex, It's a bit of a challenge but I'd like to keep the valgrind ptests around since most actually pass and we'd likely never know if the tool was broken otherwise. Non-x86 used to be a problem but not so much in hardknott. (1) We do run > 600 tests and we have a mechanism to skip the 10-20 that are a problem: ❯ wc -l meta/recipes-devtools/valgrind/valgrind/remove-for-a* 13 meta/recipes-devtools/valgrind/valgrind/remove-for-aarch64 11 meta/recipes-devtools/valgrind/valgrind/remove-for-all ../Randy 1) commit cbeb9418c43ec834868aa65b774dc09e983d26d9 Author: Qiu, Zheng Date: Fri Nov 4 14:47:05 2022 valgrind: remove most hidden tests for arm64 An earlier version of valgrind fixed the defunct processes bug, so those tests that were skipped specifically for arm can pass now in master, kirkstone, honister, hardknott, and dunfell. Detailed test result with remove-for-aarch64 skipped on qemuarm64: Commit Pass Fail Skip master 624 9 21 kirkstone 618 10 20 honister 616 10 19 hardknott 609 13 18 dunfell 598 16 17 zeus Out of memory: Killed (with many defunct processes) There are now only 12 skipped by remove-for-aarch64 because 9 fail on qemuarm64 and 3 more fail on raspberry pi. These are tracked by: https://bugzilla.yoctoproject.org/show_bug.cgi?id=14960 Signed-off-by: Zheng Qiu Alex On Thu, 9 Mar 2023 at 22:23, Randy MacLeod wrote: This is failing intermettently in the YP autobuilder so disable it until we can fix the root cause. [YOCTO #14311] Signed-off-by: Randy MacLeod --- meta/recipes-devtools/valgrind/valgrind/remove-for-all | 1 + 1 file changed, 1 insertion(+) diff --git a/meta/recipes-devtools/valgrind/valgrind/remove-for-all b/meta/recipes-devtools/valgrind/valgrind/remove-for-all index 5d1e7ed102..e26088f3b1 100644 --- a/meta/recipes-devtools/valgrind/valgrind/remove-for-all +++ b/meta/recipes-devtools/valgrind/valgrind/remove-for-all @@ -3,6 +3,7 @@ gdbserver_tests/hginfo memcheck/tests/supp_unknown helgrind/tests/tls_threads helgrind/tests/pth_mempcpy_false_races +drd/tests/bar_bad drd/tests/bar_bad_xml drd/tests/pth_barrier_thr_cr drd/tests/std_thread2 -- 2.34.1 -- # Randy MacLeod # Wind River Linux -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#178344): https://lists.openembedded.org/g/openembedded-core/message/178344 Mute This Topic: https://lists.openembedded.org/mt/97506606/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH v5 2/2] runqemu: add an option to enable guest-agent virtio device
Add support to the runqemu script for a new option, 'guestagent', that
enables the virtio serial port for host-to-guest communication.
Signed-off-by: Brenda Streiff
Signed-off-by: Clément Péron
---
scripts/runqemu | 14 ++
1 file changed, 14 insertions(+)
diff --git a/scripts/runqemu b/scripts/runqemu
index 58b0c191e1..38aa35fdd4 100755
--- a/scripts/runqemu
+++ b/scripts/runqemu
@@ -82,6 +82,7 @@ of the following environment variables (in any order):
kvm-vhost - enable KVM with vhost when running x86/x86_64 (VT-capable CPU
required)
publicvnc - enable a VNC server open to all hosts
audio - enable audio
+guestagent - enable guest agent communication
[*/]ovmf* - OVMF firmware file or base name for booting with UEFI
tcpserial= - specify tcp serial port number
qemuparams= - specify custom parameters to QEMU
@@ -216,6 +217,8 @@ class BaseConfig(object):
self.cleaned = False
# Files to cleanup after run
self.cleanup_files = []
+self.guest_agent = False
+self.guest_agent_sockpath = '/tmp/qga.sock'
def acquire_taplock(self, error=True):
logger.debug("Acquiring lockfile %s..." % self.taplock)
@@ -526,6 +529,10 @@ class BaseConfig(object):
elif arg == 'publicvnc':
self.publicvnc = True
self.qemu_opt_script += ' -vnc :0'
+elif arg == 'guestagent':
+self.guest_agent = True
+elif arg.startswith('guestagent-sockpath='):
+self.guest_agent_sockpath = '%s' %
arg[len('guestagent-sockpath='):]
elif arg.startswith('tcpserial='):
self.tcpserial_portnum = '%s' % arg[len('tcpserial='):]
elif arg.startswith('qemuparams='):
@@ -1375,6 +1382,12 @@ class BaseConfig(object):
except FileNotFoundError:
raise RunQemuError("/dev/dri directory does not exist; no render
nodes available on this machine. %s" %(render_hint))
+def setup_guest_agent(self):
+if self.guest_agent == True:
+self.qemu_opt += ' -chardev socket,path=' +
self.guest_agent_sockpath + ',server,nowait,id=qga0 '
+self.qemu_opt += ' -device virtio-serial '
+self.qemu_opt += ' -device
virtserialport,chardev=qga0,name=org.qemu.guest_agent.0 '
+
def setup_vga(self):
if self.nographic == True:
if self.sdl == True:
@@ -1506,6 +1519,7 @@ class BaseConfig(object):
if self.snapshot:
self.qemu_opt += " -snapshot"
+self.setup_guest_agent()
self.setup_serial()
self.setup_vga()
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#178343):
https://lists.openembedded.org/g/openembedded-core/message/178343
Mute This Topic: https://lists.openembedded.org/mt/97527029/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH v5 1/2] qemu: split out qemu-guest-agent, add startup scripts
Split out the QEMU guest agent into a separate package. The agent is
intended to be installed within a QEMU VM guest where a user is likely
to not want to have the rest of the QEMU installation within it.
Additionally, an initscript, udev rules file, and systemd unit file are
added to the package so that the guest agent can start automatically;
the former two come from Debian's packaging for qemu-guest-agent.
Signed-off-by: Brenda Streiff
Signed-off-by: Clément Péron
---
Changes since v4:
- remove debian comment
- add note about debian origin + license
Changes since v3:
- fix missing comma in udev rule
Changes since v2:
- Add missing files
- rebase on top of master
Changes since v1:
- Fix systemd-service using PN where it should not
meta/recipes-devtools/qemu/qemu.inc | 35 -
.../qemu/qemu/qemu-guest-agent.init | 75 +++
.../qemu/qemu/qemu-guest-agent.udev | 2 +
3 files changed, 111 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-devtools/qemu/qemu/qemu-guest-agent.init
create mode 100644 meta/recipes-devtools/qemu/qemu/qemu-guest-agent.udev
diff --git a/meta/recipes-devtools/qemu/qemu.inc
b/meta/recipes-devtools/qemu/qemu.inc
index 1e768b560d..b41055fe5d 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -9,7 +9,7 @@ LICENSE = "GPL-2.0-only & LGPL-2.1-only"
RDEPENDS:${PN}-ptest = "bash"
require qemu-targets.inc
-inherit pkgconfig ptest
+inherit pkgconfig ptest update-rc.d systemd
LIC_FILES_CHKSUM = "file://COPYING;md5=441c28d2cf86e15a37fa47e15a72fbac \
file://COPYING.LIB;endline=24;md5=8c5efda6cf1e1b03dcfd0e6c0d271c7f"
@@ -32,6 +32,8 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
file://0001-configure-Fix-check-tcg-not-executing-any-tests.patch \
file://0001-Revert-linux-user-add-more-compat-ioctl-definitions.patch \
file://0002-Revert-linux-user-fix-compat-with-glibc-2.36-sys-mou.patch \
+ file://qemu-guest-agent.init \
+ file://qemu-guest-agent.udev \
"
UPSTREAM_CHECK_REGEX = "qemu-(?P\d+(\.\d+)+)\.tar"
@@ -132,6 +134,20 @@ do_configure[cleandirs] += "${B}"
do_install () {
export STRIP=""
oe_runmake 'DESTDIR=${D}' install
+
+ # If we built the guest agent, also install startup/udev rules
+ if [ -e "${D}${bindir}/qemu-ga" ]; then
+ install -d ${D}${sysconfdir}/init.d/
+ install -m 0755 ${WORKDIR}/qemu-guest-agent.init
${D}${sysconfdir}/init.d/qemu-guest-agent
+ sed -i 's:@bindir@:${bindir}:'
${D}${sysconfdir}/init.d/qemu-guest-agent
+
+ install -d ${D}${sysconfdir}/udev/rules.d/
+ install -m 0644 ${WORKDIR}/qemu-guest-agent.udev
${D}${sysconfdir}/udev/rules.d/60-qemu-guest-agent.rules
+
+ install -d ${D}${systemd_unitdir}/system/
+ install -m 0644 ${S}/contrib/systemd/qemu-guest-agent.service
${D}${systemd_unitdir}/system
+ sed -i -e 's,-/usr/bin/,-${bindir}/,g'
${D}${systemd_unitdir}/system/qemu-guest-agent.service
+ fi
}
# The following fragment will create a wrapper for qemu-mips user emulation
@@ -210,3 +226,20 @@ PACKAGECONFIG[jack] = "--enable-jack,--disable-jack,jack,"
INSANE_SKIP:${PN} = "arch"
FILES:${PN} += "${datadir}/icons"
+
+# Put the guest agent in a separate package
+PACKAGES =+ "${PN}-guest-agent"
+SUMMARY:${PN}-guest-agent = "QEMU guest agent"
+FILES:${PN}-guest-agent += " \
+${bindir}/qemu-ga \
+${sysconfdir}/udev/rules.d/60-qemu-guest-agent.rules \
+${sysconfdir}/init.d/qemu-guest-agent \
+${systemd_unitdir}/system/qemu-guest-agent.service \
+"
+
+INITSCRIPT_PACKAGES = "${PN}-guest-agent"
+INITSCRIPT_NAME:${PN}-guest-agent = "qemu-guest-agent"
+INITSCRIPT_PARAMS:${PN}-guest-agent = "defaults"
+
+SYSTEMD_PACKAGES = "${PN}-guest-agent"
+SYSTEMD_SERVICE:${PN}-guest-agent = "qemu-guest-agent.service"
diff --git a/meta/recipes-devtools/qemu/qemu/qemu-guest-agent.init
b/meta/recipes-devtools/qemu/qemu/qemu-guest-agent.init
new file mode 100644
index 00..5ebaaddeae
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/qemu-guest-agent.init
@@ -0,0 +1,75 @@
+# SPDX-License-Identifier: GPL-2.0-only
+# Initially written by: Michael Tokarev
+# For QEMU Debian downstream package
+
+set -e
+
+. /etc/init.d/functions
+
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+DESC="QEMU Guest Agent"
+NAME=qemu-ga
+DAEMON=@bindir@/$NAME
+PIDFILE=/var/run/$NAME.pid
+
+# config
+DAEMON_ARGS=""
+# default transport
+TRANSPORT=virtio-serial:/dev/virtio-ports/org.qemu.guest_agent.0
+NO_START=0
+
+test ! -r /etc/default/qemu-guest-agent || . /etc/default/qemu-guest-agent
+test "$NO_START" = "0" || exit 0
+test -x "$DAEMON" || exit 0
+
+#
+# Function that checks whenever system has necessary environment
+# It also splits $TRANSPORT into $method and $path
+#
+do_check_transport() {
+ method=${TRAN
[OE-core][langdale][PATCH] harfbuzz: Security fix for CVE-2023-25193
From: Siddharth Doshi
Upstream-Status: Backport from
[https://github.com/harfbuzz/harfbuzz/commit/8708b9e081192786c027bb7f5f23d76dbe5c19e8]
Signed-off-by: Siddharth Doshi
---
.../harfbuzz/harfbuzz/CVE-2023-25193.patch| 191 ++
.../harfbuzz/harfbuzz_5.1.0.bb| 1 +
2 files changed, 192 insertions(+)
create mode 100644 meta/recipes-graphics/harfbuzz/harfbuzz/CVE-2023-25193.patch
diff --git a/meta/recipes-graphics/harfbuzz/harfbuzz/CVE-2023-25193.patch
b/meta/recipes-graphics/harfbuzz/harfbuzz/CVE-2023-25193.patch
new file mode 100644
index 00..b72e23aa83
--- /dev/null
+++ b/meta/recipes-graphics/harfbuzz/harfbuzz/CVE-2023-25193.patch
@@ -0,0 +1,191 @@
+From 8708b9e081192786c027bb7f5f23d76dbe5c19e8 Mon Sep 17 00:00:00 2001
+From: Behdad Esfahbod
+Date: Mon, 6 Feb 2023 14:51:25 -0700
+Subject: [PATCH] [GPOS] Avoid O(n^2) behavior in mark-attachment
+
+Better implementation; avoids arbitrary limit on look-back.
+Upstream-Status: Backport from
[https://github.com/harfbuzz/harfbuzz/commit/8708b9e081192786c027bb7f5f23d76dbe5c19e8]
+CVE: CVE-2023-25193
+Signed-off-by: Siddharth Doshi
+---
+ src/OT/Layout/GPOS/MarkBasePosFormat1.hh | 76 +++-
+ src/OT/Layout/GPOS/MarkLigPosFormat1.hh | 24 ++--
+ src/hb-ot-layout-gsubgpos.hh | 5 +-
+ 3 files changed, 69 insertions(+), 36 deletions(-)
+
+diff --git a/src/OT/Layout/GPOS/MarkBasePosFormat1.hh
b/src/OT/Layout/GPOS/MarkBasePosFormat1.hh
+index ebb8c31..73839a4 100644
+--- a/src/OT/Layout/GPOS/MarkBasePosFormat1.hh
b/src/OT/Layout/GPOS/MarkBasePosFormat1.hh
+@@ -90,6 +90,25 @@ struct MarkBasePosFormat1_2
+
+ const Coverage &get_coverage () const { return this+markCoverage; }
+
++ static inline bool accept (hb_buffer_t *buffer, unsigned idx)
++ {
++/* We only want to attach to the first of a MultipleSubst sequence.
++ * https://github.com/harfbuzz/harfbuzz/issues/740
++ * Reject others...
++ * ...but stop if we find a mark in the MultipleSubst sequence:
++ * https://github.com/harfbuzz/harfbuzz/issues/1020 */
++return !_hb_glyph_info_multiplied (&buffer->info[idx]) ||
++ 0 == _hb_glyph_info_get_lig_comp (&buffer->info[idx]) ||
++ (idx == 0 ||
++ _hb_glyph_info_is_mark (&buffer->info[idx - 1]) ||
++ !_hb_glyph_info_multiplied (&buffer->info[idx - 1]) ||
++ _hb_glyph_info_get_lig_id (&buffer->info[idx]) !=
++ _hb_glyph_info_get_lig_id (&buffer->info[idx - 1]) ||
++ _hb_glyph_info_get_lig_comp (&buffer->info[idx]) !=
++ _hb_glyph_info_get_lig_comp (&buffer->info[idx - 1]) + 1
++ );
++ }
++
+ bool apply (hb_ot_apply_context_t *c) const
+ {
+ TRACE_APPLY (this);
+@@ -97,48 +116,47 @@ struct MarkBasePosFormat1_2
+ unsigned int mark_index = (this+markCoverage).get_coverage
(buffer->cur().codepoint);
+ if (likely (mark_index == NOT_COVERED)) return_trace (false);
+
+-/* Now we search backwards for a non-mark glyph */
++/* Now we search backwards for a non-mark glyph.
++ * We don't use skippy_iter.prev() to avoid O(n^2) behavior. */
++
+ hb_ot_apply_context_t::skipping_iterator_t &skippy_iter = c->iter_input;
+-skippy_iter.reset (buffer->idx, 1);
+ skippy_iter.set_lookup_props (LookupFlag::IgnoreMarks);
+-do {
+- unsigned unsafe_from;
+- if (!skippy_iter.prev (&unsafe_from))
++
++unsigned j;
++for (j = buffer->idx; j > c->last_base_until; j--)
++{
++ auto match = skippy_iter.match (buffer->info[j - 1]);
++ if (match == skippy_iter.MATCH)
+ {
+-buffer->unsafe_to_concat_from_outbuffer (unsafe_from, buffer->idx +
1);
+-return_trace (false);
++ if (!accept (buffer, j - 1))
++match = skippy_iter.SKIP;
+ }
++ if (match == skippy_iter.MATCH)
++ {
++ c->last_base = (signed) j - 1;
++ break;
++ }
++}
++c->last_base_until = buffer->idx;
++if (c->last_base == -1)
++{
++ buffer->unsafe_to_concat_from_outbuffer (0, buffer->idx + 1);
++ return_trace (false);
++}
+
+- /* We only want to attach to the first of a MultipleSubst sequence.
+- * https://github.com/harfbuzz/harfbuzz/issues/740
+- * Reject others...
+- * ...but stop if we find a mark in the MultipleSubst sequence:
+- * https://github.com/harfbuzz/harfbuzz/issues/1020 */
+- if (!_hb_glyph_info_multiplied (&buffer->info[skippy_iter.idx]) ||
+- 0 == _hb_glyph_info_get_lig_comp (&buffer->info[skippy_iter.idx]) ||
+- (skippy_iter.idx == 0 ||
+- _hb_glyph_info_is_mark (&buffer->info[skippy_iter.idx - 1]) ||
+- !_hb_glyph_info_multiplied (&buffer->info[skippy_iter.idx - 1]) ||
+- _hb_glyph_info_get_lig_id (&buffer->info[skippy_iter.idx]) !=
+- _hb_glyph_info_get_lig_id (&buffer->info[skippy_iter.idx - 1]) ||
+- _hb_glyph_info_get_lig_comp (&buffer->info[skippy_iter.i
[OE-core] base-files: any reason hosts contains localhost.localdomain
Currently the hosts file (meta/recipes-core/base-files/base-files/hosts) contains the entry: 127.0.0.1 localhost.localdomain localhost This seems to be based on Debian, however it seems they've long since reverted the entry to just "localhost". https://salsa.debian.org/installer-team/netcfg/-/commit/3c15ee521b2b8f47b34ccc7f610523cd284f2221 I came across this issue as a call to java.net.InetAddress.getHostName() returned localhost.localdomain which wasn't the expected value. Because of this I was wondering what/if there is a reason we still have it included as it is? Sincerely, Jermain Horsman -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#178340): https://lists.openembedded.org/g/openembedded-core/message/178340 Mute This Topic: https://lists.openembedded.org/mt/97522170/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core][dunfell][PATCH] curl: Fix CVE CVE-2021-22897
On Fri, Mar 10, 2023 at 4:49 AM Valek, Andrej wrote:
>
> Hello Steve,
>
> - patch
> - I'm fine with explanation
> - Cert error
> - for example here:
> https://autobuilder.yocto.io/pub/non-release/patchmetrics/cve-status-dunfell.txt
Thanks, I opened a ticket with the infrastructure support team.
Steve
> On Fri, 2023-03-10 at 04:40 -1000, Steve Sakoman wrote:
> > On Fri, Mar 10, 2023 at 3:09 AM Valek, Andrej
> > wrote:
> > >
> > > Hello again,
> > >
> > > Looks like that this patch showed some isses/open points:
> > > - CVE-2021-22897 is white-listed already, but in hardknott is fixed
> > > already
> > > https://github.com/openembedded/openembedded-core/blob/hardknott/meta/recipes-support/curl/curl/CVE-2021-22897.patch
> > > - So do we have to ignore the patch, or apply and remove the
> > > whitelist, or remove patch from hardknott?
> >
> > Hardknott is no longer being maintained, so nothing needs to be done
> > there.
> >
> > Since this is a Windows only bug ("It can only trigger when Schannel
> > is used, which is the native TLS library in Microsoft Windows") I
> > think the existing whitelist is fine and we don't need this
> > additional
> > patch.
> >
> > > - Https certificate at yocto.io has been expired ;)
> >
> > Can you give me the url which is giving the expired certificate
> > error?
> >
> > Thanks!
> >
> > Steve
> >
> > > Regards,
> > > Andrej
> > >
> > > On Fri, 2023-03-10 at 13:45 +0100, Andrej Valek wrote:
> > > > https://curl.se/docs/CVE-2021-22897.html
> > > >
> > > > Signed-off-by: Andrej Valek
> > > > ---
> > > > .../curl/curl/CVE-2021-22897.patch| 73
> > > > +++
> > > > meta/recipes-support/curl/curl_7.69.1.bb | 1 +
> > > > 2 files changed, 74 insertions(+)
> > > > create mode 100644 meta/recipes-support/curl/curl/CVE-2021-
> > > > 22897.patch
> > > >
> > > > diff --git a/meta/recipes-support/curl/curl/CVE-2021-22897.patch
> > > > b/meta/recipes-support/curl/curl/CVE-2021-22897.patch
> > > > new file mode 100644
> > > > index 00..cbd6c067ce
> > > > --- /dev/null
> > > > +++ b/meta/recipes-support/curl/curl/CVE-2021-22897.patch
> > > > @@ -0,0 +1,73 @@
> > > > +From bbb71507b7bab52002f9b1e0880bed6a32834511 Mon Sep 17
> > > > 00:00:00
> > > > 2001
> > > > +From: Daniel Stenberg
> > > > +Date: Fri, 23 Apr 2021 10:54:10 +0200
> > > > +Subject: [PATCH] schannel: don't use static to store selected
> > > > ciphers
> > > > +
> > > > +CVE-2021-22897
> > > > +
> > > > +Bug: https://curl.se/docs/CVE-2021-22897.html
> > > > +
> > > > +Upstream-Status: Backport
> > > > +[
> > > > https://github.com/curl/curl/commit/bbb71507b7bab52002f9b1e0880bed6a3
> > > > 2834511]
> > > > +
> > > > +CVE: CVE-2021-22897
> > > > +
> > > > +Signed-off-by: Daniel Stenberg
> > > > +Signed-off-by: Khairul Rohaizzat Jamaluddin
> > > >
> > > > +Signed-off-by: Andrej Valek
> > > > +---
> > > > + lib/vtls/schannel.c | 9 +
> > > > + lib/vtls/schannel.h | 3 +++
> > > > + 2 files changed, 8 insertions(+), 4 deletions(-)
> > > > +
> > > > +diff --git a/lib/vtls/schannel.c b/lib/vtls/schannel.c
> > > > +index 8c25ac5dd5a5..dba7072273a9 100644
> > > > +--- a/lib/vtls/schannel.c
> > > > b/lib/vtls/schannel.c
> > > > +@@ -322,12 +322,12 @@ get_alg_id_by_name(char *name)
> > > > + }
> > > > +
> > > > + static CURLcode
> > > > +-set_ssl_ciphers(SCHANNEL_CRED *schannel_cred, char *ciphers)
> > > > ++set_ssl_ciphers(SCHANNEL_CRED *schannel_cred, char *ciphers,
> > > > ++int *algIds)
> > > > + {
> > > > + char *startCur = ciphers;
> > > > + int algCount = 0;
> > > > +- static ALG_ID algIds[45]; /*There are 45 listed in the MS
> > > > headers*/
> > > > +- while(startCur && (0 != *startCur) && (algCount < 45)) {
> > > > ++ while(startCur && (0 != *startCur) && (algCount <
> > > > NUMOF_CIPHERS))
> > > > {
> > > > + long alg = strtol(startCur, 0, 0);
> > > > + if(!alg)
> > > > + alg = get_alg_id_by_name(startCur);
> > > > +@@ -566,7 +566,8 @@ schannel_connect_step1(struct connectdat
> > > > + }
> > > > +
> > > > + if(SSL_CONN_CONFIG(cipher_list)) {
> > > > +- result = set_ssl_ciphers(&schannel_cred,
> > > > SSL_CONN_CONFIG(cipher_list));
> > > > ++ result = set_ssl_ciphers(&schannel_cred,
> > > > SSL_CONN_CONFIG(cipher_list),
> > > > ++ BACKEND->algIds);
> > > > + if(CURLE_OK != result) {
> > > > + failf(data, "Unable to set ciphers to passed via
> > > > SSL_CONN_CONFIG");
> > > > + return result;
> > > > +diff --git a/lib/vtls/schannel.h b/lib/vtls/schannel.h
> > > > +index 2952caa1a5a1..77853aa30f96 100644
> > > > +--- a/lib/vtls/schannel.h
> > > > b/lib/vtls/schannel.h
> > > > +@@ -70,6 +70,8 @@ CURLcode Curl_verify_certificate(struct
> > > > + #endif
> > > > + #endif
> > > > +
> > > > ++#define NUMOF_CIPHERS 45 /* There are 45 listed in the MS
> > > > headers
> > > > */
> > > > ++
> > > > + struct curl_schannel_cred {
> > > > + CredHandle cred_handle;
> > >
Re: [OE-core][dunfell][PATCH] curl: Fix CVE CVE-2021-22897
Hello Steve,
- patch
- I'm fine with explanation
- Cert error
- for example here:
https://autobuilder.yocto.io/pub/non-release/patchmetrics/cve-status-dunfell.txt
Regards,
Andrej
On Fri, 2023-03-10 at 04:40 -1000, Steve Sakoman wrote:
> On Fri, Mar 10, 2023 at 3:09 AM Valek, Andrej
> wrote:
> >
> > Hello again,
> >
> > Looks like that this patch showed some isses/open points:
> > - CVE-2021-22897 is white-listed already, but in hardknott is fixed
> > already
> > https://github.com/openembedded/openembedded-core/blob/hardknott/meta/recipes-support/curl/curl/CVE-2021-22897.patch
> > - So do we have to ignore the patch, or apply and remove the
> > whitelist, or remove patch from hardknott?
>
> Hardknott is no longer being maintained, so nothing needs to be done
> there.
>
> Since this is a Windows only bug ("It can only trigger when Schannel
> is used, which is the native TLS library in Microsoft Windows") I
> think the existing whitelist is fine and we don't need this
> additional
> patch.
>
> > - Https certificate at yocto.io has been expired ;)
>
> Can you give me the url which is giving the expired certificate
> error?
>
> Thanks!
>
> Steve
>
> > Regards,
> > Andrej
> >
> > On Fri, 2023-03-10 at 13:45 +0100, Andrej Valek wrote:
> > > https://curl.se/docs/CVE-2021-22897.html
> > >
> > > Signed-off-by: Andrej Valek
> > > ---
> > > .../curl/curl/CVE-2021-22897.patch | 73
> > > +++
> > > meta/recipes-support/curl/curl_7.69.1.bb | 1 +
> > > 2 files changed, 74 insertions(+)
> > > create mode 100644 meta/recipes-support/curl/curl/CVE-2021-
> > > 22897.patch
> > >
> > > diff --git a/meta/recipes-support/curl/curl/CVE-2021-22897.patch
> > > b/meta/recipes-support/curl/curl/CVE-2021-22897.patch
> > > new file mode 100644
> > > index 00..cbd6c067ce
> > > --- /dev/null
> > > +++ b/meta/recipes-support/curl/curl/CVE-2021-22897.patch
> > > @@ -0,0 +1,73 @@
> > > +From bbb71507b7bab52002f9b1e0880bed6a32834511 Mon Sep 17
> > > 00:00:00
> > > 2001
> > > +From: Daniel Stenberg
> > > +Date: Fri, 23 Apr 2021 10:54:10 +0200
> > > +Subject: [PATCH] schannel: don't use static to store selected
> > > ciphers
> > > +
> > > +CVE-2021-22897
> > > +
> > > +Bug: https://curl.se/docs/CVE-2021-22897.html
> > > +
> > > +Upstream-Status: Backport
> > > +[
> > > https://github.com/curl/curl/commit/bbb71507b7bab52002f9b1e0880bed6a3
> > > 2834511]
> > > +
> > > +CVE: CVE-2021-22897
> > > +
> > > +Signed-off-by: Daniel Stenberg
> > > +Signed-off-by: Khairul Rohaizzat Jamaluddin
> > >
> > > +Signed-off-by: Andrej Valek
> > > +---
> > > + lib/vtls/schannel.c | 9 +
> > > + lib/vtls/schannel.h | 3 +++
> > > + 2 files changed, 8 insertions(+), 4 deletions(-)
> > > +
> > > +diff --git a/lib/vtls/schannel.c b/lib/vtls/schannel.c
> > > +index 8c25ac5dd5a5..dba7072273a9 100644
> > > +--- a/lib/vtls/schannel.c
> > > b/lib/vtls/schannel.c
> > > +@@ -322,12 +322,12 @@ get_alg_id_by_name(char *name)
> > > + }
> > > +
> > > + static CURLcode
> > > +-set_ssl_ciphers(SCHANNEL_CRED *schannel_cred, char *ciphers)
> > > ++set_ssl_ciphers(SCHANNEL_CRED *schannel_cred, char *ciphers,
> > > ++ int *algIds)
> > > + {
> > > + char *startCur = ciphers;
> > > + int algCount = 0;
> > > +- static ALG_ID algIds[45]; /*There are 45 listed in the MS
> > > headers*/
> > > +- while(startCur && (0 != *startCur) && (algCount < 45)) {
> > > ++ while(startCur && (0 != *startCur) && (algCount <
> > > NUMOF_CIPHERS))
> > > {
> > > + long alg = strtol(startCur, 0, 0);
> > > + if(!alg)
> > > + alg = get_alg_id_by_name(startCur);
> > > +@@ -566,7 +566,8 @@ schannel_connect_step1(struct connectdat
> > > + }
> > > +
> > > + if(SSL_CONN_CONFIG(cipher_list)) {
> > > +- result = set_ssl_ciphers(&schannel_cred,
> > > SSL_CONN_CONFIG(cipher_list));
> > > ++ result = set_ssl_ciphers(&schannel_cred,
> > > SSL_CONN_CONFIG(cipher_list),
> > > ++ BACKEND->algIds);
> > > + if(CURLE_OK != result) {
> > > + failf(data, "Unable to set ciphers to passed via
> > > SSL_CONN_CONFIG");
> > > + return result;
> > > +diff --git a/lib/vtls/schannel.h b/lib/vtls/schannel.h
> > > +index 2952caa1a5a1..77853aa30f96 100644
> > > +--- a/lib/vtls/schannel.h
> > > b/lib/vtls/schannel.h
> > > +@@ -70,6 +70,8 @@ CURLcode Curl_verify_certificate(struct
> > > + #endif
> > > + #endif
> > > +
> > > ++#define NUMOF_CIPHERS 45 /* There are 45 listed in the MS
> > > headers
> > > */
> > > ++
> > > + struct curl_schannel_cred {
> > > + CredHandle cred_handle;
> > > + TimeStamp time_stamp;
> > > +@@ -101,6 +103,7 @@ struct ssl_backend_data {
> > > + #ifdef HAS_MANUAL_VERIFY_API
> > > + bool use_manual_cred_validation; /* true if manual cred
> > > validation is used */
> > > + #endif
> > > ++ ALG_ID algIds[NUMOF_CIPHERS];
> > > + };
> > > + #endif /* EXPOSE_SCHANNEL_INTERNAL_STRUCTS */
> > > +
> > > diff --git a/meta/recipes-sup
Re: [OE-core][dunfell][PATCH] curl: Fix CVE CVE-2021-22897
On Fri, Mar 10, 2023 at 3:09 AM Valek, Andrej wrote:
>
> Hello again,
>
> Looks like that this patch showed some isses/open points:
> - CVE-2021-22897 is white-listed already, but in hardknott is fixed
> already
> https://github.com/openembedded/openembedded-core/blob/hardknott/meta/recipes-support/curl/curl/CVE-2021-22897.patch
> - So do we have to ignore the patch, or apply and remove the
> whitelist, or remove patch from hardknott?
Hardknott is no longer being maintained, so nothing needs to be done there.
Since this is a Windows only bug ("It can only trigger when Schannel
is used, which is the native TLS library in Microsoft Windows") I
think the existing whitelist is fine and we don't need this additional
patch.
> - Https certificate at yocto.io has been expired ;)
Can you give me the url which is giving the expired certificate error?
Thanks!
Steve
> Regards,
> Andrej
>
> On Fri, 2023-03-10 at 13:45 +0100, Andrej Valek wrote:
> > https://curl.se/docs/CVE-2021-22897.html
> >
> > Signed-off-by: Andrej Valek
> > ---
> > .../curl/curl/CVE-2021-22897.patch| 73
> > +++
> > meta/recipes-support/curl/curl_7.69.1.bb | 1 +
> > 2 files changed, 74 insertions(+)
> > create mode 100644 meta/recipes-support/curl/curl/CVE-2021-
> > 22897.patch
> >
> > diff --git a/meta/recipes-support/curl/curl/CVE-2021-22897.patch
> > b/meta/recipes-support/curl/curl/CVE-2021-22897.patch
> > new file mode 100644
> > index 00..cbd6c067ce
> > --- /dev/null
> > +++ b/meta/recipes-support/curl/curl/CVE-2021-22897.patch
> > @@ -0,0 +1,73 @@
> > +From bbb71507b7bab52002f9b1e0880bed6a32834511 Mon Sep 17 00:00:00
> > 2001
> > +From: Daniel Stenberg
> > +Date: Fri, 23 Apr 2021 10:54:10 +0200
> > +Subject: [PATCH] schannel: don't use static to store selected
> > ciphers
> > +
> > +CVE-2021-22897
> > +
> > +Bug: https://curl.se/docs/CVE-2021-22897.html
> > +
> > +Upstream-Status: Backport
> > +[
> > https://github.com/curl/curl/commit/bbb71507b7bab52002f9b1e0880bed6a3
> > 2834511]
> > +
> > +CVE: CVE-2021-22897
> > +
> > +Signed-off-by: Daniel Stenberg
> > +Signed-off-by: Khairul Rohaizzat Jamaluddin
> >
> > +Signed-off-by: Andrej Valek
> > +---
> > + lib/vtls/schannel.c | 9 +
> > + lib/vtls/schannel.h | 3 +++
> > + 2 files changed, 8 insertions(+), 4 deletions(-)
> > +
> > +diff --git a/lib/vtls/schannel.c b/lib/vtls/schannel.c
> > +index 8c25ac5dd5a5..dba7072273a9 100644
> > +--- a/lib/vtls/schannel.c
> > b/lib/vtls/schannel.c
> > +@@ -322,12 +322,12 @@ get_alg_id_by_name(char *name)
> > + }
> > +
> > + static CURLcode
> > +-set_ssl_ciphers(SCHANNEL_CRED *schannel_cred, char *ciphers)
> > ++set_ssl_ciphers(SCHANNEL_CRED *schannel_cred, char *ciphers,
> > ++int *algIds)
> > + {
> > + char *startCur = ciphers;
> > + int algCount = 0;
> > +- static ALG_ID algIds[45]; /*There are 45 listed in the MS
> > headers*/
> > +- while(startCur && (0 != *startCur) && (algCount < 45)) {
> > ++ while(startCur && (0 != *startCur) && (algCount < NUMOF_CIPHERS))
> > {
> > + long alg = strtol(startCur, 0, 0);
> > + if(!alg)
> > + alg = get_alg_id_by_name(startCur);
> > +@@ -566,7 +566,8 @@ schannel_connect_step1(struct connectdat
> > + }
> > +
> > + if(SSL_CONN_CONFIG(cipher_list)) {
> > +- result = set_ssl_ciphers(&schannel_cred,
> > SSL_CONN_CONFIG(cipher_list));
> > ++ result = set_ssl_ciphers(&schannel_cred,
> > SSL_CONN_CONFIG(cipher_list),
> > ++ BACKEND->algIds);
> > + if(CURLE_OK != result) {
> > + failf(data, "Unable to set ciphers to passed via
> > SSL_CONN_CONFIG");
> > + return result;
> > +diff --git a/lib/vtls/schannel.h b/lib/vtls/schannel.h
> > +index 2952caa1a5a1..77853aa30f96 100644
> > +--- a/lib/vtls/schannel.h
> > b/lib/vtls/schannel.h
> > +@@ -70,6 +70,8 @@ CURLcode Curl_verify_certificate(struct
> > + #endif
> > + #endif
> > +
> > ++#define NUMOF_CIPHERS 45 /* There are 45 listed in the MS headers
> > */
> > ++
> > + struct curl_schannel_cred {
> > + CredHandle cred_handle;
> > + TimeStamp time_stamp;
> > +@@ -101,6 +103,7 @@ struct ssl_backend_data {
> > + #ifdef HAS_MANUAL_VERIFY_API
> > + bool use_manual_cred_validation; /* true if manual cred
> > validation is used */
> > + #endif
> > ++ ALG_ID algIds[NUMOF_CIPHERS];
> > + };
> > + #endif /* EXPOSE_SCHANNEL_INTERNAL_STRUCTS */
> > +
> > diff --git a/meta/recipes-support/curl/curl_7.69.1.bb b/meta/recipes-
> > support/curl/curl_7.69.1.bb
> > index ea36c0bd3d..384719dd15 100644
> > --- a/meta/recipes-support/curl/curl_7.69.1.bb
> > +++ b/meta/recipes-support/curl/curl_7.69.1.bb
> > @@ -19,6 +19,7 @@ SRC_URI =
> > "https://curl.haxx.se/download/curl-${PV}.tar.bz2 \
> > file://CVE-2020-8286.patch \
> > file://CVE-2021-22876.patch \
> > file://CVE-2021-22890.patch \
> > + file://CVE-2021-22897.patch \
> > file://CVE-2021-22898.patch \
> >
Re: [OE-core][langdale 06/27] cve-extra-exclusions: ignore inapplicable linux-yocto CVEs
On Thu, Mar 9, 2023 at 10:24 PM Geoffrey GIRY wrote: > > Le jeu. 9 mars 2023 à 23:58, Steve Sakoman a écrit : > > > > From: Geoffrey GIRY > > > > Multiple CVE are patched in kernel but appears as active because the NVD > > database is not up to date. > > > > CVE are ignored if and only if all versions of kernel used by master are > > patched. > > > > Also ignore CVEs with wrong CPE (applied to kernel but actually are for > > another package) > > > > Signed-off-by: Geoffrey GIRY > > Reviewed-by: Yoann Congal > > Signed-off-by: Richard Purdie > > (cherry picked from commit 92770a08c04a6c1eb351231d937b16e76558f013) > > Signed-off-by: Steve Sakoman > > --- > > .../distro/include/cve-extra-exclusions.inc | 296 ++ > > 1 file changed, 296 insertions(+) > > > > diff --git a/meta/conf/distro/include/cve-extra-exclusions.inc > > b/meta/conf/distro/include/cve-extra-exclusions.inc > > index 8b5f8d49b8..a281a8ac65 100644 > > --- a/meta/conf/distro/include/cve-extra-exclusions.inc > > +++ b/meta/conf/distro/include/cve-extra-exclusions.inc > > @@ -78,9 +78,34 @@ CVE_CHECK_IGNORE += "CVE-2018-126 CVE-2018-10840 > > CVE-2018-10876 CVE-2018-108 > > CVE_CHECK_IGNORE += "CVE-2019-10126 CVE-2019-14899 CVE-2019-18910 > > CVE-2019-3016 CVE-2019-3819 CVE-2019-3846 CVE-2019-3887" > > # 2020 > > CVE_CHECK_IGNORE += "CVE-2020-10732 CVE-2020-10742 CVE-2020-16119 > > CVE-2020-1749 CVE-2020-25672 CVE-2020-27820 CVE-2020-35501 CVE-2020-8834" > > + > > +# https://nvd.nist.gov/vuln/detail/CVE-2020-27784 > > +# Introduced in version v4.1 b26394bd567e5ebe57ec4dee7fe6cd14023c96e9 > > +# Patched in kernel since v5.10 > > e8d5f92b8d30bb4ade76494490c3c065e12411b1 > > +# Backported in version v5.4.73 > > e9e791f5c39ab30e374a3b1a9c25ca7ff24988f3 > > +CVE_CHECK_IGNORE += "CVE-2020-27784" > > + > > # 2021 > > CVE_CHECK_IGNORE += "CVE-2021-20194 CVE-2021-20226 CVE-2021-20265 > > CVE-2021-3564 CVE-2021-3743 CVE-2021-3847 CVE-2021-4002 \ > > CVE-2021-4090 CVE-2021-4095 CVE-2021-4197 > > CVE-2021-4202 CVE-2021-44879 CVE-2021-45402" > > + > > +# https://nvd.nist.gov/vuln/detail/CVE-2021-3669 > > +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 > > +# Patched in kernel since v5.15 20401d1058f3f841f35a594ac2fc1293710e55b9 > > +CVE_CHECK_IGNORE += "CVE-2021-3669" > > + > > +# https://nvd.nist.gov/vuln/detail/CVE-2021-3759 > > +# Introduced in version v4.5 a9bb7e620efdfd29b6d1c238041173e411670996 > > +# Patched in kernel since v5.15 18319498fdd4cdf8c1c2c48cd432863b1f915d6f > > +# Backported in version v5.4.224 bad83d55134e647a739ebef2082541963f2cbc92 > > +# Backported in version v5.10.154 836686e1a01d7e2fda6a5a18252243ff30a6e196 > > +CVE_CHECK_IGNORE += "CVE-2021-3759" > > + > > +# https://nvd.nist.gov/vuln/detail/CVE-2021-4218 > > +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 > > +# Patched in kernel since v5.8 32927393dc1ccd60fb2bdc05b9e8e88753761469 > > +CVE_CHECK_IGNORE += "CVE-2021-4218" > > + > > # 2022 > > CVE_CHECK_IGNORE += "CVE-2022-0185 CVE-2022-0264 CVE-2022-0286 > > CVE-2022-0330 CVE-2022-0382 CVE-2022-0433 CVE-2022-0435 \ > > CVE-2022-0492 CVE-2022-0494 CVE-2022-0500 > > CVE-2022-0516 CVE-2022-0617 CVE-2022-0742 CVE-2022-0854 \ > > @@ -90,6 +115,277 @@ CVE_CHECK_IGNORE += "CVE-2022-0185 CVE-2022-0264 > > CVE-2022-0286 CVE-2022-0330 CVE > > CVE-2022-28356 CVE-2022-28388 CVE-2022-28389 > > CVE-2022-28390 CVE-2022-28796 CVE-2022-28893 CVE-2022-29156 \ > > CVE-2022-29582 CVE-2022-29968" > > > > +# https://nvd.nist.gov/vuln/detail/CVE-2022-0480 > > +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 > > +# Patched in kernel since v5.15 0f12156dff2862ac54235fc72703f18770769042 > > +CVE_CHECK_IGNORE += "CVE-2022-0480" > > + > > +# https://nvd.nist.gov/vuln/detail/CVE-2022-1184 > > +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 > > +# Patched in kernel since v5.19 46c116b920ebec58031f0a78c5ea9599b0d2a371 > > +# Backported in version v5.4.198 17034d45ec443fb0e3c0e7297f9cd10f70446064 > > +# Backported in version v5.10.121 da2f05919238c7bdc6e28c79539f55c8355408bb > > +# Backported in version v5.15.46 ca17db384762be0ec38373a12460081d22a8b42d > > +CVE_CHECK_IGNORE += "CVE-2022-1184" > > + > > +# https://nvd.nist.gov/vuln/detail/CVE-2022-1462 > > +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 > > +# Patched in kernel since v5.19 a501ab75e7624d133a5a3c7ec010687c8b961d23 > > +# Backported in version v5.4.208 f7785092cb7f022f59ebdaa181651f7c877df132 > > +# Backported in version v5.10.134 08afa87f58d83dfe040572ed591b47e8cb9e225c > > +# Backported in version v5.15.58 b2d1e4cd558cffec6bfe318f5d74e6cffc374d29 > > +CVE_CHECK_IGNORE += "CVE-2022-1462" > > + > > +# https://nvd.nist.gov/vuln/detail/CVE-2022-2308 > > +# Introduced in version v5.15 c8a6153b6c59d95c0e091f053f6f180952ade91e >
Re: [OE-core] [PATCH 13/26] ffmpeg: update 5.1.2 -> 6.0
On Thu, 9 Mar 2023 at 17:05, Alexander Kanavin via lists.openembedded.org wrote: > meta-oe build is running. Let's see what falls out. > https://autobuilder.yoctoproject.org/typhoon/#/builders/88/builds/2543 Ok, this build is not representative because it runs without the needed 'commercial' license flags, and so ffmpeg is not included. I ran the same thing locally with that enabled, and I can reassure everyone, there's no fallout. I got two fails, but the same two fails happen with poky master, and are unrelated. Alex -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#178335): https://lists.openembedded.org/g/openembedded-core/message/178335 Mute This Topic: https://lists.openembedded.org/mt/97497976/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] libpam: Remove flex dependency
From: Martin Larsson
libpam does not have a direct build time dependency toward flex.
The libpam code does not have any references to the lib and does not use
flex for anything else at runtime.
Signed-off-by: Martin Larsson
---
meta/recipes-extended/pam/libpam_1.5.2.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-extended/pam/libpam_1.5.2.bb
b/meta/recipes-extended/pam/libpam_1.5.2.bb
index 3be879082e..5197f18132 100644
--- a/meta/recipes-extended/pam/libpam_1.5.2.bb
+++ b/meta/recipes-extended/pam/libpam_1.5.2.bb
@@ -29,7 +29,7 @@ SRC_URI =
"${GITHUB_BASE_URI}/download/v${PV}/Linux-PAM-${PV}.tar.xz \
SRC_URI[sha256sum] =
"e4ec7131a91da44512574268f493c6d8ca105c87091691b8e9b56ca685d4f94d"
-DEPENDS = "bison-native flex flex-native cracklib libxml2-native virtual/crypt"
+DEPENDS = "bison-native flex-native cracklib libxml2-native virtual/crypt"
EXTRA_OECONF = "--includedir=${includedir}/security \
--libdir=${base_libdir} \
--
2.39.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#178334):
https://lists.openembedded.org/g/openembedded-core/message/178334
Mute This Topic: https://lists.openembedded.org/mt/97519336/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core][dunfell][PATCH] curl: Fix CVE CVE-2021-22897
Hello again,
Looks like that this patch showed some isses/open points:
- CVE-2021-22897 is white-listed already, but in hardknott is fixed
already
https://github.com/openembedded/openembedded-core/blob/hardknott/meta/recipes-support/curl/curl/CVE-2021-22897.patch
- So do we have to ignore the patch, or apply and remove the
whitelist, or remove patch from hardknott?
- Https certificate at yocto.io has been expired ;)
Regards,
Andrej
On Fri, 2023-03-10 at 13:45 +0100, Andrej Valek wrote:
> https://curl.se/docs/CVE-2021-22897.html
>
> Signed-off-by: Andrej Valek
> ---
> .../curl/curl/CVE-2021-22897.patch | 73
> +++
> meta/recipes-support/curl/curl_7.69.1.bb | 1 +
> 2 files changed, 74 insertions(+)
> create mode 100644 meta/recipes-support/curl/curl/CVE-2021-
> 22897.patch
>
> diff --git a/meta/recipes-support/curl/curl/CVE-2021-22897.patch
> b/meta/recipes-support/curl/curl/CVE-2021-22897.patch
> new file mode 100644
> index 00..cbd6c067ce
> --- /dev/null
> +++ b/meta/recipes-support/curl/curl/CVE-2021-22897.patch
> @@ -0,0 +1,73 @@
> +From bbb71507b7bab52002f9b1e0880bed6a32834511 Mon Sep 17 00:00:00
> 2001
> +From: Daniel Stenberg
> +Date: Fri, 23 Apr 2021 10:54:10 +0200
> +Subject: [PATCH] schannel: don't use static to store selected
> ciphers
> +
> +CVE-2021-22897
> +
> +Bug: https://curl.se/docs/CVE-2021-22897.html
> +
> +Upstream-Status: Backport
> +[
> https://github.com/curl/curl/commit/bbb71507b7bab52002f9b1e0880bed6a3
> 2834511]
> +
> +CVE: CVE-2021-22897
> +
> +Signed-off-by: Daniel Stenberg
> +Signed-off-by: Khairul Rohaizzat Jamaluddin
>
> +Signed-off-by: Andrej Valek
> +---
> + lib/vtls/schannel.c | 9 +
> + lib/vtls/schannel.h | 3 +++
> + 2 files changed, 8 insertions(+), 4 deletions(-)
> +
> +diff --git a/lib/vtls/schannel.c b/lib/vtls/schannel.c
> +index 8c25ac5dd5a5..dba7072273a9 100644
> +--- a/lib/vtls/schannel.c
> b/lib/vtls/schannel.c
> +@@ -322,12 +322,12 @@ get_alg_id_by_name(char *name)
> + }
> +
> + static CURLcode
> +-set_ssl_ciphers(SCHANNEL_CRED *schannel_cred, char *ciphers)
> ++set_ssl_ciphers(SCHANNEL_CRED *schannel_cred, char *ciphers,
> ++ int *algIds)
> + {
> + char *startCur = ciphers;
> + int algCount = 0;
> +- static ALG_ID algIds[45]; /*There are 45 listed in the MS
> headers*/
> +- while(startCur && (0 != *startCur) && (algCount < 45)) {
> ++ while(startCur && (0 != *startCur) && (algCount < NUMOF_CIPHERS))
> {
> + long alg = strtol(startCur, 0, 0);
> + if(!alg)
> + alg = get_alg_id_by_name(startCur);
> +@@ -566,7 +566,8 @@ schannel_connect_step1(struct connectdat
> + }
> +
> + if(SSL_CONN_CONFIG(cipher_list)) {
> +- result = set_ssl_ciphers(&schannel_cred,
> SSL_CONN_CONFIG(cipher_list));
> ++ result = set_ssl_ciphers(&schannel_cred,
> SSL_CONN_CONFIG(cipher_list),
> ++ BACKEND->algIds);
> + if(CURLE_OK != result) {
> + failf(data, "Unable to set ciphers to passed via
> SSL_CONN_CONFIG");
> + return result;
> +diff --git a/lib/vtls/schannel.h b/lib/vtls/schannel.h
> +index 2952caa1a5a1..77853aa30f96 100644
> +--- a/lib/vtls/schannel.h
> b/lib/vtls/schannel.h
> +@@ -70,6 +70,8 @@ CURLcode Curl_verify_certificate(struct
> + #endif
> + #endif
> +
> ++#define NUMOF_CIPHERS 45 /* There are 45 listed in the MS headers
> */
> ++
> + struct curl_schannel_cred {
> + CredHandle cred_handle;
> + TimeStamp time_stamp;
> +@@ -101,6 +103,7 @@ struct ssl_backend_data {
> + #ifdef HAS_MANUAL_VERIFY_API
> + bool use_manual_cred_validation; /* true if manual cred
> validation is used */
> + #endif
> ++ ALG_ID algIds[NUMOF_CIPHERS];
> + };
> + #endif /* EXPOSE_SCHANNEL_INTERNAL_STRUCTS */
> +
> diff --git a/meta/recipes-support/curl/curl_7.69.1.bb b/meta/recipes-
> support/curl/curl_7.69.1.bb
> index ea36c0bd3d..384719dd15 100644
> --- a/meta/recipes-support/curl/curl_7.69.1.bb
> +++ b/meta/recipes-support/curl/curl_7.69.1.bb
> @@ -19,6 +19,7 @@ SRC_URI =
> "https://curl.haxx.se/download/curl-${PV}.tar.bz2 \
> file://CVE-2020-8286.patch \
> file://CVE-2021-22876.patch \
> file://CVE-2021-22890.patch \
> + file://CVE-2021-22897.patch \
> file://CVE-2021-22898.patch \
> file://CVE-2021-22924.patch \
> file://CVE-2021-22925.patch \
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#178333):
https://lists.openembedded.org/g/openembedded-core/message/178333
Mute This Topic: https://lists.openembedded.org/mt/97518402/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH] pypi.bbclass: Set SRC_URI downloadfilename with an optional prefix
2023. 03. 10. 13:45 keltezéssel, Alexander Kanavin írta:
Thanks, I like this better than changing the cmake recipe.
Thank you. I will resend the new module recipes against meta-oe soon.
Alex
On Fri, 10 Mar 2023 at 13:32, Zoltán Böszörményi wrote:
This allows avoiding clashes between source archives of a main
project and a pypi project using the same name and version.
The new optional setting is PYPI_ARCHIVE_NAME_PREFIX which is empty
by default so previous downloads can be used. Example usage:
PYPI_ARCHIVE_NAME_PREFIX = "pypi-"
Signed-off-by: Zoltán Böszörményi
---
meta/classes-recipe/pypi.bbclass | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/meta/classes-recipe/pypi.bbclass b/meta/classes-recipe/pypi.bbclass
index aab04c638f..f510bfed06 100644
--- a/meta/classes-recipe/pypi.bbclass
+++ b/meta/classes-recipe/pypi.bbclass
@@ -15,11 +15,13 @@ def pypi_package(d):
PYPI_PACKAGE ?= "${@pypi_package(d)}"
PYPI_PACKAGE_EXT ?= "tar.gz"
PYPI_ARCHIVE_NAME ?= "${PYPI_PACKAGE}-${PV}.${PYPI_PACKAGE_EXT}"
+PYPI_ARCHIVE_NAME_PREFIX ?= ""
def pypi_src_uri(d):
package = d.getVar('PYPI_PACKAGE')
archive_name = d.getVar('PYPI_ARCHIVE_NAME')
-return 'https://files.pythonhosted.org/packages/source/%s/%s/%s' %
(package[0], package, archive_name)
+archive_downloadname = d.getVar('PYPI_ARCHIVE_NAME_PREFIX') + archive_name
+return
'https://files.pythonhosted.org/packages/source/%s/%s/%s;downloadfilename=%s' %
(package[0], package, archive_name, archive_downloadname)
PYPI_SRC_URI ?= "${@pypi_src_uri(d)}"
--
2.39.2
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#178332):
https://lists.openembedded.org/g/openembedded-core/message/178332
Mute This Topic: https://lists.openembedded.org/mt/97518204/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell][PATCH] curl: Fix CVE CVE-2021-22897
https://curl.se/docs/CVE-2021-22897.html
Signed-off-by: Andrej Valek
---
.../curl/curl/CVE-2021-22897.patch| 73 +++
meta/recipes-support/curl/curl_7.69.1.bb | 1 +
2 files changed, 74 insertions(+)
create mode 100644 meta/recipes-support/curl/curl/CVE-2021-22897.patch
diff --git a/meta/recipes-support/curl/curl/CVE-2021-22897.patch
b/meta/recipes-support/curl/curl/CVE-2021-22897.patch
new file mode 100644
index 00..cbd6c067ce
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2021-22897.patch
@@ -0,0 +1,73 @@
+From bbb71507b7bab52002f9b1e0880bed6a32834511 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg
+Date: Fri, 23 Apr 2021 10:54:10 +0200
+Subject: [PATCH] schannel: don't use static to store selected ciphers
+
+CVE-2021-22897
+
+Bug: https://curl.se/docs/CVE-2021-22897.html
+
+Upstream-Status: Backport
+[https://github.com/curl/curl/commit/bbb71507b7bab52002f9b1e0880bed6a32834511]
+
+CVE: CVE-2021-22897
+
+Signed-off-by: Daniel Stenberg
+Signed-off-by: Khairul Rohaizzat Jamaluddin
+Signed-off-by: Andrej Valek
+---
+ lib/vtls/schannel.c | 9 +
+ lib/vtls/schannel.h | 3 +++
+ 2 files changed, 8 insertions(+), 4 deletions(-)
+
+diff --git a/lib/vtls/schannel.c b/lib/vtls/schannel.c
+index 8c25ac5dd5a5..dba7072273a9 100644
+--- a/lib/vtls/schannel.c
b/lib/vtls/schannel.c
+@@ -322,12 +322,12 @@ get_alg_id_by_name(char *name)
+ }
+
+ static CURLcode
+-set_ssl_ciphers(SCHANNEL_CRED *schannel_cred, char *ciphers)
++set_ssl_ciphers(SCHANNEL_CRED *schannel_cred, char *ciphers,
++int *algIds)
+ {
+ char *startCur = ciphers;
+ int algCount = 0;
+- static ALG_ID algIds[45]; /*There are 45 listed in the MS headers*/
+- while(startCur && (0 != *startCur) && (algCount < 45)) {
++ while(startCur && (0 != *startCur) && (algCount < NUMOF_CIPHERS)) {
+ long alg = strtol(startCur, 0, 0);
+ if(!alg)
+ alg = get_alg_id_by_name(startCur);
+@@ -566,7 +566,8 @@ schannel_connect_step1(struct connectdat
+ }
+
+ if(SSL_CONN_CONFIG(cipher_list)) {
+- result = set_ssl_ciphers(&schannel_cred, SSL_CONN_CONFIG(cipher_list));
++ result = set_ssl_ciphers(&schannel_cred, SSL_CONN_CONFIG(cipher_list),
++ BACKEND->algIds);
+ if(CURLE_OK != result) {
+ failf(data, "Unable to set ciphers to passed via SSL_CONN_CONFIG");
+ return result;
+diff --git a/lib/vtls/schannel.h b/lib/vtls/schannel.h
+index 2952caa1a5a1..77853aa30f96 100644
+--- a/lib/vtls/schannel.h
b/lib/vtls/schannel.h
+@@ -70,6 +70,8 @@ CURLcode Curl_verify_certificate(struct
+ #endif
+ #endif
+
++#define NUMOF_CIPHERS 45 /* There are 45 listed in the MS headers */
++
+ struct curl_schannel_cred {
+ CredHandle cred_handle;
+ TimeStamp time_stamp;
+@@ -101,6 +103,7 @@ struct ssl_backend_data {
+ #ifdef HAS_MANUAL_VERIFY_API
+ bool use_manual_cred_validation; /* true if manual cred validation is used
*/
+ #endif
++ ALG_ID algIds[NUMOF_CIPHERS];
+ };
+ #endif /* EXPOSE_SCHANNEL_INTERNAL_STRUCTS */
+
diff --git a/meta/recipes-support/curl/curl_7.69.1.bb
b/meta/recipes-support/curl/curl_7.69.1.bb
index ea36c0bd3d..384719dd15 100644
--- a/meta/recipes-support/curl/curl_7.69.1.bb
+++ b/meta/recipes-support/curl/curl_7.69.1.bb
@@ -19,6 +19,7 @@ SRC_URI = "https://curl.haxx.se/download/curl-${PV}.tar.bz2 \
file://CVE-2020-8286.patch \
file://CVE-2021-22876.patch \
file://CVE-2021-22890.patch \
+ file://CVE-2021-22897.patch \
file://CVE-2021-22898.patch \
file://CVE-2021-22924.patch \
file://CVE-2021-22925.patch \
--
2.39.2
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#178331):
https://lists.openembedded.org/g/openembedded-core/message/178331
Mute This Topic: https://lists.openembedded.org/mt/97518402/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH] pypi.bbclass: Set SRC_URI downloadfilename with an optional prefix
Thanks, I like this better than changing the cmake recipe.
Alex
On Fri, 10 Mar 2023 at 13:32, Zoltán Böszörményi wrote:
>
> This allows avoiding clashes between source archives of a main
> project and a pypi project using the same name and version.
>
> The new optional setting is PYPI_ARCHIVE_NAME_PREFIX which is empty
> by default so previous downloads can be used. Example usage:
>
> PYPI_ARCHIVE_NAME_PREFIX = "pypi-"
>
> Signed-off-by: Zoltán Böszörményi
> ---
> meta/classes-recipe/pypi.bbclass | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/meta/classes-recipe/pypi.bbclass
> b/meta/classes-recipe/pypi.bbclass
> index aab04c638f..f510bfed06 100644
> --- a/meta/classes-recipe/pypi.bbclass
> +++ b/meta/classes-recipe/pypi.bbclass
> @@ -15,11 +15,13 @@ def pypi_package(d):
> PYPI_PACKAGE ?= "${@pypi_package(d)}"
> PYPI_PACKAGE_EXT ?= "tar.gz"
> PYPI_ARCHIVE_NAME ?= "${PYPI_PACKAGE}-${PV}.${PYPI_PACKAGE_EXT}"
> +PYPI_ARCHIVE_NAME_PREFIX ?= ""
>
> def pypi_src_uri(d):
> package = d.getVar('PYPI_PACKAGE')
> archive_name = d.getVar('PYPI_ARCHIVE_NAME')
> -return 'https://files.pythonhosted.org/packages/source/%s/%s/%s' %
> (package[0], package, archive_name)
> +archive_downloadname = d.getVar('PYPI_ARCHIVE_NAME_PREFIX') +
> archive_name
> +return
> 'https://files.pythonhosted.org/packages/source/%s/%s/%s;downloadfilename=%s'
> % (package[0], package, archive_name, archive_downloadname)
>
> PYPI_SRC_URI ?= "${@pypi_src_uri(d)}"
>
> --
> 2.39.2
>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#178330):
https://lists.openembedded.org/g/openembedded-core/message/178330
Mute This Topic: https://lists.openembedded.org/mt/97518204/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] pypi.bbclass: Set SRC_URI downloadfilename with an optional prefix
This allows avoiding clashes between source archives of a main
project and a pypi project using the same name and version.
The new optional setting is PYPI_ARCHIVE_NAME_PREFIX which is empty
by default so previous downloads can be used. Example usage:
PYPI_ARCHIVE_NAME_PREFIX = "pypi-"
Signed-off-by: Zoltán Böszörményi
---
meta/classes-recipe/pypi.bbclass | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/meta/classes-recipe/pypi.bbclass b/meta/classes-recipe/pypi.bbclass
index aab04c638f..f510bfed06 100644
--- a/meta/classes-recipe/pypi.bbclass
+++ b/meta/classes-recipe/pypi.bbclass
@@ -15,11 +15,13 @@ def pypi_package(d):
PYPI_PACKAGE ?= "${@pypi_package(d)}"
PYPI_PACKAGE_EXT ?= "tar.gz"
PYPI_ARCHIVE_NAME ?= "${PYPI_PACKAGE}-${PV}.${PYPI_PACKAGE_EXT}"
+PYPI_ARCHIVE_NAME_PREFIX ?= ""
def pypi_src_uri(d):
package = d.getVar('PYPI_PACKAGE')
archive_name = d.getVar('PYPI_ARCHIVE_NAME')
-return 'https://files.pythonhosted.org/packages/source/%s/%s/%s' %
(package[0], package, archive_name)
+archive_downloadname = d.getVar('PYPI_ARCHIVE_NAME_PREFIX') + archive_name
+return
'https://files.pythonhosted.org/packages/source/%s/%s/%s;downloadfilename=%s' %
(package[0], package, archive_name, archive_downloadname)
PYPI_SRC_URI ?= "${@pypi_src_uri(d)}"
--
2.39.2
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#178329):
https://lists.openembedded.org/g/openembedded-core/message/178329
Mute This Topic: https://lists.openembedded.org/mt/97518204/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] image_types: fix multiubi var init
From: Romuald Jeanne
Make sure to expand all MKUBIFS_ARGS_ and UBINIZE_ARGS_ vars
in 'do_image_multiubi' task to use them to init the local 'mkubifs_args'
and 'ubinize_args' vars.
See [YOCTO #15065]
Signed-off-by: Romuald JEANNE
---
meta/classes-recipe/image_types.bbclass | 3 +++
1 file changed, 3 insertions(+)
diff --git a/meta/classes-recipe/image_types.bbclass
b/meta/classes-recipe/image_types.bbclass
index 764e6a5574..24948e05e3 100644
--- a/meta/classes-recipe/image_types.bbclass
+++ b/meta/classes-recipe/image_types.bbclass
@@ -208,7 +208,10 @@ multiubi_mkfs() {
fi
}
+MULTIUBI_ARGS = "MKUBIFS_ARGS UBINIZE_ARGS"
+
IMAGE_CMD:multiubi () {
+ ${@' '.join(['%s_%s="%s";' % (arg, name, d.getVar('%s_%s' % (arg,
name))) for arg in d.getVar('MULTIUBI_ARGS').split() for name in
d.getVar('MULTIUBI_BUILD').split()])}
# Split MKUBIFS_ARGS_ and UBINIZE_ARGS_
for name in ${MULTIUBI_BUILD}; do
eval local mkubifs_args=\"\$MKUBIFS_ARGS_${name}\"
--
2.17.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#178328):
https://lists.openembedded.org/g/openembedded-core/message/178328
Mute This Topic: https://lists.openembedded.org/mt/97516709/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [RFC] Add new python modules for building others
On Fri, 10 Mar 2023 at 11:21, Böszörményi Zoltán wrote: > > 2023. 03. 10. 11:15 keltezéssel, Alexander Kanavin írta: > > It would be good to actually test that these new recipes work > > properly; if they don't have consumers in oe-core, then such tests > > will not occur. Maybe meta-oe is a better place for now? > > Can you still take patch 1/4 into oe-core to avoid the clash > between cmake and python3-cmake if/when the new > modules are accepted into meta-oe? Of course. Alternatively you can fix the pypi class to allow setting 'extra parameters' in SRC_URI - I don't have a strong opinion, but I think cmake recipe has a stronger claim to the tarball name. Alex -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#178327): https://lists.openembedded.org/g/openembedded-core/message/178327 Mute This Topic: https://lists.openembedded.org/mt/97516343/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [RFC] Add new python modules for building others
2023. 03. 10. 11:15 keltezéssel, Alexander Kanavin írta: It would be good to actually test that these new recipes work properly; if they don't have consumers in oe-core, then such tests will not occur. Maybe meta-oe is a better place for now? Can you still take patch 1/4 into oe-core to avoid the clash between cmake and python3-cmake if/when the new modules are accepted into meta-oe? Alex On Fri, 10 Mar 2023 at 10:54, Zoltan Boszormenyi wrote: Some python modules use "import skbuild", "import cmake" or "import ninja" during their builds. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#178326): https://lists.openembedded.org/g/openembedded-core/message/178326 Mute This Topic: https://lists.openembedded.org/mt/97516343/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [RFC] Add new python modules for building others
It would be good to actually test that these new recipes work properly; if they don't have consumers in oe-core, then such tests will not occur. Maybe meta-oe is a better place for now? Alex On Fri, 10 Mar 2023 at 10:54, Zoltan Boszormenyi wrote: > > > Some python modules use "import skbuild", "import cmake" or > "import ninja" during their builds. > > > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#178325): https://lists.openembedded.org/g/openembedded-core/message/178325 Mute This Topic: https://lists.openembedded.org/mt/97516343/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [oe-core][RFC][PATCH 6/6] webkitgtk: update 2.38.5 -> 2.39.91
Thanks for working on this. Webkit nowadays tracks submissions on
github, but you are not supposed to send there directly; instead
there's custom scripting in webkit's source tree:
https://webkit.org/contributing-code/
Alex
On Thu, 9 Mar 2023 at 21:42, Markus Volk wrote:
>
> This will be required changes for the upcoming gnome release
>
> Am Do, 9. Mär 2023 um 21:39:33 +0100 schrieb Markus Volk :
>
> - added PACKAGECONFIGs for av1 support, gamepad and sandboxing - cmake tries
> to find where bwrap and xdg-dbus-proxy are located on target and reads the
> path from ${STAGING_BINDIR_NATIVE}. This breaks reproducibility and runtime.
> Fix by adding the needed paths manually. - ccache seems to be working well
> now. Enable by default. It significantly improves buildtime on rebuilds. -
> webkit 2.39.91 removed WebKitJavascriptResult in favor of using JSCValue
> directly in GTK4 API. Some files needed adjustment after that. I've created a
> patch for it and marked it pending for now. Still need to find the place
> where this should be sent to. - webkitgtk can be built with both, gtk+3 and
> gtk4 but it cant be built with support for both at once. there are still some
> packages that require the gtk3 variant, nameably surf, gnome-online-accounts
> and wxwidgets while ephiphany for example has a hard dependency on webkitgtk
> built with gtk4. This is why we need to provide recipes for both variants. If
> built with gtk+3 webkitgtk provides the 4.0 api, if built with gtk4 it'll
> provide the 6.0 api. The only conflicting file between those two is the
> WebKitWebDriver binary. This was renamed for the gtk3 variant so both
> variants can be installed into the same image. - update dependencies -
> wpebackend-fdo: update Signed-off-by: Markus Volk ---
> ...spection.cmake-prefix-variables-obta.patch | 0
> ...ter-remove-of-WebKitJavascriptResult.patch | 53
> .../reproducibility.patch | 0 .../webkit/webkitgtk-4_2.39.91.bb | 168
> ++ ...44e17d258106617b0e6d783d073b188a2548.patch | 296
> -- ...bb461f040b90453bc4e100dcf967243ecd98.patch | 30 --
> ...bkitgtk_2.38.5.bb => webkitgtk_2.39.91.bb} | 70 +++-- ...fdo_1.14.0.bb =>
> wpebackend-fdo_1.14.1.bb} | 2 +- 8 files changed, 258 insertions(+), 361
> deletions(-) rename meta/recipes-sato/webkit/{webkitgtk =>
> files}/0001-FindGObjectIntrospection.cmake-prefix-variables-obta.patch (100%)
> create mode 100644
> meta/recipes-sato/webkit/files/0001-fix-after-remove-of-WebKitJavascriptResult.patch
> rename meta/recipes-sato/webkit/{webkitgtk => files}/reproducibility.patch
> (100%) create mode 100644 meta/recipes-sato/webkit/webkitgtk-4_2.39.91.bb
> delete mode 100644
> meta/recipes-sato/webkit/webkitgtk/0d3344e17d258106617b0e6d783d073b188a2548.patch
> delete mode 100644
> meta/recipes-sato/webkit/webkitgtk/d318bb461f040b90453bc4e100dcf967243ecd98.patch
> rename meta/recipes-sato/webkit/{webkitgtk_2.38.5.bb =>
> webkitgtk_2.39.91.bb} (75%) rename
> meta/recipes-sato/webkit/{wpebackend-fdo_1.14.0.bb =>
> wpebackend-fdo_1.14.1.bb} (90%) diff --git
> a/meta/recipes-sato/webkit/webkitgtk/0001-FindGObjectIntrospection.cmake-prefix-variables-obta.patch
>
> b/meta/recipes-sato/webkit/files/0001-FindGObjectIntrospection.cmake-prefix-variables-obta.patch
> similarity index 100% rename from
> meta/recipes-sato/webkit/webkitgtk/0001-FindGObjectIntrospection.cmake-prefix-variables-obta.patch
> rename to
> meta/recipes-sato/webkit/files/0001-FindGObjectIntrospection.cmake-prefix-variables-obta.patch
> diff --git
> a/meta/recipes-sato/webkit/files/0001-fix-after-remove-of-WebKitJavascriptResult.patch
>
> b/meta/recipes-sato/webkit/files/0001-fix-after-remove-of-WebKitJavascriptResult.patch
> new file mode 100644 index 00..d22d47c94a --- /dev/null +++
> b/meta/recipes-sato/webkit/files/0001-fix-after-remove-of-WebKitJavascriptResult.patch
> @@ -0,0 +1,53 @@ +Upstream-Status: Pending + +---
> a/Source/WebKit/UIProcess/API/glib/WebKitWebView.h.in 2023-03-09
> 16:12:15.019122873 +0100
> b/Source/WebKit/UIProcess/API/glib/WebKitWebView.h.in 2023-03-09
> 16:14:54.879735391 +0100 +@@ -36,7 +36,6 @@ + #include
> <@API_INCLUDE_PREFIX@/WebKitFormSubmissionRequest.h> + #include
> <@API_INCLUDE_PREFIX@/WebKitHitTestResult.h> + #include
> <@API_INCLUDE_PREFIX@/WebKitInputMethodContext.h> +-#include
> <@API_INCLUDE_PREFIX@/WebKitJavascriptResult.h> + #include
> <@API_INCLUDE_PREFIX@/WebKitNavigationAction.h> + #include
> <@API_INCLUDE_PREFIX@/WebKitNotification.h> + #include
> <@API_INCLUDE_PREFIX@/WebKitOptionMenu.h> +@@ -58,6 +57,10 @@ + #include
> <@API_INCLUDE_PREFIX@/WebKitNetworkSession.h> + #endif + ++#if
> !ENABLE(2022_GLIB_API) ++#include
> <@API_INCLUDE_PREFIX@/WebKitJavascriptResult.h> ++#endif ++ + #if
> PLATFORM(GTK) + #if !ENABLE(2022_GLIB_API) + #include
> +---
> a/Source/WebKit/UIProcess/API/glib/WebKitAutocleanups.h.in 2023-03-09
> 16:24:31.886464831 +0100
> b/Source/WebKit
[OE-core] [PATCH] systemd.bbclass: Add /usr/lib/systemd to searchpaths as well
Some packages like lirc places its unit files into $systemd_user_unitdir
and also uses them in SYSTEMD_SERVICE list in recipe. This fails in
do_package
ERROR: Didn't find service unit 'lircmd.service', specified in
SYSTEMD_SERVICE:lirc.
here lircmd.service is installed in /usr/lib/systemd/system/lircmd.service
Signed-off-by: Khem Raj
---
meta/classes-recipe/systemd.bbclass | 1 +
1 file changed, 1 insertion(+)
diff --git a/meta/classes-recipe/systemd.bbclass
b/meta/classes-recipe/systemd.bbclass
index f9c92e6c2a..9a16babe43 100644
--- a/meta/classes-recipe/systemd.bbclass
+++ b/meta/classes-recipe/systemd.bbclass
@@ -152,6 +152,7 @@ python systemd_populate_packages() {
def systemd_check_services():
searchpaths = [oe.path.join(d.getVar("sysconfdir"), "systemd",
"system"),]
searchpaths.append(d.getVar("systemd_system_unitdir"))
+searchpaths.append(d.getVar("systemd_user_unitdir"))
systemd_packages = d.getVar('SYSTEMD_PACKAGES')
keys = 'Also'
--
2.39.2
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#178323):
https://lists.openembedded.org/g/openembedded-core/message/178323
Mute This Topic: https://lists.openembedded.org/mt/97516449/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH] valgrind: Disable drd/tests/bar_bad ptest
Ok, I'll bite. Should we just drop valgrind from ptests? It's by far, the most brittle, finicky ptest we have, and doesn't seem to expose actual issues, instead just giving everyone a never ending stream of intermittent failures or tests that won't work on anything except x86 configured in a particular way. Alex On Thu, 9 Mar 2023 at 22:23, Randy MacLeod wrote: > > This is failing intermettently in the YP autobuilder > so disable it until we can fix the root cause. > > [YOCTO #14311] > > Signed-off-by: Randy MacLeod > --- > meta/recipes-devtools/valgrind/valgrind/remove-for-all | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/meta/recipes-devtools/valgrind/valgrind/remove-for-all > b/meta/recipes-devtools/valgrind/valgrind/remove-for-all > index 5d1e7ed102..e26088f3b1 100644 > --- a/meta/recipes-devtools/valgrind/valgrind/remove-for-all > +++ b/meta/recipes-devtools/valgrind/valgrind/remove-for-all > @@ -3,6 +3,7 @@ gdbserver_tests/hginfo > memcheck/tests/supp_unknown > helgrind/tests/tls_threads > helgrind/tests/pth_mempcpy_false_races > +drd/tests/bar_bad > drd/tests/bar_bad_xml > drd/tests/pth_barrier_thr_cr > drd/tests/std_thread2 > -- > 2.34.1 > > > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#178322): https://lists.openembedded.org/g/openembedded-core/message/178322 Mute This Topic: https://lists.openembedded.org/mt/97506606/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell][PATCH 2/2] curl: whitelists CVE-2022-42915, CVE-2022-42916 and CVE-2022-43551
All mentioned CVEs are related to HSTS check feature, which is not
implemented in version 7.69.1 .
Signed-off-by: Andrej Valek
---
meta/recipes-support/curl/curl_7.69.1.bb | 3 +++
1 file changed, 3 insertions(+)
diff --git a/meta/recipes-support/curl/curl_7.69.1.bb
b/meta/recipes-support/curl/curl_7.69.1.bb
index 899daf8eac..ea36c0bd3d 100644
--- a/meta/recipes-support/curl/curl_7.69.1.bb
+++ b/meta/recipes-support/curl/curl_7.69.1.bb
@@ -56,6 +56,9 @@ CVE_CHECK_WHITELIST = "CVE-2021-22922 CVE-2021-22923
CVE-2021-22926 CVE-2021-229
# This CVE issue affects Windows only Hence whitelisting this CVE
CVE_CHECK_WHITELIST += "CVE-2021-22897"
+# HSTS check feature is not implemented
+CVE_CHECK_WHITELIST += "CVE-2022-42915 CVE-2022-42916 CVE-2022-43551"
+
inherit autotools pkgconfig binconfig multilib_header
PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} gnutls
libidn proxy threaded-resolver verbose zlib"
--
2.39.2
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#178321):
https://lists.openembedded.org/g/openembedded-core/message/178321
Mute This Topic: https://lists.openembedded.org/mt/97516349/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell][PATCH 1/2] curl: Fix CVE CVE-2022-43552
https://curl.se/docs/CVE-2022-43552.html
Signed-off-by: Andrej Valek
---
.../curl/curl/CVE-2022-43552.patch| 79 +++
meta/recipes-support/curl/curl_7.69.1.bb | 1 +
2 files changed, 80 insertions(+)
create mode 100644 meta/recipes-support/curl/curl/CVE-2022-43552.patch
diff --git a/meta/recipes-support/curl/curl/CVE-2022-43552.patch
b/meta/recipes-support/curl/curl/CVE-2022-43552.patch
new file mode 100644
index 00..7dc7dfa5ae
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2022-43552.patch
@@ -0,0 +1,79 @@
+From 4f20188ac644afe174be6005ef4f6ffba232b8b2 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg
+Date: Mon, 19 Dec 2022 08:38:37 +0100
+Subject: [PATCH] smb/telnet: do not free the protocol struct in *_done()
+
+It is managed by the generic layer.
+
+Reported-by: Trail of Bits
+
+Closes #10112
+
+CVE: CVE-2022-43552
+Upstream-Status: Backport
[https://github.com/curl/curl/commit/4f20188ac644afe174be6005ef4f6ffba232b8b2]
+Signed-off-by: Ranjitsinh Rathod
+Signed-off-by: Andrej Valek
+
+---
+ lib/smb.c| 14 ++
+ lib/telnet.c | 3 ---
+ 2 files changed, 2 insertions(+), 15 deletions(-)
+
+diff --git a/lib/smb.c b/lib/smb.c
+index 2cfe041dff072..48d5a2fe006d5 100644
+--- a/lib/smb.c
b/lib/smb.c
+@@ -61,8 +61,6 @@ static CURLcode smb_connect(struct conne
+ static CURLcode smb_connection_state(struct connectdata *conn, bool *done);
+ static CURLcode smb_do(struct connectdata *conn, bool *done);
+ static CURLcode smb_request_state(struct connectdata *conn, bool *done);
+-static CURLcode smb_done(struct connectdata *conn, CURLcode status,
+- bool premature);
+ static CURLcode smb_disconnect(struct connectdata *conn, bool dead);
+ static int smb_getsock(struct connectdata *conn, curl_socket_t *socks);
+ static CURLcode smb_parse_url_path(struct connectdata *conn);
+@@ -74,7 +72,7 @@ const struct Curl_handler Curl_handler_s
+ "SMB",/* scheme */
+ smb_setup_connection, /* setup_connection */
+ smb_do, /* do_it */
+- smb_done, /* done */
++ ZERO_NULL,/* done */
+ ZERO_NULL,/* do_more */
+ smb_connect, /* connect_it */
+ smb_connection_state, /* connecting */
+@@ -99,7 +97,7 @@ const struct Curl_handler Curl_handler_s
+ "SMBS", /* scheme */
+ smb_setup_connection, /* setup_connection */
+ smb_do, /* do_it */
+- smb_done, /* done */
++ ZERO_NULL,/* done */
+ ZERO_NULL,/* do_more */
+ smb_connect, /* connect_it */
+ smb_connection_state, /* connecting */
+@@ -919,14 +917,6 @@ static CURLcode smb_request_state(struct
+ return CURLE_OK;
+ }
+
+-static CURLcode smb_done(struct connectdata *conn, CURLcode status,
+- bool premature)
+-{
+- (void) premature;
+- Curl_safefree(conn->data->req.protop);
+- return status;
+-}
+-
+ static CURLcode smb_disconnect(struct connectdata *conn, bool dead)
+ {
+ struct smb_conn *smbc = &conn->proto.smbc;
+diff -Naurp curl-7.69.1.orig/lib/telnet.c curl-7.69.1/lib/telnet.c
+--- curl-7.69.1.orig/lib/telnet.c 2020-03-09 16:31:01.0 +0100
curl-7.69.1/lib/telnet.c 2023-03-10 10:35:27.978378949 +0100
+@@ -1290,8 +1290,6 @@ static CURLcode telnet_done(struct conne
+ curl_slist_free_all(tn->telnet_vars);
+ tn->telnet_vars = NULL;
+
+- Curl_safefree(conn->data->req.protop);
+-
+ return CURLE_OK;
+ }
+
\ No newline at end of file
diff --git a/meta/recipes-support/curl/curl_7.69.1.bb
b/meta/recipes-support/curl/curl_7.69.1.bb
index 63faae6296..899daf8eac 100644
--- a/meta/recipes-support/curl/curl_7.69.1.bb
+++ b/meta/recipes-support/curl/curl_7.69.1.bb
@@ -41,6 +41,7 @@ SRC_URI = "https://curl.haxx.se/download/curl-${PV}.tar.bz2 \
file://CVE-2022-35252.patch \
file://CVE-2022-32221.patch \
file://CVE-2022-35260.patch \
+ file://CVE-2022-43552.patch \
"
SRC_URI[md5sum] = "ec5fc263f898a3dfef08e805f1ecca42"
--
2.39.2
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#178320):
https://lists.openembedded.org/g/openembedded-core/message/178320
Mute This Topic: https://lists.openembedded.org/mt/97516348/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 4/4] python3-ninja: New recipe
Some python modules rely on "import ninja".
Only build and ship the python parts, and don't download and
build ninja from sources. Use the already built ninja instead.
The CMakeLists.txt file is a crippled copy from this ninja
python module's sources, removing almost everything, and
adding a dummy install target, so do_install() doesn't fail.
The python code is patched so ninja is used from PATH.
Signed-off-by: Zoltán Böszörményi
---
.../python/python3-ninja/CMakeLists.txt | 9 ++
.../python3-ninja/run-ninja-from-path.patch | 11 +++
.../python/python3-ninja_1.11.1.bb| 30 +++
3 files changed, 50 insertions(+)
create mode 100644 meta/recipes-devtools/python/python3-ninja/CMakeLists.txt
create mode 100644
meta/recipes-devtools/python/python3-ninja/run-ninja-from-path.patch
create mode 100644 meta/recipes-devtools/python/python3-ninja_1.11.1.bb
diff --git a/meta/recipes-devtools/python/python3-ninja/CMakeLists.txt
b/meta/recipes-devtools/python/python3-ninja/CMakeLists.txt
new file mode 100644
index 00..04fa451e72
--- /dev/null
+++ b/meta/recipes-devtools/python/python3-ninja/CMakeLists.txt
@@ -0,0 +1,9 @@
+cmake_minimum_required(VERSION 3.15)
+
+project(NinjaPythonDistributions)
+
+set(CMAKE_MODULE_PATH ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_MODULE_PATH})
+
+install(CODE "
+ message(STATUS \"Install ninja project\")
+")
diff --git
a/meta/recipes-devtools/python/python3-ninja/run-ninja-from-path.patch
b/meta/recipes-devtools/python/python3-ninja/run-ninja-from-path.patch
new file mode 100644
index 00..26bd037373
--- /dev/null
+++ b/meta/recipes-devtools/python/python3-ninja/run-ninja-from-path.patch
@@ -0,0 +1,11 @@
+--- ninja-1.11.1/src/ninja/__init__.py.old 2022-11-05 09:49:23.0
+0100
ninja-1.11.1/src/ninja/__init__.py 2023-03-10 09:45:13.452082888 +0100
+@@ -44,7 +44,7 @@
+
+
+ def _program(name, args):
+-return subprocess.call([os.path.join(BIN_DIR, name)] + args,
close_fds=False)
++return subprocess.call([name] + args, close_fds=False)
+
+
+ def ninja():
diff --git a/meta/recipes-devtools/python/python3-ninja_1.11.1.bb
b/meta/recipes-devtools/python/python3-ninja_1.11.1.bb
new file mode 100644
index 00..64f5c5c32b
--- /dev/null
+++ b/meta/recipes-devtools/python/python3-ninja_1.11.1.bb
@@ -0,0 +1,30 @@
+SUMMARY = "Ninja is a small build system with a focus on speed"
+LICENSE = "Apache-2.0"
+LIC_FILES_CHKSUM =
"file://LICENSE_Apache_20;md5=19cbd64715b51267a47bf3750cc6a8a5"
+
+DEPENDS = "ninja-native cmake-native python3-scikit-build-native"
+
+PYPI_PACKAGE = "ninja"
+
+inherit pypi python_setuptools_build_meta
+SRC_URI[sha256sum] =
"c833a47d39b2d1eee3f9ca886fa1581efd5be6068b82734ac229961ee8748f90"
+
+SRC_URI += " \
+ file://CMakeLists.txt \
+ file://run-ninja-from-path.patch \
+"
+
+addtask do_patchbuild after do_patch before do_configure
+
+do_patchbuild () {
+ rm -f ${S}/CMakeLists.txt
+ cp ${WORKDIR}/CMakeLists.txt ${S}/
+}
+
+do_install:append () {
+ rm -rf ${D}${bindir}
+}
+
+RDEPENDS:${PN} = "ninja"
+
+BBCLASSEXTEND = "native nativesdk"
--
2.39.2
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#178319):
https://lists.openembedded.org/g/openembedded-core/message/178319
Mute This Topic: https://lists.openembedded.org/mt/97516347/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 3/4] python3-cmake: New recipe
Some python modules rely on "import cmake".
Only build and ship the python parts, and don't download and
build cmake from sources. Use the already built cmake instead.
The CMakeLists.txt file is a crippled copy from this cmake
python module's sources, removing almost everything, and
adding a dummy install target, so do_install() doesn't fail.
The python code is patched so cmake is used from PATH.
Signed-off-by: Zoltán Böszörményi
---
.../python/python3-cmake/CMakeLists.txt | 11 +++
.../python3-cmake/run-cmake-from-path.patch | 11 +++
.../python/python3-cmake_3.25.2.bb| 33 +++
3 files changed, 55 insertions(+)
create mode 100644 meta/recipes-devtools/python/python3-cmake/CMakeLists.txt
create mode 100644
meta/recipes-devtools/python/python3-cmake/run-cmake-from-path.patch
create mode 100644 meta/recipes-devtools/python/python3-cmake_3.25.2.bb
diff --git a/meta/recipes-devtools/python/python3-cmake/CMakeLists.txt
b/meta/recipes-devtools/python/python3-cmake/CMakeLists.txt
new file mode 100644
index 00..8ba81970ff
--- /dev/null
+++ b/meta/recipes-devtools/python/python3-cmake/CMakeLists.txt
@@ -0,0 +1,11 @@
+cmake_minimum_required(VERSION 3.6)
+
+#
+# For more details, see docs/building.rst
+#
+
+project(CMakePythonDistributions NONE)
+
+install(CODE "
+ message(STATUS \"Install CMake project\")
+")
diff --git
a/meta/recipes-devtools/python/python3-cmake/run-cmake-from-path.patch
b/meta/recipes-devtools/python/python3-cmake/run-cmake-from-path.patch
new file mode 100644
index 00..5c38fadce0
--- /dev/null
+++ b/meta/recipes-devtools/python/python3-cmake/run-cmake-from-path.patch
@@ -0,0 +1,11 @@
+--- cmake-3.25.2/src/cmake/__init__.py.old 2023-03-10 09:40:43.582315753
+0100
cmake-3.25.2/src/cmake/__init__.py 2023-03-10 09:41:38.030874047 +0100
+@@ -36,7 +36,7 @@
+
+
+ def _program(name, args):
+-return subprocess.call([os.path.join(CMAKE_BIN_DIR, name)] + args,
close_fds=False)
++return subprocess.call([name] + args, close_fds=False)
+
+
+ def cmake():
diff --git a/meta/recipes-devtools/python/python3-cmake_3.25.2.bb
b/meta/recipes-devtools/python/python3-cmake_3.25.2.bb
new file mode 100644
index 00..e843293d68
--- /dev/null
+++ b/meta/recipes-devtools/python/python3-cmake_3.25.2.bb
@@ -0,0 +1,33 @@
+SUMMARY = "CMake is an open-source, cross-platform family of tools designed to
build, test and package software"
+LICENSE = "BSD-3-Clause & Apache-2.0"
+LIC_FILES_CHKSUM = " \
+ file://LICENSE_BSD_3;md5=9134cb61aebbdd79dd826ccb9ae6afcd \
+ file://LICENSE_Apache_20;md5=19cbd64715b51267a47bf3750cc6a8a5 \
+"
+
+DEPENDS = "ninja-native cmake-native python3-scikit-build-native"
+
+PYPI_PACKAGE = "cmake"
+
+inherit pypi python_setuptools_build_meta
+SRC_URI[sha256sum] =
"bcf9f0369743278ec26961542b31ed1610e6f4cfc20c00a3f1c61985abb3b0d2"
+
+SRC_URI += " \
+ file://CMakeLists.txt \
+ file://run-cmake-from-path.patch \
+"
+
+addtask do_patchbuild after do_patch before do_configure
+
+do_patchbuild () {
+ rm -f ${S}/CMakeLists.txt
+ cp ${WORKDIR}/CMakeLists.txt ${S}/
+}
+
+do_install:append () {
+ rm -rf ${D}${bindir}
+}
+
+RDEPENDS:${PN} = "cmake"
+
+BBCLASSEXTEND = "native nativesdk"
--
2.39.2
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#178318):
https://lists.openembedded.org/g/openembedded-core/message/178318
Mute This Topic: https://lists.openembedded.org/mt/97516346/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 2/4] python3-scikit-build: New recipe
Used by python3-cmake and python3-ninja.
Signed-off-by: Zoltán Böszörményi
---
.../python/python3-scikit-build_0.16.7.bb | 21 +++
1 file changed, 21 insertions(+)
create mode 100644 meta/recipes-devtools/python/python3-scikit-build_0.16.7.bb
diff --git a/meta/recipes-devtools/python/python3-scikit-build_0.16.7.bb
b/meta/recipes-devtools/python/python3-scikit-build_0.16.7.bb
new file mode 100644
index 00..c033c56bad
--- /dev/null
+++ b/meta/recipes-devtools/python/python3-scikit-build_0.16.7.bb
@@ -0,0 +1,21 @@
+SUMMARY = "Improved build system generator for Python C/C++/Fortran/Cython
extensions"
+LICENSE = "MIT & BSD-2-Clause"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=7c96d2b08b3cec6d3c67fb864d1fd8cc"
+
+DEPENDS = "python3-setuptools-scm-native"
+
+PYPI_PACKAGE = "scikit-build"
+
+inherit pypi python_setuptools_build_meta
+SRC_URI[sha256sum] =
"a9b9cc7479b71e6c8d434596dfade025253aae23adb22a9a2d85850fd51cecfd"
+
+RDEPENDS:${PN} = " \
+ python3-distro \
+ python3-packaging \
+ python3-setuptools \
+ python3-typing-extensions \
+ python3-wheel \
+ cmake \
+"
+
+BBCLASSEXTEND = "native nativesdk"
--
2.39.2
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#178317):
https://lists.openembedded.org/g/openembedded-core/message/178317
Mute This Topic: https://lists.openembedded.org/mt/97516345/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 1/4] cmake, cmake-native: Modify download filename
So it won't clash with python3-cmake's download filename
from pypi.org which obviously has a diffferent checksum.
Signed-off-by: Zoltán Böszörményi
---
meta/recipes-devtools/cmake/cmake.inc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-devtools/cmake/cmake.inc
b/meta/recipes-devtools/cmake/cmake.inc
index b7e674c4c4..9005255a23 100644
--- a/meta/recipes-devtools/cmake/cmake.inc
+++ b/meta/recipes-devtools/cmake/cmake.inc
@@ -16,7 +16,7 @@ LIC_FILES_CHKSUM =
"file://Copyright.txt;md5=09069e0fffe4e5eaf6dde04c3b1932e5 \
CMAKE_MAJOR_VERSION = "${@'.'.join(d.getVar('PV').split('.')[0:2])}"
-SRC_URI = "https://cmake.org/files/v${CMAKE_MAJOR_VERSION}/cmake-${PV}.tar.gz \
+SRC_URI =
"https://cmake.org/files/v${CMAKE_MAJOR_VERSION}/cmake-${PV}.tar.gz;downloadfilename=cmake-src-${PV}.tar.gz
\
"
SRC_URI[sha256sum] =
"c026f22cb931dd532f648f087d587f07a1843c6e66a3dfca4fb0ea21944ed33c"
--
2.39.2
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#178316):
https://lists.openembedded.org/g/openembedded-core/message/178316
Mute This Topic: https://lists.openembedded.org/mt/97516344/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [RFC] Add new python modules for building others
Some python modules use "import skbuild", "import cmake" or "import ninja" during their builds. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#178315): https://lists.openembedded.org/g/openembedded-core/message/178315 Mute This Topic: https://lists.openembedded.org/mt/97516343/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell][PATCH] harfbuzz: Security fix for CVE-2023-25193
From: Siddharth Doshi
Upstream-Status: Backport from
[https://github.com/harfbuzz/harfbuzz/commit/8708b9e081192786c027bb7f5f23d76dbe5c19e8]
Signed-off-by: Siddharth Doshi
---
.../harfbuzz/CVE-2023-25193-pre0.patch| 335 ++
.../harfbuzz/CVE-2023-25193-pre1.patch| 135 +++
.../harfbuzz/harfbuzz/CVE-2023-25193.patch| 179 ++
.../harfbuzz/harfbuzz_2.6.4.bb| 5 +-
4 files changed, 653 insertions(+), 1 deletion(-)
create mode 100644
meta/recipes-graphics/harfbuzz/harfbuzz/CVE-2023-25193-pre0.patch
create mode 100644
meta/recipes-graphics/harfbuzz/harfbuzz/CVE-2023-25193-pre1.patch
create mode 100644 meta/recipes-graphics/harfbuzz/harfbuzz/CVE-2023-25193.patch
diff --git a/meta/recipes-graphics/harfbuzz/harfbuzz/CVE-2023-25193-pre0.patch
b/meta/recipes-graphics/harfbuzz/harfbuzz/CVE-2023-25193-pre0.patch
new file mode 100644
index 00..90d4cfefb4
--- /dev/null
+++ b/meta/recipes-graphics/harfbuzz/harfbuzz/CVE-2023-25193-pre0.patch
@@ -0,0 +1,335 @@
+From 3122c2cdc45a964efedad8953a2df67205c3e3a8 Mon Sep 17 00:00:00 2001
+From: Behdad Esfahbod
+Date: Sat, 4 Dec 2021 19:50:33 -0800
+Subject: [PATCH] [buffer] Add HB_GLYPH_FLAG_UNSAFE_TO_CONCAT
+
+Fixes https://github.com/harfbuzz/harfbuzz/issues/1463
+Upstream-Status: Backport from
[https://github.com/harfbuzz/harfbuzz/commit/3122c2cdc45a964efedad8953a2df67205c3e3a8]
+Comment1: To backport the fix for CVE-2023-25193, add defination for
HB_GLYPH_FLAG_UNSAFE_TO_CONCAT. This patch is needed along with
CVE-2023-25193-pre1.patch for sucessfull porting.
+Signed-off-by: Siddharth Doshi
+---
+ src/hb-buffer.cc | 10 ++---
+ src/hb-buffer.h | 76 ++--
+ src/hb-buffer.hh | 33 ++--
+ src/hb-ot-layout-gsubgpos.hh | 39 +++---
+ src/hb-ot-shape.cc | 8 +---
+ 5 files changed, 124 insertions(+), 42 deletions(-)
+
+diff --git a/src/hb-buffer.cc b/src/hb-buffer.cc
+index 6131c86..bba5eae 100644
+--- a/src/hb-buffer.cc
b/src/hb-buffer.cc
+@@ -610,14 +610,14 @@ done:
+ }
+
+ void
+-hb_buffer_t::unsafe_to_break_impl (unsigned int start, unsigned int end)
++hb_buffer_t::unsafe_to_break_impl (unsigned int start, unsigned int end,
hb_mask_t mask)
+ {
+ unsigned int cluster = (unsigned int) -1;
+ cluster = _unsafe_to_break_find_min_cluster (info, start, end, cluster);
+- _unsafe_to_break_set_mask (info, start, end, cluster);
++ _unsafe_to_break_set_mask (info, start, end, cluster, mask);
+ }
+ void
+-hb_buffer_t::unsafe_to_break_from_outbuffer (unsigned int start, unsigned int
end)
++hb_buffer_t::unsafe_to_break_from_outbuffer (unsigned int start, unsigned int
end, hb_mask_t mask)
+ {
+ if (!have_output)
+ {
+@@ -631,8 +631,8 @@ hb_buffer_t::unsafe_to_break_from_outbuffer (unsigned int
start, unsigned int en
+ unsigned int cluster = (unsigned int) -1;
+ cluster = _unsafe_to_break_find_min_cluster (out_info, start, out_len,
cluster);
+ cluster = _unsafe_to_break_find_min_cluster (info, idx, end, cluster);
+- _unsafe_to_break_set_mask (out_info, start, out_len, cluster);
+- _unsafe_to_break_set_mask (info, idx, end, cluster);
++ _unsafe_to_break_set_mask (out_info, start, out_len, cluster, mask);
++ _unsafe_to_break_set_mask (info, idx, end, cluster, mask);
+ }
+
+ void
+diff --git a/src/hb-buffer.h b/src/hb-buffer.h
+index d5cb746..42dc92a 100644
+--- a/src/hb-buffer.h
b/src/hb-buffer.h
+@@ -77,26 +77,76 @@ typedef struct hb_glyph_info_t
+ * @HB_GLYPH_FLAG_UNSAFE_TO_BREAK: Indicates that if input text is broken at
the
+ * beginning of the cluster this glyph is part
of,
+ * then both sides need to be re-shaped, as the
+- * result might be different. On the flip side,
+- * it means that when this flag is not present,
+- * then it's safe to break the glyph-run at the
+- * beginning of this cluster, and the two sides
+- * represent the exact same result one would get
+- * if breaking input text at the beginning of
+- * this cluster and shaping the two sides
+- * separately. This can be used to optimize
+- * paragraph layout, by avoiding re-shaping
+- * of each line after line-breaking, or limiting
+- * the reshaping to a small piece around the
+- * breaking point only.
++ * result might be different.
++ *
++ * On the flip side, it means that when this
++ * flag is not present, then it is safe to break
++ * the glyph-run at the beginnin
Re: [OE-core] python3-ninja to speed up cmake builds of python modules
2023. 03. 08. 13:40 keltezéssel, Ross Burton írta: On 8 Mar 2023, at 12:32, Böszörményi Zoltán wrote: The code in pytorch does "import ninja" conditionally, so it expects it as a python module. Also, this specific package and anything that uses pytorch for its build (like torchvision) complains about the same. That would be: https://pypi.org/project/ninja/ https://github.com/scikit-build/ninja-python-distributions Which is a bit icky. We have a ninja binary already, I wonder if we can build just the python pieces there. Is there a way to distinguish between the download files for cmake vs python3-cmake ninja vs python3-ninja ? The file names from pypi.org are exactly the same as the source downloads of cmake and ninja of the same versions but obviously with different checksums. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#178313): https://lists.openembedded.org/g/openembedded-core/message/178313 Mute This Topic: https://lists.openembedded.org/mt/97450739/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [kirkstone][dunfell] CVE-2023-25193 fix request
The Backport was a bit tricky but i feel its done. I have submitted for kirkstone branch and the all the tests passed on my end. Will be submitting it for dunfell soon too. Let me know incase if the problem still persists. If it passes, i am happy to help :) Regards, Siddharth -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#178312): https://lists.openembedded.org/g/openembedded-core/message/178312 Mute This Topic: https://lists.openembedded.org/mt/97514967/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone][PATCH] harfbuzz: Security fix for CVE-2023-25193
From: Siddharth Doshi
Upstream-Status: Backport from
[https://github.com/harfbuzz/harfbuzz/commit/8708b9e081192786c027bb7f5f23d76dbe5c19e8]
Signed-off-by: Siddharth Doshi
---
.../harfbuzz/CVE-2023-25193-pre1.patch| 135 +
.../harfbuzz/harfbuzz/CVE-2023-25193.patch| 185 ++
.../harfbuzz/harfbuzz_4.0.1.bb| 4 +-
3 files changed, 323 insertions(+), 1 deletion(-)
create mode 100644
meta/recipes-graphics/harfbuzz/harfbuzz/CVE-2023-25193-pre1.patch
create mode 100644 meta/recipes-graphics/harfbuzz/harfbuzz/CVE-2023-25193.patch
diff --git a/meta/recipes-graphics/harfbuzz/harfbuzz/CVE-2023-25193-pre1.patch
b/meta/recipes-graphics/harfbuzz/harfbuzz/CVE-2023-25193-pre1.patch
new file mode 100644
index 00..6721b1bd70
--- /dev/null
+++ b/meta/recipes-graphics/harfbuzz/harfbuzz/CVE-2023-25193-pre1.patch
@@ -0,0 +1,135 @@
+From b29fbd16fa82b82bdf0dcb2f13a63f7dc23cf324 Mon Sep 17 00:00:00 2001
+From: Behdad Esfahbod
+Date: Mon, 6 Feb 2023 13:08:52 -0700
+Subject: [PATCH] [gsubgpos] Refactor skippy_iter.match()
+
+Upstream-Status: Backport from
[https://github.com/harfbuzz/harfbuzz/commit/b29fbd16fa82b82bdf0dcb2f13a63f7dc23cf324]
+Comment1: To backport the fix for CVE-2023-25193, add defination for MATCH,
NOT_MATCH and SKIP.
+Signed-off-by: Siddharth
+---
+ src/hb-ot-layout-gsubgpos.hh | 94 +---
+ 1 file changed, 54 insertions(+), 40 deletions(-)
+
+diff --git a/src/hb-ot-layout-gsubgpos.hh b/src/hb-ot-layout-gsubgpos.hh
+index d9a068c..d17a4da 100644
+--- a/src/hb-ot-layout-gsubgpos.hh
b/src/hb-ot-layout-gsubgpos.hh
+@@ -522,33 +522,52 @@ struct hb_ot_apply_context_t :
+ may_skip (const hb_glyph_info_t &info) const
+ { return matcher.may_skip (c, info); }
+
++enum match_t {
++ MATCH,
++ NOT_MATCH,
++ SKIP
++};
++
++match_t match (hb_glyph_info_t &info)
++{
++ matcher_t::may_skip_t skip = matcher.may_skip (c, info);
++ if (unlikely (skip == matcher_t::SKIP_YES))
++ return SKIP;
++
++ matcher_t::may_match_t match = matcher.may_match (info,
match_glyph_data);
++ if (match == matcher_t::MATCH_YES ||
++(match == matcher_t::MATCH_MAYBE &&
++ skip == matcher_t::SKIP_NO))
++ return MATCH;
++
++ if (skip == matcher_t::SKIP_NO)
++return NOT_MATCH;
++
++ return SKIP;
++ }
++
+ bool next (unsigned *unsafe_to = nullptr)
+ {
+ assert (num_items > 0);
+ while (idx + num_items < end)
+ {
+ idx++;
+- const hb_glyph_info_t &info = c->buffer->info[idx];
+-
+- matcher_t::may_skip_t skip = matcher.may_skip (c, info);
+- if (unlikely (skip == matcher_t::SKIP_YES))
+-continue;
+-
+- matcher_t::may_match_t match = matcher.may_match (info,
match_glyph_data);
+- if (match == matcher_t::MATCH_YES ||
+- (match == matcher_t::MATCH_MAYBE &&
+- skip == matcher_t::SKIP_NO))
+- {
+-num_items--;
+-if (match_glyph_data) match_glyph_data++;
+-return true;
+- }
+-
+- if (skip == matcher_t::SKIP_NO)
++ switch (match (c->buffer->info[idx]))
+ {
+-if (unsafe_to)
+- *unsafe_to = idx + 1;
+-return false;
++case MATCH:
++{
++ num_items--;
++ if (match_glyph_data) match_glyph_data++;
++ return true;
++}
++case NOT_MATCH:
++{
++ if (unsafe_to)
++*unsafe_to = idx + 1;
++ return false;
++}
++case SKIP:
++ continue;
+ }
+ }
+ if (unsafe_to)
+@@ -561,27 +580,22 @@ struct hb_ot_apply_context_t :
+ while (idx > num_items - 1)
+ {
+ idx--;
+- const hb_glyph_info_t &info = c->buffer->out_info[idx];
+-
+- matcher_t::may_skip_t skip = matcher.may_skip (c, info);
+- if (unlikely (skip == matcher_t::SKIP_YES))
+-continue;
+-
+- matcher_t::may_match_t match = matcher.may_match (info,
match_glyph_data);
+- if (match == matcher_t::MATCH_YES ||
+- (match == matcher_t::MATCH_MAYBE &&
+- skip == matcher_t::SKIP_NO))
+- {
+-num_items--;
+-if (match_glyph_data) match_glyph_data++;
+-return true;
+- }
+-
+- if (skip == matcher_t::SKIP_NO)
++ switch (match (c->buffer->out_info[idx]))
+ {
+-if (unsafe_from)
+- *unsafe_from = hb_max (1u, idx) - 1u;
+-return false;
++case MATCH:
++{
++ num_items--;
++ if (match_glyph_data) match_glyph_data++;
++ return true;
++}
++case NOT_MATCH:
++{
++ if (unsafe_from)
++*unsafe_from = hb_max (1u, idx) - 1u;
++ return false;
++}
++case SKIP:
++ continue;
+ }
+ }
+ if (unsafe_from)
+--
+2.25.1
+
diff --git a/meta/recipes-graphics/harfbuzz/harfbuzz/CVE-2023-25193
Re: [OE-core][langdale 06/27] cve-extra-exclusions: ignore inapplicable linux-yocto CVEs
Le jeu. 9 mars 2023 à 23:58, Steve Sakoman a écrit : > > From: Geoffrey GIRY > > Multiple CVE are patched in kernel but appears as active because the NVD > database is not up to date. > > CVE are ignored if and only if all versions of kernel used by master are > patched. > > Also ignore CVEs with wrong CPE (applied to kernel but actually are for > another package) > > Signed-off-by: Geoffrey GIRY > Reviewed-by: Yoann Congal > Signed-off-by: Richard Purdie > (cherry picked from commit 92770a08c04a6c1eb351231d937b16e76558f013) > Signed-off-by: Steve Sakoman > --- > .../distro/include/cve-extra-exclusions.inc | 296 ++ > 1 file changed, 296 insertions(+) > > diff --git a/meta/conf/distro/include/cve-extra-exclusions.inc > b/meta/conf/distro/include/cve-extra-exclusions.inc > index 8b5f8d49b8..a281a8ac65 100644 > --- a/meta/conf/distro/include/cve-extra-exclusions.inc > +++ b/meta/conf/distro/include/cve-extra-exclusions.inc > @@ -78,9 +78,34 @@ CVE_CHECK_IGNORE += "CVE-2018-126 CVE-2018-10840 > CVE-2018-10876 CVE-2018-108 > CVE_CHECK_IGNORE += "CVE-2019-10126 CVE-2019-14899 CVE-2019-18910 > CVE-2019-3016 CVE-2019-3819 CVE-2019-3846 CVE-2019-3887" > # 2020 > CVE_CHECK_IGNORE += "CVE-2020-10732 CVE-2020-10742 CVE-2020-16119 > CVE-2020-1749 CVE-2020-25672 CVE-2020-27820 CVE-2020-35501 CVE-2020-8834" > + > +# https://nvd.nist.gov/vuln/detail/CVE-2020-27784 > +# Introduced in version v4.1 b26394bd567e5ebe57ec4dee7fe6cd14023c96e9 > +# Patched in kernel since v5.10 > e8d5f92b8d30bb4ade76494490c3c065e12411b1 > +# Backported in version v5.4.73 > e9e791f5c39ab30e374a3b1a9c25ca7ff24988f3 > +CVE_CHECK_IGNORE += "CVE-2020-27784" > + > # 2021 > CVE_CHECK_IGNORE += "CVE-2021-20194 CVE-2021-20226 CVE-2021-20265 > CVE-2021-3564 CVE-2021-3743 CVE-2021-3847 CVE-2021-4002 \ > CVE-2021-4090 CVE-2021-4095 CVE-2021-4197 CVE-2021-4202 > CVE-2021-44879 CVE-2021-45402" > + > +# https://nvd.nist.gov/vuln/detail/CVE-2021-3669 > +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 > +# Patched in kernel since v5.15 20401d1058f3f841f35a594ac2fc1293710e55b9 > +CVE_CHECK_IGNORE += "CVE-2021-3669" > + > +# https://nvd.nist.gov/vuln/detail/CVE-2021-3759 > +# Introduced in version v4.5 a9bb7e620efdfd29b6d1c238041173e411670996 > +# Patched in kernel since v5.15 18319498fdd4cdf8c1c2c48cd432863b1f915d6f > +# Backported in version v5.4.224 bad83d55134e647a739ebef2082541963f2cbc92 > +# Backported in version v5.10.154 836686e1a01d7e2fda6a5a18252243ff30a6e196 > +CVE_CHECK_IGNORE += "CVE-2021-3759" > + > +# https://nvd.nist.gov/vuln/detail/CVE-2021-4218 > +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 > +# Patched in kernel since v5.8 32927393dc1ccd60fb2bdc05b9e8e88753761469 > +CVE_CHECK_IGNORE += "CVE-2021-4218" > + > # 2022 > CVE_CHECK_IGNORE += "CVE-2022-0185 CVE-2022-0264 CVE-2022-0286 CVE-2022-0330 > CVE-2022-0382 CVE-2022-0433 CVE-2022-0435 \ > CVE-2022-0492 CVE-2022-0494 CVE-2022-0500 CVE-2022-0516 > CVE-2022-0617 CVE-2022-0742 CVE-2022-0854 \ > @@ -90,6 +115,277 @@ CVE_CHECK_IGNORE += "CVE-2022-0185 CVE-2022-0264 > CVE-2022-0286 CVE-2022-0330 CVE > CVE-2022-28356 CVE-2022-28388 CVE-2022-28389 > CVE-2022-28390 CVE-2022-28796 CVE-2022-28893 CVE-2022-29156 \ > CVE-2022-29582 CVE-2022-29968" > > +# https://nvd.nist.gov/vuln/detail/CVE-2022-0480 > +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 > +# Patched in kernel since v5.15 0f12156dff2862ac54235fc72703f18770769042 > +CVE_CHECK_IGNORE += "CVE-2022-0480" > + > +# https://nvd.nist.gov/vuln/detail/CVE-2022-1184 > +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 > +# Patched in kernel since v5.19 46c116b920ebec58031f0a78c5ea9599b0d2a371 > +# Backported in version v5.4.198 17034d45ec443fb0e3c0e7297f9cd10f70446064 > +# Backported in version v5.10.121 da2f05919238c7bdc6e28c79539f55c8355408bb > +# Backported in version v5.15.46 ca17db384762be0ec38373a12460081d22a8b42d > +CVE_CHECK_IGNORE += "CVE-2022-1184" > + > +# https://nvd.nist.gov/vuln/detail/CVE-2022-1462 > +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 > +# Patched in kernel since v5.19 a501ab75e7624d133a5a3c7ec010687c8b961d23 > +# Backported in version v5.4.208 f7785092cb7f022f59ebdaa181651f7c877df132 > +# Backported in version v5.10.134 08afa87f58d83dfe040572ed591b47e8cb9e225c > +# Backported in version v5.15.58 b2d1e4cd558cffec6bfe318f5d74e6cffc374d29 > +CVE_CHECK_IGNORE += "CVE-2022-1462" > + > +# https://nvd.nist.gov/vuln/detail/CVE-2022-2308 > +# Introduced in version v5.15 c8a6153b6c59d95c0e091f053f6f180952ade91e > +# Patched in kernel since v6.0 46f8a29272e51b6df7393d58fc5cb8967397ef2b > +# Backported in version v5.15.72 dc248ddf41eab4566e95b1ee2433c8a5134ad94a > +# Backported in version v5.19.14 38d854c4a11c3bbf6a96ea46f14b282670c784ac > +CVE_CHECK_IGNORE += "CVE-
Re: [OE-core] [kirkstone][dunfell] CVE-2023-25193 fix request
Hi, One of my team member has worked on it and she will submit patch to upstream kirkstone in one or two days. Regards, Archana From: openembedded-core@lists.openembedded.org on behalf of DC via lists.openembedded.org Sent: Friday, March 10, 2023 12:59 PM To: openembedded-core@lists.openembedded.org Subject: [OE-core] [kirkstone][dunfell] CVE-2023-25193 fix request CAUTION: This email comes from a non Wind River email account! Do not click links or open attachments unless you recognize the sender and know the content is safe. Hi Team, We are working on CVE-2023-25193 for kirkstone and dunfell branch as it is causing errors in our applications. There have been previous threads pointing to the issues that backporting is difficult due to code changes and new files being added and there are no second thoughts for the same. Could you please suggest how can we proceed to fix it ? Version updates is out of scope due to various internal reasons. If anyone can help, it would be great help. Thanks, DC -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#178309): https://lists.openembedded.org/g/openembedded-core/message/178309 Mute This Topic: https://lists.openembedded.org/mt/97514967/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
