[OE-core][PATCH 1/4] zip: fix configure check by using _Static_assert
From: Chen Qi
It's incorrect to run a cross-compiled program on build machine
to check if some feature is available or not. As these two checks
in zip are basically just checking the size, we can use _Static_assert
and sizeof to do such check at compile time.
Signed-off-by: Chen Qi
---
...se-_Static_assert-to-do-correct-dete.patch | 96 +++
meta/recipes-extended/zip/zip_3.0.bb | 1 +
2 files changed, 97 insertions(+)
create mode 100644
meta/recipes-extended/zip/zip-3.0/0001-unix-configure-use-_Static_assert-to-do-correct-dete.patch
diff --git
a/meta/recipes-extended/zip/zip-3.0/0001-unix-configure-use-_Static_assert-to-do-correct-dete.patch
b/meta/recipes-extended/zip/zip-3.0/0001-unix-configure-use-_Static_assert-to-do-correct-dete.patch
new file mode 100644
index 00..106f246a7c
--- /dev/null
+++
b/meta/recipes-extended/zip/zip-3.0/0001-unix-configure-use-_Static_assert-to-do-correct-dete.patch
@@ -0,0 +1,96 @@
+From 9916fc6f1f93f3e092e3c6937c30dc8137c26d34 Mon Sep 17 00:00:00 2001
+From: Chen Qi
+Date: Thu, 15 Jun 2023 18:31:26 +0800
+Subject: [PATCH] unix/configure: use _Static_assert to do correct detection
+
+We're doing cross compilation, running a cross-compiled problem
+on host to detemine feature is not correct. Use _Static_assert
+to do the detection correctly.
+
+Upstream-Status: Inactive-Upstream
+
+Signed-off-by: Chen Qi
+---
+ unix/configure | 42 --
+ 1 file changed, 12 insertions(+), 30 deletions(-)
+
+diff --git a/unix/configure b/unix/configure
+index f2b3d02..f917086 100644
+--- a/unix/configure
b/unix/configure
+@@ -361,6 +361,10 @@ cat > conftest.c << _EOF_
+ #include
+ #include
+ #include
++
++_Static_assert(sizeof((struct stat){0}.st_uid) == 2, "sizeof st_uid is not 16
bit");
++_Static_assert(sizeof((struct stat){0}.st_gid) == 2, "sizeof st_gid is not 16
bit");
++
+ int main()
+ {
+ struct stat s;
+@@ -385,21 +389,7 @@ if [ $? -ne 0 ]; then
+ echo -- UID/GID test failed on compile - disabling old 16-bit UID/GID
support
+ CFLAGS="${CFLAGS} -DUIDGID_NOT_16BIT"
+ else
+-# run it
+- ./conftest
+- r=$?
+- if [ $r -eq 1 ]; then
+-echo -- UID not 2 bytes - disabling old 16-bit UID/GID support
+-CFLAGS="${CFLAGS} -DUIDGID_NOT_16BIT"
+- elif [ $r -eq 2 ]; then
+-echo -- GID not 2 bytes - disabling old 16-bit UID/GID support
+-CFLAGS="${CFLAGS} -DUIDGID_NOT_16BIT"
+- elif [ $r -eq 3 ]; then
+-echo -- 16-bit UIDs and GIDs - keeping old 16-bit UID/GID support
+- else
+-echo -- test failed - conftest returned $r - disabling old 16-bit UID/GID
support
+-CFLAGS="${CFLAGS} -DUIDGID_NOT_16BIT"
+- fi
++ echo -- 16-bit UIDs and GIDs - keeping old 16-bit UID/GID support
+ fi
+
+
+@@ -417,6 +407,10 @@ cat > conftest.c << _EOF_
+ #include
+ #include
+ #include
++
++_Static_assert(sizeof(off_t) < 8, "sizeof off_t < 8 failed");
++_Static_assert(sizeof((struct stat){0}.st_size) < 8, "sizeof st_size < 8
failed");
++
+ int main()
+ {
+ off_t offset;
+@@ -436,24 +430,12 @@ _EOF_
+ # compile it
+ $CC -o conftest conftest.c >/dev/null 2>/dev/null
+ if [ $? -ne 0 ]; then
+- echo -- no Large File Support
++ echo -- yes we have Large File Support!
++ CFLAGS="${CFLAGS} -DLARGE_FILE_SUPPORT"
+ else
+-# run it
+- ./conftest
+- r=$?
+- if [ $r -eq 1 ]; then
+-echo -- no Large File Support - no 64-bit off_t
+- elif [ $r -eq 2 ]; then
+-echo -- no Large File Support - no 64-bit stat
+- elif [ $r -eq 3 ]; then
+-echo -- yes we have Large File Support!
+-CFLAGS="${CFLAGS} -DLARGE_FILE_SUPPORT"
+- else
+-echo -- no Large File Support - conftest returned $r
+- fi
++ echo -- no Large File Support
+ fi
+
+-
+ # Check for wide char for Unicode support
+ # Added 11/24/2005 EG
+
+--
+2.34.1
+
diff --git a/meta/recipes-extended/zip/zip_3.0.bb
b/meta/recipes-extended/zip/zip_3.0.bb
index 1930a40140..802877285f 100644
--- a/meta/recipes-extended/zip/zip_3.0.bb
+++ b/meta/recipes-extended/zip/zip_3.0.bb
@@ -19,6 +19,7 @@ SRC_URI =
"${SOURCEFORGE_MIRROR}/infozip/Zip%203.x%20%28latest%29/3.0/zip30.tar.
file://0001-configure-Use-CFLAGS-and-LDFLAGS-when-doing-link-tes.patch \
file://0001-configure-Specify-correct-function-signatures-and-de.patch \
file://0002-unix.c-Do-not-redefine-DIR-as-FILE.patch \
+
file://0001-unix-configure-use-_Static_assert-to-do-correct-dete.patch \
"
UPSTREAM_VERSION_UNKNOWN = "1"
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#183088):
https://lists.openembedded.org/g/openembedded-core/message/183088
Mute This Topic: https://lists.openembedded.org/mt/99617721/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core][PATCH 4/4] unzip: remove hardcoded LARGE_FILE_SUPPORT
From: Chen Qi
Now that unzip's configure can correctly do the detection even in
case of cross compilation, there's no need to use this hardcoded
LARGE_FILE_SUPPORT flag.
Signed-off-by: Chen Qi
---
meta/recipes-extended/unzip/unzip_6.0.bb | 3 ---
1 file changed, 3 deletions(-)
diff --git a/meta/recipes-extended/unzip/unzip_6.0.bb
b/meta/recipes-extended/unzip/unzip_6.0.bb
index 391e5cd22a..3051e9b5bc 100644
--- a/meta/recipes-extended/unzip/unzip_6.0.bb
+++ b/meta/recipes-extended/unzip/unzip_6.0.bb
@@ -47,9 +47,6 @@ UPSTREAM_CHECK_REGEX = "unzip(?P(?!552).+)\.tgz"
S = "${WORKDIR}/unzip60"
-# Enable largefile support
-CFLAGS += "-DLARGE_FILE_SUPPORT"
-
# Makefile uses CF_NOOPT instead of CFLAGS. We lifted the values from
# Makefile and add CFLAGS. Optimization will be overriden by unzip
# configure to be -O3.
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#183087):
https://lists.openembedded.org/g/openembedded-core/message/183087
Mute This Topic: https://lists.openembedded.org/mt/99617720/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core][PATCH 3/4] unzip: fix configure check for cross compilation
From: Chen Qi
The original configure runs a generated binary to determine
features. This is not correct for cross compilation. So change
the runtime tests into compile-time tests to fix the issue.
Signed-off-by: Chen Qi
---
...-fix-detection-for-cross-compilation.patch | 103 ++
meta/recipes-extended/unzip/unzip_6.0.bb | 1 +
2 files changed, 104 insertions(+)
create mode 100644
meta/recipes-extended/unzip/unzip/0001-unix-configure-fix-detection-for-cross-compilation.patch
diff --git
a/meta/recipes-extended/unzip/unzip/0001-unix-configure-fix-detection-for-cross-compilation.patch
b/meta/recipes-extended/unzip/unzip/0001-unix-configure-fix-detection-for-cross-compilation.patch
new file mode 100644
index 00..2fa7f481b7
--- /dev/null
+++
b/meta/recipes-extended/unzip/unzip/0001-unix-configure-fix-detection-for-cross-compilation.patch
@@ -0,0 +1,103 @@
+From 5cbf901b5c3b6a7d1d0ed91b6df4194bb6d25a40 Mon Sep 17 00:00:00 2001
+From: Chen Qi
+Date: Thu, 15 Jun 2023 07:14:17 -0700
+Subject: [PATCH] unix/configure: fix detection for cross compilation
+
+We're doing cross compilation, running a cross-compiled problem
+on host to detemine feature is not correct. So we change runtime
+check into compile-time check to detect the features.
+
+Upstream-Status: Inactive-Upstream
+
+Signed-off-by: Chen Qi
+---
+ unix/configure | 44 +++-
+ 1 file changed, 15 insertions(+), 29 deletions(-)
+
+diff --git a/unix/configure b/unix/configure
+index 8fd82dd..68dee98 100755
+--- a/unix/configure
b/unix/configure
+@@ -259,6 +259,10 @@ cat > conftest.c << _EOF_
+ #include
+ #include
+ #include
++
++_Static_assert(sizeof(off_t) < 8, "sizeof off_t < 8 failed");
++_Static_assert(sizeof((struct stat){0}.st_size) < 8, "sizeof st_size < 8
failed");
++
+ int main()
+ {
+ off_t offset;
+@@ -278,21 +282,10 @@ _EOF_
+ # compile it
+ $CC $CFLAGS $LDFLAGS -o conftest conftest.c >/dev/null 2>/dev/null
+ if [ $? -ne 0 ]; then
+- echo -- no Large File Support
++ echo -- yes we have Large File Support!
++ CFLAGSR="${CFLAGSR} -DLARGE_FILE_SUPPORT"
+ else
+-# run it
+- ./conftest
+- r=$?
+- if [ $r -eq 1 ]; then
+-echo -- no Large File Support - no 64-bit off_t
+- elif [ $r -eq 2 ]; then
+-echo -- no Large File Support - no 64-bit stat
+- elif [ $r -eq 3 ]; then
+-echo -- yes we have Large File Support!
+-CFLAGSR="${CFLAGSR} -DLARGE_FILE_SUPPORT"
+- else
+-echo -- no Large File Support - conftest returned $r
+- fi
++ echo -- no Large File Support
+ fi
+
+ # Added 11/24/2005 EG
+@@ -302,6 +295,11 @@ cat > conftest.c << _EOF_
+ #include
+ #include
+ #include
++
++#ifndef __STDC_ISO_10646__
++#error "__STDC_ISO_10646__ not defined
++#endif
++
+ int main()
+ {
+ size_t wsize;
+@@ -327,19 +325,8 @@ if [ $? -ne 0 ]; then
+ echo "-- no Unicode (wchar_t) support"
+ else
+ # have wide char support
+-# run it
+- ./conftest
+- r=$?
+- if [ $r -eq 0 ]; then
+-echo -- no Unicode wchar_t support - wchar_t allocation error
+- elif [ $r -eq 1 ]; then
+-echo -- no Unicode support - wchar_t encoding unspecified
+- elif [ $r -eq 2 ]; then
+-echo -- have wchar_t with known UCS encoding - enabling Unicode support!
+-CFLAGSR="${CFLAGSR} -DUNICODE_SUPPORT -DUNICODE_WCHAR"
+- else
+-echo "-- no Unicode (wchar_t) support - conftest returned $r"
+- fi
++ echo -- have wchar_t with known UCS encoding - enabling Unicode support!
++ CFLAGSR="${CFLAGSR} -DUNICODE_SUPPORT -DUNICODE_WCHAR"
+ fi
+
+ echo "Check for setlocale support (needed for UNICODE Native check)"
+@@ -418,8 +405,7 @@ temp_link="link_$$"
+ echo "int main() { lchmod(\"${temp_file}\", 0666); }" \
+ ) > conftest.c
+ ln -s "${temp_link}" "${temp_file}" && \
+- $CC $BFLAG $LDFLAGS -o conftest conftest.c >/dev/null 2>/dev/null && \
+- ./conftest
++ $CC -Werror=implicit-function-declaration $BFLAG $LDFLAGS -o conftest
conftest.c >/dev/null
+ [ $? -ne 0 ] && CFLAGSR="${CFLAGSR} -DNO_LCHMOD"
+ rm -f "${temp_file}"
+
+--
+2.34.1
+
diff --git a/meta/recipes-extended/unzip/unzip_6.0.bb
b/meta/recipes-extended/unzip/unzip_6.0.bb
index a4d10c30aa..391e5cd22a 100644
--- a/meta/recipes-extended/unzip/unzip_6.0.bb
+++ b/meta/recipes-extended/unzip/unzip_6.0.bb
@@ -32,6 +32,7 @@ SRC_URI =
"${SOURCEFORGE_MIRROR}/infozip/UnZip%206.x%20%28latest%29/UnZip%206.0/
file://CVE-2022-0529.patch \
file://CVE-2022-0530.patch \
file://0001-configure-Add-correct-system-headers-and-prototypes-.patch
\
+file://0001-unix-configure-fix-detection-for-cross-compilation.patch \
"
UPSTREAM_VERSION_UNKNOWN = "1"
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#183089):
https://lists.openembedded.org/g/openembedded-core/message/183089
Mute This Topic: https://lists.openembedded.org/mt/99617722/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe:
[OE-core][PATCH 2/4] zip: remove unnecessary LARGE_FILE_SUPPORT CLFAGS
From: Chen Qi As the zip's configure has been updated to use compile-time check, it now can do the check correctly, thus no need to pass LARGE_FILE_SUPPORT to CFLAGS. Signed-off-by: Chen Qi --- meta/recipes-extended/zip/zip_3.0.bb | 3 --- 1 file changed, 3 deletions(-) diff --git a/meta/recipes-extended/zip/zip_3.0.bb b/meta/recipes-extended/zip/zip_3.0.bb index 802877285f..82153131b4 100644 --- a/meta/recipes-extended/zip/zip_3.0.bb +++ b/meta/recipes-extended/zip/zip_3.0.bb @@ -32,9 +32,6 @@ CVE_CHECK_IGNORE += "CVE-2018-13410" # Not for zip but for smart contract implementation for it CVE_CHECK_IGNORE += "CVE-2018-13684" -# Enable largefile support -CFLAGS += "-DLARGE_FILE_SUPPORT" - # zip.inc sets CFLAGS, but what Makefile actually uses is # CFLAGS_NOOPT. It will also force -O3 optimization, overriding # whatever we set. -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#183086): https://lists.openembedded.org/g/openembedded-core/message/183086 Mute This Topic: https://lists.openembedded.org/mt/99617719/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 18/18] Revert "ipk: Decode byte data to string in manifest handling"
From: Andrew Jeffery
cf9df9e8d89f ("ipk: Decode byte data to string in manifest handling")
did a bit of least-effort fix to a string vs byte sequence issue in the
manifest handling. The approach was chosen as it localised the fix,
rather than having to analyse further call sites.
However since then f2167ae80258 ("package_manager/ipk: do not pipe
stderr to stdout") was applied, reworking the output handling from the
subcommand. dummy_bytes() now returns a string, so stop trying to decode
it.
Fixes: f2167ae80258 ("package_manager/ipk: do not pipe stderr to stdout")
Cc: Curtis Meier
Cc: Pam Eggler
(From OE-Core rev: b61739554780d70307d2b6b37d2b3b1c7df93c77)
Signed-off-by: Andrew Jeffery
Signed-off-by: Alexandre Belloni
(cherry picked from commit 07e5a6331be60d5e35d7336a6215a972ced6eb57)
Signed-off-by: Steve Sakoman
---
meta/lib/oe/package_manager/ipk/manifest.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/lib/oe/package_manager/ipk/manifest.py
b/meta/lib/oe/package_manager/ipk/manifest.py
index ae451c5c70..22669f97c0 100644
--- a/meta/lib/oe/package_manager/ipk/manifest.py
+++ b/meta/lib/oe/package_manager/ipk/manifest.py
@@ -62,7 +62,7 @@ class PkgManifest(Manifest):
if len(pkgs_to_install) == 0:
return
-output = pm.dummy_install(pkgs_to_install).decode('utf-8')
+output = pm.dummy_install(pkgs_to_install)
with open(self.full_manifest, 'w+') as manifest:
pkg_re = re.compile('^Installing ([^ ]+) [^ ].*')
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#183085):
https://lists.openembedded.org/g/openembedded-core/message/183085
Mute This Topic: https://lists.openembedded.org/mt/99616200/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 17/18] e2fsprogs: fix ptest bug for second running
From: Qiu Tingting
At second running, there are four new failed case:
d_loaddump f_bigalloc_badinode f_bigalloc_orphan_list f_dup_resize
The test_data.tmp is necessary, but it is deleted by run-ptest.
So it should be restored after testing.
Signed-off-by: Qiu Tingting
Signed-off-by: Alexandre Belloni
(cherry picked from commit d0d08dd9a8a179e25b9cfcbac696c1d212a1910c)
Signed-off-by: Steve Sakoman
---
meta/recipes-devtools/e2fsprogs/e2fsprogs/run-ptest | 1 +
meta/recipes-devtools/e2fsprogs/e2fsprogs_1.46.5.bb | 3 +++
2 files changed, 4 insertions(+)
diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs/run-ptest
b/meta/recipes-devtools/e2fsprogs/e2fsprogs/run-ptest
index c97c0377e9..279923db8e 100644
--- a/meta/recipes-devtools/e2fsprogs/e2fsprogs/run-ptest
+++ b/meta/recipes-devtools/e2fsprogs/e2fsprogs/run-ptest
@@ -8,3 +8,4 @@ rm -f *.tmp
rm -f *.ok
rm -f *.failed
rm -f *.log
+cp ../data/test_data.tmp ./
diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.46.5.bb
b/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.46.5.bb
index 5b2d1921f0..68c620cf71 100644
--- a/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.46.5.bb
+++ b/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.46.5.bb
@@ -141,4 +141,7 @@ do_install_ptest() {
install -d ${D}${PTEST_PATH}/lib
install -m 0644 ${B}/lib/config.h ${D}${PTEST_PATH}/lib/
+
+install -d ${D}${PTEST_PATH}/data
+install -m 0644 ${B}/tests/test_data.tmp ${D}${PTEST_PATH}/data/
}
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#183084):
https://lists.openembedded.org/g/openembedded-core/message/183084
Mute This Topic: https://lists.openembedded.org/mt/99616199/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 16/18] systemd-systemctl: support instance expansion in WantedBy
From: Ian Ray
Refactor _process_deps to expand systemd instance specifier "%i" to the
template instance.
This change expands on prior commit e510222b57 ("systemd-systemctl: fix
instance template WantedBy symlink construction") by substituting every
"%i" pattern-match with the instance name.
The regexp handles the following cases:
* svc-wants@%i.service
* sys-subsystem-net-devices-%i.device
Signed-off-by: Ian Ray
Signed-off-by: Alexandre Belloni
(cherry picked from commit 9356276137267a29ae2289d796a2940918375308)
Signed-off-by: Steve Sakoman
---
meta/recipes-core/systemd/systemd-systemctl/systemctl | 9 ++---
1 file changed, 2 insertions(+), 7 deletions(-)
diff --git a/meta/recipes-core/systemd/systemd-systemctl/systemctl
b/meta/recipes-core/systemd/systemd-systemctl/systemctl
index 1c87beadad..c8b5c9efe3 100755
--- a/meta/recipes-core/systemd/systemd-systemctl/systemctl
+++ b/meta/recipes-core/systemd/systemd-systemctl/systemctl
@@ -190,13 +190,8 @@ class SystemdUnit():
target = ROOT / location.relative_to(self.root)
try:
for dependent in config.get('Install', prop):
-# determine whether or not dependent is a template with an
actual
-# instance (i.e. a '@%i')
-dependent_is_template =
re.match(r"[^@]+@(?P[^\.]*)\.", dependent)
-if dependent_is_template:
-# if so, replace with the actual instance to achieve
-# svc-wants@a.service.wants/svc-wanted-by@a.service
-dependent =
re.sub(dependent_is_template.group('instance'), instance, dependent, 1)
+# expand any %i to instance (ignoring escape sequence %%)
+dependent = re.sub("([^%](%%)*)%i", "\\1{}".format(instance),
dependent)
wants = systemdir / "{}.{}".format(dependent, dirstem) /
service
add_link(wants, target)
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#183083):
https://lists.openembedded.org/g/openembedded-core/message/183083
Mute This Topic: https://lists.openembedded.org/mt/99616198/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 15/18] vim: upgrade 9.0.1429 -> 9.0.1527
From: Randy MacLeod Fixes: https://nvd.nist.gov/vuln/detail/CVE-2023-2426 caf642c25 patch 9.0.1499: using uninitialized memory with fuzzy matching Signed-off-by: Randy MacLeod Signed-off-by: Alexandre Belloni (cherry picked from commit 4f9a8df5aca99d0a5c2d2346b27ce7be08e7896c) Signed-off-by: Steve Sakoman --- meta/recipes-support/vim/vim.inc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc index 1e27415288..e1d2563316 100644 --- a/meta/recipes-support/vim/vim.inc +++ b/meta/recipes-support/vim/vim.inc @@ -19,8 +19,8 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \ file://no-path-adjust.patch \ " -PV .= ".1429" -SRCREV = "1a08a3e2a584889f19b84a27672134649b73da58" +PV .= ".1527" +SRCREV = "c28e7a2b2f23dbd246a1ad7ad7aaa6f7ab2e5887" # Remove when 8.3 is out UPSTREAM_VERSION_UNKNOWN = "1" -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#183082): https://lists.openembedded.org/g/openembedded-core/message/183082 Mute This Topic: https://lists.openembedded.org/mt/99616197/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 14/18] linux-yocto/5.15: update to v5.15.113
From: Bruce Ashfield Updating to the latest korg -stable release that comprises the following commits: 1fe619a7d252 Linux 5.15.113 7de20a23e52a HID: wacom: add three styli to wacom_intuos_get_tool_type 25b835d40838 HID: wacom: Add new Intuos Pro Small (PTH-460) device IDs a540aabefa9b HID: wacom: Force pen out of prox if no events have been received in a while b4c7b54b83f6 s390/qdio: fix do_sqbs() inline assembly constraint b8427b8522d9 nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode() cafdd9cefc5b powerpc/64s/radix: Fix soft dirty tracking fe59dd824fad tpm/tpm_tis: Disable interrupts for more Lenovo devices b9eb4491f0c9 powerpc/iommu: Incorrect DDW Table is referenced for SR-IOV device 317ee8c54faa ceph: force updating the msg pointer in non-split case e3d1adcad5b7 vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF 03e39ec73941 thunderbolt: Clear registers properly when auto clear isn't in use 742ed5bb683e serial: qcom-geni: fix enabling deactivated interrupt 6960267e7d0b serial: 8250_exar: Add support for USR298x PCI Modems 7d8873ecbd3c serial: Add support for Advantech PCI-1611U card 51d90382d241 statfs: enforce statfs[64] structure initialization 865be1cff2c0 ksmbd: fix global-out-of-bounds in smb2_find_context_vals 7657321b2624 ksmbd: fix wrong UserName check in session_user 61e043326e72 ksmbd: allocate one more byte for implied bcc[0] 1c2461b41f30 ksmbd: smb2: Allow messages padded to 8byte boundary 49f47945386e SMB3: drop reference to cfile before sending oplock break 653d30a1512c SMB3: Close all deferred handles of inode in case of handle lease break 972a33e6cc76 can: kvaser_pciefd: Disable interrupts in probe error path 143623940a03 can: kvaser_pciefd: Do not send EFLUSH command on TFD interrupt c724a6edc1c6 can: kvaser_pciefd: Clear listen-only bit if not explicitly requested f04628305cac can: kvaser_pciefd: Empty SRB buffer in probe da711a8af0fa can: kvaser_pciefd: Call request_irq() before enabling interrupts 4857ccfbe283 can: kvaser_pciefd: Set CAN_STATE_STOPPED in kvaser_pciefd_stop() 9ac2448c24a9 can: isotp: recvmsg(): allow MSG_CMSG_COMPAT flag a17cf315f246 can: j1939: recvmsg(): allow MSG_CMSG_COMPAT flag 83af0876040b ALSA: hda/realtek: Add quirk for 2nd ASUS GU603 cc1924ab21d7 ALSA: hda/realtek: Add a quirk for HP EliteDesk 805 3a32c5149461 ALSA: hda/realtek: Add quirk for Clevo L140AU 059a18e95e06 ALSA: hda: Add NVIDIA codec IDs a3 through a7 to patch table e8c7d7c43d5e ALSA: hda: Fix Oops by 9.1 surround channel names 831a1ffb0a93 xhci: Fix incorrect tracking of free space on transfer rings 4c5c4870694b xhci-pci: Only run d3cold avoidance quirk for s2idle fc0e18f95c88 usb: typec: altmodes/displayport: fix pin_assignment_show 0ed9257a8ab9 usb: gadget: u_ether: Fix host MAC address case c51a131cacf4 usb: dwc3: debugfs: Resume dwc3 before accessing registers 720be29c7d1c USB: UHCI: adjust zhaoxin UHCI controllers OverCurrent bit value 2ef3ecff0907 usb-storage: fix deadlock when a scsi command timeouts more than once 3b43d9df27a7 USB: usbtmc: Fix direction for 0-length ioctl control messages 15d744133218 ALSA: usb-audio: Add a sample rate workaround for Line6 Pod Go 62499cf3ddd7 bridge: always declare tunnel functions ec5caa765f7f netfilter: nft_set_rbtree: fix null deref on element insertion b0cc763806c0 netfilter: nf_tables: fix nft_trans type confusion addaba68018b vlan: fix a potential uninit-value in vlan_dev_hard_start_xmit() 3a0450d38a3e igb: fix bit_shift to be in [1..8] range c15c3bb90c9a net: dsa: mv88e6xxx: Fix mv88e6393x EPC write command offset 234e744d86bd cassini: Fix a memory leak in the error handling path of cas_init_one() 76a7cd047b3a scsi: storvsc: Don't pass unused PFNs to Hyper-V host 05ad5a4d421c wifi: iwlwifi: mvm: don't trust firmware n_channels d66490c29364 wifi: iwlwifi: mvm: fix cancel_delayed_work_sync() deadlock fce7d92a8990 wifi: mac80211: fix min center freq offset tracing fd8bc0f581af net: bcmgenet: Restore phy_stop() depending upon suspend/close 99c5acfd1f6a net: bcmgenet: Remove phy_stop() from bcmgenet_netif_stop() ed1283c46d90 s390/cio: include subchannels without devices also for evaluation 673cb4798921 tipc: check the bearer min mtu properly when setting it by netlink 575e84d90a74 tipc: do not update mtu if msg_max is too small in mtu negotiation 5cf99d5f656a tipc: add tipc_bearer_min_mtu to calculate min mtu 6a7690f2bd17 virtio_net: Fix error unwinding of XDP initialization 18c0bd6888b3 virtio-net: Maintain reverse cleanup order cdd8160dcda1 net: nsh: Use correct mac_offset to unwind gso skb in nsh_gso_segment() f51d15d9bc41 drm/exynos: fix g2d_open/close helper function definitions 45a158a212d9 SUNRPC: Fix trace_svc_register()
[OE-core][kirkstone 13/18] linux-yocto/5.15: update to v5.15.112
From: Bruce Ashfield Updating to the latest korg -stable release that comprises the following commits: 9d6bde853685 Linux 5.15.112 0788273bd0a6 drm/amd/display: Fix hang when skipping modeset de9a3ed42333 RISC-V: Fix up a cherry-pick warning in setup_vm_final() 3c9b08a16978 drbd: correctly submit flush bio on barrier d0bcf6caa280 serial: 8250: Fix serial8250_tx_empty() race with DMA Tx 0b401c25 drm/msm/adreno: adreno_gpu: Use suspend() instead of idle() on load error 8beaa3cb293a ext4: fix invalid free tracking in ext4_xattr_move_to_block() 978e5e9111af ext4: remove a BUG_ON in ext4_mb_release_group_pa() 2b3b8f18c0dc ext4: bail out of ext4_xattr_ibody_get() fails for any reason f22b274429e8 ext4: add bounds checking in get_max_inline_xattr_value_size() 640c8c365999 ext4: fix deadlock when converting an inline directory in nojournal mode b2531936118d ext4: improve error handling from ext4_dirhash() b2f1314e6e36 ext4: improve error recovery code paths in __ext4_remount() 5f7d66e5e557 ext4: check iomap type only if ext4_iomap_begin() does not fail f5e687698c6d ext4: fix data races when using cached status extents 6d9a705a653e ext4: avoid a potential slab-out-of-bounds in ext4_group_desc_csum d55e76e11592 ext4: fix WARNING in mb_find_extent c5c385baee9b locking/rwsem: Add __always_inline annotation to __down_read_common() and inlined callers ed76d3a8910b ksmbd: not allow guest user on multichannel 4f9baa066749 ksmbd: fix deadlock in ksmbd_find_crypto_ctx() bc77a6e93306 ksmbd: fix racy issue while destroying session on multichannel a89ff57e4da1 ksmbd: fix kernel oops from idr_remove() 876a7e3b58e3 ksmbd: add channel rwlock 05cbc9806ae8 ksmbd: replace sessions list in connection with xarray f86a1a74d9a7 ksmbd: fix multi session connection failure bb3b772f186c ksmbd: set RSS capable in FSCTL_QUERY_NETWORK_INTERFACE_INFO 2456e2889c77 wifi: rtw88: rtw8821c: Fix rfe_option field width 615aff165bda drm/amd/display: Add NULL plane_state check for cursor disable logic c11b90aced1a drm/amd/display: Refine condition of cursor visibility for pipe-split bf16debcda5c drm/msm/adreno: fix runtime PM imbalance at gpu load bac00e57cd5e drm/msm: Remove struct_mutex usage 17eeeac92b47 drm/i915/dg2: Add HDMI pixel clock frequencies 267.30 and 319.89 MHz 6d5e6d5a70e2 drm/i915/dg2: Add additional HDMI pixel clock frequencies 06af228515d1 drm/i915/dg2: Support 4k@30 on HDMI a63c6b1eed9a ASoC: soc-pcm.c: call __soc_pcm_close() in soc_pcm_close() aa803e6ecac7 ASoC: DPCM: Don't pick up BE without substream 44b685c4bab3 ASoC: soc-pcm: Move debugfs removal out of spinlock 0d5017dea0c6 ASoC: soc-compress: Inherit atomicity from DAI link for Compress FE a536c367b0d8 ASoC: soc-pcm: Fix DPCM lockdep warning due to nested stream locks e2e5b8c72998 fs/ntfs3: Refactoring of various minor issues 5047a228d4c8 HID: wacom: insert timestamp to packed Bluetooth (BT) events db587340a004 HID: wacom: Set a default resolution for older tablets 823787470e32 drm/amdgpu: disable sdma ecc irq only when sdma RAS is enabled in suspend b39ba90d69ee drm/amdgpu: Fix vram recover doesn't work after whole GPU reset (v2) cd3c0f7013c3 drm/amdgpu/gfx: disable gfx9 cp_ecc_error_irq only when enabling legacy gfx ras 6d4b6abedd2d drm/amdgpu: fix an amdgpu_irq_put() issue in gmc_v9_0_hw_fini() db307e725d5b drm/amd/display: fix flickering caused by S/G mode 61b694b742fb drm/panel: otm8009a: Set backlight parent to panel device 8f57f3e112cf f2fs: fix potential corruption when moving a directory e2d1cc82ad50 drm/msm: fix NULL-deref on irq uninstall 8f0e1ad5327a drm/msm: fix NULL-deref on snapshot tear down 74543041c03e drm/bridge: lt8912b: Fix DSI Video Mode 9d79ccd97199 ARM: dts: s5pv210: correct MIPI CSIS clock name 137259261cd0 ARM: dts: exynos: fix WM8960 clock name in Itop Elite eb15fb94d44a remoteproc: imx_rproc: Call of_node_put() on iteration error de26e064ed9e remoteproc: st: Call of_node_put() on iteration error 8915e44eb3fb remoteproc: stm32: Call of_node_put() on iteration error 975b80702f0e sh: nmi_debug: fix return value of __setup handler 66dbc361214d sh: init: use OF_EARLY_FLATTREE for early init bb870c4b73d2 sh: mcount.S: fix build error when PRINTK is not enabled be95f9ebaf10 sh: math-emu: fix macro redefined warning 9fdf3666e3f1 SMB3: force unmount was failing to close deferred close files c3a0ae5259ea smb3: fix problem remounting a share after shutdown 17ad86d8c122 inotify: Avoid reporting event with invalid wd e51cd74e32d2 platform/x86: touchscreen_dmi: Add info for the Dexp Ursus KX210i 21de866f75de platform/x86: touchscreen_dmi: Add upside-down quirk for GDIX1002 ts on the Juno Tablet 5af78b437cd3 cifs: release leases for deferred close handles when freezing
[OE-core][kirkstone 12/18] linux-yocto/5.15: update to v5.15.111
From: Bruce Ashfield Updating to the latest korg -stable release that comprises the following commits: b0ece631f84a Linux 5.15.111 0a008c5098d8 sched: Fix DEBUG && !SCHEDSTATS warn 21c2a454486d netfilter: nf_tables: deactivate anonymous set from preparation phase aa6ff950f875 arm64: dts: qcom: sdm845: correct dynamic power coefficients - again 2931ed45bfe3 sound/oss/dmasound: fix 'dmasound_setup' defined but not used 503e554782c9 debugobject: Ensure pool refill (again) 6b84832966a0 perf intel-pt: Fix CYC timestamps after standalone CBR 06106efa20f7 perf auxtrace: Fix address filter entire kernel size 11c6fb35df5c dm: don't lock fs when the map is NULL in process of resume e11765cea205 dm ioctl: fix nested locking in table_clear() to remove deadlock concern f76fcb9d43ec dm flakey: fix a crash with invalid table line a5d8c6bf58e5 dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path 56e952ae6d89 dm clone: call kmem_cache_destroy() in dm_clone_init() error path f382705d0460 dm verity: fix error handling for check_at_most_once on FEC 1821a33bb23e ia64: fix an addr to taddr in huge_pte_offset() 3a57c70e9e92 s390/dasd: fix hanging blockdevice after request requeue ed7e8beb201b btrfs: scrub: reject unsupported scrub flags 14383698c0de scripts/gdb: fix lx-timerlist for Python3 33383fbe4f01 clk: rockchip: rk3399: allow clk_cifout to force clk_cifout_src to reparent e8353dea7d7d wifi: rtl8xxxu: RTL8192EU always needs full init 384a0dcac2a6 mailbox: zynqmp: Fix typo in IPI documentation 09206edff007 mailbox: zynqmp: Fix IPI isr handling 6d1af517817a mtd: core: fix error path for nvmem provider 8444b46e163a mtd: core: fix nvmem error reporting 7c253e98685e mtd: core: provide unique name for nvmem device, take two 68695084077e md/raid10: fix null-ptr-deref in raid10_sync_request 8d07d9119642 nilfs2: fix infinite loop in nilfs_mdt_get_block() 13f73ef77baa nilfs2: do not write dirty data after degenerating to read-only ab0748f246b7 ALSA: usb-audio: Add quirk for Pioneer DDJ-800 a87e5b9b4c64 parisc: Fix argument pointer in real64_call_asm() f1b4681cfa0a afs: Fix updating of i_size with dv jump from server 33f302c9bf3e mfd: tqmx86: Correct board names for TQMxE39x ce01b75447f6 mfd: tqmx86: Specify IO port register range more precisely a23b3b2be0d0 mfd: tqmx86: Do not access I2C_DETECT register through io_base 388d2578c7d7 thermal/drivers/mediatek: Use devm_of_iomap to avoid resource leak in mtk_thermal_probe bdcf9fec87b2 dmaengine: at_xdmac: do not enable all cyclic channels a5227b3be869 dmaengine: at_xdmac: Fix race for the tx desc callback 2b68028d771a dmaengine: at_xdmac: Fix concurrency over chan's completed_cookie 738a4fdbd157 dmaengine: dw-edma: Fix to enable to issue dma request on DMA processing fd6316dec20f dmaengine: dw-edma: Fix to change for continuous transfer dd23c11136ff dma: gpi: remove spurious unlock in gpi_ch_init dce3bdaee3f2 phy: tegra: xusb: Add missing tegra_xusb_port_unregister for usb2_port and ulpi_port 1cccf7c5c7f5 pwm: mtk-disp: Configure double buffering before reading in .get_state() d2798512fafc pwm: mtk-disp: Disable shadow registers before setting backlight values 8ffa1cb8bcfa leds: tca6507: Fix error handling of using fwnode_property_read_string e63e3a0fc062 dmaengine: mv_xor_v2: Fix an error code. 332ca024a82e leds: TI_LMU_COMMON: select REGMAP instead of depending on it c904a070d7cd pinctrl: renesas: r8a779a0: Remove incorrect AVB[01] pinmux configuration 40566def189c ext4: fix use-after-free read in ext4_find_extent for bigalloc + inline 18eb23891aea ext4: fix i_disksize exceeding i_size problem in paritally written case 3dc3a86b88bd SMB3: Close deferred file handles in case of handle lease break 0f87e18203bd SMB3: Add missing locks to protect deferred close file list b574e73db844 timekeeping: Fix references to nonexistent ktime_get_fast_ns() ccfede0a2cb1 openrisc: Properly store r31 to pt_regs on unhandled exceptions 1c7456aa5d3a clocksource/drivers/davinci: Fix memory leak in davinci_timer_register when init fails c87c6d50505b RDMA/mlx5: Use correct device num_ports when modify DC d2823237dabc SUNRPC: remove the maximum number of retries in call_bind_status c11e44ac1a71 RDMA/mlx5: Fix flow counter query via DEVX 7acad58049ac Input: raspberrypi-ts - fix refcount leak in rpi_ts_probe b6157a9f0fc7 clk: qcom: gcc-sm8350: fix PCIe PIPE clocks handling 33f9b8de1b00 clk: qcom: regmap: add PHY clock source implementation 0ccc1a6bac34 NFSv4.1: Always send a RECLAIM_COMPLETE after establishing lease a2bd706ab635 IB/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests 6bbc49661c31 IB/hfi1: Fix SDMA mmu_rb_node not being evicted in LRU order 00cc21e32ea1 RDMA/srpt: Add a check for
[OE-core][kirkstone 11/18] linux-yocto/5.15: update to v5.15.110
From: Bruce Ashfield
Updating to the latest korg -stable release that comprises
the following commits:
8a7f2a5c5aa1 Linux 5.15.110
cab0f985037b riscv: No need to relocate the dtb as it lies in the fixmap
region
1f09c9bab723 riscv: Do not set initial_boot_params to the linear address of
the dtb
bbf94b042155 riscv: Move early dtb mapping into the fixmap region
ccb29694c2da selftests: mptcp: join: fix "invalid address, ADD_ADDR timeout"
0994aa001fde driver core: Don't require dynamic_debug for initcall_debug
probe timing
3dcebcaa258c USB: serial: option: add UNISOC vendor and TOZED LT70C product
f1e6a14d5ae8 bluetooth: Perform careful capability checks in
hci_sock_ioctl()
39c472809aab drm/fb-helper: set x/yres_virtual in drm_fb_helper_check_var
936a23293bbb wifi: brcmfmac: slab-out-of-bounds read in
brcmf_get_assoc_ies()
2bd716c6e4d1 KVM: arm64: Fix buffer overflow in kvm_arm_set_fw_reg()
00f74003edf5 KVM: arm64: Retry fault if vma_lookup() results become invalid
c1da649699e1 selftests/kselftest/runner/run_one(): allow running
non-executable files
c88435054153 PCI/ASPM: Remove pcie_aspm_pm_state_change()
Signed-off-by: Bruce Ashfield
Signed-off-by: Steve Sakoman
(cherry picked from commit 8fb28c7f71888d65c170c9f5400438a077860c6f)
Signed-off-by: Steve Sakoman
---
.../linux/linux-yocto-rt_5.15.bb | 4 ++--
.../linux/linux-yocto-tiny_5.15.bb| 4 ++--
meta/recipes-kernel/linux/linux-yocto_5.15.bb | 24 +--
3 files changed, 16 insertions(+), 16 deletions(-)
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
index 71c2c4042b..d719a959d6 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
@@ -11,13 +11,13 @@ python () {
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to
linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "63a865cbbc8ab351f44582a4fcf2999c7681cfd8"
+SRCREV_machine ?= "91c85a978457d009bb57ec0a0867afe4ff7c8278"
SRCREV_meta ?= "8ce5ee0184fb213962a82ca5ee8c74851452e260"
SRC_URI =
"git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}"
-LINUX_VERSION ?= "5.15.109"
+LINUX_VERSION ?= "5.15.110"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
index 620e85091d..88af7d2ee7 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
@@ -5,7 +5,7 @@ KCONFIG_MODE = "--allnoconfig"
require recipes-kernel/linux/linux-yocto.inc
-LINUX_VERSION ?= "5.15.109"
+LINUX_VERSION ?= "5.15.110"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -14,7 +14,7 @@ DEPENDS += "openssl-native util-linux-native"
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine ?= "7d734295a38a5fc03fb29fb90bb64e38708e2308"
+SRCREV_machine ?= "37cc630d5574860de0b48e67fca03d8cb7d2a260"
SRCREV_meta ?= "8ce5ee0184fb213962a82ca5ee8c74851452e260"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.15.bb
b/meta/recipes-kernel/linux/linux-yocto_5.15.bb
index 41e7c27850..9c531ab4da 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.15.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.15.bb
@@ -13,16 +13,16 @@ KBRANCH:qemux86 ?= "v5.15/standard/base"
KBRANCH:qemux86-64 ?= "v5.15/standard/base"
KBRANCH:qemumips64 ?= "v5.15/standard/mti-malta64"
-SRCREV_machine:qemuarm ?= "8ac50c616d30bffb2540f2dd7bfe8ea66d737bfe"
-SRCREV_machine:qemuarm64 ?= "470798ad34773e9e60e08ba80a8b7e6c4cf65c94"
-SRCREV_machine:qemumips ?= "9dcb3aaf2e30172cfb33b13d50bae621cd449f5b"
-SRCREV_machine:qemuppc ?= "faaa6b1dd4c1bf3550efa07e788f6849729e9d7b"
-SRCREV_machine:qemuriscv64 ?= "b8a4501ad3a651d576df481df20bf20fd3e969df"
-SRCREV_machine:qemuriscv32 ?= "b8a4501ad3a651d576df481df20bf20fd3e969df"
-SRCREV_machine:qemux86 ?= "b8a4501ad3a651d576df481df20bf20fd3e969df"
-SRCREV_machine:qemux86-64 ?= "b8a4501ad3a651d576df481df20bf20fd3e969df"
-SRCREV_machine:qemumips64 ?= "a41a7b13730b656588ac38cf0f1af6f9f255e112"
-SRCREV_machine ?= "b8a4501ad3a651d576df481df20bf20fd3e969df"
+SRCREV_machine:qemuarm ?= "c9c4163f1d7a05a8a9e74f519ec7acc54259f53b"
+SRCREV_machine:qemuarm64 ?= "1cbfaca7888ffe8f6ce58987080a86b48161ce44"
+SRCREV_machine:qemumips ?= "9d83787163c68c2390136915fcfbf3e781d56874"
+SRCREV_machine:qemuppc ?= "a6d06d797ba2ae6c391898a42fced6c3eb71aad0"
+SRCREV_machine:qemuriscv64 ?= "4399f7dbd01bd141ad6033438eb818820322ef13"
+SRCREV_machine:qemuriscv32 ?= "4399f7dbd01bd141ad6033438eb818820322ef13"
[OE-core][kirkstone 10/18] linux-yocto/5.15: update to v5.15.109
From: Bruce Ashfield Updating to the latest korg -stable release that comprises the following commits: f48aeeaaa64c Linux 5.15.109 4aed6b5809bb soc: sifive: l2_cache: fix missing of_node_put() in sifive_l2_init() 71e7ed6e3aa9 soc: sifive: l2_cache: fix missing free_irq() in error path in sifive_l2_init() 48c5fd373345 soc: sifive: l2_cache: fix missing iounmap() in error path in sifive_l2_init() 2a2a502af466 ASN.1: Fix check for strdup() success 9fc2e7f2cf47 ASoC: fsl_asrc_dma: fix potential null-ptr-deref 0431e1323f42 mm/page_alloc: fix potential deadlock on zonelist_update_seq seqlock 144ff55623e2 iio: adc: at91-sama5d2_adc: fix an error code in at91_adc_allocate_trigger() e589986ef037 counter: 104-quad-8: Fix race condition between FLAG and CNTR reads 78559037632b pwm: hibvt: Explicitly set .polarity in .get_state() 2147e7c2d26f pwm: iqs620a: Explicitly set .polarity in .get_state() a2ab4924f0c8 pwm: meson: Explicitly set .polarity in .get_state() dbc7a6d1ec8e sctp: Call inet6_destroy_sock() via sk->sk_destruct(). 4f66b180a622 dccp: Call inet6_destroy_sock() via sk->sk_destruct(). b60d534d1e70 inet6: Remove inet6_destroy_sock() in sk->sk_prot->destroy(). dd042131386f tcp/udp: Call inet6_destroy_sock() in IPv6 sk->sk_destruct(). dabbe97f369b udp: Call inet6_destroy_sock() in setsockopt(IPV6_ADDRFORM). d58366aab868 fuse: fix deadlock between atomic O_TRUNC and page invalidation e21d9c606839 fuse: always revalidate rename target dentry c10a5b340681 fuse: fix attr version comparison in fuse_read_update_size() 1e5c686087dc purgatory: fix disabling debug info a134b2ac4127 docs: futex: Fix kernel-doc references after code split-up preparation 66dd55279174 MIPS: Define RUNTIME_DISCARD_EXIT in LD script e779884c713f sched/fair: Fixes for capacity inversion detection 4ee882e0e1ed sched/uclamp: Fix a uninitialized variable warnings 98762616db0b sched/fair: Consider capacity inversion in util_fits_cpu() 99b704ae7a17 sched/fair: Detect capacity inversion 1de6ee9d812c sched/uclamp: Cater for uclamp in find_energy_efficient_cpu()'s early exit condition a77e3c0e067d sched/uclamp: Make cpu_overutilized() use util_fits_cpu() ac407e5102e9 sched/uclamp: Fix fits_capacity() check in feec() 46c631fe5a94 mm: page_alloc: skip regions with hugetlbfs pages when allocating 1G pages 981e276dd965 mm/khugepaged: check again on anon uffd-wp during isolation 29562319cba0 drm/i915: Fix fast wake AUX sync len afbfd70cb1a0 mmc: sdhci_am654: Set HIGH_SPEED_ENA for SDR12 and SDR25 1aaa1e0a9a0f kernel/sys.c: fix and improve control flow in __sys_setres[ug]id() ebab1a86ca3e memstick: fix memory leak if card device is never registered 8c168553abce nilfs2: initialize unused bytes in segment summary blocks e513fb5cadc4 iio: light: tsl2772: fix reading proximity-diodes from device tree c15737965434 rtmutex: Add acquire semantics for rtmutex lock acquisition slow path a8466e335f58 platform/x86: gigabyte-wmi: add support for X570S AORUS ELITE 4a2a34a75f3e xen/netback: use same error messages for same errors 08e774db2ef1 nvme-tcp: fix a possible UAF when failing to allocate an io queue 1b91bfae3ee1 s390/ptrace: fix PTRACE_GET_LAST_BREAK error handling 357fa038d93d net: dsa: b53: mmap: add phy ops 583d2abf1374 scsi: core: Improve scsi_vpd_inquiry() checks 139bea1d3aa1 scsi: megaraid_sas: Fix fw_crash_buffer_show() 73890c48849d selftests: sigaltstack: fix -Wuninitialized c2680efa1507 platform/x86 (gigabyte-wmi): Add support for A320M-S2H V2 fd3e899340e1 Input: i8042 - add quirk for Fujitsu Lifebook A574/H 14bb1fb893db f2fs: Fix f2fs_truncate_partial_nodes ftrace event 0ebc93afdaf6 e1000e: Disable TSO on i219-LM card to increase speed e722ea6dae2c bpf: Fix incorrect verifier pruning due to missing register precision taints 25e50cdf9f63 spi: spi-rockchip: Fix missing unwind goto in rockchip_sfc_probe() cbce626dcd23 mlxsw: pci: Fix possible crash during initialization 4eee0d9d3c11 net: rpl: fix rpl header size calculation 92e0bc5e34ad bonding: Fix memory leak when changing bond type to Ethernet b24026f1409c mlxfw: fix null-ptr-deref in mlxfw_mfa2_tlv_next() 5610d81d0214 bnxt_en: Do not initialize PTP on older P3/P4 chips 7ff875ee15bc netfilter: nf_tables: tighten netlink attribute requirements for catch-all elements 0a397535d189 netfilter: nf_tables: validate catch-all set elements 25f1b40cf9b2 i40e: fix i40e_setup_misc_vector() error handling 536ed39cbec8 i40e: fix accessing vsi->active_filters without holding lock 8089d724dd7a netfilter: nf_tables: fix ifdef to also consider nf_tables=m 69ea11769b8d sfc: Fix use-after-free due to selftest_work aa16f7b99d23 sfc: Split STATE_READY in to STATE_NET_DOWN and STATE_NET_UP. b36d82ddc74e virtio_net: bugfix overflow inside
[OE-core][kirkstone 09/18] glibc: stable 2.35 branch updates
From: Deepthi Hemraj Below commits on glibc-2.35 stable branch are updated. cbceb903c4 (HEAD -> release/2.35/master, origin/release/2.35/master) io: Fix F_GETLK, F_SETLK, and F_SETLKW for powerpc64 0967fb5861 io: Fix record locking contants on 32 bit arch with 64 bit default time_t 739de21d30 Document BZ #20975 fix 2b9906f9a0 __check_pf: Add a cancellation cleanup handler 7035f2174f gmon: Revert addition of tunables to preserve GLIBC_PRIVATE ABI e698e8bd8e gmon: fix memory corruption issues 9f81b8fa65 gmon: improve mcount overflow handling f2820e478c gmon: Fix allocated buffer overflow 413af1eb02 posix: Fix system blocks SIGCHLD erroneously CVE-2023-0687.patch is dropped Signed-off-by: Deepthi Hemraj Signed-off-by: Steve Sakoman --- meta/recipes-core/glibc/glibc-version.inc | 2 +- .../glibc/glibc/CVE-2023-0687.patch | 82 --- meta/recipes-core/glibc/glibc_2.35.bb | 1 - 3 files changed, 1 insertion(+), 84 deletions(-) delete mode 100644 meta/recipes-core/glibc/glibc/CVE-2023-0687.patch diff --git a/meta/recipes-core/glibc/glibc-version.inc b/meta/recipes-core/glibc/glibc-version.inc index 4d8d96cefb..01b1abef7d 100644 --- a/meta/recipes-core/glibc/glibc-version.inc +++ b/meta/recipes-core/glibc/glibc-version.inc @@ -1,6 +1,6 @@ SRCBRANCH ?= "release/2.35/master" PV = "2.35" -SRCREV_glibc ?= "1c7f51c75ae300fe52ccb636e71b8e28cb20824c" +SRCREV_glibc ?= "cbceb903c4d770acc7e4ba5641036516830ed69b" SRCREV_localedef ?= "794da69788cbf9bf57b59a852f9f11307663fa87" GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git" diff --git a/meta/recipes-core/glibc/glibc/CVE-2023-0687.patch b/meta/recipes-core/glibc/glibc/CVE-2023-0687.patch deleted file mode 100644 index 10c7e5666d..00 --- a/meta/recipes-core/glibc/glibc/CVE-2023-0687.patch +++ /dev/null @@ -1,82 +0,0 @@ -From 952aff5c00ad7c6b83c3f310f2643939538827f8 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?=D0=9B=D0=B5=D0=BE=D0=BD=D0=B8=D0=B4=20=D0=AE=D1=80=D1=8C?= - =?UTF-8?q?=D0=B5=D0=B2=20=28Leonid=20Yuriev=29?= -Date: Sat, 4 Feb 2023 14:41:38 +0300 -Subject: [PATCH] gmon: Fix allocated buffer overflow (bug 29444) -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -The `__monstartup()` allocates a buffer used to store all the data -accumulated by the monitor. - -The size of this buffer depends on the size of the internal structures -used and the address range for which the monitor is activated, as well -as on the maximum density of call instructions and/or callable functions -that could be potentially on a segment of executable code. - -In particular a hash table of arcs is placed at the end of this buffer. -The size of this hash table is calculated in bytes as - p->fromssize = p->textsize / HASHFRACTION; - -but actually should be - p->fromssize = ROUNDUP(p->textsize / HASHFRACTION, sizeof(*p->froms)); - -This results in writing beyond the end of the allocated buffer when an -added arc corresponds to a call near from the end of the monitored -address range, since `_mcount()` check the incoming caller address for -monitored range but not the intermediate result hash-like index that -uses to write into the table. - -It should be noted that when the results are output to `gmon.out`, the -table is read to the last element calculated from the allocated size in -bytes, so the arcs stored outside the buffer boundary did not fall into -`gprof` for analysis. Thus this "feature" help me to found this bug -during working with https://sourceware.org/bugzilla/show_bug.cgi?id=29438 - -Just in case, I will explicitly note that the problem breaks the -`make test t=gmon/tst-gmon-dso` added for Bug 29438. -There, the arc of the `f3()` call disappears from the output, since in -the DSO case, the call to `f3` is located close to the end of the -monitored range. - -Signed-off-by: Леонид Юрьев (Leonid Yuriev) - -Another minor error seems a related typo in the calculation of -`kcountsize`, but since kcounts are smaller than froms, this is -actually to align the p->froms data. - -Co-authored-by: DJ Delorie -Reviewed-by: Carlos O'Donell - -Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=801af9fafd4689337ebf27260aa115335a0cb2bc] -CVE: CVE-2023-0687 -Signed-off-by: Shubham Kulkarni - gmon/gmon.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/gmon/gmon.c b/gmon/gmon.c -index dee6480..bf76358 100644 a/gmon/gmon.c -+++ b/gmon/gmon.c -@@ -132,6 +132,8 @@ __monstartup (u_long lowpc, u_long highpc) - p->lowpc = ROUNDDOWN(lowpc, HISTFRACTION * sizeof(HISTCOUNTER)); - p->highpc = ROUNDUP(highpc, HISTFRACTION * sizeof(HISTCOUNTER)); - p->textsize = p->highpc - p->lowpc; -+ /* This looks like a typo, but it's here to align the p->froms -+ section. */ - p->kcountsize = ROUNDUP(p->textsize / HISTFRACTION, sizeof(*p->froms)); - p->hashfraction = HASHFRACTION; - p->log_hashfraction = -1; -@@ -142,7 +144,7 @@
[OE-core][kirkstone 08/18] cve-update-nvd2-native: added the missing http import
From: Jan Vermaete
Signed-off-by: Jan Vermaete
Signed-off-by: Luca Ceresoli
(cherry picked from commit 39d2cde7eb922cb0a2cf9402cd8b3ae3b4cc2f62)
Signed-off-by: Steve Sakoman
---
meta/recipes-core/meta/cve-update-nvd2-native.bb | 1 +
1 file changed, 1 insertion(+)
diff --git a/meta/recipes-core/meta/cve-update-nvd2-native.bb
b/meta/recipes-core/meta/cve-update-nvd2-native.bb
index 1c14481c21..2b585983ac 100644
--- a/meta/recipes-core/meta/cve-update-nvd2-native.bb
+++ b/meta/recipes-core/meta/cve-update-nvd2-native.bb
@@ -118,6 +118,7 @@ def nvd_request_next(url, api_key, args):
import urllib.request
import urllib.parse
import gzip
+import http
headers = {}
if api_key:
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#183075):
https://lists.openembedded.org/g/openembedded-core/message/183075
Mute This Topic: https://lists.openembedded.org/mt/99616188/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 07/18] cve-update-nvd2-native: new CVE database fetcher
From: Marta Rybczynska
Add new fetcher for the NVD database using the 2.0 API [1].
The implementation changes as little as possible, keeping the current
database format (but using a different database file for the transition
period), with a notable exception of not using the META table.
Minor changes that could be visible:
- the database starts in 1999 instead of 2002
- the complete fetch is longer (30 minutes typically)
[1] https://nvd.nist.gov/developers/vulnerabilities
Signed-off-by: Marta Rybczynska
Signed-off-by: Alexandre Belloni
(cherry picked from commit fb62c4c3dbca4e58f7ce6cf29d4b630a06411a97)
Signed-off-by: Steve Sakoman
---
meta/classes/cve-check.bbclass| 4 +-
.../meta/cve-update-nvd2-native.bb| 333 ++
2 files changed, 335 insertions(+), 2 deletions(-)
create mode 100644 meta/recipes-core/meta/cve-update-nvd2-native.bb
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 3c922b27af..494fa03ec1 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -26,7 +26,7 @@ CVE_PRODUCT ??= "${BPN}"
CVE_VERSION ??= "${PV}"
CVE_CHECK_DB_DIR ?= "${DL_DIR}/CVE_CHECK"
-CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_1.1.db"
+CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_2.db"
CVE_CHECK_DB_FILE_LOCK ?= "${CVE_CHECK_DB_FILE}.lock"
CVE_CHECK_LOG ?= "${T}/cve.log"
@@ -155,7 +155,7 @@ python do_cve_check () {
}
addtask cve_check before do_build
-do_cve_check[depends] = "cve-update-db-native:do_fetch"
+do_cve_check[depends] = "cve-update-nvd2-native:do_fetch"
do_cve_check[nostamp] = "1"
python cve_check_cleanup () {
diff --git a/meta/recipes-core/meta/cve-update-nvd2-native.bb
b/meta/recipes-core/meta/cve-update-nvd2-native.bb
new file mode 100644
index 00..1c14481c21
--- /dev/null
+++ b/meta/recipes-core/meta/cve-update-nvd2-native.bb
@@ -0,0 +1,333 @@
+SUMMARY = "Updates the NVD CVE database"
+LICENSE = "MIT"
+
+# Important note:
+# This product uses the NVD API but is not endorsed or certified by the NVD.
+
+INHIBIT_DEFAULT_DEPS = "1"
+
+inherit native
+
+deltask do_unpack
+deltask do_patch
+deltask do_configure
+deltask do_compile
+deltask do_install
+deltask do_populate_sysroot
+
+NVDCVE_URL ?= "https://services.nvd.nist.gov/rest/json/cves/2.0;
+
+# CVE database update interval, in seconds. By default: once a day (24*60*60).
+# Use 0 to force the update
+# Use a negative value to skip the update
+CVE_DB_UPDATE_INTERVAL ?= "86400"
+
+# Timeout for blocking socket operations, such as the connection attempt.
+CVE_SOCKET_TIMEOUT ?= "60"
+
+CVE_DB_TEMP_FILE ?= "${CVE_CHECK_DB_DIR}/temp_nvdcve_2.db"
+
+CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_2.db"
+
+python () {
+if not bb.data.inherits_class("cve-check", d):
+raise bb.parse.SkipRecipe("Skip recipe when cve-check class is not
loaded.")
+}
+
+python do_fetch() {
+"""
+Update NVD database with API 2.0
+"""
+import bb.utils
+import bb.progress
+import shutil
+
+bb.utils.export_proxies(d)
+
+db_file = d.getVar("CVE_CHECK_DB_FILE")
+db_dir = os.path.dirname(db_file)
+db_tmp_file = d.getVar("CVE_DB_TEMP_FILE")
+
+cleanup_db_download(db_file, db_tmp_file)
+# By default let's update the whole database (since time 0)
+database_time = 0
+
+# The NVD database changes once a day, so no need to update more frequently
+# Allow the user to force-update
+try:
+import time
+update_interval = int(d.getVar("CVE_DB_UPDATE_INTERVAL"))
+if update_interval < 0:
+bb.note("CVE database update skipped")
+return
+if time.time() - os.path.getmtime(db_file) < update_interval:
+bb.note("CVE database recently updated, skipping")
+return
+database_time = os.path.getmtime(db_file)
+
+except OSError:
+pass
+
+bb.utils.mkdirhier(db_dir)
+if os.path.exists(db_file):
+shutil.copy2(db_file, db_tmp_file)
+
+if update_db_file(db_tmp_file, d, database_time) == True:
+# Update downloaded correctly, can swap files
+shutil.move(db_tmp_file, db_file)
+else:
+# Update failed, do not modify the database
+bb.warn("CVE database update failed")
+os.remove(db_tmp_file)
+}
+
+do_fetch[lockfiles] += "${CVE_CHECK_DB_FILE_LOCK}"
+do_fetch[file-checksums] = ""
+do_fetch[vardeps] = ""
+
+def cleanup_db_download(db_file, db_tmp_file):
+"""
+Cleanup the download space from possible failed downloads
+"""
+
+# Clean up the updates done on the main file
+# Remove it only if a journal file exists - it means a complete re-download
+if os.path.exists("{0}-journal".format(db_file)):
+# If a journal is present the last update might have been interrupted.
In that case,
+# just wipe any leftovers and force the DB to be recreated.
+os.remove("{0}-journal".format(db_file))
+
+if
[OE-core][kirkstone 06/18] webkitgtk: fix CVE-2022-46700
From: Yogita Urade
A memory corruption issue was addressed with improved input validation.
This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS
15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing
maliciously crafted web content may lead to arbitrary code execution.
References:
https://support.apple.com/en-us/HT213531
https://bugs.webkit.org/show_bug.cgi?id=247562
https://github.com/WebKit/WebKit/pull/6266
Signed-off-by: Yogita Urade
Signed-off-by: Steve Sakoman
---
.../webkit/webkitgtk/CVE-2022-46700.patch | 67 +++
meta/recipes-sato/webkit/webkitgtk_2.36.8.bb | 1 +
2 files changed, 68 insertions(+)
create mode 100644 meta/recipes-sato/webkit/webkitgtk/CVE-2022-46700.patch
diff --git a/meta/recipes-sato/webkit/webkitgtk/CVE-2022-46700.patch
b/meta/recipes-sato/webkit/webkitgtk/CVE-2022-46700.patch
new file mode 100644
index 00..242b8337fa
--- /dev/null
+++ b/meta/recipes-sato/webkit/webkitgtk/CVE-2022-46700.patch
@@ -0,0 +1,67 @@
+From 86fbeb6fcd638e2350b09a43dde355f9830e75da Mon Sep 17 00:00:00 2001
+From: David Degazio
+Date: Tue, 8 Nov 2022 19:54:33 -0800
+Subject: [PATCH] Intl.Locale.prototype.hourCycles leaks empty JSValue to
+ script https://bugs.webkit.org/show_bug.cgi?id=247562 rdar://102031379
+
+Reviewed by Mark Lam.
+
+We currently don't check if IntlLocale::hourCycles returns a null JSArray,
which allows it
+to be encoded as an empty JSValue and exposed to user code. This patch throws
a TypeError
+when udatpg_open returns a failed status.
+
+* JSTests/stress/intl-locale-invalid-hourCycles.js: Added.
+(main):
+* Source/JavaScriptCore/runtime/IntlLocale.cpp:
+(JSC::IntlLocale::hourCycles):
+
+Canonical link: https://commits.webkit.org/256473@main
+
+CVE:CVE-2022-46700
+
+Upstream-Status: Backport
+[https://github.com/WebKit/WebKit/commit/86fbeb6fcd638e2350b09a43dde355f9830e75da]
+
+Signed-off-by: Yogita Urade
+---
+ JSTests/stress/intl-locale-invalid-hourCycles.js | 12
+ Source/JavaScriptCore/runtime/IntlLocale.cpp | 4 +++-
+ 2 files changed, 15 insertions(+), 1 deletion(-)
+ create mode 100644 JSTests/stress/intl-locale-invalid-hourCycles.js
+
+diff --git a/JSTests/stress/intl-locale-invalid-hourCycles.js
b/JSTests/stress/intl-locale-invalid-hourCycles.js
+new file mode 100644
+index ..7b94eb844764
+--- /dev/null
b/JSTests/stress/intl-locale-invalid-hourCycles.js
+@@ -0,0 +1,12 @@
++function main() {
++const v24 = new Intl.Locale("trimEnd", { 'numberingSystem': "foobar" });
++let empty = v24.hourCycles;
++print(empty);
++}
++
++try {
++main();
++} catch (e) {
++if (!(e instanceof TypeError))
++throw e;
++}
+diff --git a/Source/JavaScriptCore/runtime/IntlLocale.cpp
b/Source/JavaScriptCore/runtime/IntlLocale.cpp
+index c3c346163a18..bef424727a8a 100644
+--- a/Source/JavaScriptCore/runtime/IntlLocale.cpp
b/Source/JavaScriptCore/runtime/IntlLocale.cpp
+@@ -632,8 +632,10 @@ JSArray* IntlLocale::hourCycles(JSGlobalObject*
globalObject)
+
+ UErrorCode status = U_ZERO_ERROR;
+ auto generator = std::unique_ptr>(udatpg_open(m_localeID.data(), ));
+-if (U_FAILURE(status))
++if (U_FAILURE(status)) {
++throwTypeError(globalObject, scope, "invalid locale"_s);
+ return nullptr;
++}
+
+ // Use "j" skeleton and parse pattern to retrieve the configured
hour-cycle information.
+ constexpr const UChar skeleton[] = { 'j', 0 };
+--
+2.40.0
diff --git a/meta/recipes-sato/webkit/webkitgtk_2.36.8.bb
b/meta/recipes-sato/webkit/webkitgtk_2.36.8.bb
index 062f209932..edd64b7b11 100644
--- a/meta/recipes-sato/webkit/webkitgtk_2.36.8.bb
+++ b/meta/recipes-sato/webkit/webkitgtk_2.36.8.bb
@@ -20,6 +20,7 @@ SRC_URI = "https://www.webkitgtk.org/releases/${BP}.tar.xz \
file://CVE-2022-46691.patch \
file://CVE-2022-46699.patch \
file://CVE-2022-42867.patch \
+ file://CVE-2022-46700.patch \
"
SRC_URI[sha256sum] =
"0ad9fb6bf28308fe3889faf184bd179d13ac1b46835d2136edbab2c133d00437"
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#183073):
https://lists.openembedded.org/g/openembedded-core/message/183073
Mute This Topic: https://lists.openembedded.org/mt/99616184/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 05/18] webkitgtk: fix CVE-2022-42867
From: Yogita Urade
A use after free issue was addressed with improved memory management.
This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS
16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web
content may lead to arbitrary code execution.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2022-42867
https://support.apple.com/en-us/HT213537
Signed-off-by: Yogita Urade
Signed-off-by: Steve Sakoman
---
.../webkit/webkitgtk/CVE-2022-42867.patch | 104 ++
meta/recipes-sato/webkit/webkitgtk_2.36.8.bb | 1 +
2 files changed, 105 insertions(+)
create mode 100644 meta/recipes-sato/webkit/webkitgtk/CVE-2022-42867.patch
diff --git a/meta/recipes-sato/webkit/webkitgtk/CVE-2022-42867.patch
b/meta/recipes-sato/webkit/webkitgtk/CVE-2022-42867.patch
new file mode 100644
index 00..bf06809051
--- /dev/null
+++ b/meta/recipes-sato/webkit/webkitgtk/CVE-2022-42867.patch
@@ -0,0 +1,104 @@
+From f67a882170609d15836204a689dc552322fbe653 Mon Sep 17 00:00:00 2001
+From: Yogita Urade
+Date: Wed, 7 Jun 2023 08:15:11 +
+Subject: [oe-core][kirkstone][PATCH 1/1] RenderElement::updateFillImages
+ should take pointer arguments like other similar functions
+ https://bugs.webkit.org/show_bug.cgi?id=247317 rdar://100273147
+
+Reviewed by Alan Baradlay.
+
+* Source/WebCore/rendering/RenderElement.cpp:
+(WebCore::RenderElement::updateFillImages):
+(WebCore::RenderElement::styleDidChange):
+* Source/WebCore/rendering/RenderElement.h:
+
+Canonical link: https://commits.webkit.org/256215@main
+
+CVE: CVE-2022-42867
+
+Upstream-Status: Backport
+[https://github.com/WebKit/WebKit/commit/091a04e55c801ac6ba13f4b328fbee2eece853fc]
+
+Signed-off-by: Yogita Urade
+---
+ Source/WebCore/rendering/RenderElement.cpp | 27 ++
+ Source/WebCore/rendering/RenderElement.h | 2 +-
+ 2 files changed, 19 insertions(+), 10 deletions(-)
+
+diff --git a/Source/WebCore/rendering/RenderElement.cpp
b/Source/WebCore/rendering/RenderElement.cpp
+index da43bf3d..931686b8 100644
+--- a/Source/WebCore/rendering/RenderElement.cpp
b/Source/WebCore/rendering/RenderElement.cpp
+@@ -358,7 +358,7 @@ inline bool
RenderElement::shouldRepaintForStyleDifference(StyleDifference diff)
+ return diff == StyleDifference::Repaint || (diff ==
StyleDifference::RepaintIfTextOrBorderOrOutline &&
hasImmediateNonWhitespaceTextChildOrBorderOrOutline());
+ }
+
+-void RenderElement::updateFillImages(const FillLayer* oldLayers, const
FillLayer& newLayers)
++void RenderElement::updateFillImages(const FillLayer* oldLayers, const
FillLayer* newLayers)
+ {
+ auto fillImagesAreIdentical = [](const FillLayer* layer1, const
FillLayer* layer2) -> bool {
+ if (layer1 == layer2)
+@@ -379,7 +379,7 @@ void RenderElement::updateFillImages(const FillLayer*
oldLayers, const FillLayer
+ };
+
+ auto isRegisteredWithNewFillImages = [&]() -> bool {
+-for (auto* layer = layer; layer = layer->next()) {
++for (auto* layer = newLayers; layer; layer = layer->next()) {
+ if (layer->image() && !layer->image()->hasClient(*this))
+ return false;
+ }
+@@ -388,11 +388,11 @@ void RenderElement::updateFillImages(const FillLayer*
oldLayers, const FillLayer
+
+ // If images have the same characteristics and this element is already
registered as a
+ // client to the new images, there is nothing to do.
+-if (fillImagesAreIdentical(oldLayers, ) &&
isRegisteredWithNewFillImages())
++if (fillImagesAreIdentical(oldLayers, newLayers) &&
isRegisteredWithNewFillImages())
+ return;
+
+ // Add before removing, to avoid removing all clients of an image that is
in both sets.
+-for (auto* layer = layer; layer = layer->next()) {
++for (auto* layer = newLayers; layer; layer = layer->next()) {
+ if (layer->image())
+ layer->image()->addClient(*this);
+ }
+@@ -937,11 +937,20 @@ static inline bool areCursorsEqual(const RenderStyle* a,
const RenderStyle* b)
+
+ void RenderElement::styleDidChange(StyleDifference diff, const RenderStyle*
oldStyle)
+ {
+-updateFillImages(oldStyle ? >backgroundLayers() : nullptr,
m_style.backgroundLayers());
+-updateFillImages(oldStyle ? >maskLayers() : nullptr,
m_style.maskLayers());
+-updateImage(oldStyle ? oldStyle->borderImage().image() : nullptr,
m_style.borderImage().image());
+-updateImage(oldStyle ? oldStyle->maskBoxImage().image() : nullptr,
m_style.maskBoxImage().image());
+-updateShapeImage(oldStyle ? oldStyle->shapeOutside() : nullptr,
m_style.shapeOutside());
++auto registerImages = [this](auto* style, auto* oldStyle) {
++if (!style && !oldStyle)
++return;
++updateFillImages(oldStyle ? >backgroundLayers() : nullptr,
style ? >backgroundLayers() : nullptr);
++updateFillImages(oldStyle ? >maskLayers() : nullptr, style
? >maskLayers() : nullptr);
++updateImage(oldStyle ?
[OE-core][kirkstone 04/18] webkitgtk: fix CVE-2022-46699
From: Yogita Urade
A memory corruption issue was addressed with improved state management.
This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS
16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web
content may lead to arbitrary code execution.
References:
https://nvd.nist.gov/vuln/detail/CVE-2022-46699
https://support.apple.com/en-us/HT213537
Signed-off-by: Yogita Urade
Signed-off-by: Steve Sakoman
---
.../webkit/webkitgtk/CVE-2022-46699.patch | 136 ++
meta/recipes-sato/webkit/webkitgtk_2.36.8.bb | 1 +
2 files changed, 137 insertions(+)
create mode 100644 meta/recipes-sato/webkit/webkitgtk/CVE-2022-46699.patch
diff --git a/meta/recipes-sato/webkit/webkitgtk/CVE-2022-46699.patch
b/meta/recipes-sato/webkit/webkitgtk/CVE-2022-46699.patch
new file mode 100644
index 00..0752b9c0e2
--- /dev/null
+++ b/meta/recipes-sato/webkit/webkitgtk/CVE-2022-46699.patch
@@ -0,0 +1,136 @@
+From 28686e63de0d3d7270a49b0d6b656467bc4fbf68 Mon Sep 17 00:00:00 2001
+From: Justin Michaud
+Date: Wed, 9 Nov 2022 19:20:41 -0800
+Subject: [PATCH] Error() ICs should not cache special properties.
+ https://bugs.webkit.org/show_bug.cgi?id=247699
+
+Reviewed by Yusuke Suzuki.
+
+HasOwnProperty/DeleteProperty are not always cacheable for special Error()
+properties like column. These special properties are materialized on-demand
+in materializeErrorInfoIfNeeded, but this function's behaviour can be changed
+by Error.stackTraceLimit without causing a structure transition or firing
watchpoints.
+
+That is, we cannot cache property misses, and we cannot assume HasOwnProperty
is deterministic
+for a given structure if we are using one of these properties.
+
+* Source/JavaScriptCore/runtime/ErrorInstance.cpp:
+(JSC::ErrorInstance::deleteProperty):
+* Source/JavaScriptCore/runtime/ErrorInstance.h:
+
+Canonical link: https://commits.webkit.org/256519@main
+
+CVE: CVE-2022-46699
+
+Upstream-Status: Backport
+[https://github.com/WebKit/WebKit/commit/28686e63de0d3d7270a49b0d6b656467bc4fbf68]
+
+Signed-off-by: Yogita Urade
+---
+ JSTests/stress/delete-cache-error.js | 19 ++
+ .../get-own-property-slot-cache-error.js | 6 ++
+ JSTests/stress/get-property-cache-error.js| 20 +++
+ .../JavaScriptCore/runtime/ErrorInstance.cpp | 4 +++-
+ Source/JavaScriptCore/runtime/ErrorInstance.h | 3 ++-
+ 5 files changed, 50 insertions(+), 2 deletions(-)
+ create mode 100644 JSTests/stress/delete-cache-error.js
+ create mode 100644 JSTests/stress/get-own-property-slot-cache-error.js
+ create mode 100644 JSTests/stress/get-property-cache-error.js
+
+diff --git a/JSTests/stress/delete-cache-error.js
b/JSTests/stress/delete-cache-error.js
+new file mode 100644
+index ..d77c09185a13
+--- /dev/null
b/JSTests/stress/delete-cache-error.js
+@@ -0,0 +1,19 @@
++delete Error.stackTraceLimit
++
++// sourceURL is not materialized
++function cacheColumn(o) {
++delete o.sourceURL
++}
++noInline(cacheColumn)
++
++for (let i = 0; i < 200; ++i) {
++let e = Error()
++cacheColumn(e)
++if (e.sourceURL !== undefined)
++throw "Test failed on iteration " + i + " " + e.sourceURL
++
++if (i == 197) {
++// now it is
++Error.stackTraceLimit = 10
++}
++}
+\ No newline at end of file
+diff --git a/JSTests/stress/get-own-property-slot-cache-error.js
b/JSTests/stress/get-own-property-slot-cache-error.js
+new file mode 100644
+index ..f8202213bf79
+--- /dev/null
b/JSTests/stress/get-own-property-slot-cache-error.js
+@@ -0,0 +1,6 @@
++delete Error.stackTraceLimit
++// GetOwnPropertySlot does not materializeErrorInfoIfNeeded because
stackString is null.
++Object.hasOwn(Error(), "column")
++Error.stackTraceLimit = 10
++// Now it does
++Object.hasOwn(Error(), "column")
+\ No newline at end of file
+diff --git a/JSTests/stress/get-property-cache-error.js
b/JSTests/stress/get-property-cache-error.js
+new file mode 100644
+index ..b35272ea6fe2
+--- /dev/null
b/JSTests/stress/get-property-cache-error.js
+@@ -0,0 +1,20 @@
++// GetOwnPropertySlot does not materializeErrorInfoIfNeeded because
stackString is null.
++delete Error.stackTraceLimit
++expected = undefined
++
++function cacheColumn(o) {
++return o.column
++}
++noInline(cacheColumn)
++
++for (let i = 0; i < 1000; ++i) {
++let val = cacheColumn(Error())
++if (val !== expected)
++throw "Test failed on iteration " + i + ": " + val
++
++if (i == 900) {
++// now it does
++Error.stackTraceLimit = 10
++expected = 32
++}
++}
+\ No newline at end of file
+diff --git a/Source/JavaScriptCore/runtime/ErrorInstance.cpp
b/Source/JavaScriptCore/runtime/ErrorInstance.cpp
+index ddf96869e84a..8e5373257d34 100644
+--- a/Source/JavaScriptCore/runtime/ErrorInstance.cpp
b/Source/JavaScriptCore/runtime/ErrorInstance.cpp
+@@ -303,7 +303,9 @@ bool
[OE-core][kirkstone 03/18] webkitgtk: fix CVE-2022-46691
From: Yogita Urade
A memory consumption issue was addressed with improved memory handling.
This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS
15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing
maliciously crafted web content may lead to arbitrary code execution.
References:
https://nvd.nist.gov/vuln/detail/CVE-2022-46691
https://support.apple.com/en-us/HT213531
Signed-off-by: Yogita Urade
Signed-off-by: Steve Sakoman
---
.../webkit/webkitgtk/CVE-2022-46691.patch | 43 +++
meta/recipes-sato/webkit/webkitgtk_2.36.8.bb | 1 +
2 files changed, 44 insertions(+)
create mode 100644 meta/recipes-sato/webkit/webkitgtk/CVE-2022-46691.patch
diff --git a/meta/recipes-sato/webkit/webkitgtk/CVE-2022-46691.patch
b/meta/recipes-sato/webkit/webkitgtk/CVE-2022-46691.patch
new file mode 100644
index 00..ff9df40433
--- /dev/null
+++ b/meta/recipes-sato/webkit/webkitgtk/CVE-2022-46691.patch
@@ -0,0 +1,43 @@
+From fd57a49d07c9c285780495344073350182fd7c7c Mon Sep 17 00:00:00 2001
+From: Yijia Huang
+Date: Mon, 10 Oct 2022 15:42:34 -0700
+Subject: [PATCH] [JSC] Should model BigInt with side effects
+ https://bugs.webkit.org/show_bug.cgi?id=246291 rdar://100494823
+
+Reviewed by Yusuke Suzuki.
+
+Operations with two BigInt operands have side effects,
+which should not be hoisted from loops.
+
+* Source/JavaScriptCore/dfg/DFGClobberize.cpp:
+(JSC::DFG::doesWrites):
+* Source/JavaScriptCore/dfg/DFGClobberize.h:
+(JSC::DFG::clobberize):
+
+Canonical link: https://commits.webkit.org/255368@main
+
+CVE: CVE-2022-46691
+
+Upstream-Status: Backport
+[https://github.com/WebKit/WebKit/commit/fd57a49d07c9c285780495344073350182fd7c7c]
+
+Signed-off-by: Yogita Urade
+---
+ Source/JavaScriptCore/dfg/DFGClobberize.h | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/Source/JavaScriptCore/dfg/DFGClobberize.h
b/Source/JavaScriptCore/dfg/DFGClobberize.h
+index 0363ab20dcd8..4b1bcfea1fd7 100644
+--- a/Source/JavaScriptCore/dfg/DFGClobberize.h
b/Source/JavaScriptCore/dfg/DFGClobberize.h
+@@ -811,6 +811,8 @@ void clobberize(Graph& graph, Node* node, const
ReadFunctor& read, const WriteFu
+ case ValueBitRShift:
+ // FIXME: this use of single-argument isBinaryUseKind would prevent
us from specializing (for example) for a HeapBigInt left-operand and a BigInt32
right-operand.
+ if (node->isBinaryUseKind(AnyBigIntUse) ||
node->isBinaryUseKind(BigInt32Use) || node->isBinaryUseKind(HeapBigIntUse)) {
++read(World);
++write(SideState);
+ def(PureValue(node));
+ return;
+ }
+--
+2.40.0
diff --git a/meta/recipes-sato/webkit/webkitgtk_2.36.8.bb
b/meta/recipes-sato/webkit/webkitgtk_2.36.8.bb
index 1dac4f5677..02258f84e4 100644
--- a/meta/recipes-sato/webkit/webkitgtk_2.36.8.bb
+++ b/meta/recipes-sato/webkit/webkitgtk_2.36.8.bb
@@ -17,6 +17,7 @@ SRC_URI = "https://www.webkitgtk.org/releases/${BP}.tar.xz \
file://0001-When-building-introspection-files-do-not-quote-CFLAG.patch \
file://CVE-2022-32888.patch \
file://CVE-2022-32923.patch \
+ file://CVE-2022-46691.patch \
"
SRC_URI[sha256sum] =
"0ad9fb6bf28308fe3889faf184bd179d13ac1b46835d2136edbab2c133d00437"
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#183070):
https://lists.openembedded.org/g/openembedded-core/message/183070
Mute This Topic: https://lists.openembedded.org/mt/99616180/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 02/18] cups: Fix CVE-2023-32324
From: Sanjay Chitroda
OpenPrinting CUPS is an open source printing system. In versions 2.4.2
and prior, a heap buffer overflow vulnerability would allow a remote
attacker to launch a denial of service (DoS) attack. A buffer overflow
vulnerability in the function `format_log_line` could allow remote
attackers to cause a DoS on the affected system. Exploitation of the
vulnerability can be triggered when the configuration file `cupsd.conf`
sets the value of `loglevel `to `DEBUG`. No known patches or
workarounds exist at time of publication.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-32324
https://security-tracker.debian.org/tracker/CVE-2023-32324
Upstream Patch:
https://github.com/OpenPrinting/cups/commit/fd8bc2d32589
Signed-off-by: Sanjay Chitroda
Signed-off-by: Steve Sakoman
---
meta/recipes-extended/cups/cups.inc | 1 +
.../cups/cups/CVE-2023-32324.patch| 36 +++
2 files changed, 37 insertions(+)
create mode 100644 meta/recipes-extended/cups/cups/CVE-2023-32324.patch
diff --git a/meta/recipes-extended/cups/cups.inc
b/meta/recipes-extended/cups/cups.inc
index 0acc5c575e..1b87d47a49 100644
--- a/meta/recipes-extended/cups/cups.inc
+++ b/meta/recipes-extended/cups/cups.inc
@@ -15,6 +15,7 @@ SRC_URI =
"https://github.com/OpenPrinting/cups/releases/download/v${PV}/cups-${
file://0004-cups-fix-multilib-install-file-conflicts.patch \
file://volatiles.99_cups \
file://cups-volatiles.conf \
+ file://CVE-2023-32324.patch \
"
UPSTREAM_CHECK_URI = "https://github.com/OpenPrinting/cups/releases;
diff --git a/meta/recipes-extended/cups/cups/CVE-2023-32324.patch
b/meta/recipes-extended/cups/cups/CVE-2023-32324.patch
new file mode 100644
index 00..40b89c9899
--- /dev/null
+++ b/meta/recipes-extended/cups/cups/CVE-2023-32324.patch
@@ -0,0 +1,36 @@
+From 07cbffd11107eed3aaf1c64e35552aec20f792da Mon Sep 17 00:00:00 2001
+From: Zdenek Dohnal
+Date: Thu, 1 Jun 2023 12:04:00 +0200
+Subject: [PATCH] cups/string.c: Return if `size` is 0 (fixes CVE-2023-32324)
+
+CVE: CVE-2023-32324
+Upstream-Status: Backport
[https://github.com/OpenPrinting/cups/commit/fd8bc2d32589]
+
+(cherry picked from commit fd8bc2d32589d1fd91fe1c0521be2a7c0462109e)
+Signed-off-by: Sanjay Chitroda
+---
+ cups/string.c | 4
+ 1 file changed, 4 insertions(+)
+
+diff --git a/cups/string.c b/cups/string.c
+index 93cdad19..6ef58515 100644
+--- a/cups/string.c
b/cups/string.c
+@@ -1,6 +1,7 @@
+ /*
+ * String functions for CUPS.
+ *
++ * Copyright © 2023 by OpenPrinting.
+ * Copyright © 2007-2019 by Apple Inc.
+ * Copyright © 1997-2007 by Easy Software Products.
+ *
+@@ -730,6 +731,9 @@ _cups_strlcpy(char *dst, /* O -
Destination string */
+ size_t srclen; /* Length of source string */
+
+
++ if (size == 0)
++return (0);
++
+ /*
+ * Figure out how much room is needed...
+ */
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#183069):
https://lists.openembedded.org/g/openembedded-core/message/183069
Mute This Topic: https://lists.openembedded.org/mt/99616179/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 01/18] openssh: fix CVE-2023-28531
From: Chen Qi
Backport patch to fix CVE-2023-28531.
Signed-off-by: Chen Qi
Signed-off-by: Steve Sakoman
---
...-destination-constraints-for-smartca.patch | 35 +++
.../openssh/openssh_8.9p1.bb | 1 +
2 files changed, 36 insertions(+)
create mode 100644
meta/recipes-connectivity/openssh/openssh/0001-upstream-include-destination-constraints-for-smartca.patch
diff --git
a/meta/recipes-connectivity/openssh/openssh/0001-upstream-include-destination-constraints-for-smartca.patch
b/meta/recipes-connectivity/openssh/openssh/0001-upstream-include-destination-constraints-for-smartca.patch
new file mode 100644
index 00..b4e7ce7ef6
--- /dev/null
+++
b/meta/recipes-connectivity/openssh/openssh/0001-upstream-include-destination-constraints-for-smartca.patch
@@ -0,0 +1,35 @@
+From 91889b5a3e7554af474a21ce8e1ffd3eb1542f06 Mon Sep 17 00:00:00 2001
+From: "d...@openbsd.org"
+Date: Thu, 9 Mar 2023 06:58:26 +
+Subject: [PATCH] upstream: include destination constraints for smartcard keys
+ too.
+
+Spotted by Luci Stanescu; ok deraadt@ markus@
+
+OpenBSD-Commit-ID: add879fac6903a1cb1d1e42c4309e5359c3d870f
+
+CVE: CVE-2023-28531
+
+Upstream-Status: Backport [54ac4ab2b53ce9fcb66b8250dee91c070e4167ed]
+
+Signed-off-by: Chen Qi
+---
+ authfd.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/authfd.c b/authfd.c
+index 76e48aab..dca8e55b 100644
+--- a/authfd.c
b/authfd.c
+@@ -665,7 +665,7 @@ ssh_update_card(int sock, int add, const char *reader_id,
const char *pin,
+ struct dest_constraint **dest_constraints, size_t ndest_constraints)
+ {
+ struct sshbuf *msg;
+- int r, constrained = (life || confirm);
++ int r, constrained = (life || confirm || dest_constraints);
+ u_char type;
+
+ if (add) {
+--
+2.37.1
+
diff --git a/meta/recipes-connectivity/openssh/openssh_8.9p1.bb
b/meta/recipes-connectivity/openssh/openssh_8.9p1.bb
index 1d53c2488b..b403b355a6 100644
--- a/meta/recipes-connectivity/openssh/openssh_8.9p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_8.9p1.bb
@@ -27,6 +27,7 @@ SRC_URI =
"http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
file://f107467179428a0e3ea9e4aa9738ac12ff02822d.patch \
file://0001-Default-to-not-using-sandbox-when-cross-compiling.patch
\
file://7280401bdd77ca54be6867a154cc01e0d72612e0.patch \
+
file://0001-upstream-include-destination-constraints-for-smartca.patch \
"
SRC_URI[sha256sum] =
"fd497654b7ab1686dac672fb83dfb4ba4096e8b5ffcdaccd262380ae58bec5e7"
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#183068):
https://lists.openembedded.org/g/openembedded-core/message/183068
Mute This Topic: https://lists.openembedded.org/mt/99616178/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone 00/18] Patch review
Please review this set of changes for kirkstone and have comments back by end of day Tuesday. Passed a-full on autobuilder: https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5481 The following changes since commit 6e0d694ea1eb5d478dc7508d181c3a820098ee5f: uninative: Upgrade to 4.0 to include latest gcc 13.1.1 (2023-06-09 06:04:24 -1000) are available in the Git repository at: https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut Andrew Jeffery (1): Revert "ipk: Decode byte data to string in manifest handling" Bruce Ashfield (5): linux-yocto/5.15: update to v5.15.109 linux-yocto/5.15: update to v5.15.110 linux-yocto/5.15: update to v5.15.111 linux-yocto/5.15: update to v5.15.112 linux-yocto/5.15: update to v5.15.113 Chen Qi (1): openssh: fix CVE-2023-28531 Deepthi Hemraj (1): glibc: stable 2.35 branch updates Ian Ray (1): systemd-systemctl: support instance expansion in WantedBy Jan Vermaete (1): cve-update-nvd2-native: added the missing http import Marta Rybczynska (1): cve-update-nvd2-native: new CVE database fetcher Qiu Tingting (1): e2fsprogs: fix ptest bug for second running Randy MacLeod (1): vim: upgrade 9.0.1429 -> 9.0.1527 Sanjay Chitroda (1): cups: Fix CVE-2023-32324 Yogita Urade (4): webkitgtk: fix CVE-2022-46691 webkitgtk: fix CVE-2022-46699 webkitgtk: fix CVE-2022-42867 webkitgtk: fix CVE-2022-46700 meta/classes/cve-check.bbclass| 4 +- meta/lib/oe/package_manager/ipk/manifest.py | 2 +- ...-destination-constraints-for-smartca.patch | 35 ++ .../openssh/openssh_8.9p1.bb | 1 + meta/recipes-core/glibc/glibc-version.inc | 2 +- .../glibc/glibc/CVE-2023-0687.patch | 82 - meta/recipes-core/glibc/glibc_2.35.bb | 1 - .../meta/cve-update-nvd2-native.bb| 334 ++ .../systemd/systemd-systemctl/systemctl | 9 +- .../e2fsprogs/e2fsprogs/run-ptest | 1 + .../e2fsprogs/e2fsprogs_1.46.5.bb | 3 + meta/recipes-extended/cups/cups.inc | 1 + .../cups/cups/CVE-2023-32324.patch| 36 ++ .../linux/linux-yocto-rt_5.15.bb | 6 +- .../linux/linux-yocto-tiny_5.15.bb| 6 +- meta/recipes-kernel/linux/linux-yocto_5.15.bb | 26 +- .../webkit/webkitgtk/CVE-2022-42867.patch | 104 ++ .../webkit/webkitgtk/CVE-2022-46691.patch | 43 +++ .../webkit/webkitgtk/CVE-2022-46699.patch | 136 +++ .../webkit/webkitgtk/CVE-2022-46700.patch | 67 meta/recipes-sato/webkit/webkitgtk_2.36.8.bb | 4 + meta/recipes-support/vim/vim.inc | 4 +- 22 files changed, 792 insertions(+), 115 deletions(-) create mode 100644 meta/recipes-connectivity/openssh/openssh/0001-upstream-include-destination-constraints-for-smartca.patch delete mode 100644 meta/recipes-core/glibc/glibc/CVE-2023-0687.patch create mode 100644 meta/recipes-core/meta/cve-update-nvd2-native.bb create mode 100644 meta/recipes-extended/cups/cups/CVE-2023-32324.patch create mode 100644 meta/recipes-sato/webkit/webkitgtk/CVE-2022-42867.patch create mode 100644 meta/recipes-sato/webkit/webkitgtk/CVE-2022-46691.patch create mode 100644 meta/recipes-sato/webkit/webkitgtk/CVE-2022-46699.patch create mode 100644 meta/recipes-sato/webkit/webkitgtk/CVE-2022-46700.patch -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#183067): https://lists.openembedded.org/g/openembedded-core/message/183067 Mute This Topic: https://lists.openembedded.org/mt/99616177/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [qa-build-notification] QA notification for completed autobuilder build (yocto-3.1.26.rc2)
Hi all, Intel and WR YP QA is planning for QA execution for YP build yocto-3.1.26.rc2. We are planning to execute following tests for this cycle: OEQA-manual tests for following module: 1. OE-Core 2. BSP-hw Runtime auto test for following platforms: 1. MinnowBoard Turbot - 32bit 2. Kaby Lake (7th Generation Intel(r) Core(tm) Processors) 3. Tiger Lake (11th Generation Intel(r) Core(tm) Processors) 4. Alder Lake-S (12th Generation Intel(r) Core(tm) Processors) 5. Raptor Lake-P (13th Generation Intel(r) Core(tm) Processors) 6. Edgerouter 7. Beaglebone ETA for completion Thursday, June 22. Best regards, Jing Hui > -Original Message- > From: qa-build-notificat...@lists.yoctoproject.org notificat...@lists.yoctoproject.org> On Behalf Of Pokybuild User > Sent: Monday, June 19, 2023 5:27 AM > To: yo...@lists.yoctoproject.org > Cc: qa-build-notificat...@lists.yoctoproject.org > Subject: [qa-build-notification] QA notification for completed autobuilder > build (yocto-3.1.26.rc2) > > > A build flagged for QA (yocto-3.1.26.rc2) was completed on the autobuilder > and is available at: > > > https://autobuilder.yocto.io/pub/releases/yocto-3.1.26.rc2 > > > Build hash information: > > bitbake: e16a9ca7e9286790ac37a067fdc8fde3a35a1c44 > meta-agl: 009153010c138d1a5edd2e30bd3d76c95de636d9 > meta-arm: b1fe8443a7a72c65fa0fc3371f607c6671b3a882 > meta-aws: 6fea710d1b3c8a5ad93e7811e75d8f4cf5962bb2 > meta-gplv2: 60b251c25ba87e946a0ca4cdc8d17b1cb09292ac > meta-intel: 488af577a3f21f038c551612bb0af077fa2b743d > meta-mingw: 524de686205b5d6736661d4532f5f98fee8589b7 > meta-openembedded: 116bfe8d5e5851e7fc5424f40da8691a19c5b5ee > meta-virtualization: 521459bf588435e847d981657485bae8d6f003b5 > oecore: 77f6fbfa18b4ad77c3756cfdc45d441a20210781 > poky: bab87089ad998afc980adb45c11ae356bc35a460 > > > > This is an automated message from the Yocto Project Autobuilder > Git: git://git.yoctoproject.org/yocto-autobuilder2 > Email: richard.pur...@linuxfoundation.org > > > > > > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#183066): https://lists.openembedded.org/g/openembedded-core/message/183066 Mute This Topic: https://lists.openembedded.org/mt/99615192/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] python3-bcrypt: Use BFD linker when building tests
Some of the tests use symbols from libpython3 e.g. PyBytes_FromStringAndSize
but does not add it to linker cmdline, its perhaps cargo which
should be fixed for that, this however is not something we can
fix in OE. So switch to using bfd linker explicitly when
building with ptests
Signed-off-by: Khem Raj
---
meta/recipes-devtools/python/python3-bcrypt_4.0.1.bb | 1 +
1 file changed, 1 insertion(+)
diff --git a/meta/recipes-devtools/python/python3-bcrypt_4.0.1.bb
b/meta/recipes-devtools/python/python3-bcrypt_4.0.1.bb
index b4f245530d4..d8377de96c1 100644
--- a/meta/recipes-devtools/python/python3-bcrypt_4.0.1.bb
+++ b/meta/recipes-devtools/python/python3-bcrypt_4.0.1.bb
@@ -4,6 +4,7 @@ LIC_FILES_CHKSUM =
"file://LICENSE;md5=8f7bb094c7232b058c7e9f2e431f389c"
HOMEPAGE = "https://pypi.org/project/bcrypt/;
DEPENDS += "${PYTHON_PN}-cffi-native"
+LDFLAGS:append = "${@bb.utils.contains('DISTRO_FEATURES', 'ptest', '
-fuse-ld=bfd', '', d)}"
SRC_URI[sha256sum] =
"27d375903ac8261cfe4047f6709d16f7d18d39b1ec92aaf72af989552a650ebd"
--
2.41.0
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#183065):
https://lists.openembedded.org/g/openembedded-core/message/183065
Mute This Topic: https://lists.openembedded.org/mt/99611840/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] base-passwd: fix patchreview warning
From: Alexandre Belloni Fix: Malformed Upstream-Status 'Upstream status' (meta/recipes-core/base-passwd/base-passwd/0007-Add-wheel-group.patch) Unknown Upstream-Status value 'says' (meta/recipes-core/base-passwd/base-passwd/0007-Add-wheel-group.patch) Signed-off-by: Alexandre Belloni --- .../base-passwd/base-passwd/0007-Add-wheel-group.patch | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-core/base-passwd/base-passwd/0007-Add-wheel-group.patch b/meta/recipes-core/base-passwd/base-passwd/0007-Add-wheel-group.patch index 00eaec38a294..d77122789d5e 100644 --- a/meta/recipes-core/base-passwd/base-passwd/0007-Add-wheel-group.patch +++ b/meta/recipes-core/base-passwd/base-passwd/0007-Add-wheel-group.patch @@ -2,7 +2,7 @@ We need to have a wheel group which has some system privileges to consult the systemd journal or manage printers with cups. -Upstream status says the group does not exist by default. +Upstream says the group does not exist by default. Upstream-Status: Inappropriate [enable feature] -- 2.40.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#183064): https://lists.openembedded.org/g/openembedded-core/message/183064 Mute This Topic: https://lists.openembedded.org/mt/99611534/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH v2 1/2] rpm2cpio.sh: update to the last 4.x version
I am seeing some race condition see
https://errors.yoctoproject.org/Errors/Details/708923/
On Thu, Jun 15, 2023 at 3:55 AM Alberto Planas via
lists.openembedded.org
wrote:
>
> From: Alberto Planas
>
> openSUSE RPMs are compressing the RPM payload using zstd, that
> correspond to the magic ID 0x28, 0xb5, 0x2f.
>
> This patch update the script to the last version from the rpm project,
> and add support to this compression format, and extract the cpio payload
> using the "unzstd" binary.
>
> Signed-off-by: Alberto Planas
> ---
> scripts/rpm2cpio.sh | 30 --
> 1 file changed, 20 insertions(+), 10 deletions(-)
> mode change 100755 => 100644 scripts/rpm2cpio.sh
>
> diff --git a/scripts/rpm2cpio.sh b/scripts/rpm2cpio.sh
> old mode 100755
> new mode 100644
> index 2034373fe4..8199b43784
> --- a/scripts/rpm2cpio.sh
> +++ b/scripts/rpm2cpio.sh
> @@ -7,7 +7,7 @@ fatal() {
> }
>
> pkg="$1"
> -[ -n "$pkg" -a -e "$pkg" ] ||
> +[ -n "$pkg" ] && [ -e "$pkg" ] ||
> fatal "No package supplied"
>
> _dd() {
> @@ -16,14 +16,23 @@ _dd() {
> }
>
> calcsize() {
> +
> + case "$(_dd $1 bs=4 count=1 | tr -d '\0')" in
> + "$(printf '\216\255\350')"*) ;; # '\x8e\xad\xe8'
> + *) fatal "File doesn't look like rpm: $pkg" ;;
> + esac
> +
> offset=$(($1 + 8))
>
> local i b b0 b1 b2 b3 b4 b5 b6 b7
>
> i=0
> while [ $i -lt 8 ]; do
> - b=$(_dd $(($offset + $i)) bs=1 count=1; echo X)
> - b=${b%X}
> + # add . to not loose \n
> + # strip \0 as it gets dropped with warning otherwise
> + b="$(_dd $(($offset + $i)) bs=1 count=1 | tr -d '\0' ; echo
> .)"
> + b=${b%.}# strip . again
> +
> [ -z "$b" ] &&
> b="0" ||
> b="$(exec printf '%u\n' "'$b")"
> @@ -35,7 +44,7 @@ calcsize() {
> offset=$(($offset + $rsize))
> }
>
> -case "$(_dd 0 bs=8 count=1)" in
> +case "$(_dd 0 bs=4 count=1 | tr -d '\0')" in
> "$(printf '\355\253\356\333')"*) ;; # '\xed\xab\xee\xdb'
> *) fatal "File doesn't look like rpm: $pkg" ;;
> esac
> @@ -46,10 +55,11 @@ sigsize=$rsize
> calcsize $(($offset + (8 - ($sigsize % 8)) % 8))
> hdrsize=$rsize
>
> -case "$(_dd $offset bs=3 count=1)" in
> - "$(printf '\102\132')"*) _dd $offset | bzip2 -d ;; # '\x42\x5a'
> - "$(printf '\037\213')"*) _dd $offset | gunzip ;; # '\x1f\x8b'
> - "$(printf '\375\067')"*) _dd $offset | xzcat ;; # '\xfd\x37'
> - "$(printf '\135\000')"*) _dd $offset | unlzma ;; # '\x5d\x00'
> - *) fatal "Unrecognized rpm file: $pkg" ;;
> +case "$(_dd $offset bs=2 count=1 | tr -d '\0')" in
> + "$(printf '\102\132')") _dd $offset | bunzip2 ;; # '\x42\x5a'
> + "$(printf '\037\213')") _dd $offset | gunzip ;; # '\x1f\x8b'
> + "$(printf '\375\067')") _dd $offset | xzcat ;; # '\xfd\x37'
> + "$(printf '\135')") _dd $offset | unlzma ;; # '\x5d\x00'
> + "$(printf '\050\265')") _dd $offset | unzstd ;; # '\x28\xb5'
> + *) fatal "Unrecognized payload compression format in rpm file: $pkg"
> ;;
> esac
> --
> 2.41.0
>
>
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#183063):
https://lists.openembedded.org/g/openembedded-core/message/183063
Mute This Topic: https://lists.openembedded.org/mt/99546092/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] OE-core CVE metrics for mickledore on Sun 18 Jun 2023 04:00:01 AM HST
Branch: mickledore New this week: 5 CVEs CVE-2023-29402 (CVSS3: 9.8 CRITICAL): go:go-binary-native:go-cross-core2-64:go-runtime https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29402 * CVE-2023-29403 (CVSS3: 7.8 HIGH): go:go-binary-native:go-cross-core2-64:go-runtime https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29403 * CVE-2023-29404 (CVSS3: 9.8 CRITICAL): go:go-binary-native:go-cross-core2-64:go-runtime https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29404 * CVE-2023-29405 (CVSS3: 9.8 CRITICAL): go:go-binary-native:go-cross-core2-64:go-runtime https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29405 * CVE-2023-3141 (CVSS3: 7.1 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3141 * Removed this week: 11 CVEs CVE-2023-2426 (CVSS3: 5.5 MEDIUM): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2426 * CVE-2023-24532 (CVSS3: 5.3 MEDIUM): go-binary-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-24532 * CVE-2023-24534 (CVSS3: 7.5 HIGH): go:go-binary-native:go-cross-core2-64:go-runtime https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-24534 * CVE-2023-24536 (CVSS3: 7.5 HIGH): go:go-binary-native:go-cross-core2-64:go-runtime https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-24536 * CVE-2023-24537 (CVSS3: 7.5 HIGH): go-binary-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-24537 * CVE-2023-24538 (CVSS3: 9.8 CRITICAL): go:go-binary-native:go-cross-core2-64:go-runtime https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-24538 * CVE-2023-24539 (CVSS3: 7.3 HIGH): go:go-binary-native:go-cross-core2-64:go-runtime https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-24539 * CVE-2023-24540 (CVSS3: 9.8 CRITICAL): go:go-binary-native:go-cross-core2-64:go-runtime https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-24540 * CVE-2023-2598 (CVSS3: 7.8 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2598 * CVE-2023-29400 (CVSS3: 7.3 HIGH): go:go-binary-native:go-cross-core2-64:go-runtime https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29400 * CVE-2023-33204 (CVSS3: 7.8 HIGH): sysstat https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-33204 * Full list: Found 71 unpatched CVEs CVE-2021-3714 (CVSS3: 7.5 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3714 * CVE-2021-3864 (CVSS3: 7.0 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3864 * CVE-2021-4336 (CVSS3: 9.8 CRITICAL): ninja:ninja-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4336 * CVE-2022-0400 (CVSS3: 7.5 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0400 * CVE-2022-1247 (CVSS3: 7.0 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1247 * CVE-2022-3219 (CVSS3: 3.3 LOW): gnupg:gnupg-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3219 * CVE-2022-3533 (CVSS3: 5.7 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3533 * CVE-2022-3606 (CVSS3: 5.5 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3606 * CVE-2022-36402 (CVSS3: 5.5 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36402 * CVE-2022-38096 (CVSS3: 5.5 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-38096 * CVE-2022-3964 (CVSS3: 8.1 HIGH): ffmpeg https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3964 * CVE-2022-3965 (CVSS3: 8.1 HIGH): ffmpeg https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3965 * CVE-2022-4543 (CVSS3: 5.5 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4543 * CVE-2022-46456 (CVSS3: 6.1 MEDIUM): nasm:nasm-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46456 * CVE-2022-48425 (CVSS3: 7.8 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48425 * CVE-2022-48502 (CVSS3: 7.1 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48502 * CVE-2023-0330 (CVSS3: 6.0 MEDIUM): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0330 * CVE-2023-0465 (CVSS3: 5.3 MEDIUM): openssl:openssl-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0465 * CVE-2023-0466 (CVSS3: 5.3 MEDIUM): openssl:openssl-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0466 * CVE-2023-0615 (CVSS3: 5.5 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0615 * CVE-2023-1255 (CVSS3: 5.9 MEDIUM): openssl:openssl-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1255 * CVE-2023-1380 (CVSS3: 7.1 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1380 * CVE-2023-1544 (CVSS3: 6.3 MEDIUM): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1544 *
[OE-core] OE-core CVE metrics for kirkstone on Sun 18 Jun 2023 03:00:01 AM HST
Branch: kirkstone New this week: 4 CVEs CVE-2023-2602 (CVSS3: 3.3 LOW): libcap:libcap-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2602 * CVE-2023-29402 (CVSS3: 9.8 CRITICAL): go https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29402 * CVE-2023-29403 (CVSS3: 7.8 HIGH): go https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29403 * CVE-2023-29404 (CVSS3: 9.8 CRITICAL): go https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29404 * Removed this week: 4 CVEs CVE-2023-1255 (CVSS3: 5.9 MEDIUM): openssl:openssl-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1255 * CVE-2023-24539 (CVSS3: 7.3 HIGH): go https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-24539 * CVE-2023-2650 (CVSS3: 7.5 HIGH): openssl:openssl-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2650 * CVE-2023-32681 (CVSS3: 6.1 MEDIUM): python3-requests https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32681 * Full list: Found 37 unpatched CVEs CVE-2021-35937 (CVSS3: 6.4 MEDIUM): rpm:rpm-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35937 * CVE-2021-35938 (CVSS3: 6.7 MEDIUM): rpm:rpm-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35938 * CVE-2021-35939 (CVSS3: 6.7 MEDIUM): rpm:rpm-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35939 * CVE-2021-4336 (CVSS3: 9.8 CRITICAL): ninja:ninja-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4336 * CVE-2022-3219 (CVSS3: 3.3 LOW): gnupg:gnupg-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3219 * CVE-2022-3515 (CVSS3: 9.8 CRITICAL): gnupg:gnupg-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3515 * CVE-2022-3553 (CVSS3: 6.5 MEDIUM): xserver-xorg https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3553 * CVE-2022-3872 (CVSS3: 8.6 HIGH): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3872 * CVE-2022-3964 (CVSS3: 8.1 HIGH): ffmpeg https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3964 * CVE-2022-3965 (CVSS3: 8.1 HIGH): ffmpeg https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3965 * CVE-2022-4055 (CVSS3: 7.4 HIGH): xdg-utils https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4055 * CVE-2023-0795 (CVSS3: 5.5 MEDIUM): tiff https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0795 * CVE-2023-0796 (CVSS3: 5.5 MEDIUM): tiff https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0796 * CVE-2023-0797 (CVSS3: 5.5 MEDIUM): tiff https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0797 * CVE-2023-0798 (CVSS3: 5.5 MEDIUM): tiff https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0798 * CVE-2023-0799 (CVSS3: 5.5 MEDIUM): tiff https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0799 * CVE-2023-1544 (CVSS3: 6.3 MEDIUM): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1544 * CVE-2023-1916 (CVSS3: 6.1 MEDIUM): tiff https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1916 * CVE-2023-2426 (CVSS3: 5.5 MEDIUM): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2426 * CVE-2023-24532 (CVSS3: 5.3 MEDIUM): go https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-24532 * CVE-2023-24536 (CVSS3: 7.5 HIGH): go https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-24536 * CVE-2023-2602 (CVSS3: 3.3 LOW): libcap:libcap-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2602 * CVE-2023-2609 (CVSS3: 7.8 HIGH): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2609 * CVE-2023-2610 (CVSS3: 7.8 HIGH): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2610 * CVE-2023-27043 (CVSS3: 5.3 MEDIUM): python3:python3-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27043 * CVE-2023-2731 (CVSS3: 5.5 MEDIUM): tiff https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2731 * CVE-2023-2804 (CVSS3: 6.5 MEDIUM): libjpeg-turbo:libjpeg-turbo-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2804 * CVE-2023-28531 (CVSS3: 9.8 CRITICAL): openssh https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28531 * CVE-2023-29400 (CVSS3: 7.3 HIGH): go https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29400 * CVE-2023-29402 (CVSS3: 9.8 CRITICAL): go https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29402 * CVE-2023-29403 (CVSS3: 7.8 HIGH): go https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29403 * CVE-2023-29404 (CVSS3: 9.8 CRITICAL): go https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29404 * CVE-2023-29405 (CVSS3: 9.8 CRITICAL): go https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29405 * CVE-2023-29491 (CVSS3: 7.8 HIGH): ncurses:ncurses-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29491 * CVE-2023-30571 (CVSS3: 5.3 MEDIUM): libarchive:libarchive-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30571 * CVE-2023-30630
[OE-core] OE-core CVE metrics for dunfell on Sun 18 Jun 2023 02:00:01 AM HST
Branch: dunfell New this week: 4 CVEs CVE-2023-29402 (CVSS3: 9.8 CRITICAL): go:go-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29402 * CVE-2023-29403 (CVSS3: 7.8 HIGH): go:go-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29403 * CVE-2023-29404 (CVSS3: 9.8 CRITICAL): go:go-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29404 * CVE-2023-29405 (CVSS3: 9.8 CRITICAL): go:go-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29405 * Removed this week: 6 CVEs CVE-2023-0494 (CVSS3: 7.8 HIGH): xserver-xorg https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0494 * CVE-2023-1393 (CVSS3: 7.8 HIGH): xserver-xorg https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1393 * CVE-2023-2426 (CVSS3: 5.5 MEDIUM): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2426 * CVE-2023-24539 (CVSS3: 7.3 HIGH): go:go-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-24539 * CVE-2023-24540 (CVSS3: 9.8 CRITICAL): go:go-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-24540 * CVE-2023-28879 (CVSS3: 9.8 CRITICAL): ghostscript:ghostscript-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28879 * Full list: Found 100 unpatched CVEs CVE-2020-15705 (CVSS3: 6.4 MEDIUM): grub:grub-efi:grub-efi-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15705 * CVE-2020-25742 (CVSS3: 3.2 LOW): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25742 * CVE-2020-25743 (CVSS3: 3.2 LOW): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25743 * CVE-2020-27749 (CVSS3: 6.7 MEDIUM): grub:grub-efi:grub-efi-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27749 * CVE-2020-27918 (CVSS3: 7.8 HIGH): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27918 * CVE-2020-29623 (CVSS3: 3.3 LOW): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29623 * CVE-2020-35503 (CVSS3: 6.0 MEDIUM): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35503 * CVE-2020-35506 (CVSS3: 6.7 MEDIUM): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35506 * CVE-2020-9948 (CVSS3: 8.8 HIGH): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9948 * CVE-2020-9951 (CVSS3: 8.8 HIGH): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9951 * CVE-2020-9952 (CVSS3: 7.1 HIGH): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9952 * CVE-2021-1765 (CVSS3: 6.5 MEDIUM): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1765 * CVE-2021-1789 (CVSS3: 8.8 HIGH): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1789 * CVE-2021-1799 (CVSS3: 6.5 MEDIUM): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1799 * CVE-2021-1801 (CVSS3: 6.5 MEDIUM): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1801 * CVE-2021-1870 (CVSS3: 9.8 CRITICAL): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1870 * CVE-2021-20225 (CVSS3: 6.7 MEDIUM): grub:grub-efi:grub-efi-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20225 * CVE-2021-20233 (CVSS3: 8.2 HIGH): grub:grub-efi:grub-efi-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20233 * CVE-2021-20269 (CVSS3: 5.5 MEDIUM): kexec-tools https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20269 * CVE-2021-20295 (CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20295 * CVE-2021-27097 (CVSS3: 7.8 HIGH): u-boot https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27097 * CVE-2021-27138 (CVSS3: 7.8 HIGH): u-boot https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27138 * CVE-2021-31879 (CVSS3: 6.1 MEDIUM): wget https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31879 * CVE-2021-33621 (CVSS3: 8.8 HIGH): ruby:ruby-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33621 * CVE-2021-3418 (CVSS3: 6.4 MEDIUM): grub:grub-efi:grub-efi-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3418 * CVE-2021-3445 (CVSS3: 7.5 HIGH): libdnf https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3445 * CVE-2021-35937 (CVSS3: 6.4 MEDIUM): rpm:rpm-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35937 * CVE-2021-35938 (CVSS3: 6.7 MEDIUM): rpm:rpm-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35938 * CVE-2021-35939 (CVSS3: 6.7 MEDIUM): rpm:rpm-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35939 * CVE-2021-3611 (CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3611 * CVE-2021-3782 (CVSS3: 6.6 MEDIUM): wayland:wayland-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3782
[OE-core] OE-core CVE metrics for master on Sun 18 Jun 2023 01:00:01 AM HST
Branch: master New this week: 4 CVEs CVE-2019-14899 (CVSS3: 7.4 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14899 * CVE-2023-3141 (CVSS3: 7.1 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3141 * CVE-2023-33551 (CVSS3: 7.8 HIGH): erofs-utils:erofs-utils-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-33551 * CVE-2023-33552 (CVSS3: 7.8 HIGH): erofs-utils:erofs-utils-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-33552 * Removed this week: 15 CVEs CVE-2023-2002 (CVSS3: 6.8 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2002 * CVE-2023-2194 (CVSS3: 6.7 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2194 * CVE-2023-2235 (CVSS3: 7.8 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2235 * CVE-2023-2598 (CVSS3: 7.8 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2598 * CVE-2023-28328 (CVSS3: 5.5 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28328 * CVE-2023-28866 (CVSS3: 5.3 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28866 * CVE-2023-2985 (CVSS3: 5.5 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2985 * CVE-2023-30456 (CVSS3: 6.5 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30456 * CVE-2023-30772 (CVSS3: 6.4 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30772 * CVE-2023-31436 (CVSS3: 7.8 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31436 * CVE-2023-32233 (CVSS3: 7.8 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32233 * CVE-2023-32324 (CVSS3: 5.5 MEDIUM): cups https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32324 * CVE-2023-33203 (CVSS3: 6.4 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-33203 * CVE-2023-33288 (CVSS3: 4.7 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-33288 * CVE-2023-34256 (CVSS3: 5.5 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-34256 * Full list: Found 24 unpatched CVEs CVE-2019-14899 (CVSS3: 7.4 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14899 * CVE-2021-3714 (CVSS3: 7.5 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3714 * CVE-2021-3864 (CVSS3: 7.0 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3864 * CVE-2022-0400 (CVSS3: 7.5 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0400 * CVE-2022-1247 (CVSS3: 7.0 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1247 * CVE-2022-3219 (CVSS3: 3.3 LOW): gnupg:gnupg-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3219 * CVE-2022-3533 (CVSS3: 5.7 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3533 * CVE-2022-3606 (CVSS3: 5.5 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3606 * CVE-2022-36402 (CVSS3: 5.5 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36402 * CVE-2022-38096 (CVSS3: 5.5 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-38096 * CVE-2022-4543 (CVSS3: 5.5 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4543 * CVE-2022-46456 (CVSS3: 6.1 MEDIUM): nasm:nasm-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46456 * CVE-2022-48425 (CVSS3: 7.8 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48425 * CVE-2022-48502 (CVSS3: 7.1 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48502 * CVE-2023-1916 (CVSS3: 6.1 MEDIUM): tiff https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1916 * CVE-2023-2124 (CVSS3: 7.8 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2124 * CVE-2023-23039 (CVSS3: 5.7 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-23039 * CVE-2023-2804 (CVSS3: 6.5 MEDIUM): libjpeg-turbo:libjpeg-turbo-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2804 * CVE-2023-28464 (CVSS3: 7.8 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28464 * CVE-2023-2898 (CVSS3: 4.7 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2898 * CVE-2023-30571 (CVSS3: 5.3 MEDIUM): libarchive:libarchive-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30571 * CVE-2023-3141 (CVSS3: 7.1 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3141 * CVE-2023-33551 (CVSS3: 7.8 HIGH): erofs-utils:erofs-utils-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-33551 * CVE-2023-33552 (CVSS3: 7.8 HIGH):
Re: [OE-core] [PATCH 3/3] base-passwd: add the wheel group
On 15/06/2023 13:43:55+0200, Louis Rannou wrote:
> The wheel group is not declared while it can be used to access the systemd
> journal and to configure printers in CUPS. It can also be used for su and sudo
> permissions.
>
> So far it was created later in the rootfs postcommand systemd_create_users.
>
> Signed-off-by: Louis Rannou
> ---
> .../base-passwd/0007-Add-wheel-group.patch | 20
>
> meta/recipes-core/base-passwd/base-passwd_3.6.1.bb | 1 +
> 2 files changed, 21 insertions(+)
>
> diff --git
> a/meta/recipes-core/base-passwd/base-passwd/0007-Add-wheel-group.patch
> b/meta/recipes-core/base-passwd/base-passwd/0007-Add-wheel-group.patch
> new file mode 100644
> index 00..00eaec38a2
> --- /dev/null
> +++ b/meta/recipes-core/base-passwd/base-passwd/0007-Add-wheel-group.patch
> @@ -0,0 +1,20 @@
> +
> +We need to have a wheel group which has some system privileges to consult the
> +systemd journal or manage printers with cups.
> +
> +Upstream status says the group does not exist by default.
This should be rephrased because it causes:
Malformed Upstream-Status 'Upstream status'
(meta/recipes-core/base-passwd/base-passwd/0007-Add-wheel-group.patch)
Unknown Upstream-Status value 'says'
(meta/recipes-core/base-passwd/base-passwd/0007-Add-wheel-group.patch)
Patches missing Upstream-Status: 0 (0%)
Patches with malformed Upstream-Status: 1 (0%)
> +
> +Upstream-Status: Inappropriate [enable feature]
> +
> +Signed-off-by: Louis Rannou
> +Index: base-passwd-3.5.26/group.master
> +===
> +--- base-passwd-3.5.29.orig/group.master
> base-passwd-3.5.29/group.master
> +@@ -38,5 +38,6 @@
> + staff:*:50:
> + games:*:60:
> + shutdown:*:70:
> ++wheel:*:80:
> + users:*:100:
> + nogroup:*:65534:
> diff --git a/meta/recipes-core/base-passwd/base-passwd_3.6.1.bb
> b/meta/recipes-core/base-passwd/base-passwd_3.6.1.bb
> index 853717176d..204016b3e7 100644
> --- a/meta/recipes-core/base-passwd/base-passwd_3.6.1.bb
> +++ b/meta/recipes-core/base-passwd/base-passwd_3.6.1.bb
> @@ -12,6 +12,7 @@ SRC_URI =
> "https://launchpad.net/debian/+archive/primary/+files/${BPN}_${PV}.tar
> file://0004-Add-an-input-group-for-the-dev-input-devices.patch \
> file://0005-Add-kvm-group.patch \
>
> file://0006-Make-it-possible-to-configure-whether-to-use-SELinux.patch \
> + file://0007-Add-wheel-group.patch \
> "
>
> SRC_URI[sha256sum] =
> "6ff369be59d586ba63c0c5fcb00f75f9953fe49db88bc6c6428f2c92866f79af"
>
> --
> 2.41.0
>
>
>
>
--
Alexandre Belloni, co-owner and COO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#183058):
https://lists.openembedded.org/g/openembedded-core/message/183058
Mute This Topic: https://lists.openembedded.org/mt/99546759/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH] ghostscript: mostly rewrite recipe
Hello, This doesn't build on the AB: https://autobuilder.yoctoproject.org/typhoon/#/builders/117/builds/3055/steps/13/logs/errors https://autobuilder.yoctoproject.org/typhoon/#/builders/64/builds/7306/steps/11/logs/errors https://autobuilder.yoctoproject.org/typhoon/#/builders/45/builds/7327/steps/12/logs/errors https://autobuilder.yoctoproject.org/typhoon/#/builders/52/builds/7208/steps/12/logs/errors https://autobuilder.yoctoproject.org/typhoon/#/builders/108/builds/4678/steps/11/logs/errors | checking for zlib.h... no | configure: error: I did not find a copy of zlib on your system. | Please either install it, or unpack a copy of the source in a | local directory named 'zlib'. See http://www.gzip.org/zlib/ | for more information. On 16/06/2023 11:37:52+0100, Ross Burton wrote: > From: Ross Burton > > This started as a patch cleanup but escalated rapidly. > > Remove unneeded patches: > - mkdir-p.patch isn't needed now the Makefiles appear to have the correct > dependencies. > - ghostscript-9.15-parallel-make.patch appears to be unneeded for the same > reason > - base-genht.c-add-a-preprocessor-define-to-allow-fope.patch isn't needed > - cups-no-gcrypt.patch isn't needed > - do-not-check-local-libpng-source.patch can be replaced by deleting > the libpng/ directory, as is already done for jpeg/ > - ghostscript-9.21-native-fix-disable-system-libtiff.patch is not needed > when we stop doing native builds (see below) > > Remove the need for ghostscript-native to build and install tools that > are needed at target build-time: ghostscript can do this itself. Remove > the BBCLASSEXTEND and all of the native overrides. > > Inherit pkgconfig and explicitly tell configure to use the pkgconfig > binary: unless told otherwise this configure will refuse to use an > unprefixed pkgconfig in cross builds. > > Review DEPENDS and add missing freetype and zlib dependencies. > > Ghostcript will use the embedded copies of libraries over system > libraries, so extend the deletion of jpeg and libpng to include expat, > freetype, zlib, and cups as we want to link to our build of those. > > Add PACKAGECONFIGs for optional libidn and libpaper dependencies. > > Remove HAVE_SYS_TIME_H assignments, the upstream bug was fixed in 2011. > > Clean up comments: there's no need to explain how to use PACKAGECONFIG, > and justify the use of autotools-brokensep. > > Signed-off-by: Ross Burton > --- > .../avoid-host-contamination.patch| 3 +- > ...-a-preprocessor-define-to-allow-fope.patch | 42 > .../ghostscript/cups-no-gcrypt.patch | 37 --- > .../do-not-check-local-libpng-source.patch| 31 -- > .../ghostscript-9.15-parallel-make.patch | 28 -- > ...21-native-fix-disable-system-libtiff.patch | 47 - > .../ghostscript/ghostscript/mkdir-p.patch | 50 -- > .../ghostscript/ghostscript_10.01.1.bb| 96 --- > 8 files changed, 20 insertions(+), 314 deletions(-) > delete mode 100644 > meta/recipes-extended/ghostscript/ghostscript/base-genht.c-add-a-preprocessor-define-to-allow-fope.patch > delete mode 100644 > meta/recipes-extended/ghostscript/ghostscript/cups-no-gcrypt.patch > delete mode 100644 > meta/recipes-extended/ghostscript/ghostscript/do-not-check-local-libpng-source.patch > delete mode 100644 > meta/recipes-extended/ghostscript/ghostscript/ghostscript-9.15-parallel-make.patch > delete mode 100644 > meta/recipes-extended/ghostscript/ghostscript/ghostscript-9.21-native-fix-disable-system-libtiff.patch > delete mode 100644 > meta/recipes-extended/ghostscript/ghostscript/mkdir-p.patch > > diff --git > a/meta/recipes-extended/ghostscript/ghostscript/avoid-host-contamination.patch > > b/meta/recipes-extended/ghostscript/ghostscript/avoid-host-contamination.patch > index e8cb16c36b4..15c7eb5a774 100644 > --- > a/meta/recipes-extended/ghostscript/ghostscript/avoid-host-contamination.patch > +++ > b/meta/recipes-extended/ghostscript/ghostscript/avoid-host-contamination.patch > @@ -5,8 +5,7 @@ Subject: [PATCH 04/10] avoid host contamination > > Remove hardcode path refer to host to avoid host contamination. > > -Upstream-Status: Inappropriate [embedded specific] > - > +Upstream-Status: Pending > Signed-off-by: Kai Kang > > Rebase to 9.23 > diff --git > a/meta/recipes-extended/ghostscript/ghostscript/base-genht.c-add-a-preprocessor-define-to-allow-fope.patch > > b/meta/recipes-extended/ghostscript/ghostscript/base-genht.c-add-a-preprocessor-define-to-allow-fope.patch > deleted file mode 100644 > index 7d80066a80e..000 > --- > a/meta/recipes-extended/ghostscript/ghostscript/base-genht.c-add-a-preprocessor-define-to-allow-fope.patch > +++ /dev/null > @@ -1,42 +0,0 @@ > -From 9ca6f795409b988d38dd98bc2a6ecb68a9392312 Mon Sep 17 00:00:00 2001 > -From: Hongxu Jia > -Date: Thu, 29 Mar 2018 16:37:40 +0800 > -Subject: [PATCH 10/10] base/genht.c: add a preprocessor define to allow fopen > -
[OE-core] [PATCH] ptest-runner: Pull in sync fix to improve log warnings
Pulls in:
utils: Ensure buffers are flushed after child exits
We currently wait for the child to exit but we don't flush the buffers.
This can mean the output ends up out of sync and the END: line isn't at
the end of the logs.
We've recently seen a lot of issues related to this on the autobuilder.
Add in a flush call for all fds to ensure buffers are in sync. This
does appear to improve warnings on the autobuilder now we started detecting
the issue.
Signed-off-by: Richard Purdie
---
meta/recipes-support/ptest-runner/ptest-runner_2.4.2.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-support/ptest-runner/ptest-runner_2.4.2.bb
b/meta/recipes-support/ptest-runner/ptest-runner_2.4.2.bb
index ff5629c6f9b..67dd887c240 100644
--- a/meta/recipes-support/ptest-runner/ptest-runner_2.4.2.bb
+++ b/meta/recipes-support/ptest-runner/ptest-runner_2.4.2.bb
@@ -7,7 +7,7 @@ HOMEPAGE =
"http://git.yoctoproject.org/cgit/cgit.cgi/ptest-runner2/about/;
LICENSE = "GPL-2.0-or-later"
LIC_FILES_CHKSUM = "file://LICENSE;md5=751419260aa954499f7abaabaa882bbe"
-SRCREV = "bcb82804daa8f725b6add259dcef2067e61a75aa"
+SRCREV = "ea2a9cc159ad5f64ee75781d55101d7c340e0303"
PV .= "+git${SRCPV}"
SRC_URI =
"git://git.yoctoproject.org/ptest-runner2;branch=master;protocol=https \
--
2.39.2
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#183056):
https://lists.openembedded.org/g/openembedded-core/message/183056
Mute This Topic: https://lists.openembedded.org/mt/99601743/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
