Re: [OE-core] [PATCH 12/21] util-linux: upgrade 2.38.1 -> 2.39.1

[Alexander Kanavin]

On Sun, 30 Jul 2023 at 22:36, Alexandre Belloni
 wrote:
> This is not 100% reproducible and so difficult to bisect. This is the
> log:
>
> diff-{{{
> --- /usr/lib/util-linux/ptest/tests/expected/lsfd/option-inet
> +++ /usr/lib/util-linux/ptest/tests/output/lsfd/option-inet
> @@ -5,10 +5,10 @@
>  3 TCPv6 state=listen laddr=[::1]:34567
>  4 TCPv6 state=established laddr=[::1]:23456 raddr=[::1]:34567
>  5 TCPv6 state=established laddr=[::1]:34567 raddr=[::1]:23456
> -3   UDP state=close laddr=127.0.0.1:34567
> -4   UDP state=established laddr=127.0.0.1:23456 raddr=127.0.0.1:34567
> -3 UDPLITEv6 state=close laddr=[::1]:34567
> -4 UDPLITEv6 state=established laddr=[::1]:23456 raddr=[::1]:34567
> +3   UDP socket:[33864]
> +4   UDP socket:[33865]
> +3 UDPLITEv6 socket:[31413]
> +4 UDPLITEv6 socket:[31414]
>  # --inet=4
>  3  TCP state=listen laddr=127.0.0.1:34567
>  4  TCP state=established laddr=127.0.0.1:23456 raddr=127.0.0.1:34567
> }}}-diff
>
> FAIL:  lsfd: --inet option 
> (lsfd/option-inet)
>
>
> All the occurrences are on the arm workers, ubuntu1804-arm-1 and
> ubuntu2204-arm-1 for now.

Thanks, I'll try to narrow it further. May be that it's the update
itself, and not interaction with something else in the branch. Does
look like a race condition as well.

Alex

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#185118): 
https://lists.openembedded.org/g/openembedded-core/message/185118
Mute This Topic: https://lists.openembedded.org/mt/100391613/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][PATCH] ncurses: fix CVE-2023-29491

[Chen Qi via lists.openembedded.org]

From: Chen Qi 

Backport patch to fix CVE-2023-29491.

Signed-off-by: Chen Qi 
---
 .../files/0001-Fix-CVE-2023-29491.patch   | 462 ++
 meta/recipes-core/ncurses/ncurses_6.4.bb  |   1 +
 2 files changed, 463 insertions(+)
 create mode 100644 
meta/recipes-core/ncurses/files/0001-Fix-CVE-2023-29491.patch

diff --git a/meta/recipes-core/ncurses/files/0001-Fix-CVE-2023-29491.patch 
b/meta/recipes-core/ncurses/files/0001-Fix-CVE-2023-29491.patch
new file mode 100644
index 00..1232c8c2a8
--- /dev/null
+++ b/meta/recipes-core/ncurses/files/0001-Fix-CVE-2023-29491.patch
@@ -0,0 +1,462 @@
+From 3d54a41f12e9aa059f06e66e72d872f2283395b6 Mon Sep 17 00:00:00 2001
+From: Chen Qi 
+Date: Sun, 30 Jul 2023 21:14:00 -0700
+Subject: [PATCH] Fix CVE-2023-29491
+
+CVE: CVE-2023-29491
+
+Upstream-Status: Backport 
[http://ncurses.scripts.mit.edu/?p=ncurses.git;a=commitdiff;h=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56]
+
+Signed-off-by: Chen Qi 
+---
+ ncurses/tinfo/lib_tgoto.c  |  10 +++-
+ ncurses/tinfo/lib_tparm.c  | 116 -
+ ncurses/tinfo/read_entry.c |   3 +
+ progs/tic.c|   6 ++
+ progs/tparm_type.c |   9 +++
+ progs/tparm_type.h |   2 +
+ progs/tput.c   |  61 ---
+ 7 files changed, 185 insertions(+), 22 deletions(-)
+
+diff --git a/ncurses/tinfo/lib_tgoto.c b/ncurses/tinfo/lib_tgoto.c
+index 9cf5e100..c50ed4df 100644
+--- a/ncurses/tinfo/lib_tgoto.c
 b/ncurses/tinfo/lib_tgoto.c
+@@ -207,6 +207,14 @@ tgoto(const char *string, int x, int y)
+   result = tgoto_internal(string, x, y);
+ else
+ #endif
+-  result = TIPARM_2(string, y, x);
++if ((result = TIPARM_2(string, y, x)) == NULL) {
++  /*
++   * Because termcap did not provide a more general solution such as
++   * tparm(), it was necessary to handle single-parameter capabilities
++   * using tgoto().  The internal _nc_tiparm() function returns a NULL
++   * for that case; retry for the single-parameter case.
++   */
++  result = TIPARM_1(string, y);
++}
+ returnPtr(result);
+ }
+diff --git a/ncurses/tinfo/lib_tparm.c b/ncurses/tinfo/lib_tparm.c
+index d9bdfd8f..a10a3877 100644
+--- a/ncurses/tinfo/lib_tparm.c
 b/ncurses/tinfo/lib_tparm.c
+@@ -1086,6 +1086,64 @@ tparam_internal(TPARM_STATE *tps, const char *string, 
TPARM_DATA *data)
+ return (TPS(out_buff));
+ }
+ 
++#ifdef CUR
++/*
++ * Only a few standard capabilities accept string parameters.  The others that
++ * are parameterized accept only numeric parameters.
++ */
++static bool
++check_string_caps(TPARM_DATA *data, const char *string)
++{
++bool result = FALSE;
++
++#define CHECK_CAP(name) (VALID_STRING(name) && !strcmp(name, string))
++
++/*
++ * Disallow string parameters unless we can check them against a terminal
++ * description.
++ */
++if (cur_term != NULL) {
++  int want_type = 0;
++
++  if (CHECK_CAP(pkey_key))
++  want_type = 2;  /* function key #1, type string #2 */
++  else if (CHECK_CAP(pkey_local))
++  want_type = 2;  /* function key #1, execute string #2 */
++  else if (CHECK_CAP(pkey_xmit))
++  want_type = 2;  /* function key #1, transmit string #2 */
++  else if (CHECK_CAP(plab_norm))
++  want_type = 2;  /* label #1, show string #2 */
++  else if (CHECK_CAP(pkey_plab))
++  want_type = 6;  /* function key #1, type string #2, show string 
#3 */
++#if NCURSES_XNAMES
++  else {
++  char *check;
++
++  check = tigetstr("Cs");
++  if (CHECK_CAP(check))
++  want_type = 1;  /* style #1 */
++
++  check = tigetstr("Ms");
++  if (CHECK_CAP(check))
++  want_type = 3;  /* storage unit #1, content #2 */
++  }
++#endif
++
++  if (want_type == data->tparm_type) {
++  result = TRUE;
++  } else {
++  T(("unexpected string-parameter"));
++  }
++}
++return result;
++}
++
++#define ValidCap() (myData.tparm_type == 0 || \
++  check_string_caps(, string))
++#else
++#define ValidCap() 1
++#endif
++
+ #if NCURSES_TPARM_VARARGS
+ 
+ NCURSES_EXPORT(char *)
+@@ -1100,7 +1158,7 @@ tparm(const char *string, ...)
+ tps->tname = "tparm";
+ #endif /* TRACE */
+ 
+-if (tparm_setup(cur_term, string, ) == OK) {
++if (tparm_setup(cur_term, string, ) == OK && ValidCap()) {
+   va_list ap;
+ 
+   va_start(ap, string);
+@@ -1135,7 +1193,7 @@ tparm(const char *string,
+ tps->tname = "tparm";
+ #endif /* TRACE */
+ 
+-if (tparm_setup(cur_term, string, ) == OK) {
++if (tparm_setup(cur_term, string, ) == OK && ValidCap()) {
+ 
+   myData.param[0] = a1;
+   myData.param[1] = a2;
+@@ -1166,7 +1224,7 @@ tiparm(const char *string, ...)
+ tps->tname = "tiparm";
+ #endif /* TRACE */
+ 
+-if (tparm_setup(cur_term, string, ) == OK) {
++if (tparm_setup(cur_term, string, ) == OK && 

Re: [OE-core] [qa-build-notification] QA notification for completed autobuilder build (yocto-3.1.27.rc1)

[Jing Hui Tham]

Hi All,
 
QA for yocto-3.1.27.rc1 is completed. This is the full report for this release: 
 
https://git.yoctoproject.org/cgit/cgit.cgi/yocto-testresults-contrib/tree/?h=intel-yocto-testresults
 
=== Summary 
No high milestone defects.
 
No new issue found. 
 
Thanks,
Jing Hui


> -Original Message-
> From: qa-build-notificat...@lists.yoctoproject.org  notificat...@lists.yoctoproject.org> On Behalf Of Pokybuild User
> Sent: Monday, July 24, 2023 5:55 AM
> To: yo...@lists.yoctoproject.org
> Cc: qa-build-notificat...@lists.yoctoproject.org
> Subject: [qa-build-notification] QA notification for completed autobuilder
> build (yocto-3.1.27.rc1)
> 
> 
> A build flagged for QA (yocto-3.1.27.rc1) was completed on the autobuilder
> and is available at:
> 
> 
> https://autobuilder.yocto.io/pub/releases/yocto-3.1.27.rc1
> 
> 
> Build hash information:
> 
> bitbake: b60c7085ec370473bea9b3b4b65826a17638837f
> meta-agl: 583f80f8e9d085a98f1cbab3a9d8082503ab739e
> meta-arm: b1fe8443a7a72c65fa0fc3371f607c6671b3a882
> meta-aws: 9d29db04581d732313a5b17a84d1df004056e002
> meta-gplv2: 60b251c25ba87e946a0ca4cdc8d17b1cb09292ac
> meta-intel: 488af577a3f21f038c551612bb0af077fa2b743d
> meta-mingw: 524de686205b5d6736661d4532f5f98fee8589b7
> meta-openembedded: b5282ece919f016d91a1043769676efb02b4f0fb
> meta-virtualization: 521459bf588435e847d981657485bae8d6f003b5
> oecore: ab6a0d053d910c3d50fcb06e9c2ca98430b673a4
> poky: df86cc15d0a39d8d85747f7acc2c887cccfd9fa7
> 
> 
> 
> This is an automated message from the Yocto Project Autobuilder
> Git: git://git.yoctoproject.org/yocto-autobuilder2
> Email: richard.pur...@linuxfoundation.org
> 
> 
> 
> 
> 
> 
> 


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#185116): 
https://lists.openembedded.org/g/openembedded-core/message/185116
Mute This Topic: https://lists.openembedded.org/mt/100321858/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core][PATCH] multilib.conf: explicitly make MULTILIB_VARIANTS vardeps on MULTILIBS

[Chen Qi via lists.openembedded.org]

Got it. I'll check this failure.

Regards,
Qi

-Original Message-
From: Richard Purdie  
Sent: Saturday, July 29, 2023 6:08 AM
To: Chen, Qi ; openembedded-core@lists.openembedded.org
Subject: Re: [OE-core][PATCH] multilib.conf: explicitly make MULTILIB_VARIANTS 
vardeps on MULTILIBS

On Thu, 2023-07-27 at 14:15 +0800, Chen Qi via lists.openembedded.org
wrote:
> From: Chen Qi 
> 
> This patch is to ensure recipes get rebuilt correctly and avoid 
> incorrect sstate cache reuse when toggling multilib.
> 
> The following steps show one example of such incorrect sstate cache reuse.
> 1. enable multilib && bitbake  -c populate_sdk 2. disable 
> multilib && bitbake  -c populate_sdk
> 
> The error message is as below:
> Error:
>  Problem: conflicting requests
>- nothing provides binutils-cross-canadian-i686 needed by 
> packagegroup-cross-canadian-intel-x86-64-1.0-r0.x86_64_nativesdk
>- nothing provides gcc-cross-canadian-i686 needed by 
> packagegroup-cross-canadian-intel-x86-64-1.0-r0.x86_64_nativesdk
>- nothing provides gdb-cross-canadian-i686 needed by 
> packagegroup-cross-canadian-intel-x86-64-1.0-r0.x86_64_nativesdk
>  (try to add '--skip-broken' to skip uninstallable packages)
> 
> We get this error because packagegroup-cross-canadian recipe is not 
> rebuilt when it should be.
> 
> Current codes have tracked the dependency to MULTILIB_VARIANTS, as 
> shown in the following chain:
> RDEPENDS:packagegroup-cross-canadian-intel-x86-64 -> 
> all_multilib_tune_values -> MULTILIB_VARIANTS.
> 
> However, MULTILIB_VARIANTS cannot automatically depend on MULTILIBS.
> See some results from 'bitbake-dumpsigs' below:
> List of dependencies for variable MULTILIB_VARIANTS is 
> ['extend_variants'] Variable MULTILIB_VARIANTS value is 
> ${@extend_variants(d,'MULTILIBS','multilib')}
> 
> It's obvious that the value of MULTILIB_VARIANTS depend on the value 
> of MULTILIBS, so let's set this dependency manually.
> 
> Signed-off-by: Chen Qi 
> ---
>  meta/conf/multilib.conf | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/meta/conf/multilib.conf b/meta/conf/multilib.conf index 
> 7f3b9463ef..ef3605a73d 100644
> --- a/meta/conf/multilib.conf
> +++ b/meta/conf/multilib.conf
> @@ -2,6 +2,7 @@
>  baselib = "${@d.getVar('BASE_LIB:tune-' + (d.getVar('DEFAULTTUNE') or 
> 'INVALID')) or d.getVar('BASELIB')}"
>  
>  MULTILIB_VARIANTS = "${@extend_variants(d,'MULTILIBS','multilib')}"
> +MULTILIB_VARIANTS[vardeps] += "MULTILIBS"
>  MULTILIB_SAVE_VARNAME = "DEFAULTTUNE TARGET_ARCH TARGET_SYS TARGET_VENDOR"
>  
>  MULTILIBS ??= "multilib:lib32"

I suspect this resulted in this selftest failure:

https://autobuilder.yoctoproject.org/typhoon/#/builders/79/builds/5534/steps/15/logs/stdio

Cheers,

Richard

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#185115): 
https://lists.openembedded.org/g/openembedded-core/message/185115
Mute This Topic: https://lists.openembedded.org/mt/100385842/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] gnu-efi: Fix build break on riscv64

[Khem Raj]

Signed-off-by: Khem Raj 
---
 ...0001-riscv64-adjust-type-definitions.patch | 34 +++
 .../0001-riscv64-ignore-unknown-relocs.patch  | 32 +
 meta/recipes-bsp/gnu-efi/gnu-efi_3.0.17.bb|  2 ++
 3 files changed, 68 insertions(+)
 create mode 100644 
meta/recipes-bsp/gnu-efi/gnu-efi/0001-riscv64-adjust-type-definitions.patch
 create mode 100644 
meta/recipes-bsp/gnu-efi/gnu-efi/0001-riscv64-ignore-unknown-relocs.patch

diff --git 
a/meta/recipes-bsp/gnu-efi/gnu-efi/0001-riscv64-adjust-type-definitions.patch 
b/meta/recipes-bsp/gnu-efi/gnu-efi/0001-riscv64-adjust-type-definitions.patch
new file mode 100644
index 000..3475606264e
--- /dev/null
+++ 
b/meta/recipes-bsp/gnu-efi/gnu-efi/0001-riscv64-adjust-type-definitions.patch
@@ -0,0 +1,34 @@
+From 1de509497826faa0ad84b82f5e2c3d21ee613459 Mon Sep 17 00:00:00 2001
+From: Moody Liu 
+Date: Sat, 13 May 2023 17:39:16 +0100
+Subject: [PATCH] riscv64: adjust type definitions
+
+CHAR8 needs to be defined while BOOLEAN should be removed
+here to prevent typedef conflicts
+
+Upstream-Status: Backport 
[https://sourceforge.net/p/gnu-efi/code/ci/1de509497826faa0ad84b82f5e2c3d21ee613459/]
+Signed-off-by: Moody Liu 
+---
+ inc/riscv64/efibind.h | 4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+
+diff --git a/inc/riscv64/efibind.h b/inc/riscv64/efibind.h
+index 4fdf81d..d8b4f39 100644
+--- a/inc/riscv64/efibind.h
 b/inc/riscv64/efibind.h
+@@ -32,11 +32,9 @@ typedef uint16_tUINT16;
+ typedef int16_t INT16;
+ typedef uint8_t UINT8;
+ typedef int8_t  INT8;
++typedef charCHAR8;
+ typedef wchar_t CHAR16;
+ #define WCHAR   CHAR16
+-#ifndef BOOLEAN
+-typedef uint8_t BOOLEAN;
+-#endif
+ #undef VOID
+ typedef voidVOID;
+ typedef int64_t INTN;
+-- 
+2.41.0
+
diff --git 
a/meta/recipes-bsp/gnu-efi/gnu-efi/0001-riscv64-ignore-unknown-relocs.patch 
b/meta/recipes-bsp/gnu-efi/gnu-efi/0001-riscv64-ignore-unknown-relocs.patch
new file mode 100644
index 000..5b3c152c5e0
--- /dev/null
+++ b/meta/recipes-bsp/gnu-efi/gnu-efi/0001-riscv64-ignore-unknown-relocs.patch
@@ -0,0 +1,32 @@
+From 708f66acfec9a86f237726d45095cbd380fd83ca Mon Sep 17 00:00:00 2001
+From: Callum Farmer 
+Date: Wed, 21 Jun 2023 11:32:28 +0100
+Subject: [PATCH] riscv64: ignore unknown relocs
+
+Sometimes ld emits relocs such as R_RISCV_64 for unwind symbols
+these don't need to be handled yet so just can be skipped otherwise
+the binary will never load
+
+Upstream-Status: Backport 
[https://sourceforge.net/p/gnu-efi/code/ci/708f66acfec9a86f237726d45095cbd380fd83ca/]
+Signed-off-by: Callum Farmer 
+---
+ gnuefi/reloc_riscv64.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/gnuefi/reloc_riscv64.c b/gnuefi/reloc_riscv64.c
+index 0b02d83..e429602 100644
+--- a/gnuefi/reloc_riscv64.c
 b/gnuefi/reloc_riscv64.c
+@@ -81,8 +81,7 @@ EFI_STATUS EFIAPI _relocate(long ldbase, Elf_Dyn *dyn)
+   *addr = ldbase + rel->r_addend;
+   break;
+   default:
+-  /* Panic */
+-  while (1) ;
++  break;
+   }
+   rel = (Elf_Rela *)((char *)rel + relent);
+   relsz -= relent;
+-- 
+2.41.0
+
diff --git a/meta/recipes-bsp/gnu-efi/gnu-efi_3.0.17.bb 
b/meta/recipes-bsp/gnu-efi/gnu-efi_3.0.17.bb
index 547c469d19f..d37d638e097 100644
--- a/meta/recipes-bsp/gnu-efi/gnu-efi_3.0.17.bb
+++ b/meta/recipes-bsp/gnu-efi/gnu-efi_3.0.17.bb
@@ -15,6 +15,8 @@ LIC_FILES_CHKSUM = 
"file://gnuefi/crt0-efi-arm.S;beginline=4;endline=16;md5=e582
 SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/files/${BP}.tar.bz2 \
file://parallel-make-archives.patch \
file://gnu-efi-3.0.9-fix-clang-build.patch \
+   file://0001-riscv64-adjust-type-definitions.patch \
+   file://0001-riscv64-ignore-unknown-relocs.patch \
"
 
 SRC_URI[sha256sum] = 
"7807e903349343a7a142ebb934703a2872235e89688cf586c032b0a1087bcaf4"
-- 
2.41.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#185114): 
https://lists.openembedded.org/g/openembedded-core/message/185114
Mute This Topic: https://lists.openembedded.org/mt/100451045/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH 12/21] util-linux: upgrade 2.38.1 -> 2.39.1

[Alexandre Belloni via lists.openembedded.org]

On 28/07/2023 17:25:46+0200, Alexander Kanavin wrote:
> I just locally ran the ptest against current abelloni/master-next
> (1db230c0191eefffd94be0e8f40312b76e8b8769) with arm-64 target on an
> x86 host, and that passed too. I can try to do that on the actual arm
> host in the AB cluster, but otherwise out of ideas at the moment. Can
> you bisect the patchset?
> 

This is not 100% reproducible and so difficult to bisect. This is the
log:

diff-{{{
--- /usr/lib/util-linux/ptest/tests/expected/lsfd/option-inet
+++ /usr/lib/util-linux/ptest/tests/output/lsfd/option-inet
@@ -5,10 +5,10 @@
 3 TCPv6 state=listen laddr=[::1]:34567
 4 TCPv6 state=established laddr=[::1]:23456 raddr=[::1]:34567
 5 TCPv6 state=established laddr=[::1]:34567 raddr=[::1]:23456
-3   UDP state=close laddr=127.0.0.1:34567
-4   UDP state=established laddr=127.0.0.1:23456 raddr=127.0.0.1:34567
-3 UDPLITEv6 state=close laddr=[::1]:34567
-4 UDPLITEv6 state=established laddr=[::1]:23456 raddr=[::1]:34567
+3   UDP socket:[33864]
+4   UDP socket:[33865]
+3 UDPLITEv6 socket:[31413]
+4 UDPLITEv6 socket:[31414]
 # --inet=4
 3  TCP state=listen laddr=127.0.0.1:34567
 4  TCP state=established laddr=127.0.0.1:23456 raddr=127.0.0.1:34567
}}}-diff

FAIL:  lsfd: --inet option 
(lsfd/option-inet)


All the occurrences are on the arm workers, ubuntu1804-arm-1 and
ubuntu2204-arm-1 for now.



> Alex
> 
> On Fri, 28 Jul 2023 at 15:38, Alexander Kanavin via
> lists.openembedded.org 
> wrote:
> >
> > I don't know. Nothing stands out in particular here:
> > https://git.yoctoproject.org/poky-contrib/log/?h=abelloni/master-next
> >
> > Both failures happened on arm64 I think?
> >
> > Alex
> >
> > On Fri, 28 Jul 2023 at 15:13, Alexandre Belloni
> >  wrote:
> > >
> > > Hello,
> > >
> > > I got a new ptest failure twice with this patch:
> > >
> > > 'util-linux': ['lsfd:_--inet_option']
> > >
> > > I don't see it on your run, I'm wondering what is in my branch that
> > > causes it.
> > >
> > > On 27/07/2023 16:36:18+0200, Alexander Kanavin wrote:
> > > > License-update: added bsd-2-clause
> > > > https://github.com/util-linux/util-linux/commit/faeb1b64b36ededd1a0b62555cad65f002d47ac6
> > > >
> > > > Signed-off-by: Alexander Kanavin 
> > > > ---
> > > >  ...2.38.1.bb => util-linux-libuuid_2.39.1.bb} |  0
> > > >  meta/recipes-core/util-linux/util-linux.inc   | 10 ++--
> > > >  .../0001-check-for-sys-pidfd.h.patch  | 53 ---
> > > >  ...configure.ac-Improve-check-for-magic.patch | 40 --
> > > >  .../util-linux/util-linux/run-ptest   |  6 +++
> > > >  ...l-linux_2.38.1.bb => util-linux_2.39.1.bb} |  0
> > > >  6 files changed, 10 insertions(+), 99 deletions(-)
> > > >  rename meta/recipes-core/util-linux/{util-linux-libuuid_2.38.1.bb => 
> > > > util-linux-libuuid_2.39.1.bb} (100%)
> > > >  delete mode 100644 
> > > > meta/recipes-core/util-linux/util-linux/0001-check-for-sys-pidfd.h.patch
> > > >  delete mode 100644 
> > > > meta/recipes-core/util-linux/util-linux/0001-configure.ac-Improve-check-for-magic.patch
> > > >  rename meta/recipes-core/util-linux/{util-linux_2.38.1.bb => 
> > > > util-linux_2.39.1.bb} (100%)
> > > >
> > > > diff --git a/meta/recipes-core/util-linux/util-linux-libuuid_2.38.1.bb 
> > > > b/meta/recipes-core/util-linux/util-linux-libuuid_2.39.1.bb
> > > > similarity index 100%
> > > > rename from meta/recipes-core/util-linux/util-linux-libuuid_2.38.1.bb
> > > > rename to meta/recipes-core/util-linux/util-linux-libuuid_2.39.1.bb
> > > > diff --git a/meta/recipes-core/util-linux/util-linux.inc 
> > > > b/meta/recipes-core/util-linux/util-linux.inc
> > > > index 3868b1c41d3..99ce2a24b0a 100644
> > > > --- a/meta/recipes-core/util-linux/util-linux.inc
> > > > +++ b/meta/recipes-core/util-linux/util-linux.inc
> > > > @@ -6,13 +6,13 @@ disk partitioning, kernel message management, 
> > > > filesystem creation, and system lo
> > > >
> > > >  SECTION = "base"
> > > >
> > > > -LICENSE = "GPL-2.0-or-later & LGPL-2.1-or-later & BSD-3-Clause & 
> > > > BSD-4-Clause"
> > > > +LICENSE = "GPL-2.0-or-later & LGPL-2.1-or-later & BSD-2-Clause & 
> > > > BSD-3-Clause & BSD-4-Clause"
> > > >  LICENSE:${PN}-libblkid = "LGPL-2.1-or-later"
> > > >  LICENSE:${PN}-libfdisk = "LGPL-2.1-or-later"
> > > >  LICENSE:${PN}-libmount = "LGPL-2.1-or-later"
> > > >  LICENSE:${PN}-libsmartcols = "LGPL-2.1-or-later"
> > > >
> > > > -LIC_FILES_CHKSUM = 
> > > > "file://README.licensing;md5=0fd5c050c6187d2bf0a4492b7f4e33da \
> > > > +LIC_FILES_CHKSUM = 
> > > > "file://README.licensing;md5=12ae7768a65ec8f2e44d930df9cb43fa \
> > > >  
> > > > file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
> > > >  
> > > > file://Documentation/licenses/COPYING.GPL-2.0-or-later;md5=b234ee4d69f5fce4486a80fdaf4a4263
> > > >  \
> > > >  
> > > > 

[OE-core] [PATCH] python3-wheel: upgrade 0.40.0 -> 0.41.0

[Tim Orling]

https://wheel.readthedocs.io/en/stable/news.html

0.41.0 (2023-07-22)
* Added full support of the build tag syntax to wheel tags (you can now
  set a build tag like 123mytag)
* Fixed warning on Python 3.12 about onerror deprecation. (PR by Henry
  Schreiner)
* Support testing on Python 3.12 betas (PR by Ewout ter Hoeven)

Signed-off-by: Tim Orling 
---
 .../python/{python3-wheel_0.40.0.bb => python3-wheel_0.41.0.bb} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-devtools/python/{python3-wheel_0.40.0.bb => 
python3-wheel_0.41.0.bb} (85%)

diff --git a/meta/recipes-devtools/python/python3-wheel_0.40.0.bb 
b/meta/recipes-devtools/python/python3-wheel_0.41.0.bb
similarity index 85%
rename from meta/recipes-devtools/python/python3-wheel_0.40.0.bb
rename to meta/recipes-devtools/python/python3-wheel_0.41.0.bb
index 2b8111d544b..2d8742545da 100644
--- a/meta/recipes-devtools/python/python3-wheel_0.40.0.bb
+++ b/meta/recipes-devtools/python/python3-wheel_0.41.0.bb
@@ -4,7 +4,7 @@ SECTION = "devel/python"
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=7ffb0db04527cfe380e4f2726bd05ebf"
 
-SRC_URI[sha256sum] = 
"cd1196f3faee2b31968d626e1731c94f99cbdb67cf5a46e4f5656cbee7738873"
+SRC_URI[sha256sum] = 
"55a0f0a5a84869bce5ba775abfd9c462e3a6b1b7b7ec69d72c0b83d673a5114d"
 
 inherit python_flit_core pypi
 
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#185112): 
https://lists.openembedded.org/g/openembedded-core/message/185112
Mute This Topic: https://lists.openembedded.org/mt/100448804/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] python3-more-itertools: upgrade 9.1.0 -> 10.0.0

[Tim Orling]

https://more-itertools.readthedocs.io/en/stable/versions.html

10.0.0
* Potentially breaking changes
  - Python 3.7 support was dropped, since it went EOL on 2023-06-27
  - batched() no longer issues a DeprecationWarning; it is now an alias
for itertools.batched for Python 3.12+
  - batched() and matmul() now yield tuples instead of lists
* New functions
  - combination_with_replacement_index() (thanks to Schoyen)
  - nth_combination_with_replacement() (thanks to Schoyen)
  - polynomial_eval() (from the Python itertools docs)
  - polynomial_derivative() (from the Python itertools docs)
  - sum_of_squares() (from the Python itertools docs)
* Changes to existing functions
  - seekable() now has relative_seek method (thanks to karlb)
  - chunked_even() was optimized (thanks to elliotwutingfeng)
  - numeric_range() was optimized (thanks to eltoder)
  - duplicates_justseen(), pairwise(), partial_product(), and partition()
were updated and optimized (thanks to pochmann)
  - unique_in_window() had its implementation updated (thanks to
elliotwutingfeng)
  - iterate() now breaks when its func argument raises StopIteration (thanks
to jrebiffe)
* Other changes
  - Some documentation and testing issues were fixed (thanks to lonnen and
XuehaiPan)

Signed-off-by: Tim Orling 
---
All ptests pass on core-image-ptest-python3-more-itertools for qemux86-64

 ...more-itertools_9.1.0.bb => python3-more-itertools_10.0.0.bb} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-devtools/python/{python3-more-itertools_9.1.0.bb => 
python3-more-itertools_10.0.0.bb} (87%)

diff --git a/meta/recipes-devtools/python/python3-more-itertools_9.1.0.bb 
b/meta/recipes-devtools/python/python3-more-itertools_10.0.0.bb
similarity index 87%
rename from meta/recipes-devtools/python/python3-more-itertools_9.1.0.bb
rename to meta/recipes-devtools/python/python3-more-itertools_10.0.0.bb
index 8c33b7161bc..e07d4b78606 100644
--- a/meta/recipes-devtools/python/python3-more-itertools_9.1.0.bb
+++ b/meta/recipes-devtools/python/python3-more-itertools_10.0.0.bb
@@ -3,7 +3,7 @@ HOMEPAGE = "https://github.com/erikrose/more-itertools;
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=3396ea30f9d21389d7857719816f83b5"
 
-SRC_URI[sha256sum] = 
"cabaa341ad0389ea83c17a94566a53ae4c9d07349861ecb14dc6d0345cf9ac5d"
+SRC_URI[sha256sum] = 
"cd65437d7c4b615ab81c0640c0480bc29a550ea032891977681efd28344d51e1"
 
 inherit pypi python_flit_core ptest
 
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#185111): 
https://lists.openembedded.org/g/openembedded-core/message/185111
Mute This Topic: https://lists.openembedded.org/mt/100448548/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] python3-certifi: upgrade 2023.5.7 -> 2023.7.22

[Tim Orling]

No changelog provided. Commits:

8fb96ed (tag: 2023.07.22) 2023.07.22
afe7722 Bump actions/setup-python from 4.6.1 to 4.7.0 (#230)
2038739 Bump dessant/lock-threads from 3.0.0 to 4.0.1 (#229)
44df761 Hash pin Actions and enable dependabot (#228)

Signed-off-by: Tim Orling 
---
 ...python3-certifi_2023.5.7.bb => python3-certifi_2023.7.22.bb} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-devtools/python/{python3-certifi_2023.5.7.bb => 
python3-certifi_2023.7.22.bb} (86%)

diff --git a/meta/recipes-devtools/python/python3-certifi_2023.5.7.bb 
b/meta/recipes-devtools/python/python3-certifi_2023.7.22.bb
similarity index 86%
rename from meta/recipes-devtools/python/python3-certifi_2023.5.7.bb
rename to meta/recipes-devtools/python/python3-certifi_2023.7.22.bb
index 924b05c12cb..c4e1e7b9174 100644
--- a/meta/recipes-devtools/python/python3-certifi_2023.5.7.bb
+++ b/meta/recipes-devtools/python/python3-certifi_2023.7.22.bb
@@ -7,7 +7,7 @@ HOMEPAGE = " http://certifi.io/;
 LICENSE = "ISC"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=3c2b7404369c587c3559afb604fce2f2"
 
-SRC_URI[sha256sum] = 
"0f0d56dc5a6ad56fd4ba36484d6cc34451e1c6548c61daad8c320169f91eddc7"
+SRC_URI[sha256sum] = 
"539cc1d13202e33ca466e88b2807e29f4c13049d6d87031a3c110744495cb082"
 
 inherit pypi setuptools3
 
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#185110): 
https://lists.openembedded.org/g/openembedded-core/message/185110
Mute This Topic: https://lists.openembedded.org/mt/100448311/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] python3-sphinx: upgrade 7.0.1 -> 7.1.1

[Tim Orling]

No longer need to set PYPI_PACKAGE, download is
now sphinx-${PV}.tar.gz not Sphinx-${PV}.tar.gz.

https://www.sphinx-doc.org/en/master/changes.html#release-7-1-1-released-jul-27-2023
https://www.sphinx-doc.org/en/master/changes.html#release-7-1-0-released-jul-24-2023

Signed-off-by: Tim Orling 
---
 .../{python3-sphinx_7.0.1.bb => python3-sphinx_7.1.1.bb} | 5 +
 1 file changed, 1 insertion(+), 4 deletions(-)
 rename meta/recipes-devtools/python/{python3-sphinx_7.0.1.bb => 
python3-sphinx_7.1.1.bb} (89%)

diff --git a/meta/recipes-devtools/python/python3-sphinx_7.0.1.bb 
b/meta/recipes-devtools/python/python3-sphinx_7.1.1.bb
similarity index 89%
rename from meta/recipes-devtools/python/python3-sphinx_7.0.1.bb
rename to meta/recipes-devtools/python/python3-sphinx_7.1.1.bb
index 10e01a2d7ae..fa616cd5044 100644
--- a/meta/recipes-devtools/python/python3-sphinx_7.0.1.bb
+++ b/meta/recipes-devtools/python/python3-sphinx_7.1.1.bb
@@ -4,13 +4,10 @@ SECTION = "devel/python"
 LICENSE = "BSD-2-Clause & MIT"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=5eb6ac1b115a1ed24a12d9f15b633993"
 
-PYPI_PACKAGE = "Sphinx"
-
-SRC_URI[sha256sum] = 
"61e025f788c5977d9412587e733733a289e2b9fdc2fef8868ddfbfc4ccfe881d"
+SRC_URI[sha256sum] = 
"59b8e391f0768a96cd233e8300fe7f0a8dc2f64f83dc2a54336a9a84f428ff4e"
 
 inherit python_flit_core pypi
 
- 
 do_install:append () {
# The cache format of "{None, 'en', 'ja'}" doesn't seem to be 
consistent (dict ordering?)
rm 
${D}${libdir}/${PYTHON_DIR}/site-packages/sphinx/writers/__pycache__/*latex*
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#185109): 
https://lists.openembedded.org/g/openembedded-core/message/185109
Mute This Topic: https://lists.openembedded.org/mt/100448156/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone 30/30] util-linux: add alternative links for ipcs,ipcrm

[Steve Sakoman]

From: Benjamin Bouvier 

When enabling ipcs and ipcrm configuration into busybox, both tools are
built and then deployed during do_rootfs. These operation lead to below
issue (similar behavior happens for ipcs):

do_rootfs: Postinstall scriptlets of ['busybox'] have failed. If the intention 
is to defer them to first boot,
then please place them into pkg_postinst_ontarget:${PN} ().

update-alternatives: Error: not linking 
.../build/tmp/work/board-poky-linux/board-image/1.0-r0/rootfs/usr/bin/ipcrm
to /bin/busybox since 
.../build/tmp/work/board-poky-linux/board-image/1.0-r0/rootfs/usr/bin/ipcrm 
exists and is not a link

Binaries enter in conflict with same named util-linux utilities during
do_rootfs step.
Adding ALTERNATIVE_LINK_NAME for both tools fix the issue.

Signed-off-by: Benjamin Bouvier 
Signed-off-by: Alexandre Belloni 
Signed-off-by: Richard Purdie 
(cherry picked from commit e4d60408b869c9cc2ccff794d4e271d993ec8a97)
Signed-off-by: Steve Sakoman 
---
 meta/recipes-core/util-linux/util-linux_2.37.4.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/recipes-core/util-linux/util-linux_2.37.4.bb 
b/meta/recipes-core/util-linux/util-linux_2.37.4.bb
index f6d3ea2bc1..8866120eed 100644
--- a/meta/recipes-core/util-linux/util-linux_2.37.4.bb
+++ b/meta/recipes-core/util-linux/util-linux_2.37.4.bb
@@ -233,6 +233,8 @@ ALTERNATIVE_TARGET[getty] = "${base_sbindir}/agetty"
 ALTERNATIVE_LINK_NAME[hexdump] = "${bindir}/hexdump"
 ALTERNATIVE_LINK_NAME[hwclock] = "${base_sbindir}/hwclock"
 ALTERNATIVE_LINK_NAME[ionice] = "${bindir}/ionice"
+ALTERNATIVE_LINK_NAME[ipcrm] = "${bindir}/ipcrm"
+ALTERNATIVE_LINK_NAME[ipcs] = "${bindir}/ipcs"
 ALTERNATIVE_LINK_NAME[kill] = "${base_bindir}/kill"
 ALTERNATIVE:${PN}-last = "last lastb"
 ALTERNATIVE_LINK_NAME[last] = "${bindir}/last"
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#185108): 
https://lists.openembedded.org/g/openembedded-core/message/185108
Mute This Topic: https://lists.openembedded.org/mt/100447650/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone 29/30] openssl: use a glob on the PERLEXTERNAL to track updates on the path

[Steve Sakoman]

From: Jose Quaresma 

The Text-Template was updated from 1.46 to 1.56

| ERROR: openssl-native-3.1.1-r0 do_configure: PERLEXTERNAL 
'/build/tmp/work/x86_64-linux/openssl-native/3.1.1-r0/openssl-3.1.1/external/perl/Text-Template-1.46/lib'
 not found!

Signed-off-by: Jose Quaresma 
Signed-off-by: Alexandre Belloni 
Signed-off-by: Richard Purdie 
(cherry picked from commit b9a7739b01e31d0cc8358d99255e3e1b02a0a1a8)
Signed-off-by: Steve Sakoman 
---
 meta/recipes-connectivity/openssl/openssl_3.0.9.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-connectivity/openssl/openssl_3.0.9.bb 
b/meta/recipes-connectivity/openssl/openssl_3.0.9.bb
index ba31418b4a..9738d36902 100644
--- a/meta/recipes-connectivity/openssl/openssl_3.0.9.bb
+++ b/meta/recipes-connectivity/openssl/openssl_3.0.9.bb
@@ -137,7 +137,7 @@ do_configure () {
fi
# WARNING: do not set compiler/linker flags (-I/-D etc.) in 
EXTRA_OECONF, as they will fully replace the
# environment variables set by bitbake. Adjust the environment 
variables instead.
-   PERLEXTERNAL="${S}/external/perl/Text-Template-1.46/lib"
+   PERLEXTERNAL="$(realpath ${S}/external/perl/Text-Template-*/lib)"
test -d "$PERLEXTERNAL" || bberror "PERLEXTERNAL '$PERLEXTERNAL' not 
found!"
HASHBANGPERL="/usr/bin/env perl" PERL=perl PERL5LIB="$PERLEXTERNAL" \
perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} 
${DEPRECATED_CRYPTO_FLAGS} --prefix=$useprefix --openssldir=${libdir}/ssl-3 
--libdir=${libdir} $target
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#185107): 
https://lists.openembedded.org/g/openembedded-core/message/185107
Mute This Topic: https://lists.openembedded.org/mt/100447649/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone 28/30] openssl: add PERLEXTERNAL path to test its existence

[Steve Sakoman]

From: Jose Quaresma 

When upstream change is better to fail or removing the PERL5LIB
if they are not need anymore.

Signed-off-by: Jose Quaresma 
Signed-off-by: Alexandre Belloni 
Signed-off-by: Richard Purdie 
(cherry picked from commit 337ac1159644678508990927923ef8af30f34cd7)
Signed-off-by: Steve Sakoman 
---
 meta/recipes-connectivity/openssl/openssl_3.0.9.bb | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/meta/recipes-connectivity/openssl/openssl_3.0.9.bb 
b/meta/recipes-connectivity/openssl/openssl_3.0.9.bb
index 849bd7e5a6..ba31418b4a 100644
--- a/meta/recipes-connectivity/openssl/openssl_3.0.9.bb
+++ b/meta/recipes-connectivity/openssl/openssl_3.0.9.bb
@@ -137,7 +137,9 @@ do_configure () {
fi
# WARNING: do not set compiler/linker flags (-I/-D etc.) in 
EXTRA_OECONF, as they will fully replace the
# environment variables set by bitbake. Adjust the environment 
variables instead.
-   HASHBANGPERL="/usr/bin/env perl" PERL=perl 
PERL5LIB="${S}/external/perl/Text-Template-1.46/lib/" \
+   PERLEXTERNAL="${S}/external/perl/Text-Template-1.46/lib"
+   test -d "$PERLEXTERNAL" || bberror "PERLEXTERNAL '$PERLEXTERNAL' not 
found!"
+   HASHBANGPERL="/usr/bin/env perl" PERL=perl PERL5LIB="$PERLEXTERNAL" \
perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} 
${DEPRECATED_CRYPTO_FLAGS} --prefix=$useprefix --openssldir=${libdir}/ssl-3 
--libdir=${libdir} $target
perl ${B}/configdata.pm --dump
 }
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#185106): 
https://lists.openembedded.org/g/openembedded-core/message/185106
Mute This Topic: https://lists.openembedded.org/mt/100447648/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone 27/30] oeqa/selftest/devtool: add unit test for "devtool add -b"

[Steve Sakoman]

From: Yoann Congal 

Fix [Yocto #15085]

Co-authored-by: Fawzi KHABER 
Signed-off-by: Yoann Congal 
Signed-off-by: Richard Purdie 
(cherry picked from commit d5eedf8ca689ccb433c2f5d0b324378f966dd627)
Signed-off-by: Steve Sakoman 
---
 meta/lib/oeqa/selftest/cases/devtool.py | 32 +
 1 file changed, 32 insertions(+)

diff --git a/meta/lib/oeqa/selftest/cases/devtool.py 
b/meta/lib/oeqa/selftest/cases/devtool.py
index 64179d4004..aea2ad6561 100644
--- a/meta/lib/oeqa/selftest/cases/devtool.py
+++ b/meta/lib/oeqa/selftest/cases/devtool.py
@@ -348,6 +348,38 @@ class DevtoolAddTests(DevtoolBase):
 bindir = bindir[1:]
 self.assertTrue(os.path.isfile(os.path.join(installdir, bindir, 
'pv')), 'pv binary not found in D')
 
+def test_devtool_add_binary(self):
+# Create a binary package containing a known test file
+tempdir = tempfile.mkdtemp(prefix='devtoolqa')
+self.track_for_cleanup(tempdir)
+pn = 'tst-bin'
+pv = '1.0'
+test_file_dir = "var/lib/%s/" % pn
+test_file_name= "test_file"
+test_file_content = "TEST CONTENT"
+test_file_package_root = os.path.join(tempdir, pn)
+test_file_dir_full = os.path.join(test_file_package_root, 
test_file_dir)
+bb.utils.mkdirhier(test_file_dir_full)
+with open(os.path.join(test_file_dir_full, test_file_name), "w") as f:
+   f.write(test_file_content)
+bin_package_path = os.path.join(tempdir, "%s.tar.gz" % pn)
+runCmd("tar czf %s -C %s ." % (bin_package_path, 
test_file_package_root))
+
+# Test devtool add -b on the binary package
+self.track_for_cleanup(self.workspacedir)
+self.add_command_to_tearDown('bitbake -c cleansstate %s' % pn)
+self.add_command_to_tearDown('bitbake-layers remove-layer */workspace')
+result = runCmd('devtool add  -b %s %s' % (pn, bin_package_path))
+self.assertExists(os.path.join(self.workspacedir, 'conf', 
'layer.conf'), 'Workspace directory not created')
+
+# Build the resulting recipe
+result = runCmd('devtool build %s' % pn)
+installdir = get_bb_var('D', pn)
+self.assertTrue(installdir, 'Could not query installdir variable')
+
+# Check that a known file from the binary package has indeed been 
installed
+self.assertTrue(os.path.isfile(os.path.join(installdir, test_file_dir, 
test_file_name)), '%s not found in D' % test_file_name)
+
 def test_devtool_add_git_local(self):
 # We need dbus built so that DEPENDS recognition works
 bitbake('dbus')
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#185105): 
https://lists.openembedded.org/g/openembedded-core/message/185105
Mute This Topic: https://lists.openembedded.org/mt/100447647/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone 26/30] oeqa/runtime/cases/rpm: fix wait_for_no_process_for_user failure case

[Steve Sakoman]

From: Ross Burton 

str.format() doesn't use % notation, update the formatting to work.

assertTrue() is a member of self not a global, and assertTrue(True) will
always pass. Change this to just self.fail() as this is the failure case.

Signed-off-by: Ross Burton 
Signed-off-by: Richard Purdie 
(cherry picked from commit 017f3a0b1265c1a3b69c20bdb56bbf446111977e)
Signed-off-by: Steve Sakoman 
---
 meta/lib/oeqa/runtime/cases/rpm.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/lib/oeqa/runtime/cases/rpm.py 
b/meta/lib/oeqa/runtime/cases/rpm.py
index 5bdce3d522..7226b8af6a 100644
--- a/meta/lib/oeqa/runtime/cases/rpm.py
+++ b/meta/lib/oeqa/runtime/cases/rpm.py
@@ -57,8 +57,8 @@ class RpmBasicTest(OERuntimeTestCase):
 return
 time.sleep(1)
 user_pss = [ps for ps in output.split("\n") if u + ' ' in ps]
-msg = "There're %s 's process(es) still running: %s".format(u, 
"\n".join(user_pss))
-assertTrue(True, msg=msg)
+msg = "User %s has processes still running: %s" % (u, 
"\n".join(user_pss))
+self.fail(msg=msg)
 
 def unset_up_test_user(u):
 # ensure no test1 process in running
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#185104): 
https://lists.openembedded.org/g/openembedded-core/message/185104
Mute This Topic: https://lists.openembedded.org/mt/100447646/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone 25/30] meson.bbclass: Point to llvm-config from native sysroot

[Steve Sakoman]

From: Khem Raj 

Default search in meson would grok /usr/bin for llvm-config and if found
will use it, which might add wrong paths into cflags/ldflags, since we
depend on llvm-native when building gallium support ( thats when
llvm-config is effective), its better to point llvm-config into native
sysroot so it can add correct paths into compiler/linker cmdline

Signed-off-by: Khem Raj 
Signed-off-by: Richard Purdie 
(cherry picked from commit cc73360b9728812ed6123e30559b77d8e89cc21c)
Signed-off-by: Steve Sakoman 
---
 meta/classes/meson.bbclass | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/classes/meson.bbclass b/meta/classes/meson.bbclass
index 19b54e0fdc..fb6660c1a2 100644
--- a/meta/classes/meson.bbclass
+++ b/meta/classes/meson.bbclass
@@ -105,6 +105,7 @@ nm = ${@meson_array('BUILD_NM', d)}
 strip = ${@meson_array('BUILD_STRIP', d)}
 readelf = ${@meson_array('BUILD_READELF', d)}
 objcopy = ${@meson_array('BUILD_OBJCOPY', d)}
+llvm-config = '${STAGING_BINDIR_NATIVE}/llvm-config'
 pkgconfig = 'pkg-config-native'
 ${@rust_tool(d, "BUILD_SYS")}
 
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#185103): 
https://lists.openembedded.org/g/openembedded-core/message/185103
Mute This Topic: https://lists.openembedded.org/mt/100447645/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone 24/30] python3: fix missing comma in get_module_deps3.py

[Steve Sakoman]

From: Ross Burton 

Wes Tarro  noticed a missing comma in a
preplace() call, add it.

That said, calling replace() with one argument results in a TypeError,
so this is obviously dead code.

Signed-off-by: Ross Burton 
Signed-off-by: Richard Purdie 
(cherry picked from commit 9b2e2c8d809e7ca34451ec9702b029a00dfb410b)
Signed-off-by: Steve Sakoman 
---
 meta/recipes-devtools/python/python3/get_module_deps3.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-devtools/python/python3/get_module_deps3.py 
b/meta/recipes-devtools/python/python3/get_module_deps3.py
index 0ca687d2eb..8e432b49af 100644
--- a/meta/recipes-devtools/python/python3/get_module_deps3.py
+++ b/meta/recipes-devtools/python/python3/get_module_deps3.py
@@ -32,7 +32,7 @@ def fix_path(dep_path):
 dep_path = dep_path[dep_path.find(pivot)+len(pivot):]
 
 if '/usr/bin' in dep_path:
-dep_path = dep_path.replace('/usr/bin''${bindir}')
+dep_path = dep_path.replace('/usr/bin','${bindir}')
 
 # Handle multilib, is there a better way?
 if '/usr/lib32' in dep_path:
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#185102): 
https://lists.openembedded.org/g/openembedded-core/message/185102
Mute This Topic: https://lists.openembedded.org/mt/100447643/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone 23/30] mdadm: skip running known broken ptests

[Steve Sakoman]

From: Ovidiu Panait 

Upstream marked some testcases as "KNOWN BROKEN" and introduced the
"--skip-broken" flag to ignore them when running the testsuite (commits [1]
and [2]). Backport these two commits to get rid of the last remaining ptest
failures.

Also, add the "--skip-broken" option to the run-ptest script.

[1] https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=28520bf114b3
[2] https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=daa86d663476

Signed-off-by: Ovidiu Panait 
Signed-off-by: Richard Purdie 
(cherry picked from commit 62148b978b26b5fcd1a2fa3a0ff82ef814f4e7ec)
Signed-off-by: Steve Sakoman 
---
 ...Mark-and-ignore-broken-test-failures.patch | 128 +
 ...dd-broken-files-for-all-broken-tests.patch | 454 ++
 meta/recipes-extended/mdadm/files/run-ptest   |   2 +-
 meta/recipes-extended/mdadm/mdadm_4.2.bb  |   2 +
 4 files changed, 585 insertions(+), 1 deletion(-)
 create mode 100644 
meta/recipes-extended/mdadm/files/0005-mdadm-test-Mark-and-ignore-broken-test-failures.patch
 create mode 100644 
meta/recipes-extended/mdadm/files/0006-tests-Add-broken-files-for-all-broken-tests.patch

diff --git 
a/meta/recipes-extended/mdadm/files/0005-mdadm-test-Mark-and-ignore-broken-test-failures.patch
 
b/meta/recipes-extended/mdadm/files/0005-mdadm-test-Mark-and-ignore-broken-test-failures.patch
new file mode 100644
index 00..c55bfb125b
--- /dev/null
+++ 
b/meta/recipes-extended/mdadm/files/0005-mdadm-test-Mark-and-ignore-broken-test-failures.patch
@@ -0,0 +1,128 @@
+From feab1f72fcf032a4d21d0a69eb61b23a5ddb3352 Mon Sep 17 00:00:00 2001
+From: Logan Gunthorpe 
+Date: Wed, 22 Jun 2022 14:25:18 -0600
+Subject: [PATCH 5/6] mdadm/test: Mark and ignore broken test failures
+
+Add functionality to continue if a test marked as broken fails.
+
+To mark a test as broken, a file with the same name but with the suffix
+'.broken' should exist. The first line in the file will be printed with
+a KNOWN BROKEN message; the rest of the file can describe the how the
+test is broken.
+
+Also adds --skip-broken and --skip-always-broken to skip all the tests
+that have a .broken file or to skip all tests whose .broken file's first
+line contains the keyword always.
+
+Signed-off-by: Logan Gunthorpe 
+Signed-off-by: Jes Sorensen 
+
+Upstream-Status: Backport
+
+Reference to upstream patch:
+https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=28520bf114b3
+
+[OP: adjusted context for mdadm-4.2]
+Signed-off-by: Ovidiu Panait 
+---
+ test | 37 +++--
+ 1 file changed, 35 insertions(+), 2 deletions(-)
+
+diff --git a/test b/test
+index 8f189d9..ee8fba1 100755
+--- a/test
 b/test
+@@ -10,6 +10,8 @@ devlist=
+ 
+ savelogs=0
+ exitonerror=1
++ctrl_c_error=0
++skipbroken=0
+ prefix='[0-9][0-9]'
+ 
+ # use loop devices by default if doesn't specify --dev
+@@ -35,6 +37,7 @@ die() {
+ 
+ ctrl_c() {
+   exitonerror=1
++  ctrl_c_error=1
+ }
+ 
+ # mdadm always adds --quiet, and we want to see any unexpected messages
+@@ -79,8 +82,21 @@ mdadm() {
+ do_test() {
+   _script=$1
+   _basename=`basename $_script`
++  _broken=0
++
+   if [ -f "$_script" ]
+   then
++  if [ -f "${_script}.broken" ]; then
++  _broken=1
++  _broken_msg=$(head -n1 "${_script}.broken" | tr -d '\n')
++  if [ "$skipbroken" == "all" ]; then
++  return
++  elif [ "$skipbroken" == "always" ] &&
++   [[ "$_broken_msg" == *always* ]]; then
++  return
++  fi
++  fi
++
+   rm -f $targetdir/stderr
+   # this might have been reset: restore the default.
+   echo 2000 > /proc/sys/dev/raid/speed_limit_max
+@@ -97,10 +113,15 @@ do_test() {
+   else
+   save_log fail
+   _fail=1
++  if [ "$_broken" == "1" ]; then
++  echo "  (KNOWN BROKEN TEST: $_broken_msg)"
++  fi
+   fi
+   [ "$savelogs" == "1" ] &&
+   mv -f $targetdir/log $logdir/$_basename.log
+-  [ "$_fail" == "1" -a "$exitonerror" == "1" ] && exit 1
++  [ "$ctrl_c_error" == "1" ] && exit 1
++  [ "$_fail" == "1" -a "$exitonerror" == "1" \
++-a "$_broken" == "0" ] && exit 1
+   fi
+ }
+ 
+@@ -117,6 +138,8 @@ do_help() {
+   --logdir=directory  Directory to save all logfiles in
+   --save-logs Usually use with --logdir together
+   --keep-going | --no-error   Don't stop on error, ie. run all 
tests
++  --skip-broken   Skip tests that are known to be 
broken
++  --skip-always-brokenSkip tests that are known to always 
fail
+   

[OE-core][kirkstone 22/30] mdadm: fix segfaults when running ptests

[Steve Sakoman]

From: Ovidiu Panait 

Currently, some segfaults are reported when running ptest:
mdadm[12333]: segfault at 0 ip 7fe855924060 sp 7ffc4d6caf88 error 4 in 
libc.so.6[7f)
Code: d2 0f 84 b7 0f 00 00 48 83 fa 01 0f 84 b9 0f 00 00 49 89 d3 89 f1 89 f8 
48 83 e1 3f 4f

Backport the following upstream commits to fix them:
679bd9508a30 ("DDF: Cleanup validate_geometry_ddf_container()")
2b93288a5650 ("DDF: Fix NULL pointer dereference in validate_geometry_ddf()")
548e9b916f86 ("mdadm/Grow: Fix use after close bug by closing after fork")
9ae62977b51d ("monitor: Avoid segfault when calling NULL get_bad_blocks")

The fixes are part of the "Bug fixes and testing improvments" patchset [1].

[1] https://www.spinics.net/lists/raid/msg70621.html

Signed-off-by: Ovidiu Panait 
Signed-off-by: Richard Purdie 
(cherry picked from commit 9585009e3e505b361cd32b14e0e85e77e7822878)
Signed-off-by: Steve Sakoman 
---
 ...anup-validate_geometry_ddf_container.patch | 148 ++
 ...nter-dereference-in-validate_geometr.patch |  56 +++
 ...se-after-close-bug-by-closing-after-.patch |  91 +++
 ...gfault-when-calling-NULL-get_bad_blo.patch |  42 +
 meta/recipes-extended/mdadm/mdadm_4.2.bb  |   4 +
 5 files changed, 341 insertions(+)
 create mode 100644 
meta/recipes-extended/mdadm/files/0001-DDF-Cleanup-validate_geometry_ddf_container.patch
 create mode 100644 
meta/recipes-extended/mdadm/files/0002-DDF-Fix-NULL-pointer-dereference-in-validate_geometr.patch
 create mode 100644 
meta/recipes-extended/mdadm/files/0003-mdadm-Grow-Fix-use-after-close-bug-by-closing-after-.patch
 create mode 100644 
meta/recipes-extended/mdadm/files/0004-monitor-Avoid-segfault-when-calling-NULL-get_bad_blo.patch

diff --git 
a/meta/recipes-extended/mdadm/files/0001-DDF-Cleanup-validate_geometry_ddf_container.patch
 
b/meta/recipes-extended/mdadm/files/0001-DDF-Cleanup-validate_geometry_ddf_container.patch
new file mode 100644
index 00..cea435f83b
--- /dev/null
+++ 
b/meta/recipes-extended/mdadm/files/0001-DDF-Cleanup-validate_geometry_ddf_container.patch
@@ -0,0 +1,148 @@
+From ca458f4dcc4de9403298f67543466ce4bbc8f8ae Mon Sep 17 00:00:00 2001
+From: Logan Gunthorpe 
+Date: Wed, 22 Jun 2022 14:25:07 -0600
+Subject: [PATCH 1/4] DDF: Cleanup validate_geometry_ddf_container()
+
+Move the function up so that the function declaration is not necessary
+and remove the unused arguments to the function.
+
+No functional changes are intended but will help with a bug fix in the
+next patch.
+
+Signed-off-by: Logan Gunthorpe 
+Acked-by: Mariusz Tkaczyk 
+Signed-off-by: Jes Sorensen 
+
+Upstream-Status: Backport
+
+Reference to upstream patch:
+https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=679bd9508a30
+
+Signed-off-by: Ovidiu Panait 
+---
+ super-ddf.c | 88 -
+ 1 file changed, 39 insertions(+), 49 deletions(-)
+
+diff --git a/super-ddf.c b/super-ddf.c
+index 3f304cd..65cf727 100644
+--- a/super-ddf.c
 b/super-ddf.c
+@@ -503,13 +503,6 @@ struct ddf_super {
+ static int load_super_ddf_all(struct supertype *st, int fd,
+ void **sbp, char *devname);
+ static int get_svd_state(const struct ddf_super *, const struct vcl *);
+-static int
+-validate_geometry_ddf_container(struct supertype *st,
+-  int level, int layout, int raiddisks,
+-  int chunk, unsigned long long size,
+-  unsigned long long data_offset,
+-  char *dev, unsigned long long *freesize,
+-  int verbose);
+ 
+ static int validate_geometry_ddf_bvd(struct supertype *st,
+int level, int layout, int raiddisks,
+@@ -3322,6 +3315,42 @@ static int reserve_space(struct supertype *st, int 
raiddisks,
+   return 1;
+ }
+ 
++static int
++validate_geometry_ddf_container(struct supertype *st,
++  int level, int raiddisks,
++  unsigned long long data_offset,
++  char *dev, unsigned long long *freesize,
++  int verbose)
++{
++  int fd;
++  unsigned long long ldsize;
++
++  if (level != LEVEL_CONTAINER)
++  return 0;
++  if (!dev)
++  return 1;
++
++  fd = dev_open(dev, O_RDONLY|O_EXCL);
++  if (fd < 0) {
++  if (verbose)
++  pr_err("ddf: Cannot open %s: %s\n",
++ dev, strerror(errno));
++  return 0;
++  }
++  if (!get_dev_size(fd, dev, )) {
++  close(fd);
++  return 0;
++  }
++  close(fd);
++  if (freesize) {
++  *freesize = avail_size_ddf(st, ldsize >> 9, INVALID_SECTORS);
++  if (*freesize == 0)
++  return 0;
++  }
++
++  return 1;
++}
++
+ static int validate_geometry_ddf(struct 

[OE-core][kirkstone 21/30] mdadm: fix 07revert-inplace ptest

[Steve Sakoman]

From: Ovidiu Panait 

Testcase 07revert-inplace fails if strace is not installed:
...
strace -o /tmp/str ./mdadm -A /dev/md0 --update=revert-reshape /dev/<...>
tests/07revert-inplace: line 40: strace: command not found

Add strace to mdadm-ptest RDEPENDS to make sure the testcase passes even with
a core-image-minimal build.

Signed-off-by: Ovidiu Panait 
Signed-off-by: Richard Purdie 
(cherry picked from commit 7d9386663ac52ab69812867a0823c6055aedbc18)
Signed-off-by: Steve Sakoman 
---
 meta/recipes-extended/mdadm/mdadm_4.2.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-extended/mdadm/mdadm_4.2.bb 
b/meta/recipes-extended/mdadm/mdadm_4.2.bb
index af486e6d9c..aa97eef3ce 100644
--- a/meta/recipes-extended/mdadm/mdadm_4.2.bb
+++ b/meta/recipes-extended/mdadm/mdadm_4.2.bb
@@ -99,7 +99,7 @@ do_install_ptest() {
 }
 
 RDEPENDS:${PN} += "bash"
-RDEPENDS:${PN}-ptest += "bash e2fsprogs-mke2fs util-linux-lsblk 
util-linux-losetup"
+RDEPENDS:${PN}-ptest += "bash e2fsprogs-mke2fs util-linux-lsblk 
util-linux-losetup strace"
 RRECOMMENDS:${PN}-ptest += " \
 coreutils \
 kernel-module-loop \
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#185099): 
https://lists.openembedded.org/g/openembedded-core/message/185099
Mute This Topic: https://lists.openembedded.org/mt/100447639/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone 20/30] mdadm: fix util-linux ptest dependency

[Steve Sakoman]

From: Ovidiu Panait 

Trying to run mdadm-ptest in a core-image-minimal build will result in:
root@qemux86-64:~# ptest-runner mdadm
START: ptest-runner
BEGIN: /usr/lib/mdadm/ptest
which: no lsblk in 
(/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin)
lsblk command not found!
DURATION: 0
END: /usr/lib/mdadm/ptest
2023-06-28T10:14
STOP: ptest-runner
TOTAL: 1 FAIL: 0

Remove util-linux from RRECOMMENDS and only add util-linux-lsblk and
util-linux-losetup to RDEPENDS.

Signed-off-by: Ovidiu Panait 
Signed-off-by: Richard Purdie 
(cherry picked from commit 3004f7589974c135cc82630d980ea281b97ecd83)
Signed-off-by: Steve Sakoman 
---
 meta/recipes-extended/mdadm/mdadm_4.2.bb | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/meta/recipes-extended/mdadm/mdadm_4.2.bb 
b/meta/recipes-extended/mdadm/mdadm_4.2.bb
index 4aa3737562..af486e6d9c 100644
--- a/meta/recipes-extended/mdadm/mdadm_4.2.bb
+++ b/meta/recipes-extended/mdadm/mdadm_4.2.bb
@@ -99,10 +99,9 @@ do_install_ptest() {
 }
 
 RDEPENDS:${PN} += "bash"
-RDEPENDS:${PN}-ptest += "bash e2fsprogs-mke2fs"
+RDEPENDS:${PN}-ptest += "bash e2fsprogs-mke2fs util-linux-lsblk 
util-linux-losetup"
 RRECOMMENDS:${PN}-ptest += " \
 coreutils \
-util-linux \
 kernel-module-loop \
 kernel-module-linear \
 kernel-module-raid0 \
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#185098): 
https://lists.openembedded.org/g/openembedded-core/message/185098
Mute This Topic: https://lists.openembedded.org/mt/100447638/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone 19/30] uboot-extlinux-config.bbclass: fix old override syntax in comment

[Steve Sakoman]

From: Quentin Schulz 

The comment specifies how to use the variables but uses the older and
now unsupported override syntax. Let's update to match the newer syntax.

Cc: Quentin Schulz 
(From OE-Core rev: 0a381eea4d50ff1c6e7c7d0d4df62eb581454b48)

Signed-off-by: Quentin Schulz 
Signed-off-by: Alexandre Belloni 
Signed-off-by: Ross Burton 
Signed-off-by: Richard Purdie 
(cherry picked from commit bb64f3fed29b9532e6ddc9a2ba0283d373622d87)
Signed-off-by: Steve Sakoman 
---
 meta/classes/uboot-extlinux-config.bbclass | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/meta/classes/uboot-extlinux-config.bbclass 
b/meta/classes/uboot-extlinux-config.bbclass
index dcebe7ff31..5495ba0256 100644
--- a/meta/classes/uboot-extlinux-config.bbclass
+++ b/meta/classes/uboot-extlinux-config.bbclass
@@ -33,11 +33,11 @@
 # UBOOT_EXTLINUX_DEFAULT_LABEL ??= "Linux Default"
 # UBOOT_EXTLINUX_TIMEOUT ??= "30"
 #
-# UBOOT_EXTLINUX_KERNEL_IMAGE_default ??= "../zImage"
-# UBOOT_EXTLINUX_MENU_DESCRIPTION_default ??= "Linux Default"
+# UBOOT_EXTLINUX_KERNEL_IMAGE:default ??= "../zImage"
+# UBOOT_EXTLINUX_MENU_DESCRIPTION:default ??= "Linux Default"
 #
-# UBOOT_EXTLINUX_KERNEL_IMAGE_fallback ??= "../zImage-fallback"
-# UBOOT_EXTLINUX_MENU_DESCRIPTION_fallback ??= "Linux Fallback"
+# UBOOT_EXTLINUX_KERNEL_IMAGE:fallback ??= "../zImage-fallback"
+# UBOOT_EXTLINUX_MENU_DESCRIPTION:fallback ??= "Linux Fallback"
 #
 # Results:
 #
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#185097): 
https://lists.openembedded.org/g/openembedded-core/message/185097
Mute This Topic: https://lists.openembedded.org/mt/100447636/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone 18/30] systemd-systemctl: fix errors in instance name expansion

[Steve Sakoman]

From: Yuta Hayama 

If the instance name indicated by %i begins with a number, the meaning of the
replacement string "\\1{}".format(instance) is ambiguous.

To indicate group number 1 regardless of the instance name, use "\g<1>".

Signed-off-by: Yuta Hayama 
Signed-off-by: Richard Purdie 
(cherry picked from commit d18b939fb08b37380ce95934da38e6522392621c)
Signed-off-by: Steve Sakoman 
---
 meta/recipes-core/systemd/systemd-systemctl/systemctl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-core/systemd/systemd-systemctl/systemctl 
b/meta/recipes-core/systemd/systemd-systemctl/systemctl
index c8b5c9efe3..0fd7e24085 100755
--- a/meta/recipes-core/systemd/systemd-systemctl/systemctl
+++ b/meta/recipes-core/systemd/systemd-systemctl/systemctl
@@ -191,7 +191,7 @@ class SystemdUnit():
 try:
 for dependent in config.get('Install', prop):
 # expand any %i to instance (ignoring escape sequence %%)
-dependent = re.sub("([^%](%%)*)%i", "\\1{}".format(instance), 
dependent)
+dependent = re.sub("([^%](%%)*)%i", 
"\\g<1>{}".format(instance), dependent)
 wants = systemdir / "{}.{}".format(dependent, dirstem) / 
service
 add_link(wants, target)
 
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#185096): 
https://lists.openembedded.org/g/openembedded-core/message/185096
Mute This Topic: https://lists.openembedded.org/mt/100447634/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone 17/30] recipetool: Fix inherit in created -native* recipes

[Steve Sakoman]

From: Yoann Congal 

native and nativesdk classes are special and must be inherited last :
put them at the end of the gathered classes to inherit.

Signed-off-by: Yoann Congal 
Signed-off-by: Richard Purdie 
(cherry picked from commit a6614fd800cbe791264aeb102d379ba79bd145c2)
Signed-off-by: Steve Sakoman 
---
 scripts/lib/recipetool/create.py | 4 
 1 file changed, 4 insertions(+)

diff --git a/scripts/lib/recipetool/create.py b/scripts/lib/recipetool/create.py
index 220465ed2f..67894fb4d0 100644
--- a/scripts/lib/recipetool/create.py
+++ b/scripts/lib/recipetool/create.py
@@ -745,6 +745,10 @@ def create_recipe(args):
 for handler in handlers:
 handler.process(srctree_use, classes, lines_before, lines_after, 
handled, extravalues)
 
+# native and nativesdk classes are special and must be inherited last
+# If present, put them at the end of the classes list
+classes.sort(key=lambda c: c in ("native", "nativesdk"))
+
 extrafiles = extravalues.pop('extrafiles', {})
 extra_pn = extravalues.pop('PN', None)
 extra_pv = extravalues.pop('PV', None)
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#185095): 
https://lists.openembedded.org/g/openembedded-core/message/185095
Mute This Topic: https://lists.openembedded.org/mt/100447632/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone 16/30] kernel: add missing path to search for debug files

[Steve Sakoman]

From: Andrej Valek 

Since explicit debug package creation via ${KERNEL_PACKAGE_NAME}-dbg has
been added to kernel, it has to cover all PACKAGE_DEBUG_SPLIT_STYLE
options. For ex. when the variable "debug-file-directory" package search
path has to be set explicitly, otherwise it will not find any files.

Signed-off-by: Andrej Valek 
Signed-off-by: Richard Purdie 
(cherry picked from commit 9c39da147683dcaaa244b3ddc4531c4408ad5c9e)
Signed-off-by: Steve Sakoman 
---
 meta/classes/kernel.bbclass | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/classes/kernel.bbclass b/meta/classes/kernel.bbclass
index fc48737869..a82e4cf942 100644
--- a/meta/classes/kernel.bbclass
+++ b/meta/classes/kernel.bbclass
@@ -672,6 +672,7 @@ FILES:${KERNEL_PACKAGE_NAME}-image = ""
 FILES:${KERNEL_PACKAGE_NAME}-dev = "/${KERNEL_IMAGEDEST}/System.map* 
/${KERNEL_IMAGEDEST}/Module.symvers* /${KERNEL_IMAGEDEST}/config* 
${KERNEL_SRC_PATH} ${nonarch_base_libdir}/modules/${KERNEL_VERSION}/build"
 FILES:${KERNEL_PACKAGE_NAME}-vmlinux = 
"/${KERNEL_IMAGEDEST}/vmlinux-${KERNEL_VERSION_NAME}"
 FILES:${KERNEL_PACKAGE_NAME}-modules = ""
+FILES:${KERNEL_PACKAGE_NAME}-dbg = "/usr/lib/debug /usr/src/debug"
 RDEPENDS:${KERNEL_PACKAGE_NAME} = "${KERNEL_PACKAGE_NAME}-base (= 
${EXTENDPKGV})"
 # Allow machines to override this dependency if kernel image files are
 # not wanted in images as standard
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#185094): 
https://lists.openembedded.org/g/openembedded-core/message/185094
Mute This Topic: https://lists.openembedded.org/mt/100447627/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone 15/30] libxcrypt: fix build with perl-5.38 and use master branch

[Steve Sakoman]

From: Martin Jansa 

* fixes do_configure failure:
  checking whether all ucontext.h functions are available... yes
  when is deprecated at 
libxcrypt/4.4.30-r0/git/build-aux/scripts/BuildCommon.pm line 522.
  Compilation failed in require at 
../git/build-aux/scripts/expand-selected-hashes line 28.
  BEGIN failed--compilation aborted at 
../git/build-aux/scripts/expand-selected-hashes line 28.
  configure: error: bad value 'all' for --enable-hashes
  NOTE: The following config.log files may provide further information.

* with this patch backported it works OK:
  libxcrypt/4.4.30-r0/git $ perl build-aux/scripts/expand-selected-hashes
  usage: expand-selected-hashes hashes.conf names,of,selected,hashes

* similarly do_compile failure:
  ../git/build-aux/scripts/move-if-change crypt-hashes.h.T crypt-hashes.h
  ../git/build-aux/scripts/move-if-change crypt-symbol-vers.h.T 
crypt-symbol-vers.h
  given is deprecated at ../git/build-aux/scripts/gen-crypt-h line 41.
  Makefile:3818: Makefile.deps: No such file or directory
  make: *** [Makefile:3715: crypt.h.stamp] Error 255

* also use master branch instead of develop, the SRCREV exists in both
  but stable metadata branches should track stable component branches

  libxcrypt/4.4.30-r0/git $ git branch -a --contains 
d7fe1ac04c326dba7e0440868889d1dccb41a175 | tee
  * develop
remotes/origin/HEAD -> origin/develop
remotes/origin/develop
remotes/origin/master

  and oe-core master also uses master SRCBRANCH since:
  
https://git.openembedded.org/openembedded-core/commit/?id=d18e89bd2b46c6e266cc39dbe9fdb6c032f5f1fe

Signed-off-by: Martin Jansa 
Signed-off-by: Steve Sakoman 
---
 ...ommon.pm-compatible-with-latest-perl.patch | 50 +++
 ...ve-smartmatch-usage-from-gen-crypt-h.patch | 62 +++
 meta/recipes-core/libxcrypt/libxcrypt.inc |  7 ++-
 3 files changed, 117 insertions(+), 2 deletions(-)
 create mode 100644 
meta/recipes-core/libxcrypt/files/0001-Make-BuildCommon.pm-compatible-with-latest-perl.patch
 create mode 100644 
meta/recipes-core/libxcrypt/files/0002-Remove-smartmatch-usage-from-gen-crypt-h.patch

diff --git 
a/meta/recipes-core/libxcrypt/files/0001-Make-BuildCommon.pm-compatible-with-latest-perl.patch
 
b/meta/recipes-core/libxcrypt/files/0001-Make-BuildCommon.pm-compatible-with-latest-perl.patch
new file mode 100644
index 00..b3e43d5815
--- /dev/null
+++ 
b/meta/recipes-core/libxcrypt/files/0001-Make-BuildCommon.pm-compatible-with-latest-perl.patch
@@ -0,0 +1,50 @@
+From c3ec04f1aee68970b82e4b033bee1477e76798f9 Mon Sep 17 00:00:00 2001
+From: Leon Timmermans 
+Date: Tue, 6 Jun 2023 17:03:57 +0200
+Subject: [PATCH] Make BuildCommon.pm compatible with latest perl
+
+It was previously using an experimental feature that has since been dropped.
+This removes the use of that feature.
+
+Signed-off-by: Martin Jansa 
+Upstream-Status: Backport [v4.4.35 
https://github.com/besser82/libxcrypt/commit/ce562f4d33dc090fcd8f6ea1af3ba32cdc2b3c9c]
+---
+ build-aux/scripts/BuildCommon.pm | 9 -
+ 1 file changed, 4 insertions(+), 5 deletions(-)
+
+diff --git a/build-aux/scripts/BuildCommon.pm 
b/build-aux/scripts/BuildCommon.pm
+index 0e6f2a3..c38ba21 100644
+--- a/build-aux/scripts/BuildCommon.pm
 b/build-aux/scripts/BuildCommon.pm
+@@ -11,7 +11,6 @@ use v5.14;# implicit use strict, use feature ':5.14'
+ use warnings FATAL => 'all';
+ use utf8;
+ use open qw(:utf8);
+-no  if $] >= 5.018, warnings => 'experimental::smartmatch';
+ no  if $] >= 5.022, warnings => 'experimental::re_strict';
+ use if $] >= 5.022, re   => 'strict';
+ 
+@@ -519,19 +518,19 @@ sub parse_symver_args {
+ my $COMPAT_ABI;
+ local $_;
+ for (@args) {
+-when (/^SYMVER_MIN=(.+)$/) {
++if (/^SYMVER_MIN=(.+)$/) {
+ $usage_error->() if defined $SYMVER_MIN;
+ $SYMVER_MIN = $1;
+ }
+-when (/^SYMVER_FLOOR=(.+)$/) {
++elsif (/^SYMVER_FLOOR=(.+)$/) {
+ $usage_error->() if defined $SYMVER_FLOOR;
+ $SYMVER_FLOOR = $1;
+ }
+-when (/^COMPAT_ABI=(.+)$/) {
++elsif (/^COMPAT_ABI=(.+)$/) {
+ $usage_error->() if defined $COMPAT_ABI;
+ $COMPAT_ABI = $1;
+ }
+-default {
++else {
+ $usage_error->() if defined $map_in;
+ $map_in = $_;
+ }
diff --git 
a/meta/recipes-core/libxcrypt/files/0002-Remove-smartmatch-usage-from-gen-crypt-h.patch
 
b/meta/recipes-core/libxcrypt/files/0002-Remove-smartmatch-usage-from-gen-crypt-h.patch
new file mode 100644
index 00..603f52f792
--- /dev/null
+++ 
b/meta/recipes-core/libxcrypt/files/0002-Remove-smartmatch-usage-from-gen-crypt-h.patch
@@ -0,0 +1,62 @@
+From 95d6e03ae37f4ec948474d05bbdd2938aba2 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Andreas=20K=2E=20H=C3=BCttel?= 
+Date: Sun, 25 Jun 2023 01:35:08 +0200
+Subject: [PATCH] Remove smartmatch usage from gen-crypt-h
+
+Needed for Perl 5.38
+
+Signed-off-by: 

[OE-core][kirkstone 14/30] gcc : upgrade to v11.4

[Steve Sakoman]

From: Sundeep KOKKONDA 

gcc stable version upgraded from v11.3 to v11.4

For changes in v11.4 see - https://gcc.gnu.org/gcc-11/changes.html

Below is the bug fix list for v11.4
https://gcc.gnu.org/bugzilla/buglist.cgi?bug_status=RESOLVED=short_desc%2Cbug_status%2Cpriority%2Cassigned_to%2Cbug_id_format=advanced=FIXED_milestone=11.4

There are a total 115 bugs are fixed in this release, below is the list of bugs 
fixed excluding the regression fixes.

ID  Product CompResolution  Summary▲
108199  gcc tree-optFIXEBitfields, unions and SRA and 
storage_order_attribute
107801  gcc libstdc+FIXEBuilding cross compiler for H8 family 
fails in libstdc++ (c++17/memory_resource.cc)
108265  gcc libstdc+FIXEchrono::hh_mm_ss can't be constructed 
from unsigned durations
104443  gcc libstdc+FIXEcommon_iterator::operator-> is 
not correctly implemented
98056   gcc c++ FIXEcoroutines: ICE tree check: expected 
record_type or union_type or qual_union_type, have array_type since 
r11-2183-g0f66b8486cea8668
107061  gcc target  FIXEENCODEKEY128 clobbers xmm4-xmm6
105433  gcc testsuitFIXEFAIL: 
gcc.target/i386/iamcu/test_3_element_struct_and_unions.c
105095  gcc testsuitFIXEgcc.dg/vect/complex/fast-math-complex-* 
tests are not executed
100474  gcc c++ FIXEICE: in diagnose_trait_expr, at 
cp/constraint.cc:3706
105854  gcc target  FIXEICE: in extract_constrain_insn, at 
recog.cc:2692 (insn does not satisfy its constraints: sse2_lshrv1ti3)
104462  gcc target  FIXEICE: in extract_constrain_insn_cached, 
at recog.cc:2682 with -mavx512fp16 -mno-xsave
106045  gcc libgomp FIXEIncorrect testcase in 
libgomp.c/target-31.c at -O0
56189   gcc c++ FIXEInfinite recursion with noexcept when 
instantiating function template
100295  gcc c++ FIXEInternal compiler error from generic 
lambda capturing parameter pack and expanding it in if constexpr
100613  gcc jit FIXElibgccjit should produce dylib on macOS
104875  gcc libstdc+FIXE
libstdc++-v3/src/c++11/codecvt.cc:312:24: warning: left shift count >= width of 
type
107471  gcc libstdc+FIXEmismatching constraints in 
common_iterator
105284  gcc libstdc+FIXEmissing syncstream and spanstream 
forward decl. in 
98821   gcc c++ FIXEmodules : c++tools configures with CC 
but code fragments assume CXX.
109846  gcc fortran FIXEPointer-valued function reference 
rejected as actual argument
101324  gcc target  FIXEpowerpc64le: hashst appears before mflr 
at -O1 or higher
102479  gcc c++ FIXEsegfault when deducing class template 
arguments for tuple with libc++-14
105128  gcc libstdc+FIXEsource_location compile error for 
latest clang 15
106183  gcc libstdc+FIXEstd::atomic::wait might fail to be 
unblocked by notify_one/all on platforms without platform_wait()
102994  gcc libstdc+FIXEstd::atomic::wait is not marked 
const
105324  gcc libstdc+FIXEstd::from_chars() assertion at 
floating_from_chars.cc:78 when parsing 1.
105375  gcc libstdc+FIXEstd::packaged_task has no deduction 
guide.
104602  gcc libstdc+FIXEstd::source_location::current uses cast 
from void*
106808  gcc libstdc+FIXEstd::string_view range concept 
requirement causes compile error with Boost.Filesystem
105725  gcc c++ FIXE[ICE] segfault with `-Wmismatched-tags`
105920  gcc target  FIXE__builtin_cpu_supports ("f16c") should 
check AVX

Signed-off-by: Sundeep KOKKONDA 
Signed-off-by: Steve Sakoman 
---
 meta/conf/distro/include/maintainers.inc  |   2 +-
 .../gcc/{gcc-11.3.inc => gcc-11.4.inc}|   6 +-
 ...ian_11.3.bb => gcc-cross-canadian_11.4.bb} |   0
 .../{gcc-cross_11.3.bb => gcc-cross_11.4.bb}  |   0
 ...-crosssdk_11.3.bb => gcc-crosssdk_11.4.bb} |   0
 ...cc-runtime_11.3.bb => gcc-runtime_11.4.bb} |   0
 ...itizers_11.3.bb => gcc-sanitizers_11.4.bb} |   0
 ...{gcc-source_11.3.bb => gcc-source_11.4.bb} |   0
 ...rch64-Update-Neoverse-N2-core-defini.patch |  20 ++--
 ...rm-add-armv9-a-architecture-to-march.patch |  54 +-
 ...AMIC_LINKER-and-UCLIBC_DYNAMIC_LINKE.patch | 102 +-
 ...s-fix-v4bx-to-linker-to-support-EABI.patch |   6 +-
 .../gcc/{gcc_11.3.bb => gcc_11.4.bb}  |   0
 ...initial_11.3.bb => libgcc-initial_11.4.bb} |   0
 .../gcc/{libgcc_11.3.bb => libgcc_11.4.bb}|   0
 ...ibgfortran_11.3.bb => libgfortran_11.4.bb} |   0
 16 files changed, 93 insertions(+), 97 deletions(-)
 rename meta/recipes-devtools/gcc/{gcc-11.3.inc => gcc-11.4.inc} (97%)
 rename meta/recipes-devtools/gcc/{gcc-cross-canadian_11.3.bb => 
gcc-cross-canadian_11.4.bb} (100%)
 

[OE-core][kirkstone 13/30] lttng-ust: upgrade 2.13.5 -> 2.13.6

[Steve Sakoman]

From: Wang Mingyu 

Changelog:
===
* Fix: segmentation fault on filter interpretation in "switch" mode
* Fix: `ip` context is expressed as a base-10 field
* Fix: c99: use __asm__ __volatile__
* Fix: c99: static assert: clang build fails due to multiple typedef
* Fix: Reevaluate LTTNG_UST_TRACEPOINT_DEFINE each time tracepoint.h is included
* Fix: trace events in C++ constructors/destructors
* Fix: trace events in C constructors/destructors
* Fix: use unaligned pointer accesses for lttng_inline_memcpy

Signed-off-by: Wang Mingyu 
Signed-off-by: Richard Purdie 
(cherry picked from commit 656470b4b0db579308d218d1ece77bdacd168d14)
Signed-off-by: Steve Sakoman 
---
 .../lttng/{lttng-ust_2.13.5.bb => lttng-ust_2.13.6.bb}  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-kernel/lttng/{lttng-ust_2.13.5.bb => lttng-ust_2.13.6.bb} 
(95%)

diff --git a/meta/recipes-kernel/lttng/lttng-ust_2.13.5.bb 
b/meta/recipes-kernel/lttng/lttng-ust_2.13.6.bb
similarity index 95%
rename from meta/recipes-kernel/lttng/lttng-ust_2.13.5.bb
rename to meta/recipes-kernel/lttng/lttng-ust_2.13.6.bb
index 916408bff0..424b0fa645 100644
--- a/meta/recipes-kernel/lttng/lttng-ust_2.13.5.bb
+++ b/meta/recipes-kernel/lttng/lttng-ust_2.13.6.bb
@@ -34,7 +34,7 @@ SRC_URI = 
"https://lttng.org/files/lttng-ust/lttng-ust-${PV}.tar.bz2 \
file://0001-Makefile.am-update-rpath-link.patch \
"
 
-SRC_URI[sha256sum] = 
"f1d7bb4984a3dc5dacd3b7bcb4c10c04b041b0eecd7cba1fef3d8f86aff02bd6"
+SRC_URI[sha256sum] = 
"e7e04596dd73ac7aa99e27cd000f949dbb0fed51bd29099f9b08a25c1df0ced5"
 
 CVE_PRODUCT = "ust"
 
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#185091): 
https://lists.openembedded.org/g/openembedded-core/message/185091
Mute This Topic: https://lists.openembedded.org/mt/100447624/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone 12/30] libksba: upgrade 1.6.3 -> 1.6.4

[Steve Sakoman]

From: Wang Mingyu 

Changelog:
Correctly detect CMS write errors.

Signed-off-by: Wang Mingyu 
Signed-off-by: Richard Purdie 
(cherry picked from commit 0296cf63007542c1cb209a4288be1c82aa2ba843)
Signed-off-by: Steve Sakoman 
---
 .../libksba/{libksba_1.6.3.bb => libksba_1.6.4.bb}  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-support/libksba/{libksba_1.6.3.bb => libksba_1.6.4.bb} 
(94%)

diff --git a/meta/recipes-support/libksba/libksba_1.6.3.bb 
b/meta/recipes-support/libksba/libksba_1.6.4.bb
similarity index 94%
rename from meta/recipes-support/libksba/libksba_1.6.3.bb
rename to meta/recipes-support/libksba/libksba_1.6.4.bb
index dc39693be4..f9636f9433 100644
--- a/meta/recipes-support/libksba/libksba_1.6.3.bb
+++ b/meta/recipes-support/libksba/libksba_1.6.4.bb
@@ -24,7 +24,7 @@ UPSTREAM_CHECK_URI = "https://gnupg.org/download/index.html;
 SRC_URI = "${GNUPG_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \
file://ksba-add-pkgconfig-support.patch"
 
-SRC_URI[sha256sum] = 
"3f72c68db30971ebbf14367527719423f0a4d5f8103fc9f4a1c01a9fa440de5c"
+SRC_URI[sha256sum] = 
"bbb43f032b9164d86c781ffe42213a83bf4f2fee91455edfa4654521b8b03b6b"
 
 do_configure:prepend () {
# Else these could be used in preference to those in aclocal-copy
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#185090): 
https://lists.openembedded.org/g/openembedded-core/message/185090
Mute This Topic: https://lists.openembedded.org/mt/100447622/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone 11/30] libassuan: upgrade 2.5.5 -> 2.5.6

[Steve Sakoman]

From: Wang Mingyu 

Changelog:
===
 * Fix logging of confidential data.  [rA0fc31770fa]
 * Fix memory wiping.  [T5977]
 * Fix macOS build problem.  [T5440,T5610]
 * Upgrade autoconf stuff.

Signed-off-by: Wang Mingyu 
Signed-off-by: Richard Purdie 
(cherry picked from commit 90126be6dc32170c08eb90223b6a6cc06c2133ce)
Signed-off-by: Steve Sakoman 
---
 .../libassuan/{libassuan_2.5.5.bb => libassuan_2.5.6.bb}| 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-support/libassuan/{libassuan_2.5.5.bb => 
libassuan_2.5.6.bb} (93%)

diff --git a/meta/recipes-support/libassuan/libassuan_2.5.5.bb 
b/meta/recipes-support/libassuan/libassuan_2.5.6.bb
similarity index 93%
rename from meta/recipes-support/libassuan/libassuan_2.5.5.bb
rename to meta/recipes-support/libassuan/libassuan_2.5.6.bb
index 2bab3ac955..7e899e7399 100644
--- a/meta/recipes-support/libassuan/libassuan_2.5.5.bb
+++ b/meta/recipes-support/libassuan/libassuan_2.5.6.bb
@@ -20,7 +20,7 @@ SRC_URI = "${GNUPG_MIRROR}/libassuan/libassuan-${PV}.tar.bz2 \
file://libassuan-add-pkgconfig-support.patch \
   "
 
-SRC_URI[sha256sum] = 
"8e8c2fcc982f9ca67dcbb1d95e2dc746b1739a4668bc20b3a3c5be632edb34e4"
+SRC_URI[sha256sum] = 
"e9fd27218d5394904e4e39788f9b1742711c3e6b41689a31aa3380bd5aa4f426"
 
 BINCONFIG = "${bindir}/libassuan-config"
 
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#185089): 
https://lists.openembedded.org/g/openembedded-core/message/185089
Mute This Topic: https://lists.openembedded.org/mt/100447621/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone 10/30] diffutils: update 3.9 -> 3.10

[Steve Sakoman]

From: Alexander Kanavin 

* Noteworthy changes in release 3.10 (2023-05-21) [stable]

** Bug fixes

  cmp/diff can again work with file dates past Y2K38
  [bug introduced in 3.9]

  diff -D no longer fails to output #ifndef lines.
  [bug#61193 introduced in 3.9]

Remove the comment addition from the patch body, as it
increases likelyhood of rebase conflicts, and repeats what
the commit says.

Signed-off-by: Alexander Kanavin 
Signed-off-by: Alexandre Belloni 
Signed-off-by: Richard Purdie 
(cherry picked from commit 925155acc6922f7e9df2afa45e79ad1b2c57ba24)
Signed-off-by: Steve Sakoman 
(cherry picked from commit 21e40166870fadee986fb36be80019d3bcdb69e5)
Signed-off-by: Steve Sakoman 
---
 ...001-Skip-strip-trailing-cr-test-case.patch | 19 +++
 .../{diffutils_3.9.bb => diffutils_3.10.bb}   |  2 +-
 2 files changed, 8 insertions(+), 13 deletions(-)
 rename meta/recipes-extended/diffutils/{diffutils_3.9.bb => diffutils_3.10.bb} 
(93%)

diff --git 
a/meta/recipes-extended/diffutils/diffutils/0001-Skip-strip-trailing-cr-test-case.patch
 
b/meta/recipes-extended/diffutils/diffutils/0001-Skip-strip-trailing-cr-test-case.patch
index 8b88c308f2..32793233f9 100644
--- 
a/meta/recipes-extended/diffutils/diffutils/0001-Skip-strip-trailing-cr-test-case.patch
+++ 
b/meta/recipes-extended/diffutils/diffutils/0001-Skip-strip-trailing-cr-test-case.patch
@@ -1,4 +1,4 @@
-From 027229d25392b22d7280c0abbc3efde4f467d167 Mon Sep 17 00:00:00 2001
+From f31395c931bc633206eccfcf5d15021a3e86 Mon Sep 17 00:00:00 2001
 From: Peiran Hong 
 Date: Thu, 5 Sep 2019 15:42:22 -0400
 Subject: [PATCH] Skip strip-trailing-cr test case
@@ -12,23 +12,18 @@ Upstream-Status: Inappropriate [embedded specific]
 Signed-off-by: Peiran Hong 
 
 ---
- tests/Makefile.am | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
+ tests/Makefile.am | 1 -
+ 1 file changed, 1 deletion(-)
 
 diff --git a/tests/Makefile.am b/tests/Makefile.am
-index d98df82..757ea52 100644
+index 79bacfb..4adb4d7 100644
 --- a/tests/Makefile.am
 +++ b/tests/Makefile.am
-@@ -21,9 +21,11 @@ TESTS = \
+@@ -22,7 +22,6 @@ TESTS = \
stdin \
strcoll-0-names \
filename-quoting \
 -  strip-trailing-cr \
timezone \
-   colors
-+# Skipping this test since it requires valgrind
-+# and thus is too heavy for diffutils package
-+# strip-trailing-cr
- 
- XFAIL_TESTS = large-subopt
- 
+   colors \
+   y2038-vs-32bit
diff --git a/meta/recipes-extended/diffutils/diffutils_3.9.bb 
b/meta/recipes-extended/diffutils/diffutils_3.10.bb
similarity index 93%
rename from meta/recipes-extended/diffutils/diffutils_3.9.bb
rename to meta/recipes-extended/diffutils/diffutils_3.10.bb
index 2bb9e6f32d..08e8305612 100644
--- a/meta/recipes-extended/diffutils/diffutils_3.9.bb
+++ b/meta/recipes-extended/diffutils/diffutils_3.10.bb
@@ -8,7 +8,7 @@ SRC_URI = "${GNU_MIRROR}/diffutils/diffutils-${PV}.tar.xz \
file://0001-Skip-strip-trailing-cr-test-case.patch \
"
 
-SRC_URI[sha256sum] = 
"d80d3be90a201868de83d78dad3413ad88160cc53bcc36eb9eaf7c20dbf023f1"
+SRC_URI[sha256sum] = 
"90e5e93cc724e4ebe12ede80df1634063c7a855692685919bfe60b556c9bd09e"
 
 EXTRA_OECONF += "ac_cv_path_PR_PROGRAM=${bindir}/pr 
--without-libsigsegv-prefix"
 
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#185088): 
https://lists.openembedded.org/g/openembedded-core/message/185088
Mute This Topic: https://lists.openembedded.org/mt/100447620/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone 09/30] python3: upgrade 3.10.9 -> 3.10.12

[Steve Sakoman]

From: Tim Orling 

Security and bugfix updates.

* Drop cve-2023-24329.patch as it is merged in 3.10.12

CVE: CVE-2023-24329

Includes openssl 1.1.1u which addresses:
CVE: CVE-2023-0286
CVE: CVE-2022-4304
CVE: CVE-2022-4203

https://docs.python.org/release/3.10.12/whatsnew/changelog.html#python-3-10-12-final
https://docs.python.org/release/3.10.12/whatsnew/changelog.html#python-3-10-11-final
https://docs.python.org/release/3.10.12/whatsnew/changelog.html#python-3-10-10-final

License-Update: Update Copyright years to include 2023

Signed-off-by: Tim Orling 
Signed-off-by: Steve Sakoman 
---
 .../python/python3/cve-2023-24329.patch   | 50 ---
 .../{python3_3.10.9.bb => python3_3.10.12.bb} |  5 +-
 2 files changed, 2 insertions(+), 53 deletions(-)
 delete mode 100644 meta/recipes-devtools/python/python3/cve-2023-24329.patch
 rename meta/recipes-devtools/python/{python3_3.10.9.bb => python3_3.10.12.bb} 
(98%)

diff --git a/meta/recipes-devtools/python/python3/cve-2023-24329.patch 
b/meta/recipes-devtools/python/python3/cve-2023-24329.patch
deleted file mode 100644
index d47425d239..00
--- a/meta/recipes-devtools/python/python3/cve-2023-24329.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From 72d356e3584ebfb8e813a8e9f2cd3dccf233c0d9 Mon Sep 17 00:00:00 2001
-From: "Miss Islington (bot)"
- <31488909+miss-isling...@users.noreply.github.com>
-Date: Sun, 13 Nov 2022 11:00:25 -0800
-Subject: [PATCH] gh-99418: Make urllib.parse.urlparse enforce that a scheme
- must begin with an alphabetical ASCII character. (GH-99421)
-
-Prevent urllib.parse.urlparse from accepting schemes that don't begin with an 
alphabetical ASCII character.
-
-RFC 3986 defines a scheme like this: `scheme = ALPHA *( ALPHA / DIGIT / "+" / 
"-" / "." )`
-RFC 2234 defines an ALPHA like this: `ALPHA = %x41-5A / %x61-7A`
-
-The WHATWG URL spec defines a scheme like this:
-`"A URL-scheme string must be one ASCII alpha, followed by zero or more of 
ASCII alphanumeric, U+002B (+), U+002D (-), and U+002E (.)."`
-(cherry picked from commit 439b9cfaf43080e91c4ad69f312f21fa098befc7)
-
-Co-authored-by: Ben Kallus <49924171+kenbal...@users.noreply.github.com>
 end original header ---
-
-CVE: CVE-2023-24329
-
-Upstream-Status: Backport [see below]
-
-Taken from https://github.com/python/cpython.git
-commit 72d356e3584ebfb8e813a8e9f2cd3dccf233c0d9
-
-CVE fix extracted; test case and update to NEWS abandoned.
-Defuzzed.
-
-Signed-off-by: Joe Slater 

- Lib/urllib/parse.py | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/Lib/urllib/parse.py b/Lib/urllib/parse.py
-index 26ddf30..1c53acb 100644
 a/Lib/urllib/parse.py
-+++ b/Lib/urllib/parse.py
-@@ -469,7 +469,7 @@ def urlsplit(url, scheme='', allow_fragments=True):
- clear_cache()
- netloc = query = fragment = ''
- i = url.find(':')
--if i > 0:
-+if i > 0 and url[0].isascii() and url[0].isalpha():
- for c in url[:i]:
- if c not in scheme_chars:
- break
--- 
-2.25.1
-
diff --git a/meta/recipes-devtools/python/python3_3.10.9.bb 
b/meta/recipes-devtools/python/python3_3.10.12.bb
similarity index 98%
rename from meta/recipes-devtools/python/python3_3.10.9.bb
rename to meta/recipes-devtools/python/python3_3.10.12.bb
index 4ecc7614bb..74f1defc95 100644
--- a/meta/recipes-devtools/python/python3_3.10.9.bb
+++ b/meta/recipes-devtools/python/python3_3.10.12.bb
@@ -4,7 +4,7 @@ DESCRIPTION = "Python is a programming language that lets you 
work more quickly
 LICENSE = "PSF-2.0"
 SECTION = "devel/python"
 
-LIC_FILES_CHKSUM = "file://LICENSE;md5=a1822df8d0f068628ca6090aedc5bfc8"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=fcf6b249c2641540219a727f35d8d2c2"
 
 SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \
file://run-ptest \
@@ -35,7 +35,6 @@ SRC_URI = 
"http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \

file://0001-setup.py-Do-not-detect-multiarch-paths-when-cross-co.patch \
file://deterministic_imports.patch \
file://0001-Avoid-shebang-overflow-on-python-config.py.patch \
-   file://cve-2023-24329.patch \
"
 
 SRC_URI:append:class-native = " \
@@ -44,7 +43,7 @@ SRC_URI:append:class-native = " \
file://12-distutils-prefix-is-inside-staging-area.patch \
file://0001-Don-t-search-system-for-headers-libraries.patch \
"
-SRC_URI[sha256sum] = 
"5ae03e308260164baba39921fdb4dbf8e6d03d8235a939d4582b33f0b5e46a83"
+SRC_URI[sha256sum] = 
"afb74bf19130e7a47d10312c8f5e784f24e0527981eab68e20546cfb865830b8"
 
 # exclude pre-releases for both python 2.x and 3.x
 UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P\d+(\.\d+)+).tar"
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#185087): 
https://lists.openembedded.org/g/openembedded-core/message/185087
Mute This Topic: https://lists.openembedded.org/mt/100447619/21656
Group Owner: 

[OE-core][kirkstone 08/30] dmidecode: fix CVE-2023-30630

[Steve Sakoman]

From: Yogita Urade 

Dmidecode before 3.5 allows -dump-bin to overwrite a local file.
This has security relevance because, for example, execution of
Dmidecode via Sudo is plausible.

References:
https://nvd.nist.gov/vuln/detail/CVE-2023-30630
https://lists.nongnu.org/archive/html/dmidecode-devel/2023-04/msg00016.html
https://lists.nongnu.org/archive/html/dmidecode-devel/2023-04/msg00017.html

Backport: fixes fuzz in the CVE-2023-30630_2.patch in kirkstone

Signed-off-by: Yogita Urade 
Signed-off-by: Steve Sakoman 
(cherry picked from commit f92e59a0894145a828dc9ac74bf8c7a9355e0587)
Signed-off-by: Dhairya Nagodra 
Signed-off-by: Steve Sakoman 
---
 .../dmidecode/CVE-2023-30630_1.patch  | 237 ++
 .../dmidecode/CVE-2023-30630_2.patch  |  80 ++
 .../dmidecode/CVE-2023-30630_3.patch  |  69 +
 .../dmidecode/CVE-2023-30630_4.patch  | 137 ++
 .../dmidecode/dmidecode_3.3.bb|   4 +
 5 files changed, 527 insertions(+)
 create mode 100644 
meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_1.patch
 create mode 100644 
meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_2.patch
 create mode 100644 
meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_3.patch
 create mode 100644 
meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_4.patch

diff --git a/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_1.patch 
b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_1.patch
new file mode 100644
index 00..53480d6299
--- /dev/null
+++ b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_1.patch
@@ -0,0 +1,237 @@
+From  d8cfbc808f387e87091c25e7d5b8c2bb348bb206 Mon Sep 17 00:00:00 2001
+From: Jean Delvare 
+Date: Tue, 27 Jun 2023 09:40:23 +
+Subject: [PATCH] dmidecode: Write the whole dump file at once
+
+When option --dump-bin is used, write the whole dump file at once,
+instead of opening and closing the file separately for the table
+and then for the entry point.
+
+As the file writing function is no longer generic, it gets moved
+from util.c to dmidecode.c.
+
+One minor functional change resulting from the new implementation is
+that the entry point is written first now, so the messages printed
+are swapped.
+
+Signed-off-by: Jean Delvare 
+Reviewed-by: Jerry Hoemann 
+
+CVE: CVE-2023-30630
+
+Reference: 
https://github.com/mirror/dmidecode/commit/39b2dd7b6ab719b920e96ed832cfb4bdd664e808
+
+Upstream-Status: Backport 
[https://github.com/mirror/dmidecode/commit/d8cfbc808f387e87091c25e7d5b8c2bb348bb206]
+
+Signed-off-by: Yogita Urade 
+---
+ dmidecode.c | 79 +++--
+ util.c  | 40 ---
+ util.h  |  1 -
+ 3 files changed, 58 insertions(+), 62 deletions(-)
+
+diff --git a/dmidecode.c b/dmidecode.c
+index 9aeff91..5477309 100644
+--- a/dmidecode.c
 b/dmidecode.c
+@@ -5427,11 +5427,56 @@ static void dmi_table_string(const struct dmi_header 
*h, const u8 *data, u16 ver
+   }
+ }
+
+-static void dmi_table_dump(const u8 *buf, u32 len)
++static int dmi_table_dump(const u8 *ep, u32 ep_len, const u8 *table,
++u32 table_len)
+ {
++  FILE *f;
++
++  f = fopen(opt.dumpfile, "wb");
++  if (!f)
++  {
++  fprintf(stderr, "%s: ", opt.dumpfile);
++  perror("fopen");
++  return -1;
++  }
++
++  if (!(opt.flags & FLAG_QUIET))
++  pr_comment("Writing %d bytes to %s.", ep_len, opt.dumpfile);
++  if (fwrite(ep, ep_len, 1, f) != 1)
++  {
++  fprintf(stderr, "%s: ", opt.dumpfile);
++  perror("fwrite");
++  goto err_close;
++  }
++
++  if (fseek(f, 32, SEEK_SET) != 0)
++  {
++  fprintf(stderr, "%s: ", opt.dumpfile);
++  perror("fseek");
++  goto err_close;
++  }
++
+   if (!(opt.flags & FLAG_QUIET))
+-  pr_comment("Writing %d bytes to %s.", len, opt.dumpfile);
+-  write_dump(32, len, buf, opt.dumpfile, 0);
++  pr_comment("Writing %d bytes to %s.", table_len, opt.dumpfile);
++  if (fwrite(table, table_len, 1, f) != 1)
++  {
++  fprintf(stderr, "%s: ", opt.dumpfile);
++  perror("fwrite");
++  goto err_close;
++  }
++
++  if (fclose(f))
++  {
++  fprintf(stderr, "%s: ", opt.dumpfile);
++  perror("fclose");
++  return -1;
++  }
++
++  return 0;
++
++err_close:
++  fclose(f);
++  return -1;
+ }
+
+ static void dmi_table_decode(u8 *buf, u32 len, u16 num, u16 ver, u32 flags)
+@@ -5648,11 +5693,6 @@ static void dmi_table(off_t base, u32 len, u16 num, u32 
ver, const char *devmem,
+   return;
+   }
+
+-  if (opt.flags & FLAG_DUMP_BIN)
+-  dmi_table_dump(buf, len);
+-  else
+-  dmi_table_decode(buf, len, num, ver >> 8, flags);
+-
+   free(buf);
+ }
+
+@@ -5688,8 +5728,9 

[OE-core][kirkstone 07/30] openssh: fix CVE-2023-38408

[Steve Sakoman]

From: Archana Polampalli 

The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an
insufficiently trustworthy search path, leading to remote code
execution if an agent is forwarded to an attacker-controlled system.
(Code in /usr/lib is not necessarily safe for loading into ssh-agent.)
NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.

References:
https://nvd.nist.gov/vuln/detail/CVE-2023-38408

Upstream patches:
https://github.com/openssh/openssh-portable/commit/892506b13654301f69f9545f48213fc210e5c5cc
https://github.com/openssh/openssh-portable/commit/1f2731f5d7a8f8a8385c6031667ed29072c0d92a
https://github.com/openssh/openssh-portable/commit/29ef8a04866ca14688d5b7fed7b8b9deab851f77
https://github.com/openssh/openssh-portable/commit/099cdf59ce1e72f55d421c8445bf6321b3004755

Signed-off-by: Archana Polampalli 
Signed-off-by: Steve Sakoman 
---
 .../openssh/openssh/CVE-2023-38408-0001.patch | 585 ++
 .../openssh/openssh/CVE-2023-38408-0002.patch | 173 ++
 .../openssh/openssh/CVE-2023-38408-0003.patch |  36 ++
 .../openssh/openssh/CVE-2023-38408-0004.patch | 114 
 .../openssh/openssh_8.9p1.bb  |   4 +
 5 files changed, 912 insertions(+)
 create mode 100644 
meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-0001.patch
 create mode 100644 
meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-0002.patch
 create mode 100644 
meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-0003.patch
 create mode 100644 
meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-0004.patch

diff --git 
a/meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-0001.patch 
b/meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-0001.patch
new file mode 100644
index 00..2ee344cb27
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-0001.patch
@@ -0,0 +1,585 @@
+From 099cdf59ce1e72f55d421c8445bf6321b3004755 Mon Sep 17 00:00:00 2001
+From: "d...@openbsd.org" 
+Date: Wed, 19 Jul 2023 14:03:45 +
+Subject: [PATCH 1/4] upstream: Separate ssh-pkcs11-helpers for each p11 module
+
+Make ssh-pkcs11-client start an independent helper for each provider,
+providing better isolation between modules and reliability if a single
+module misbehaves.
+
+This also implements reference counting of PKCS#11-hosted keys,
+allowing ssh-pkcs11-helper subprocesses to be automatically reaped
+when no remaining keys reference them. This fixes some bugs we have
+that make PKCS11 keys unusable after they have been deleted, e.g.
+https://bugzilla.mindrot.org/show_bug.cgi?id=3125
+
+ok markus@
+
+OpenBSD-Commit-ID: 0ce188b14fe271ab0568f4500070d96c5657244e
+
+Upstream-Status: Backport 
[https://github.com/openssh/openssh-portable/commit/099cdf59ce1e72f55d421c8445bf6321b3004755]
+
+CVE: CVE-2023-38408
+
+Signed-off-by: Archana Polampalli 
+---
+ ssh-pkcs11-client.c | 378 +---
+ 1 file changed, 285 insertions(+), 93 deletions(-)
+
+diff --git a/ssh-pkcs11-client.c b/ssh-pkcs11-client.c
+index cfd833d..7db6c6c 100644
+--- a/ssh-pkcs11-client.c
 b/ssh-pkcs11-client.c
+@@ -1,4 +1,4 @@
+-/* $OpenBSD: ssh-pkcs11-client.c,v 1.17 2020/10/18 11:32:02 djm Exp $ */
++/* $OpenBSD: ssh-pkcs11-client.c,v 1.18 2023/07/19 14:03:45 djm Exp $ */
+ /*
+  * Copyright (c) 2010 Markus Friedl.  All rights reserved.
+  * Copyright (c) 2014 Pedro Martelletto. All rights reserved.
+@@ -30,12 +30,11 @@
+ #include 
+ #include 
+ #include 
++#include 
+
+ #include 
+ #include 
+
+-#include "openbsd-compat/openssl-compat.h"
+-
+ #include "pathnames.h"
+ #include "xmalloc.h"
+ #include "sshbuf.h"
+@@ -47,18 +46,140 @@
+ #include "ssh-pkcs11.h"
+ #include "ssherr.h"
+
++#include "openbsd-compat/openssl-compat.h"
++
+ /* borrows code from sftp-server and ssh-agent */
+
+-static int fd = -1;
+-static pid_t pid = -1;
++/*
++ * Maintain a list of ssh-pkcs11-helper subprocesses. These may be looked up
++ * by provider path or their unique EC/RSA METHOD pointers.
++ */
++struct helper {
++  char *path;
++  pid_t pid;
++  int fd;
++  RSA_METHOD *rsa_meth;
++  EC_KEY_METHOD *ec_meth;
++  int (*rsa_finish)(RSA *rsa);
++  void (*ec_finish)(EC_KEY *key);
++  size_t nrsa, nec; /* number of active keys of each type */
++};
++static struct helper **helpers;
++static size_t nhelpers;
++
++static struct helper *
++helper_by_provider(const char *path)
++{
++  size_t i;
++
++  for (i = 0; i < nhelpers; i++) {
++  if (helpers[i] == NULL || helpers[i]->path == NULL ||
++  helpers[i]->fd == -1)
++  continue;
++  if (strcmp(helpers[i]->path, path) == 0)
++  return helpers[i];
++  }
++  return NULL;
++}
++
++static struct helper *
++helper_by_rsa(const RSA *rsa)
++{
++  size_t i;
++  const RSA_METHOD *meth;
++
++  if ((meth = RSA_get_method(rsa)) == NULL)
++  return NULL;
++  for (i = 0; i < 

[OE-core][kirkstone 06/30] libtiff: fix CVE-2023-26965 heap-based use after free

[Steve Sakoman]

From: Hitendra Prajapati 

Upstream-Status: Backport from 
https://gitlab.com/libtiff/libtiff/-/commit/ec8ef90c1f573c9eb1f17d6a056aa0015f184acf

Signed-off-by: Hitendra Prajapati 
Signed-off-by: Steve Sakoman 
---
 .../libtiff/tiff/CVE-2023-26965.patch | 97 +++
 meta/recipes-multimedia/libtiff/tiff_4.3.0.bb |  1 +
 2 files changed, 98 insertions(+)
 create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-26965.patch

diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2023-26965.patch 
b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-26965.patch
new file mode 100644
index 00..2162493e34
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-26965.patch
@@ -0,0 +1,97 @@
+From ec8ef90c1f573c9eb1f17d6a056aa0015f184acf Mon Sep 17 00:00:00 2001
+From: Su_Laus 
+Date: Tue, 14 Feb 2023 20:43:43 +0100
+Subject: [PATCH] tiffcrop: Do not reuse input buffer for subsequent images.
+ Fix issue 527
+
+Reuse of read_buff within loadImage() from previous image is quite unsafe, 
because other functions (like rotateImage() etc.) reallocate that buffer with 
different size without updating the local prev_readsize value.
+
+Closes #527
+
+Upstream-Status: Backport 
[https://gitlab.com/libtiff/libtiff/-/commit/ec8ef90c1f573c9eb1f17d6a056aa0015f184acf]
+CVE: CVE-2023-26965
+Signed-off-by: Hitendra Prajapati 
+---
+ tools/tiffcrop.c | 47 +++
+ 1 file changed, 15 insertions(+), 32 deletions(-)
+
+diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
+index b811fbb..ce77c74 100644
+--- a/tools/tiffcrop.c
 b/tools/tiffcrop.c
+@@ -6066,9 +6066,7 @@ loadImage(TIFF* in, struct image_data *image, struct 
dump_opts *dump, unsigned c
+   uint32_t   tw = 0, tl = 0;   /* Tile width and length */
+   tmsize_t   tile_rowsize = 0;
+   unsigned char *read_buff = NULL;
+-  unsigned char *new_buff  = NULL;
+   int  readunit = 0;
+-  static   tmsize_t  prev_readsize = 0;
+ 
+   TIFFGetFieldDefaulted(in, TIFFTAG_BITSPERSAMPLE, );
+   TIFFGetFieldDefaulted(in, TIFFTAG_SAMPLESPERPIXEL, );
+@@ -6361,47 +6359,32 @@ loadImage(TIFF* in, struct image_data *image, struct 
dump_opts *dump, unsigned c
+ }
+  
+   read_buff = *read_ptr;
+-  /* +3 : add a few guard bytes since reverseSamples16bits() can read a bit */
+-  /* outside buffer */
+-  if (!read_buff)
+-  {
+-if( buffsize > 0xU - 3 )
++/* +3 : add a few guard bytes since reverseSamples16bits() can read a bit
++ * outside buffer */
++/* Reuse of read_buff from previous image is quite unsafe, because other
++ * functions (like rotateImage() etc.) reallocate that buffer with 
different
++ * size without updating the local prev_readsize value. */
++   if (read_buff)
+ {
+-TIFFError("loadImage", "Unable to allocate/reallocate read buffer");
+-return (-1);
++_TIFFfree(read_buff);
+ }
+-read_buff = (unsigned char *)limitMalloc(buffsize + 
NUM_BUFF_OVERSIZE_BYTES);
+-  }
+-  else
++if (buffsize > 0xU - 3)
+ {
+-if (prev_readsize < buffsize)
+-{
+-  if( buffsize > 0xU - 3 )
+-  {
+-  TIFFError("loadImage", "Unable to allocate/reallocate read buffer");
+-  return (-1);
+-  }
+-  new_buff = _TIFFrealloc(read_buff, buffsize + NUM_BUFF_OVERSIZE_BYTES);
+-  if (!new_buff)
+-{
+-  free (read_buff);
+-read_buff = (unsigned char *)limitMalloc(buffsize + 
NUM_BUFF_OVERSIZE_BYTES);
+-}
+-  else
+-read_buff = new_buff;
+-  }
++TIFFError("loadImage", "Required read buffer size too large");
++return (-1);
+ }
+-  if (!read_buff)
++read_buff =
++(unsigned char *)limitMalloc(buffsize + NUM_BUFF_OVERSIZE_BYTES);
++if (!read_buff)
+ {
+-TIFFError("loadImage", "Unable to allocate/reallocate read buffer");
+-return (-1);
++TIFFError("loadImage", "Unable to allocate read buffer");
++return (-1);
+ }
+ 
+   read_buff[buffsize] = 0;
+   read_buff[buffsize+1] = 0;
+   read_buff[buffsize+2] = 0;
+ 
+-  prev_readsize = buffsize;
+   *read_ptr = read_buff;
+ 
+   /* N.B. The read functions used copy separate plane data into a buffer as 
interleaved
+-- 
+2.25.1
+
diff --git a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb 
b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
index 2ee10fca72..4796dfde24 100644
--- a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
+++ b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
@@ -37,6 +37,7 @@ SRC_URI = 
"http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
file://CVE-2023-0795_0796_0797_0798_0799.patch \
file://CVE-2023-25433.patch \
file://CVE-2023-25434-CVE-2023-25435.patch \
+   file://CVE-2023-26965.patch \
"
 
 SRC_URI[sha256sum] = 
"0e46e5acb087ce7d1ac53cf4f56a09b221537fc86dfc5daaad1c2e89e1b37ac8"
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

[OE-core][kirkstone 05/30] tiff: fix multiple CVEs

[Steve Sakoman]

From: Hitendra Prajapati 

Backport fixes for:
* CVE-2023-25433 - Upstream-Status: Backport from 
https://gitlab.com/libtiff/libtiff/-/commit/9c22495e5eeeae9e00a1596720c969656bb8d678
 && 
https://gitlab.com/libtiff/libtiff/-/commit/688012dca2c39033aa2dc7bcea9796787cfd1b44
* CVE-2023-25434 & CVE-2023-25435 - Upstream-Status: Backport from 
https://gitlab.com/libtiff/libtiff/-/commit/69818e2f2d246e6631ac2a2da692c3706b849c38

Signed-off-by: Hitendra Prajapati 
Signed-off-by: Steve Sakoman 
---
 .../libtiff/tiff/CVE-2023-25433.patch | 195 ++
 .../tiff/CVE-2023-25434-CVE-2023-25435.patch  |  94 +
 meta/recipes-multimedia/libtiff/tiff_4.3.0.bb |   2 +
 3 files changed, 291 insertions(+)
 create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-25433.patch
 create mode 100644 
meta/recipes-multimedia/libtiff/tiff/CVE-2023-25434-CVE-2023-25435.patch

diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2023-25433.patch 
b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-25433.patch
new file mode 100644
index 00..285aa3d1c4
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-25433.patch
@@ -0,0 +1,195 @@
+From 9c22495e5eeeae9e00a1596720c969656bb8d678 Mon Sep 17 00:00:00 2001
+From: Su_Laus 
+Date: Fri, 3 Feb 2023 15:31:31 +0100
+Subject: [PATCH] CVE-2023-25433
+
+tiffcrop correctly update buffersize after rotateImage()
+fix#520 rotateImage() set up a new buffer and calculates its size
+individually. Therefore, seg_buffs[] size needs to be updated accordingly.
+Before this fix, the seg_buffs buffer size was calculated with a different
+formula than within rotateImage().
+
+Closes #520.
+
+Upstream-Status: Backport 
[https://gitlab.com/libtiff/libtiff/-/commit/9c22495e5eeeae9e00a1596720c969656bb8d678
 && 
https://gitlab.com/libtiff/libtiff/-/commit/688012dca2c39033aa2dc7bcea9796787cfd1b44]
+CVE: CVE-2023-25433
+Signed-off-by: Hitendra Prajapati 
+---
+ tools/tiffcrop.c | 78 +---
+ 1 file changed, 60 insertions(+), 18 deletions(-)
+
+diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
+index eee26bf..cbd24cc 100644
+--- a/tools/tiffcrop.c
 b/tools/tiffcrop.c
+@@ -523,7 +523,7 @@ static int rotateContigSamples24bits(uint16_t, uint16_t, 
uint16_t, uint32_t,
+ static int rotateContigSamples32bits(uint16_t, uint16_t, uint16_t, uint32_t,
+  uint32_t, uint32_t, uint8_t *, uint8_t 
*);
+ static int rotateImage(uint16_t, struct image_data *, uint32_t *, uint32_t *,
+-   unsigned char **, int);
++   unsigned char **, size_t *);
+ static int mirrorImage(uint16_t, uint16_t, uint16_t, uint32_t, uint32_t,
+unsigned char *);
+ static int invertImage(uint16_t, uint16_t, uint16_t, uint32_t, uint32_t,
+@@ -6515,7 +6515,7 @@ static int  correct_orientation(struct image_data 
*image, unsigned char **work_b
+* but switch xres, yres there. */
+   uint32_t width = image->width;
+   uint32_t length = image->length;
+-  if (rotateImage(rotation, image, , , work_buff_ptr, TRUE))
++  if (rotateImage(rotation, image, , , work_buff_ptr, NULL))
+   {
+   TIFFError ("correct_orientation", "Unable to rotate image");
+   return (-1);
+@@ -7695,16 +7695,19 @@ processCropSelections(struct image_data *image, struct 
crop_mask *crop,
+ 
+ if (crop->crop_mode & CROP_ROTATE) /* rotate should be last as it can 
reallocate the buffer */
+   {
++/* rotateImage() set up a new buffer and calculates its size
++ * individually. Therefore, seg_buffs size  needs to be updated
++ * accordingly. */
++  size_t rot_buf_size = 0;
+   if (rotateImage(crop->rotation, image, >combined_width, 
+-  >combined_length, _buff, FALSE))
++  >combined_length, _buff, _buf_size))
+ {
+ TIFFError("processCropSelections", 
+   "Failed to rotate composite regions by %"PRIu32" degrees", 
crop->rotation);
+ return (-1);
+ }
+   seg_buffs[0].buffer = crop_buff;
+-  seg_buffs[0].size = (((crop->combined_width * image->bps + 7 ) / 8)
+-* image->spp) * crop->combined_length; 
++  seg_buffs[0].size = rot_buf_size;
+   }
+ }
+   else  /* Separated Images */
+@@ -7804,9 +7807,13 @@ processCropSelections(struct image_data *image, struct 
crop_mask *crop,
+ {
+   /* rotateImage() changes image->width, ->length, ->xres and ->yres, 
what it schouldn't do here, when more than one section is processed. 
+* ToDo: Therefore rotateImage() and its usage has to be reworked 
(e.g. like mirrorImage()) !!
+-   */
+-  if (rotateImage(crop->rotation, image, >regionlist[i].width, 
+-  >regionlist[i].length, _buff, FALSE))
++   * Furthermore, rotateImage() set up a new buffer and calculates
++   * its size individually. 

[OE-core][kirkstone 01/30] libjpeg-turbo: patch CVE-2023-2804

[Steve Sakoman]

From: Peter Marko 

Relevant links:
* linked fronm NVD:
  * 
https://github.com/libjpeg-turbo/libjpeg-turbo/issues/668#issuecomment-1492586118
* follow-up analysis:
  * 
https://github.com/libjpeg-turbo/libjpeg-turbo/issues/668#issuecomment-1496473989
  * picked commits fix all issues mentioned in this analysis

Signed-off-by: Peter Marko 
Signed-off-by: Steve Sakoman 
---
 .../jpeg/files/CVE-2023-2804-1.patch  | 103 ++
 .../jpeg/files/CVE-2023-2804-2.patch  |  75 +
 .../jpeg/libjpeg-turbo_2.1.5.1.bb |   2 +
 3 files changed, 180 insertions(+)
 create mode 100644 meta/recipes-graphics/jpeg/files/CVE-2023-2804-1.patch
 create mode 100644 meta/recipes-graphics/jpeg/files/CVE-2023-2804-2.patch

diff --git a/meta/recipes-graphics/jpeg/files/CVE-2023-2804-1.patch 
b/meta/recipes-graphics/jpeg/files/CVE-2023-2804-1.patch
new file mode 100644
index 00..fd8a66bca7
--- /dev/null
+++ b/meta/recipes-graphics/jpeg/files/CVE-2023-2804-1.patch
@@ -0,0 +1,103 @@
+From 42ce199c9cfe129e5e21afd48dfe757a6acf87c4 Mon Sep 17 00:00:00 2001
+From: DRC 
+Date: Tue, 4 Apr 2023 19:06:20 -0500
+Subject: [PATCH] Decomp: Don't enable 2-pass color quant w/ RGB565
+
+The 2-pass color quantization algorithm assumes 3-sample pixels.  RGB565
+is the only 3-component colorspace that doesn't have 3-sample pixels, so
+we need to treat it as a special case when determining whether to enable
+2-pass color quantization.  Otherwise, attempting to initialize 2-pass
+color quantization with an RGB565 output buffer could cause
+prescan_quantize() to read from uninitialized memory and subsequently
+underflow/overflow the histogram array.
+
+djpeg is supposed to fail gracefully if both -rgb565 and -colors are
+specified, because none of its destination managers (image writers)
+support color quantization with RGB565.  However, prescan_quantize() was
+called before that could occur.  It is possible but very unlikely that
+these issues could have been reproduced in applications other than
+djpeg.  The issues involve the use of two features (12-bit precision and
+RGB565) that are incompatible, and they also involve the use of two
+rarely-used legacy features (RGB565 and color quantization) that don't
+make much sense when combined.
+
+Fixes #668
+Fixes #671
+Fixes #680
+
+CVE: CVE-2023-2804
+Upstream-Status: Backport 
[https://github.com/libjpeg-turbo/libjpeg-turbo/commit/42ce199c9cfe129e5e21afd48dfe757a6acf87c4]
+
+Signed-off-by: Peter Marko 
+---
+ ChangeLog.md | 12 
+ jdmaster.c   |  5 +++--
+ jquant2.c|  5 +++--
+ 3 files changed, 18 insertions(+), 4 deletions(-)
+
+diff --git a/ChangeLog.md b/ChangeLog.md
+index 1c1e6538a..f1bfb3d87 100644
+--- a/ChangeLog.md
 b/ChangeLog.md
+@@ -1,3 +1,15 @@
++2.1.6
++=
++
++### Significant changes relative to 2.1.5.1:
++
++1. Fixed an oversight in 1.4 beta1[8] that caused various segfaults and buffer
++overruns when attempting to decompress various specially-crafted malformed
++12-bit-per-component JPEG images using a 12-bit-per-component build of djpeg
++(`-DWITH_12BIT=1`) with both color quantization and RGB565 color conversion
++enabled.
++
++
+ 2.1.5.1
+ ===
+ 
+diff --git a/jdmaster.c b/jdmaster.c
+index a3690bf56..a9446adfd 100644
+--- a/jdmaster.c
 b/jdmaster.c
+@@ -5,7 +5,7 @@
+  * Copyright (C) 1991-1997, Thomas G. Lane.
+  * Modified 2002-2009 by Guido Vollbeding.
+  * libjpeg-turbo Modifications:
+- * Copyright (C) 2009-2011, 2016, 2019, 2022, D. R. Commander.
++ * Copyright (C) 2009-2011, 2016, 2019, 2022-2023, D. R. Commander.
+  * Copyright (C) 2013, Linaro Limited.
+  * Copyright (C) 2015, Google, Inc.
+  * For conditions of distribution and use, see the accompanying README.ijg
+@@ -480,7 +480,8 @@ master_selection(j_decompress_ptr cinfo)
+ if (cinfo->raw_data_out)
+   ERREXIT(cinfo, JERR_NOTIMPL);
+ /* 2-pass quantizer only works in 3-component color space. */
+-if (cinfo->out_color_components != 3) {
++if (cinfo->out_color_components != 3 ||
++cinfo->out_color_space == JCS_RGB565) {
+   cinfo->enable_1pass_quant = TRUE;
+   cinfo->enable_external_quant = FALSE;
+   cinfo->enable_2pass_quant = FALSE;
+diff --git a/jquant2.c b/jquant2.c
+index 44efb18ca..1c14ef763 100644
+--- a/jquant2.c
 b/jquant2.c
+@@ -4,7 +4,7 @@
+  * This file was part of the Independent JPEG Group's software:
+  * Copyright (C) 1991-1996, Thomas G. Lane.
+  * libjpeg-turbo Modifications:
+- * Copyright (C) 2009, 2014-2015, 2020, D. R. Commander.
++ * Copyright (C) 2009, 2014-2015, 2020, 2023, D. R. Commander.
+  * For conditions of distribution and use, see the accompanying README.ijg
+  * file.
+  *
+@@ -1230,7 +1230,8 @@ jinit_2pass_quantizer(j_decompress_ptr cinfo)
+   cquantize->error_limiter = NULL;
+ 
+   /* Make sure jdmaster didn't give me a case I can't handle */
+-  if (cinfo->out_color_components != 3)
++  if (cinfo->out_color_components != 3 ||
++  cinfo->out_color_space 

[OE-core][kirkstone 04/30] go: fix CVE-2023-29406 net/http insufficient sanitization of Host header

[Steve Sakoman]

From: Vivek Kumbhar 

Signed-off-by: Vivek Kumbhar 
Signed-off-by: Steve Sakoman 
---
 meta/recipes-devtools/go/go-1.17.13.inc   |   1 +
 .../go/go-1.18/CVE-2023-29406.patch   | 210 ++
 2 files changed, 211 insertions(+)
 create mode 100644 meta/recipes-devtools/go/go-1.18/CVE-2023-29406.patch

diff --git a/meta/recipes-devtools/go/go-1.17.13.inc 
b/meta/recipes-devtools/go/go-1.17.13.inc
index 73921852fc..36904a92fb 100644
--- a/meta/recipes-devtools/go/go-1.17.13.inc
+++ b/meta/recipes-devtools/go/go-1.17.13.inc
@@ -36,6 +36,7 @@ SRC_URI += "\
 file://CVE-2023-29405.patch \
 file://CVE-2023-29402.patch \
 file://CVE-2023-29400.patch \
+file://CVE-2023-29406.patch \
 "
 SRC_URI[main.sha256sum] = 
"a1a48b23afb206f95e7bbaa9b898d965f90826f6f1d1fc0c1d784ada0cd300fd"
 
diff --git a/meta/recipes-devtools/go/go-1.18/CVE-2023-29406.patch 
b/meta/recipes-devtools/go/go-1.18/CVE-2023-29406.patch
new file mode 100644
index 00..a326cda5c4
--- /dev/null
+++ b/meta/recipes-devtools/go/go-1.18/CVE-2023-29406.patch
@@ -0,0 +1,210 @@
+From 5fa6923b1ea891400153d04ddf1545e23b40041b Mon Sep 17 00:00:00 2001
+From: Damien Neil 
+Date: Wed, 28 Jun 2023 13:20:08 -0700
+Subject: [PATCH] [release-branch.go1.19] net/http: validate Host header before
+ sending
+
+Verify that the Host header we send is valid.
+Avoids surprising behavior such as a Host of "go.dev\r\nX-Evil:oops"
+adding an X-Evil header to HTTP/1 requests.
+
+Add a test, skip the test for HTTP/2. HTTP/2 is not vulnerable to
+header injection in the way HTTP/1 is, but x/net/http2 doesn't validate
+the header and will go into a retry loop when the server rejects it.
+CL 506995 adds the necessary validation to x/net/http2.
+
+Updates #60374
+Fixes #61075
+For CVE-2023-29406
+
+Change-Id: I05cb6866a9bead043101954dfded199258c6dd04
+Reviewed-on: https://go-review.googlesource.com/c/go/+/506996
+Reviewed-by: Tatiana Bradley 
+TryBot-Result: Gopher Robot 
+Run-TryBot: Damien Neil 
+(cherry picked from commit 499458f7ca04087958987a33c2703c3ef03e27e2)
+Reviewed-on: https://go-review.googlesource.com/c/go/+/507358
+Run-TryBot: Tatiana Bradley 
+Reviewed-by: Roland Shoemaker 
+
+Upstream-Status: Backport 
[https://github.com/golang/go/commit/5fa6923b1ea891400153d04ddf1545e23b40041b]
+CVE: CVE-2023-29406
+Signed-off-by: Vivek Kumbhar 
+---
+ src/net/http/http_test.go  | 29 --
+ src/net/http/request.go| 45 --
+ src/net/http/request_test.go   | 11 ++---
+ src/net/http/transport_test.go | 18 ++
+ 4 files changed, 30 insertions(+), 73 deletions(-)
+
+diff --git a/src/net/http/http_test.go b/src/net/http/http_test.go
+index 0d92fe5..f03272a 100644
+--- a/src/net/http/http_test.go
 b/src/net/http/http_test.go
+@@ -48,35 +48,6 @@ func TestForeachHeaderElement(t *testing.T) {
+   }
+ }
+
+-func TestCleanHost(t *testing.T) {
+-  tests := []struct {
+-  in, want string
+-  }{
+-  {"www.google.com", "www.google.com"},
+-  {"www.google.com foo", "www.google.com"},
+-  {"www.google.com/foo", "www.google.com"},
+-  {" first character is a space", ""},
+-  {"[1::6]:8080", "[1::6]:8080"},
+-
+-  // Punycode:
+-  {"гофер.рф/foo", "xn--c1ae0ajs.xn--p1ai"},
+-  {"bücher.de", "xn--bcher-kva.de"},
+-  {"bücher.de:8080", "xn--bcher-kva.de:8080"},
+-  // Verify we convert to lowercase before punycode:
+-  {"BÜCHER.de", "xn--bcher-kva.de"},
+-  {"BÜCHER.de:8080", "xn--bcher-kva.de:8080"},
+-  // Verify we normalize to NFC before punycode:
+-  {"gophér.nfc", "xn--gophr-esa.nfc"},// NFC input; 
no work needed
+-  {"goph\u0065\u0301r.nfd", "xn--gophr-esa.nfd"}, // NFD input
+-  }
+-  for _, tt := range tests {
+-  got := cleanHost(tt.in)
+-  if tt.want != got {
+-  t.Errorf("cleanHost(%q) = %q, want %q", tt.in, got, 
tt.want)
+-  }
+-  }
+-}
+-
+ // Test that cmd/go doesn't link in the HTTP server.
+ //
+ // This catches accidental dependencies between the HTTP transport and
+diff --git a/src/net/http/request.go b/src/net/http/request.go
+index 09cb0c7..2f4e740 100644
+--- a/src/net/http/request.go
 b/src/net/http/request.go
+@@ -17,7 +17,6 @@ import (
+   "io"
+   "mime"
+   "mime/multipart"
+-  "net"
+   "net/http/httptrace"
+   "net/http/internal/ascii"
+   "net/textproto"
+@@ -27,6 +26,7 @@ import (
+   "strings"
+   "sync"
+
++  "golang.org/x/net/http/httpguts"
+   "golang.org/x/net/idna"
+ )
+
+@@ -568,12 +568,19 @@ func (r *Request) write(w io.Writer, usingProxy bool, 
extraHeaders Header, waitF
+   // is not given, use the host from the request URL.
+   //
+   // Clean the host, in case it arrives with unexpected stuff in it.

[OE-core][kirkstone 03/30] tiff: fix multiple CVEs

[Steve Sakoman]

From: Hitendra Prajapati 

Bug-Debian: https://bugs.debian.org/1031632
Origin: 
https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68

import from debian 
http://security.debian.org/debian-security/pool/updates/main/t/tiff/tiff_4.1.0+git191117-2~deb10u7.debian.tar.xz

fix multiple CVEs:

CVE-2023-0795
CVE-2023-0796
CVE-2023-0797
CVE-2023-0798
CVE-2023-0799

Signed-off-by: Hitendra Prajapati 
Signed-off-by: Steve Sakoman 
---
 .../CVE-2023-0795_0796_0797_0798_0799.patch   | 162 ++
 meta/recipes-multimedia/libtiff/tiff_4.3.0.bb |   1 +
 2 files changed, 163 insertions(+)
 create mode 100644 
meta/recipes-multimedia/libtiff/tiff/CVE-2023-0795_0796_0797_0798_0799.patch

diff --git 
a/meta/recipes-multimedia/libtiff/tiff/CVE-2023-0795_0796_0797_0798_0799.patch 
b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-0795_0796_0797_0798_0799.patch
new file mode 100644
index 00..498d5ec8ab
--- /dev/null
+++ 
b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-0795_0796_0797_0798_0799.patch
@@ -0,0 +1,162 @@
+From 7808740e100ba30ffb791044f3b14dec3e85ed6f Mon Sep 17 00:00:00 2001
+From: Markus Koschany 
+Date: Tue, 21 Feb 2023 14:26:43 +0100
+Subject: [PATCH] CVE-2023-0795
+
+This is also the fix for CVE-2023-0796, CVE-2023-0797, CVE-2023-0798,
+CVE-2023-0799.
+
+Bug-Debian: https://bugs.debian.org/1031632
+Origin: 
https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68
+
+Upstream-Status: Backport [import from debian 
http://security.debian.org/debian-security/pool/updates/main/t/tiff/tiff_4.1.0+git191117-2~deb10u7.debian.tar.xz
 ]
+CVE: CVE-2023-0795 CVE-2023-0796 CVE-2023-0797 CVE-2023-0798 CVE-2023-0799
+Signed-off-by: Chee Yang Lee 
+
+Signed-off-by: Hitendra Prajapati 
+---
+ tools/tiffcrop.c | 51 
+ 1 file changed, 30 insertions(+), 21 deletions(-)
+
+diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
+index adf0f84..deba170 100644
+--- a/tools/tiffcrop.c
 b/tools/tiffcrop.c
+@@ -269,7 +269,6 @@ struct  region {
+   uint32_t width; /* width in pixels */
+   uint32_t length;/* length in pixels */
+   uint32_t buffsize;  /* size of buffer needed to hold the cropped region */
+-  unsigned char *buffptr; /* address of start of the region */
+ };
+ 
+ /* Cropping parameters from command line and image data 
+@@ -524,7 +523,7 @@ static int rotateContigSamples24bits(uint16_t, uint16_t, 
uint16_t, uint32_t,
+ static int rotateContigSamples32bits(uint16_t, uint16_t, uint16_t, uint32_t,
+  uint32_t, uint32_t, uint8_t *, uint8_t 
*);
+ static int rotateImage(uint16_t, struct image_data *, uint32_t *, uint32_t *,
+-   unsigned char **);
++   unsigned char **, int);
+ static int mirrorImage(uint16_t, uint16_t, uint16_t, uint32_t, uint32_t,
+unsigned char *);
+ static int invertImage(uint16_t, uint16_t, uint16_t, uint32_t, uint32_t,
+@@ -5219,7 +5218,6 @@ initCropMasks (struct crop_mask *cps)
+  cps->regionlist[i].width = 0;
+  cps->regionlist[i].length = 0;
+  cps->regionlist[i].buffsize = 0;
+- cps->regionlist[i].buffptr = NULL;
+  cps->zonelist[i].position = 0;
+  cps->zonelist[i].total = 0;
+  }
+@@ -6511,8 +6509,13 @@ static int  correct_orientation(struct image_data 
*image, unsigned char **work_b
+  (uint16_t) (image->adjustments & ROTATE_ANY));
+   return (-1);
+   }
+- 
+-if (rotateImage(rotation, image, >width, >length, 
work_buff_ptr))
++
++  /* Dummy variable in order not to switch two times the
++   * image->width,->length within rotateImage(),
++   * but switch xres, yres there. */
++  uint32_t width = image->width;
++  uint32_t length = image->length;
++  if (rotateImage(rotation, image, , , work_buff_ptr, TRUE))
+   {
+   TIFFError ("correct_orientation", "Unable to rotate image");
+   return (-1);
+@@ -6580,7 +6583,6 @@ extractCompositeRegions(struct image_data *image,  
struct crop_mask *crop,
+ /* These should not be needed for composite images */
+ crop->regionlist[i].width = crop_width;
+ crop->regionlist[i].length = crop_length;
+-crop->regionlist[i].buffptr = crop_buff;
+ 
+ src_rowsize = ((img_width * bps * spp) + 7) / 8;
+ dst_rowsize = (((crop_width * bps * count) + 7) / 8);
+@@ -6817,7 +6819,6 @@ extractSeparateRegion(struct image_data *image,  struct 
crop_mask *crop,
+ 
+   crop->regionlist[region].width = crop_width;
+   crop->regionlist[region].length = crop_length;
+-  crop->regionlist[region].buffptr = crop_buff;
+ 
+   src = read_buff;
+   dst = crop_buff;
+@@ -7695,7 +7696,7 @@ processCropSelections(struct image_data *image, struct 
crop_mask *crop,
+ if (crop->crop_mode & CROP_ROTATE) /* rotate should be last as it can 
reallocate the buffer */
+   {
+   if (rotateImage(crop->rotation, image, >combined_width, 
+-  

[OE-core][kirkstone 02/30] python3: ignore CVE-2023-36632

[Steve Sakoman]

From: Peter Marko 

This CVE shouldn't have been filed as the "exploit" is described in the
documentation as how the library behaves.

Signed-off-by: Ross Burton 
Signed-off-by: Alexandre Belloni 
Signed-off-by: Richard Purdie 
(cherry picked from commit c652f094d86c4efb7ff99accba63b8169493ab18)
Signed-off-by: Peter Marko 
Signed-off-by: Steve Sakoman 
---
 meta/recipes-devtools/python/python3_3.10.9.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/recipes-devtools/python/python3_3.10.9.bb 
b/meta/recipes-devtools/python/python3_3.10.9.bb
index 867958c0fb..4ecc7614bb 100644
--- a/meta/recipes-devtools/python/python3_3.10.9.bb
+++ b/meta/recipes-devtools/python/python3_3.10.9.bb
@@ -61,6 +61,8 @@ CVE_CHECK_IGNORE += "CVE-2020-15523 CVE-2022-26488"
 # The mailcap module is insecure by design, so this can't be fixed in a 
meaningful way.
 # The module will be removed in the future and flaws documented.
 CVE_CHECK_IGNORE += "CVE-2015-20107"
+# Not an issue, in fact expected behaviour
+CVE_CHECK_IGNORE += "CVE-2023-36632"
 
 PYTHON_MAJMIN = "3.10"
 
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#185080): 
https://lists.openembedded.org/g/openembedded-core/message/185080
Mute This Topic: https://lists.openembedded.org/mt/100447611/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone 00/30] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Tuesday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5667

The following changes since commit e7d3e02a624f7ce23d012bb11ad1df2049066b37:

  package.bbclass: moving field data process before variable process in 
process_pkgconfig (2023-07-21 07:14:06 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Alexander Kanavin (1):
  diffutils: update 3.9 -> 3.10

Andrej Valek (1):
  kernel: add missing path to search for debug files

Archana Polampalli (1):
  openssh: fix CVE-2023-38408

Benjamin Bouvier (1):
  util-linux: add alternative links for ipcs,ipcrm

Hitendra Prajapati (3):
  tiff: fix multiple CVEs
  tiff: fix multiple CVEs
  libtiff: fix CVE-2023-26965 heap-based use after free

Jose Quaresma (2):
  openssl: add PERLEXTERNAL path to test its existence
  openssl: use a glob on the PERLEXTERNAL to track updates on the path

Khem Raj (1):
  meson.bbclass: Point to llvm-config from native sysroot

Martin Jansa (1):
  libxcrypt: fix build with perl-5.38 and use master branch

Ovidiu Panait (4):
  mdadm: fix util-linux ptest dependency
  mdadm: fix 07revert-inplace ptest
  mdadm: fix segfaults when running ptests
  mdadm: skip running known broken ptests

Peter Marko (2):
  libjpeg-turbo: patch CVE-2023-2804
  python3: ignore CVE-2023-36632

Quentin Schulz (1):
  uboot-extlinux-config.bbclass: fix old override syntax in comment

Ross Burton (2):
  python3: fix missing comma in get_module_deps3.py
  oeqa/runtime/cases/rpm: fix wait_for_no_process_for_user failure case

Sundeep KOKKONDA (1):
  gcc : upgrade to v11.4

Tim Orling (1):
  python3: upgrade 3.10.9 -> 3.10.12

Vivek Kumbhar (1):
  go: fix CVE-2023-29406 net/http insufficient sanitization of Host
header

Wang Mingyu (3):
  libassuan: upgrade 2.5.5 -> 2.5.6
  libksba: upgrade 1.6.3 -> 1.6.4
  lttng-ust: upgrade 2.13.5 -> 2.13.6

Yoann Congal (2):
  recipetool: Fix inherit in created -native* recipes
  oeqa/selftest/devtool: add unit test for "devtool add -b"

Yogita Urade (1):
  dmidecode: fix CVE-2023-30630

Yuta Hayama (1):
  systemd-systemctl: fix errors in instance name expansion

 meta/classes/kernel.bbclass   |   1 +
 meta/classes/meson.bbclass|   1 +
 meta/classes/uboot-extlinux-config.bbclass|   8 +-
 meta/conf/distro/include/maintainers.inc  |   2 +-
 meta/lib/oeqa/runtime/cases/rpm.py|   4 +-
 meta/lib/oeqa/selftest/cases/devtool.py   |  32 +
 .../openssh/openssh/CVE-2023-38408-0001.patch | 585 ++
 .../openssh/openssh/CVE-2023-38408-0002.patch | 173 ++
 .../openssh/openssh/CVE-2023-38408-0003.patch |  36 ++
 .../openssh/openssh/CVE-2023-38408-0004.patch | 114 
 .../openssh/openssh_8.9p1.bb  |   4 +
 .../openssl/openssl_3.0.9.bb  |   4 +-
 ...ommon.pm-compatible-with-latest-perl.patch |  50 ++
 ...ve-smartmatch-usage-from-gen-crypt-h.patch |  62 ++
 meta/recipes-core/libxcrypt/libxcrypt.inc |   7 +-
 .../systemd/systemd-systemctl/systemctl   |   2 +-
 .../util-linux/util-linux_2.37.4.bb   |   2 +
 .../dmidecode/CVE-2023-30630_1.patch  | 237 +++
 .../dmidecode/CVE-2023-30630_2.patch  |  80 +++
 .../dmidecode/CVE-2023-30630_3.patch  |  69 +++
 .../dmidecode/CVE-2023-30630_4.patch  | 137 
 .../dmidecode/dmidecode_3.3.bb|   4 +
 .../gcc/{gcc-11.3.inc => gcc-11.4.inc}|   6 +-
 ...ian_11.3.bb => gcc-cross-canadian_11.4.bb} |   0
 .../{gcc-cross_11.3.bb => gcc-cross_11.4.bb}  |   0
 ...-crosssdk_11.3.bb => gcc-crosssdk_11.4.bb} |   0
 ...cc-runtime_11.3.bb => gcc-runtime_11.4.bb} |   0
 ...itizers_11.3.bb => gcc-sanitizers_11.4.bb} |   0
 ...{gcc-source_11.3.bb => gcc-source_11.4.bb} |   0
 ...rch64-Update-Neoverse-N2-core-defini.patch |  20 +-
 ...rm-add-armv9-a-architecture-to-march.patch |  54 +-
 ...AMIC_LINKER-and-UCLIBC_DYNAMIC_LINKE.patch | 102 +--
 ...s-fix-v4bx-to-linker-to-support-EABI.patch |   6 +-
 .../gcc/{gcc_11.3.bb => gcc_11.4.bb}  |   0
 ...initial_11.3.bb => libgcc-initial_11.4.bb} |   0
 .../gcc/{libgcc_11.3.bb => libgcc_11.4.bb}|   0
 ...ibgfortran_11.3.bb => libgfortran_11.4.bb} |   0
 meta/recipes-devtools/go/go-1.17.13.inc   |   1 +
 .../go/go-1.18/CVE-2023-29406.patch   | 210 +++
 .../python/python3/cve-2023-24329.patch   |  50 --
 .../python/python3/get_module_deps3.py|   2 +-
 .../{python3_3.10.9.bb => python3_3.10.12.bb} |   7 +-
 ...001-Skip-strip-trailing-cr-test-case.patch |  19 +-
 .../{diffutils_3.9.bb => diffutils_3.10.bb}   |   2 +-
 ...anup-validate_geometry_ddf_container.patch | 148 +
 ...nter-dereference-in-validate_geometr.patch |  56 ++
 

Re: [OE-core] [PATCH] systemd: update to v254

[Luca Bocassi]

On Sun, 30 Jul 2023 at 13:43, Alexander Kanavin  wrote:
>
> On Sun, 30 Jul 2023 at 14:37, Luca Bocassi  wrote:
> > > Jul 30 00:29:43 qemuarm64 systemd-logind[240]: New seat seat0.
> > > Jul 30 00:29:43 qemuarm64 systemd-logind[240]: Watching system buttons on 
> > > /dev/input/event1 (QEMU QEMU USB Keyboard)
> > > Jul 30 00:29:47 qemuarm64 login[263]: pam_unix(login:auth): user [root] 
> > > has blank password; authenticated without it
> > > Jul 30 00:29:47 qemuarm64 login[263]: pam_unix(login:session): session 
> > > opened for user root(uid=0) by LOGIN(uid=0)
> > > Jul 30 00:29:51 qemuarm64 systemd-logind[240]: New session c1 of user 
> > > root.
> > > Jul 30 00:29:51 qemuarm64 (systemd): PAM unable to 
> > > dlopen(/usr/lib/security/pam_umask.so): /usr/lib/security/pam_umask.so: 
> > > cannot open shared object file: No such file or directory
> >
> > That's an optional module, it just means it's not installed. Not sure
> > which recipe provides it in yocto. It can be ignored, or the module
> > can be installed, or a custom pam config that removes it can be used.
>
> The right way to fix this would be to add a RRECOMMENDS on the package
> containing the module to the package containing the binary that
> attempts to load it. The module comes from libpam recipe.

Ok, added in v3.

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#185075): 
https://lists.openembedded.org/g/openembedded-core/message/185075
Mute This Topic: https://lists.openembedded.org/mt/100418166/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH v3] systemd: update to v254

[Luca Bocassi]

From: Luca Boccassi 

- Drop dependency on gnu-efi, add dependency on pyelftools for EFI builds
- Refresh patches
- Ship new files and directories
- Use meson target to build sd-boot instead of filenames

Signed-off-by: Luca Boccassi 
---
Note that the musl patches have been rebased to solve merge conflicts,
but not tested in any way.
v2: changed mount.ddi from sbindir to base_sbindir, unified efi and
bootloader packageconfigs as it's not useful to use one witout the
other
v3: add rrecommends on pam-plugin-umask on systemd if logind is enabled
as the default configuration optionally loads this plugin

 ...temd-boot_253.7.bb => systemd-boot_254.bb} |  17 +-
 meta/recipes-core/systemd/systemd.inc |   5 +-
 ...tall-dependency-links-at-install-tim.patch |  42 +--
 ...util-Make-STRERROR-portable-for-musl.patch |   7 +-
 ...sysctl.d-binfmt.d-modules-load.d-to-.patch |   2 +-
 ...k-parse_printf_format-implementation.patch |   6 +-
 ...missing.h-check-for-missing-strndupa.patch |  69 ++--
 ...OB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch |   4 +-
 ...14-Use-uintmax_t-for-handling-rlim_t.patch |   2 +-
 ...sable-tests-for-missing-typedefs-in-.patch |  41 ---
 ...T_SYMLINK_NOFOLLOW-flag-to-faccessat.patch |  12 +-
 ...uffering-when-writing-to-oom_score_a.patch |   2 +-
 ...compliant-strerror_r-from-GNU-specif.patch |   2 +-
 ...-not-disable-buffer-in-writing-files.patch | 142 ---
 .../0022-Handle-__cpu_mask-usage.patch|   4 +-
 .../systemd/0023-Handle-missing-gshadow.patch |  28 +-
 ...l.h-Define-MIPS-ABI-defines-for-musl.patch |   2 +-
 ...-string.c-define-wchar_t-from-__WCHA.patch |  44 ---
 meta/recipes-core/systemd/systemd/27253.patch | 313 
 meta/recipes-core/systemd/systemd/27254.patch | 345 --
 .../{systemd_253.7.bb => systemd_254.bb}  |  14 +-
 21 files changed, 173 insertions(+), 930 deletions(-)
 rename meta/recipes-core/systemd/{systemd-boot_253.7.bb => 
systemd-boot_254.bb} (79%)
 delete mode 100644 
meta/recipes-core/systemd/systemd/0015-test-sizeof.c-Disable-tests-for-missing-typedefs-in-.patch
 delete mode 100644 
meta/recipes-core/systemd/systemd/0026-src-boot-efi-efi-string.c-define-wchar_t-from-__WCHA.patch
 delete mode 100644 meta/recipes-core/systemd/systemd/27253.patch
 delete mode 100644 meta/recipes-core/systemd/systemd/27254.patch
 rename meta/recipes-core/systemd/{systemd_253.7.bb => systemd_254.bb} (98%)

diff --git a/meta/recipes-core/systemd/systemd-boot_253.7.bb 
b/meta/recipes-core/systemd/systemd-boot_254.bb
similarity index 79%
rename from meta/recipes-core/systemd/systemd-boot_253.7.bb
rename to meta/recipes-core/systemd/systemd-boot_254.bb
index b67706b7316..a5ab46fd3da 100644
--- a/meta/recipes-core/systemd/systemd-boot_253.7.bb
+++ b/meta/recipes-core/systemd/systemd-boot_254.bb
@@ -3,7 +3,7 @@ FILESEXTRAPATHS =. "${FILE_DIRNAME}/systemd:"
 
 require conf/image-uefi.conf
 
-DEPENDS = "intltool-native libcap util-linux gnu-efi gperf-native 
python3-jinja2-native"
+DEPENDS = "intltool-native libcap util-linux gperf-native 
python3-jinja2-native python3-pyelftools-native"
 
 inherit meson pkgconfig gettext
 inherit deploy
@@ -14,18 +14,14 @@ do_write_config[vardeps] += "CC OBJCOPY"
 do_write_config:append() {
 cat >${WORKDIR}/meson-${PN}.cross <
 [rebased for systemd 243]
 Signed-off-by: Scott Murray 
 ---
- units/meson.build   | 6 ++
+ units/meson.build   | 2 --
  units/proc-sys-fs-binfmt_misc.automount | 3 +++
  units/systemd-binfmt.service.in | 4 
- 3 files changed, 9 insertions(+), 4 deletions(-)
+ 3 files changed, 7 insertions(+), 2 deletions(-)
 
 diff --git a/units/meson.build b/units/meson.build
 index c7939a10f8..219570ab19 100644
 --- a/units/meson.build
 +++ b/units/meson.build
-@@ -62,8 +62,7 @@ units = [
- ['poweroff.target', '',
-  (with_runlevels ? 'runlevel0.target' : '')],
- ['printer.target',  ''],
--['proc-sys-fs-binfmt_misc.automount',   'ENABLE_BINFMT',
-- 'sysinit.target.wants/'],
-+['proc-sys-fs-binfmt_misc.automount',   'ENABLE_BINFMT'],
- ['proc-sys-fs-binfmt_misc.mount',   'ENABLE_BINFMT'],
- ['reboot.target',   '',
-  'ctrl-alt-del.target' + (with_runlevels ? ' runlevel6.target' : '')],
-@@ -185,8 +184,7 @@ in_units = [
- ['rescue.service',   ''],
- ['serial-getty@.service',''],
- ['systemd-backlight@.service',   'ENABLE_BACKLIGHT'],
--['systemd-binfmt.service',   'ENABLE_BINFMT',
-- 'sysinit.target.wants/'],
-+['systemd-binfmt.service',   'ENABLE_BINFMT'],
- ['systemd-bless-boot.service',   'HAVE_GNU_EFI HAVE_BLKID'],
- ['systemd-boot-check-no-failures.service', ''],
- ['systemd-coredump@.service','ENABLE_COREDUMP'],
+@@ -149,7 +149,6 @@ 

[OE-core] OE-core CVE metrics for mickledore on Sun 30 Jul 2023 04:00:01 AM HST

[Steve Sakoman]

Branch: mickledore

New this week: 17 CVEs
CVE-2020-25668 (CVSS3: 7.0 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25668 *
CVE-2020-2 (CVSS3: 6.7 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-2 *
CVE-2020-27815 (CVSS3: 7.8 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27815 *
CVE-2022-33065 (CVSS3: 7.8 HIGH): libsndfile1 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-33065 *
CVE-2023-0160 (CVSS3: 5.5 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0160 *
CVE-2023-2176 (CVSS3: 7.8 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2176 *
CVE-2023-2975 (CVSS3: 5.3 MEDIUM): openssl:openssl-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2975 *
CVE-2023-3446 (CVSS3: 5.3 MEDIUM): openssl:openssl-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3446 *
CVE-2023-37769 (CVSS3: 6.5 MEDIUM): pixman:pixman-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-37769 *
CVE-2023-38409 (CVSS3: 5.5 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38409 *
CVE-2023-38426 (CVSS3: 9.1 CRITICAL): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38426 *
CVE-2023-38427 (CVSS3: 9.8 CRITICAL): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38427 *
CVE-2023-38428 (CVSS3: 9.1 CRITICAL): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38428 *
CVE-2023-38429 (CVSS3: 9.8 CRITICAL): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38429 *
CVE-2023-38430 (CVSS3: 9.1 CRITICAL): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38430 *
CVE-2023-38431 (CVSS3: 9.1 CRITICAL): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38431 *
CVE-2023-38432 (CVSS3: 9.1 CRITICAL): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38432 *

Removed this week: 9 CVEs
CVE-2023-0330 (CVSS3: 6.0 MEDIUM): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0330 *
CVE-2023-1916 (CVSS3: 6.1 MEDIUM): tiff 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1916 *
CVE-2023-25433 (CVSS3: 5.5 MEDIUM): tiff 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25433 *
CVE-2023-25435 (CVSS3: 5.5 MEDIUM): tiff 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25435 *
CVE-2023-2609 (CVSS3: 7.8 HIGH): vim 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2609 *
CVE-2023-2610 (CVSS3: 7.8 HIGH): vim 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2610 *
CVE-2023-26966 (CVSS3: 5.5 MEDIUM): tiff 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26966 *
CVE-2023-2908 (CVSS3: 5.5 MEDIUM): tiff 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2908 *
CVE-2023-3316 (CVSS3: 6.5 MEDIUM): tiff 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3316 *

Full list:  Found 94 unpatched CVEs
CVE-2020-11935 (CVSS3: 5.5 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11935 *
CVE-2020-25668 (CVSS3: 7.0 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25668 *
CVE-2020-2 (CVSS3: 6.7 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-2 *
CVE-2020-27815 (CVSS3: 7.8 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27815 *
CVE-2021-3714 (CVSS3: 7.5 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3714 *
CVE-2021-3864 (CVSS3: 7.0 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3864 *
CVE-2022-0400 (CVSS3: 7.5 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0400 *
CVE-2022-1247 (CVSS3: 7.0 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1247 *
CVE-2022-3219 (CVSS3: 3.3 LOW): gnupg:gnupg-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3219 *
CVE-2022-33065 (CVSS3: 7.8 HIGH): libsndfile1 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-33065 *
CVE-2022-3533 (CVSS3: 5.7 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3533 *
CVE-2022-3606 (CVSS3: 5.5 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3606 *
CVE-2022-36402 (CVSS3: 5.5 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36402 *
CVE-2022-38096 (CVSS3: 5.5 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-38096 *
CVE-2022-3964 (CVSS3: 8.1 HIGH): ffmpeg 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3964 *
CVE-2022-3965 (CVSS3: 8.1 HIGH): ffmpeg 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3965 *
CVE-2022-4543 (CVSS3: 5.5 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4543 *

Re: [OE-core][PATCH] go: update 1.20.5 -> 1.20.6

[Jose Quaresma]

Hi,

I will cherry-pick it tomorrow.
Thanks for the reminder.

Jose

A domingo, 30/07/2023, 14:46, Alexander Kanavin 
escreveu:

> On Sat, 29 Jul 2023 at 21:19, Peter Marko via lists.openembedded.org
>  wrote:
> > I could not find documentation how to handle mixins layer.
> > Could you please pick this to kirkstone/go meta-lts-mixins?
> > Or should I send a patch to yo...@lists.yoctoproject.org (or other
> mailing list) instead of asking for a cherry-pick?
>
> Either is ok, but a patch is usually better because it can be quickly
> applied and pushed. kirkstone/go is handled by Jose, not me.
>
> Alex
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#185072): 
https://lists.openembedded.org/g/openembedded-core/message/185072
Mute This Topic: https://lists.openembedded.org/mt/100141153/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] OE-core CVE metrics for kirkstone on Sun 30 Jul 2023 03:00:01 AM HST

[Steve Sakoman]

Branch: kirkstone

New this week: 6 CVEs
CVE-2022-33065 (CVSS3: 7.8 HIGH): libsndfile1 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-33065 *
CVE-2022-3563 (CVSS3: 5.7 MEDIUM): bluez5 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3563 *
CVE-2022-3637 (CVSS3: 5.5 MEDIUM): bluez5 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3637 *
CVE-2022-41409 (CVSS3: 7.5 HIGH): libpcre2:libpcre2-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41409 *
CVE-2023-2975 (CVSS3: 5.3 MEDIUM): openssl:openssl-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2975 *
CVE-2023-37769 (CVSS3: 6.5 MEDIUM): pixman:pixman-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-37769 *

Removed this week: 1 CVEs
CVE-2023-36664 (CVSS3: 7.8 HIGH): ghostscript:ghostscript-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-36664 *

Full list:  Found 40 unpatched CVEs
CVE-2021-35937 (CVSS3: 6.4 MEDIUM): rpm:rpm-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35937 *
CVE-2021-35938 (CVSS3: 6.7 MEDIUM): rpm:rpm-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35938 *
CVE-2021-35939 (CVSS3: 6.7 MEDIUM): rpm:rpm-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35939 *
CVE-2022-3219 (CVSS3: 3.3 LOW): gnupg:gnupg-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3219 *
CVE-2022-33065 (CVSS3: 7.8 HIGH): libsndfile1 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-33065 *
CVE-2022-3515 (CVSS3: 9.8 CRITICAL): gnupg:gnupg-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3515 *
CVE-2022-3553 (CVSS3: 6.5 MEDIUM): xserver-xorg 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3553 *
CVE-2022-3563 (CVSS3: 5.7 MEDIUM): bluez5 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3563 *
CVE-2022-3637 (CVSS3: 5.5 MEDIUM): bluez5 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3637 *
CVE-2022-3872 (CVSS3: 8.6 HIGH): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3872 *
CVE-2022-3964 (CVSS3: 8.1 HIGH): ffmpeg 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3964 *
CVE-2022-3965 (CVSS3: 8.1 HIGH): ffmpeg 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3965 *
CVE-2022-4055 (CVSS3: 7.4 HIGH): xdg-utils 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4055 *
CVE-2022-41409 (CVSS3: 7.5 HIGH): libpcre2:libpcre2-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41409 *
CVE-2023-0795 (CVSS3: 5.5 MEDIUM): tiff 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0795 *
CVE-2023-0796 (CVSS3: 5.5 MEDIUM): tiff 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0796 *
CVE-2023-0797 (CVSS3: 5.5 MEDIUM): tiff 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0797 *
CVE-2023-0798 (CVSS3: 5.5 MEDIUM): tiff 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0798 *
CVE-2023-0799 (CVSS3: 5.5 MEDIUM): tiff 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0799 *
CVE-2023-1544 (CVSS3: 6.3 MEDIUM): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1544 *
CVE-2023-1916 (CVSS3: 6.1 MEDIUM): tiff 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1916 *
CVE-2023-24532 (CVSS3: 5.3 MEDIUM): go 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-24532 *
CVE-2023-24536 (CVSS3: 7.5 HIGH): go 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-24536 *
CVE-2023-26965 (CVSS3: 5.5 MEDIUM): tiff 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26965 *
CVE-2023-27043 (CVSS3: 5.3 MEDIUM): python3:python3-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27043 *
CVE-2023-2731 (CVSS3: 5.5 MEDIUM): tiff 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2731 *
CVE-2023-2804 (CVSS3: 6.5 MEDIUM): libjpeg-turbo:libjpeg-turbo-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2804 *
CVE-2023-2829 (CVSS3: 7.5 HIGH): bind 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2829 *
CVE-2023-2908 (CVSS3: 5.5 MEDIUM): tiff 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2908 *
CVE-2023-29403 (CVSS3: 7.8 HIGH): go 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29403 *
CVE-2023-29406 (CVSS3: 6.5 MEDIUM): go 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29406 *
CVE-2023-29491 (CVSS3: 7.8 HIGH): ncurses:ncurses-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29491 *
CVE-2023-2975 (CVSS3: 5.3 MEDIUM): openssl:openssl-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2975 *
CVE-2023-30571 (CVSS3: 5.3 MEDIUM): libarchive:libarchive-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30571 *
CVE-2023-30630 (CVSS3: 7.8 HIGH): dmidecode 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30630 *
CVE-2023-3316 (CVSS3: 6.5 MEDIUM): tiff 

Re: [OE-core] [yocto-security] OE-core CVE metrics for master on Sun 30 Jul 2023 01:00:01 AM HST

[Peter Marko via lists.openembedded.org]

Some old CVEs are coming back.
I think this is a regression from CVE_CHECK_IGNORE conversion.
http://git.openembedded.org/openembedded-core/commit/?id=1634ed4048cf56788cd5c2c1bdc979b70afcdcd7
I'll check these tomorrow.

Peter

> -Original Message-
> From: yocto-secur...@lists.yoctoproject.org 
>  On Behalf Of Steve Sakoman via 
> lists.yoctoproject.org
> Sent: Sunday, July 30, 2023 13:21
> To: openembedded-core@lists.openembedded.org; 
> yocto-secur...@lists.yoctoproject.org
> Subject: [yocto-security] OE-core CVE metrics for master on Sun 30 Jul 2023 
> 01:00:01 AM HST
>
> Branch: master
>
> New this week: 31 CVEs
> CVE-2020-24490 (CVSS3: 6.5 MEDIUM): bluez5 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24490 *
> CVE-2020-25668 (CVSS3: 7.0 HIGH): linux-yocto 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25668 *
> CVE-2020-2 (CVSS3: 6.7 MEDIUM): linux-yocto 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-2 *
> CVE-2020-27815 (CVSS3: 7.8 HIGH): linux-yocto 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27815 *
> CVE-2022-33065 (CVSS3: 7.8 HIGH): libsndfile1 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-33065 *
> CVE-2023-0160 (CVSS3: 5.5 MEDIUM): linux-yocto 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0160 *
> CVE-2023-1206 (CVSS3: 5.7 MEDIUM): linux-yocto 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1206 *
> CVE-2023-2176 (CVSS3: 7.8 HIGH): linux-yocto 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2176 *
> CVE-2023-24329 (CVSS3: 7.5 HIGH): python3:python3-native 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-24329 *
> CVE-2023-2975 (CVSS3: 5.3 MEDIUM): openssl:openssl-native 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2975 *
> CVE-2023-32250 (CVSS3: 8.1 HIGH): linux-yocto 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32250 *
> CVE-2023-32254 (CVSS3: 8.1 HIGH): linux-yocto 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32254 *
> CVE-2023-3268 (CVSS3: 7.1 HIGH): linux-yocto 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3268 *
> CVE-2023-3269 (CVSS3: 7.8 HIGH): linux-yocto 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3269 *
> CVE-2023-3354 (CVSS3: 7.5 HIGH): qemu:qemu-native:qemu-system-native 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3354 *
> CVE-2023-3446 (CVSS3: 5.3 MEDIUM): openssl:openssl-native 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3446 *
> CVE-2023-35823 (CVSS3: 7.0 HIGH): linux-yocto 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-35823 *
> CVE-2023-35824 (CVSS3: 7.0 HIGH): linux-yocto 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-35824 *
> CVE-2023-35826 (CVSS3: 7.0 HIGH): linux-yocto 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-35826 *
> CVE-2023-35828 (CVSS3: 7.0 HIGH): linux-yocto 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-35828 *
> CVE-2023-35829 (CVSS3: 7.0 HIGH): linux-yocto 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-35829 *
> CVE-2023-3618 (CVSS3: 6.5 MEDIUM): tiff 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3618 *
> CVE-2023-37769 (CVSS3: 6.5 MEDIUM): pixman:pixman-native 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-37769 *
> CVE-2023-38409 (CVSS3: 5.5 MEDIUM): linux-yocto 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38409 *
> CVE-2023-38426 (CVSS3: 9.1 CRITICAL): linux-yocto 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38426 *
> CVE-2023-38427 (CVSS3: 9.8 CRITICAL): linux-yocto 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38427 *
> CVE-2023-38428 (CVSS3: 9.1 CRITICAL): linux-yocto 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38428 *
> vCVE-2023-38429 (CVSS3: 9.8 CRITICAL): linux-yocto 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38429 *
> CVE-2023-38430 (CVSS3: 9.1 CRITICAL): linux-yocto 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38430 *
> CVE-2023-38431 (CVSS3: 9.1 CRITICAL): linux-yocto 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38431 *
> CVE-2023-38432 (CVSS3: 9.1 CRITICAL): linux-yocto 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38432 *

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#185070): 
https://lists.openembedded.org/g/openembedded-core/message/185070
Mute This Topic: https://lists.openembedded.org/mt/100442729/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core][PATCH] go: update 1.20.5 -> 1.20.6

[Alexander Kanavin]

On Sat, 29 Jul 2023 at 21:19, Peter Marko via lists.openembedded.org
 wrote:
> I could not find documentation how to handle mixins layer.
> Could you please pick this to kirkstone/go meta-lts-mixins?
> Or should I send a patch to yo...@lists.yoctoproject.org (or other mailing 
> list) instead of asking for a cherry-pick?

Either is ok, but a patch is usually better because it can be quickly
applied and pushed. kirkstone/go is handled by Jose, not me.

Alex

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#185069): 
https://lists.openembedded.org/g/openembedded-core/message/185069
Mute This Topic: https://lists.openembedded.org/mt/100141153/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH] systemd: update to v254

[Alexander Kanavin]

On Sun, 30 Jul 2023 at 14:37, Luca Bocassi  wrote:
> > Jul 30 00:29:43 qemuarm64 systemd-logind[240]: New seat seat0.
> > Jul 30 00:29:43 qemuarm64 systemd-logind[240]: Watching system buttons on 
> > /dev/input/event1 (QEMU QEMU USB Keyboard)
> > Jul 30 00:29:47 qemuarm64 login[263]: pam_unix(login:auth): user [root] has 
> > blank password; authenticated without it
> > Jul 30 00:29:47 qemuarm64 login[263]: pam_unix(login:session): session 
> > opened for user root(uid=0) by LOGIN(uid=0)
> > Jul 30 00:29:51 qemuarm64 systemd-logind[240]: New session c1 of user root.
> > Jul 30 00:29:51 qemuarm64 (systemd): PAM unable to 
> > dlopen(/usr/lib/security/pam_umask.so): /usr/lib/security/pam_umask.so: 
> > cannot open shared object file: No such file or directory
>
> That's an optional module, it just means it's not installed. Not sure
> which recipe provides it in yocto. It can be ignored, or the module
> can be installed, or a custom pam config that removes it can be used.

The right way to fix this would be to add a RRECOMMENDS on the package
containing the module to the package containing the binary that
attempts to load it. The module comes from libpam recipe.

Alex

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#185068): 
https://lists.openembedded.org/g/openembedded-core/message/185068
Mute This Topic: https://lists.openembedded.org/mt/100418166/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH v2] systemd: update to v254

[Luca Bocassi]

From: Luca Boccassi 

- Drop dependency on gnu-efi, add dependency on pyelftools for EFI builds
- Refresh patches
- Ship new files and directories
- Use meson target to build sd-boot instead of filenames

Signed-off-by: Luca Boccassi 
---
Note that the musl patches have been rebased to solve merge conflicts,
but not tested in any way.
v2: changed mount.ddi from sbindir to base_sbindir, unified efi and
bootloader packageconfigs as it's not useful to use one witout the
other

 ...temd-boot_253.7.bb => systemd-boot_254.bb} |  17 +-
 meta/recipes-core/systemd/systemd.inc |   5 +-
 ...tall-dependency-links-at-install-tim.patch |  42 +--
 ...util-Make-STRERROR-portable-for-musl.patch |   7 +-
 ...sysctl.d-binfmt.d-modules-load.d-to-.patch |   2 +-
 ...k-parse_printf_format-implementation.patch |   6 +-
 ...missing.h-check-for-missing-strndupa.patch |  69 ++--
 ...OB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch |   4 +-
 ...14-Use-uintmax_t-for-handling-rlim_t.patch |   2 +-
 ...sable-tests-for-missing-typedefs-in-.patch |  41 ---
 ...T_SYMLINK_NOFOLLOW-flag-to-faccessat.patch |  12 +-
 ...uffering-when-writing-to-oom_score_a.patch |   2 +-
 ...compliant-strerror_r-from-GNU-specif.patch |   2 +-
 ...-not-disable-buffer-in-writing-files.patch | 142 ---
 .../0022-Handle-__cpu_mask-usage.patch|   4 +-
 .../systemd/0023-Handle-missing-gshadow.patch |  28 +-
 ...l.h-Define-MIPS-ABI-defines-for-musl.patch |   2 +-
 ...-string.c-define-wchar_t-from-__WCHA.patch |  44 ---
 meta/recipes-core/systemd/systemd/27253.patch | 313 
 meta/recipes-core/systemd/systemd/27254.patch | 345 --
 .../{systemd_253.7.bb => systemd_254.bb}  |  13 +-
 21 files changed, 172 insertions(+), 930 deletions(-)
 rename meta/recipes-core/systemd/{systemd-boot_253.7.bb => 
systemd-boot_254.bb} (79%)
 delete mode 100644 
meta/recipes-core/systemd/systemd/0015-test-sizeof.c-Disable-tests-for-missing-typedefs-in-.patch
 delete mode 100644 
meta/recipes-core/systemd/systemd/0026-src-boot-efi-efi-string.c-define-wchar_t-from-__WCHA.patch
 delete mode 100644 meta/recipes-core/systemd/systemd/27253.patch
 delete mode 100644 meta/recipes-core/systemd/systemd/27254.patch
 rename meta/recipes-core/systemd/{systemd_253.7.bb => systemd_254.bb} (98%)

diff --git a/meta/recipes-core/systemd/systemd-boot_253.7.bb 
b/meta/recipes-core/systemd/systemd-boot_254.bb
similarity index 79%
rename from meta/recipes-core/systemd/systemd-boot_253.7.bb
rename to meta/recipes-core/systemd/systemd-boot_254.bb
index b67706b7316..a5ab46fd3da 100644
--- a/meta/recipes-core/systemd/systemd-boot_253.7.bb
+++ b/meta/recipes-core/systemd/systemd-boot_254.bb
@@ -3,7 +3,7 @@ FILESEXTRAPATHS =. "${FILE_DIRNAME}/systemd:"
 
 require conf/image-uefi.conf
 
-DEPENDS = "intltool-native libcap util-linux gnu-efi gperf-native 
python3-jinja2-native"
+DEPENDS = "intltool-native libcap util-linux gperf-native 
python3-jinja2-native python3-pyelftools-native"
 
 inherit meson pkgconfig gettext
 inherit deploy
@@ -14,18 +14,14 @@ do_write_config[vardeps] += "CC OBJCOPY"
 do_write_config:append() {
 cat >${WORKDIR}/meson-${PN}.cross <
 [rebased for systemd 243]
 Signed-off-by: Scott Murray 
 ---
- units/meson.build   | 6 ++
+ units/meson.build   | 2 --
  units/proc-sys-fs-binfmt_misc.automount | 3 +++
  units/systemd-binfmt.service.in | 4 
- 3 files changed, 9 insertions(+), 4 deletions(-)
+ 3 files changed, 7 insertions(+), 2 deletions(-)
 
 diff --git a/units/meson.build b/units/meson.build
 index c7939a10f8..219570ab19 100644
 --- a/units/meson.build
 +++ b/units/meson.build
-@@ -62,8 +62,7 @@ units = [
- ['poweroff.target', '',
-  (with_runlevels ? 'runlevel0.target' : '')],
- ['printer.target',  ''],
--['proc-sys-fs-binfmt_misc.automount',   'ENABLE_BINFMT',
-- 'sysinit.target.wants/'],
-+['proc-sys-fs-binfmt_misc.automount',   'ENABLE_BINFMT'],
- ['proc-sys-fs-binfmt_misc.mount',   'ENABLE_BINFMT'],
- ['reboot.target',   '',
-  'ctrl-alt-del.target' + (with_runlevels ? ' runlevel6.target' : '')],
-@@ -185,8 +184,7 @@ in_units = [
- ['rescue.service',   ''],
- ['serial-getty@.service',''],
- ['systemd-backlight@.service',   'ENABLE_BACKLIGHT'],
--['systemd-binfmt.service',   'ENABLE_BINFMT',
-- 'sysinit.target.wants/'],
-+['systemd-binfmt.service',   'ENABLE_BINFMT'],
- ['systemd-bless-boot.service',   'HAVE_GNU_EFI HAVE_BLKID'],
- ['systemd-boot-check-no-failures.service', ''],
- ['systemd-coredump@.service','ENABLE_COREDUMP'],
+@@ -149,7 +149,6 @@ units = [
+ {
+   'file' : 'proc-sys-fs-binfmt_misc.automount',
+   'conditions' : ['ENABLE_BINFMT'],
+-  

Re: [OE-core] [PATCH] systemd: update to v254

[Luca Bocassi]

On Sun, 30 Jul 2023 at 09:06, Alexandre Belloni
 wrote:
>
> Hello,
>
> I have the following failures:
>
> ERROR: systemd-1_254-r0 do_package: QA Issue: systemd: Files/directories were 
> installed but not shipped in any package:
>   /sbin/mount.ddi

Fixed in v2

> and
>
> Jul 30 00:29:43 qemuarm64 systemd-logind[240]: New seat seat0.
> Jul 30 00:29:43 qemuarm64 systemd-logind[240]: Watching system buttons on 
> /dev/input/event1 (QEMU QEMU USB Keyboard)
> Jul 30 00:29:47 qemuarm64 login[263]: pam_unix(login:auth): user [root] has 
> blank password; authenticated without it
> Jul 30 00:29:47 qemuarm64 login[263]: pam_unix(login:session): session opened 
> for user root(uid=0) by LOGIN(uid=0)
> Jul 30 00:29:51 qemuarm64 systemd-logind[240]: New session c1 of user root.
> Jul 30 00:29:51 qemuarm64 (systemd): PAM unable to 
> dlopen(/usr/lib/security/pam_umask.so): /usr/lib/security/pam_umask.so: 
> cannot open shared object file: No such file or directory

That's an optional module, it just means it's not installed. Not sure
which recipe provides it in yocto. It can be ignored, or the module
can be installed, or a custom pam config that removes it can be used.

Kind regards,
Luca Boccassi

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#185066): 
https://lists.openembedded.org/g/openembedded-core/message/185066
Mute This Topic: https://lists.openembedded.org/mt/100418166/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] OE-core CVE metrics for dunfell on Sun 30 Jul 2023 02:00:01 AM HST

[Steve Sakoman]

Branch: dunfell

New this week: 4 CVEs
CVE-2022-33065 (CVSS3: 7.8 HIGH): libsndfile1 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-33065 *
CVE-2022-3563 (CVSS3: 5.7 MEDIUM): bluez5 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3563 *
CVE-2022-41409 (CVSS3: 7.5 HIGH): libpcre2:libpcre2-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41409 *
CVE-2023-37769 (CVSS3: 6.5 MEDIUM): pixman:pixman-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-37769 *

Removed this week: 0 CVEs

Full list:  Found 98 unpatched CVEs
CVE-2020-15705 (CVSS3: 6.4 MEDIUM): grub:grub-efi:grub-efi-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15705 *
CVE-2020-25742 (CVSS3: 3.2 LOW): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25742 *
CVE-2020-25743 (CVSS3: 3.2 LOW): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25743 *
CVE-2020-27918 (CVSS3: 7.8 HIGH): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27918 *
CVE-2020-29623 (CVSS3: 3.3 LOW): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29623 *
CVE-2020-35503 (CVSS3: 6.0 MEDIUM): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35503 *
CVE-2020-35506 (CVSS3: 6.7 MEDIUM): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35506 *
CVE-2020-9948 (CVSS3: 8.8 HIGH): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9948 *
CVE-2020-9951 (CVSS3: 8.8 HIGH): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9951 *
CVE-2020-9952 (CVSS3: 7.1 HIGH): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9952 *
CVE-2021-1765 (CVSS3: 6.5 MEDIUM): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1765 *
CVE-2021-1789 (CVSS3: 8.8 HIGH): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1789 *
CVE-2021-1799 (CVSS3: 6.5 MEDIUM): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1799 *
CVE-2021-1801 (CVSS3: 6.5 MEDIUM): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1801 *
CVE-2021-1870 (CVSS3: 9.8 CRITICAL): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1870 *
CVE-2021-20269 (CVSS3: 5.5 MEDIUM): kexec-tools 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20269 *
CVE-2021-20295 (CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20295 *
CVE-2021-27097 (CVSS3: 7.8 HIGH): u-boot 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27097 *
CVE-2021-27138 (CVSS3: 7.8 HIGH): u-boot 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27138 *
CVE-2021-31879 (CVSS3: 6.1 MEDIUM): wget 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31879 *
CVE-2021-33621 (CVSS3: 8.8 HIGH): ruby:ruby-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33621 *
CVE-2021-3418 (CVSS3: 6.4 MEDIUM): grub:grub-efi:grub-efi-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3418 *
CVE-2021-3445 (CVSS3: 7.5 HIGH): libdnf 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3445 *
CVE-2021-35937 (CVSS3: 6.4 MEDIUM): rpm:rpm-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35937 *
CVE-2021-35938 (CVSS3: 6.7 MEDIUM): rpm:rpm-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35938 *
CVE-2021-35939 (CVSS3: 6.7 MEDIUM): rpm:rpm-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35939 *
CVE-2021-3611 (CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3611 *
CVE-2021-3782 (CVSS3: 6.6 MEDIUM): wayland:wayland-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3782 *
CVE-2021-3947 (CVSS3: 5.5 MEDIUM): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3947 *
CVE-2021-42762 (CVSS3: 5.3 MEDIUM): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42762 *
CVE-2021-45085 (CVSS3: 6.1 MEDIUM): epiphany 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45085 *
CVE-2021-45086 (CVSS3: 6.1 MEDIUM): epiphany 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45086 *
CVE-2021-45087 (CVSS3: 6.1 MEDIUM): epiphany 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45087 *
CVE-2021-45088 (CVSS3: 6.1 MEDIUM): epiphany 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45088 *
CVE-2021-45481 (CVSS3: 6.5 MEDIUM): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45481 *
CVE-2021-45482 (CVSS3: 6.5 MEDIUM): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45482 *
CVE-2021-45483 (CVSS3: 6.5 MEDIUM): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45483 *
CVE-2022-0358 (CVSS3: 7.8 HIGH): 

[OE-core] OE-core CVE metrics for master on Sun 30 Jul 2023 01:00:01 AM HST

[Steve Sakoman]

Branch: master

New this week: 31 CVEs
CVE-2020-24490 (CVSS3: 6.5 MEDIUM): bluez5 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24490 *
CVE-2020-25668 (CVSS3: 7.0 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25668 *
CVE-2020-2 (CVSS3: 6.7 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-2 *
CVE-2020-27815 (CVSS3: 7.8 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27815 *
CVE-2022-33065 (CVSS3: 7.8 HIGH): libsndfile1 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-33065 *
CVE-2023-0160 (CVSS3: 5.5 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0160 *
CVE-2023-1206 (CVSS3: 5.7 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1206 *
CVE-2023-2176 (CVSS3: 7.8 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2176 *
CVE-2023-24329 (CVSS3: 7.5 HIGH): python3:python3-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-24329 *
CVE-2023-2975 (CVSS3: 5.3 MEDIUM): openssl:openssl-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2975 *
CVE-2023-32250 (CVSS3: 8.1 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32250 *
CVE-2023-32254 (CVSS3: 8.1 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32254 *
CVE-2023-3268 (CVSS3: 7.1 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3268 *
CVE-2023-3269 (CVSS3: 7.8 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3269 *
CVE-2023-3354 (CVSS3: 7.5 HIGH): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3354 *
CVE-2023-3446 (CVSS3: 5.3 MEDIUM): openssl:openssl-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3446 *
CVE-2023-35823 (CVSS3: 7.0 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-35823 *
CVE-2023-35824 (CVSS3: 7.0 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-35824 *
CVE-2023-35826 (CVSS3: 7.0 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-35826 *
CVE-2023-35828 (CVSS3: 7.0 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-35828 *
CVE-2023-35829 (CVSS3: 7.0 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-35829 *
CVE-2023-3618 (CVSS3: 6.5 MEDIUM): tiff 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3618 *
CVE-2023-37769 (CVSS3: 6.5 MEDIUM): pixman:pixman-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-37769 *
CVE-2023-38409 (CVSS3: 5.5 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38409 *
CVE-2023-38426 (CVSS3: 9.1 CRITICAL): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38426 *
CVE-2023-38427 (CVSS3: 9.8 CRITICAL): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38427 *
CVE-2023-38428 (CVSS3: 9.1 CRITICAL): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38428 *
CVE-2023-38429 (CVSS3: 9.8 CRITICAL): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38429 *
CVE-2023-38430 (CVSS3: 9.1 CRITICAL): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38430 *
CVE-2023-38431 (CVSS3: 9.1 CRITICAL): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38431 *
CVE-2023-38432 (CVSS3: 9.1 CRITICAL): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38432 *

Removed this week: 10 CVEs
CVE-2023-0330 (CVSS3: 6.0 MEDIUM): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0330 *
CVE-2023-2804 (CVSS3: 6.5 MEDIUM): libjpeg-turbo:libjpeg-turbo-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2804 *
CVE-2023-3090 (CVSS3: 7.8 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3090 *
CVE-2023-3117 (CVSS3: 7.8 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3117 *
CVE-2023-3316 (CVSS3: 6.5 MEDIUM): tiff 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3316 *
CVE-2023-3317 (CVSS3: 7.1 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3317 *
CVE-2023-3358 (CVSS3: 5.5 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3358 *
CVE-2023-3359 (CVSS3: 5.5 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3359 *
CVE-2023-3389 (CVSS3: 7.8 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3389 *
CVE-2023-3390 (CVSS3: 7.8 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3390 *

Full list:  Found 52 unpatched CVEs
CVE-2019-14899 (CVSS3: 7.4 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14899 *
CVE-2020-24490 (CVSS3: 6.5 MEDIUM): 

Re: [OE-core] About requirements on cross compiling rust package

[Frederic Martinsons]

Since I had no answers to this, I'll send a patch series soon (tomorrow?)
targeting what I have in mind, for rust-hello-world, I think I'll send a
specific patch to disable frozen flag for this recipe (until its fate is
known).

Maybe sending code will help to know what it is about and, I hope, make
people interested in rust dev inside yocto give some feedbacks

Le lun. 24 juil. 2023, 11:27, Frédéric Martinsons <
frederic.martins...@gmail.com> a écrit :

> Hello I make some advance on this and there is a drawback that I didn't
> foreseen, in case of patched
> git url (those set up by cargo_common_do_patch_path), the Cargo.lock file
> must be modified
> to remove source entry , hence not compatible with --frozen.
>
> I put more info in comment YOCTO #15104
>  for those
> interested but for the moment, I cleaned
> the Cargo.lock by myself before freezing it for the next build steps.
>
> There is still the question about the fate of "rust-hello-world" recipe
> too (which cannot
> be built with --frozen flag without having a Cargo.lock file), I don't
> know if I can suppress it
> or if I need to create a Cargo.lock for it.
>
> On Thu, 20 Jul 2023 at 14:00, Frederic Martinsons via
> lists.openembedded.org  gmail@lists.openembedded.org> wrote:
>
>> Hello list,
>>
>> In the course of YOCTO #15104
>>   , I finally
>> found the issue was due to a missing Cargo.lock file at the root of the
>> project (which is pretty usual for a Rust project from git since Cargo.lock
>> is only required when publishing on the crates registry).
>>
>> With a Cargo.lock correctly placed, the patch process made by
>> cargo_common.bbclass works perfectly fine even with a virtual manifest.
>>
>> I often encountered issues that were in the end due to a missing
>> Cargo.lock and I think we all agree on this list (I didn't crawl the mail
>> archives, I talked from my memory) that this file is absolutely required
>> when building a rust project under yocto.
>> (especially for reproducible build)
>>
>> I'm currently testing a patch which will replace --offline cargo build
>> flags with --frozen (which supersedes --offline mode since it prevents
>> network access but also Cargo.lock to be present and up to date).
>>
>> I have two questions though:
>>   1) rust-hello-world doesn't embed a Cargo.lock (and doesn't need to
>> since it had zero dependencies) , considering that we now have a more
>> "real" recipe (zvariant) that is used within selftest, would it be
>> acceptable to suppress rust-hello-world ?
>>   2) below is kind of message we will have when using --frozen with an
>> absent Cargo.lock:
>>
>> | error: failed to get `glib` as a dependency of package `zvariant
>> v3.12.0
>> (/home/fmartinsons/TAPOS_build/build-tapos/tmp/work/corei7-64-tapos-linux/zbus/3.11.0-r0/git/zvariant)`
>> |
>> | Caused by:
>> |   failed to load source for dependency `glib`
>> |
>> | Caused by:
>> |   Unable to update https://github.com/gtk-rs/glib?rev=c9ee583cea0
>> |
>> | Caused by:
>> |   failed to fetch into:
>> /home/fmartinsons/TAPOS_build/build-tapos/tmp/work/corei7-64-tapos-linux/zbus/3.11.0-r0/cargo_home/git/db/glib-928cf7b282977403
>> |
>> | Caused by:
>> |   attempting to update a git repository, but --frozen was specified
>>
>> I think it is not very clear that the root cause is a missing Cargo.lock
>> , so I'm wondering if a specific bitbake ops (do_compile_prepend) would not
>> be  better to check for Cargo.lock and output an explicit message (it
>> doesn't prevent to keep --frozen anyway). What do you think ?
>>
>> PS: I copied Randy as the maintainer of rust-hello-world but also  the
>> ticket assignee.
>>
>> 
>>
>>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#185063): 
https://lists.openembedded.org/g/openembedded-core/message/185063
Mute This Topic: https://lists.openembedded.org/mt/100254129/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH] systemd: update to v254

[Alexandre Belloni via lists.openembedded.org]

Hello,

I have the following failures:

ERROR: systemd-1_254-r0 do_package: QA Issue: systemd: Files/directories were 
installed but not shipped in any package:
  /sbin/mount.ddi


and

Jul 30 00:29:43 qemuarm64 systemd-logind[240]: New seat seat0.
Jul 30 00:29:43 qemuarm64 systemd-logind[240]: Watching system buttons on 
/dev/input/event1 (QEMU QEMU USB Keyboard)
Jul 30 00:29:47 qemuarm64 login[263]: pam_unix(login:auth): user [root] has 
blank password; authenticated without it
Jul 30 00:29:47 qemuarm64 login[263]: pam_unix(login:session): session opened 
for user root(uid=0) by LOGIN(uid=0)
Jul 30 00:29:51 qemuarm64 systemd-logind[240]: New session c1 of user root.
Jul 30 00:29:51 qemuarm64 (systemd): PAM unable to 
dlopen(/usr/lib/security/pam_umask.so): /usr/lib/security/pam_umask.so: cannot 
open shared object file: No such file or directory

On 28/07/2023 21:44:18+0100, Luca Bocassi wrote:
> From: Luca Boccassi 
> 
> - Drop dependency on gnu-efi, add dependency on pyelftools for EFI builds
> - Refresh patches
> - Ship new files and directories
> - Use meson target to build sd-boot instead of filenames
> 
> Signed-off-by: Luca Boccassi 
> ---
> Note that the musl patches have been rebased to solve merge conflicts, but
> not tested in any way.
> 
>  ...temd-boot_253.3.bb => systemd-boot_254.bb} |  17 +-
>  meta/recipes-core/systemd/systemd.inc |   5 +-
>  ...tall-dependency-links-at-install-tim.patch |  42 +--
>  ...util-Make-STRERROR-portable-for-musl.patch |   7 +-
>  ...sysctl.d-binfmt.d-modules-load.d-to-.patch |   2 +-
>  ...k-parse_printf_format-implementation.patch |   6 +-
>  ...missing.h-check-for-missing-strndupa.patch |  69 ++--
>  ...OB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch |   4 +-
>  ...14-Use-uintmax_t-for-handling-rlim_t.patch |   2 +-
>  ...sable-tests-for-missing-typedefs-in-.patch |  41 ---
>  ...T_SYMLINK_NOFOLLOW-flag-to-faccessat.patch |  12 +-
>  ...uffering-when-writing-to-oom_score_a.patch |   2 +-
>  ...compliant-strerror_r-from-GNU-specif.patch |   2 +-
>  ...-not-disable-buffer-in-writing-files.patch | 142 ---
>  .../0022-Handle-__cpu_mask-usage.patch|   4 +-
>  .../systemd/0023-Handle-missing-gshadow.patch |  28 +-
>  ...l.h-Define-MIPS-ABI-defines-for-musl.patch |   2 +-
>  ...-string.c-define-wchar_t-from-__WCHA.patch |  44 ---
>  meta/recipes-core/systemd/systemd/27253.patch | 313 
>  meta/recipes-core/systemd/systemd/27254.patch | 345 --
>  .../{systemd_253.3.bb => systemd_254.bb}  |  14 +-
>  21 files changed, 173 insertions(+), 930 deletions(-)
>  rename meta/recipes-core/systemd/{systemd-boot_253.3.bb => 
> systemd-boot_254.bb} (79%)
>  delete mode 100644 
> meta/recipes-core/systemd/systemd/0015-test-sizeof.c-Disable-tests-for-missing-typedefs-in-.patch
>  delete mode 100644 
> meta/recipes-core/systemd/systemd/0026-src-boot-efi-efi-string.c-define-wchar_t-from-__WCHA.patch
>  delete mode 100644 meta/recipes-core/systemd/systemd/27253.patch
>  delete mode 100644 meta/recipes-core/systemd/systemd/27254.patch
>  rename meta/recipes-core/systemd/{systemd_253.3.bb => systemd_254.bb} (98%)
> 
> diff --git a/meta/recipes-core/systemd/systemd-boot_253.3.bb 
> b/meta/recipes-core/systemd/systemd-boot_254.bb
> similarity index 79%
> rename from meta/recipes-core/systemd/systemd-boot_253.3.bb
> rename to meta/recipes-core/systemd/systemd-boot_254.bb
> index b67706b7316..a5ab46fd3da 100644
> --- a/meta/recipes-core/systemd/systemd-boot_253.3.bb
> +++ b/meta/recipes-core/systemd/systemd-boot_254.bb
> @@ -3,7 +3,7 @@ FILESEXTRAPATHS =. "${FILE_DIRNAME}/systemd:"
>  
>  require conf/image-uefi.conf
>  
> -DEPENDS = "intltool-native libcap util-linux gnu-efi gperf-native 
> python3-jinja2-native"
> +DEPENDS = "intltool-native libcap util-linux gperf-native 
> python3-jinja2-native python3-pyelftools-native"
>  
>  inherit meson pkgconfig gettext
>  inherit deploy
> @@ -14,18 +14,14 @@ do_write_config[vardeps] += "CC OBJCOPY"
>  do_write_config:append() {
>  cat >${WORKDIR}/meson-${PN}.cross <  [binaries]
> -efi_cc = ${@meson_array('CC', d)}
> +cc = ${@meson_array('CC', d)}
>  objcopy = ${@meson_array('OBJCOPY', d)}
> +c_ld = 'bfd'
>  EOF
>  }
>  
> -EFI_LD = "bfd"
> -
>  EXTRA_OEMESON += "-Defi=true \
> -  -Dgnu-efi=true \
> -  -Defi-includedir=${STAGING_INCDIR}/efi \
> -  -Defi-libdir=${STAGING_LIBDIR} \
> -  -Defi-ld=${EFI_LD} \
> +  -Dbootloader=true \
>-Dman=false \
>--cross-file ${WORKDIR}/meson-${PN}.cross \
>"
> @@ -54,9 +50,7 @@ COMPATIBLE_HOST = "(aarch64.*|arm.*|x86_64.*|i.86.*)-linux"
>  COMPATIBLE_HOST:x86-x32 = "null"
>  
>  do_compile() {
> - ninja \
> - src/boot/efi/${SYSTEMD_BOOT_IMAGE_PREFIX}${SYSTEMD_BOOT_IMAGE} \
> - src/boot/efi/linux${EFI_ARCH}.efi.stub
> + ninja systemd-boot
>  }
>  
>  do_install() {
> @@ -67,6 +61,7 @@ 

[OE-core][PATCH] maintainers.inc: Modify email address

[Andrej Valek via lists.openembedded.org]

From: Andrej Valek 

andrej.va...@siemens.com -> andre...@skyrain.eu

Signed-off-by: Andrej Valek 
---
 meta/conf/distro/include/maintainers.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/conf/distro/include/maintainers.inc 
b/meta/conf/distro/include/maintainers.inc
index 17f038c71e..a7a74f1d2b 100644
--- a/meta/conf/distro/include/maintainers.inc
+++ b/meta/conf/distro/include/maintainers.inc
@@ -82,7 +82,7 @@ RECIPE_MAINTAINER:pn-buildtools-extended-tarball = "Richard 
Purdie 
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#185061): 
https://lists.openembedded.org/g/openembedded-core/message/185061
Mute This Topic: https://lists.openembedded.org/mt/100439845/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-