[OE-core] [PATCH v2] librepo: upgrade 1.15.2 -> 1.16.0

[wangmy]

From: Wang Mingyu 

Changelog:
 Implement OpenPGP using librpm API

0004-Set-gpgme-variables-with-pkg-config-not-with-cmake-m.patch
refreshed for 1.16.0

Signed-off-by: Wang Mingyu 
---
 ...les-with-pkg-config-not-with-cmake-m.patch | 21 +++
 .../{librepo_1.15.2.bb => librepo_1.16.0.bb}  |  2 +-
 2 files changed, 13 insertions(+), 10 deletions(-)
 rename meta/recipes-devtools/librepo/{librepo_1.15.2.bb => librepo_1.16.0.bb} 
(94%)

diff --git 
a/meta/recipes-devtools/librepo/librepo/0004-Set-gpgme-variables-with-pkg-config-not-with-cmake-m.patch
 
b/meta/recipes-devtools/librepo/librepo/0004-Set-gpgme-variables-with-pkg-config-not-with-cmake-m.patch
index d61d8fbf85..a0a4d490f1 100644
--- 
a/meta/recipes-devtools/librepo/librepo/0004-Set-gpgme-variables-with-pkg-config-not-with-cmake-m.patch
+++ 
b/meta/recipes-devtools/librepo/librepo/0004-Set-gpgme-variables-with-pkg-config-not-with-cmake-m.patch
@@ -12,16 +12,19 @@ Signed-off-by: Alexander Kanavin 
  1 file changed, 2 insertions(+), 1 deletion(-)
 
 diff --git a/CMakeLists.txt b/CMakeLists.txt
-index a45d5c4..40249e6 100644
+index cd975a8..713cc87 100644
 --- a/CMakeLists.txt
 +++ b/CMakeLists.txt
-@@ -32,7 +32,8 @@ PKG_CHECK_MODULES(GLIB2 glib-2.0 REQUIRED)
- PKG_SEARCH_MODULE(LIBCRYPTO REQUIRED libcrypto openssl)
- PKG_CHECK_MODULES(LIBXML2 libxml-2.0 REQUIRED)
+@@ -35,7 +35,8 @@ PKG_CHECK_MODULES(LIBXML2 libxml-2.0 REQUIRED)
  FIND_PACKAGE(CURL 7.52.0 REQUIRED)
--FIND_PACKAGE(Gpgme REQUIRED)
-+PKG_CHECK_MODULES(GPGME gpgme REQUIRED)
-+set(GPGME_VANILLA_LIBRARIES ${GPGME_LIBRARIES})
  
- 
- IF (WITH_ZCHUNK)
+ IF (USE_GPGME)
+-FIND_PACKAGE(Gpgme REQUIRED)
++PKG_CHECK_MODULES(GPGME gpgme REQUIRED)
++set(GPGME_VANILLA_LIBRARIES ${GPGME_LIBRARIES})
+ ELSE (USE_GPGME)
+ PKG_CHECK_MODULES(RPM REQUIRED rpm>=4.18.0)
+ ENDIF (USE_GPGME)
+-- 
+2.34.1
+
diff --git a/meta/recipes-devtools/librepo/librepo_1.15.2.bb 
b/meta/recipes-devtools/librepo/librepo_1.16.0.bb
similarity index 94%
rename from meta/recipes-devtools/librepo/librepo_1.15.2.bb
rename to meta/recipes-devtools/librepo/librepo_1.16.0.bb
index 995301d601..4710a6b72a 100644
--- a/meta/recipes-devtools/librepo/librepo_1.15.2.bb
+++ b/meta/recipes-devtools/librepo/librepo_1.16.0.bb
@@ -10,7 +10,7 @@ SRC_URI = 
"git://github.com/rpm-software-management/librepo.git;branch=master;pr

file://0004-Set-gpgme-variables-with-pkg-config-not-with-cmake-m.patch \
"
 
-SRCREV = "1a0a5fd2b040d00872118b32d09d1f79730897a2"
+SRCREV = "7c9af219abd49f8961542b7622fc82cfdaa572e3"
 
 S = "${WORKDIR}/git"
 
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187360): 
https://lists.openembedded.org/g/openembedded-core/message/187360
Mute This Topic: https://lists.openembedded.org/mt/101207751/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH] uki: Add support for building Unified Kernel Images

[Alejandro Hernandez Samaniego]

On 9/2/23 00:53, Richard Purdie wrote:

On Fri, 2023-09-01 at 23:32 +, Michelle Lin wrote:

Currently, there is not a class to support the building of unified kernel
images. Adding a uki.bbclass to support the creation of UKIs. This class calls
the systemd Ukify tool, which will combine the kernel/initrd/stub components to
build the UKI. To sign the UKI (i.e. SecureBoot, TPM PCR signing), the keys/cert
files are to be specified in a separate configuration file, and the path to the
file is passed to the Ukify tool. UKIs are supported by UEFI and can improve
security through predicted TPM PCR states, and reduce the build burden due to
its single PE binary format.

Signed-off-by: Michelle Lin 
---
  meta/classes/uki.bbclass | 140 +++
  meta/recipes-core/systemd/systemd_254.bb |  23 
  2 files changed, 163 insertions(+)
  create mode 100644 meta/classes/uki.bbclass

diff --git a/meta/classes/uki.bbclass b/meta/classes/uki.bbclass
new file mode 100644
index 00..2eff387c75
--- /dev/null
+++ b/meta/classes/uki.bbclass
@@ -0,0 +1,140 @@
+#
+# Unified kernel image (UKI) class
+#
+#
+# This bbclass is designed to repack an Overlake image as a UKI, to be booted 
on a qemuarm64 with SecureBoot
+# signing and embedded with TPM PCR measurements.
+#
+# The UKI is composed by:
+#   - an UEFI stub
+# The linux kernel can generate a UEFI stub, however the one from 
systemd-boot can fetch
+# the command line from a separate section of the EFI application, 
avoiding the need to
+# rebuild the kernel.
+#   - the kernel
+#   - an initramfs
+#   - other metadata (e.g. PCR measurements)
+#
+#
+#
+
+# List build time dependencies
+DEPENDS += "systemd-native \
+sbsigntool-native \
+virtual/${TARGET_PREFIX}binutils \
+"
+
+REQUIRED_DISTRO_FEATURES += "usrmerge systemd"
+
+inherit features_check
+require ../conf/image-uefi.conf
+
+INITRD_IMAGE ?= "core-image-minimal-initramfs"
+
+INITRD_LIVE ?= "${@ ('${DEPLOY_DIR_IMAGE}/' + d.getVar('INITRD_IMAGE') + 
'-${MACHINE}.cpio.gz') if d.getVar('INITRD_IMAGE') else ''}"
+
+UKI_CONFIG_FILE ?= "${WORKDIR}/core-image-minimal-uki.conf"
+UKI_FILENAME ?= "${@ 'UKI.signed.efi' if d.getVar('UKI_CONFIG_FILE') else 
'UKI.unsigned.efi'}"
+
+do_uki[depends] += " \
+systemd-boot:do_deploy \
+virtual/kernel:do_deploy \
+ "
+
+# INITRD_IMAGE is added to INITRD_LIVE, which we use to create our initrd, so 
depend on it if it is set
+# So we want to generate the initrd image if INITRD_IMAGE exists
+do_uki[depends] += "${@ '${INITRD_IMAGE}:do_image_complete' if 
d.getVar('INITRD_IMAGE') else ''}"
+
+# ensure that the build directory is empty everytime we generate a 
newly-created uki
+do_uki[cleandirs] = "${B}"
+# influence the build directory at the start of the builds
+do_uki[dirs] = "${B}"
+
+# we want to allow specifying files in SRC_URI, such as for signing the UKI
+python () {
+d.delVarFlag("do_fetch","noexec")
+d.delVarFlag("do_unpack","noexec")
+}
+
+# main task
+python do_uki() {
+import glob
+import subprocess
+
+# Construct the ukify command
+ukify_cmd = ("ukify build")
+
+# Handle the creation of an initrd image by reading and concatenating 
multiple cpio files.
+# If the INITRD_LIVE variable is defined and not empty, it opens the 
necessary files, reads their contents,
+# and constructs a list.
+if d.getVar('INITRD_LIVE'):
+initrd_list = ""
+for cpio in d.getVar('INITRD_LIVE').split():
+# get a list of initrds
+initrd_list += cpio + ' '
+
+ukify_cmd += " --initrd=%s" % initrd_list
+else:
+bb.fatal("ERROR - Required argument: INITRD")
+
+deploy_dir_image = d.getVar('DEPLOY_DIR_IMAGE')
+
+# Kernel
+if d.getVar('KERNEL_IMAGETYPE'):
+kernel = "%s/%s" % (deploy_dir_image, d.getVar('KERNEL_IMAGETYPE'))
+kernel_version = d.getVar('KERNEL_VERSION')
+if not os.path.exists(kernel):
+bb.fatal(f"ERROR: cannot find {kernel}.")
+
+ukify_cmd += " --linux=%s --uname %s" % (kernel, kernel_version)
+else:
+bb.fatal("ERROR - Required argument: KERNEL")
+
+# Architecture
+target_arch = d.getVar('EFI_ARCH')
+ukify_cmd += " --efi-arch %s" % target_arch
+
+# Stub
+stub = "%s/linux%s.efi.stub" % (deploy_dir_image, target_arch)
+if not os.path.exists(stub):
+bb.fatal(f"ERROR: cannot find {stub}.")
+ukify_cmd += " --stub %s" % stub
+
+# Add option for dtb
+if d.getVar('KERNEL_DEVICETREE'):
+first_dtb = d.getVar('KERNEL_DEVICETREE').split()[0]
+dtb_path = "%s/%s" % (deploy_dir_image, first_dtb)
+
+if not os.path.exists(dtb_path):
+bb.fatal(f"ERROR: cannot find {dtb_path}.")
+
+ukify_cmd += " --devicetree %s" % dtb_path
+
+# Add option to pass a config file to sign the UKI.
+if 

Re: [OE-core] [PATCH 16/17] build-sysroots.bb: run tasks one after the other

[Richard Purdie]

On Wed, 2023-09-06 at 23:27 +0200, Alexander Kanavin wrote:
> On Wed, 6 Sept 2023 at 22:53, Richard Purdie
>  wrote:
> > That test/calls were fairly recently added:
> > 
> > https://git.yoctoproject.org/poky/commit/meta/lib/oeqa/selftest/cases/meta_ide.py?id=9b3fcb0d91648ae3b53ec8ffcb31fb6eac9209dd
> > 
> > That test should probably call:
> > 
> > bitbake("build-sysroots -c build_native_sysroot")
> > bitbake("build-sysroots -c build_target_sysroot")
> > 
> > om the setup case and then just call the target piece again in the
> > specific test.
> > 
> > We could drop the "before do_build" in the build-sysroots recipe.
> > 
> > Note that the tasks are nostamp so they will always rerun. It does make
> > sense to have a way to regenerate the target sysroot only but if you
> > change it as you suggest, that becomes impossible.
> 
> Setting up the 'direct esdk' would become somewhat more awkward as it
> does currently rely on being able to run 'bitbake build-sysroots'
> directly as officially published:
> (yes the doc formatting needs to be fixed):
> 
> https://docs.yoctoproject.org/sdk-manual/extensible.html#setting-up-the-extensible-sdk-environment-directly-in-a-yocto-build
> https://docs.yoctoproject.org/sdk-manual/extensible.html#when-using-the-extensible-sdk-directly-in-a-yocto-build
> 
> I can fix both the test and the documentation to run first native,
> then target task explicitly, but I would really prefer to make
> 'bitbake build-sysroots' just work without chance of failures.

Taking a step back, is user information actually useful in the context
of these sysroots? Really, you shouldn't need the native sysroot for
the target one.

We only have postinsts for sysroots where they were absolutely
unavoidable:

* useradd
* xmlcatalog
* ldso/qemu issue
* pixbuf

Basically, they're on used for "index" creation issues. Ideally we'd
not have these things at all, they're horrible to have to hack in.

In the context of external SDKs, useradd doesn't make much sense. Even
for "in-tree" use, given the significant dependency creep, I'm starting
to think we should drop the useradd calls from the postinst script and
code something else to create the right passwd/group entries which is
all we care about (to keep pseudo working ok for packaging).

The reason the dependency creep worries me is I know what the code
internal to bitbake does when it hits these dependencies. It is really
suboptimal :(.

I know it is really tempting just to add dependencies and ignore the
deeper issues but some of this really doesn't make sense when you step
back and think about it.

Cheers,

Richard

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187358): 
https://lists.openembedded.org/g/openembedded-core/message/187358
Mute This Topic: https://lists.openembedded.org/mt/101197363/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH 16/17] build-sysroots.bb: run tasks one after the other

[Alexander Kanavin]

On Wed, 6 Sept 2023 at 22:53, Richard Purdie
 wrote:
> That test/calls were fairly recently added:
>
> https://git.yoctoproject.org/poky/commit/meta/lib/oeqa/selftest/cases/meta_ide.py?id=9b3fcb0d91648ae3b53ec8ffcb31fb6eac9209dd
>
> That test should probably call:
>
> bitbake("build-sysroots -c build_native_sysroot")
> bitbake("build-sysroots -c build_target_sysroot")
>
> om the setup case and then just call the target piece again in the
> specific test.
>
> We could drop the "before do_build" in the build-sysroots recipe.
>
> Note that the tasks are nostamp so they will always rerun. It does make
> sense to have a way to regenerate the target sysroot only but if you
> change it as you suggest, that becomes impossible.

Setting up the 'direct esdk' would become somewhat more awkward as it
does currently rely on being able to run 'bitbake build-sysroots'
directly as officially published:
(yes the doc formatting needs to be fixed):

https://docs.yoctoproject.org/sdk-manual/extensible.html#setting-up-the-extensible-sdk-environment-directly-in-a-yocto-build
https://docs.yoctoproject.org/sdk-manual/extensible.html#when-using-the-extensible-sdk-directly-in-a-yocto-build

I can fix both the test and the documentation to run first native,
then target task explicitly, but I would really prefer to make
'bitbake build-sysroots' just work without chance of failures.

Alex

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187357): 
https://lists.openembedded.org/g/openembedded-core/message/187357
Mute This Topic: https://lists.openembedded.org/mt/101197363/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] mdadm: Disable further tests due to intermittent failures

[Richard Purdie]

I took the mdadm ptest enabling as I was told the tests were fine now.
They're not. Disable more of them as having intermittent issues.

Signed-off-by: Richard Purdie 
---
 meta/recipes-extended/mdadm/mdadm_4.2.bb | 5 +
 1 file changed, 5 insertions(+)

diff --git a/meta/recipes-extended/mdadm/mdadm_4.2.bb 
b/meta/recipes-extended/mdadm/mdadm_4.2.bb
index f624d81df56..c66a89677f6 100644
--- a/meta/recipes-extended/mdadm/mdadm_4.2.bb
+++ b/meta/recipes-extended/mdadm/mdadm_4.2.bb
@@ -105,6 +105,11 @@ do_install_ptest() {
do
install -D -m 755 $prg ${D}${PTEST_PATH}/
done
+
+   # Disable tests causing intermittent autobuilder failures
+   echo "intermittent failure on autobuilder" > 
${D}${PTEST_PATH}/tests/19raid6check.broken
+   echo "intermittent failure on autobuilder" > 
${D}${PTEST_PATH}/tests/20raid5journal.broken
+   echo "intermittent failure on autobuilder" > 
${D}${PTEST_PATH}/tests/21raid5cache.broken
 }
 
 RDEPENDS:${PN} += "bash"
-- 
2.39.2


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187356): 
https://lists.openembedded.org/g/openembedded-core/message/187356
Mute This Topic: https://lists.openembedded.org/mt/101202786/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH 16/17] build-sysroots.bb: run tasks one after the other

[Richard Purdie]

On Wed, 2023-09-06 at 22:28 +0200, Alexander Kanavin wrote:
> On Wed, 6 Sept 2023 at 22:13, Richard Purdie
>  wrote:
> > Firstly, that recipe was a bit of a hack. In bygone times, we had a
> > shared sysroot and this was effectively creating it for the places we
> > hadn't converted to use recipe specific sysroots. There should only be
> > a small number of places it is used where we haven't found a better
> > way.
> > 
> > When you use it, the calling code first has to ensure the things it
> > wants in the sysroots have been built. The caller is therefore expected
> > to build the right set of dependencies.
> > 
> > Putting ordering constraints into the recipe is going to make people
> > think it all happens by magic. It doesn't and the caller has to be
> > careful.
> > 
> > I'm reluctant to add any dependencies when it should be clear the
> > caller is entirely responsible for this.
> 
> This commit was prompted by seeing these intermittent races with the
> upgraded shadow:
> 
> https://autobuilder.yoctoproject.org/typhoon/#/builders/146/builds/468/steps/12/logs/stdio
> https://autobuilder.yoctoproject.org/typhoon/#/builders/147/builds/467/steps/12/logs/stdio
> 
> What happens here is:
> - target sysroot population relies on being able to run useradd
> without errors. It will also skip the useradd execution if useradd is
> not present.
> - useradd comes from the native sysroot
> - native sysroot is being populated at the same time as target sysroot
> is because the build-sysroots recipe doesn't constrain that
> - this can result in races where useradd executable is already there,
> but the libraries it needs (libbsd, libattr, libmd) are not
> 
> How would the caller ensure this doesn't happen? I think it's
> reasonable to assume 'bitbake build-sysroots' should complete without
> intermittent failures.

That test/calls were fairly recently added:

https://git.yoctoproject.org/poky/commit/meta/lib/oeqa/selftest/cases/meta_ide.py?id=9b3fcb0d91648ae3b53ec8ffcb31fb6eac9209dd

That test should probably call:

bitbake("build-sysroots -c build_native_sysroot")
bitbake("build-sysroots -c build_target_sysroot")

om the setup case and then just call the target piece again in the
specific test.

We could drop the "before do_build" in the build-sysroots recipe.

Note that the tasks are nostamp so they will always rerun. It does make
sense to have a way to regenerate the target sysroot only but if you
change it as you suggest, that becomes impossible.

Cheers,

Richard





-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187355): 
https://lists.openembedded.org/g/openembedded-core/message/187355
Mute This Topic: https://lists.openembedded.org/mt/101197363/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH 16/17] build-sysroots.bb: run tasks one after the other

[Alexander Kanavin]

On Wed, 6 Sept 2023 at 22:13, Richard Purdie
 wrote:
> Firstly, that recipe was a bit of a hack. In bygone times, we had a
> shared sysroot and this was effectively creating it for the places we
> hadn't converted to use recipe specific sysroots. There should only be
> a small number of places it is used where we haven't found a better
> way.
>
> When you use it, the calling code first has to ensure the things it
> wants in the sysroots have been built. The caller is therefore expected
> to build the right set of dependencies.
>
> Putting ordering constraints into the recipe is going to make people
> think it all happens by magic. It doesn't and the caller has to be
> careful.
>
> I'm reluctant to add any dependencies when it should be clear the
> caller is entirely responsible for this.

This commit was prompted by seeing these intermittent races with the
upgraded shadow:

https://autobuilder.yoctoproject.org/typhoon/#/builders/146/builds/468/steps/12/logs/stdio
https://autobuilder.yoctoproject.org/typhoon/#/builders/147/builds/467/steps/12/logs/stdio

What happens here is:
- target sysroot population relies on being able to run useradd
without errors. It will also skip the useradd execution if useradd is
not present.
- useradd comes from the native sysroot
- native sysroot is being populated at the same time as target sysroot
is because the build-sysroots recipe doesn't constrain that
- this can result in races where useradd executable is already there,
but the libraries it needs (libbsd, libattr, libmd) are not

How would the caller ensure this doesn't happen? I think it's
reasonable to assume 'bitbake build-sysroots' should complete without
intermittent failures.

Alex

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187354): 
https://lists.openembedded.org/g/openembedded-core/message/187354
Mute This Topic: https://lists.openembedded.org/mt/101197363/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH 16/17] build-sysroots.bb: run tasks one after the other

[Richard Purdie]

On Wed, 2023-09-06 at 21:28 +0200, Alexander Kanavin wrote:
> On Wed, 6 Sept 2023 at 21:23, Richard Purdie
>  wrote:
> 
> > >  do_clean[cleandirs] += "${STANDALONE_SYSROOT} 
> > > ${STANDALONE_SYSROOT_NATIVE}"
> > 
> > This doesn't just force ordering but means target will always now
> > trigger the native sysroot as a dependency. We don't want to do that...
> 
> But I think we do. Target is using executables from native sysroot
> such as user management utilities from shadow-native, and they won't
> be otherwise present there.

Firstly, that recipe was a bit of a hack. In bygone times, we had a
shared sysroot and this was effectively creating it for the places we
hadn't converted to use recipe specific sysroots. There should only be
a small number of places it is used where we haven't found a better
way.

When you use it, the calling code first has to ensure the things it
wants in the sysroots have been built. The caller is therefore expected
to build the right set of dependencies.

Putting ordering constraints into the recipe is going to make people
think it all happens by magic. It doesn't and the caller has to be
careful.

I'm reluctant to add any dependencies when it should be clear the
caller is entirely responsible for this.

Cheers,

Richard


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187353): 
https://lists.openembedded.org/g/openembedded-core/message/187353
Mute This Topic: https://lists.openembedded.org/mt/101197363/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH 16/17] build-sysroots.bb: run tasks one after the other

[Alexander Kanavin]

On Wed, 6 Sept 2023 at 21:28, Alexander Kanavin via
lists.openembedded.org 
wrote:
> > This doesn't just force ordering but means target will always now
> > trigger the native sysroot as a dependency. We don't want to do that...
>
> But I think we do. Target is using executables from native sysroot
> such as user management utilities from shadow-native, and they won't
> be otherwise present there.

By the way extend_recipe_sysroot()  is already doing:

staging_populate_sysroot_dir(recipesysroot,
recipesysrootnative, True, d)
staging_populate_sysroot_dir(recipesysroot,
recipesysrootnative, False, d)

so just calling one after the other in a single task. Why
build-sysroots recipe has those as separate tasks I'm not sure, but
they should either be folded into one task, or be strictly ordered and
required. Unless I am missing something.

Alex

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187352): 
https://lists.openembedded.org/g/openembedded-core/message/187352
Mute This Topic: https://lists.openembedded.org/mt/101197363/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH 16/17] build-sysroots.bb: run tasks one after the other

[Alexander Kanavin]

On Wed, 6 Sept 2023 at 21:23, Richard Purdie
 wrote:

> >  do_clean[cleandirs] += "${STANDALONE_SYSROOT} ${STANDALONE_SYSROOT_NATIVE}"
>
> This doesn't just force ordering but means target will always now
> trigger the native sysroot as a dependency. We don't want to do that...

But I think we do. Target is using executables from native sysroot
such as user management utilities from shadow-native, and they won't
be otherwise present there.

Alex

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187351): 
https://lists.openembedded.org/g/openembedded-core/message/187351
Mute This Topic: https://lists.openembedded.org/mt/101197363/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH 16/17] build-sysroots.bb: run tasks one after the other

[Richard Purdie]

On Wed, 2023-09-06 at 18:56 +0200, Alexander Kanavin wrote:
> Target task is using executables populated by the native task
> and as they run in parallel, races can occur.
> 
> This was triggered by shadow recipe update which added depedendent libraries,
> and where half-populated native sysroot (dependent libraries missing)
> was triggering useradd failures.
> 
> Presence or absence of useradd itself is a soft failure, and so was 
> previously unnoticed.
> 
> Signed-off-by: Alexander Kanavin 
> ---
>  meta/recipes-core/meta/build-sysroots.bb | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/meta/recipes-core/meta/build-sysroots.bb 
> b/meta/recipes-core/meta/build-sysroots.bb
> index 1a3b692a1b1..ac74dda22c4 100644
> --- a/meta/recipes-core/meta/build-sysroots.bb
> +++ b/meta/recipes-core/meta/build-sysroots.bb
> @@ -42,6 +42,6 @@ python do_build_target_sysroot () {
>  }
>  do_build_target_sysroot[cleandirs] = "${STANDALONE_SYSROOT}"
>  do_build_target_sysroot[nostamp] = "1"
> -addtask do_build_target_sysroot before do_build
> +addtask do_build_target_sysroot before do_build after do_build_native_sysroot
>  
>  do_clean[cleandirs] += "${STANDALONE_SYSROOT} ${STANDALONE_SYSROOT_NATIVE}"

This doesn't just force ordering but means target will always now
trigger the native sysroot as a dependency. We don't want to do that...

Cheers,

Richard


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187350): 
https://lists.openembedded.org/g/openembedded-core/message/187350
Mute This Topic: https://lists.openembedded.org/mt/101197363/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH] glib-2.0: explicitly enable strlcpy()

[Khem Raj]

On Wed, Sep 6, 2023 at 11:07 AM Ross Burton  wrote:

> On 6 Sep 2023, at 18:30, Khem Raj  wrote:
> >
> > On Wed, Sep 6, 2023 at 8:12 AM Ross Burton  wrote:
> >>
> >> From: Ross Burton 
> >>
> >> We have glibc 2.38 which added strlcpy(), so enable the use of it
> >> explicitly in the Meson cross file for when the target doesn't support
> >> qemu-usermode (which will result in the default of not using it).
> >
> > will this be effective for non-target variants too ? In that case we
> > may not have
> > glibc 2.38 on all distros yet.
>
> The extra cross file logic is not used in native builds.


Superb and I checked that this is already set for musl cross file so all
good


>
> Ross

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187349): 
https://lists.openembedded.org/g/openembedded-core/message/187349
Mute This Topic: https://lists.openembedded.org/mt/101194848/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 6/7] libsoup: update PACKAGECONFIG

[Ross Burton]

From: Ross Burton 

Add explicit PACKAGECONFIGs for brotli,ntlm, and sysprof.

libsoup needs to be told where ntlm_auth will be on the target, so write
a cross file to do so.

Also explicitly disable more of the test suites as we don't build them
yet.

Signed-off-by: Ross Burton 
---
 meta/recipes-support/libsoup/libsoup_3.4.2.bb | 19 ---
 1 file changed, 16 insertions(+), 3 deletions(-)

diff --git a/meta/recipes-support/libsoup/libsoup_3.4.2.bb 
b/meta/recipes-support/libsoup/libsoup_3.4.2.bb
index 37e54abe733..ad86c890a12 100644
--- a/meta/recipes-support/libsoup/libsoup_3.4.2.bb
+++ b/meta/recipes-support/libsoup/libsoup_3.4.2.bb
@@ -24,11 +24,24 @@ inherit meson gettext pkgconfig upstream-version-is-even 
gobject-introspection g
 GIR_MESON_ENABLE_FLAG = 'enabled'
 GIR_MESON_DISABLE_FLAG = 'disabled'
 
-# libsoup-gnome is entirely deprecated and just stubs in 2.42 onwards. Disable 
by default.
 PACKAGECONFIG ??= ""
+PACKAGECONFIG[brotli] = "-Dbrotli=enabled,-Dbrotli=disabled,brotli"
 PACKAGECONFIG[gssapi] = "-Dgssapi=enabled,-Dgssapi=disabled,krb5"
-
-EXTRA_OEMESON:append = " -Dvapi=disabled -Dtls_check=false"
+PACKAGECONFIG[ntlm] = "-Dntlm=enabled,-Dntlm=disabled"
+PACKAGECONFIG[sysprof] = "-Dsysprof=enabled,-Dsysprof=disabled,sysprof"
+
+# Tell libsoup where the target ntlm_auth is installed
+do_write_config:append:class-target() {
+cat >${WORKDIR}/soup.cross <
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187347): 
https://lists.openembedded.org/g/openembedded-core/message/187347
Mute This Topic: https://lists.openembedded.org/mt/101199046/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 7/7] wayland-utils: add libdrm PACKAGECONFIG

[Ross Burton]

From: Ross Burton 

wayland-utils has optional libdrm support, so add a PACKAGECONFIG and
enable it.

Signed-off-by: Ross Burton 
---
 meta/recipes-graphics/wayland/wayland-utils_1.1.0.bb | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/meta/recipes-graphics/wayland/wayland-utils_1.1.0.bb 
b/meta/recipes-graphics/wayland/wayland-utils_1.1.0.bb
index dcee87e2cd2..48e1409be85 100644
--- a/meta/recipes-graphics/wayland/wayland-utils_1.1.0.bb
+++ b/meta/recipes-graphics/wayland/wayland-utils_1.1.0.bb
@@ -19,3 +19,6 @@ UPSTREAM_CHECK_URI = 
"https://wayland.freedesktop.org/releases.html;
 inherit meson pkgconfig
 
 DEPENDS += "wayland wayland-native wayland-protocols"
+
+PACKAGECONFIG ??= "drm"
+PACKAGECONFIG[drm] = "-Ddrm=enabled,-Ddrm=disabled,libdrm"
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187348): 
https://lists.openembedded.org/g/openembedded-core/message/187348
Mute This Topic: https://lists.openembedded.org/mt/101199047/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 5/7] libsoup-2.4: update PACKAGECONFIG

[Ross Burton]

From: Ross Burton 

Add explicit PACKAGECONFIGs for brotli,ntlm, and sysprof.

libsoup needs to be told where ntlm_auth will be on the target, so write
a cross file to do so.

Signed-off-by: Ross Burton 
---
 .../libsoup/libsoup-2.4_2.74.3.bb  | 18 +++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb 
b/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
index 79281fbf5b5..5abeced30b2 100644
--- a/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
+++ b/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
@@ -25,12 +25,24 @@ UPSTREAM_CHECK_REGEX = 
"libsoup-(?P2(\.(?!99)\d+)+)\.tar"
 GIR_MESON_ENABLE_FLAG = 'enabled'
 GIR_MESON_DISABLE_FLAG = 'disabled'
 
-# libsoup-gnome is entirely deprecated and just stubs in 2.42 onwards. Disable 
by default.
 PACKAGECONFIG ??= ""
+PACKAGECONFIG[brotli] = "-Dbrotli=enabled,-Dbrotli=disabled,brotli"
+# libsoup-gnome is entirely deprecated and just stubs in 2.42 onwards
 PACKAGECONFIG[gnome] = "-Dgnome=true,-Dgnome=false"
 PACKAGECONFIG[gssapi] = "-Dgssapi=enabled,-Dgssapi=disabled,krb5"
-
-EXTRA_OEMESON:append = " -Dvapi=disabled -Dtls_check=false"
+PACKAGECONFIG[ntlm] = "-Dntlm=enabled,-Dntlm=disabled"
+PACKAGECONFIG[sysprof] = "-Dsysprof=enabled,-Dsysprof=disabled,sysprof"
+
+# Tell libsoup where the target ntlm_auth is installed
+do_write_config:append:class-target() {
+cat >${WORKDIR}/soup.cross <
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187346): 
https://lists.openembedded.org/g/openembedded-core/message/187346
Mute This Topic: https://lists.openembedded.org/mt/101199045/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 3/7] harfbuzz: update PACKAGECONFIG

[Ross Burton]

From: Ross Burton 

Add a chafa PACKAGECONFIG so that we explicitly disable it, and update
the graphite PACKAGECONFIG to use the graphite2 option as the old name is
deprecated.

Signed-off-by: Ross Burton 
---
 meta/recipes-graphics/harfbuzz/harfbuzz_8.1.1.bb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/meta/recipes-graphics/harfbuzz/harfbuzz_8.1.1.bb 
b/meta/recipes-graphics/harfbuzz/harfbuzz_8.1.1.bb
index 110248a5cb4..9422db20055 100644
--- a/meta/recipes-graphics/harfbuzz/harfbuzz_8.1.1.bb
+++ b/meta/recipes-graphics/harfbuzz/harfbuzz_8.1.1.bb
@@ -22,9 +22,10 @@ GTKDOC_MESON_DISABLE_FLAG = 'disabled'
 
 PACKAGECONFIG ??= "cairo freetype glib icu"
 PACKAGECONFIG[cairo] = "-Dcairo=enabled,-Dcairo=disabled,cairo"
+PACKAGECONFIG[chafa] = "-Dchafa=enabled,-Dchafa=disabled,chafa"
 PACKAGECONFIG[freetype] = "-Dfreetype=enabled,-Dfreetype=disabled,freetype"
 PACKAGECONFIG[glib] = "-Dglib=enabled,-Dglib=disabled,glib-2.0"
-PACKAGECONFIG[graphite] = "-Dgraphite=enabled,-Dgraphite=disabled,graphite2"
+PACKAGECONFIG[graphite] = "-Dgraphite2=enabled,-Dgraphite2=disabled,graphite2"
 PACKAGECONFIG[icu] = "-Dicu=enabled,-Dicu=disabled,icu"
 
 PACKAGES =+ "${PN}-icu ${PN}-icu-dev ${PN}-subset"
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187344): 
https://lists.openembedded.org/g/openembedded-core/message/187344
Mute This Topic: https://lists.openembedded.org/mt/101199043/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 4/7] pango: explictly enable/disable libthai

[Ross Burton]

From: Ross Burton 

Pango has had an explicit option since 1.46.2

Signed-off-by: Ross Burton 
---
 meta/recipes-graphics/pango/pango_1.51.0.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-graphics/pango/pango_1.51.0.bb 
b/meta/recipes-graphics/pango/pango_1.51.0.bb
index 3bf84458e52..77a19012483 100644
--- a/meta/recipes-graphics/pango/pango_1.51.0.bb
+++ b/meta/recipes-graphics/pango/pango_1.51.0.bb
@@ -33,7 +33,7 @@ PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 
'x11', d)} \
 
 PACKAGECONFIG[x11] = ",,virtual/libx11 libxft"
 PACKAGECONFIG[tests] = "-Dinstall-tests=true, -Dinstall-tests=false"
-PACKAGECONFIG[thai] = ",,libthai"
+PACKAGECONFIG[thai] = "-Dlibthai=enabled,-Dlibthai=disabled,libthai"
 
 GIR_MESON_OPTION = 'introspection'
 
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187345): 
https://lists.openembedded.org/g/openembedded-core/message/187345
Mute This Topic: https://lists.openembedded.org/mt/101199044/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 1/7] glib-2.0: libelf has a configure option now, specify it

[Ross Burton]

From: Ross Burton 

GLib has had an option to control libelf since 2.67.0, so use it.

Signed-off-by: Ross Burton 
---
 meta/recipes-core/glib-2.0/glib.inc | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/meta/recipes-core/glib-2.0/glib.inc 
b/meta/recipes-core/glib-2.0/glib.inc
index 843b6bd29b3..878dd107de4 100644
--- a/meta/recipes-core/glib-2.0/glib.inc
+++ b/meta/recipes-core/glib-2.0/glib.inc
@@ -40,8 +40,7 @@ PACKAGECONFIG ??= "libmount \
${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)}"
 PACKAGECONFIG[libmount] = "-Dlibmount=enabled,-Dlibmount=disabled,util-linux"
 PACKAGECONFIG[manpages] = "-Dman=true, -Dman=false, libxslt-native 
xmlto-native"
-# libelf is auto-detected without a configuration option
-PACKAGECONFIG[libelf] = ",,elfutils"
+PACKAGECONFIG[libelf] = "-Dlibelf=enabled,-Dlibelf=disabled,elfutils"
 PACKAGECONFIG[tests] = "-Dinstalled_tests=true,-Dinstalled_tests=false,"
 PACKAGECONFIG[selinux] = "-Dselinux=enabled,-Dselinux=disabled,libselinux"
 
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187342): 
https://lists.openembedded.org/g/openembedded-core/message/187342
Mute This Topic: https://lists.openembedded.org/mt/101199041/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 2/7] libgudev: explicitly disable tests and vapi

[Ross Burton]

From: Ross Burton 

Explicitly disable the tests and vapi support instead of relying on
defaults and missing dependencies.

Signed-off-by: Ross Burton 
---
 meta/recipes-gnome/libgudev/libgudev_237.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/recipes-gnome/libgudev/libgudev_237.bb 
b/meta/recipes-gnome/libgudev/libgudev_237.bb
index 5aa94e58f5a..d3122de8a07 100644
--- a/meta/recipes-gnome/libgudev/libgudev_237.bb
+++ b/meta/recipes-gnome/libgudev/libgudev_237.bb
@@ -25,6 +25,8 @@ GTKDOC_MESON_OPTION = "gtk_doc"
 UPSTREAM_CHECK_URI = "http://ftp.gnome.org/pub/GNOME/sources/libgudev/;
 UPSTREAM_CHECK_REGEX = "(?P(\d+))"
 
+EXTRA_OEMESON += "-Dtests=disabled -Dvapi=disabled"
+
 # This isn't a GNOME-style version do gnome_verdir fails. Just return the
 # version as that is how the directory is structured.
 def gnome_verdir(v):
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187343): 
https://lists.openembedded.org/g/openembedded-core/message/187343
Mute This Topic: https://lists.openembedded.org/mt/101199042/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH] glib-2.0: explicitly enable strlcpy()

[Ross Burton]

On 6 Sep 2023, at 18:30, Khem Raj  wrote:
> 
> On Wed, Sep 6, 2023 at 8:12 AM Ross Burton  wrote:
>> 
>> From: Ross Burton 
>> 
>> We have glibc 2.38 which added strlcpy(), so enable the use of it
>> explicitly in the Meson cross file for when the target doesn't support
>> qemu-usermode (which will result in the default of not using it).
> 
> will this be effective for non-target variants too ? In that case we
> may not have
> glibc 2.38 on all distros yet.

The extra cross file logic is not used in native builds.

Ross
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187341): 
https://lists.openembedded.org/g/openembedded-core/message/187341
Mute This Topic: https://lists.openembedded.org/mt/101194848/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH] glib-2.0: explicitly enable strlcpy()

[Khem Raj]

On Wed, Sep 6, 2023 at 8:12 AM Ross Burton  wrote:
>
> From: Ross Burton 
>
> We have glibc 2.38 which added strlcpy(), so enable the use of it
> explicitly in the Meson cross file for when the target doesn't support
> qemu-usermode (which will result in the default of not using it).

will this be effective for non-target variants too ? In that case we
may not have
glibc 2.38 on all distros yet.

>
> Signed-off-by: Ross Burton 
> ---
>  meta/recipes-core/glib-2.0/glib-2.0/meson.cross.d/common-glibc | 1 +
>  1 file changed, 1 insertion(+)
>
> diff --git a/meta/recipes-core/glib-2.0/glib-2.0/meson.cross.d/common-glibc 
> b/meta/recipes-core/glib-2.0/glib-2.0/meson.cross.d/common-glibc
> index c4648f58c78..3049e5116ec 100644
> --- a/meta/recipes-core/glib-2.0/glib-2.0/meson.cross.d/common-glibc
> +++ b/meta/recipes-core/glib-2.0/glib-2.0/meson.cross.d/common-glibc
> @@ -3,3 +3,4 @@ have_c99_vsnprintf = true
>  have_c99_snprintf = true
>  have_unix98_printf = true
>  va_val_copy = true
> +have_strlcpy = true
> --
> 2.34.1
>
>
> 
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187340): 
https://lists.openembedded.org/g/openembedded-core/message/187340
Mute This Topic: https://lists.openembedded.org/mt/101194848/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 16/17] build-sysroots.bb: run tasks one after the other

[Alexander Kanavin]

Target task is using executables populated by the native task
and as they run in parallel, races can occur.

This was triggered by shadow recipe update which added depedendent libraries,
and where half-populated native sysroot (dependent libraries missing)
was triggering useradd failures.

Presence or absence of useradd itself is a soft failure, and so was previously 
unnoticed.

Signed-off-by: Alexander Kanavin 
---
 meta/recipes-core/meta/build-sysroots.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-core/meta/build-sysroots.bb 
b/meta/recipes-core/meta/build-sysroots.bb
index 1a3b692a1b1..ac74dda22c4 100644
--- a/meta/recipes-core/meta/build-sysroots.bb
+++ b/meta/recipes-core/meta/build-sysroots.bb
@@ -42,6 +42,6 @@ python do_build_target_sysroot () {
 }
 do_build_target_sysroot[cleandirs] = "${STANDALONE_SYSROOT}"
 do_build_target_sysroot[nostamp] = "1"
-addtask do_build_target_sysroot before do_build
+addtask do_build_target_sysroot before do_build after do_build_native_sysroot
 
 do_clean[cleandirs] += "${STANDALONE_SYSROOT} ${STANDALONE_SYSROOT_NATIVE}"
-- 
2.30.2


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187338): 
https://lists.openembedded.org/g/openembedded-core/message/187338
Mute This Topic: https://lists.openembedded.org/mt/101197363/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 17/17] shadow: update 4.13 -> 4.14.0

[Alexander Kanavin]

License-Update: formatting, spdx conversion

Drop:
0001-Disable-use-of-syslog-for-sysroot.patch
(issue fixed upstream)

0001-Fix-can-not-print-full-login.patch
0001-Overhaul-valid_field.patch
CVE-2023-29383.patch
(backports)

libbsd is a new native dependency, as otherwise glibc >= 2.38
is needed.

A similar fix is added to musl in order to define non-standard 
__BEGIN_DECLS/__END_DECLS.

Signed-off-by: Alexander Kanavin 
---
 ...01-Disable-use-of-syslog-for-sysroot.patch | 52 ---
 .../0001-Fix-can-not-print-full-login.patch   | 41 
 .../files/0001-Overhaul-valid_field.patch | 65 ---
 .../shadow/files/CVE-2023-29383.patch | 53 ---
 ...nexpected-open-failure-in-chroot-env.patch | 16 +++--
 meta/recipes-extended/shadow/shadow.inc   | 18 ++---
 .../{shadow_4.13.bb => shadow_4.14.0.bb}  |  0
 7 files changed, 16 insertions(+), 229 deletions(-)
 delete mode 100644 
meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch
 delete mode 100644 
meta/recipes-extended/shadow/files/0001-Fix-can-not-print-full-login.patch
 delete mode 100644 
meta/recipes-extended/shadow/files/0001-Overhaul-valid_field.patch
 delete mode 100644 meta/recipes-extended/shadow/files/CVE-2023-29383.patch
 rename meta/recipes-extended/shadow/{shadow_4.13.bb => shadow_4.14.0.bb} (100%)

diff --git 
a/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch
 
b/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch
deleted file mode 100644
index fa1532c8317..000
--- 
a/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From 85d0444229ee3d14fefcf10d093f49c862826f82 Mon Sep 17 00:00:00 2001
-From: Richard Purdie 
-Date: Thu, 14 Apr 2022 23:11:53 +
-Subject: [PATCH] Disable use of syslog for shadow-native tools
-
-Disable use of syslog to prevent sysroot user and group additions from
-writing entries to the host's syslog. This patch should only be used
-with the shadow-native recipe.
-
-Upstream-Status: Inappropriate [OE specific configuration]
-Signed-off-by: Richard Purdie 
-Signed-off-by: Peter Kjellerstedt 
-

- configure.ac  | 2 +-
- src/login_nopam.c | 3 ++-
- 2 files changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index 924254a..603af81 100644
 a/configure.ac
-+++ b/configure.ac
-@@ -191,7 +191,7 @@ AC_DEFINE_UNQUOTED(PASSWD_PROGRAM, 
"$shadow_cv_passwd_dir/passwd",
-   [Path to passwd program.])
- 
- dnl XXX - quick hack, should disappear before anyone notices :).
--AC_DEFINE(USE_SYSLOG, 1, [Define to use syslog().])
-+#AC_DEFINE(USE_SYSLOG, 1, [Define to use syslog().])
- if test "$ac_cv_func_ruserok" = "yes"; then
-   AC_DEFINE(RLOGIN, 1, [Define if login should support the -r flag for 
rlogind.])
-   AC_DEFINE(RUSEROK, 0, [Define to the ruserok() "success" return value 
(0 or 1).])
-diff --git a/src/login_nopam.c b/src/login_nopam.c
-index df6ba88..fc24e13 100644
 a/src/login_nopam.c
-+++ b/src/login_nopam.c
-@@ -29,7 +29,6 @@
- #ifndef USE_PAM
- #ident "$Id$"
- 
--#include "prototypes.h"
- /*
-  * This module implements a simple but effective form of login access
-  * control based on login names and on host (or domain) names, internet
-@@ -57,6 +56,8 @@
- #include 
- #include /* for inet_ntoa() */
- 
-+#include "prototypes.h"
-+
- #if !defined(MAXHOSTNAMELEN) || (MAXHOSTNAMELEN < 64)
- #undef MAXHOSTNAMELEN
- #define MAXHOSTNAMELEN 256
diff --git 
a/meta/recipes-extended/shadow/files/0001-Fix-can-not-print-full-login.patch 
b/meta/recipes-extended/shadow/files/0001-Fix-can-not-print-full-login.patch
deleted file mode 100644
index 37ba5f3dc21..000
--- a/meta/recipes-extended/shadow/files/0001-Fix-can-not-print-full-login.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-commit 670cae834827a8f794e6f7464fa57790d911b63c
-Author: SoumyaWind <121475834+soumyaw...@users.noreply.github.com>
-Date:   Tue Dec 27 17:40:17 2022 +0530
-
-shadow: Fix can not print full login timeout message
-
-Login timed out message prints only first few bytes when write is 
immediately followed by exit.
-Calling exit from new handler provides enough time to display full message.
-
-Upstream-Status: Accepted 
[https://github.com/shadow-maint/shadow/commit/670cae834827a8f794e6f7464fa57790d911b63c]
-
-diff --git a/src/login.c b/src/login.c
-index 116e2cb3..c55f4de0 100644
 a/src/login.c
-+++ b/src/login.c
-@@ -120,6 +120,7 @@ static void get_pam_user (char **ptr_pam_user);
- 
- static void init_env (void);
- static void alarm_handler (int);
-+static void exit_handler (int);
- 
- /*
-  * usage - print login command usage and exit
-@@ -391,11 +392,16 @@ static void init_env (void)
- #endif/* !USE_PAM */
- }
- 
-+static void exit_handler (unused int sig)
-+{
-+  _exit (0);
-+}
- 
- static void alarm_handler 

[OE-core] [PATCH 13/17] gnutls: update 3.8.0 -> 3.8.1

[Alexander Kanavin]

Signed-off-by: Alexander Kanavin 
---
 meta/recipes-support/gnutls/gnutls/arm_eabi.patch| 12 +++-
 .../gnutls/{gnutls_3.8.0.bb => gnutls_3.8.1.bb}  |  2 +-
 2 files changed, 8 insertions(+), 6 deletions(-)
 rename meta/recipes-support/gnutls/{gnutls_3.8.0.bb => gnutls_3.8.1.bb} (97%)

diff --git a/meta/recipes-support/gnutls/gnutls/arm_eabi.patch 
b/meta/recipes-support/gnutls/gnutls/arm_eabi.patch
index 2b61a703cb1..fe3f031fdcc 100644
--- a/meta/recipes-support/gnutls/gnutls/arm_eabi.patch
+++ b/meta/recipes-support/gnutls/gnutls/arm_eabi.patch
@@ -1,4 +1,4 @@
-From 911213d9f72ddce468322d22d223127b93964409 Mon Sep 17 00:00:00 2001
+From 5810d97281bb30edb786de9946e5c13186eff6a2 Mon Sep 17 00:00:00 2001
 From: Joe Slater 
 Date: Wed, 25 Jan 2017 13:52:59 -0800
 Subject: [PATCH] gnutls: account for ARM_EABI
@@ -9,16 +9,15 @@ reference to them.
 Upstream-Status: Pending
 
 Signed-off-by: Joe Slater 
-
 ---
  tests/seccomp.c | 2 ++
  1 file changed, 2 insertions(+)
 
 diff --git a/tests/seccomp.c b/tests/seccomp.c
-index a3148fe..443bc5f 100644
+index 86442a5..03a5aa8 100644
 --- a/tests/seccomp.c
 +++ b/tests/seccomp.c
-@@ -52,7 +52,9 @@ int disable_system_calls(void)
+@@ -55,7 +55,9 @@ int disable_system_calls(void)
  
ADD_SYSCALL(nanosleep, 0);
ADD_SYSCALL(clock_nanosleep, 0);
@@ -27,4 +26,7 @@ index a3148fe..443bc5f 100644
 +#endif
ADD_SYSCALL(getpid, 0);
ADD_SYSCALL(gettimeofday, 0);
- # if defined(HAVE_CLOCK_GETTIME)
+ #if defined(HAVE_CLOCK_GETTIME)
+-- 
+2.30.2
+
diff --git a/meta/recipes-support/gnutls/gnutls_3.8.0.bb 
b/meta/recipes-support/gnutls/gnutls_3.8.1.bb
similarity index 97%
rename from meta/recipes-support/gnutls/gnutls_3.8.0.bb
rename to meta/recipes-support/gnutls/gnutls_3.8.1.bb
index 1e3f34b6c53..455031dd474 100644
--- a/meta/recipes-support/gnutls/gnutls_3.8.0.bb
+++ b/meta/recipes-support/gnutls/gnutls_3.8.1.bb
@@ -25,7 +25,7 @@ SRC_URI = 
"https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar
file://Add-ptest-support.patch \
"
 
-SRC_URI[sha256sum] = 
"0ea0d11a1660a1e63f960f157b197abe6d0c8cb3255be24e1fb3815930b9bdc5"
+SRC_URI[sha256sum] = 
"ba8b9e15ae20aba88f44661978f5b5863494316fe7e722ede9d069fe6294829c"
 
 inherit autotools texinfo pkgconfig gettext lib_package gtk-doc ptest
 
-- 
2.30.2


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187335): 
https://lists.openembedded.org/g/openembedded-core/message/187335
Mute This Topic: https://lists.openembedded.org/mt/101197354/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 15/17] useradd.bbclass: list all needed items for package_setscene task

[Alexander Kanavin]

Latest shadow-native links with additional libraries;
I was unable to find a way to resolve those in setscene context
where tasks do not contain such dependencies.

Signed-off-by: Alexander Kanavin 
---
 meta/classes/useradd.bbclass | 8 +++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/meta/classes/useradd.bbclass b/meta/classes/useradd.bbclass
index 4d3bd9a5f56..a35785c9c23 100644
--- a/meta/classes/useradd.bbclass
+++ b/meta/classes/useradd.bbclass
@@ -179,7 +179,13 @@ SSTATEPREINSTFUNCS:append:class-target = " 
useradd_sysroot_sstate"
 
 do_package_setscene[depends] += "${USERADDSETSCENEDEPS}"
 do_populate_sysroot_setscene[depends] += "${USERADDSETSCENEDEPS}"
-USERADDSETSCENEDEPS:class-target = 
"${MLPREFIX}base-passwd:do_populate_sysroot_setscene 
pseudo-native:do_populate_sysroot_setscene 
shadow-native:do_populate_sysroot_setscene 
${MLPREFIX}shadow-sysroot:do_populate_sysroot_setscene"
+USERADDSETSCENEDEPS:class-target = 
"${MLPREFIX}base-passwd:do_populate_sysroot_setscene \
+pseudo-native:do_populate_sysroot_setscene 
\
+shadow-native:do_populate_sysroot_setscene 
\
+attr-native:do_populate_sysroot_setscene \
+libbsd-native:do_populate_sysroot_setscene 
\
+libmd-native:do_populate_sysroot_setscene \
+
${MLPREFIX}shadow-sysroot:do_populate_sysroot_setscene"
 USERADDSETSCENEDEPS = ""
 
 # Recipe parse-time sanity checks
-- 
2.30.2


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187337): 
https://lists.openembedded.org/g/openembedded-core/message/187337
Mute This Topic: https://lists.openembedded.org/mt/101197362/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 14/17] sstate.bbclass: setscene_depvalid(): do not exclude shadow-native from task dependency resolution

[Alexander Kanavin]

This results in executables from shadow-native, such as useradd, falling through
to host libraries instead of using native ones that they were linked with,
because the native libraries would not be installed because of this dependency
exclusion.

Until now that could be coincidentally fulfilled with host libattr (which is
present on all hosts), but latest useradd also wants libbsd and libmd, and those
are not typically installed.

The original reason to add this exclusion was:
https://git.yoctoproject.org/poky/commit/?id=0d2a301bca4eb9d43243f1a03c1cd1ab3f27f30a

While I can't be sure the reason no longer applies, sstate and sysroot handling
has changed massively since early 2013, testing on a-full revealed
no issues, and avoiding incorrect fall-through to host libraries
is better than pulling unneeded dependencies.

Signed-off-by: Alexander Kanavin 
---
 meta/classes-global/sstate.bbclass | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/classes-global/sstate.bbclass 
b/meta/classes-global/sstate.bbclass
index c50198449c2..5f8c9c1f809 100644
--- a/meta/classes-global/sstate.bbclass
+++ b/meta/classes-global/sstate.bbclass
@@ -1137,7 +1137,7 @@ def setscene_depvalid(task, taskdependees, notneeded, d, 
log=None):
 
 # This is due to the [depends] in useradd.bbclass complicating matters
 # The logic *is* reversed here due to the way hard setscene 
dependencies are injected
-if (taskdependees[task][1] == 'do_package' or taskdependees[task][1] 
== 'do_populate_sysroot') and taskdependees[dep][0].endswith(('shadow-native', 
'shadow-sysroot', 'base-passwd', 'pseudo-native')) and taskdependees[dep][1] == 
'do_populate_sysroot':
+if (taskdependees[task][1] == 'do_package' or taskdependees[task][1] 
== 'do_populate_sysroot') and taskdependees[dep][0].endswith(('shadow-sysroot', 
'base-passwd', 'pseudo-native')) and taskdependees[dep][1] == 
'do_populate_sysroot':
 continue
 
 # Consider sysroot depending on sysroot tasks
-- 
2.30.2


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187336): 
https://lists.openembedded.org/g/openembedded-core/message/187336
Mute This Topic: https://lists.openembedded.org/mt/101197358/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 12/17] gnupg: upgrade 2.4.2 -> 2.4.3

[Alexander Kanavin]

Signed-off-by: Alexander Kanavin 
---
 ...-a-custom-value-for-the-location-of-.patch |  4 +--
 .../gnupg/gnupg/fix-ldap.patch| 34 +++
 .../gnupg/gnupg/relocate.patch|  2 +-
 .../gnupg/{gnupg_2.4.2.bb => gnupg_2.4.3.bb}  |  3 +-
 4 files changed, 39 insertions(+), 4 deletions(-)
 create mode 100644 meta/recipes-support/gnupg/gnupg/fix-ldap.patch
 rename meta/recipes-support/gnupg/{gnupg_2.4.2.bb => gnupg_2.4.3.bb} (96%)

diff --git 
a/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch
 
b/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch
index 81aeaf5d3a6..561616584c9 100644
--- 
a/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch
+++ 
b/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch
@@ -1,4 +1,4 @@
-From 8b9e3d286e87bc978ec6bb9cfd790d8d253b79c3 Mon Sep 17 00:00:00 2001
+From acdb7e1d2844cd4088f099617e25352b3dc5b075 Mon Sep 17 00:00:00 2001
 From: Alexander Kanavin 
 Date: Mon, 22 Jan 2018 18:00:21 +0200
 Subject: [PATCH] configure.ac: use a custom value for the location of
@@ -14,7 +14,7 @@ Signed-off-by: Alexander Kanavin 
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/configure.ac b/configure.ac
-index a547401..60bc2c5 100644
+index e68b779..eec9f89 100644
 --- a/configure.ac
 +++ b/configure.ac
 @@ -1922,7 +1922,7 @@ AC_DEFINE_UNQUOTED(GPGCONF_DISP_NAME, "GPGConf",
diff --git a/meta/recipes-support/gnupg/gnupg/fix-ldap.patch 
b/meta/recipes-support/gnupg/gnupg/fix-ldap.patch
new file mode 100644
index 000..47547815656
--- /dev/null
+++ b/meta/recipes-support/gnupg/gnupg/fix-ldap.patch
@@ -0,0 +1,34 @@
+From dc13361524c1477b2106c7385f2059f9ea111b84 Mon Sep 17 00:00:00 2001
+From: NIIBE Yutaka 
+Date: Wed, 5 Jul 2023 09:29:54 +0900
+Subject: [PATCH] dirmngr: Enable the call of ks_ldap_help_variables when
+ USE_LDAP.
+
+* dirmngr/server.c [USE_LDAP] (cmd_ad_query): Conditionalize.
+
+--
+
+Upstream-Status: Backport
+Signed-off-by: NIIBE Yutaka 
+Signed-off-by: Alexander Kanavin 
+---
+ dirmngr/server.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/dirmngr/server.c b/dirmngr/server.c
+index 51a149cb2..ee61f63d6 100644
+--- a/dirmngr/server.c
 b/dirmngr/server.c
+@@ -2776,7 +2776,9 @@ cmd_ad_query (assuan_context_t ctx, char *line)
+ 
+   if (opt_help)
+ {
++#if USE_LDAP
+   ks_ldap_help_variables (ctrl);
++#endif
+   err = 0;
+   goto leave;
+ }
+-- 
+2.11.0
+
diff --git a/meta/recipes-support/gnupg/gnupg/relocate.patch 
b/meta/recipes-support/gnupg/gnupg/relocate.patch
index f7dd12fbcc1..d540e9edbb0 100644
--- a/meta/recipes-support/gnupg/gnupg/relocate.patch
+++ b/meta/recipes-support/gnupg/gnupg/relocate.patch
@@ -1,4 +1,4 @@
-From c4ddea8e6070d1df51058aac08088e27c37e7e73 Mon Sep 17 00:00:00 2001
+From 0e4b325c199354ce54cc4687532cced1440fd496 Mon Sep 17 00:00:00 2001
 From: Ross Burton 
 Date: Wed, 19 Sep 2018 14:44:40 +0100
 Subject: [PATCH] Allow the environment to override where gnupg looks for its
diff --git a/meta/recipes-support/gnupg/gnupg_2.4.2.bb 
b/meta/recipes-support/gnupg/gnupg_2.4.3.bb
similarity index 96%
rename from meta/recipes-support/gnupg/gnupg_2.4.2.bb
rename to meta/recipes-support/gnupg/gnupg_2.4.3.bb
index 631df8ac9d7..e91ef34b7d3 100644
--- a/meta/recipes-support/gnupg/gnupg_2.4.2.bb
+++ b/meta/recipes-support/gnupg/gnupg_2.4.3.bb
@@ -18,12 +18,13 @@ SRC_URI = "${GNUPG_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \
file://0002-use-pkgconfig-instead-of-npth-config.patch \
file://0004-autogen.sh-fix-find-version-for-beta-checking.patch \
file://0001-Woverride-init-is-not-needed-with-gcc-9.patch \
+   file://fix-ldap.patch \
"
 SRC_URI:append:class-native = " 
file://0001-configure.ac-use-a-custom-value-for-the-location-of-.patch \
 file://relocate.patch"
 SRC_URI:append:class-nativesdk = " file://relocate.patch"
 
-SRC_URI[sha256sum] = 
"97eb47df8ae5a3ff744f868005a090da5ab45cb48ee9836dbf5ee739a4e5cf49"
+SRC_URI[sha256sum] = 
"a271ae6d732f6f4d80c258ad9ee88dd9c94c8fdc33c3e45328c4d7c126bd219d"
 
 EXTRA_OECONF = "--disable-ldap \
--disable-ccid-driver \
-- 
2.30.2


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187334): 
https://lists.openembedded.org/g/openembedded-core/message/187334
Mute This Topic: https://lists.openembedded.org/mt/101197353/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 11/17] libgudev: upgrade 237 -> 238

[Alexander Kanavin]

Add patches to eudev to ensure compatibility with this version.

Signed-off-by: Alexander Kanavin 
---
 .../udev/eudev/0001-Export-dummies-for.patch  | 82 +++
 .../eudev/0002-Bump-udev-version-to-251.patch | 23 ++
 meta/recipes-core/udev/eudev_3.2.12.bb|  4 +-
 .../{libgudev_237.bb => libgudev_238.bb}  |  2 +-
 4 files changed, 109 insertions(+), 2 deletions(-)
 create mode 100644 meta/recipes-core/udev/eudev/0001-Export-dummies-for.patch
 create mode 100644 
meta/recipes-core/udev/eudev/0002-Bump-udev-version-to-251.patch
 rename meta/recipes-gnome/libgudev/{libgudev_237.bb => libgudev_238.bb} (91%)

diff --git a/meta/recipes-core/udev/eudev/0001-Export-dummies-for.patch 
b/meta/recipes-core/udev/eudev/0001-Export-dummies-for.patch
new file mode 100644
index 000..21fbf0f824a
--- /dev/null
+++ b/meta/recipes-core/udev/eudev/0001-Export-dummies-for.patch
@@ -0,0 +1,82 @@
+From 45634cc0f09ea354be7efce2ae3d3fa8ffc181ec Mon Sep 17 00:00:00 2001
+From: Boian Bonev 
+Date: Fri, 11 Aug 2023 23:14:02 +
+Subject: [PATCH] Export dummies for
+
+ - udev_device_has_current_tag
+ - udev_device_get_current_tags_list_entry
+
+since the current eudev device database does not support the concept of
+current tags
+
+Upstream-Status: Submitted [https://github.com/eudev-project/eudev/pull/253]
+Signed-off-by: Alexander Kanavin 
+---
+ src/libudev/libudev-device.c | 11 +++
+ src/libudev/libudev.h|  2 ++
+ src/libudev/libudev.sym  |  6 ++
+ 3 files changed, 19 insertions(+)
+
+diff --git a/src/libudev/libudev-device.c b/src/libudev/libudev-device.c
+index ac67ce8..7d7a662 100644
+--- a/src/libudev/libudev-device.c
 b/src/libudev/libudev-device.c
+@@ -1819,6 +1819,12 @@ _public_ struct udev_list_entry 
*udev_device_get_tags_list_entry(struct udev_dev
+ return udev_list_get_entry(_device->tags_list);
+ }
+ 
++_public_ struct udev_list_entry 
*udev_device_get_current_tags_list_entry(struct udev_device *udev_device)
++{
++// TODO: eudev database does not support current tags
++return udev_device_get_tags_list_entry(udev_device);
++}
++
+ /**
+  * udev_device_has_tag:
+  * @udev_device: udev device
+@@ -1842,6 +1848,11 @@ _public_ int udev_device_has_tag(struct udev_device 
*udev_device, const char *ta
+ return false;
+ }
+ 
++_public_ int udev_device_has_current_tag(struct udev_device *udev_device, 
const char *tag) {
++// TODO: eudev database does not support current tags
++return udev_device_has_tag(udev_device, tag);
++}
++
+ #define ENVP_SIZE128
+ #define MONITOR_BUF_SIZE4096
+ static int update_envp_monitor_buf(struct udev_device *udev_device)
+diff --git a/src/libudev/libudev.h b/src/libudev/libudev.h
+index 8491d2b..0202964 100644
+--- a/src/libudev/libudev.h
 b/src/libudev/libudev.h
+@@ -100,6 +100,7 @@ int udev_device_get_is_initialized(struct udev_device 
*udev_device);
+ struct udev_list_entry *udev_device_get_devlinks_list_entry(struct 
udev_device *udev_device);
+ struct udev_list_entry *udev_device_get_properties_list_entry(struct 
udev_device *udev_device);
+ struct udev_list_entry *udev_device_get_tags_list_entry(struct udev_device 
*udev_device);
++struct udev_list_entry *udev_device_get_current_tags_list_entry(struct 
udev_device *udev_device);
+ struct udev_list_entry *udev_device_get_sysattr_list_entry(struct udev_device 
*udev_device);
+ const char *udev_device_get_property_value(struct udev_device *udev_device, 
const char *key);
+ const char *udev_device_get_driver(struct udev_device *udev_device);
+@@ -110,6 +111,7 @@ unsigned long long int 
udev_device_get_usec_since_initialized(struct udev_device
+ const char *udev_device_get_sysattr_value(struct udev_device *udev_device, 
const char *sysattr);
+ int udev_device_set_sysattr_value(struct udev_device *udev_device, const char 
*sysattr, char *value);
+ int udev_device_has_tag(struct udev_device *udev_device, const char *tag);
++int udev_device_has_current_tag(struct udev_device *udev_device, const char 
*tag);
+ 
+ /*
+  * udev_monitor
+diff --git a/src/libudev/libudev.sym b/src/libudev/libudev.sym
+index 76726fc..d56c2ae 100644
+--- a/src/libudev/libudev.sym
 b/src/libudev/libudev.sym
+@@ -118,3 +118,9 @@ global:
+ udev_queue_flush;
+ udev_queue_get_fd;
+ } LIBUDEV_199;
++
++LIBUDEV_247 {
++global:
++udev_device_has_current_tag;
++udev_device_get_current_tags_list_entry;
++} LIBUDEV_215;
diff --git a/meta/recipes-core/udev/eudev/0002-Bump-udev-version-to-251.patch 
b/meta/recipes-core/udev/eudev/0002-Bump-udev-version-to-251.patch
new file mode 100644
index 000..520cc38cda5
--- /dev/null
+++ b/meta/recipes-core/udev/eudev/0002-Bump-udev-version-to-251.patch
@@ -0,0 +1,23 @@
+From 7a66d4fe8aac8c8697c3cecb0c189e22524fbc98 Mon Sep 17 00:00:00 2001
+From: Boian Bonev 
+Date: Fri, 11 Aug 2023 22:08:27 +
+Subject: [PATCH] Bump udev version to 251
+

[OE-core] [PATCH 10/17] gpgme: upgrade 1.20.0 -> 1.22.0

[Alexander Kanavin]

Drop patch and --disable-lang-python-test option (upstream fixed the issue).

Signed-off-by: Alexander Kanavin 
---
 .../0007-python-Add-variables-to-tests.patch  | 52 ---
 .../{gpgme_1.20.0.bb => gpgme_1.22.0.bb}  |  4 +-
 2 files changed, 1 insertion(+), 55 deletions(-)
 delete mode 100644 
meta/recipes-support/gpgme/gpgme/0007-python-Add-variables-to-tests.patch
 rename meta/recipes-support/gpgme/{gpgme_1.20.0.bb => gpgme_1.22.0.bb} (94%)

diff --git 
a/meta/recipes-support/gpgme/gpgme/0007-python-Add-variables-to-tests.patch 
b/meta/recipes-support/gpgme/gpgme/0007-python-Add-variables-to-tests.patch
deleted file mode 100644
index 4c97f63cc21..000
--- a/meta/recipes-support/gpgme/gpgme/0007-python-Add-variables-to-tests.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From 093c88817397425ee4c2333c469467229a46c9e1 Mon Sep 17 00:00:00 2001
-From: Yuan Chao 
-Date: Mon, 5 Aug 2019 01:00:58 +0900
-Subject: [PATCH 7/7] python: Add variables to tests
-
-* configure.ac, lang/python/Makefile.am:
-  New variable to `lang/python', set to `lang/python' if RUN_LANG_PYTHON_TESTS
-
-Upstream-Status: Submitted [gnupg-de...@gnupg.org]
-
-Signed-off-by: Hongxu Jia 
-
-Signed-off-by: Yuan Chao 

- configure.ac| 5 +
- lang/python/Makefile.am | 3 +++
- 2 files changed, 8 insertions(+)
-
-diff --git a/configure.ac b/configure.ac
-index bd85886..b5ae42e 100644
 a/configure.ac
-+++ b/configure.ac
-@@ -533,6 +533,11 @@ AC_ARG_ENABLE(g13-test,
-  run_g13_test=$enableval)
- AM_CONDITIONAL(RUN_G13_TESTS, test "$run_g13_test" = "yes")
- 
-+run_lang_python_test="yes"
-+AC_ARG_ENABLE(lang-python-test,
-+  AC_HELP_STRING([--disable-lang-python-test], [disable Python regression 
test]),
-+ run_lang_python_test=$enableval)
-+AM_CONDITIONAL(RUN_LANG_PYTHON_TESTS, test "$run_lang_python_test" = "yes")
- 
- # Checks for header files.
- AC_CHECK_HEADERS_ONCE([locale.h sys/select.h sys/uio.h argp.h stdint.h
-diff --git a/lang/python/Makefile.am b/lang/python/Makefile.am
-index 551deee..0fd555e 100644
 a/lang/python/Makefile.am
-+++ b/lang/python/Makefile.am
-@@ -23,7 +23,10 @@ EXTRA_DIST = \
-   gpgme.i \
-   helpers.c helpers.h private.h
- 
-+SUBDIRS = . examples doc src
-+if RUN_LANG_PYTHON_TESTS
- SUBDIRS = . tests examples doc src
-+endif
- 
- .PHONY: prepare
- prepare: copystamp
--- 
-2.7.4
-
diff --git a/meta/recipes-support/gpgme/gpgme_1.20.0.bb 
b/meta/recipes-support/gpgme/gpgme_1.22.0.bb
similarity index 94%
rename from meta/recipes-support/gpgme/gpgme_1.20.0.bb
rename to meta/recipes-support/gpgme/gpgme_1.22.0.bb
index dc5b58d7c33..84c8fa9f8a5 100644
--- a/meta/recipes-support/gpgme/gpgme_1.20.0.bb
+++ b/meta/recipes-support/gpgme/gpgme_1.22.0.bb
@@ -18,14 +18,13 @@ SRC_URI = "${GNUPG_MIRROR}/gpgme/${BP}.tar.bz2 \
file://0004-python-import.patch \

file://0005-gpgme-config-skip-all-lib-or-usr-lib-directories-in-.patch \
file://0006-fix-build-path-issue.patch \
-   file://0007-python-Add-variables-to-tests.patch \
file://0008-do-not-auto-check-var-PYTHON.patch \
file://0001-use-closefrom-on-linux-and-glibc-2.34.patch \
file://0001-posix-io.c-Use-off_t-instead-of-off64_t.patch \
file://0001-autogen.sh-remove-unknown-in-version.patch \
"
 
-SRC_URI[sha256sum] = 
"25a5785a5da356689001440926b94e967d02e13c49eb7743e35ef0cf22e42750"
+SRC_URI[sha256sum] = 
"9551e37081ad3bde81018a0d24f245c3f8206990549598fb31a97a68380a7b71"
 
 PYTHON_DEPS = "${@bb.utils.contains('LANGUAGES', 'python', 'swig-native', '', 
d)}"
 
@@ -53,7 +52,6 @@ EXTRA_OECONF += '--enable-languages="${LANGUAGES}" \
  --disable-gpg-test \
  --disable-gpgsm-test \
  --disable-g13-test \
- --disable-lang-python-test \
 '
 
 inherit autotools texinfo binconfig-disabled pkgconfig ${PYTHON_INHERIT} 
python3native multilib_header
-- 
2.30.2


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187332): 
https://lists.openembedded.org/g/openembedded-core/message/187332
Mute This Topic: https://lists.openembedded.org/mt/101197349/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 09/17] libpthread-stubs: update 0.4 -> 0.5

[Alexander Kanavin]

Signed-off-by: Alexander Kanavin 
---
 .../{libpthread-stubs_0.4.bb => libpthread-stubs_0.5.bb} | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)
 rename meta/recipes-graphics/xorg-lib/{libpthread-stubs_0.4.bb => 
libpthread-stubs_0.5.bb} (73%)

diff --git a/meta/recipes-graphics/xorg-lib/libpthread-stubs_0.4.bb 
b/meta/recipes-graphics/xorg-lib/libpthread-stubs_0.5.bb
similarity index 73%
rename from meta/recipes-graphics/xorg-lib/libpthread-stubs_0.4.bb
rename to meta/recipes-graphics/xorg-lib/libpthread-stubs_0.5.bb
index 7bf702076d7..62384e6d2ec 100644
--- a/meta/recipes-graphics/xorg-lib/libpthread-stubs_0.4.bb
+++ b/meta/recipes-graphics/xorg-lib/libpthread-stubs_0.5.bb
@@ -7,9 +7,8 @@ SECTION = "x11/libs"
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://COPYING;md5=6edc1fea03d959f0c2d743fe5ca746ad"
 
-SRC_URI = "http://xcb.freedesktop.org/dist/${BP}.tar.bz2;
-SRC_URI[md5sum] = "48c1544854a94db0e51499cc3afd797f"
-SRC_URI[sha256sum] = 
"e4d05911a3165d3b18321cc067fdd2f023f06436e391c6a28dff618a78d2e733"
+SRC_URI = "http://xcb.freedesktop.org/dist/${BP}.tar.xz;
+SRC_URI[sha256sum] = 
"59da566decceba7c2a7970a4a03b48d9905f1262ff94410a649224e33d2442bc"
 
 inherit autotools
 
-- 
2.30.2


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187331): 
https://lists.openembedded.org/g/openembedded-core/message/187331
Mute This Topic: https://lists.openembedded.org/mt/101197348/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 07/17] groff: update 1.22.4 -> 1.23.0

[Alexander Kanavin]

Drop backports.

Rebase
0001-Make-manpages-mulitlib-identical.patch
groff-not-search-fonts-on-build-host.patch

--without-doc has been removed upstream; replace
that with a dependency on groff-native and
substitution of groff executable from that.

Drop serial make; this was introduced in 2010 without
explanation and likely been solved long time ago.

Set urw fonts directory to something bogus to avoid host contamination.

Signed-off-by: Alexander Kanavin 
---
 .../files/0001-Fix-code-style-issues.patch| 536 --
 .../groff/files/0001-Include-config.h.patch   | 212 ---
 ...001-Make-manpages-mulitlib-identical.patch |  20 +-
 ...001-replace-perl-w-with-use-warnings.patch | 106 
 .../groff/files/0001-support-musl.patch   |  41 --
 ...groff-not-search-fonts-on-build-host.patch |  37 +-
 .../{groff_1.22.4.bb => groff_1.23.0.bb}  |  27 +-
 7 files changed, 42 insertions(+), 937 deletions(-)
 delete mode 100644 
meta/recipes-extended/groff/files/0001-Fix-code-style-issues.patch
 delete mode 100644 
meta/recipes-extended/groff/files/0001-Include-config.h.patch
 delete mode 100644 
meta/recipes-extended/groff/files/0001-replace-perl-w-with-use-warnings.patch
 delete mode 100644 meta/recipes-extended/groff/files/0001-support-musl.patch
 rename meta/recipes-extended/groff/{groff_1.22.4.bb => groff_1.23.0.bb} (76%)

diff --git a/meta/recipes-extended/groff/files/0001-Fix-code-style-issues.patch 
b/meta/recipes-extended/groff/files/0001-Fix-code-style-issues.patch
deleted file mode 100644
index 221490d6a33..000
--- a/meta/recipes-extended/groff/files/0001-Fix-code-style-issues.patch
+++ /dev/null
@@ -1,536 +0,0 @@
-From 99313d5c0ff35da6627e7dc985612f990ca64637 Mon Sep 17 00:00:00 2001
-From: "G. Branden Robinson" 
-Date: Mon, 16 Aug 2021 12:37:22 +1000
-Subject: [PATCH] Fix code style issues.
-
-* src/preproc/grn/hgraph.cpp:
-* src/preproc/grn/hpoint.cpp:
-* src/preproc/grn/main.cpp:
-* src/preproc/grn/hdb.cpp: Drop use of `register` storage class.
-
-* src/preproc/grn/hgraph.cpp (len, HGPrintElt, picurve):
-* src/preproc/grn/hdb.cpp (DBRead): Wrap long lines.
-
-* src/preproc/grn/hgraph.cpp: Rename function from `Paramaterize` to
-  `Parameterize`.
-
-  (HGCurve): Update call site.
-
-* src/preproc/grn/main.cpp (add_file): Drop redundant cast in
-  `realloc()` call.
-
-  (conv, interpret): Use standard English in diagnostic messages.
-
-Upstream-Status: Backport 
[https://git.savannah.gnu.org/cgit/groff.git/commit/?id=eead5f5cf1dedc6d180bdb34914d7157d39e270c]
-Signed-off-by: Khem Raj 

- src/preproc/grn/hdb.cpp|  20 +++---
- src/preproc/grn/hgraph.cpp | 131 +++--
- src/preproc/grn/hpoint.cpp |   2 +-
- src/preproc/grn/main.cpp   |  38 +--
- 4 files changed, 100 insertions(+), 91 deletions(-)
-
-diff --git a/src/preproc/grn/hdb.cpp b/src/preproc/grn/hdb.cpp
-index c61e099..2b4011b 100644
 a/src/preproc/grn/hdb.cpp
-+++ b/src/preproc/grn/hdb.cpp
-@@ -35,7 +35,7 @@ extern POINT *PTInit();
- extern POINT *PTMakePoint(double x, double y, POINT ** pplist);
- 
- 
--int DBGetType(register char *s);
-+int DBGetType(char *s);
- 
- 
- /*
-@@ -61,7 +61,7 @@ DBCreateElt(int type,
-   char *text,
-   ELT **db)
- {
--  register ELT *temp;
-+  ELT *temp = 0;
- 
-   temp = (ELT *) malloc(sizeof(ELT));
-   temp->nextelt = *db;
-@@ -80,11 +80,11 @@ DBCreateElt(int type,
-  * pointer to that database.
-  */
- ELT *
--DBRead(register FILE *file)
-+DBRead(FILE *file)
- {
--  register int i;
--  register int done;  /* flag for input exhausted */
--  register double nx; /* x holder so x is not set before orienting */
-+  int i;
-+  int done;   /* flag for input exhausted */
-+  double nx;  /* x holder so x is not set before orienting */
-   int type;   /* element type */
-   ELT *elist; /* pointer to the file's elements */
-   POINT *plist;   /* pointer for reading in points */
-@@ -112,7 +112,9 @@ DBRead(register FILE *file)
- /* if (fscanf(file,"%" MAXSTRING_S "s\n", string) == EOF) */
- /* I changed the scanf format because the element */
- /* can have two words (e.g. CURVE SPLINE) */
--if (fscanf(file, "\n%" MAXSTRING_S "[^\n]%*[^\n]\n", string) == EOF) {
-+if (fscanf(file, "\n%"
-+MAXSTRING_S
-+   "[^\n]%*[^\n]\n", string) == EOF) {
-   error("'%1', error in file format", gremlinfile);
-   return (elist);
- }
-@@ -209,7 +211,7 @@ DBRead(register FILE *file)
-  * New file format has literal names for element types.
-  */
- int
--DBGetType(register char *s)
-+DBGetType(char *s)
- {
-   if (isdigit(s[0]) || (s[0] == '-')) /* old element format or EOF */
- return (atoi(s));
-@@ -298,7 +300,7 @@ xscanf(FILE *f,
-double *xp,
-double *yp)
- {
--  register int c, i, j, m, frac;
-+  int c, i, j, m, frac;
-   int iscale = 1, jscale = 1; /* x = i/scale, 

[OE-core] [PATCH 08/17] libglu: update 9.0.2 -> 9.0.3

[Alexander Kanavin]

Drop backport.

Set gl_provider explicitly, as upstream changed the default to glvnd.

Signed-off-by: Alexander Kanavin 
---
 ...1-Remove-deprecated-register-in-C-17.patch | 32 ---
 .../mesa/{libglu_9.0.2.bb => libglu_9.0.3.bb} |  9 +++---
 2 files changed, 5 insertions(+), 36 deletions(-)
 delete mode 100644 
meta/recipes-graphics/mesa/libglu/0001-Remove-deprecated-register-in-C-17.patch
 rename meta/recipes-graphics/mesa/{libglu_9.0.2.bb => libglu_9.0.3.bb} (79%)

diff --git 
a/meta/recipes-graphics/mesa/libglu/0001-Remove-deprecated-register-in-C-17.patch
 
b/meta/recipes-graphics/mesa/libglu/0001-Remove-deprecated-register-in-C-17.patch
deleted file mode 100644
index 95d56e95739..000
--- 
a/meta/recipes-graphics/mesa/libglu/0001-Remove-deprecated-register-in-C-17.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From 1910b3a83a7e5aa1a31c4325829c94134fafce76 Mon Sep 17 00:00:00 2001
-From: Khem Raj 
-Date: Fri, 13 Jan 2023 20:58:07 -0800
-Subject: [PATCH] Remove deprecated register in C++17
-
-Fixes errors like
-
-src/libnurbs/internals/varray.cc:76:5: error: ISO C++17 does not allow 
'register' storage class specifier [-Wregister]
-register long ds = sgn(arc->tail()[0] - arc->prev->tail()[0]);
-^
-
-Upstream-Status: Submitted 
[https://gitlab.freedesktop.org/mesa/glu/-/merge_requests/10]
-Signed-off-by: Khem Raj 

- src/libnurbs/internals/varray.cc | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/libnurbs/internals/varray.cc 
b/src/libnurbs/internals/varray.cc
-index 1cb2354..41b3b18 100644
 a/src/libnurbs/internals/varray.cc
-+++ b/src/libnurbs/internals/varray.cc
-@@ -73,8 +73,8 @@ Varray::~Varray( void )
- inline void
- Varray::update( Arc_ptr arc, long dir[2], REAL val )
- {
--register long ds = sgn(arc->tail()[0] - arc->prev->tail()[0]);
--register long dt = sgn(arc->tail()[1] - arc->prev->tail()[1]);
-+long ds = sgn(arc->tail()[0] - arc->prev->tail()[0]);
-+long dt = sgn(arc->tail()[1] - arc->prev->tail()[1]);
- 
- if( dir[0] != ds || dir[1] != dt ) {
-   dir[0] = ds;
diff --git a/meta/recipes-graphics/mesa/libglu_9.0.2.bb 
b/meta/recipes-graphics/mesa/libglu_9.0.3.bb
similarity index 79%
rename from meta/recipes-graphics/mesa/libglu_9.0.2.bb
rename to meta/recipes-graphics/mesa/libglu_9.0.3.bb
index 525d6316111..8151727c52a 100644
--- a/meta/recipes-graphics/mesa/libglu_9.0.2.bb
+++ b/meta/recipes-graphics/mesa/libglu_9.0.3.bb
@@ -11,17 +11,18 @@ LIC_FILES_CHKSUM = 
"file://include/GL/glu.h;endline=29;md5=6b79c570f644363b35645
 # Epoch as this used to be part of mesa
 PE = "2"
 
-SRC_URI = "https://mesa.freedesktop.org/archive/glu/glu-${PV}.tar.gz \
-   file://0001-Remove-deprecated-register-in-C-17.patch \
+SRC_URI = "https://mesa.freedesktop.org/archive/glu/glu-${PV}.tar.xz \
"
 
-SRC_URI[sha256sum] = 
"24effdfb952453cc00e275e1c82ca9787506aba0282145fff054498e60e19a65"
+SRC_URI[sha256sum] = 
"bd43fe12f374b1192eb15fe20e45ff456b9bc26ab57f0eee919f96ca0f8a330f"
 
 S = "${WORKDIR}/glu-${PV}"
 
 DEPENDS = "virtual/libgl"
 
-inherit autotools pkgconfig features_check
+inherit meson pkgconfig features_check
+
+EXTRA_OEMESON = "-Dgl_provider=gl"
 
 # Requires libGL.so which is provided by mesa when x11 in DISTRO_FEATURES
 REQUIRED_DISTRO_FEATURES = "x11 opengl"
-- 
2.30.2


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187330): 
https://lists.openembedded.org/g/openembedded-core/message/187330
Mute This Topic: https://lists.openembedded.org/mt/101197347/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 06/17] perl: update 5.36.1 -> 5.38.0

[Alexander Kanavin]

Rebase perl-configpm-switch.patch.

Add a patch to perl-cross to unbreak perl's line numbers printing.

Signed-off-by: Alexander Kanavin 
---
 ...mt.sh-add-32-bit-integer-format-defi.patch |  28 +++
 .../perl-cross/perlcross_1.5.bb   |   1 +
 .../perl/files/CVE-2023-31484.patch   |  29 ---
 .../perl/files/CVE-2023-31486-0001.patch  | 217 --
 .../perl/files/CVE-2023-31486-0002.patch  |  36 ---
 .../perl/files/perl-configpm-switch.patch |  66 +++---
 .../perl/{perl_5.36.1.bb => perl_5.38.0.bb}   |  13 +-
 7 files changed, 68 insertions(+), 322 deletions(-)
 create mode 100644 
meta/recipes-devtools/perl-cross/files/0001-cnf-configure_pfmt.sh-add-32-bit-integer-format-defi.patch
 delete mode 100644 meta/recipes-devtools/perl/files/CVE-2023-31484.patch
 delete mode 100644 meta/recipes-devtools/perl/files/CVE-2023-31486-0001.patch
 delete mode 100644 meta/recipes-devtools/perl/files/CVE-2023-31486-0002.patch
 rename meta/recipes-devtools/perl/{perl_5.36.1.bb => perl_5.38.0.bb} (96%)

diff --git 
a/meta/recipes-devtools/perl-cross/files/0001-cnf-configure_pfmt.sh-add-32-bit-integer-format-defi.patch
 
b/meta/recipes-devtools/perl-cross/files/0001-cnf-configure_pfmt.sh-add-32-bit-integer-format-defi.patch
new file mode 100644
index 000..4de4a5b955b
--- /dev/null
+++ 
b/meta/recipes-devtools/perl-cross/files/0001-cnf-configure_pfmt.sh-add-32-bit-integer-format-defi.patch
@@ -0,0 +1,28 @@
+From 920abf3dc39c851a655b719622c76a6f0dc9981d Mon Sep 17 00:00:00 2001
+From: Alexander Kanavin 
+Date: Tue, 5 Sep 2023 19:47:33 +0200
+Subject: [PATCH] cnf/configure_pfmt.sh: add 32 bit integer format definitions
+
+These started to matter in perl 5.38 where they are used to print
+line numbers.
+
+Upstream-Status: Submitted [https://github.com/arsv/perl-cross/pull/143]
+Signed-off-by: Alexander Kanavin 
+---
+ cnf/configure_pfmt.sh | 6 ++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/cnf/configure_pfmt.sh b/cnf/configure_pfmt.sh
+index 8f93da1..7bb4b6f 100644
+--- a/cnf/configure_pfmt.sh
 b/cnf/configure_pfmt.sh
+@@ -52,3 +52,9 @@ else
+   define uvxformat '"lx"'
+   define uvXUformat '"lX"'
+ fi
++
++define i32dformat 'PRId32'
++define u32uformat 'PRIu32'
++define u32oformat 'PRIo32'
++define u32xformat 'PRIx32'
++define u32XUformat 'PRIX32'
diff --git a/meta/recipes-devtools/perl-cross/perlcross_1.5.bb 
b/meta/recipes-devtools/perl-cross/perlcross_1.5.bb
index d17945480ef..7ca4977b97e 100644
--- a/meta/recipes-devtools/perl-cross/perlcross_1.5.bb
+++ b/meta/recipes-devtools/perl-cross/perlcross_1.5.bb
@@ -15,6 +15,7 @@ SRC_URI = 
"${GITHUB_BASE_URI}/download/${PV}/perl-cross-${PV}.tar.gz;name=perl-c
file://0001-perl-cross-add-LDFLAGS-when-linking-libperl.patch \
file://determinism.patch \
file://0001-Makefile-check-the-file-if-patched-or-not.patch \
+   
file://0001-cnf-configure_pfmt.sh-add-32-bit-integer-format-defi.patch \
"
 GITHUB_BASE_URI = "https://github.com/arsv/perl-cross/releases/;
 
diff --git a/meta/recipes-devtools/perl/files/CVE-2023-31484.patch 
b/meta/recipes-devtools/perl/files/CVE-2023-31484.patch
deleted file mode 100644
index 9a9117c53a4..000
--- a/meta/recipes-devtools/perl/files/CVE-2023-31484.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From a625ec2cc3a0b6116c1f8b831d3480deb621c245 Mon Sep 17 00:00:00 2001
-From: Stig Palmquist 
-Date: Tue, 28 Feb 2023 11:54:06 +0100
-Subject: [PATCH] Add verify_SSL=>1 to HTTP::Tiny to verify https server
- identity
-
-CVE: CVE-2023-31484
-
-Upstream-Status: Backport 
[https://github.com/andk/cpanpm/commit/9c98370287f4e709924aee7c58ef21c85289a7f0]
-
-Signed-off-by: Soumya 

- cpan/CPAN/lib/CPAN/HTTP/Client.pm | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/cpan/CPAN/lib/CPAN/HTTP/Client.pm 
b/cpan/CPAN/lib/CPAN/HTTP/Client.pm
-index 4fc792c..a616fee 100644
 a/cpan/CPAN/lib/CPAN/HTTP/Client.pm
-+++ b/cpan/CPAN/lib/CPAN/HTTP/Client.pm
-@@ -32,6 +32,7 @@ sub mirror {
-
- my $want_proxy = $self->_want_proxy($uri);
- my $http = HTTP::Tiny->new(
-+verify_SSL => 1,
- $want_proxy ? (proxy => $self->{proxy}) : ()
- );
-
---
-2.40.0
diff --git a/meta/recipes-devtools/perl/files/CVE-2023-31486-0001.patch 
b/meta/recipes-devtools/perl/files/CVE-2023-31486-0001.patch
deleted file mode 100644
index 0531e1f0992..000
--- a/meta/recipes-devtools/perl/files/CVE-2023-31486-0001.patch
+++ /dev/null
@@ -1,217 +0,0 @@
-From 77f557ef84698efeb6eed04e4a9704eaf85b741d
-From: Stig Palmquist 
-Date: Mon Jun 5 16:46:22 2023 +0200
-Subject: [PATCH] Change verify_SSL default to 1, add ENV var to enable
- insecure default
-
-- Changes the `verify_SSL` default parameter from `0` to `1`
-
-  Based on patch by Dominic Hargreaves:
-  
https://salsa.debian.org/perl-team/interpreter/perl/-/commit/1490431e40e22052f75a0b3449f1f53cbd27ba92
-
-  CVE: CVE-2023-31486
-
-- Add check for 

[OE-core] [PATCH 04/17] libcgroup: update 3.0.0 -> 3.1.0

[Alexander Kanavin]

Signed-off-by: Alexander Kanavin 
---
 ...pi-Use-GNU-strerror_r-when-available.patch | 55 ---
 ...{libcgroup_3.0.0.bb => libcgroup_3.1.0.bb} |  8 +--
 2 files changed, 4 insertions(+), 59 deletions(-)
 delete mode 100644 
meta/recipes-core/libcgroup/libcgroup/0001-api-Use-GNU-strerror_r-when-available.patch
 rename meta/recipes-core/libcgroup/{libcgroup_3.0.0.bb => libcgroup_3.1.0.bb} 
(78%)

diff --git 
a/meta/recipes-core/libcgroup/libcgroup/0001-api-Use-GNU-strerror_r-when-available.patch
 
b/meta/recipes-core/libcgroup/libcgroup/0001-api-Use-GNU-strerror_r-when-available.patch
deleted file mode 100644
index 96321d29707..000
--- 
a/meta/recipes-core/libcgroup/libcgroup/0001-api-Use-GNU-strerror_r-when-available.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-From d190c0c548b3219b75e4c399aa89186e77bbe270 Mon Sep 17 00:00:00 2001
-From: Khem Raj 
-Date: Tue, 23 Aug 2022 20:03:09 -0700
-Subject: [PATCH] api: Use GNU strerror_r when available
-
-GNU strerror_r is only available in glibc, musl impelents the XSI
-version which is slightly different, therefore check if GNU version is
-available before using it, otherwise use the XSI compliant version.
-
-Upstream-Status: Submitted [https://github.com/libcgroup/libcgroup/pull/236]
-Signed-off-by: Khem Raj 

- configure.ac | 5 +
- src/api.c| 8 ++--
- 2 files changed, 11 insertions(+), 2 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index b68c655..831866d 100644
 a/configure.ac
-+++ b/configure.ac
-@@ -183,6 +183,11 @@ AC_FUNC_REALLOC
- AC_FUNC_STAT
- AC_CHECK_FUNCS([getmntent hasmntopt memset mkdir rmdir strdup])
- 
-+orig_CFLAGS="$CFLAGS"
-+CFLAGS="$CFLAGS -D_GNU_SOURCE"
-+AC_FUNC_STRERROR_R
-+CFLAGS="$orig_CFLAGS"
-+
- AC_SEARCH_LIBS(
-   [fts_open],
-   [fts],
-diff --git a/src/api.c b/src/api.c
-index 5c6de11..06aa1d6 100644
 a/src/api.c
-+++ b/src/api.c
-@@ -4571,9 +4571,13 @@ const char *cgroup_strerror(int code)
- {
-   int idx = code % ECGROUPNOTCOMPILED;
- 
--  if (code == ECGOTHER)
-+  if (code == ECGOTHER) {
-+#ifdef STRERROR_R_CHAR_P
-   return strerror_r(cgroup_get_last_errno(), errtext, MAXLEN);
--
-+#else
-+  return strerror_r(cgroup_get_last_errno(), errtext, sizeof 
(errtext)) ? "unknown error" : errtext;
-+#endif
-+  }
-   if (idx >= 
sizeof(cgroup_strerror_codes)/sizeof(cgroup_strerror_codes[0]))
-   return "Invalid error code";
- 
--- 
-2.37.2
-
diff --git a/meta/recipes-core/libcgroup/libcgroup_3.0.0.bb 
b/meta/recipes-core/libcgroup/libcgroup_3.1.0.bb
similarity index 78%
rename from meta/recipes-core/libcgroup/libcgroup_3.0.0.bb
rename to meta/recipes-core/libcgroup/libcgroup_3.1.0.bb
index 457b965481d..4b4f19e36fb 100644
--- a/meta/recipes-core/libcgroup/libcgroup_3.0.0.bb
+++ b/meta/recipes-core/libcgroup/libcgroup_3.1.0.bb
@@ -12,15 +12,15 @@ inherit autotools pkgconfig github-releases
 DEPENDS = "bison-native flex-native"
 DEPENDS:append:libc-musl = " fts"
 
-SRC_URI = "${GITHUB_BASE_URI}/download/v3.0/${BP}.tar.gz \
-   file://0001-api-Use-GNU-strerror_r-when-available.patch \
+SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/${BP}.tar.gz \
 "
 UPSTREAM_CHECK_URI = "https://github.com/libcgroup/libcgroup/tags;
 
-SRC_URI[sha256sum] = 
"8d284d896fca1c981b55850e92acd3ad9648a69227c028dda7ae3402af878edd"
+SRC_URI[sha256sum] = 
"976ec4b1e03c0498308cfd28f1b256b40858f636abc8d1f9db24f0a7ea9e1258"
 
-PACKAGECONFIG = "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}"
+PACKAGECONFIG = "${@bb.utils.filter('DISTRO_FEATURES', 'pam systemd', d)}"
 PACKAGECONFIG[pam] = "--enable-pam-module-dir=${base_libdir}/security 
--enable-pam=yes,--enable-pam=no,libpam"
+PACKAGECONFIG[systemd] = "--enable-systemd,--disable-systemd,systemd"
 
 PACKAGES =+ "cgroups-pam-plugin"
 FILES:cgroups-pam-plugin = "${base_libdir}/security/pam_cgroup.so*"
-- 
2.30.2


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187326): 
https://lists.openembedded.org/g/openembedded-core/message/187326
Mute This Topic: https://lists.openembedded.org/mt/101197338/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 05/17] perlcross: update 1.4.1 -> 1.5

[Alexander Kanavin]

Signed-off-by: Alexander Kanavin 
---
 ...Makefile-check-the-file-if-patched-or-not.patch | 14 ++
 .../{perlcross_1.4.1.bb => perlcross_1.5.bb}   |  2 +-
 2 files changed, 7 insertions(+), 9 deletions(-)
 rename meta/recipes-devtools/perl-cross/{perlcross_1.4.1.bb => 
perlcross_1.5.bb} (92%)

diff --git 
a/meta/recipes-devtools/perl-cross/files/0001-Makefile-check-the-file-if-patched-or-not.patch
 
b/meta/recipes-devtools/perl-cross/files/0001-Makefile-check-the-file-if-patched-or-not.patch
index 8c8f3b717c8..4e9153ebf10 100644
--- 
a/meta/recipes-devtools/perl-cross/files/0001-Makefile-check-the-file-if-patched-or-not.patch
+++ 
b/meta/recipes-devtools/perl-cross/files/0001-Makefile-check-the-file-if-patched-or-not.patch
@@ -1,4 +1,4 @@
-From 24a3e0c48f9ebe473b5f1078663e275c27d0537f Mon Sep 17 00:00:00 2001
+From 3eb33dce6e3c93e1b3efcc9649f871100adada30 Mon Sep 17 00:00:00 2001
 From: Mingli Yu 
 Date: Fri, 2 Jul 2021 09:08:21 +
 Subject: [PATCH] Makefile: check the file if patched or not
@@ -9,23 +9,21 @@ one time.
 Upstream-Status: Inappropriate (OE-specific)
 
 Signed-off-by: Mingli Yu 
+
 ---
  Makefile | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/Makefile b/Makefile
-index f4a26f5..7bc748e 100644
+index c6d6042..d137976 100644
 --- a/Makefile
 +++ b/Makefile
-@@ -61,7 +61,7 @@ miniperlmain$O: $(CROSSPATCHED)
+@@ -67,7 +67,7 @@ miniperlmain$O: $(CROSSPATCHED)
  # Original versions are not saved anymore; patch generally takes care of this,
  # and if that fails, reaching for the source tarball is the safest option.
  $(CROSSPATCHED): %.applied: %.patch
--  patch -p1 -i $< && touch $@
-+  test ! -f $@ && (patch -p1 -i $< && touch $@) || echo "$@ exist"
+-  $(cpatch) -p1 -i $< && touch $@
++  test ! -f $@ && ($(cpatch) -p1 -i $< && touch $@) || echo "$@ exist"
  
  # ---[ common 
]-
  
--- 
-2.29.2
-
diff --git a/meta/recipes-devtools/perl-cross/perlcross_1.4.1.bb 
b/meta/recipes-devtools/perl-cross/perlcross_1.5.bb
similarity index 92%
rename from meta/recipes-devtools/perl-cross/perlcross_1.4.1.bb
rename to meta/recipes-devtools/perl-cross/perlcross_1.5.bb
index 6bf056cc159..d17945480ef 100644
--- a/meta/recipes-devtools/perl-cross/perlcross_1.4.1.bb
+++ b/meta/recipes-devtools/perl-cross/perlcross_1.5.bb
@@ -18,7 +18,7 @@ SRC_URI = 
"${GITHUB_BASE_URI}/download/${PV}/perl-cross-${PV}.tar.gz;name=perl-c
"
 GITHUB_BASE_URI = "https://github.com/arsv/perl-cross/releases/;
 
-SRC_URI[perl-cross.sha256sum] = 
"3e14bb4f28c83586c668c5f9f6b4e57b138b4ec2fae0271086e29d4e352670ca"
+SRC_URI[perl-cross.sha256sum] = 
"d744a390939e2ebb9a12f6725b4d9c19255a141d90031eff90ea183fdfcbf211"
 
 S = "${WORKDIR}/perl-cross-${PV}"
 
-- 
2.30.2


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187327): 
https://lists.openembedded.org/g/openembedded-core/message/187327
Mute This Topic: https://lists.openembedded.org/mt/101197340/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 01/17] openssl: build and install manpages only if they are enabled

[Alexander Kanavin]

This significantly speeds up the build by default.

Signed-off-by: Alexander Kanavin 
---
 meta/recipes-connectivity/openssl/openssl_3.1.2.bb | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-connectivity/openssl/openssl_3.1.2.bb 
b/meta/recipes-connectivity/openssl/openssl_3.1.2.bb
index 817bfedee14..3f77c218c84 100644
--- a/meta/recipes-connectivity/openssl/openssl_3.1.2.bb
+++ b/meta/recipes-connectivity/openssl/openssl_3.1.2.bb
@@ -20,7 +20,7 @@ SRC_URI:append:class-nativesdk = " \
 
 SRC_URI[sha256sum] = 
"a0ce69b8b97ea6a35b96875235aa453b966ba3cba8af2de23657d8b6767d6539"
 
-inherit lib_package multilib_header multilib_script ptest perlnative
+inherit lib_package multilib_header multilib_script ptest perlnative manpages
 MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
 
 PACKAGECONFIG ?= ""
@@ -30,6 +30,7 @@ PACKAGECONFIG:class-nativesdk = ""
 PACKAGECONFIG[cryptodev-linux] = 
"enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux,,cryptodev-module"
 PACKAGECONFIG[no-tls1] = "no-tls1"
 PACKAGECONFIG[no-tls1_1] = "no-tls1_1"
+PACKAGECONFIG[manpages] = ""
 
 B = "${WORKDIR}/build"
 do_configure[cleandirs] = "${B}"
@@ -145,7 +146,7 @@ do_configure () {
 }
 
 do_install () {
-   oe_runmake DESTDIR="${D}" MANDIR="${mandir}" MANSUFFIX=ssl install
+   oe_runmake DESTDIR="${D}" MANDIR="${mandir}" MANSUFFIX=ssl install_sw 
install_ssldirs ${@bb.utils.contains('PACKAGECONFIG', 'manpages', 
'install_docs', '', d)}
 
oe_multilib_header openssl/opensslconf.h
oe_multilib_header openssl/configuration.h
-- 
2.30.2


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187323): 
https://lists.openembedded.org/g/openembedded-core/message/187323
Mute This Topic: https://lists.openembedded.org/mt/101197334/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 02/17] gettext: upgrade 0.21.1 -> 0.22

[Alexander Kanavin]

Drop autoconf-2.73.patch as upstream did update the gnulib.

Signed-off-by: Alexander Kanavin 
---
 .../gettext-0.21.1/autoconf-2.73.patch| 50 ---
 ...21.1.bb => gettext-minimal-native_0.22.bb} |  0
 .../COPYING   |  0
 meta/recipes-core/gettext/gettext-sources.inc |  2 +-
 ...t-env.in-do-not-add-C-CXX-parameters.patch |  0
 ...01-tests-autopoint-3-unset-MAKEFLAGS.patch |  0
 .../parallel.patch|  0
 .../{gettext-0.21.1 => gettext}/run-ptest |  0
 .../serial-tests-config.patch |  0
 .../use-pkgconfig.patch   |  0
 .../{gettext_0.21.1.bb => gettext_0.22.bb}|  3 +-
 11 files changed, 3 insertions(+), 52 deletions(-)
 delete mode 100644 meta/recipes-core/gettext/gettext-0.21.1/autoconf-2.73.patch
 rename meta/recipes-core/gettext/{gettext-minimal-native_0.21.1.bb => 
gettext-minimal-native_0.22.bb} (100%)
 rename meta/recipes-core/gettext/{gettext-minimal-0.21.1 => 
gettext-minimal}/COPYING (100%)
 rename meta/recipes-core/gettext/{gettext-0.21.1 => 
gettext}/0001-init-env.in-do-not-add-C-CXX-parameters.patch (100%)
 rename meta/recipes-core/gettext/{gettext-0.21.1 => 
gettext}/0001-tests-autopoint-3-unset-MAKEFLAGS.patch (100%)
 rename meta/recipes-core/gettext/{gettext-0.21.1 => gettext}/parallel.patch 
(100%)
 rename meta/recipes-core/gettext/{gettext-0.21.1 => gettext}/run-ptest (100%)
 rename meta/recipes-core/gettext/{gettext-0.21.1 => 
gettext}/serial-tests-config.patch (100%)
 rename meta/recipes-core/gettext/{gettext-0.21.1 => 
gettext}/use-pkgconfig.patch (100%)
 rename meta/recipes-core/gettext/{gettext_0.21.1.bb => gettext_0.22.bb} (99%)

diff --git a/meta/recipes-core/gettext/gettext-0.21.1/autoconf-2.73.patch 
b/meta/recipes-core/gettext/gettext-0.21.1/autoconf-2.73.patch
deleted file mode 100644
index ae5b2491bb8..000
--- a/meta/recipes-core/gettext/gettext-0.21.1/autoconf-2.73.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-The gnulib largefile macro needs updating to work with autoconf 2.73. Rather
-than the full code:
-
-https://git.savannah.gnu.org/cgit/gnulib.git/commit/m4/largefile.m4?id=f91f633858cf132e50924224c50d6264a92caabb
-
-Just tweak the exiting code to work with 2.73. The next gettext upgrade should
-update to new gnulib
-
-Upstream-Status: Inappropriate
-Signed-off-by: Richard Purdie 
-
-Index: gettext-0.21.1/gettext-runtime/gnulib-m4/largefile.m4
-===
 gettext-0.21.1.orig/gettext-runtime/gnulib-m4/largefile.m4
-+++ gettext-0.21.1/gettext-runtime/gnulib-m4/largefile.m4
-@@ -26,7 +26,7 @@ AC_DEFUN([gl_SET_LARGEFILE_SOURCE],
- # with _TIME_BITS.  Also, work around a problem in autoconf <= 2.69:
- # AC_SYS_LARGEFILE does not configure for large inodes on Mac OS X 10.5,
- # or configures them incorrectly in some cases.
--m4_version_prereq([2.70], [], [
-+m4_version_prereq([2.73], [], [
- 
- # _AC_SYS_LARGEFILE_TEST_INCLUDES
- # ---
-Index: gettext-0.21.1/gettext-tools/gnulib-m4/largefile.m4
-===
 gettext-0.21.1.orig/gettext-tools/gnulib-m4/largefile.m4
-+++ gettext-0.21.1/gettext-tools/gnulib-m4/largefile.m4
-@@ -26,7 +26,7 @@ AC_DEFUN([gl_SET_LARGEFILE_SOURCE],
- # with _TIME_BITS.  Also, work around a problem in autoconf <= 2.69:
- # AC_SYS_LARGEFILE does not configure for large inodes on Mac OS X 10.5,
- # or configures them incorrectly in some cases.
--m4_version_prereq([2.70], [], [
-+m4_version_prereq([2.73], [], [
- 
- # _AC_SYS_LARGEFILE_TEST_INCLUDES
- # ---
-Index: gettext-0.21.1/libtextstyle/gnulib-m4/largefile.m4
-===
 gettext-0.21.1.orig/libtextstyle/gnulib-m4/largefile.m4
-+++ gettext-0.21.1/libtextstyle/gnulib-m4/largefile.m4
-@@ -26,7 +26,7 @@ AC_DEFUN([gl_SET_LARGEFILE_SOURCE],
- # with _TIME_BITS.  Also, work around a problem in autoconf <= 2.69:
- # AC_SYS_LARGEFILE does not configure for large inodes on Mac OS X 10.5,
- # or configures them incorrectly in some cases.
--m4_version_prereq([2.70], [], [
-+m4_version_prereq([2.73], [], [
- 
- # _AC_SYS_LARGEFILE_TEST_INCLUDES
- # ---
diff --git a/meta/recipes-core/gettext/gettext-minimal-native_0.21.1.bb 
b/meta/recipes-core/gettext/gettext-minimal-native_0.22.bb
similarity index 100%
rename from meta/recipes-core/gettext/gettext-minimal-native_0.21.1.bb
rename to meta/recipes-core/gettext/gettext-minimal-native_0.22.bb
diff --git a/meta/recipes-core/gettext/gettext-minimal-0.21.1/COPYING 
b/meta/recipes-core/gettext/gettext-minimal/COPYING
similarity index 100%
rename from meta/recipes-core/gettext/gettext-minimal-0.21.1/COPYING
rename to meta/recipes-core/gettext/gettext-minimal/COPYING
diff --git a/meta/recipes-core/gettext/gettext-sources.inc 
b/meta/recipes-core/gettext/gettext-sources.inc
index 

[OE-core] [PATCH 03/17] connman: update 1.41 -> 1.42

[Alexander Kanavin]

Drop backports. 0001-vpn-Adding-support-for-latest-pppd-2.5.0-release.patch
is partially dropped, as upstream hasn't included the newly added header
into the tarball (issue addressed after the release).

Signed-off-by: Alexander Kanavin 
---
 ...ify-and-sanitize-packet-length-first.patch |  63 ---
 ...upport-for-latest-pppd-2.5.0-release.patch | 128 +
 ...ve-musl-does-not-implement-res_ninit.patch |   8 -
 .../connman/connman/CVE-2022-32292.patch  |  37 
 .../connman/connman/CVE-2022-32293_p1.patch   | 141 --
 .../connman/connman/CVE-2022-32293_p2.patch   | 174 --
 .../{connman_1.41.bb => connman_1.42.bb}  |   6 +-
 7 files changed, 4 insertions(+), 553 deletions(-)
 delete mode 100644 
meta/recipes-connectivity/connman/connman/0001-gdhcp-Verify-and-sanitize-packet-length-first.patch
 delete mode 100644 
meta/recipes-connectivity/connman/connman/CVE-2022-32292.patch
 delete mode 100644 
meta/recipes-connectivity/connman/connman/CVE-2022-32293_p1.patch
 delete mode 100644 
meta/recipes-connectivity/connman/connman/CVE-2022-32293_p2.patch
 rename meta/recipes-connectivity/connman/{connman_1.41.bb => connman_1.42.bb} 
(66%)

diff --git 
a/meta/recipes-connectivity/connman/connman/0001-gdhcp-Verify-and-sanitize-packet-length-first.patch
 
b/meta/recipes-connectivity/connman/connman/0001-gdhcp-Verify-and-sanitize-packet-length-first.patch
deleted file mode 100644
index 8e2f47a1d55..000
--- 
a/meta/recipes-connectivity/connman/connman/0001-gdhcp-Verify-and-sanitize-packet-length-first.patch
+++ /dev/null
@@ -1,63 +0,0 @@
-From 99e2c16ea1cced34a5dc450d76287a1c3e762138 Mon Sep 17 00:00:00 2001
-From: Daniel Wagner 
-Date: Tue, 11 Apr 2023 08:12:56 +0200
-Subject: [PATCH] gdhcp: Verify and sanitize packet length first
-
-Avoid overwriting the read packet length after the initial test. Thus
-move all the length checks which depends on the total length first
-and do not use the total lenght from the IP packet afterwards.
-
-Fixes CVE-2023-28488
-
-Reported by Polina Smirnova 
-
-CVE: CVE-2023-28488
-Upstream-Status: Backport
-Signed-off-by: Ross Burton 
-

- gdhcp/client.c | 16 +---
- 1 file changed, 9 insertions(+), 7 deletions(-)
-
-diff --git a/gdhcp/client.c b/gdhcp/client.c
-index 7efa7e45..82017692 100644
 a/gdhcp/client.c
-+++ b/gdhcp/client.c
-@@ -1319,9 +1319,9 @@ static bool sanity_check(struct ip_udp_dhcp_packet 
*packet, int bytes)
- static int dhcp_recv_l2_packet(struct dhcp_packet *dhcp_pkt, int fd,
-   struct sockaddr_in *dst_addr)
- {
--  int bytes;
-   struct ip_udp_dhcp_packet packet;
-   uint16_t check;
-+  int bytes, tot_len;
- 
-   memset(, 0, sizeof(packet));
- 
-@@ -1329,15 +1329,17 @@ static int dhcp_recv_l2_packet(struct dhcp_packet 
*dhcp_pkt, int fd,
-   if (bytes < 0)
-   return -1;
- 
--  if (bytes < (int) (sizeof(packet.ip) + sizeof(packet.udp)))
--  return -1;
--
--  if (bytes < ntohs(packet.ip.tot_len))
-+  tot_len = ntohs(packet.ip.tot_len);
-+  if (bytes > tot_len) {
-+  /* ignore any extra garbage bytes */
-+  bytes = tot_len;
-+  } else if (bytes < tot_len) {
-   /* packet is bigger than sizeof(packet), we did partial read */
-   return -1;
-+  }
- 
--  /* ignore any extra garbage bytes */
--  bytes = ntohs(packet.ip.tot_len);
-+  if (bytes < (int) (sizeof(packet.ip) + sizeof(packet.udp)))
-+  return -1;
- 
-   if (!sanity_check(, bytes))
-   return -1;
--- 
-2.34.1
-
diff --git 
a/meta/recipes-connectivity/connman/connman/0001-vpn-Adding-support-for-latest-pppd-2.5.0-release.patch
 
b/meta/recipes-connectivity/connman/connman/0001-vpn-Adding-support-for-latest-pppd-2.5.0-release.patch
index 83343fdda50..9e5ac8da152 100644
--- 
a/meta/recipes-connectivity/connman/connman/0001-vpn-Adding-support-for-latest-pppd-2.5.0-release.patch
+++ 
b/meta/recipes-connectivity/connman/connman/0001-vpn-Adding-support-for-latest-pppd-2.5.0-release.patch
@@ -1,4 +1,4 @@
-From 5f373f373f5baccc282dce257b7b16c8bb4a82c4 Mon Sep 17 00:00:00 2001
+From af55a6a414d32c12f9ef3cab778385a361e1ad6d Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Eivind=20N=C3=A6ss?= 
 Date: Sat, 25 Mar 2023 20:51:52 +
 Subject: [PATCH] vpn: Adding support for latest pppd 2.5.0 release
@@ -11,82 +11,12 @@ Adding a libppp-compat.h file to mask for any differences 
in the version.
 
 Upstream-Status: Backport 
[https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=a48864a2e5d2a725dfc6eef567108bc13b43857f]
 Signed-off-by: Martin Jansa 
+
 ---
- configure.ac|  42 -
  scripts/libppp-compat.h | 127 
- scripts/libppp-plugin.c |  15 +++--
- 3 files changed, 161 insertions(+), 23 deletions(-)
+ 1 file changed, 127 insertions(+)
  create mode 100644 scripts/libppp-compat.h
 
-diff --git 

[OE-core][kirkstone][PATCH 1/1] dropbear: fix CVE-2023-36328

[Urade, Yogita via lists.openembedded.org]

From: Yogita Urade 

Integer Overflow vulnerability in mp_grow in libtom libtommath before
commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9, allows attackers to
execute arbitrary code and cause a denial of service (DoS).

References:
https://nvd.nist.gov/vuln/detail/CVE-2023-36328
https://github.com/libtom/libtommath/pull/546

Signed-off-by: Yogita Urade 
---
 meta/recipes-core/dropbear/dropbear.inc   |   1 +
 .../dropbear/dropbear/CVE-2023-36328.patch| 144 ++
 2 files changed, 145 insertions(+)
 create mode 100644 meta/recipes-core/dropbear/dropbear/CVE-2023-36328.patch

diff --git a/meta/recipes-core/dropbear/dropbear.inc 
b/meta/recipes-core/dropbear/dropbear.inc
index f3f085b616..e61930f7db 100644
--- a/meta/recipes-core/dropbear/dropbear.inc
+++ b/meta/recipes-core/dropbear/dropbear.inc
@@ -29,6 +29,7 @@ SRC_URI = 
"http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.bz2 \
${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', 
'', d)} \
${@bb.utils.contains('PACKAGECONFIG', 'disable-weak-ciphers', 
'file://dropbear-disable-weak-ciphers.patch', '', d)} \
   file://CVE-2021-36369.patch \
+  file://CVE-2023-36328.patch \
   "
 
 PAM_SRC_URI = "file://0005-dropbear-enable-pam.patch \
diff --git a/meta/recipes-core/dropbear/dropbear/CVE-2023-36328.patch 
b/meta/recipes-core/dropbear/dropbear/CVE-2023-36328.patch
new file mode 100644
index 00..4d8c40f70b
--- /dev/null
+++ b/meta/recipes-core/dropbear/dropbear/CVE-2023-36328.patch
@@ -0,0 +1,144 @@
+From beba892bc0d4e4ded4d667ab1d2a94f4d75109a9 Mon Sep 17 00:00:00 2001
+From: czurnieden 
+Date: Wed, 6 Sep 2023 10:48:58 +
+Subject: [PATCH] Fix possible integer overflow
+
+CVE: CVE-2023-36328
+
+Upstream-Status: Backport 
[https://github.com/libtom/libtommath/commit/beba892bc0d4e4ded4d667ab1d2a94f4d75109a9]
+
+Signed-off-by: Yogita Urade 
+---
+ libtommath/bn_mp_2expt.c| 4 
+ libtommath/bn_mp_grow.c | 4 
+ libtommath/bn_mp_init_size.c| 5 +
+ libtommath/bn_mp_mul_2d.c   | 4 
+ libtommath/bn_s_mp_mul_digs.c   | 4 
+ libtommath/bn_s_mp_mul_digs_fast.c  | 4 
+ libtommath/bn_s_mp_mul_high_digs.c  | 4 
+ libtommath/bn_s_mp_mul_high_digs_fast.c | 4 
+ 8 files changed, 33 insertions(+)
+
+diff --git a/libtommath/bn_mp_2expt.c b/libtommath/bn_mp_2expt.c
+index 0ae3df1..7d4d884 100644
+--- a/libtommath/bn_mp_2expt.c
 b/libtommath/bn_mp_2expt.c
+@@ -12,6 +12,10 @@ mp_err mp_2expt(mp_int *a, int b)
+ {
+mp_errerr;
+
++   if (b < 0) {
++  return MP_VAL;
++   }
++
+/* zero a as per default */
+mp_zero(a);
+
+diff --git a/libtommath/bn_mp_grow.c b/libtommath/bn_mp_grow.c
+index 9e904c5..e7b186c 100644
+--- a/libtommath/bn_mp_grow.c
 b/libtommath/bn_mp_grow.c
+@@ -9,6 +9,10 @@ mp_err mp_grow(mp_int *a, int size)
+int i;
+mp_digit *tmp;
+
++   if (size < 0) {
++  return MP_VAL;
++   }
++
+/* if the alloc size is smaller alloc more ram */
+if (a->alloc < size) {
+   /* reallocate the array a->dp
+diff --git a/libtommath/bn_mp_init_size.c b/libtommath/bn_mp_init_size.c
+index d622687..5fefa96 100644
+--- a/libtommath/bn_mp_init_size.c
 b/libtommath/bn_mp_init_size.c
+@@ -6,6 +6,11 @@
+ /* init an mp_init for a given size */
+ mp_err mp_init_size(mp_int *a, int size)
+ {
++
++   if (size < 0) {
++  return MP_VAL;
++   }
++
+size = MP_MAX(MP_MIN_PREC, size);
+
+/* alloc mem */
+diff --git a/libtommath/bn_mp_mul_2d.c b/libtommath/bn_mp_mul_2d.c
+index 87354de..2744163 100644
+--- a/libtommath/bn_mp_mul_2d.c
 b/libtommath/bn_mp_mul_2d.c
+@@ -9,6 +9,10 @@ mp_err mp_mul_2d(const mp_int *a, int b, mp_int *c)
+mp_digit d;
+mp_err   err;
+
++   if (b < 0) {
++  return MP_VAL;
++   }
++
+/* copy */
+if (a != c) {
+   if ((err = mp_copy(a, c)) != MP_OKAY) {
+diff --git a/libtommath/bn_s_mp_mul_digs.c b/libtommath/bn_s_mp_mul_digs.c
+index 64509d4..2d2f5b0 100644
+--- a/libtommath/bn_s_mp_mul_digs.c
 b/libtommath/bn_s_mp_mul_digs.c
+@@ -16,6 +16,10 @@ mp_err s_mp_mul_digs(const mp_int *a, const mp_int *b, 
mp_int *c, int digs)
+mp_word r;
+mp_digit tmpx, *tmpt, *tmpy;
+
++   if (digs < 0) {
++  return MP_VAL;
++   }
++
+/* can we use the fast multiplier? */
+if ((digs < MP_WARRAY) &&
+(MP_MIN(a->used, b->used) < MP_MAXFAST)) {
+diff --git a/libtommath/bn_s_mp_mul_digs_fast.c 
b/libtommath/bn_s_mp_mul_digs_fast.c
+index b2a287b..d6dd3cc 100644
+--- a/libtommath/bn_s_mp_mul_digs_fast.c
 b/libtommath/bn_s_mp_mul_digs_fast.c
+@@ -26,6 +26,10 @@ mp_err s_mp_mul_digs_fast(const mp_int *a, const mp_int *b, 
mp_int *c, int digs)
+mp_digit W[MP_WARRAY];
+mp_word  _W;
+
++   if (digs < 0) {
++  return MP_VAL;
++   }
++
+/* grow the destination as required */
+if (c->alloc < digs) {
+   if ((err = mp_grow(c, digs)) != MP_OKAY) {
+diff --git 

[OE-core] [PATCH 1/2] qemu-system-native: enable PNG support

[Ross Burton]

From: Ross Burton 

It might be useful to grab screenshots from qemu-system-native (for
example, for QA purposes).

Signed-off-by: Ross Burton 
---
 meta/recipes-devtools/qemu/qemu-system-native_8.0.4.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-devtools/qemu/qemu-system-native_8.0.4.bb 
b/meta/recipes-devtools/qemu/qemu-system-native_8.0.4.bb
index 04c7c2a6acf..558a416f7b4 100644
--- a/meta/recipes-devtools/qemu/qemu-system-native_8.0.4.bb
+++ b/meta/recipes-devtools/qemu/qemu-system-native_8.0.4.bb
@@ -11,7 +11,7 @@ DEPENDS = "glib-2.0-native zlib-native pixman-native 
qemu-native bison-native me
 
 EXTRA_OECONF:append = " --target-list=${@get_qemu_system_target_list(d)}"
 
-PACKAGECONFIG ??= "fdt alsa kvm pie slirp \
+PACKAGECONFIG ??= "fdt alsa kvm pie slirp png \
 ${@bb.utils.contains('DISTRO_FEATURES', 'opengl', 'virglrenderer epoxy', 
'', d)} \
 "
 
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187320): 
https://lists.openembedded.org/g/openembedded-core/message/187320
Mute This Topic: https://lists.openembedded.org/mt/101194937/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 2/2] scripts/oe-find-native-sysroot: use bitbake-getvar

[Ross Burton]

From: Ross Burton 

Instead of bitbake and grep, just use bitbake-getvar.

Signed-off-by: Ross Burton 
---
 scripts/oe-find-native-sysroot | 15 ++-
 1 file changed, 2 insertions(+), 13 deletions(-)

diff --git a/scripts/oe-find-native-sysroot b/scripts/oe-find-native-sysroot
index 5146bbf..6228efcbeec 100755
--- a/scripts/oe-find-native-sysroot
+++ b/scripts/oe-find-native-sysroot
@@ -36,20 +36,9 @@ if [ "$1" = '--help' -o "$1" = '-h' -o $# -ne 1 ] ; then
 fi
 
 # Global vars
-BITBAKE_E=""
 set_oe_native_sysroot(){
-echo "Running bitbake -e $1"
-BITBAKE_E="`bitbake -e $1`"
-OECORE_NATIVE_SYSROOT=`echo "$BITBAKE_E" | grep ^STAGING_DIR_NATIVE= | cut 
-d '"' -f2`
-
-if [ "x$OECORE_NATIVE_SYSROOT" = "x" ]; then
-# This indicates that there was an error running bitbake -e that
-# the user needs to be informed of
-echo "There was an error running bitbake to determine 
STAGING_DIR_NATIVE"
-echo "Here is the output from bitbake -e $1"
-echo $BITBAKE_E
-exit 1
-fi
+echo "Getting sysroot..."
+OECORE_NATIVE_SYSROOT=$(bitbake-getvar -r $1 --value STAGING_DIR_NATIVE)
 }
 
 if [ "x$OECORE_NATIVE_SYSROOT" = "x" ]; then
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187321): 
https://lists.openembedded.org/g/openembedded-core/message/187321
Mute This Topic: https://lists.openembedded.org/mt/101194938/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] glib-2.0: explicitly enable strlcpy()

[Ross Burton]

From: Ross Burton 

We have glibc 2.38 which added strlcpy(), so enable the use of it
explicitly in the Meson cross file for when the target doesn't support
qemu-usermode (which will result in the default of not using it).

Signed-off-by: Ross Burton 
---
 meta/recipes-core/glib-2.0/glib-2.0/meson.cross.d/common-glibc | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/recipes-core/glib-2.0/glib-2.0/meson.cross.d/common-glibc 
b/meta/recipes-core/glib-2.0/glib-2.0/meson.cross.d/common-glibc
index c4648f58c78..3049e5116ec 100644
--- a/meta/recipes-core/glib-2.0/glib-2.0/meson.cross.d/common-glibc
+++ b/meta/recipes-core/glib-2.0/glib-2.0/meson.cross.d/common-glibc
@@ -3,3 +3,4 @@ have_c99_vsnprintf = true
 have_c99_snprintf = true
 have_unix98_printf = true
 va_val_copy = true
+have_strlcpy = true
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187319): 
https://lists.openembedded.org/g/openembedded-core/message/187319
Mute This Topic: https://lists.openembedded.org/mt/101194848/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH v2] openssh: capture ptest regression test failure logs

[Alexander Kanavin]

Thanks!

Alex

On Wed, 6 Sept 2023 at 16:29, Mikko Rapeli  wrote:
>
> When tests fail, capture the sshd and ssh client logs from
> the failing test run. These are needed to investigate
> the root cause.
>
> Reference: https://bugzilla.yoctoproject.org/show_bug.cgi?id=15178
>
> Signed-off-by: Mikko Rapeli 
> ---
>  ...ss-Makefile-print-logs-if-test-fails.patch | 34 +++
>  .../openssh/openssh_9.4p1.bb  |  1 +
>  2 files changed, 35 insertions(+)
>  create mode 100644 
> meta/recipes-connectivity/openssh/openssh/0001-openssh-regress-Makefile-print-logs-if-test-fails.patch
>
> v2: Upstream-Status from Pending to Submitted, 
> https://github.com/openssh/openssh-portable/pull/437
>
> v1: https://lists.openembedded.org/g/openembedded-core/message/187315
>
> diff --git 
> a/meta/recipes-connectivity/openssh/openssh/0001-openssh-regress-Makefile-print-logs-if-test-fails.patch
>  
> b/meta/recipes-connectivity/openssh/openssh/0001-openssh-regress-Makefile-print-logs-if-test-fails.patch
> new file mode 100644
> index 00..baa68dc6ff
> --- /dev/null
> +++ 
> b/meta/recipes-connectivity/openssh/openssh/0001-openssh-regress-Makefile-print-logs-if-test-fails.patch
> @@ -0,0 +1,34 @@
> +From 554f7baed050f89ffc2a7192d3071e8c5420f6d3 Mon Sep 17 00:00:00 2001
> +From: Mikko Rapeli 
> +Date: Fri, 25 Aug 2023 10:35:28 +
> +Subject: [PATCH] openssh regress/Makefile: print logs if test fails
> +
> +Some tests are failing in CI runs and reproduction has failed. Print
> +the captured sshd and ssh client logs if test fails. This should
> +help to fix the root causes.
> +
> +Reference: https://bugzilla.yoctoproject.org/show_bug.cgi?id=15178
> +
> +Signed-off-by: Mikko Rapeli 
> +---
> + regress/Makefile | 2 +-
> + 1 file changed, 1 insertion(+), 1 deletion(-)
> +
> +Upstream-Status: Submitted 
> [https://github.com/openssh/openssh-portable/pull/437]
> +
> +diff --git a/regress/Makefile b/regress/Makefile
> +index d80bf59..a972dff 100644
> +--- a/regress/Makefile
>  b/regress/Makefile
> +@@ -229,7 +229,7 @@ t-exec:${LTESTS:=.sh}
> +   done; \
> +   if [ "x$${skip}" = "xno" ]; then \
> +   echo "run test $${TEST}" ... 1>&2; \
> +-  (env SUDO="${SUDO}" TEST_ENV=${TEST_ENV} 
> ${TEST_SHELL} ${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/$${TEST}) || exit 
> $$?; \
> ++  (env SUDO="${SUDO}" TEST_ENV=${TEST_ENV} 
> ${TEST_SHELL} ${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/$${TEST}) || 
> (echo return value: $$?; echo capturing logs; cat *.log; exit 1); \
> +   else \
> +   echo skip test $${TEST} 1>&2; \
> +   fi; \
> +--
> +2.34.1
> +
> diff --git a/meta/recipes-connectivity/openssh/openssh_9.4p1.bb 
> b/meta/recipes-connectivity/openssh/openssh_9.4p1.bb
> index 3f232a839d..2c85780e4d 100644
> --- a/meta/recipes-connectivity/openssh/openssh_9.4p1.bb
> +++ b/meta/recipes-connectivity/openssh/openssh_9.4p1.bb
> @@ -24,6 +24,7 @@ SRC_URI = 
> "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
> file://fix-potential-signed-overflow-in-pointer-arithmatic.patch \
> file://sshd_check_keys \
> file://add-test-support-for-busybox.patch \
> +   
> file://0001-openssh-regress-Makefile-print-logs-if-test-fails.patch \
> "
>  SRC_URI[sha256sum] = 
> "3608fd9088db2163ceb3e600c85ab79d0de3d221e59192ea1923e23263866a85"
>
> --
> 2.34.1
>
>
> 
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187318): 
https://lists.openembedded.org/g/openembedded-core/message/187318
Mute This Topic: https://lists.openembedded.org/mt/101193789/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH v2] openssh: capture ptest regression test failure logs

[Mikko Rapeli]

When tests fail, capture the sshd and ssh client logs from
the failing test run. These are needed to investigate
the root cause.

Reference: https://bugzilla.yoctoproject.org/show_bug.cgi?id=15178

Signed-off-by: Mikko Rapeli 
---
 ...ss-Makefile-print-logs-if-test-fails.patch | 34 +++
 .../openssh/openssh_9.4p1.bb  |  1 +
 2 files changed, 35 insertions(+)
 create mode 100644 
meta/recipes-connectivity/openssh/openssh/0001-openssh-regress-Makefile-print-logs-if-test-fails.patch

v2: Upstream-Status from Pending to Submitted, 
https://github.com/openssh/openssh-portable/pull/437

v1: https://lists.openembedded.org/g/openembedded-core/message/187315

diff --git 
a/meta/recipes-connectivity/openssh/openssh/0001-openssh-regress-Makefile-print-logs-if-test-fails.patch
 
b/meta/recipes-connectivity/openssh/openssh/0001-openssh-regress-Makefile-print-logs-if-test-fails.patch
new file mode 100644
index 00..baa68dc6ff
--- /dev/null
+++ 
b/meta/recipes-connectivity/openssh/openssh/0001-openssh-regress-Makefile-print-logs-if-test-fails.patch
@@ -0,0 +1,34 @@
+From 554f7baed050f89ffc2a7192d3071e8c5420f6d3 Mon Sep 17 00:00:00 2001
+From: Mikko Rapeli 
+Date: Fri, 25 Aug 2023 10:35:28 +
+Subject: [PATCH] openssh regress/Makefile: print logs if test fails
+
+Some tests are failing in CI runs and reproduction has failed. Print
+the captured sshd and ssh client logs if test fails. This should
+help to fix the root causes.
+
+Reference: https://bugzilla.yoctoproject.org/show_bug.cgi?id=15178
+
+Signed-off-by: Mikko Rapeli 
+---
+ regress/Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Upstream-Status: Submitted 
[https://github.com/openssh/openssh-portable/pull/437]
+
+diff --git a/regress/Makefile b/regress/Makefile
+index d80bf59..a972dff 100644
+--- a/regress/Makefile
 b/regress/Makefile
+@@ -229,7 +229,7 @@ t-exec:${LTESTS:=.sh}
+   done; \
+   if [ "x$${skip}" = "xno" ]; then \
+   echo "run test $${TEST}" ... 1>&2; \
+-  (env SUDO="${SUDO}" TEST_ENV=${TEST_ENV} ${TEST_SHELL} 
${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/$${TEST}) || exit $$?; \
++  (env SUDO="${SUDO}" TEST_ENV=${TEST_ENV} ${TEST_SHELL} 
${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/$${TEST}) || (echo return value: 
$$?; echo capturing logs; cat *.log; exit 1); \
+   else \
+   echo skip test $${TEST} 1>&2; \
+   fi; \
+-- 
+2.34.1
+
diff --git a/meta/recipes-connectivity/openssh/openssh_9.4p1.bb 
b/meta/recipes-connectivity/openssh/openssh_9.4p1.bb
index 3f232a839d..2c85780e4d 100644
--- a/meta/recipes-connectivity/openssh/openssh_9.4p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_9.4p1.bb
@@ -24,6 +24,7 @@ SRC_URI = 
"http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
file://fix-potential-signed-overflow-in-pointer-arithmatic.patch \
file://sshd_check_keys \
file://add-test-support-for-busybox.patch \
+   file://0001-openssh-regress-Makefile-print-logs-if-test-fails.patch 
\
"
 SRC_URI[sha256sum] = 
"3608fd9088db2163ceb3e600c85ab79d0de3d221e59192ea1923e23263866a85"
 
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187317): 
https://lists.openembedded.org/g/openembedded-core/message/187317
Mute This Topic: https://lists.openembedded.org/mt/101193789/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH] openssh: capture ptest regression test failure logs

[Alexander Kanavin]

Please submit upstream at the same time you submit here.

With openssh it's not complicated: https://github.com/openssh/openssh-portable

Alex


On Wed, 6 Sept 2023 at 15:23, Mikko Rapeli  wrote:
>
> When tests fail, capture the sshd and ssh client logs from
> the failing test run. These are needed to investigate
> the root cause.
>
> Reference: https://bugzilla.yoctoproject.org/show_bug.cgi?id=15178
>
> Signed-off-by: Mikko Rapeli 
> ---
>  ...ss-Makefile-print-logs-if-test-fails.patch | 34 +++
>  .../openssh/openssh_9.4p1.bb  |  1 +
>  2 files changed, 35 insertions(+)
>  create mode 100644 
> meta/recipes-connectivity/openssh/openssh/0001-openssh-regress-Makefile-print-logs-if-test-fails.patch
>
> diff --git 
> a/meta/recipes-connectivity/openssh/openssh/0001-openssh-regress-Makefile-print-logs-if-test-fails.patch
>  
> b/meta/recipes-connectivity/openssh/openssh/0001-openssh-regress-Makefile-print-logs-if-test-fails.patch
> new file mode 100644
> index 00..bcadbbed0b
> --- /dev/null
> +++ 
> b/meta/recipes-connectivity/openssh/openssh/0001-openssh-regress-Makefile-print-logs-if-test-fails.patch
> @@ -0,0 +1,34 @@
> +From 554f7baed050f89ffc2a7192d3071e8c5420f6d3 Mon Sep 17 00:00:00 2001
> +From: Mikko Rapeli 
> +Date: Fri, 25 Aug 2023 10:35:28 +
> +Subject: [PATCH] openssh regress/Makefile: print logs if test fails
> +
> +Some tests are failing in CI runs and reproduction has failed. Print
> +the captured sshd and ssh client logs if test fails. This should
> +help to fix the root causes.
> +
> +Reference: https://bugzilla.yoctoproject.org/show_bug.cgi?id=15178
> +
> +Upstream-Status: Pending
> +
> +Signed-off-by: Mikko Rapeli 
> +---
> + regress/Makefile | 2 +-
> + 1 file changed, 1 insertion(+), 1 deletion(-)
> +
> +diff --git a/regress/Makefile b/regress/Makefile
> +index d80bf59..a972dff 100644
> +--- a/regress/Makefile
>  b/regress/Makefile
> +@@ -229,7 +229,7 @@ t-exec:${LTESTS:=.sh}
> +   done; \
> +   if [ "x$${skip}" = "xno" ]; then \
> +   echo "run test $${TEST}" ... 1>&2; \
> +-  (env SUDO="${SUDO}" TEST_ENV=${TEST_ENV} 
> ${TEST_SHELL} ${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/$${TEST}) || exit 
> $$?; \
> ++  (env SUDO="${SUDO}" TEST_ENV=${TEST_ENV} 
> ${TEST_SHELL} ${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/$${TEST}) || 
> (echo return value: $$?; echo capturing logs; cat *.log; exit 1); \
> +   else \
> +   echo skip test $${TEST} 1>&2; \
> +   fi; \
> +--
> +2.34.1
> +
> diff --git a/meta/recipes-connectivity/openssh/openssh_9.4p1.bb 
> b/meta/recipes-connectivity/openssh/openssh_9.4p1.bb
> index 3f232a839d..2c85780e4d 100644
> --- a/meta/recipes-connectivity/openssh/openssh_9.4p1.bb
> +++ b/meta/recipes-connectivity/openssh/openssh_9.4p1.bb
> @@ -24,6 +24,7 @@ SRC_URI = 
> "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
> file://fix-potential-signed-overflow-in-pointer-arithmatic.patch \
> file://sshd_check_keys \
> file://add-test-support-for-busybox.patch \
> +   
> file://0001-openssh-regress-Makefile-print-logs-if-test-fails.patch \
> "
>  SRC_URI[sha256sum] = 
> "3608fd9088db2163ceb3e600c85ab79d0de3d221e59192ea1923e23263866a85"
>
> --
> 2.34.1
>
>
> 
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187316): 
https://lists.openembedded.org/g/openembedded-core/message/187316
Mute This Topic: https://lists.openembedded.org/mt/101192324/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] openssh: capture ptest regression test failure logs

[Mikko Rapeli]

When tests fail, capture the sshd and ssh client logs from
the failing test run. These are needed to investigate
the root cause.

Reference: https://bugzilla.yoctoproject.org/show_bug.cgi?id=15178

Signed-off-by: Mikko Rapeli 
---
 ...ss-Makefile-print-logs-if-test-fails.patch | 34 +++
 .../openssh/openssh_9.4p1.bb  |  1 +
 2 files changed, 35 insertions(+)
 create mode 100644 
meta/recipes-connectivity/openssh/openssh/0001-openssh-regress-Makefile-print-logs-if-test-fails.patch

diff --git 
a/meta/recipes-connectivity/openssh/openssh/0001-openssh-regress-Makefile-print-logs-if-test-fails.patch
 
b/meta/recipes-connectivity/openssh/openssh/0001-openssh-regress-Makefile-print-logs-if-test-fails.patch
new file mode 100644
index 00..bcadbbed0b
--- /dev/null
+++ 
b/meta/recipes-connectivity/openssh/openssh/0001-openssh-regress-Makefile-print-logs-if-test-fails.patch
@@ -0,0 +1,34 @@
+From 554f7baed050f89ffc2a7192d3071e8c5420f6d3 Mon Sep 17 00:00:00 2001
+From: Mikko Rapeli 
+Date: Fri, 25 Aug 2023 10:35:28 +
+Subject: [PATCH] openssh regress/Makefile: print logs if test fails
+
+Some tests are failing in CI runs and reproduction has failed. Print
+the captured sshd and ssh client logs if test fails. This should
+help to fix the root causes.
+
+Reference: https://bugzilla.yoctoproject.org/show_bug.cgi?id=15178
+
+Upstream-Status: Pending
+
+Signed-off-by: Mikko Rapeli 
+---
+ regress/Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/regress/Makefile b/regress/Makefile
+index d80bf59..a972dff 100644
+--- a/regress/Makefile
 b/regress/Makefile
+@@ -229,7 +229,7 @@ t-exec:${LTESTS:=.sh}
+   done; \
+   if [ "x$${skip}" = "xno" ]; then \
+   echo "run test $${TEST}" ... 1>&2; \
+-  (env SUDO="${SUDO}" TEST_ENV=${TEST_ENV} ${TEST_SHELL} 
${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/$${TEST}) || exit $$?; \
++  (env SUDO="${SUDO}" TEST_ENV=${TEST_ENV} ${TEST_SHELL} 
${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/$${TEST}) || (echo return value: 
$$?; echo capturing logs; cat *.log; exit 1); \
+   else \
+   echo skip test $${TEST} 1>&2; \
+   fi; \
+-- 
+2.34.1
+
diff --git a/meta/recipes-connectivity/openssh/openssh_9.4p1.bb 
b/meta/recipes-connectivity/openssh/openssh_9.4p1.bb
index 3f232a839d..2c85780e4d 100644
--- a/meta/recipes-connectivity/openssh/openssh_9.4p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_9.4p1.bb
@@ -24,6 +24,7 @@ SRC_URI = 
"http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
file://fix-potential-signed-overflow-in-pointer-arithmatic.patch \
file://sshd_check_keys \
file://add-test-support-for-busybox.patch \
+   file://0001-openssh-regress-Makefile-print-logs-if-test-fails.patch 
\
"
 SRC_URI[sha256sum] = 
"3608fd9088db2163ceb3e600c85ab79d0de3d221e59192ea1923e23263866a85"
 
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187315): 
https://lists.openembedded.org/g/openembedded-core/message/187315
Mute This Topic: https://lists.openembedded.org/mt/101192324/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [kirkstone][PATCH] binutils: Fix CVE-2022-47008

[Steve Sakoman]

On Wed, Sep 6, 2023 at 3:04 AM Steve Sakoman via
lists.openembedded.org 
wrote:
>
> Hi Deepthi,
>
> Thanks for helping with CVEs.
>
> In the future when you submit multiple patches for the same recipe
> please do so as a patch series.  That way I'll know what the intended
> ordering is without having to examine the patch content.

Actually, could you please resubmit as a patch series? No ordering
works as is, the second patch in a series for the same recipe must
take the first into account.

Steve

> Thanks,
>
> Steve
>
> On Tue, Sep 5, 2023 at 11:46 PM  wrote:
> >
> > Hi Chee Yang,
> >
> > Sorry for missing out the patch file.
> > I have sent a separate mail that contains patch as :-
> > https://lists.openembedded.org/g/openembedded-core/message/187288
> > [kirkstone][PATCH V2] binutils: Fix CVE-2022-47008
> >
> > Thanks,
> > Deepthi
> >
> >
> >
>
> 
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187314): 
https://lists.openembedded.org/g/openembedded-core/message/187314
Mute This Topic: https://lists.openembedded.org/mt/101188282/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH 0/8] linux-yocto: consolidated pull request

[Ross Burton]

On 6 Sep 2023, at 13:56, Bruce Ashfield  wrote:
> 
> On Wed, Sep 6, 2023 at 8:39 AM Ross Burton  wrote:
>> 
>> On 5 Sep 2023, at 15:37, Bruce Ashfield via lists.openembedded.org 
>>  wrote:
>>> 
>>> From: Bruce Ashfield 
>>> 
>>> Richard,
>>> 
>>> Here's the next round of -stable and configuration changes.
>>> 
>>> I also ran into a build issue with 6.4+ on one of my builders
>>> due to a gzip mismatch with zlib versions. So I've included
>>> a fix for that.
>> 
>> Would you be able to throw in a cve-exclusions update when you upgrade the 
>> kernels?  I can do it, but it’s easier if it’s done as part of the upgrade.
>> 
>> For now it’s a little manual.  Have a clone of 
>> https://github.com/nluedtke/linux_kernel_cves to hand then:
>> 
>> $ ./generate-cve-exclusions.py  ~/Code/drive-by/linux_kernel_cves/ 6.4.11 > 
>> cve-exclusion_6.4.inc
>> 
>> (update paths as needed)
> 
> I'll add that to my update steps.
> 
> As long as I don't have to audit/check or manually edit anything, it
> won't be an issue.

Cheers.

Literally just run those commands and sanity check that it did something 
reasonable (ie didn’t write an error message to the files).  I’ve been meaning 
to add a wrapper to do the right thing, but Marta is also working on 
integrating the data directly into the CVE check logic so I really do consider 
this script very much an interim solution.

Ross
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187313): 
https://lists.openembedded.org/g/openembedded-core/message/187313
Mute This Topic: https://lists.openembedded.org/mt/101170549/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [kirkstone][PATCH] binutils: Fix CVE-2022-47008

[Steve Sakoman]

Hi Deepthi,

Thanks for helping with CVEs.

In the future when you submit multiple patches for the same recipe
please do so as a patch series.  That way I'll know what the intended
ordering is without having to examine the patch content.

Thanks,

Steve

On Tue, Sep 5, 2023 at 11:46 PM  wrote:
>
> Hi Chee Yang,
>
> Sorry for missing out the patch file.
> I have sent a separate mail that contains patch as :-
> https://lists.openembedded.org/g/openembedded-core/message/187288
> [kirkstone][PATCH V2] binutils: Fix CVE-2022-47008
>
> Thanks,
> Deepthi
>
> 
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187312): 
https://lists.openembedded.org/g/openembedded-core/message/187312
Mute This Topic: https://lists.openembedded.org/mt/101188282/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH 0/8] linux-yocto: consolidated pull request

[Bruce Ashfield]

On Wed, Sep 6, 2023 at 8:39 AM Ross Burton  wrote:
>
> On 5 Sep 2023, at 15:37, Bruce Ashfield via lists.openembedded.org 
>  wrote:
> >
> > From: Bruce Ashfield 
> >
> > Richard,
> >
> > Here's the next round of -stable and configuration changes.
> >
> > I also ran into a build issue with 6.4+ on one of my builders
> > due to a gzip mismatch with zlib versions. So I've included
> > a fix for that.
>
> Would you be able to throw in a cve-exclusions update when you upgrade the 
> kernels?  I can do it, but it’s easier if it’s done as part of the upgrade.
>
> For now it’s a little manual.  Have a clone of 
> https://github.com/nluedtke/linux_kernel_cves to hand then:
>
> $ ./generate-cve-exclusions.py  ~/Code/drive-by/linux_kernel_cves/ 6.4.11 > 
> cve-exclusion_6.4.inc
>
> (update paths as needed)

I'll add that to my update steps.

As long as I don't have to audit/check or manually edit anything, it
won't be an issue.

Bruce

>
> Ross



-- 
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187311): 
https://lists.openembedded.org/g/openembedded-core/message/187311
Mute This Topic: https://lists.openembedded.org/mt/101170549/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone 14/14] sysklogd: fix integration with systemd-journald

[Steve Sakoman]

From: Changqing Li 

Fix an issue with early log messages being lost when running in systemd.

Signed-off-by: Changqing Li 
Signed-off-by: Steve Sakoman 
---
 ...KillMode-process-is-not-recommended-.patch | 33 
 ...-messages-lost-when-running-in-syste.patch | 75 +++
 .../sysklogd/sysklogd_2.3.0.bb|  2 +
 3 files changed, 110 insertions(+)
 create mode 100644 
meta/recipes-extended/sysklogd/files/0001-syslogd.service-KillMode-process-is-not-recommended-.patch
 create mode 100644 
meta/recipes-extended/sysklogd/files/0002-Fix-62-early-log-messages-lost-when-running-in-syste.patch

diff --git 
a/meta/recipes-extended/sysklogd/files/0001-syslogd.service-KillMode-process-is-not-recommended-.patch
 
b/meta/recipes-extended/sysklogd/files/0001-syslogd.service-KillMode-process-is-not-recommended-.patch
new file mode 100644
index 00..6c7e7cea44
--- /dev/null
+++ 
b/meta/recipes-extended/sysklogd/files/0001-syslogd.service-KillMode-process-is-not-recommended-.patch
@@ -0,0 +1,33 @@
+From b732dd0001c66f3ff1e0aef919c84ca9f0f81252 Mon Sep 17 00:00:00 2001
+From: Joachim Wiberg 
+Date: Sat, 22 Apr 2023 07:40:24 +0200
+Subject: [PATCH 1/2] syslogd.service: KillMode=process is not recommended,
+ drop
+
+The default 'control-group' ensures all processes started by sysklogd
+are stopped when the service is stopped, this is what we want.
+
+Signed-off-by: Joachim Wiberg 
+
+Upstream-Status: Backport 
[https://github.com/troglobit/sysklogd/commit/c82c004de7e25e770039cba5d6a34c30dd548533]
+
+Signed-off-by: Changqing Li 
+---
+ syslogd.service.in | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/syslogd.service.in b/syslogd.service.in
+index 91e080a..d614c5f 100644
+--- a/syslogd.service.in
 b/syslogd.service.in
+@@ -9,7 +9,6 @@ EnvironmentFile=-@SYSCONFDIR@/default/syslogd
+ ExecStart=@SBINDIR@/syslogd -F -p /run/systemd/journal/syslog $SYSLOGD_OPTS
+ StandardOutput=null
+ Restart=on-failure
+-KillMode=process
+ 
+ [Install]
+ WantedBy=multi-user.target
+-- 
+2.25.1
+
diff --git 
a/meta/recipes-extended/sysklogd/files/0002-Fix-62-early-log-messages-lost-when-running-in-syste.patch
 
b/meta/recipes-extended/sysklogd/files/0002-Fix-62-early-log-messages-lost-when-running-in-syste.patch
new file mode 100644
index 00..78ae57eeeb
--- /dev/null
+++ 
b/meta/recipes-extended/sysklogd/files/0002-Fix-62-early-log-messages-lost-when-running-in-syste.patch
@@ -0,0 +1,75 @@
+From ba8156eab79784ef816958327e701923890e98f7 Mon Sep 17 00:00:00 2001
+From: Joachim Wiberg 
+Date: Sat, 22 Apr 2023 08:27:57 +0200
+Subject: [PATCH 2/2] Fix #62: early log messages lost when running in systemd
+
+This is a follow-up to d7576c7 which initially added support for running
+in systemd based systems.  Since the unit file sources the syslog.socket
+we have /run/systemd/journal/syslog open already on descriptor 3.  All
+we need to do is verify that's the mode syslogd runs in.
+
+Signed-off-by: Joachim Wiberg 
+
+Upstream-Status: Backport 
[https://github.com/troglobit/sysklogd/commit/7ec64e5f9c1bc284792d028647fb36ef3e64dff7]
+
+Signed-off-by: Changqing Li 
+---
+ src/syslogd.c  | 21 +++--
+ syslogd.service.in |  2 +-
+ 2 files changed, 16 insertions(+), 7 deletions(-)
+
+diff --git a/src/syslogd.c b/src/syslogd.c
+index fa4303f..e96ca9a 100644
+--- a/src/syslogd.c
 b/src/syslogd.c
+@@ -162,6 +162,7 @@ voiduntty(void);
+ static void parsemsg(const char *from, char *msg);
+ static int  opensys(const char *file);
+ static void printsys(char *msg);
++static void unix_cb(int sd, void *arg);
+ static void logmsg(struct buf_msg *buffer);
+ static void fprintlog_first(struct filed *f, struct buf_msg *buffer);
+ static void fprintlog_successive(struct filed *f, int flags);
+@@ -436,12 +437,20 @@ int main(int argc, char *argv[])
+   .pe_serv = "syslog",
+   });
+ 
+-  /* Default to _PATH_LOG for the UNIX domain socket */
+-  if (!pflag)
+-  addpeer(&(struct peer) {
+-  .pe_name = _PATH_LOG,
+-  .pe_mode = 0666,
+-  });
++  /* Figure out where to read system log messages from */
++  if (!pflag) {
++  /* Do we run under systemd-journald (Requires=syslog.socket)? */
++  if (fcntl(3, F_GETFD) != -1) {
++  if (socket_register(3, NULL, unix_cb, NULL) == -1)
++  err(1, "failed registering syslog.socket (3)");
++  } else {
++  /* Default to _PATH_LOG for the UNIX domain socket */
++  addpeer(&(struct peer) {
++  .pe_name = _PATH_LOG,
++  .pe_mode = 0666,
++  });
++  }
++  }
+ 
+   if (!Foreground && !Debug) {
+   ppid = waitdaemon(30);
+diff --git a/syslogd.service.in 

[OE-core][kirkstone 13/14] libdnf: resolve cstdint inclusion for newer gcc versions

[Steve Sakoman]

From: Abe Kohandel 

Depending on the host gcc version, libdnf fails to compile due to
missing cstdint inclusions. These issue have already been addressed
upstream, add the patches to resolve this for older versions of the
library.

These commits are taken directly from the libdnf project at
https://github.com/rpm-software-management/libdnf

Signed-off-by: Abe Kohandel 
Signed-off-by: Steve Sakoman 
---
 ...58-Don-t-assume-inclusion-of-cstdint.patch | 56 +++
 ...onNumber.hpp-add-missing-cstdint-inc.patch | 33 +++
 ...ite3-Sqlite3.hpp-add-missing-cstdint.patch | 36 
 meta/recipes-devtools/libdnf/libdnf_0.66.0.bb |  3 +
 4 files changed, 128 insertions(+)
 create mode 100644 
meta/recipes-devtools/libdnf/libdnf/0001-Fix-1558-Don-t-assume-inclusion-of-cstdint.patch
 create mode 100644 
meta/recipes-devtools/libdnf/libdnf/0001-libdnf-conf-OptionNumber.hpp-add-missing-cstdint-inc.patch
 create mode 100644 
meta/recipes-devtools/libdnf/libdnf/0001-libdnf-utils-sqlite3-Sqlite3.hpp-add-missing-cstdint.patch

diff --git 
a/meta/recipes-devtools/libdnf/libdnf/0001-Fix-1558-Don-t-assume-inclusion-of-cstdint.patch
 
b/meta/recipes-devtools/libdnf/libdnf/0001-Fix-1558-Don-t-assume-inclusion-of-cstdint.patch
new file mode 100644
index 00..277fd9fbf6
--- /dev/null
+++ 
b/meta/recipes-devtools/libdnf/libdnf/0001-Fix-1558-Don-t-assume-inclusion-of-cstdint.patch
@@ -0,0 +1,56 @@
+From 779ea105564b6d717300af2fcb02a399737a536f Mon Sep 17 00:00:00 2001
+From: ctxnop 
+Date: Mon, 15 May 2023 19:30:16 +0200
+Subject: [PATCH] Fix #1558: Don't assume inclusion of cstdint
+
+With last versions of gcc, some headers don't include cstdint anymore,
+but some sources assume that it is.
+
+Upstream-Status: Backport 
[https://github.com/rpm-software-management/libdnf/commit/779ea105564b6d717300af2fcb02a399737a536f]
+Signed-off-by: ctxnop 
+---
+ libdnf/conf/ConfigMain.hpp| 1 +
+ libdnf/conf/ConfigRepo.hpp| 1 +
+ libdnf/conf/OptionSeconds.hpp | 2 ++
+ 3 files changed, 4 insertions(+)
+
+diff --git a/libdnf/conf/ConfigMain.hpp b/libdnf/conf/ConfigMain.hpp
+index 19395c71..59f65c48 100644
+--- a/libdnf/conf/ConfigMain.hpp
 b/libdnf/conf/ConfigMain.hpp
+@@ -32,6 +32,7 @@
+ #include "OptionString.hpp"
+ #include "OptionStringList.hpp"
+ 
++#include 
+ #include 
+ 
+ namespace libdnf {
+diff --git a/libdnf/conf/ConfigRepo.hpp b/libdnf/conf/ConfigRepo.hpp
+index 2b198441..84cafbad 100644
+--- a/libdnf/conf/ConfigRepo.hpp
 b/libdnf/conf/ConfigRepo.hpp
+@@ -26,6 +26,7 @@
+ #include "ConfigMain.hpp"
+ #include "OptionChild.hpp"
+ 
++#include 
+ #include 
+ 
+ namespace libdnf {
+diff --git a/libdnf/conf/OptionSeconds.hpp b/libdnf/conf/OptionSeconds.hpp
+index dc714b23..a80a973f 100644
+--- a/libdnf/conf/OptionSeconds.hpp
 b/libdnf/conf/OptionSeconds.hpp
+@@ -25,6 +25,8 @@
+ 
+ #include "OptionNumber.hpp"
+ 
++#include 
++
+ namespace libdnf {
+ 
+ /**
+-- 
+2.42.0
+
diff --git 
a/meta/recipes-devtools/libdnf/libdnf/0001-libdnf-conf-OptionNumber.hpp-add-missing-cstdint-inc.patch
 
b/meta/recipes-devtools/libdnf/libdnf/0001-libdnf-conf-OptionNumber.hpp-add-missing-cstdint-inc.patch
new file mode 100644
index 00..abb9504e6e
--- /dev/null
+++ 
b/meta/recipes-devtools/libdnf/libdnf/0001-libdnf-conf-OptionNumber.hpp-add-missing-cstdint-inc.patch
@@ -0,0 +1,33 @@
+From f8af6399c4f6a65a35d33ecc191bb14094dc9e18 Mon Sep 17 00:00:00 2001
+From: Sergei Trofimovich 
+Date: Fri, 27 May 2022 22:13:48 +0100
+Subject: [PATCH] libdnf/conf/OptionNumber.hpp: add missing  include
+
+Without the change libdnf build fails on this week's gcc-13 snapshot as:
+
+In file included from /build/libdnf/libdnf/conf/ConfigMain.hpp:29,
+ from /build/libdnf/libdnf/conf/ConfigMain.cpp:21:
+/build/libdnf/libdnf/conf/OptionNumber.hpp:94:41: error: 'int32_t' is not 
a member of 'std'; did you mean 'int32_t'?
+   94 | extern template class OptionNumber;
+  | ^~~
+
+Upstream-Status: Backport 
[https://github.com/rpm-software-management/libdnf/commit/f8af6399c4f6a65a35d33ecc191bb14094dc9e18]
+---
+ libdnf/conf/OptionNumber.hpp | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/libdnf/conf/OptionNumber.hpp b/libdnf/conf/OptionNumber.hpp
+index f7a7b3d6..a3a4dea6 100644
+--- a/libdnf/conf/OptionNumber.hpp
 b/libdnf/conf/OptionNumber.hpp
+@@ -25,6 +25,7 @@
+ 
+ #include "Option.hpp"
+ 
++#include 
+ #include 
+ 
+ namespace libdnf {
+-- 
+2.42.0
+
diff --git 
a/meta/recipes-devtools/libdnf/libdnf/0001-libdnf-utils-sqlite3-Sqlite3.hpp-add-missing-cstdint.patch
 
b/meta/recipes-devtools/libdnf/libdnf/0001-libdnf-utils-sqlite3-Sqlite3.hpp-add-missing-cstdint.patch
new file mode 100644
index 00..adde48ee46
--- /dev/null
+++ 
b/meta/recipes-devtools/libdnf/libdnf/0001-libdnf-utils-sqlite3-Sqlite3.hpp-add-missing-cstdint.patch
@@ -0,0 +1,36 @@
+From 24b5d7f154cac9e322dd3459f6d0a5016a57 Mon Sep 17 00:00:00 2001
+From: Sergei 

[OE-core][kirkstone 12/14] efivar: backport 5 patches to fix build with gold

[Steve Sakoman]

From: Martin Jansa 

* LDFLAGS += "-fuse-ld=bfd" in the recipe doesn't work and
  it still fails to build with ld-is-gold in DISTRO_FEATURES

  removal of this line sent to master in:
  https://lists.openembedded.org/g/openembedded-core/message/185167

* the most important ones are the 1st which removes --add-needed
  and the last which removes src/include/workarounds.mk completely
  while 2-4 patches just update src/include/workarounds.mk for the
  last one to apply cleanly

* alternatively we can bump SRCREV to latest 38 as master did in:
  
https://git.openembedded.org/openembedded-core/commit/?id=4df808c616f847d90203582fd950a49bb8360dd0
  which brings 23 commits, but instead of adding 5 more patches
  allows to remove 5

Signed-off-by: Martin Jansa 
Signed-off-by: Steve Sakoman 
---
 ...ve-deprecated-add-needed-linker-flag.patch |  45 +++
 ...002-Add-T-workaround-for-GNU-ld-2.36.patch |  33 +++
 ...LL-C-to-force-English-output-from-ld.patch |  33 +++
 ...on-and-remove-not-needed-workarounds.patch |  45 +++
 ...mp-efi_well_known_-variable-handling.patch | 262 ++
 meta/recipes-bsp/efivar/efivar_38.bb  |   9 +-
 6 files changed, 423 insertions(+), 4 deletions(-)
 create mode 100644 
meta/recipes-bsp/efivar/efivar/0001-Remove-deprecated-add-needed-linker-flag.patch
 create mode 100644 
meta/recipes-bsp/efivar/efivar/0002-Add-T-workaround-for-GNU-ld-2.36.patch
 create mode 100644 
meta/recipes-bsp/efivar/efivar/0003-Set-LC_ALL-C-to-force-English-output-from-ld.patch
 create mode 100644 
meta/recipes-bsp/efivar/efivar/0004-LLD-fix-detection-and-remove-not-needed-workarounds.patch
 create mode 100644 
meta/recipes-bsp/efivar/efivar/0005-Revamp-efi_well_known_-variable-handling.patch

diff --git 
a/meta/recipes-bsp/efivar/efivar/0001-Remove-deprecated-add-needed-linker-flag.patch
 
b/meta/recipes-bsp/efivar/efivar/0001-Remove-deprecated-add-needed-linker-flag.patch
new file mode 100644
index 00..fb6d2e8580
--- /dev/null
+++ 
b/meta/recipes-bsp/efivar/efivar/0001-Remove-deprecated-add-needed-linker-flag.patch
@@ -0,0 +1,45 @@
+From b23aba1469de8bb7a115751f9cd294ad3aaa6680 Mon Sep 17 00:00:00 2001
+From: Ali Abdel-Qader 
+Date: Tue, 31 May 2022 11:53:32 -0400
+Subject: [PATCH] Remove deprecated --add-needed linker flag
+
+Resolves #204
+Signed-off-by: Ali Abdel-Qader 
+Signed-off-by: Martin Jansa 
+---
+Upstream-Status: Backport 
[https://github.com/rhboot/efivar/pull/218/commits/b23aba1469de8bb7a115751f9cd294ad3aaa6680]
+
+ src/include/defaults.mk | 2 --
+ src/include/gcc.specs   | 2 +-
+ 2 files changed, 1 insertion(+), 3 deletions(-)
+
+diff --git a/src/include/defaults.mk b/src/include/defaults.mk
+index b8cc590..42bd3d6 100644
+--- a/src/include/defaults.mk
 b/src/include/defaults.mk
+@@ -51,7 +51,6 @@ LDFLAGS ?=
+ override _CCLDFLAGS := $(CCLDFLAGS)
+ override _LDFLAGS := $(LDFLAGS)
+ override LDFLAGS = $(CFLAGS) -L. $(_LDFLAGS) $(_CCLDFLAGS) \
+- -Wl,--add-needed \
+  -Wl,--build-id \
+  -Wl,--no-allow-shlib-undefined \
+  -Wl,--no-undefined-version \
+@@ -98,7 +97,6 @@ override _HOST_LDFLAGS := $(HOST_LDFLAGS)
+ override _HOST_CCLDFLAGS := $(HOST_CCLDFLAGS)
+ override HOST_LDFLAGS = $(HOST_CFLAGS) -L. \
+   $(_HOST_LDFLAGS) $(_HOST_CCLDFLAGS) \
+-  -Wl,--add-needed \
+   -Wl,--build-id \
+   -Wl,--no-allow-shlib-undefined \
+   -Wl,-z,now \
+diff --git a/src/include/gcc.specs b/src/include/gcc.specs
+index ef28e2b..d85e865 100644
+--- a/src/include/gcc.specs
 b/src/include/gcc.specs
+@@ -5,4 +5,4 @@
+ + %{!shared:%{!static:%{!r:-pie}}} %{static:-Wl,-no-fatal-warnings 
-Wl,-static -static -Wl,-z,relro,-z,now} -grecord-gcc-switches
+ 
+ *link:
+-+ %{!static:--fatal-warnings} --no-undefined-version 
--no-allow-shlib-undefined --add-needed -z now --build-id 
%{!static:%{!shared:-pie}} %{shared:-z relro} %{static:%
+Date: Mon, 17 Jan 2022 12:34:55 -0500
+Subject: [PATCH] Add -T workaround for GNU ld 2.36
+
+Signed-off-by: Robbie Harwood 
+Resolves: #195
+Signed-off-by: Martin Jansa 
+---
+Upstream-Status: Backport 
[https://github.com/rhboot/efivar/commit/197a0874ea4010061b98b4b55eff65b33b1cd741]
+
+ src/include/workarounds.mk | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/include/workarounds.mk b/src/include/workarounds.mk
+index 3118834..143e790 100644
+--- a/src/include/workarounds.mk
 b/src/include/workarounds.mk
+@@ -4,12 +4,12 @@
+ 
+ LD_FLAVOR := $(shell $(LD) --version | grep -E '^(LLD|GNU ld)'|sed 's/ .*//g')
+ LD_VERSION := $(shell $(LD) --version | grep -E '^(LLD|GNU ld)'|sed 's/.* //')
+-# I haven't tested 2.36 here; 2.35 is definitely broken and 2.37 seems to work
++# 2.35 is definitely broken and 2.36 seems to work
+ LD_DASH_T := $(shell \
+   if [ "x${LD_FLAVOR}" = xLLD ] ; then \
+   echo '-T' ; \
+   elif [ "x${LD_FLAVOR}" = xGNU ] ; 

[OE-core][kirkstone 11/14] python3: upgrade to 3.10.13

[Steve Sakoman]

From: Chee Yang Lee 

Release date: 2023-08-24

Security
gh-108310: Fixed an issue where instances of ssl.SSLSocket were
vulnerable to a bypass of the TLS handshake and included protections
(like certificate verification) and treating sent unencrypted data as if
it were post-handshake TLS encrypted data. Security issue reported as
CVE-2023-40217 by Aapo Oksman. Patch by Gregory P. Smith.

Library
gh-107845: tarfile.data_filter() now takes the location of symlinks into
account when determining their target, so it will no longer reject some
valid tarballs with LinkOutsideDestinationError.

Tools/Demos
gh-107565: Update multissltests and GitHub CI workflows to use OpenSSL
1.1.1v, 3.0.10, and 3.1.2.

C API
gh-99612: Fix PyUnicode_DecodeUTF8Stateful() for ASCII-only data:
*consumed was not set.

Signed-off-by: Chee Yang Lee 
Signed-off-by: Steve Sakoman 
---
 .../python/{python3_3.10.12.bb => python3_3.10.13.bb}   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-devtools/python/{python3_3.10.12.bb => python3_3.10.13.bb} 
(99%)

diff --git a/meta/recipes-devtools/python/python3_3.10.12.bb 
b/meta/recipes-devtools/python/python3_3.10.13.bb
similarity index 99%
rename from meta/recipes-devtools/python/python3_3.10.12.bb
rename to meta/recipes-devtools/python/python3_3.10.13.bb
index 74f1defc95..ba53a09ef5 100644
--- a/meta/recipes-devtools/python/python3_3.10.12.bb
+++ b/meta/recipes-devtools/python/python3_3.10.13.bb
@@ -43,7 +43,7 @@ SRC_URI:append:class-native = " \
file://12-distutils-prefix-is-inside-staging-area.patch \
file://0001-Don-t-search-system-for-headers-libraries.patch \
"
-SRC_URI[sha256sum] = 
"afb74bf19130e7a47d10312c8f5e784f24e0527981eab68e20546cfb865830b8"
+SRC_URI[sha256sum] = 
"5c88848668640d3e152b35b4536ef1c23b2ca4bd2c957ef1ecbb053f571dd3f6"
 
 # exclude pre-releases for both python 2.x and 3.x
 UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P\d+(\.\d+)+).tar"
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187307): 
https://lists.openembedded.org/g/openembedded-core/message/187307
Mute This Topic: https://lists.openembedded.org/mt/101191599/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone 10/14] nasm: fix CVE-2020-21528

[Steve Sakoman]

From: Archana Polampalli 

A Segmentation Fault issue discovered in in ieee_segment function in outieee.c
in nasm 2.14.03 and 2.15 allows remote attackers to cause a denial of service
via crafted assembly file.

References:
https://nvd.nist.gov/vuln/detail/CVE-2020-21528

Upstream patches:
https://github.com/netwide-assembler/nasm/commit/93c774d482694643cafbc82578ac8b729fb5bc8b

Signed-off-by: Archana Polampalli 
Signed-off-by: Steve Sakoman 
---
 .../nasm/nasm/CVE-2020-21528.patch| 47 +++
 meta/recipes-devtools/nasm/nasm_2.15.05.bb|  1 +
 2 files changed, 48 insertions(+)
 create mode 100644 meta/recipes-devtools/nasm/nasm/CVE-2020-21528.patch

diff --git a/meta/recipes-devtools/nasm/nasm/CVE-2020-21528.patch 
b/meta/recipes-devtools/nasm/nasm/CVE-2020-21528.patch
new file mode 100644
index 00..2303744540
--- /dev/null
+++ b/meta/recipes-devtools/nasm/nasm/CVE-2020-21528.patch
@@ -0,0 +1,47 @@
+From 93c774d482694643cafbc82578ac8b729fb5bc8b Mon Sep 17 00:00:00 2001
+From: Cyrill Gorcunov 
+Date: Wed, 4 Nov 2020 13:08:06 +0300
+Subject: [PATCH] BR3392637: output/outieee: Fix nil dereference
+
+The handling been broken in commit 98578071.
+
+Upstream-Status: Backport 
[https://github.com/netwide-assembler/nasm/commit/93c774d482694643cafbc82578ac8b729fb5bc8b]
+
+CVE: CVE-2020-21528
+
+Signed-off-by: Cyrill Gorcunov 
+Signed-off-by: Archana Polampalli 
+---
+ output/outieee.c | 17 +
+ 1 file changed, 17 insertions(+)
+
+diff --git a/output/outieee.c b/output/outieee.c
+index bff2f085..b3ccc5f6 100644
+--- a/output/outieee.c
 b/output/outieee.c
+@@ -795,6 +795,23 @@ static int32_t ieee_segment(char *name, int *bits)
+ define_label(name, seg->index + 1, 0L, false);
+ ieee_seg_needs_update = NULL;
+
++/*
++ * In commit 98578071b9d71ecaa2344dd9c185237c1765041e
++ * we reworked labels significantly which in turn lead
++ * to the case where seg->name = NULL here and we get
++ * nil dereference in next segments definitions.
++ *
++ * Lets placate this case with explicit name setting
++ * if labels engine didn't set it yet.
++ *
++ * FIXME: Need to revisit this moment if such fix doesn't
++ * break anything but since IEEE 695 format is veeery
++ * old I don't expect there are many users left. In worst
++ * case this should only lead to a memory leak.
++ */
++if (!seg->name)
++seg->name = nasm_strdup(name);
++
+ if (seg->use32)
+ *bits = 32;
+ else
+--
+2.40.0
diff --git a/meta/recipes-devtools/nasm/nasm_2.15.05.bb 
b/meta/recipes-devtools/nasm/nasm_2.15.05.bb
index bcb7e071d6..aba061f56f 100644
--- a/meta/recipes-devtools/nasm/nasm_2.15.05.bb
+++ b/meta/recipes-devtools/nasm/nasm_2.15.05.bb
@@ -10,6 +10,7 @@ SRC_URI = 
"http://www.nasm.us/pub/nasm/releasebuilds/${PV}/nasm-${PV}.tar.bz2 \
file://0002-Add-debug-prefix-map-option.patch \
file://CVE-2022-44370.patch \
file://CVE-2022-46457.patch \
+   file://CVE-2020-21528.patch \
"
 
 SRC_URI[sha256sum] = 
"3c4b8339e5ab54b1bcb2316101f8985a5da50a3f9e504d43fa6f35668bee2fd0"
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187306): 
https://lists.openembedded.org/g/openembedded-core/message/187306
Mute This Topic: https://lists.openembedded.org/mt/101191597/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone 09/14] file: fix CVE-2022-48554

[Steve Sakoman]

From: Chee Yang Lee 

ignore changes to FILE_RCSID part.

Signed-off-by: Chee Yang Lee 
Signed-off-by: Steve Sakoman 
---
 .../file/file/CVE-2022-48554.patch| 35 +++
 meta/recipes-devtools/file/file_5.41.bb   |  4 ++-
 2 files changed, 38 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-devtools/file/file/CVE-2022-48554.patch

diff --git a/meta/recipes-devtools/file/file/CVE-2022-48554.patch 
b/meta/recipes-devtools/file/file/CVE-2022-48554.patch
new file mode 100644
index 00..c285bd2c23
--- /dev/null
+++ b/meta/recipes-devtools/file/file/CVE-2022-48554.patch
@@ -0,0 +1,35 @@
+CVE:  CVE-2022-48554
+Upstream-Status: Backport [ 
https://github.com/file/file/commit/497aabb29cd08d2a5aeb63e45798d65fcbe03502 ]
+Signed-off-by: Lee Chee Yang 
+
+From 497aabb29cd08d2a5aeb63e45798d65fcbe03502 Mon Sep 17 00:00:00 2001
+From: Christos Zoulas 
+Date: Mon, 14 Feb 2022 16:26:10 +
+Subject: [PATCH] PR/310: p870613: Don't use strlcpy to copy the string, it
+ will try to scan the source string to find out how much space is needed the
+ source string might not be NUL terminated.
+
+---
+ src/funcs.c | 11 +++
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/src/funcs.c b/src/funcs.c
+index 89e1da597..dcfd352d2 100644
+--- a/src/funcs.c
 b/src/funcs.c
+@@ -54,9 +54,12 @@ FILE_RCSID("@(#)$File: funcs.c,v 1.124 2022/01/10 14:15:08 
christos Exp $")
+ protected char *
+ file_copystr(char *buf, size_t blen, size_t width, const char *str)
+ {
+-  if (++width > blen)
+-  width = blen;
+-  strlcpy(buf, str, width);
++  if (blen == 0)
++  return buf;
++  if (width >= blen)
++  width = blen - 1;
++  memcpy(buf, str, width);
++  buf[width] = '\0';
+   return buf;
+ }
+ 
diff --git a/meta/recipes-devtools/file/file_5.41.bb 
b/meta/recipes-devtools/file/file_5.41.bb
index 653887e97a..6fd4f2c746 100644
--- a/meta/recipes-devtools/file/file_5.41.bb
+++ b/meta/recipes-devtools/file/file_5.41.bb
@@ -11,7 +11,9 @@ LIC_FILES_CHKSUM = 
"file://COPYING;beginline=2;md5=0251eaec1188b20d9a72c502ecfdd
 DEPENDS = "file-replacement-native"
 DEPENDS:class-native = "bzip2-replacement-native"
 
-SRC_URI = "git://github.com/file/file.git;branch=master;protocol=https"
+SRC_URI = "git://github.com/file/file.git;branch=master;protocol=https \
+   file://CVE-2022-48554.patch \
+"
 
 SRCREV = "504206e53a89fd6eed71aeaf878aa3512418eab1"
 S = "${WORKDIR}/git"
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187305): 
https://lists.openembedded.org/g/openembedded-core/message/187305
Mute This Topic: https://lists.openembedded.org/mt/101191595/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone 08/14] libssh2: fix CVE-2020-22218

[Steve Sakoman]

From: Chee Yang Lee 

Signed-off-by: Chee Yang Lee 
Signed-off-by: Steve Sakoman 
---
 .../libssh2/libssh2/CVE-2020-22218.patch  | 34 +++
 .../recipes-support/libssh2/libssh2_1.10.0.bb |  1 +
 2 files changed, 35 insertions(+)
 create mode 100644 meta/recipes-support/libssh2/libssh2/CVE-2020-22218.patch

diff --git a/meta/recipes-support/libssh2/libssh2/CVE-2020-22218.patch 
b/meta/recipes-support/libssh2/libssh2/CVE-2020-22218.patch
new file mode 100644
index 00..066233fcae
--- /dev/null
+++ b/meta/recipes-support/libssh2/libssh2/CVE-2020-22218.patch
@@ -0,0 +1,34 @@
+CVE:  CVE-2020-22218
+Upstream-Status: Backport [ 
https://github.com/libssh2/libssh2/commit/642eec48ff3adfdb7a9e562b6d7fc865d1733f45
 ]
+Signed-off-by: Lee Chee Yang 
+
+
+From 642eec48ff3adfdb7a9e562b6d7fc865d1733f45 Mon Sep 17 00:00:00 2001
+From: lutianxiong 
+Date: Fri, 29 May 2020 01:25:40 +0800
+Subject: [PATCH] transport.c: fix use-of-uninitialized-value (#476)
+
+file:transport.c
+
+notes:
+return error if malloc(0)
+
+credit:
+lutianxiong
+---
+ src/transport.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/transport.c b/src/transport.c
+index 96fca6b8cc..adf96c2437 100644
+--- a/src/transport.c
 b/src/transport.c
+@@ -472,7 +472,7 @@ int _libssh2_transport_read(LIBSSH2_SESSION * session)
+ /* Get a packet handle put data into. We get one to
+hold all data, including padding and MAC. */
+ p->payload = LIBSSH2_ALLOC(session, total_num);
+-if(!p->payload) {
++if(total_num == 0 || !p->payload) {
+ return LIBSSH2_ERROR_ALLOC;
+ }
+ p->total_num = total_num;
diff --git a/meta/recipes-support/libssh2/libssh2_1.10.0.bb 
b/meta/recipes-support/libssh2/libssh2_1.10.0.bb
index d5513373b0..8483a292c2 100644
--- a/meta/recipes-support/libssh2/libssh2_1.10.0.bb
+++ b/meta/recipes-support/libssh2/libssh2_1.10.0.bb
@@ -10,6 +10,7 @@ LIC_FILES_CHKSUM = 
"file://COPYING;md5=3e089ad0cf27edf1e7f261dfcd06acc7"
 SRC_URI = "http://www.libssh2.org/download/${BP}.tar.gz \
file://fix-ssh2-test.patch \
file://run-ptest \
+   file://CVE-2020-22218.patch \
"
 
 SRC_URI[sha256sum] = 
"2d64e90f3ded394b91d3a2e774ca203a4179f69aebee03003e5a6fa621e41d51"
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187304): 
https://lists.openembedded.org/g/openembedded-core/message/187304
Mute This Topic: https://lists.openembedded.org/mt/101191588/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone 07/14] webkitgtk: fix CVE-2023-23529

[Steve Sakoman]

From: Kai Kang 

Backport and rebase patch to fix CVE-2023-23529.

CVE: CVE-2023-23529

Signed-off-by: Kai Kang 
Signed-off-by: Steve Sakoman 
---
 .../webkit/webkitgtk/CVE-2023-23529.patch | 65 +++
 meta/recipes-sato/webkit/webkitgtk_2.36.8.bb  |  1 +
 2 files changed, 66 insertions(+)
 create mode 100644 meta/recipes-sato/webkit/webkitgtk/CVE-2023-23529.patch

diff --git a/meta/recipes-sato/webkit/webkitgtk/CVE-2023-23529.patch 
b/meta/recipes-sato/webkit/webkitgtk/CVE-2023-23529.patch
new file mode 100644
index 00..f2e9808ab4
--- /dev/null
+++ b/meta/recipes-sato/webkit/webkitgtk/CVE-2023-23529.patch
@@ -0,0 +1,65 @@
+CVE: CVE-2023-23529
+Upstream-Status: Backport [https://github.com/WebKit/WebKit/commit/6cc943c]
+
+With the help from webkit maillist, backport and rebase patch to fix
+CVE-2023-23529.
+
+https://lists.webkit.org/pipermail/webkit-gtk/2023-August/003931.html
+
+Signed-off-by: Kai Kang 
+
+From 6cc943c3323a1a1368934c812e5e8ec08f54dcd4 Mon Sep 17 00:00:00 2001
+From: Yusuke Suzuki 
+Date: Fri, 17 Feb 2023 10:39:19 -0800
+Subject: [PATCH] Cherry-pick 259548.63@safari-7615-branch (1b2eb138ef92).
+ rdar://105598149
+
+[JSC] ToThis object folding should check if AbstractValue is always an 
object
+https://bugs.webkit.org/show_bug.cgi?id=251944
+rdar://105175786
+
+Reviewed by Geoffrey Garen and Mark Lam.
+
+ToThis can become Identity for strict mode if it is just primitive values 
or its object does not have toThis function overriding.
+This is correct, but folding ToThis to Undefined etc. (not Identity) needs 
to check that an input only contains objects.
+This patch adds appropriate checks to prevent from converting 
ToThis(GlobalObject | Int32) to Undefined for example.
+
+* Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h:
+(JSC::DFG::isToThisAnIdentity):
+
+Canonical link: https://commits.webkit.org/259548.63@safari-7615-branch
+
+Canonical link: https://commits.webkit.org/260455@main
+---
+ .../JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h   | 9 +++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h 
b/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h
+index 928328ffab826..82481455e651d 100644
+--- a/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h
 b/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h
+@@ -209,7 +209,8 @@ inline ToThisResult isToThisAnIdentity(VM& vm, ECMAMode 
ecmaMode, AbstractValue&
+ }
+ }
+ 
+-if ((ecmaMode.isStrict() || (valueForNode.m_type && !(valueForNode.m_type 
& ~SpecObject))) && valueForNode.m_structure.isFinite()) {
++bool onlyObjects = valueForNode.m_type && !(valueForNode.m_type & 
~SpecObject);
++if ((ecmaMode.isStrict() || onlyObjects) && 
valueForNode.m_structure.isFinite()) {
+ bool allStructuresAreJSScope = !valueForNode.m_structure.isClear();
+ bool overridesToThis = false;
+ valueForNode.m_structure.forEach([&](RegisteredStructure structure) {
+@@ -226,9 +227,13 @@ inline ToThisResult isToThisAnIdentity(VM& vm, ECMAMode 
ecmaMode, AbstractValue&
+ // If all the structures are JSScope's ones, we know the details 
of JSScope::toThis() operation.
+ allStructuresAreJSScope &= 
structure->classInfo()->methodTable.toThis == 
JSScope::info()->methodTable.toThis;
+ });
++
++// This is correct for strict mode even if this can have non objects, 
since the right semantics is Identity.
+ if (!overridesToThis)
+ return ToThisResult::Identity;
+-if (allStructuresAreJSScope) {
++
++// But this folding is available only if input is always an object.
++if (onlyObjects && allStructuresAreJSScope) {
+ if (ecmaMode.isStrict())
+ return ToThisResult::Undefined;
+ return ToThisResult::GlobalThis;
diff --git a/meta/recipes-sato/webkit/webkitgtk_2.36.8.bb 
b/meta/recipes-sato/webkit/webkitgtk_2.36.8.bb
index edd64b7b11..20f475bebd 100644
--- a/meta/recipes-sato/webkit/webkitgtk_2.36.8.bb
+++ b/meta/recipes-sato/webkit/webkitgtk_2.36.8.bb
@@ -21,6 +21,7 @@ SRC_URI = "https://www.webkitgtk.org/releases/${BP}.tar.xz \
file://CVE-2022-46699.patch \
file://CVE-2022-42867.patch \
file://CVE-2022-46700.patch \
+   file://CVE-2023-23529.patch \
"
 SRC_URI[sha256sum] = 
"0ad9fb6bf28308fe3889faf184bd179d13ac1b46835d2136edbab2c133d00437"
 
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187303): 
https://lists.openembedded.org/g/openembedded-core/message/187303
Mute This Topic: https://lists.openembedded.org/mt/101191587/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone 06/14] busybox: fix CVE-2022-48174

[Steve Sakoman]

From: Meenali Gupta 

There is a stack overflow vulnerability in ash.c:6030 in busybox
vbefore 1.35. In the environment of Internet of Vehicles, this
vulnerability can be executed from command to arbitrary code execution.

Signed-off-by: Meenali Gupta 
Signed-off-by: Steve Sakoman 
---
 .../busybox/busybox/CVE-2022-48174.patch  | 80 +++
 meta/recipes-core/busybox/busybox_1.35.0.bb   |  1 +
 2 files changed, 81 insertions(+)
 create mode 100644 meta/recipes-core/busybox/busybox/CVE-2022-48174.patch

diff --git a/meta/recipes-core/busybox/busybox/CVE-2022-48174.patch 
b/meta/recipes-core/busybox/busybox/CVE-2022-48174.patch
new file mode 100644
index 00..dd0ea19f02
--- /dev/null
+++ b/meta/recipes-core/busybox/busybox/CVE-2022-48174.patch
@@ -0,0 +1,80 @@
+From cf5d0889262e1b04ec2aa4caff2f5da2d602c665 Mon Sep 17 00:00:00 2001
+From: Denys Vlasenko 
+Date: Mon, 12 Jun 2023 17:48:47 +0200
+Subject: [PATCH] busybox: shell: avoid segfault on ${0::0/0~09J}. Closes 15216
+function old new delta evaluate_string 1011 1053 +42
+
+Upstream-Status: Backport 
[https://git.busybox.net/busybox/commit/?id=d417193cf37ca1005830d7e16f5fa7e1d8a44209]
+CVE: CVE-2022-48174
+
+Signed-off-by: Meenali Gupta 
+---
+ shell/math.c | 39 +++
+ 1 file changed, 35 insertions(+), 4 deletions(-)
+
+diff --git a/shell/math.c b/shell/math.c
+index 76d22c9..727c294 100644
+--- a/shell/math.c
 b/shell/math.c
+@@ -577,6 +577,28 @@ static arith_t strto_arith_t(const char *nptr, char 
**endptr)
+ # endif
+ #endif
+
++//TODO: much better estimation than expr_len/2? Such as:
++//static unsigned estimate_nums_and_names(const char *expr)
++//{
++//unsigned count = 0;
++//while (*(expr = skip_whitespace(expr)) != '\0') {
++//const char *p;
++//if (isdigit(*expr)) {
++//while (isdigit(*++expr))
++//continue;
++//count++;
++//continue;
++//}
++//p = endofname(expr);
++//if (p != expr) {
++//expr = p;
++//count++;
++//continue;
++//}
++//}
++//return count;
++//}
++
+ static arith_t
+ evaluate_string(arith_state_t *math_state, const char *expr)
+ {
+@@ -584,10 +606,12 @@ evaluate_string(arith_state_t *math_state, const char 
*expr)
+   const char *errmsg;
+   const char *start_expr = expr = skip_whitespace(expr);
+   unsigned expr_len = strlen(expr) + 2;
+-  /* Stack of integers */
+-  /* The proof that there can be no more than strlen(startbuf)/2+1
+-   * integers in any given correct or incorrect expression
+-   * is left as an exercise to the reader. */
++  /* Stack of integers/names */
++  /* There can be no more than strlen(startbuf)/2+1
++   * integers/names in any given correct or incorrect expression.
++   * (modulo "09v09v09v09v09v" case,
++   * but we have code to detect that early)
++   */
+   var_or_num_t *const numstack = alloca((expr_len / 2) * 
sizeof(numstack[0]));
+   var_or_num_t *numstackptr = numstack;
+   /* Stack of operator tokens */
+@@ -652,6 +676,13 @@ evaluate_string(arith_state_t *math_state, const char 
*expr)
+   numstackptr->var = NULL;
+   errno = 0;
+   numstackptr->val = strto_arith_t(expr, (char**) );
++  /* A number can't be followed by another number, or a 
variable name.
++   * We'd catch this later anyway, but this would require 
numstack[]
++   * to be twice as deep to handle strings where _every_ 
char is
++   * a new number or name. Example: 
09v09v09v09v09v09v09v09v09v
++   */
++  if (isalnum(*expr) || *expr == '_')
++  goto err;
+ //bb_error_msg("val:%lld", numstackptr->val);
+   if (errno)
+   numstackptr->val = 0; /* bash compat */
+--
+2.40.0
diff --git a/meta/recipes-core/busybox/busybox_1.35.0.bb 
b/meta/recipes-core/busybox/busybox_1.35.0.bb
index e9ca6fdb1a..07a5137d2a 100644
--- a/meta/recipes-core/busybox/busybox_1.35.0.bb
+++ b/meta/recipes-core/busybox/busybox_1.35.0.bb
@@ -51,6 +51,7 @@ SRC_URI = 
"https://busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \

file://0002-nslookup-sanitize-all-printed-strings-with-printable.patch \
file://CVE-2022-30065.patch \
file://0001-devmem-add-128-bit-width.patch \
+  file://CVE-2022-48174.patch \
"
 SRC_URI:append:libc-musl = " file://musl.cfg "
 
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187302): 
https://lists.openembedded.org/g/openembedded-core/message/187302
Mute This Topic: 

[OE-core][kirkstone 02/14] inetutils: Backport fix for CVE-2023-40303

[Steve Sakoman]

From: Vijay Anusuri 

Upstream-commit: 
https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=e4e65c03f4c11292a3e40ef72ca3f194c8bffdd6
& 
https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=9122999252c7e21eb7774de11d539748e7bdf46d

Signed-off-by: Vijay Anusuri 
Signed-off-by: Steve Sakoman 
---
 ...tpd-rcp-rlogin-rsh-rshd-uucpd-fix-ch.patch | 280 ++
 ...03-Indent-changes-in-previous-commit.patch | 254 
 .../inetutils/inetutils_2.2.bb|   2 +
 3 files changed, 536 insertions(+)
 create mode 100644 
meta/recipes-connectivity/inetutils/inetutils/0001-CVE-2023-40303-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-ch.patch
 create mode 100644 
meta/recipes-connectivity/inetutils/inetutils/0002-CVE-2023-40303-Indent-changes-in-previous-commit.patch

diff --git 
a/meta/recipes-connectivity/inetutils/inetutils/0001-CVE-2023-40303-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-ch.patch
 
b/meta/recipes-connectivity/inetutils/inetutils/0001-CVE-2023-40303-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-ch.patch
new file mode 100644
index 00..7f5baf3637
--- /dev/null
+++ 
b/meta/recipes-connectivity/inetutils/inetutils/0001-CVE-2023-40303-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-ch.patch
@@ -0,0 +1,280 @@
+From 703418fe9d2e3b1e8d594df5788d8001a8116265 Mon Sep 17 00:00:00 2001
+From: Jeffrey Bencteux 
+Date: Fri, 30 Jun 2023 19:02:45 +0200
+Subject: [PATCH] CVE-2023-40303: ftpd,rcp,rlogin,rsh,rshd,uucpd: fix: check
+ set*id() return values
+
+Several setuid(), setgid(), seteuid() and setguid() return values
+were not checked in ftpd/rcp/rlogin/rsh/rshd/uucpd code potentially
+leading to potential security issues.
+
+CVE: CVE-2023-40303
+Upstream-Status: Backport 
[https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=e4e65c03f4c11292a3e40ef72ca3f194c8bffdd6]
+Signed-off-by: Jeffrey Bencteux 
+Signed-off-by: Simon Josefsson 
+Signed-off-by: Khem Raj 
+Signed-off-by: Vijay Anusuri 
+---
+ ftpd/ftpd.c  | 10 +++---
+ src/rcp.c| 39 +--
+ src/rlogin.c | 11 +--
+ src/rsh.c| 25 +
+ src/rshd.c   | 20 +---
+ src/uucpd.c  | 15 +--
+ 6 files changed, 100 insertions(+), 20 deletions(-)
+
+diff --git a/ftpd/ftpd.c b/ftpd/ftpd.c
+index 92b2cca5..28dd523f 100644
+--- a/ftpd/ftpd.c
 b/ftpd/ftpd.c
+@@ -862,7 +862,9 @@ end_login (struct credentials *pcred)
+   char *remotehost = pcred->remotehost;
+   int atype = pcred->auth_type;
+ 
+-  seteuid ((uid_t) 0);
++  if (seteuid ((uid_t) 0) == -1)
++_exit (EXIT_FAILURE);
++
+   if (pcred->logged_in)
+ {
+   logwtmp_keep_open (ttyline, "", "");
+@@ -1151,7 +1153,8 @@ getdatasock (const char *mode)
+ 
+   if (data >= 0)
+ return fdopen (data, mode);
+-  seteuid ((uid_t) 0);
++  if (seteuid ((uid_t) 0) == -1)
++_exit (EXIT_FAILURE);
+   s = socket (ctrl_addr.ss_family, SOCK_STREAM, 0);
+   if (s < 0)
+ goto bad;
+@@ -1978,7 +1981,8 @@ passive (int epsv, int af)
+   else/* !AF_INET6 */
+ ((struct sockaddr_in *) _addr)->sin_port = 0;
+ 
+-  seteuid ((uid_t) 0);
++  if (seteuid ((uid_t) 0) == -1)
++_exit (EXIT_FAILURE);
+   if (bind (pdata, (struct sockaddr *) _addr, pasv_addrlen) < 0)
+ {
+   if (seteuid ((uid_t) cred.uid))
+diff --git a/src/rcp.c b/src/rcp.c
+index 75adb253..cdcf8500 100644
+--- a/src/rcp.c
 b/src/rcp.c
+@@ -345,14 +345,23 @@ main (int argc, char *argv[])
+   if (from_option)
+ { /* Follow "protocol", send data. */
+   response ();
+-  setuid (userid);
++
++  if (setuid (userid) == -1)
++  {
++error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() 
failed)");
++  }
++
+   source (argc, argv);
+   exit (errs);
+ }
+ 
+   if (to_option)
+ { /* Receive data. */
+-  setuid (userid);
++  if (setuid (userid) == -1)
++  {
++error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() 
failed)");
++  }
++
+   sink (argc, argv);
+   exit (errs);
+ }
+@@ -537,7 +546,11 @@ toremote (char *targ, int argc, char *argv[])
+ if (response () < 0)
+   exit (EXIT_FAILURE);
+ free (bp);
+-setuid (userid);
++
++if (setuid (userid) == -1)
++  {
++error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() 
failed)");
++  }
+   }
+ source (1, argv + i);
+ close (rem);
+@@ -630,7 +643,12 @@ tolocal (int argc, char *argv[])
+ ++errs;
+ continue;
+   }
+-  seteuid (userid);
++
++  if (seteuid (userid) == -1)
++  {
++error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() 
failed)");
++  }
++
+ #if defined IP_TOS && defined IPPROTO_IP && defined IPTOS_THROUGHPUT
+   sslen = sizeof (ss);
+   (void) getpeername (rem, (struct sockaddr *) , );
+@@ -643,7 +661,12 @@ tolocal (int argc, char *argv[])
+ 

[OE-core][kirkstone 05/14] ncurses: fix CVE-2023-29491

[Steve Sakoman]

From: Soumya Sambu 

Backport patch to fix CVE-2023-29491.

Signed-off-by: Soumya Sambu 
Signed-off-by: Steve Sakoman 
---
 .../ncurses/files/CVE-2023-29491.patch| 464 ++
 .../ncurses/ncurses_6.3+20220423.bb   |   1 +
 2 files changed, 465 insertions(+)
 create mode 100644 meta/recipes-core/ncurses/files/CVE-2023-29491.patch

diff --git a/meta/recipes-core/ncurses/files/CVE-2023-29491.patch 
b/meta/recipes-core/ncurses/files/CVE-2023-29491.patch
new file mode 100644
index 00..0116959bbf
--- /dev/null
+++ b/meta/recipes-core/ncurses/files/CVE-2023-29491.patch
@@ -0,0 +1,464 @@
+From eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56 Mon Sep 17 00:00:00 2001
+From: Thomas E. Dickey 
+Date: Sun, 9 Apr 2023 05:38:25 +0530
+Subject: [PATCH] Fix CVE-2023-29491
+
+CVE: CVE-2023-29491
+
+Upstream-Status: Backport 
[http://ncurses.scripts.mit.edu/?p=ncurses.git;a=commitdiff;h=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56]
+
+Signed-off-by: Chen Qi 
+
+Signed-off-by: Soumya Sambu 
+---
+ ncurses/tinfo/lib_tgoto.c  |  10 +++-
+ ncurses/tinfo/lib_tparm.c  | 116 -
+ ncurses/tinfo/read_entry.c |   3 +
+ progs/tic.c|   6 ++
+ progs/tparm_type.c |   9 +++
+ progs/tparm_type.h |   2 +
+ progs/tput.c   |  61 ---
+ 7 files changed, 185 insertions(+), 22 deletions(-)
+
+diff --git a/ncurses/tinfo/lib_tgoto.c b/ncurses/tinfo/lib_tgoto.c
+index 9cf5e100..c50ed4df 100644
+--- a/ncurses/tinfo/lib_tgoto.c
 b/ncurses/tinfo/lib_tgoto.c
+@@ -207,6 +207,14 @@ tgoto(const char *string, int x, int y)
+   result = tgoto_internal(string, x, y);
+ else
+ #endif
+-  result = TIPARM_2(string, y, x);
++if ((result = TIPARM_2(string, y, x)) == NULL) {
++  /*
++   * Because termcap did not provide a more general solution such as
++   * tparm(), it was necessary to handle single-parameter capabilities
++   * using tgoto().  The internal _nc_tiparm() function returns a NULL
++   * for that case; retry for the single-parameter case.
++   */
++  result = TIPARM_1(string, y);
++}
+ returnPtr(result);
+ }
+diff --git a/ncurses/tinfo/lib_tparm.c b/ncurses/tinfo/lib_tparm.c
+index d9bdfd8f..a10a3877 100644
+--- a/ncurses/tinfo/lib_tparm.c
 b/ncurses/tinfo/lib_tparm.c
+@@ -1086,6 +1086,64 @@ tparam_internal(TPARM_STATE *tps, const char *string, 
TPARM_DATA *data)
+ return (TPS(out_buff));
+ }
+ 
++#ifdef CUR
++/*
++ * Only a few standard capabilities accept string parameters.  The others that
++ * are parameterized accept only numeric parameters.
++ */
++static bool
++check_string_caps(TPARM_DATA *data, const char *string)
++{
++bool result = FALSE;
++
++#define CHECK_CAP(name) (VALID_STRING(name) && !strcmp(name, string))
++
++/*
++ * Disallow string parameters unless we can check them against a terminal
++ * description.
++ */
++if (cur_term != NULL) {
++  int want_type = 0;
++
++  if (CHECK_CAP(pkey_key))
++  want_type = 2;  /* function key #1, type string #2 */
++  else if (CHECK_CAP(pkey_local))
++  want_type = 2;  /* function key #1, execute string #2 */
++  else if (CHECK_CAP(pkey_xmit))
++  want_type = 2;  /* function key #1, transmit string #2 */
++  else if (CHECK_CAP(plab_norm))
++  want_type = 2;  /* label #1, show string #2 */
++  else if (CHECK_CAP(pkey_plab))
++  want_type = 6;  /* function key #1, type string #2, show string 
#3 */
++#if NCURSES_XNAMES
++  else {
++  char *check;
++
++  check = tigetstr("Cs");
++  if (CHECK_CAP(check))
++  want_type = 1;  /* style #1 */
++
++  check = tigetstr("Ms");
++  if (CHECK_CAP(check))
++  want_type = 3;  /* storage unit #1, content #2 */
++  }
++#endif
++
++  if (want_type == data->tparm_type) {
++  result = TRUE;
++  } else {
++  T(("unexpected string-parameter"));
++  }
++}
++return result;
++}
++
++#define ValidCap() (myData.tparm_type == 0 || \
++  check_string_caps(, string))
++#else
++#define ValidCap() 1
++#endif
++
+ #if NCURSES_TPARM_VARARGS
+ 
+ NCURSES_EXPORT(char *)
+@@ -1100,7 +1158,7 @@ tparm(const char *string, ...)
+ tps->tname = "tparm";
+ #endif /* TRACE */
+ 
+-if (tparm_setup(cur_term, string, ) == OK) {
++if (tparm_setup(cur_term, string, ) == OK && ValidCap()) {
+   va_list ap;
+ 
+   va_start(ap, string);
+@@ -1135,7 +1193,7 @@ tparm(const char *string,
+ tps->tname = "tparm";
+ #endif /* TRACE */
+ 
+-if (tparm_setup(cur_term, string, ) == OK) {
++if (tparm_setup(cur_term, string, ) == OK && ValidCap()) {
+ 
+   myData.param[0] = a1;
+   myData.param[1] = a2;
+@@ -1166,7 +1224,7 @@ tiparm(const char *string, ...)
+ tps->tname = "tiparm";
+ #endif /* TRACE */
+ 
+-if (tparm_setup(cur_term, string, ) == OK) {
++if 

[OE-core][kirkstone 04/14] json-c: fix CVE-2021-32292

[Steve Sakoman]

From: Adrian Freihofer 

This is a read past end of buffer issue in the json_parse test app,
which can happened with malformed json data. It's not an issue with the
library itself. For what ever reason this CVE has a base score of 9.8.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2021-32292

Upstream issue:
https://github.com/json-c/json-c/issues/654

The CVE is fixed with version 0.16 (which is already in all active
branches of poky).

Signed-off-by: Adrian Freihofer 
Signed-off-by: Steve Sakoman 
---
 .../json-c/json-c/CVE-2021-32292.patch| 30 +++
 meta/recipes-devtools/json-c/json-c_0.15.bb   |  1 +
 2 files changed, 31 insertions(+)
 create mode 100644 meta/recipes-devtools/json-c/json-c/CVE-2021-32292.patch

diff --git a/meta/recipes-devtools/json-c/json-c/CVE-2021-32292.patch 
b/meta/recipes-devtools/json-c/json-c/CVE-2021-32292.patch
new file mode 100644
index 00..28da522115
--- /dev/null
+++ b/meta/recipes-devtools/json-c/json-c/CVE-2021-32292.patch
@@ -0,0 +1,30 @@
+From da22ae6541584068f8169315274016920da11d8b Mon Sep 17 00:00:00 2001
+From: Marc <34656315+marct...@users.noreply.github.com>
+Date: Fri, 7 Aug 2020 10:49:45 +0100
+Subject: [PATCH] Fix read past end of buffer
+
+Fixes: CVE-2021-32292
+Issue: https://github.com/json-c/json-c/issues/654
+
+Upstream-Status: Backport [4e9e44e5258dee7654f74948b0dd5da39c28beec]
+CVE: CVE-2021-32292
+
+Signed-off-by: Adrian Freihofer 
+---
+ apps/json_parse.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/apps/json_parse.c b/apps/json_parse.c
+index bba4622..72b31a8 100644
+--- a/apps/json_parse.c
 b/apps/json_parse.c
+@@ -82,7 +82,8 @@ static int parseit(int fd, int (*callback)(struct 
json_object *))
+   int parse_end = json_tokener_get_parse_end(tok);
+   if (obj == NULL && jerr != json_tokener_continue)
+   {
+-  char *aterr = [start_pos + parse_end];
++  char *aterr = (start_pos + parse_end < 
sizeof(buf)) ?
++  [start_pos + parse_end] : "";
+   fflush(stdout);
+   int fail_offset = total_read - ret + start_pos 
+ parse_end;
+   fprintf(stderr, "Failed at offset %d: %s %c\n", 
fail_offset,
diff --git a/meta/recipes-devtools/json-c/json-c_0.15.bb 
b/meta/recipes-devtools/json-c/json-c_0.15.bb
index 7cbed55b3b..4da30bc50c 100644
--- a/meta/recipes-devtools/json-c/json-c_0.15.bb
+++ b/meta/recipes-devtools/json-c/json-c_0.15.bb
@@ -7,6 +7,7 @@ LIC_FILES_CHKSUM = 
"file://COPYING;md5=de54b60fbbc35123ba193fea8ee216f2"
 SRC_URI = " \
 https://s3.amazonaws.com/json-c_releases/releases/${BP}.tar.gz \
 file://run-ptest \
+file://CVE-2021-32292.patch \
 "
 
 SRC_URI[sha256sum] = 
"b8d80a1ddb718b3ba7492916237bbf86609e9709fb007e7f7d4322f02341a4c6"
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187300): 
https://lists.openembedded.org/g/openembedded-core/message/187300
Mute This Topic: https://lists.openembedded.org/mt/101191582/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone 03/14] libtiff: fix CVE-2023-26966 Buffer Overflow

[Steve Sakoman]

From: Hitendra Prajapati 

Upstream-Status: Backport from 
https://gitlab.com/libtiff/libtiff/-/commit/b0e1c25dd1d065200c8d8f59ad0afe014861a1b9

Signed-off-by: Hitendra Prajapati 
Signed-off-by: Steve Sakoman 
---
 .../libtiff/tiff/CVE-2023-26966.patch | 35 +++
 meta/recipes-multimedia/libtiff/tiff_4.3.0.bb |  1 +
 2 files changed, 36 insertions(+)
 create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-26966.patch

diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2023-26966.patch 
b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-26966.patch
new file mode 100644
index 00..85764304f9
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-26966.patch
@@ -0,0 +1,35 @@
+From b0e1c25dd1d065200c8d8f59ad0afe014861a1b9 Mon Sep 17 00:00:00 2001
+From: Su_Laus 
+Date: Thu, 16 Feb 2023 12:03:16 +0100
+Subject: [PATCH] tif_luv: Check and correct for NaN data in uv_encode().
+
+Closes #530
+
+Upstream-Status: Backport 
[https://gitlab.com/libtiff/libtiff/-/commit/b0e1c25dd1d065200c8d8f59ad0afe014861a1b9]
+CVE: CVE-2023-26966
+Signed-off-by: Hitendra Prajapati 
+---
+ libtiff/tif_luv.c | 7 +++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/libtiff/tif_luv.c b/libtiff/tif_luv.c
+index 13765ea..40b2719 100644
+--- a/libtiff/tif_luv.c
 b/libtiff/tif_luv.c
+@@ -908,6 +908,13 @@ uv_encode(double u, double v, int em) /* encode 
(u',v') coordinates */
+ {
+   register intvi, ui;
+ 
++  /* check for NaN */
++  if (u != u || v != v)
++  {
++  u = U_NEU;
++  v = V_NEU;
++}
++
+   if (v < UV_VSTART)
+   return oog_encode(u, v);
+   vi = tiff_itrunc((v - UV_VSTART)*(1./UV_SQSIZ), em);
+-- 
+2.25.1
+
diff --git a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb 
b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
index 8e69621afb..61d8142e41 100644
--- a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
+++ b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
@@ -42,6 +42,7 @@ SRC_URI = 
"http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
file://CVE-2023-3316.patch \
file://CVE-2023-3618-1.patch \
file://CVE-2023-3618-2.patch \
+   file://CVE-2023-26966.patch \
"
 
 SRC_URI[sha256sum] = 
"0e46e5acb087ce7d1ac53cf4f56a09b221537fc86dfc5daaad1c2e89e1b37ac8"
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187298): 
https://lists.openembedded.org/g/openembedded-core/message/187298
Mute This Topic: https://lists.openembedded.org/mt/101191579/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone 01/14] tiff: fix CVE-2023-2908,CVE-2023-3316,CVE-2023-3618

[Steve Sakoman]

From: Hitendra Prajapati 

Backport fixes for:
* CVE-2023-2908 - Upstream-Status: Backport from 
https://gitlab.com/libtiff/libtiff/-/commit/9bd48f0dbd64fb94dc2b5b05238fde0bfdd4ff3f
* CVE-2023-3316 - Upstream-Status: Backport from 
https://gitlab.com/libtiff/libtiff/-/commit/d63de61b1ec3385f6383ef9a1f453e4b8b11d536
* CVE-2023-3618 - Upstream-Status: Backport from 
https://gitlab.com/libtiff/libtiff/-/commit/881a070194783561fd209b7c789a4e75566f7f37
 && 
https://gitlab.com/libtiff/libtiff/-/commit/b5c7d4c4e0ac16b5cfb11acaaeaa493334f8

Signed-off-by: Hitendra Prajapati 
Signed-off-by: Steve Sakoman 
---
 .../libtiff/tiff/CVE-2023-2908.patch  | 33 +++
 .../libtiff/tiff/CVE-2023-3316.patch  | 59 +++
 .../libtiff/tiff/CVE-2023-3618-1.patch| 34 +++
 .../libtiff/tiff/CVE-2023-3618-2.patch| 47 +++
 meta/recipes-multimedia/libtiff/tiff_4.3.0.bb |  4 ++
 5 files changed, 177 insertions(+)
 create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-2908.patch
 create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-3316.patch
 create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-3618-1.patch
 create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-3618-2.patch

diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2023-2908.patch 
b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-2908.patch
new file mode 100644
index 00..cf94fd23d8
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-2908.patch
@@ -0,0 +1,33 @@
+From 8c0859a80444c90b8dfb862a9f16de74e16f0a9e Mon Sep 17 00:00:00 2001
+From: xiaoxiaoafeifei 
+Date: Fri, 21 Apr 2023 13:01:34 +
+Subject: [PATCH] countInkNamesString(): fix `UndefinedBehaviorSanitizer`:
+ applying zero offset to null pointer
+
+Upstream-Status: Backport 
[https://gitlab.com/libtiff/libtiff/-/commit/9bd48f0dbd64fb94dc2b5b05238fde0bfdd4ff3f]
+CVE: CVE-2023-2908
+Signed-off-by: Hitendra Prajapati 
+---
+ libtiff/tif_dir.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/libtiff/tif_dir.c b/libtiff/tif_dir.c
+index 349dfe4..1402c8e 100644
+--- a/libtiff/tif_dir.c
 b/libtiff/tif_dir.c
+@@ -145,10 +145,10 @@ static uint16_t
+ countInkNamesString(TIFF *tif, uint32_t slen, const char *s)
+ {
+   uint16_t i = 0;
+-  const char *ep = s + slen;
+-  const char *cp = s;
+ 
+   if (slen > 0) {
++  const char *ep = s + slen;
++  const char *cp = s;
+   do {
+   for (; cp < ep && *cp != '\0'; cp++) {}
+   if (cp >= ep)
+-- 
+2.25.1
+
diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2023-3316.patch 
b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-3316.patch
new file mode 100644
index 00..1aa4ba45ac
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-3316.patch
@@ -0,0 +1,59 @@
+From d63de61b1ec3385f6383ef9a1f453e4b8b11d536 Mon Sep 17 00:00:00 2001
+From: Su_Laus 
+Date: Fri, 3 Feb 2023 17:38:55 +0100
+Subject: [PATCH] TIFFClose() avoid NULL pointer dereferencing. fix#515
+
+Closes #515
+
+Upstream-Status: Backport 
[https://gitlab.com/libtiff/libtiff/-/commit/d63de61b1ec3385f6383ef9a1f453e4b8b11d536]
+CVE: CVE-2023-3316
+Signed-off-by: Hitendra Prajapati 
+---
+ libtiff/tif_close.c | 11 +++
+ tools/tiffcrop.c|  5 -
+ 2 files changed, 11 insertions(+), 5 deletions(-)
+
+diff --git a/libtiff/tif_close.c b/libtiff/tif_close.c
+index 674518a..0fe7af4 100644
+--- a/libtiff/tif_close.c
 b/libtiff/tif_close.c
+@@ -118,13 +118,16 @@ TIFFCleanup(TIFF* tif)
+  */
+ 
+ void
+-TIFFClose(TIFF* tif)
++TIFFClose(TIFF *tif)
+ {
+-  TIFFCloseProc closeproc = tif->tif_closeproc;
+-  thandle_t fd = tif->tif_clientdata;
++if (tif != NULL)
++{
++TIFFCloseProc closeproc = tif->tif_closeproc;
++thandle_t fd = tif->tif_clientdata;
+ 
+   TIFFCleanup(tif);
+-  (void) (*closeproc)(fd);
++(void)(*closeproc)(fd);
++}
+ }
+ 
+ /* vim: set ts=8 sts=8 sw=8 noet: */
+diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
+index ce77c74..cd49660 100644
+--- a/tools/tiffcrop.c
 b/tools/tiffcrop.c
+@@ -2548,7 +2548,10 @@ main(int argc, char* argv[])
+   }
+ }
+ 
+-  TIFFClose(out);
++if (out != NULL)
++{
++TIFFClose(out);
++}
+ 
+   return (0);
+   } /* end main */
+-- 
+2.25.1
+
diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2023-3618-1.patch 
b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-3618-1.patch
new file mode 100644
index 00..8f55d2b496
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-3618-1.patch
@@ -0,0 +1,34 @@
+From 881a070194783561fd209b7c789a4e75566f7f37 Mon Sep 17 00:00:00 2001
+From: zhailiangliang 
+Date: Tue, 7 Mar 2023 15:02:08 +0800
+Subject: [PATCH] Fix memory leak in tiffcrop.c
+
+Upstream-Status: Backport 
[https://gitlab.com/libtiff/libtiff/-/commit/881a070194783561fd209b7c789a4e75566f7f37]
+CVE: 

[OE-core][kirkstone 00/14] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Friday, September 8.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5835

The following changes since commit 8ceaeff90023e51c7e874464f026b30d24035bda:
 
  python3-git: upgrade 3.1.27 -> 3.1.32 (2023-08-27 04:03:37 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Abe Kohandel (1):
  libdnf: resolve cstdint inclusion for newer gcc versions

Adrian Freihofer (1):
  json-c: fix CVE-2021-32292

Archana Polampalli (1):
  nasm: fix CVE-2020-21528

Changqing Li (1):
  sysklogd: fix integration with systemd-journald

Chee Yang Lee (3):
  libssh2: fix CVE-2020-22218
  file: fix CVE-2022-48554
  python3: upgrade to 3.10.13

Hitendra Prajapati (2):
  tiff: fix CVE-2023-2908,CVE-2023-3316,CVE-2023-3618
  libtiff: fix CVE-2023-26966 Buffer Overflow

Kai Kang (1):
  webkitgtk: fix CVE-2023-23529

Martin Jansa (1):
  efivar: backport 5 patches to fix build with gold

Meenali Gupta (1):
  busybox: fix CVE-2022-48174

Soumya Sambu (1):
  ncurses: fix CVE-2023-29491

Vijay Anusuri (1):
  inetutils: Backport fix for CVE-2023-40303

 ...ve-deprecated-add-needed-linker-flag.patch |  45 ++
 ...002-Add-T-workaround-for-GNU-ld-2.36.patch |  33 ++
 ...LL-C-to-force-English-output-from-ld.patch |  33 ++
 ...on-and-remove-not-needed-workarounds.patch |  45 ++
 ...mp-efi_well_known_-variable-handling.patch | 262 ++
 meta/recipes-bsp/efivar/efivar_38.bb  |   9 +-
 ...tpd-rcp-rlogin-rsh-rshd-uucpd-fix-ch.patch | 280 +++
 ...03-Indent-changes-in-previous-commit.patch | 254 ++
 .../inetutils/inetutils_2.2.bb|   2 +
 .../busybox/busybox/CVE-2022-48174.patch  |  80 +++
 meta/recipes-core/busybox/busybox_1.35.0.bb   |   1 +
 .../ncurses/files/CVE-2023-29491.patch| 464 ++
 .../ncurses/ncurses_6.3+20220423.bb   |   1 +
 .../file/file/CVE-2022-48554.patch|  35 ++
 meta/recipes-devtools/file/file_5.41.bb   |   4 +-
 .../json-c/json-c/CVE-2021-32292.patch|  30 ++
 meta/recipes-devtools/json-c/json-c_0.15.bb   |   1 +
 ...58-Don-t-assume-inclusion-of-cstdint.patch |  56 +++
 ...onNumber.hpp-add-missing-cstdint-inc.patch |  33 ++
 ...ite3-Sqlite3.hpp-add-missing-cstdint.patch |  36 ++
 meta/recipes-devtools/libdnf/libdnf_0.66.0.bb |   3 +
 .../nasm/nasm/CVE-2020-21528.patch|  47 ++
 meta/recipes-devtools/nasm/nasm_2.15.05.bb|   1 +
 ...{python3_3.10.12.bb => python3_3.10.13.bb} |   2 +-
 ...KillMode-process-is-not-recommended-.patch |  33 ++
 ...-messages-lost-when-running-in-syste.patch |  75 +++
 .../sysklogd/sysklogd_2.3.0.bb|   2 +
 .../libtiff/tiff/CVE-2023-26966.patch |  35 ++
 .../libtiff/tiff/CVE-2023-2908.patch  |  33 ++
 .../libtiff/tiff/CVE-2023-3316.patch  |  59 +++
 .../libtiff/tiff/CVE-2023-3618-1.patch|  34 ++
 .../libtiff/tiff/CVE-2023-3618-2.patch|  47 ++
 meta/recipes-multimedia/libtiff/tiff_4.3.0.bb |   5 +
 .../webkit/webkitgtk/CVE-2023-23529.patch |  65 +++
 meta/recipes-sato/webkit/webkitgtk_2.36.8.bb  |   1 +
 .../libssh2/libssh2/CVE-2020-22218.patch  |  34 ++
 .../recipes-support/libssh2/libssh2_1.10.0.bb |   1 +
 37 files changed, 2175 insertions(+), 6 deletions(-)
 create mode 100644 
meta/recipes-bsp/efivar/efivar/0001-Remove-deprecated-add-needed-linker-flag.patch
 create mode 100644 
meta/recipes-bsp/efivar/efivar/0002-Add-T-workaround-for-GNU-ld-2.36.patch
 create mode 100644 
meta/recipes-bsp/efivar/efivar/0003-Set-LC_ALL-C-to-force-English-output-from-ld.patch
 create mode 100644 
meta/recipes-bsp/efivar/efivar/0004-LLD-fix-detection-and-remove-not-needed-workarounds.patch
 create mode 100644 
meta/recipes-bsp/efivar/efivar/0005-Revamp-efi_well_known_-variable-handling.patch
 create mode 100644 
meta/recipes-connectivity/inetutils/inetutils/0001-CVE-2023-40303-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-ch.patch
 create mode 100644 
meta/recipes-connectivity/inetutils/inetutils/0002-CVE-2023-40303-Indent-changes-in-previous-commit.patch
 create mode 100644 meta/recipes-core/busybox/busybox/CVE-2022-48174.patch
 create mode 100644 meta/recipes-core/ncurses/files/CVE-2023-29491.patch
 create mode 100644 meta/recipes-devtools/file/file/CVE-2022-48554.patch
 create mode 100644 meta/recipes-devtools/json-c/json-c/CVE-2021-32292.patch
 create mode 100644 
meta/recipes-devtools/libdnf/libdnf/0001-Fix-1558-Don-t-assume-inclusion-of-cstdint.patch
 create mode 100644 
meta/recipes-devtools/libdnf/libdnf/0001-libdnf-conf-OptionNumber.hpp-add-missing-cstdint-inc.patch
 create mode 100644 
meta/recipes-devtools/libdnf/libdnf/0001-libdnf-utils-sqlite3-Sqlite3.hpp-add-missing-cstdint.patch
 create mode 100644 

Re: [OE-core] [PATCH 0/8] linux-yocto: consolidated pull request

[Ross Burton]

On 5 Sep 2023, at 15:37, Bruce Ashfield via lists.openembedded.org 
 wrote:
> 
> From: Bruce Ashfield 
> 
> Richard,
> 
> Here's the next round of -stable and configuration changes.
> 
> I also ran into a build issue with 6.4+ on one of my builders
> due to a gzip mismatch with zlib versions. So I've included
> a fix for that.

Would you be able to throw in a cve-exclusions update when you upgrade the 
kernels?  I can do it, but it’s easier if it’s done as part of the upgrade.

For now it’s a little manual.  Have a clone of 
https://github.com/nluedtke/linux_kernel_cves to hand then:

$ ./generate-cve-exclusions.py  ~/Code/drive-by/linux_kernel_cves/ 6.4.11 > 
cve-exclusion_6.4.inc

(update paths as needed)

Ross
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187295): 
https://lists.openembedded.org/g/openembedded-core/message/187295
Mute This Topic: https://lists.openembedded.org/mt/101170549/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH 1/3] linux/generate-cve-exclusions: fix mishandling of boundary values

[Ross Burton]

On 6 Sep 2023, at 02:53, Yuta Hayama  wrote:
> 
> Hi,
> 
> On 2023/09/05 20:14, Ross Burton wrote:
>> On 5 Sep 2023, at 08:29, Yuta Hayama  wrote:
>>> 
>>> affected_versions in kernel_cves.json does not mean "first affected version
>>> to last affected version" but actually "first affected version to fixed
>>> version". Therefore, the variable names, conditional expressions, and
>>> CVE_STATUS descriptions should be fixed.
>> 
>> I’m happy to believe you on this, but do you have a source?
> 
> Unfortunately, I have not found any official explanation for this. All I know
> is what I wrote in the following message. And that is what I have been able to
> confirm empirically.
> 
> https://lists.openembedded.org/g/openembedded-core/message/186994

Based on that evidence you appear to be right, yes.  I’ve just mailed the 
maintainer of the JSON to see if he’d like to make a statement either way.

Cheers,
Ross
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187294): 
https://lists.openembedded.org/g/openembedded-core/message/187294
Mute This Topic: https://lists.openembedded.org/mt/101164830/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone][PATCH 1/1] python3-pygments: Fix CVE-2022-40896

[Narpat Mali via lists.openembedded.org]

From: Narpat Mali 

CVE-2022-40896:
A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments
through 2.15.0 via SmithyLexer.

The CVE issue is fixed by 3 different commits between the releases 2.14.0
(for Smithy lexer), 2.15.0 (for SQL+Jinja lexers) and 2.15.1 (for Java
properties) as per: 
https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2/

1. Smithy lexer commit from 2.14.0 release applies successfully on 2.11.2 
version.
Commit: 
https://github.com/pygments/pygments/commit/dd52102c38ebe78cd57748e09f38929fd283ad04
Hence, backported the patch as CVE-2022-40896.patch.

2. SQL+Jinja lexers commit from 2.15.0 release doesn't apply on 2.11.2 version.
Commit: 
https://github.com/pygments/pygments/commit/97eb3d5ec7c1b3ea4fcf9dee30a2309cf92bd194
Actually, this code doesn't exist in 2.11.2 version and it has been introduce by
python3-pygments 2.13.0 version. Hence, this is not vulnerable for 2.11.2 
version.
SQL+Jinja lexers is introduced by: 
https://github.com/pygments/pygments/commit/0bdbd5992baca32d18e01f0ec65337e06abf9456

3. Java properties commit from 2.15.1 release also doesn't apply on 2.11.2 
version.
Commit: 
https://github.com/pygments/pygments/commit/fdf182a7af85b1deeeb637ca970d31935e7c9d52
Actually, this code also doesn't exist in 2.11.2 version as the code has been 
modified
in python3-pygments 2.14.0 by: 
https://github.com/pygments/pygments/commit/a38cb38e93c9635240b3ae89d78d38cf182745da
Hence, this is also not vulnerable for 2.11.2 version.

Signed-off-by: Narpat Mali 
---
 .../python3-pygments/CVE-2022-40896.patch | 124 ++
 .../python/python3-pygments_2.11.2.bb |   2 +
 2 files changed, 126 insertions(+)
 create mode 100644 
meta/recipes-devtools/python/python3-pygments/CVE-2022-40896.patch

diff --git a/meta/recipes-devtools/python/python3-pygments/CVE-2022-40896.patch 
b/meta/recipes-devtools/python/python3-pygments/CVE-2022-40896.patch
new file mode 100644
index 00..9848072a94
--- /dev/null
+++ b/meta/recipes-devtools/python/python3-pygments/CVE-2022-40896.patch
@@ -0,0 +1,124 @@
+From ed61747f328ff6aa343881b269600308ab8eac93 Mon Sep 17 00:00:00 2001
+From: Narpat Mali 
+Date: Wed, 6 Sep 2023 10:32:38 +
+Subject: [PATCH] Improve the Smithy metadata matcher.
+
+Previously, metadata foo bar baz = 23 was accepted, but according to
+the definition 
https://smithy.io/2.0/spec/idl.html#grammar-token-smithy-MetadataSection
+it should be "metadata"Identifier/String.
+
+CVE: CVE-2022-40896
+
+Upstream-Status: Backport 
[https://github.com/pygments/pygments/commit/dd52102c38ebe78cd57748e09f38929fd283ad04]
+
+Signed-off-by: Narpat Mali 
+---
+ pygments/lexers/smithy.py|  5 +-
+ tests/examplefiles/smithy/test.smithy| 12 +
+ tests/examplefiles/smithy/test.smithy.output | 52 
+ 3 files changed, 67 insertions(+), 2 deletions(-)
+
+diff --git a/pygments/lexers/smithy.py b/pygments/lexers/smithy.py
+index 0f0a912..c5e25cd 100644
+--- a/pygments/lexers/smithy.py
 b/pygments/lexers/smithy.py
+@@ -58,8 +58,9 @@ class SmithyLexer(RegexLexer):
+ (words(aggregate_shapes,
+prefix=r'^', suffix=r'(\s+' + identifier + r')'),
+ bygroups(Keyword.Declaration, Name.Class)),
+-(r'^(metadata)(\s+.+)(\s*)(=)',
+-bygroups(Keyword.Declaration, Name.Class, Whitespace, 
Name.Decorator)),
++(r'^(metadata)(\s+)((?:\S+)|(?:\"[^"]+\"))(\s*)(=)',
++bygroups(Keyword.Declaration, Whitespace, Name.Class,
++ Whitespace, Name.Decorator)),
+ (r"(true|false|null)", Keyword.Constant),
+ (r"(-?(?:0|[1-9]\d*)(?:\.\d+)?(?:[eE][+-]?\d+)?)", Number),
+ (identifier + ":", Name.Label),
+diff --git a/tests/examplefiles/smithy/test.smithy 
b/tests/examplefiles/smithy/test.smithy
+index 3d20f06..9317fee 100644
+--- a/tests/examplefiles/smithy/test.smithy
 b/tests/examplefiles/smithy/test.smithy
+@@ -2,6 +2,18 @@ $version: "1.0"
+
+ namespace test
+
++metadata "foo" = ["bar", "baz"]
++metadata validators = [
++{
++name: "ValidatorName"
++id: "ValidatorId"
++message: "Some string"
++configuration: {
++selector: "operation"
++}
++}
++]
++
+ /// Define how an HTTP request is serialized given a specific protocol,
+ /// authentication scheme, and set of input parameters.
+ @trait(selector: "operation")
+diff --git a/tests/examplefiles/smithy/test.smithy.output 
b/tests/examplefiles/smithy/test.smithy.output
+index 1f22489..db44a38 100644
+--- a/tests/examplefiles/smithy/test.smithy.output
 b/tests/examplefiles/smithy/test.smithy.output
+@@ -7,6 +7,58 @@
+ ' test'   Name.Class
+ '\n\n'Text.Whitespace
+
++'metadata'Keyword.Declaration
++' '   Text.Whitespace
++'"foo"'   Name.Class
++' '   Text.Whitespace
++'='   Name.Decorator
++' '   

[OE-core][dunfell][PATCH] qemu: Backport fix CVE-2023-3180

[Ashish Sharma via lists.openembedded.org]

Upstream-Status: Backport from 
[https://gitlab.com/qemu-project/qemu/-/commit/9d38a8434721a6479fe03fb5afb150ca793d3980]
CVE: CVE-2023-3180
Signed-off-by: Ashish Sharma 
---
 meta/recipes-devtools/qemu/qemu.inc   |  1 +
 .../qemu/qemu/CVE-2023-3180.patch | 49 +++
 2 files changed, 50 insertions(+)
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2023-3180.patch

diff --git a/meta/recipes-devtools/qemu/qemu.inc 
b/meta/recipes-devtools/qemu/qemu.inc
index ddb6ed999a5..678bc171f89 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -141,6 +141,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
file://hw-display-qxl-Pass-requested-buffer-size-to-qxl_phy.patch \
file://CVE-2023-0330.patch \
file://CVE-2023-3354.patch \
+  file://CVE-2023-3180.patch \
"
 UPSTREAM_CHECK_REGEX = "qemu-(?P\d+(\.\d+)+)\.tar"
 
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2023-3180.patch 
b/meta/recipes-devtools/qemu/qemu/CVE-2023-3180.patch
new file mode 100644
index 000..7144bdca460
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2023-3180.patch
@@ -0,0 +1,49 @@
+From 9d38a8434721a6479fe03fb5afb150ca793d3980 Mon Sep 17 00:00:00 2001
+From: zhenwei pi 
+Date: Thu, 3 Aug 2023 10:43:13 +0800
+Subject: [PATCH] virtio-crypto: verify src buffer length for sym request
+
+For symmetric algorithms, the length of ciphertext must be as same
+as the plaintext.
+The missing verification of the src_len and the dst_len in
+virtio_crypto_sym_op_helper() may lead buffer overflow/divulged.
+
+This patch is originally written by Yiming Tao for QEMU-SECURITY,
+resend it(a few changes of error message) in qemu-devel.
+
+Fixes: CVE-2023-3180
+Fixes: 04b9b37edda("virtio-crypto: add data queue processing handler")
+Cc: Gonglei 
+Cc: Mauro Matteo Cascella 
+Cc: Yiming Tao 
+Signed-off-by: zhenwei pi 
+Message-Id: <20230803024314.29962-2-pizhen...@bytedance.com>
+Reviewed-by: Michael S. Tsirkin 
+Signed-off-by: Michael S. Tsirkin 
+
+Upstream-Status: Backport from 
[https://gitlab.com/qemu-project/qemu/-/commit/9d38a8434721a6479fe03fb5afb150ca793d3980]
+CVE: CVE-2023-3180
+Signed-off-by: Ashish Sharma 
+
+ hw/virtio/virtio-crypto.c | 5 +
+ 1 file changed, 5 insertions(+)
+
+diff --git a/hw/virtio/virtio-crypto.c b/hw/virtio/virtio-crypto.c
+index 44faf5a522b..13aec771e11 100644
+--- a/hw/virtio/virtio-crypto.c
 b/hw/virtio/virtio-crypto.c
+@@ -634,6 +634,11 @@ virtio_crypto_sym_op_helper(VirtIODevice *vdev,
+ return NULL;
+ }
+ 
++if (unlikely(src_len != dst_len)) {
++virtio_error(vdev, "sym request src len is different from dst len");
++return NULL;
++}
++
+ max_len = (uint64_t)iv_len + aad_len + src_len + dst_len + 
hash_result_len;
+ if (unlikely(max_len > vcrypto->conf.max_size)) {
+ virtio_error(vdev, "virtio-crypto too big length");
+-- 
+GitLab
+
-- 
2.24.4


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187292): 
https://lists.openembedded.org/g/openembedded-core/message/187292
Mute This Topic: https://lists.openembedded.org/mt/101190246/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] meson: don't fail if no .pyc exists

[Yang Xu via lists.openembedded.org]

From: Yang Xu 

If PYTHONDONTWRITEBYTECODE set to 1, do_install:append will fail because
no .pyc is removed.

Add -f flag to prevent command fail.

Signed-off-by: Yang Xu 
---
 meta/recipes-devtools/meson/meson_1.1.1.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-devtools/meson/meson_1.1.1.bb 
b/meta/recipes-devtools/meson/meson_1.1.1.bb
index 500e13775f..dd97f93aef 100644
--- a/meta/recipes-devtools/meson/meson_1.1.1.bb
+++ b/meta/recipes-devtools/meson/meson_1.1.1.bb
@@ -30,7 +30,7 @@ do_install:append () {
# Upstream is discussing ways to solve the issue properly, until then 
let's
# just not install the problematic files.
# More info: http://benno.id.au/blog/2013/01/15/python-determinism
-   rm 
${D}${libdir}/python*/site-packages/mesonbuild/dependencies/__pycache__/mpi.cpython*
+   rm -f 
${D}${libdir}/python*/site-packages/mesonbuild/dependencies/__pycache__/mpi.cpython*
 }
 
 BBCLASSEXTEND = "native nativesdk"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187291): 
https://lists.openembedded.org/g/openembedded-core/message/187291
Mute This Topic: https://lists.openembedded.org/mt/101190165/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [kirkstone][PATCH] binutils: Fix CVE-2022-47008

[Deepthi . Hemraj]

Hi Chee Yang,

Sorry for missing out the patch file.
I have sent a separate mail that contains patch as :-
https://lists.openembedded.org/g/openembedded-core/message/187288
[kirkstone][PATCH V2] binutils: Fix CVE-2022-47008

Thanks,
Deepthi

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187290): 
https://lists.openembedded.org/g/openembedded-core/message/187290
Mute This Topic: https://lists.openembedded.org/mt/101188282/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [kirkstone][PATCH V2] binutils: Fix CVE-2022-47011

[Hemraj, Deepthi via lists.openembedded.org]

Signed-off-by: Deepthi Hemraj 
---
 .../binutils/binutils-2.38.inc|  1 +
 .../binutils/0028-CVE-2022-47011.patch| 35 +++
 2 files changed, 36 insertions(+)
 create mode 100644 
meta/recipes-devtools/binutils/binutils/0028-CVE-2022-47011.patch

diff --git a/meta/recipes-devtools/binutils/binutils-2.38.inc 
b/meta/recipes-devtools/binutils/binutils-2.38.inc
index 5c3ff3d93a..aa77263c66 100644
--- a/meta/recipes-devtools/binutils/binutils-2.38.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.38.inc
@@ -56,5 +56,6 @@ SRC_URI = "\
  file://0023-CVE-2023-25585.patch \
  file://0026-CVE-2023-1972.patch \
  file://0025-CVE-2023-25588.patch \
+ file://0028-CVE-2022-47011.patch \
 "
 S  = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/0028-CVE-2022-47011.patch 
b/meta/recipes-devtools/binutils/binutils/0028-CVE-2022-47011.patch
new file mode 100644
index 00..73ae46e218
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0028-CVE-2022-47011.patch
@@ -0,0 +1,35 @@
+From: Alan Modra 
+Date: Mon, 20 Jun 2022 01:09:13 + (+0930)
+Subject: PR29261, memory leak in parse_stab_struct_fields
+X-Git-Tag: binutils-2_39~225
+X-Git-Url: 
https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=8a24927bc8dbf6beac2000593b21235c3796dc35
+
+PR29261, memory leak in parse_stab_struct_fields
+
+   PR 29261
+   * stabs.c (parse_stab_struct_fields): Free "fields" on failure path.
+
+Upstream-Status: Backport 
[https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=8a24927bc8dbf6beac2000593b21235c3796dc35]
+
+CVE: CVE-2022-47011
+
+Signed-off-by: Deepthi Hemraj 
+
+---
+
+diff --git a/binutils/stabs.c b/binutils/stabs.c
+index 796ff85b86a..bf3f578cbcc 100644
+--- a/binutils/stabs.c
 b/binutils/stabs.c
+@@ -2367,7 +2367,10 @@ parse_stab_struct_fields (void *dhandle,
+ 
+   if (! parse_stab_one_struct_field (dhandle, info, pp, p, fields + c,
+staticsp, p_end))
+-  return false;
++  {
++free (fields);
++return false;
++  }
+ 
+   ++c;
+ }
-- 
2.39.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187289): 
https://lists.openembedded.org/g/openembedded-core/message/187289
Mute This Topic: https://lists.openembedded.org/mt/101189213/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [kirkstone][PATCH V2] binutils: Fix CVE-2022-47008

[Hemraj, Deepthi via lists.openembedded.org]

Signed-off-by: Deepthi Hemraj 
---
 .../binutils/binutils-2.38.inc|  1 +
 .../binutils/0027-CVE-2022-47008.patch| 67 +++
 2 files changed, 68 insertions(+)
 create mode 100644 
meta/recipes-devtools/binutils/binutils/0027-CVE-2022-47008.patch

diff --git a/meta/recipes-devtools/binutils/binutils-2.38.inc 
b/meta/recipes-devtools/binutils/binutils-2.38.inc
index 5c3ff3d93a..9bcf7ad4f5 100644
--- a/meta/recipes-devtools/binutils/binutils-2.38.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.38.inc
@@ -56,5 +56,6 @@ SRC_URI = "\
  file://0023-CVE-2023-25585.patch \
  file://0026-CVE-2023-1972.patch \
  file://0025-CVE-2023-25588.patch \
+ file://0027-CVE-2022-47008.patch \
 "
 S  = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/0027-CVE-2022-47008.patch 
b/meta/recipes-devtools/binutils/binutils/0027-CVE-2022-47008.patch
new file mode 100644
index 00..a3fff65409
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0027-CVE-2022-47008.patch
@@ -0,0 +1,67 @@
+From: Alan Modra 
+Date: Thu, 16 Jun 2022 23:43:38 + (+0930)
+Subject: PR29255, memory leak in make_tempdir
+X-Git-Tag: binutils-2_39~236
+X-Git-Url: 
https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=d6e1d48c83b165c129cb0aa78905f7ca80a1f682
+
+PR29255, memory leak in make_tempdir
+
+   PR 29255
+   * bucomm.c (make_tempdir, make_tempname): Free template on all
+   failure paths.
+
+Upstream-Status: Backport 
[https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=d6e1d48c83b165c129cb0aa78905f7ca80a1f682]
+
+CVE: CVE-2022-47008
+
+Signed-off-by: Deepthi Hemraj 
+
+---
+
+diff --git a/binutils/bucomm.c b/binutils/bucomm.c
+index fdc2209df9c..4395cb9f7f5 100644
+--- a/binutils/bucomm.c
 b/binutils/bucomm.c
+@@ -537,8 +537,9 @@ make_tempname (const char *filename, int *ofd)
+ #else
+   tmpname = mktemp (tmpname);
+   if (tmpname == NULL)
+-return NULL;
+-  fd = open (tmpname, O_RDWR | O_CREAT | O_EXCL, 0600);
++fd = -1;
++  else
++fd = open (tmpname, O_RDWR | O_CREAT | O_EXCL, 0600);
+ #endif
+   if (fd == -1)
+ {
+@@ -556,22 +557,23 @@ char *
+ make_tempdir (const char *filename)
+ {
+   char *tmpname = template_in_dir (filename);
++  char *ret;
+ 
+ #ifdef HAVE_MKDTEMP
+-  return mkdtemp (tmpname);
++  ret = mkdtemp (tmpname);
+ #else
+-  tmpname = mktemp (tmpname);
+-  if (tmpname == NULL)
+-return NULL;
++  ret = mktemp (tmpname);
+ #if defined (_WIN32) && !defined (__CYGWIN32__)
+   if (mkdir (tmpname) != 0)
+-return NULL;
++ret = NULL;
+ #else
+   if (mkdir (tmpname, 0700) != 0)
+-return NULL;
++ret = NULL;
+ #endif
+-  return tmpname;
+ #endif
++  if (ret == NULL)
++free (tmpname);
++  return ret;
+ }
+ 
+ /* Parse a string into a VMA, with a fatal error if it can't be
-- 
2.39.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187288): 
https://lists.openembedded.org/g/openembedded-core/message/187288
Mute This Topic: https://lists.openembedded.org/mt/101189179/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [kirkstone][PATCH] inetutils: Security fix for CVE-2023-40303

[Siddharth via lists.openembedded.org]

ooopps...my bad.

I just checked in 
https://autobuilder.yocto.io/pub/non-release/patchmetrics/cve-status-kirkstone.txt
 ( 
https://autobuilder.yocto.io/pub/non-release/patchmetrics/cve-status-kirkstone.txt
 ) and submitted a patch without checking if its already submitted or not.

Thanks for the update.

Regards,
Siddharth

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187287): 
https://lists.openembedded.org/g/openembedded-core/message/187287
Mute This Topic: https://lists.openembedded.org/mt/101188627/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core][kirkstone][PATCH] inetutils: Security fix for CVE-2023-40303

[Vijay Anusuri via lists.openembedded.org]

Hi Siddharth,

CVE-2023-40303 patch for kirkstone already submitted and landed in
kirkstone-nut.

https://git.openembedded.org/openembedded-core-contrib/commit/?h=stable/kirkstone-nut=2d2fc8e2b0eaa20f6bf8cfc0d1acd908f3dac2ec

Thanks & Regards,
Vjay

On Wed, Sep 6, 2023 at 1:45 PM Siddharth via lists.openembedded.org  wrote:

> From: Siddharth Doshi 
>
> Upstream-Status: Backport from [
> https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=e4e65c03f4c11292a3e40ef72ca3f194c8bffdd6
> ]
> CVE: CVE-2023-40303
> Signed-off-by: Siddharth Doshi 
> ---
>  .../inetutils/inetutils/CVE-2023-40303.patch  | 283 ++
>  .../inetutils/inetutils_2.2.bb|   1 +
>  2 files changed, 284 insertions(+)
>  create mode 100644
> meta/recipes-connectivity/inetutils/inetutils/CVE-2023-40303.patch
>
> diff --git
> a/meta/recipes-connectivity/inetutils/inetutils/CVE-2023-40303.patch
> b/meta/recipes-connectivity/inetutils/inetutils/CVE-2023-40303.patch
> new file mode 100644
> index 00..06f7f2fc00
> --- /dev/null
> +++ b/meta/recipes-connectivity/inetutils/inetutils/CVE-2023-40303.patch
> @@ -0,0 +1,283 @@
> +From e4e65c03f4c11292a3e40ef72ca3f194c8bffdd6 Mon Sep 17 00:00:00 2001
> +From: Jeffrey Bencteux 
> +Date: Fri, 30 Jun 2023 19:02:45 +0200
> +Subject: ftpd,rcp,rlogin,rsh,rshd,uucpd: fix: check set*id() return values
> +
> +Several setuid(), setgid(), seteuid() and setguid() return values
> +were not checked in ftpd/rcp/rlogin/rsh/rshd/uucpd code potentially
> +leading to potential security issues.
> +
> +Signed-off-by: Jeffrey Bencteux 
> +Signed-off-by: Simon Josefsson 
> +
> +Upstream-Status: Backport from [
> https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=e4e65c03f4c11292a3e40ef72ca3f194c8bffdd6
> ]
> +CVE: CVE-2023-40303
> +Signed-off-by: Siddharth Doshi 
> +
> +---
> + ftpd/ftpd.c  | 10 +++---
> + src/rcp.c| 39 +--
> + src/rlogin.c | 11 +--
> + src/rsh.c| 25 +
> + src/rshd.c   | 20 +---
> + src/uucpd.c  | 15 +--
> + 6 files changed, 100 insertions(+), 20 deletions(-)
> +
> +diff --git a/ftpd/ftpd.c b/ftpd/ftpd.c
> +index 68d41fd..703fbbc 100644
> +--- a/ftpd/ftpd.c
>  b/ftpd/ftpd.c
> +@@ -865,7 +865,9 @@ end_login (struct credentials *pcred)
> +   char *remotehost = pcred->remotehost;
> +   int atype = pcred->auth_type;
> +
> +-  seteuid ((uid_t) 0);
> ++  if (seteuid ((uid_t) 0) == -1)
> ++_exit (EXIT_FAILURE);
> ++
> +   if (pcred->logged_in)
> + {
> +   logwtmp_keep_open (ttyline, "", "");
> +@@ -1154,7 +1156,8 @@ getdatasock (const char *mode)
> +
> +   if (data >= 0)
> + return fdopen (data, mode);
> +-  seteuid ((uid_t) 0);
> ++  if (seteuid ((uid_t) 0) == -1)
> ++_exit (EXIT_FAILURE);
> +   s = socket (ctrl_addr.ss_family, SOCK_STREAM, 0);
> +   if (s < 0)
> + goto bad;
> +@@ -1981,7 +1984,8 @@ passive (int epsv, int af)
> +   else/* !AF_INET6 */
> + ((struct sockaddr_in *) _addr)->sin_port = 0;
> +
> +-  seteuid ((uid_t) 0);
> ++  if (seteuid ((uid_t) 0) == -1)
> ++_exit (EXIT_FAILURE);
> +   if (bind (pdata, (struct sockaddr *) _addr, pasv_addrlen) < 0)
> + {
> +   if (seteuid ((uid_t) cred.uid))
> +diff --git a/src/rcp.c b/src/rcp.c
> +index 476cbaa..cd84570 100644
> +--- a/src/rcp.c
>  b/src/rcp.c
> +@@ -348,14 +348,23 @@ main (int argc, char *argv[])
> +   if (from_option)
> + { /* Follow "protocol", send data. */
> +   response ();
> +-  setuid (userid);
> ++
> ++  if (setuid (userid) == -1)
> ++  {
> ++error (EXIT_FAILURE, 0, "Could not drop privileges (setuid()
> failed)");
> ++  }
> ++
> +   source (argc, argv);
> +   exit (errs);
> + }
> +
> +   if (to_option)
> + { /* Receive data. */
> +-  setuid (userid);
> ++  if (setuid (userid) == -1)
> ++  {
> ++error (EXIT_FAILURE, 0, "Could not drop privileges (setuid()
> failed)");
> ++  }
> ++
> +   sink (argc, argv);
> +   exit (errs);
> + }
> +@@ -540,7 +549,11 @@ toremote (char *targ, int argc, char *argv[])
> + if (response () < 0)
> +   exit (EXIT_FAILURE);
> + free (bp);
> +-setuid (userid);
> ++
> ++if (setuid (userid) == -1)
> ++  {
> ++error (EXIT_FAILURE, 0, "Could not drop privileges
> (setuid() failed)");
> ++  }
> +   }
> + source (1, argv + i);
> + close (rem);
> +@@ -633,7 +646,12 @@ tolocal (int argc, char *argv[])
> + ++errs;
> + continue;
> +   }
> +-  seteuid (userid);
> ++
> ++  if (seteuid (userid) == -1)
> ++  {
> ++error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid()
> failed)");
> ++  }
> ++
> + #if defined IP_TOS && defined IPPROTO_IP && defined IPTOS_THROUGHPUT
> +   sslen = sizeof (ss);
> +   (void) 

[OE-core][kirkstone][PATCH] inetutils: Security fix for CVE-2023-40303

[Siddharth via lists.openembedded.org]

From: Siddharth Doshi 

Upstream-Status: Backport from 
[https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=e4e65c03f4c11292a3e40ef72ca3f194c8bffdd6]
CVE: CVE-2023-40303
Signed-off-by: Siddharth Doshi 
---
 .../inetutils/inetutils/CVE-2023-40303.patch  | 283 ++
 .../inetutils/inetutils_2.2.bb|   1 +
 2 files changed, 284 insertions(+)
 create mode 100644 
meta/recipes-connectivity/inetutils/inetutils/CVE-2023-40303.patch

diff --git a/meta/recipes-connectivity/inetutils/inetutils/CVE-2023-40303.patch 
b/meta/recipes-connectivity/inetutils/inetutils/CVE-2023-40303.patch
new file mode 100644
index 00..06f7f2fc00
--- /dev/null
+++ b/meta/recipes-connectivity/inetutils/inetutils/CVE-2023-40303.patch
@@ -0,0 +1,283 @@
+From e4e65c03f4c11292a3e40ef72ca3f194c8bffdd6 Mon Sep 17 00:00:00 2001
+From: Jeffrey Bencteux 
+Date: Fri, 30 Jun 2023 19:02:45 +0200
+Subject: ftpd,rcp,rlogin,rsh,rshd,uucpd: fix: check set*id() return values
+
+Several setuid(), setgid(), seteuid() and setguid() return values
+were not checked in ftpd/rcp/rlogin/rsh/rshd/uucpd code potentially
+leading to potential security issues.
+
+Signed-off-by: Jeffrey Bencteux 
+Signed-off-by: Simon Josefsson 
+
+Upstream-Status: Backport from 
[https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=e4e65c03f4c11292a3e40ef72ca3f194c8bffdd6]
+CVE: CVE-2023-40303
+Signed-off-by: Siddharth Doshi 
+
+---
+ ftpd/ftpd.c  | 10 +++---
+ src/rcp.c| 39 +--
+ src/rlogin.c | 11 +--
+ src/rsh.c| 25 +
+ src/rshd.c   | 20 +---
+ src/uucpd.c  | 15 +--
+ 6 files changed, 100 insertions(+), 20 deletions(-)
+
+diff --git a/ftpd/ftpd.c b/ftpd/ftpd.c
+index 68d41fd..703fbbc 100644
+--- a/ftpd/ftpd.c
 b/ftpd/ftpd.c
+@@ -865,7 +865,9 @@ end_login (struct credentials *pcred)
+   char *remotehost = pcred->remotehost;
+   int atype = pcred->auth_type;
+ 
+-  seteuid ((uid_t) 0);
++  if (seteuid ((uid_t) 0) == -1)
++_exit (EXIT_FAILURE);
++
+   if (pcred->logged_in)
+ {
+   logwtmp_keep_open (ttyline, "", "");
+@@ -1154,7 +1156,8 @@ getdatasock (const char *mode)
+ 
+   if (data >= 0)
+ return fdopen (data, mode);
+-  seteuid ((uid_t) 0);
++  if (seteuid ((uid_t) 0) == -1)
++_exit (EXIT_FAILURE);
+   s = socket (ctrl_addr.ss_family, SOCK_STREAM, 0);
+   if (s < 0)
+ goto bad;
+@@ -1981,7 +1984,8 @@ passive (int epsv, int af)
+   else/* !AF_INET6 */
+ ((struct sockaddr_in *) _addr)->sin_port = 0;
+ 
+-  seteuid ((uid_t) 0);
++  if (seteuid ((uid_t) 0) == -1)
++_exit (EXIT_FAILURE);
+   if (bind (pdata, (struct sockaddr *) _addr, pasv_addrlen) < 0)
+ {
+   if (seteuid ((uid_t) cred.uid))
+diff --git a/src/rcp.c b/src/rcp.c
+index 476cbaa..cd84570 100644
+--- a/src/rcp.c
 b/src/rcp.c
+@@ -348,14 +348,23 @@ main (int argc, char *argv[])
+   if (from_option)
+ { /* Follow "protocol", send data. */
+   response ();
+-  setuid (userid);
++
++  if (setuid (userid) == -1)
++  {
++error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() 
failed)");
++  }
++
+   source (argc, argv);
+   exit (errs);
+ }
+ 
+   if (to_option)
+ { /* Receive data. */
+-  setuid (userid);
++  if (setuid (userid) == -1)
++  {
++error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() 
failed)");
++  }
++
+   sink (argc, argv);
+   exit (errs);
+ }
+@@ -540,7 +549,11 @@ toremote (char *targ, int argc, char *argv[])
+ if (response () < 0)
+   exit (EXIT_FAILURE);
+ free (bp);
+-setuid (userid);
++
++if (setuid (userid) == -1)
++  {
++error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() 
failed)");
++  }
+   }
+ source (1, argv + i);
+ close (rem);
+@@ -633,7 +646,12 @@ tolocal (int argc, char *argv[])
+ ++errs;
+ continue;
+   }
+-  seteuid (userid);
++
++  if (seteuid (userid) == -1)
++  {
++error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() 
failed)");
++  }
++
+ #if defined IP_TOS && defined IPPROTO_IP && defined IPTOS_THROUGHPUT
+   sslen = sizeof (ss);
+   (void) getpeername (rem, (struct sockaddr *) , );
+@@ -646,7 +664,12 @@ tolocal (int argc, char *argv[])
+ #endif
+   vect[0] = target;
+   sink (1, vect);
+-  seteuid (effuid);
++
++  if (seteuid (effuid) == -1)
++  {
++error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() 
failed)");
++  }
++
+   close (rem);
+   rem = -1;
+ #ifdef SHISHI
+@@ -1444,7 +1467,11 @@ susystem (char *s, int userid)
+   return (127);
+ 
+ case 0:
+-  setuid (userid);
++  if (setuid (userid) == -1)
++  {
++error (EXIT_FAILURE, 0, "Could not drop privileges 

Re: [OE-core] [PATCH] librepo: upgrade 1.15.2 -> 1.16.0

[Alexander Kanavin]

On Wed, 6 Sept 2023 at 08:56, wangmy  wrote:
> 0004-Set-gpgme-variables-with-pkg-config-not-with-cmake-m.patch
> removed since it's included in 1.16.0

> -From 25113b34bc1aae377d7bf447e69528783e2c177e Mon Sep 17 00:00:00 2001
> -From: Alexander Kanavin 
> -Date: Fri, 30 Dec 2016 18:23:27 +0200
> -Subject: [PATCH] Set gpgme variables with pkg-config, not with cmake module
> - (which doesn't work properly)
> -
> -Upstream-Status: Inappropriate [gpgme upstream does not have pkg-config 
> support and is not interested in it]
> -Signed-off-by: Alexander Kanavin 

It is most definitely not included and thus cannot be removed, as seen here:

https://github.com/rpm-software-management/librepo/blob/master/CMakeLists.txt#L37C1-L41C18

IF (USE_GPGME)
FIND_PACKAGE(Gpgme REQUIRED)
ELSE (USE_GPGME)
PKG_CHECK_MODULES(RPM REQUIRED rpm>=4.18.0)
ENDIF (USE_GPGME)

We can *probably* remove the patch, but then gpgme dependency needs to
be removed as well from the recipe, and the reasoning in commit
message needs to explain that.

Alex

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187284): 
https://lists.openembedded.org/g/openembedded-core/message/187284
Mute This Topic: https://lists.openembedded.org/mt/101187979/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell][PATCH] openssh: Securiry fix for CVE-2023-38408

[Shubham Kulkarni via lists.openembedded.org]

From: Shubham Kulkarni 

The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an
insufficiently trustworthy search path, leading to remote code
execution if an agent is forwarded to an attacker-controlled system.
(Code in /usr/lib is not necessarily safe for loading into ssh-agent.)
NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.

References:
https://nvd.nist.gov/vuln/detail/CVE-2023-38408

Upstream patches:
https://github.com/openssh/openssh-portable/commit/dee22129, 
https://github.com/openssh/openssh-portable/commit/099cdf59,
https://github.com/openssh/openssh-portable/commit/29ef8a04, 
https://github.com/openssh/openssh-portable/commit/892506b1,
https://github.com/openssh/openssh-portable/commit/0c111eb8, 
https://github.com/openssh/openssh-portable/commit/52a03e9f,
https://github.com/openssh/openssh-portable/commit/1fe16fd6, 
https://github.com/openssh/openssh-portable/commit/e0e8bee8,
https://github.com/openssh/openssh-portable/commit/8afaa7d7, 
https://github.com/openssh/openssh-portable/commit/1a4b9275,
https://github.com/openssh/openssh-portable/commit/4c1e3ce8, 
https://github.com/openssh/openssh-portable/commit/1f2731f5.

Signed-off-by: Shubham Kulkarni 
---
 .../openssh/openssh/CVE-2023-38408-01.patch| 189 +++
 .../openssh/openssh/CVE-2023-38408-02.patch| 581 +
 .../openssh/openssh/CVE-2023-38408-03.patch| 171 ++
 .../openssh/openssh/CVE-2023-38408-04.patch|  34 ++
 .../openssh/openssh/CVE-2023-38408-05.patch| 194 +++
 .../openssh/openssh/CVE-2023-38408-06.patch|  73 +++
 .../openssh/openssh/CVE-2023-38408-07.patch| 125 +
 .../openssh/openssh/CVE-2023-38408-08.patch| 315 +++
 .../openssh/openssh/CVE-2023-38408-09.patch|  38 ++
 .../openssh/openssh/CVE-2023-38408-10.patch|  39 ++
 .../openssh/openssh/CVE-2023-38408-11.patch| 307 +++
 .../openssh/openssh/CVE-2023-38408-12.patch| 120 +
 meta/recipes-connectivity/openssh/openssh_8.2p1.bb |  12 +
 13 files changed, 2198 insertions(+)
 create mode 100644 
meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-01.patch
 create mode 100644 
meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-02.patch
 create mode 100644 
meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-03.patch
 create mode 100644 
meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-04.patch
 create mode 100644 
meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-05.patch
 create mode 100644 
meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-06.patch
 create mode 100644 
meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-07.patch
 create mode 100644 
meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-08.patch
 create mode 100644 
meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-09.patch
 create mode 100644 
meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-10.patch
 create mode 100644 
meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-11.patch
 create mode 100644 
meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-12.patch

diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-01.patch 
b/meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-01.patch
new file mode 100644
index 000..c899056
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-01.patch
@@ -0,0 +1,189 @@
+From f6213e03887237714eb5bcfc9089c707069f87c5 Mon Sep 17 00:00:00 2001
+From: Damien Miller 
+Date: Fri, 1 Oct 2021 16:35:49 +1000
+Subject: [PATCH 01/12] make OPENSSL_HAS_ECC checks more thorough
+
+ok dtucker
+
+Upstream-Status: Backport 
[https://github.com/openssh/openssh-portable/commit/dee22129bbc61e25b1003adfa2bc584c5406ef2d]
+CVE: CVE-2023-38408
+Signed-off-by: Shubham Kulkarni 
+---
+ ssh-pkcs11-client.c | 16 
+ ssh-pkcs11.c| 26 +-
+ 2 files changed, 21 insertions(+), 21 deletions(-)
+
+diff --git a/ssh-pkcs11-client.c b/ssh-pkcs11-client.c
+index 8a0ffef..41114c7 100644
+--- a/ssh-pkcs11-client.c
 b/ssh-pkcs11-client.c
+@@ -163,7 +163,7 @@ rsa_encrypt(int flen, const u_char *from, u_char *to, RSA 
*rsa, int padding)
+   return (ret);
+ }
+
+-#ifdef HAVE_EC_KEY_METHOD_NEW
++#if defined(OPENSSL_HAS_ECC) && defined(HAVE_EC_KEY_METHOD_NEW)
+ static ECDSA_SIG *
+ ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv,
+ const BIGNUM *rp, EC_KEY *ec)
+@@ -220,12 +220,12 @@ ecdsa_do_sign(const unsigned char *dgst, int dgst_len, 
const BIGNUM *inv,
+   sshbuf_free(msg);
+   return (ret);
+ }
+-#endif /* HAVE_EC_KEY_METHOD_NEW */
++#endif /* OPENSSL_HAS_ECC && HAVE_EC_KEY_METHOD_NEW */
+
+ static RSA_METHOD *helper_rsa;
+-#ifdef HAVE_EC_KEY_METHOD_NEW
++#if defined(OPENSSL_HAS_ECC) && defined(HAVE_EC_KEY_METHOD_NEW)
+ static EC_KEY_METHOD  *helper_ecdsa;
+-#endif /* HAVE_EC_KEY_METHOD_NEW */
++#endif /* OPENSSL_HAS_ECC && 

Re: [OE-core] [kirkstone][PATCH] binutils: Fix CVE-2022-47008

[Lee Chee Yang]

> -Original Message-
> From: openembedded-core@lists.openembedded.org  c...@lists.openembedded.org> On Behalf Of Hemraj, Deepthi via
> lists.openembedded.org
> Sent: Wednesday, September 6, 2023 3:32 PM
> To: openembedded-core@lists.openembedded.org
> Cc: randy.macl...@windriver.com; umesh.kala...@windriver.com;
> naveen.go...@windriver.com; shivaprasad.moodala...@windriver.com;
> sundeep.kokko...@windriver.com
> Subject: [OE-core] [kirkstone][PATCH] binutils: Fix CVE-2022-47008
> 
> Signed-off-by: Deepthi Hemraj 
> ---
>  meta/recipes-devtools/binutils/binutils-2.38.inc | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/meta/recipes-devtools/binutils/binutils-2.38.inc b/meta/recipes-
> devtools/binutils/binutils-2.38.inc
> index 5c3ff3d93a..9bcf7ad4f5 100644
> --- a/meta/recipes-devtools/binutils/binutils-2.38.inc
> +++ b/meta/recipes-devtools/binutils/binutils-2.38.inc
> @@ -56,5 +56,6 @@ SRC_URI = "\
>   file://0023-CVE-2023-25585.patch \
>   file://0026-CVE-2023-1972.patch \
>   file://0025-CVE-2023-25588.patch \
> + file://0027-CVE-2022-47008.patch \[] 

missing patch file ?

Chee Yang



-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187282): 
https://lists.openembedded.org/g/openembedded-core/message/187282
Mute This Topic: https://lists.openembedded.org/mt/101188282/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [kirkstone][PATCH] binutils: Fix CVE-2022-47011

[Hemraj, Deepthi via lists.openembedded.org]

Signed-off-by: Deepthi Hemraj 
---
 meta/recipes-devtools/binutils/binutils-2.38.inc | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/recipes-devtools/binutils/binutils-2.38.inc 
b/meta/recipes-devtools/binutils/binutils-2.38.inc
index 5c3ff3d93a..aa77263c66 100644
--- a/meta/recipes-devtools/binutils/binutils-2.38.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.38.inc
@@ -56,5 +56,6 @@ SRC_URI = "\
  file://0023-CVE-2023-25585.patch \
  file://0026-CVE-2023-1972.patch \
  file://0025-CVE-2023-25588.patch \
+ file://0028-CVE-2022-47011.patch \
 "
 S  = "${WORKDIR}/git"
-- 
2.39.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187281): 
https://lists.openembedded.org/g/openembedded-core/message/187281
Mute This Topic: https://lists.openembedded.org/mt/101188290/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [kirkstone][PATCH] binutils: Fix CVE-2022-47008

[Hemraj, Deepthi via lists.openembedded.org]

Signed-off-by: Deepthi Hemraj 
---
 meta/recipes-devtools/binutils/binutils-2.38.inc | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/recipes-devtools/binutils/binutils-2.38.inc 
b/meta/recipes-devtools/binutils/binutils-2.38.inc
index 5c3ff3d93a..9bcf7ad4f5 100644
--- a/meta/recipes-devtools/binutils/binutils-2.38.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.38.inc
@@ -56,5 +56,6 @@ SRC_URI = "\
  file://0023-CVE-2023-25585.patch \
  file://0026-CVE-2023-1972.patch \
  file://0025-CVE-2023-25588.patch \
+ file://0027-CVE-2022-47008.patch \
 "
 S  = "${WORKDIR}/git"
-- 
2.39.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187280): 
https://lists.openembedded.org/g/openembedded-core/message/187280
Mute This Topic: https://lists.openembedded.org/mt/101188282/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-Core][PATCH v13 2/8] package_ipk.bbclass: add support for ACLs and xattr

[Piotr Łobacz]

Dnia środa, 23 sierpnia 2023 03:00:59 CEST Khem Raj pisze:
> On Tue, Aug 22, 2023 at 5:25 PM Khem Raj  wrote:
> > OK I have narrowed down the problem a bit more
> > 
> > It seems to trigger with poky master + this patch series on archlinux
> > build host ( it has glibc 2.38 natively ) . It works ok with nodistro (
> > I guess its because nodistro does not use uninative but its just a guess )
> > 
> > Add following at the end of conf/local.conf
> > 
> > PACKAGE_CLASSES = "package_ipk"
> > 
> > then run
> > 
> > bitbake python3
> 
> If I just revert the following patch then do_package_write_ipk starts
> to work normally.
> I think this should be investigated and root caused, I am afraid that
> if we accept this
> series in its own form then once fedora/ubuntu/debian starts to get
> glibc 2.38 this problem
> will resurface.Lets hold on to this patch until this issue is resolved
> 
> commit 0ecd39717533ae11dc00c0a2e049c657ba41411f
> Author: Piotr Łobacz 
> Date:   Thu Aug 17 14:46:10 2023 +0200
> 
>opkg-utils: add acl and xattr support
> 
>Add support for tar archives created with --acls and/or --xattrs options,
> PAX header format.
> 
>GNU tar and libarchive already supports ACLs and extended attributes.
>We can now add this support as well to opkg-build script in order to use
>fsetattr or setcap inside do_install command and end up with a file in
>an image with the relevant ACLs and xattrs.
> 
>(From OE-Core rev: f6228716c3ce25cda54c7a2d62df5f7be72765ec)
> 
>Signed-off-by: Piotr Łobacz 
>Signed-off-by: Richard Purdie 
> 
> > On 8/22/23 10:03, Khem Raj wrote:
> > > On Tue, Aug 22, 2023 at 8:58 AM Khem Raj  wrote:
> > >> On Thu, Aug 17, 2023 at 5:47 AM Piotr Łobacz  
wrote:
> > >>> Extend OPKGBUILDCMD variable, with additional parameters, depending
> > >>> on target distro features, in order to support ACLs and xattr.
> > >>> 
> > >>> With fix pushed to the opkg-devel:
> > >>> https://eur04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgrou
> > >>> ps.google.com%2Fg%2Fopkg-devel%2Fc%2FdYNHrLjDwg8=05%7C01%7Cp.loba
> > >>> cz%40welotec.com%7C34b048f9a1ac434ef11d08dba3747a90%7C25111a7f1d5a4c51
> > >>> a4ca7f8e44011b39%7C0%7C0%7C638283492895128587%7CUnknown%7CTWFpbGZsb3d8
> > >>> eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3
> > >>> 000%7C%7C%7C=EW1InBDnANNoMNZi2FEvYejU6qJW70thWgDajc4FKIw%3D
> > >>> rved=0 opkg-build is able to create tar archives with ACLs and xattr.
> > >>> 
> > >>> Signed-off-by: Piotr Łobacz 
> > >>> ---
> > >>> 
> > >>>   meta/classes-global/package_ipk.bbclass | 2 +-
> > >>>   1 file changed, 1 insertion(+), 1 deletion(-)
> > >>> 
> > >>> diff --git a/meta/classes-global/package_ipk.bbclass
> > >>> b/meta/classes-global/package_ipk.bbclass index
> > >>> b4b7bc9ac2..a0f106e4ad 100644
> > >>> --- a/meta/classes-global/package_ipk.bbclass
> > >>> +++ b/meta/classes-global/package_ipk.bbclass
> > >>> @@ -15,7 +15,7 @@ IPKGCONF_SDK_TARGET =
> > >>> "${WORKDIR}/opkg-sdk-target.conf"
> > >>> 
> > >>>   PKGWRITEDIRIPK = "${WORKDIR}/deploy-ipks"
> > >>>   
> > >>>   # Program to be used to build opkg packages
> > >>> 
> > >>> -OPKGBUILDCMD ??= 'opkg-build -Z xz -a "${XZ_DEFAULTS}"'
> > >>> +OPKGBUILDCMD ??= 'opkg-build -Z xz -a "${XZ_DEFAULTS}"
> > >>> ${@bb.utils.contains('DISTRO_FEATURES', 'acl', '-A', '', d)}
> > >>> ${@bb.utils.contains('DISTRO_FEATURES', 'xattr', '-X', '', d)}'> >> 
> > >> I wonder if it should be an append instead, because these are
> > >> dependent on DISTRO_FEATURES anyway and it does not work if distro
> > >> features are
> > >> enabled and these options are removed from opkg-build cmdline. So
> > >> these are required if distro features are enabled. It will also help
> > >> the distros overriding OPKGBUILDCMD
> > > 
> > > btw. I am encountering packaging failures in several packages using
> > > zstd compression instead of xz e.g.
> > > https://eur04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsnips.
> > > sh%2Ff%2FR42MbTZryH=05%7C01%7Cp.lobacz%40welotec.com%7C34b048f9a1ac
> > > 434ef11d08dba3747a90%7C25111a7f1d5a4c51a4ca7f8e44011b39%7C0%7C0%7C638283
> > > 492895128587%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzI
> > > iLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=%2F5Txit2xk7Y9FSwI
> > > Pu2T%2BkqUKKMHAGZUoiEgK%2F12kLg%3D=0> > 
> > >   Here is my OPKGBUILDCMD
> > > 
> > > OPKGBUILDCMD = 'opkg-build -Z zstd -a "--threads=${ZSTD_THREADS}"
> > > ${@bb.utils.contains('DISTRO_FEATURES', 'acl', '-A', '', d)}
> > > ${@bb.utils.contains('DISTRO_FEATURES', 'xattr', '-X', '', d)}'
> > > 
> > >>>   OPKG_ARGS += "--force_postinstall --prefer-arch-to-version"
> > >>>   OPKG_ARGS += "${@['',
> > >>>   '--no-install-recommends'][d.getVar("NO_RECOMMENDATIONS") == "1"]}"> 
>>> 
> > >>> --
> > >>> 2.34.1
> > >>> 
> > >>> 
> > >>> 

As already spoken on IRC this does not happen with gentoo and newest glibc. 
I'm sending you my specs:

Portage 3.0.51 (python 3.11.5-final-0, 

[OE-core] [PATCH] librepo: upgrade 1.15.2 -> 1.16.0

[wangmy]

From: Wang Mingyu 

Changelog:
 Implement OpenPGP using librpm API

0004-Set-gpgme-variables-with-pkg-config-not-with-cmake-m.patch
removed since it's included in 1.16.0

Signed-off-by: Wang Mingyu 
---
 ...les-with-pkg-config-not-with-cmake-m.patch | 27 ---
 .../{librepo_1.15.2.bb => librepo_1.16.0.bb}  |  3 +--
 2 files changed, 1 insertion(+), 29 deletions(-)
 delete mode 100644 
meta/recipes-devtools/librepo/librepo/0004-Set-gpgme-variables-with-pkg-config-not-with-cmake-m.patch
 rename meta/recipes-devtools/librepo/{librepo_1.15.2.bb => librepo_1.16.0.bb} 
(86%)

diff --git 
a/meta/recipes-devtools/librepo/librepo/0004-Set-gpgme-variables-with-pkg-config-not-with-cmake-m.patch
 
b/meta/recipes-devtools/librepo/librepo/0004-Set-gpgme-variables-with-pkg-config-not-with-cmake-m.patch
deleted file mode 100644
index d61d8fbf85..00
--- 
a/meta/recipes-devtools/librepo/librepo/0004-Set-gpgme-variables-with-pkg-config-not-with-cmake-m.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From 25113b34bc1aae377d7bf447e69528783e2c177e Mon Sep 17 00:00:00 2001
-From: Alexander Kanavin 
-Date: Fri, 30 Dec 2016 18:23:27 +0200
-Subject: [PATCH] Set gpgme variables with pkg-config, not with cmake module
- (which doesn't work properly)
-
-Upstream-Status: Inappropriate [gpgme upstream does not have pkg-config 
support and is not interested in it]
-Signed-off-by: Alexander Kanavin 
-

- CMakeLists.txt | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/CMakeLists.txt b/CMakeLists.txt
-index a45d5c4..40249e6 100644
 a/CMakeLists.txt
-+++ b/CMakeLists.txt
-@@ -32,7 +32,8 @@ PKG_CHECK_MODULES(GLIB2 glib-2.0 REQUIRED)
- PKG_SEARCH_MODULE(LIBCRYPTO REQUIRED libcrypto openssl)
- PKG_CHECK_MODULES(LIBXML2 libxml-2.0 REQUIRED)
- FIND_PACKAGE(CURL 7.52.0 REQUIRED)
--FIND_PACKAGE(Gpgme REQUIRED)
-+PKG_CHECK_MODULES(GPGME gpgme REQUIRED)
-+set(GPGME_VANILLA_LIBRARIES ${GPGME_LIBRARIES})
- 
- 
- IF (WITH_ZCHUNK)
diff --git a/meta/recipes-devtools/librepo/librepo_1.15.2.bb 
b/meta/recipes-devtools/librepo/librepo_1.16.0.bb
similarity index 86%
rename from meta/recipes-devtools/librepo/librepo_1.15.2.bb
rename to meta/recipes-devtools/librepo/librepo_1.16.0.bb
index 995301d601..ef29ecdd4f 100644
--- a/meta/recipes-devtools/librepo/librepo_1.15.2.bb
+++ b/meta/recipes-devtools/librepo/librepo_1.16.0.bb
@@ -7,10 +7,9 @@ LIC_FILES_CHKSUM = 
"file://COPYING;md5=4fbd65380cdd255951079008b364516c"
 
 SRC_URI = 
"git://github.com/rpm-software-management/librepo.git;branch=master;protocol=https
 \

file://0002-Do-not-try-to-obtain-PYTHON_INSTALL_DIR-by-running-p.patch \
-   
file://0004-Set-gpgme-variables-with-pkg-config-not-with-cmake-m.patch \
"
 
-SRCREV = "1a0a5fd2b040d00872118b32d09d1f79730897a2"
+SRCREV = "7c9af219abd49f8961542b7622fc82cfdaa572e3"
 
 S = "${WORKDIR}/git"
 
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187278): 
https://lists.openembedded.org/g/openembedded-core/message/187278
Mute This Topic: https://lists.openembedded.org/mt/101187979/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-