Re: [OE-core] [PATCH] multilib.conf: Remove the incorrect PKG_CONFIG_PATH setting
Hi Richard, On 9/20/23 18:41, Richard Purdie wrote: CAUTION: This email comes from a non Wind River email account! Do not click links or open attachments unless you recognize the sender and know the content is safe. On Wed, 2023-09-20 at 17:06 +0800, Yu, Mingli wrote: From: Mingli Yu The PKG_CONFIG_PATH is set as ${WORKDIR}/recipe-sysroot/${datadir}/pkgconfig in multilib.conf. But there is no ${WORKDIR}/recipe-sysroot when multilib enabled such as below: $ bitbake lib32-php There is no ${WORKDIR}/recipe-sysroot and only ${WORKDIR}/lib32-recipe-sysroot exists which already covered in meta/conf/bitbake.conf as below: export PKG_CONFIG_PATH = "${PKG_CONFIG_DIR}:${STAGING_DATADIR}/pkgconfig" So remove the incorrect setting in multilib.conf. Signed-off-by: Mingli Yu --- meta/conf/multilib.conf | 9 - 1 file changed, 9 deletions(-) diff --git a/meta/conf/multilib.conf b/meta/conf/multilib.conf index ef3605a73d..09546315b8 100644 --- a/meta/conf/multilib.conf +++ b/meta/conf/multilib.conf @@ -22,15 +22,6 @@ MULTILIB_GLOBAL_VARIANTS ?= "lib32 lib64 libx32" OPKG_ARGS:append = " --force-maintainer --force-overwrite" -# When multilib is enabled, allarch recipes will be installed into the MACHINE -# sysroot, not MLPREFIXMACHINE. This means that anything using pkg-config to -# find an allarch pkgconfig file will fail as the PKG_CONFIG_PATH only looks -# inside the multilib sysroot. Fix this by explicitly adding the MACHINE's -# architecture-independent pkgconfig location to PKG_CONFIG_PATH. -PKG_CONFIG_PATH .= ":${WORKDIR}/recipe-sysroot/${datadir}/pkgconfig" -PKG_CONFIG_PATH[vardepsexclude] = "datadir WORKDIR" -PKG_CONFIG_PATH[vardepvalueexclude] = ":${WORKDIR}/recipe-sysroot/${datadir}/pkgconfig" - # These recipes don't need multilib variants, the ${BPN} PROVDES/RPROVDES # ${MLPREFIX}${BPN} NON_MULTILIB_RECIPES = "grub grub-efi make-mod-scripts ovmf u-boot" I'm not sure this is correct, did you check something with a dependency on an allarch recipe that has a pkgconfig file? Yes, I have checked the recipe font-alias which uses pkgconfig and depends on the allarch recipe encodings and also checked the iso-codes recipe. Thanks, Cheers, Richard -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#188171): https://lists.openembedded.org/g/openembedded-core/message/188171 Mute This Topic: https://lists.openembedded.org/mt/101474719/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH V5] tar: add ptest support
From: Yan Add a ptest for tar. - It is taking around 3m to execute with kvm, so added it to PTEST_SLOW. - It contains 242 cases. - Below is parts of the run log: START: ptest-runner 2023-09-25T05:06 BEGIN: /usr/lib/tar/ptest ## ## ## GNU tar 1.35 test suite. ## ## ## PASS: tar version PASS: decompressing from stdin ... ## - ## ## Test results. ## ## - ## 198 tests were successful. 44 tests were skipped. DURATION: 188 END: /usr/lib/tar/ptest 2023-09-25T05:09 STOP: ptest-runner TOTAL: 1 FAIL: 0 Signed-off-by: Qiu Tingting Signed-off-by: Yan Xinkuan --- .../distro/include/ptest-packagelists.inc | 1 + meta/recipes-core/images/core-image-ptest.bb | 3 ++ meta/recipes-extended/tar/tar/ptest.patch | 23 + meta/recipes-extended/tar/tar/run-ptest | 14 meta/recipes-extended/tar/tar_1.35.bb | 32 +++ 5 files changed, 73 insertions(+) create mode 100644 meta/recipes-extended/tar/tar/ptest.patch create mode 100644 meta/recipes-extended/tar/tar/run-ptest diff --git a/meta/conf/distro/include/ptest-packagelists.inc b/meta/conf/distro/include/ptest-packagelists.inc index 9160103cb0..3df7c9e405 100644 --- a/meta/conf/distro/include/ptest-packagelists.inc +++ b/meta/conf/distro/include/ptest-packagelists.inc @@ -109,6 +109,7 @@ PTESTS_SLOW = "\ python3-cryptography \ python3 \ strace \ +tar \ tcl \ util-linux \ valgrind \ diff --git a/meta/recipes-core/images/core-image-ptest.bb b/meta/recipes-core/images/core-image-ptest.bb index b81ab7b7c8..b6f5c2fd60 100644 --- a/meta/recipes-core/images/core-image-ptest.bb +++ b/meta/recipes-core/images/core-image-ptest.bb @@ -24,6 +24,9 @@ IMAGE_ROOTFS_EXTRA_SPACE:virtclass-mcextend-mdadm = "1524288" IMAGE_ROOTFS_EXTRA_SPACE:virtclass-mcextend-strace = "1024288" IMAGE_ROOTFS_EXTRA_SPACE:virtclass-mcextend-lttng-tools = "1524288" +# tar-ptest in particular needs more space +IMAGE_ROOTFS_EXTRA_SPACE:virtclass-mcextend-tar = "1524288" + # ptests need more memory than standard to avoid the OOM killer QB_MEM = "-m 1024" QB_MEM:virtclass-mcextend-lttng-tools = "-m 4096" diff --git a/meta/recipes-extended/tar/tar/ptest.patch b/meta/recipes-extended/tar/tar/ptest.patch new file mode 100644 index 00..4a5951211e --- /dev/null +++ b/meta/recipes-extended/tar/tar/ptest.patch @@ -0,0 +1,23 @@ +tar: Fix bug of compiling testsuite + +Del exclude17.at and exclude18.at from testsuite.at, +because these files are not exist in tarball. + +Upstream-Status: Inappropriate [oe specific] + +Signed-off-by: Qiu Tingting + +diff -rNu a/tests/testsuite.at b/tests/testsuite.at +--- a/tests/testsuite.at 2023-09-25 10:39:52.176684379 +0800 b/tests/testsuite.at 2023-09-25 10:39:25.532684766 +0800 +@@ -312,8 +312,8 @@ + m4_include([exclude14.at]) + m4_include([exclude15.at]) + m4_include([exclude16.at]) +-m4_include([exclude17.at]) +-m4_include([exclude18.at]) ++# m4_include([exclude17.at]) ++# m4_include([exclude18.at]) + + AT_BANNER([Deletions]) + m4_include([delete01.at]) diff --git a/meta/recipes-extended/tar/tar/run-ptest b/meta/recipes-extended/tar/tar/run-ptest new file mode 100644 index 00..185b33d61a --- /dev/null +++ b/meta/recipes-extended/tar/tar/run-ptest @@ -0,0 +1,14 @@ +#!/bin/sh + +# Define tar test work dir +WORKDIR=@PTEST_PATH@/tests/ + +# Run test +cd ${WORKDIR} +./atconfig ./atlocal ./testsuite + +# clear log +rm -rf testsuite.dir +rm -rf testsuite.log + +./testsuite --am-fmt diff --git a/meta/recipes-extended/tar/tar_1.35.bb b/meta/recipes-extended/tar/tar_1.35.bb index 4dbd418b60..9605ec52a6 100644 --- a/meta/recipes-extended/tar/tar_1.35.bb +++ b/meta/recipes-extended/tar/tar_1.35.bb @@ -42,6 +42,38 @@ do_install:append:class-target() { fi } +# add for ptest support +SRC_URI += " \ +file://run-ptest \ +file://ptest.patch \ +" + +inherit ptest + +do_compile_ptest() { +oe_runmake -C ${B}/gnu/ check +oe_runmake -C ${B}/lib/ check +oe_runmake -C ${B}/rmt/ check +oe_runmake -C ${B}/src/ check +rm -rf ${S}/tests/testsuite +oe_runmake -C ${B}/tests/ testsuite +oe_runmake -C ${B}/tests/ genfile checkseekhole ckmtime +} + +do_install_ptest() { +install -d ${D}${PTEST_PATH}/tests/ +install --mode=755 ${B}/tests/atconfig ${D}${PTEST_PATH}/tests/ +sed -i "/abs_/d" ${D}${PTEST_PATH}/tests/atconfig +echo "abs_builddir=${PTEST_PATH}/tests/" >> ${D}${PTEST_PATH}/tests/atconfig +install --mode=755 ${B}/tests/atlocal ${D}${PTEST_PATH}/tests/ +sed -i "/PATH=/d" ${D}${PTEST_PATH}/tests/atlocal +install --mode=755 ${B}/tests/genfile ${D}${PTEST_PATH}/tests/ +install --mode=755 ${B}/tests/checkseekhole ${D}${PTEST_PATH}/tests/ +install --mode=755 ${B}/tests/ckmtime ${D}${PTEST_PATH}/tests/ +install --mode=755 ${S}/tests/testsuite ${D}${PTEST_PATH}/tests/ +sed -i
[OE-core] [meta-oe][kirkstone][PATCH
- The c-ares commit https://github.com/c-ares/c-ares/commit/9903253c347f (Add str len check in config_sortlist to avoid stack overflow), fixes the CVE-2022-4904 instead of CVE-2022-4415 https://security-tracker.debian.org/tracker/CVE-2022-4904 - CVE-ID inside the CVE-2022-4904.patch is wrong in the OE commit[092e125f44f6] - Hence corrected the CVE-ID in CVE-2022-4904.patch Signed-off-by: Shinu Chandran --- meta-oe/recipes-support/c-ares/c-ares/CVE-2022-4904.patch | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-oe/recipes-support/c-ares/c-ares/CVE-2022-4904.patch b/meta-oe/recipes-support/c-ares/c-ares/CVE-2022-4904.patch index 0a0e8f0b6..328075ca6 100644 --- a/meta-oe/recipes-support/c-ares/c-ares/CVE-2022-4904.patch +++ b/meta-oe/recipes-support/c-ares/c-ares/CVE-2022-4904.patch @@ -20,7 +20,7 @@ fixes #496 Fix By: @hopper-vul -CVE: CVE-2022-4415 +CVE: CVE-2022-4904 Upstream-Status: Backport [https://github.com/c-ares/c-ares/commit/9903253c347f9e0bffd285ae3829aef251cc852d] Signed-off-by: Peter Marko -- 2.28.0 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#188169): https://lists.openembedded.org/g/openembedded-core/message/188169 Mute This Topic: https://lists.openembedded.org/mt/101569059/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH 09/40] boost: upgrade 1.82.0 -> 1.83.0
This fails cpp-netlib in meta-oe - https://autobuilder.yoctoproject.org/typhoon/#/builders/88/builds/3169/steps/14/logs/stdio On Fri, Sep 22, 2023 at 12:24 AM Alexander Kanavin wrote: > > Signed-off-by: Alexander Kanavin > --- > .../boost/{boost-1.82.0.inc => boost-1.83.0.inc}| 2 +- > ...oost-build-native_1.82.0.bb => boost-build-native_1.83.0.bb} | 2 +- > meta/recipes-support/boost/{boost_1.82.0.bb => boost_1.83.0.bb} | 0 > 3 files changed, 2 insertions(+), 2 deletions(-) > rename meta/recipes-support/boost/{boost-1.82.0.inc => boost-1.83.0.inc} > (90%) > rename meta/recipes-support/boost/{boost-build-native_1.82.0.bb => > boost-build-native_1.83.0.bb} (92%) > rename meta/recipes-support/boost/{boost_1.82.0.bb => boost_1.83.0.bb} (100%) > > diff --git a/meta/recipes-support/boost/boost-1.82.0.inc > b/meta/recipes-support/boost/boost-1.83.0.inc > similarity index 90% > rename from meta/recipes-support/boost/boost-1.82.0.inc > rename to meta/recipes-support/boost/boost-1.83.0.inc > index 39d3c9ce5da..da275f18c1f 100644 > --- a/meta/recipes-support/boost/boost-1.82.0.inc > +++ b/meta/recipes-support/boost/boost-1.83.0.inc > @@ -12,7 +12,7 @@ BOOST_MAJ = "${@"_".join(d.getVar("PV").split(".")[0:2])}" > BOOST_P = "boost_${BOOST_VER}" > > SRC_URI = > "https://boostorg.jfrog.io/artifactory/main/release/${PV}/source/${BOOST_P}.tar.bz2; > -SRC_URI[sha256sum] = > "a6e1ab9b0860e6a2881dd7b21fe9f737a095e5f33a3a874afc6a345228597ee6" > +SRC_URI[sha256sum] = > "6478edfe2f3305127cffe8caf73ea0176c53769f4bf1585be237eb30798c3b8e" > > UPSTREAM_CHECK_URI = "http://www.boost.org/users/download/; > UPSTREAM_CHECK_REGEX = "release/(?P.*)/source/" > diff --git a/meta/recipes-support/boost/boost-build-native_1.82.0.bb > b/meta/recipes-support/boost/boost-build-native_1.83.0.bb > similarity index 92% > rename from meta/recipes-support/boost/boost-build-native_1.82.0.bb > rename to meta/recipes-support/boost/boost-build-native_1.83.0.bb > index dcfb65e3d6e..a345bac4999 100644 > --- a/meta/recipes-support/boost/boost-build-native_1.82.0.bb > +++ b/meta/recipes-support/boost/boost-build-native_1.83.0.bb > @@ -7,7 +7,7 @@ LICENSE = "BSL-1.0" > LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=e4224ccaecb14d942c71d31bef20d78c" > > SRC_URI = "git://github.com/boostorg/build;protocol=https;branch=master" > -SRCREV = "9f488e003a568dffe0caed05d86ed6f1a8f8c7f3" > +SRCREV = "8d86b9a85407d73d6e8c631771f18c2a237d2d71" > PE = "1" > > UPSTREAM_CHECK_GITTAGREGEX = "boost-(?P(\d+(\.\d+)+))" > diff --git a/meta/recipes-support/boost/boost_1.82.0.bb > b/meta/recipes-support/boost/boost_1.83.0.bb > similarity index 100% > rename from meta/recipes-support/boost/boost_1.82.0.bb > rename to meta/recipes-support/boost/boost_1.83.0.bb > -- > 2.30.2 > > > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#188168): https://lists.openembedded.org/g/openembedded-core/message/188168 Mute This Topic: https://lists.openembedded.org/mt/101516856/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] systemd-boot-cfg: add .conf suffix to default entry label
Since systemd v245 (commit 6cd12ebcfe459466257ea63022a32515d756e719), systemd-boot expects default entry to have the complete filename as value. LABELS from poky are by default without any suffixes like "boot install", so default entry does not have the .conf suffix as well and systemd-boot is not able to use this information and it's starting in any case the first entry. To be able to start another entry by default, .conf suffix is required. With this change, LABELS variable can still be used by other bootloaders and being used as description field. Signed-off-by: Charles-Antoine Couret --- meta/classes-recipe/systemd-boot-cfg.bbclass | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/classes-recipe/systemd-boot-cfg.bbclass b/meta/classes-recipe/systemd-boot-cfg.bbclass index 366dd23738..12da41ebad 100644 --- a/meta/classes-recipe/systemd-boot-cfg.bbclass +++ b/meta/classes-recipe/systemd-boot-cfg.bbclass @@ -35,7 +35,7 @@ python build_efi_cfg() { bb.fatal('Unable to open %s' % cfile) cfgfile.write('# Automatically created by OE\n') -cfgfile.write('default %s\n' % (labels.split()[0])) +cfgfile.write('default %s.conf\n' % (labels.split()[0])) timeout = d.getVar('SYSTEMD_BOOT_TIMEOUT') if timeout: cfgfile.write('timeout %s\n' % timeout) -- 2.41.0 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#188167): https://lists.openembedded.org/g/openembedded-core/message/188167 Mute This Topic: https://lists.openembedded.org/mt/101565200/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] OpenEmbedded Happy Hour September 27 5pm/1700 UTC
All, A friendly reminder - our regular monthly OpenEmbedded Happy Hour is coming up in 3 days, on September 27 for Europe/Americas timezones @ 1700/5pm UTC (1pm ET/10am PT) https://www.openembedded.org/wiki/Calendar https://www.openembedded.org/wiki/Happy_Hours https://www.timeanddate.com/worldclock/fixedtime.html?msg=OpenEmbedded+Happy+Hour+September+27=20230927T17 Since there were multiple confusions with time conversions to different timezones lately, please note the last link above, that's been provided for years, pointing to the actual event and allowing you to look up exact time for your location. Best regards, Denys Dmytriyenko OpenEmbedded Board of Directors -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#188166): https://lists.openembedded.org/g/openembedded-core/message/188166 Mute This Topic: https://lists.openembedded.org/mt/101562454/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core][PATCH] create-spdx/sbom: Ensure files don't overlap between machines
Hi Joshua On master-next poky, I am seeing a failure in usb-modeswitch do_create_runtime_spdx from meta-oe (. musl/qemuarm64 ) https://errors.yoctoproject.org/Errors/Build/172015/ building individually works ok. So perhaps some sort of race ? Another issue similar to this I see is in qtwayland-native from meta-qt6 ( machine glibc/rpi4-64 ) ERROR: qtwayland-native-6.5.3-r0 do_create_spdx: Cannot find any SPDX file for recipe wayland-native, True sstate:wayland-native:x86_64-linux:1.22.0:r0:x86_64:11: sstate:wayland-native::1.22.0:r0::11: detailed log https://snips.sh/f/Kaupf_5AJU Any ideas ? On Thu, Sep 21, 2023 at 8:09 AM Joshua Watt wrote: > > From: Richard Purdie > > Currently the by-id and by-namespace SPDX files are created without reference > to PACKAGE_ARCH. This means that for two machines using a common package > architecture > (e.g. genericx86-64 and qqemux86-64), there would be overlapping files. This > means > that the build of one can remove files from the other leading to build > failures. An > example would be: > > MACHINE=qemux86-64 bitbake core-image-minimal > MACHINE=genericx86-64 bitbake core-image-minimal > MACHINE=qemux86-64 bitbake linux-yocto -c clean > MACHINE=genericx86-64 bitbake core-image-minimal -C rootfs > > To fix this, add PACKAGE_ARCH to the path used for the files and use a search > path based upon PACKAGE_ARCHS to access them. > > Signed-off-by: Richard Purdie > Signed-off-by: Joshua Watt > --- > meta/classes/create-spdx-2.2.bbclass | 41 > meta/lib/oe/sbom.py | 34 ++- > 2 files changed, 57 insertions(+), 18 deletions(-) > > diff --git a/meta/classes/create-spdx-2.2.bbclass > b/meta/classes/create-spdx-2.2.bbclass > index 9b28d124c78..a2b96da61a9 100644 > --- a/meta/classes/create-spdx-2.2.bbclass > +++ b/meta/classes/create-spdx-2.2.bbclass > @@ -349,6 +349,8 @@ def collect_dep_recipes(d, doc, spdx_recipe): > > deploy_dir_spdx = Path(d.getVar("DEPLOY_DIR_SPDX")) > spdx_deps_file = Path(d.getVar("SPDXDEPS")) > +package_archs = d.getVar("SSTATE_ARCHS").split() > +package_archs.reverse() > > dep_recipes = [] > > @@ -356,7 +358,9 @@ def collect_dep_recipes(d, doc, spdx_recipe): > deps = json.load(f) > > for dep_pn, dep_hashfn in deps: > -dep_recipe_path = oe.sbom.doc_path_by_hashfn(deploy_dir_spdx, > "recipe-" + dep_pn, dep_hashfn) > +dep_recipe_path = oe.sbom.doc_find_by_hashfn(deploy_dir_spdx, > package_archs, "recipe-" + dep_pn, dep_hashfn) > +if not dep_recipe_path: > +bb.fatal("Cannot find any SPDX file for recipe %s, %s" % > (dep_pn, dep_hashfn)) > > spdx_dep_doc, spdx_dep_sha1 = oe.sbom.read_doc(dep_recipe_path) > > @@ -385,6 +389,7 @@ def collect_dep_recipes(d, doc, spdx_recipe): > > return dep_recipes > > +collect_dep_recipes[vardepsexclude] = "SSTATE_ARCHS" > > def collect_dep_sources(d, dep_recipes): > import oe.sbom > @@ -533,6 +538,7 @@ python do_create_spdx() { > include_sources = d.getVar("SPDX_INCLUDE_SOURCES") == "1" > archive_sources = d.getVar("SPDX_ARCHIVE_SOURCES") == "1" > archive_packaged = d.getVar("SPDX_ARCHIVE_PACKAGED") == "1" > +pkg_arch = d.getVar("SSTATE_PKGARCH") > > creation_time = > datetime.now(tz=timezone.utc).strftime("%Y-%m-%dT%H:%M:%SZ") > > @@ -620,7 +626,7 @@ python do_create_spdx() { > > dep_recipes = collect_dep_recipes(d, doc, recipe) > > -doc_sha1 = oe.sbom.write_doc(d, doc, d.getVar("SSTATE_PKGARCH"), > "recipes", indent=get_json_indent(d)) > +doc_sha1 = oe.sbom.write_doc(d, doc, pkg_arch, "recipes", > indent=get_json_indent(d)) > dep_recipes.append(oe.sbom.DepRecipe(doc, doc_sha1, recipe)) > > recipe_ref = oe.spdx.SPDXExternalDocumentRef() > @@ -685,7 +691,7 @@ python do_create_spdx() { > > add_package_sources_from_debug(d, package_doc, spdx_package, > package, package_files, sources) > > -oe.sbom.write_doc(d, package_doc, d.getVar("SSTATE_PKGARCH"), > "packages", indent=get_json_indent(d)) > +oe.sbom.write_doc(d, package_doc, pkg_arch, "packages", > indent=get_json_indent(d)) > } > do_create_spdx[vardepsexclude] += "BB_NUMBER_THREADS" > # NOTE: depending on do_unpack is a hack that is necessary to get it's > dependencies for archive the source > @@ -756,6 +762,9 @@ python do_create_runtime_spdx() { > creation_time = > datetime.now(tz=timezone.utc).strftime("%Y-%m-%dT%H:%M:%SZ") > > providers = collect_package_providers(d) > +pkg_arch = d.getVar("SSTATE_PKGARCH") > +package_archs = d.getVar("SSTATE_ARCHS").split() > +package_archs.reverse() > > if not is_native: > bb.build.exec_func("read_subpackage_metadata", d) > @@ -772,7 +781,7 @@ python do_create_runtime_spdx() { > if not oe.packagedata.packaged(package, localdata): > continue > > -pkg_spdx_path =
[OE-core] [mickledore][PATCH v2] glibc: fix CVE-2023-4527
From: Yash Shinde Upstream-Status: Backport[https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=4ea972b7edd7e36610e8cde18bf7a8149d7bac4f] Signed-off-by: Yash Shinde --- .../glibc/glibc/0023-CVE-2023-4527.patch | 219 ++ meta/recipes-core/glibc/glibc_2.37.bb | 1 + 2 files changed, 220 insertions(+) create mode 100644 meta/recipes-core/glibc/glibc/0023-CVE-2023-4527.patch diff --git a/meta/recipes-core/glibc/glibc/0023-CVE-2023-4527.patch b/meta/recipes-core/glibc/glibc/0023-CVE-2023-4527.patch new file mode 100644 index 00..211249211a --- /dev/null +++ b/meta/recipes-core/glibc/glibc/0023-CVE-2023-4527.patch @@ -0,0 +1,219 @@ +From 4ea972b7edd7e36610e8cde18bf7a8149d7bac4f Mon Sep 17 00:00:00 2001 +From: Florian Weimer +Date: Wed, 13 Sep 2023 14:10:56 +0200 +Subject: [PATCH] CVE-2023-4527: Stack read overflow with large TCP responses + in no- mode + +Without passing alt_dns_packet_buffer, __res_context_search can only +store 2048 bytes (what fits into dns_packet_buffer). However, +the function returns the total packet size, and the subsequent +DNS parsing code in _nss_dns_gethostbyname4_r reads beyond the end +of the stack-allocated buffer. + +Fixes commit f282cdbe7f436c75864e5640a4 ("resolv: Implement no- +stub resolver option") and bug 30842. + +(cherry picked from commit bd77dd7e73e3530203be1c52c8a29d08270cb25d) + +Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=4ea972b7edd7e36610e8cde18bf7a8149d7bac4f] +CVE: CVE-2023-4527 + +Signed-off-by: Yash Shinde + +--- + NEWS | 7 ++ + resolv/Makefile | 2 + + resolv/nss_dns/dns-host.c | 2 +- + resolv/tst-resolv-no-vc.c | 129 ++ + 4 files changed, 139 insertions(+), 1 deletion(-) + create mode 100644 resolv/tst-resolv-no-vc.c + +diff --git a/NEWS b/NEWS +--- a/NEWS b/NEWS +@@ -25,6 +25,7 @@ + [30101] gmon: fix memory corruption issues + [30125] dynamic-link: [regression, bisected] glibc-2.37 creates new + symlink for libraries without soname ++ [30842] Stack read overflow in getaddrinfo in no- mode (CVE-2023-4527) + [30151] gshadow: Matching sgetsgent, sgetsgent_r ERANGE handling + [30163] posix: Fix system blocks SIGCHLD erroneously + [30305] x86_64: Fix asm constraints in feraiseexcept +@@ -54,6 +55,12 @@ + heap and prints it to the target log file, potentially revealing a + portion of the contents of the heap. + ++ CVE-2023-4527: If the system is configured in no- mode via ++ /etc/resolv.conf, getaddrinfo is called for the AF_UNSPEC address ++ family, and a DNS response is received over TCP that is larger than ++ 2048 bytes, getaddrinfo may potentially disclose stack contents via ++ the returned address data, or crash. ++ + The following bugs are resolved with this release: + + [12154] network: Cannot resolve hosts which have wildcard aliases +diff --git a/resolv/Makefile b/resolv/Makefile +--- a/resolv/Makefile b/resolv/Makefile +@@ -101,6 +101,7 @@ + tst-resolv-invalid-cname \ + tst-resolv-network \ + tst-resolv-no \ ++ tst-resolv-no-vc \ + tst-resolv-nondecimal \ + tst-resolv-res_init-multi \ + tst-resolv-search \ +@@ -292,6 +293,7 @@ + $(objpfx)tst-resolv-invalid-cname: $(objpfx)libresolv.so \ + $(shared-thread-library) + $(objpfx)tst-resolv-no: $(objpfx)libresolv.so $(shared-thread-library) ++$(objpfx)tst-resolv-no-vc: $(objpfx)libresolv.so $(shared-thread-library) + $(objpfx)tst-resolv-nondecimal: $(objpfx)libresolv.so $(shared-thread-library) + $(objpfx)tst-resolv-qtypes: $(objpfx)libresolv.so $(shared-thread-library) + $(objpfx)tst-resolv-rotate: $(objpfx)libresolv.so $(shared-thread-library) +diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c +--- a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c +@@ -427,7 +427,7 @@ + { + n = __res_context_search (ctx, name, C_IN, T_A, + dns_packet_buffer, sizeof (dns_packet_buffer), +- NULL, NULL, NULL, NULL, NULL); ++ _dns_packet_buffer, NULL, NULL, NULL, NULL); + if (n >= 0) + status = gaih_getanswer_no (alt_dns_packet_buffer, n, + , pat, errnop, herrnop, ttlp); +diff --git a/resolv/tst-resolv-no-vc.c b/resolv/tst-resolv-no-vc.c +new file mode 100644 +--- /dev/null b/resolv/tst-resolv-no-vc.c +@@ -0,0 +1,129 @@ ++/* Test the RES_NO resolver option with a large response. ++ Copyright (C) 2022-2023 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C
[OE-core] [PATCH v2] glibc: fix CVE-2023-4527
From: Yash Shinde Upstream-Status: Backport[https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=4ea972b7edd7e36610e8cde18bf7a8149d7bac4f] Signed-off-by: Yash Shinde --- .../glibc/glibc/0024-CVE-2023-4527.patch | 219 ++ meta/recipes-core/glibc/glibc_2.38.bb | 1 + 2 files changed, 220 insertions(+) create mode 100644 meta/recipes-core/glibc/glibc/0024-CVE-2023-4527.patch diff --git a/meta/recipes-core/glibc/glibc/0024-CVE-2023-4527.patch b/meta/recipes-core/glibc/glibc/0024-CVE-2023-4527.patch new file mode 100644 index 00..7d9adf6a66 --- /dev/null +++ b/meta/recipes-core/glibc/glibc/0024-CVE-2023-4527.patch @@ -0,0 +1,219 @@ +From 4ea972b7edd7e36610e8cde18bf7a8149d7bac4f Mon Sep 17 00:00:00 2001 +From: Florian Weimer +Date: Wed, 13 Sep 2023 14:10:56 +0200 +Subject: [PATCH] CVE-2023-4527: Stack read overflow with large TCP responses + in no- mode + +Without passing alt_dns_packet_buffer, __res_context_search can only +store 2048 bytes (what fits into dns_packet_buffer). However, +the function returns the total packet size, and the subsequent +DNS parsing code in _nss_dns_gethostbyname4_r reads beyond the end +of the stack-allocated buffer. + +Fixes commit f282cdbe7f436c75864e5640a4 ("resolv: Implement no- +stub resolver option") and bug 30842. + +(cherry picked from commit bd77dd7e73e3530203be1c52c8a29d08270cb25d) + +Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=4ea972b7edd7e36610e8cde18bf7a8149d7bac4f] +CVE: CVE-2023-4527 + +Signed-off-by: Yash Shinde + +--- + NEWS | 7 ++ + resolv/Makefile | 2 + + resolv/nss_dns/dns-host.c | 2 +- + resolv/tst-resolv-no-vc.c | 129 ++ + 4 files changed, 139 insertions(+), 1 deletion(-) + create mode 100644 resolv/tst-resolv-no-vc.c + +diff --git a/NEWS b/NEWS +--- a/NEWS b/NEWS +@@ -126,6 +126,7 @@ + [30477] libc: [RISCV]: time64 does not work on riscv32 + [30515] dynamic-link: _dl_find_object incorrectly returns 1 during + early startup ++ [30842] Stack read overflow in getaddrinfo in no- mode (CVE-2023-4527) + [30527] network: resolv_conf lock not unlocked on allocation failure + [30550] math: powerpc64le: GCC-specific code for isinf() is being used + on clang +@@ -157,6 +158,12 @@ + heap and prints it to the target log file, potentially revealing a + portion of the contents of the heap. + ++ CVE-2023-4527: If the system is configured in no- mode via ++ /etc/resolv.conf, getaddrinfo is called for the AF_UNSPEC address ++ family, and a DNS response is received over TCP that is larger than ++ 2048 bytes, getaddrinfo may potentially disclose stack contents via ++ the returned address data, or crash. ++ + The following bugs are resolved with this release: + + [12154] network: Cannot resolve hosts which have wildcard aliases +diff --git a/resolv/Makefile b/resolv/Makefile +--- a/resolv/Makefile b/resolv/Makefile +@@ -102,6 +102,7 @@ + tst-resolv-invalid-cname \ + tst-resolv-network \ + tst-resolv-no \ ++ tst-resolv-no-vc \ + tst-resolv-nondecimal \ + tst-resolv-res_init-multi \ + tst-resolv-search \ +@@ -293,6 +294,7 @@ + $(objpfx)tst-resolv-invalid-cname: $(objpfx)libresolv.so \ + $(shared-thread-library) + $(objpfx)tst-resolv-no: $(objpfx)libresolv.so $(shared-thread-library) ++$(objpfx)tst-resolv-no-vc: $(objpfx)libresolv.so $(shared-thread-library) + $(objpfx)tst-resolv-nondecimal: $(objpfx)libresolv.so $(shared-thread-library) + $(objpfx)tst-resolv-qtypes: $(objpfx)libresolv.so $(shared-thread-library) + $(objpfx)tst-resolv-rotate: $(objpfx)libresolv.so $(shared-thread-library) +diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c +--- a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c +@@ -427,7 +427,7 @@ _nss_dns_gethostbyname4_r (const char *name, struct gaih_addrtuple **pat, + { + n = __res_context_search (ctx, name, C_IN, T_A, + dns_packet_buffer, sizeof (dns_packet_buffer), +- NULL, NULL, NULL, NULL, NULL); ++ _dns_packet_buffer, NULL, NULL, NULL, NULL); + if (n >= 0) + status = gaih_getanswer_no (alt_dns_packet_buffer, n, + , pat, errnop, herrnop, ttlp); +diff --git a/resolv/tst-resolv-no-vc.c b/resolv/tst-resolv-no-vc.c +new file mode 100644 +--- /dev/null b/resolv/tst-resolv-no-vc.c +@@ -0,0 +1,129 @@ ++/* Test the RES_NO resolver option with a large response. ++ Copyright (C) 2022-2023 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your
[OE-core] OE-core CVE metrics for mickledore on Sun 24 Sep 2023 04:00:01 AM HST
Branch: mickledore New this week: 13 CVEs CVE-2023-25584 (CVSS3: 7.1 HIGH): binutils:binutils-cross-testsuite:binutils-cross-x86_64 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25584 * CVE-2023-25585 (CVSS3: 5.5 MEDIUM): binutils:binutils-cross-testsuite:binutils-cross-x86_64 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25585 * CVE-2023-25588 (CVSS3: 5.5 MEDIUM): binutils:binutils-cross-testsuite:binutils-cross-x86_64 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25588 * CVE-2023-2680 (CVSS3: 8.2 HIGH): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2680 * CVE-2023-32643 (CVSS3: 7.8 HIGH): glib-2.0:glib-2.0-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32643 * CVE-2023-3341 (CVSS3: 7.5 HIGH): bind https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3341 * CVE-2023-38039 (CVSS3: 7.5 HIGH): curl:curl-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38039 * CVE-2023-4039 (CVSS3: 4.8 MEDIUM): gcc:gcc-cross-x86_64:gcc-runtime:gcc-sanitizers:libgcc:libgcc-initial https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4039 * CVE-2023-4155 (CVSS3: 5.6 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4155 * CVE-2023-4236 (CVSS3: 7.5 HIGH): bind https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4236 * CVE-2023-43115 (CVSS3: 9.8 CRITICAL): ghostscript:ghostscript-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43115 * CVE-2023-4527 (CVSS3: 6.5 MEDIUM): glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4527 * CVE-2023-4863 (CVSS3: 8.8 HIGH): libwebp https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4863 * Removed this week: 11 CVEs CVE-2023-3354 (CVSS3: 7.5 HIGH): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3354 * CVE-2023-4039 (CVSS3: 4.8 MEDIUM): gcc:gcc-cross-x86_64:gcc-runtime:gcc-sanitizers:gcc-source-12.3.0:libgcc:libgcc-initial https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4039 * CVE-2023-4733 (CVSS3: 7.8 HIGH): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4733 * CVE-2023-4734 (CVSS3: 7.8 HIGH): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4734 * CVE-2023-4735 (CVSS3: 7.8 HIGH): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4735 * CVE-2023-4736 (CVSS3: 7.8 HIGH): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4736 * CVE-2023-4738 (CVSS3: 7.8 HIGH): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4738 * CVE-2023-4750 (CVSS3: 7.8 HIGH): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4750 * CVE-2023-4752 (CVSS3: 7.8 HIGH): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4752 * CVE-2023-4781 (CVSS3: 7.8 HIGH): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4781 * CVE-2023-4881 (CVSS3: N/A): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4881 * Full list: Found 78 unpatched CVEs CVE-2020-11935 (CVSS3: 5.5 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11935 * CVE-2021-3714 (CVSS3: 7.5 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3714 * CVE-2021-3864 (CVSS3: 7.0 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3864 * CVE-2022-0400 (CVSS3: 7.5 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0400 * CVE-2022-1247 (CVSS3: 7.0 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1247 * CVE-2022-3219 (CVSS3: 3.3 LOW): gnupg:gnupg-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3219 * CVE-2022-33065 (CVSS3: 7.8 HIGH): libsndfile1 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-33065 * CVE-2022-3533 (CVSS3: 5.7 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3533 * CVE-2022-3606 (CVSS3: 5.5 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3606 * CVE-2022-36402 (CVSS3: 5.5 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36402 * CVE-2022-38096 (CVSS3: 5.5 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-38096 * CVE-2022-3964 (CVSS3: 8.1 HIGH): ffmpeg https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3964 * CVE-2022-3965 (CVSS3: 8.1 HIGH): ffmpeg https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3965 * CVE-2022-4543 (CVSS3: 5.5 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4543 * CVE-2022-46456 (CVSS3: 6.1 MEDIUM): nasm:nasm-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46456 * CVE-2022-48502 (CVSS3: 7.1 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48502 * CVE-2023-0160 (CVSS3: 5.5 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0160 * CVE-2023-1206
[OE-core] OE-core CVE metrics for kirkstone on Sun 24 Sep 2023 03:00:01 AM HST
Branch: kirkstone New this week: 8 CVEs CVE-2023-2680 (CVSS3: 8.2 HIGH): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2680 * CVE-2023-3341 (CVSS3: 7.5 HIGH): bind https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3341 * CVE-2023-4039 (CVSS3: 4.8 MEDIUM): gcc:gcc-cross-x86_64:gcc-runtime:gcc-sanitizers:libgcc:libgcc-initial https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4039 * CVE-2023-4236 (CVSS3: 7.5 HIGH): bind https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4236 * CVE-2023-43115 (CVSS3: 9.8 CRITICAL): ghostscript:ghostscript-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43115 * CVE-2023-4527 (CVSS3: 6.5 MEDIUM): glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4527 * CVE-2023-4813 (CVSS3: 5.9 MEDIUM): glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4813 * CVE-2023-4863 (CVSS3: 8.8 HIGH): libwebp https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4863 * Removed this week: 14 CVEs CVE-2020-22219 (CVSS3: 7.8 HIGH): flac https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-22219 * CVE-2022-3563 (CVSS3: 5.7 MEDIUM): bluez5 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3563 * CVE-2022-3637 (CVSS3: 5.5 MEDIUM): bluez5 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3637 * CVE-2022-48065 (CVSS3: 5.5 MEDIUM): binutils:binutils-cross-testsuite:binutils-cross-x86_64 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48065 * CVE-2023-39319 (CVSS3: 6.1 MEDIUM): go https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39319 * CVE-2023-4039 (CVSS3: 4.8 MEDIUM): gcc:gcc-cross-x86_64:gcc-runtime:gcc-sanitizers:gcc-source-11.4.0:libgcc:libgcc-initial https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4039 * CVE-2023-4733 (CVSS3: 7.8 HIGH): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4733 * CVE-2023-4734 (CVSS3: 7.8 HIGH): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4734 * CVE-2023-4735 (CVSS3: 7.8 HIGH): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4735 * CVE-2023-4736 (CVSS3: 7.8 HIGH): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4736 * CVE-2023-4738 (CVSS3: 7.8 HIGH): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4738 * CVE-2023-4750 (CVSS3: 7.8 HIGH): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4750 * CVE-2023-4752 (CVSS3: 7.8 HIGH): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4752 * CVE-2023-4781 (CVSS3: 7.8 HIGH): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4781 * Full list: Found 50 unpatched CVEs CVE-2021-35937 (CVSS3: 6.4 MEDIUM): rpm:rpm-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35937 * CVE-2021-35938 (CVSS3: 6.7 MEDIUM): rpm:rpm-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35938 * CVE-2021-35939 (CVSS3: 6.7 MEDIUM): rpm:rpm-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35939 * CVE-2022-3219 (CVSS3: 3.3 LOW): gnupg:gnupg-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3219 * CVE-2022-33065 (CVSS3: 7.8 HIGH): libsndfile1 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-33065 * CVE-2022-3515 (CVSS3: 9.8 CRITICAL): gnupg:gnupg-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3515 * CVE-2022-3553 (CVSS3: 6.5 MEDIUM): xserver-xorg https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3553 * CVE-2022-36648 (CVSS3: 10.0 CRITICAL): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36648 * CVE-2022-3872 (CVSS3: 8.6 HIGH): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3872 * CVE-2022-3964 (CVSS3: 8.1 HIGH): ffmpeg https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3964 * CVE-2022-3965 (CVSS3: 8.1 HIGH): ffmpeg https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3965 * CVE-2022-40090 (CVSS3: 6.5 MEDIUM): tiff https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40090 * CVE-2022-4055 (CVSS3: 7.4 HIGH): xdg-utils https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4055 * CVE-2022-44840 (CVSS3: 7.8 HIGH): binutils:binutils-cross-testsuite:binutils-cross-x86_64 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-44840 * CVE-2022-45703 (CVSS3: 7.8 HIGH): binutils:binutils-cross-testsuite:binutils-cross-x86_64 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-45703 * CVE-2022-47007 (CVSS3: 5.5 MEDIUM): binutils:binutils-cross-testsuite:binutils-cross-x86_64 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-47007 * CVE-2022-47008 (CVSS3: 5.5 MEDIUM): binutils:binutils-cross-testsuite:binutils-cross-x86_64 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-47008 * CVE-2022-47010 (CVSS3: 5.5 MEDIUM): binutils:binutils-cross-testsuite:binutils-cross-x86_64
[OE-core] OE-core CVE metrics for dunfell on Sun 24 Sep 2023 02:00:01 AM HST
Branch: dunfell New this week: 12 CVEs CVE-2023-25584 (CVSS3: 7.1 HIGH): binutils:binutils-cross-testsuite:binutils-cross-x86_64:binutils-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25584 * CVE-2023-2680 (CVSS3: 8.2 HIGH): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2680 * CVE-2023-29499 (CVSS3: 7.5 HIGH): glib-2.0:glib-2.0-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29499 * CVE-2023-32611 (CVSS3: 5.5 MEDIUM): glib-2.0:glib-2.0-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32611 * CVE-2023-32636 (CVSS3: 7.5 HIGH): glib-2.0:glib-2.0-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32636 * CVE-2023-32643 (CVSS3: 7.8 HIGH): glib-2.0:glib-2.0-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32643 * CVE-2023-32665 (CVSS3: 5.5 MEDIUM): glib-2.0:glib-2.0-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32665 * CVE-2023-3341 (CVSS3: 7.5 HIGH): bind https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3341 * CVE-2023-43115 (CVSS3: 9.8 CRITICAL): ghostscript:ghostscript-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43115 * CVE-2023-4527 (CVSS3: 6.5 MEDIUM): glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4527 * CVE-2023-4813 (CVSS3: 5.9 MEDIUM): glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4813 * CVE-2023-4863 (CVSS3: 8.8 HIGH): libwebp https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4863 * Removed this week: 0 CVEs Full list: Found 148 unpatched CVEs CVE-2020-15705 (CVSS3: 6.4 MEDIUM): grub:grub-efi:grub-efi-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15705 * CVE-2020-21686 (CVSS3: 5.5 MEDIUM): nasm:nasm-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-21686 * CVE-2020-22219 (CVSS3: 7.8 HIGH): flac https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-22219 * CVE-2020-24165 (CVSS3: 8.8 HIGH): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24165 * CVE-2020-25742 (CVSS3: 3.2 LOW): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25742 * CVE-2020-25743 (CVSS3: 3.2 LOW): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25743 * CVE-2020-27918 (CVSS3: 7.8 HIGH): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27918 * CVE-2020-29623 (CVSS3: 3.3 LOW): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29623 * CVE-2020-35503 (CVSS3: 6.0 MEDIUM): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35503 * CVE-2020-35506 (CVSS3: 6.7 MEDIUM): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35506 * CVE-2020-9948 (CVSS3: 8.8 HIGH): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9948 * CVE-2020-9951 (CVSS3: 8.8 HIGH): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9951 * CVE-2020-9952 (CVSS3: 7.1 HIGH): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9952 * CVE-2021-1765 (CVSS3: 6.5 MEDIUM): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1765 * CVE-2021-1789 (CVSS3: 8.8 HIGH): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1789 * CVE-2021-1799 (CVSS3: 6.5 MEDIUM): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1799 * CVE-2021-1801 (CVSS3: 6.5 MEDIUM): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1801 * CVE-2021-1870 (CVSS3: 9.8 CRITICAL): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1870 * CVE-2021-20269 (CVSS3: 5.5 MEDIUM): kexec-tools https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20269 * CVE-2021-20295 (CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20295 * CVE-2021-27097 (CVSS3: 7.8 HIGH): u-boot https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27097 * CVE-2021-27138 (CVSS3: 7.8 HIGH): u-boot https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27138 * CVE-2021-31879 (CVSS3: 6.1 MEDIUM): wget https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31879 * CVE-2021-32292 (CVSS3: 9.8 CRITICAL): json-c https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32292 * CVE-2021-3418 (CVSS3: 6.4 MEDIUM): grub:grub-efi:grub-efi-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3418 * CVE-2021-3445 (CVSS3: 7.5 HIGH): libdnf https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3445 * CVE-2021-35937 (CVSS3: 6.4 MEDIUM): rpm:rpm-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35937 * CVE-2021-35938 (CVSS3: 6.7 MEDIUM): rpm:rpm-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35938 * CVE-2021-35939 (CVSS3: 6.7 MEDIUM): rpm:rpm-native
[OE-core] OE-core CVE metrics for master on Sun 24 Sep 2023 01:00:01 AM HST
Branch: master New this week: 6 CVEs CVE-2023-25584 (CVSS3: 7.1 HIGH): binutils:binutils-cross-testsuite:binutils-cross-x86_64:binutils-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25584 * CVE-2023-2680 (CVSS3: 8.2 HIGH): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2680 * CVE-2023-3341 (CVSS3: 7.5 HIGH): bind https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3341 * CVE-2023-38039 (CVSS3: 7.5 HIGH): curl:curl-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38039 * CVE-2023-43115 (CVSS3: 9.8 CRITICAL): ghostscript https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43115 * CVE-2023-4527 (CVSS3: 6.5 MEDIUM): glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4527 * Removed this week: 12 CVEs CVE-2022-3563 (CVSS3: 5.7 MEDIUM): bluez5 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3563 * CVE-2022-3637 (CVSS3: 5.5 MEDIUM): bluez5 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3637 * CVE-2023-3777 (CVSS3: 7.8 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3777 * CVE-2023-4015 (CVSS3: 7.8 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4015 * CVE-2023-4206 (CVSS3: 7.8 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4206 * CVE-2023-4207 (CVSS3: 7.8 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4207 * CVE-2023-4208 (CVSS3: 7.8 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4208 * CVE-2023-4244 (CVSS3: 7.0 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4244 * CVE-2023-4569 (CVSS3: 5.5 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4569 * CVE-2023-4611 (CVSS3: 6.3 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4611 * CVE-2023-4807 (CVSS3: 7.8 HIGH): openssl:openssl-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4807 * CVE-2023-4881 (CVSS3: N/A): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4881 * Full list: Found 35 unpatched CVEs CVE-2019-14899 (CVSS3: 7.4 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14899 * CVE-2021-3714 (CVSS3: 7.5 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3714 * CVE-2021-3864 (CVSS3: 7.0 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3864 * CVE-2022-0400 (CVSS3: 7.5 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0400 * CVE-2022-1247 (CVSS3: 7.0 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1247 * CVE-2022-3219 (CVSS3: 3.3 LOW): gnupg:gnupg-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3219 * CVE-2022-33065 (CVSS3: 7.8 HIGH): libsndfile1 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-33065 * CVE-2022-36402 (CVSS3: 5.5 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36402 * CVE-2022-38096 (CVSS3: 5.5 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-38096 * CVE-2022-4543 (CVSS3: 5.5 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4543 * CVE-2022-46456 (CVSS3: 6.1 MEDIUM): nasm:nasm-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46456 * CVE-2023-0687 (CVSS3: 9.8 CRITICAL): glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0687 * CVE-2023-1386 (CVSS3: 7.8 HIGH): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1386 * CVE-2023-25584 (CVSS3: 7.1 HIGH): binutils:binutils-cross-testsuite:binutils-cross-x86_64:binutils-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25584 * CVE-2023-2680 (CVSS3: 8.2 HIGH): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2680 * CVE-2023-28736 (CVSS3: 6.7 MEDIUM): mdadm https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28736 * CVE-2023-28938 (CVSS3: 4.4 MEDIUM): mdadm https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28938 * CVE-2023-3019 (CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3019 * CVE-2023-3180 (CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3180 * CVE-2023-3341 (CVSS3: 7.5 HIGH): bind https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3341 * CVE-2023-3354 (CVSS3: 7.5 HIGH): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3354 * CVE-2023-3640 (CVSS3: 7.8 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3640 * CVE-2023-36664 (CVSS3: 7.8 HIGH): ghostscript https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-36664 * CVE-2023-37769 (CVSS3: 6.5 MEDIUM):
Re: [OE-core] [PATCH 3/6] sstate: Stop allowing overlapping symlinks from sstate
On Sun, 2023-09-24 at 11:14 +0200, Martin Jansa wrote: > Just FYI I think this change is now causing few more recipes to be mutually > exclusive, when they build the same library (even when it's packaged in > differently named package), in world builds I'm seeing e.g. libslirp and > libslirp-virt (from meta-virtualization) causing packagedata failure for one > of them (depending which one was built second): > > DEBUG: Staging files from > TOPDIR/BUILD/work/raspberrypi4_64-oe-linux/libslirp-virt/4.6.1+git/pkgdata-pdata-input > to TOPDIR/BUILD/pkgdata/raspberrypi4-64 > ERROR: Recipe libslirp-virt is trying to install files into a shared area > when those files already exist. The files and the manifests listing them are: > TOPDIR/BUILD/pkgdata/raspberrypi4-64/runtime-reverse/libslirp-dev > (matched in manifest-raspberrypi4_64-libslirp.packagedata) > TOPDIR/BUILD/pkgdata/raspberrypi4-64/runtime-reverse/libslirp0 > (matched in manifest-raspberrypi4_64-libslirp.packagedata) > TOPDIR/BUILD/pkgdata/raspberrypi4-64/runtime-reverse/libslirp-dbg > (matched in manifest-raspberrypi4_64-libslirp.packagedata) > TOPDIR/BUILD/pkgdata/raspberrypi4-64/runtime-reverse/libslirp-src > (matched in manifest-raspberrypi4_64-libslirp.packagedata) > Please adjust the recipes so only one recipe provides a given file. > DEBUG: Python function sstate_task_postfunc finished > > Bruce is 4.6.1 version in meta-virtualization still needed or can you update > to libslirp 4.7.0 from oe-core? > From the git log > https://git.yoctoproject.org/meta-virtualization/log/recipes-networking/slirp > it looks like it was originally imported from meta-retro and later renamed > from libslirp to libslirt-virt until the oe-core version is validated in > runtime. > > And I'm seeing the same with some internal recipes (e.g. we have faultmanager > recipe which provides libfm - completely different from libfm from oe-core, > just library name coincidence). This might be safe to exclude due to the way pkgdata works, it is handled per workdir now. I'd need to check a few things but offhand I think it will be ok to allow specifically. Cheers, Richard -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#188158): https://lists.openembedded.org/g/openembedded-core/message/188158 Mute This Topic: https://lists.openembedded.org/mt/101475773/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH 3/6] sstate: Stop allowing overlapping symlinks from sstate
Just FYI I think this change is now causing few more recipes to be mutually exclusive, when they build the same library (even when it's packaged in differently named package), in world builds I'm seeing e.g. libslirp and libslirp-virt (from meta-virtualization) causing packagedata failure for one of them (depending which one was built second): DEBUG: Staging files from TOPDIR/BUILD/work/raspberrypi4_64-oe-linux/libslirp-virt/4.6.1+git/pkgdata-pdata-input to TOPDIR/BUILD/pkgdata/raspberrypi4-64 ERROR: Recipe libslirp-virt is trying to install files into a shared area when those files already exist. The files and the manifests listing them are: TOPDIR/BUILD/pkgdata/raspberrypi4-64/runtime-reverse/libslirp-dev (matched in manifest-raspberrypi4_64-libslirp.packagedata) TOPDIR/BUILD/pkgdata/raspberrypi4-64/runtime-reverse/libslirp0 (matched in manifest-raspberrypi4_64-libslirp.packagedata) TOPDIR/BUILD/pkgdata/raspberrypi4-64/runtime-reverse/libslirp-dbg (matched in manifest-raspberrypi4_64-libslirp.packagedata) TOPDIR/BUILD/pkgdata/raspberrypi4-64/runtime-reverse/libslirp-src (matched in manifest-raspberrypi4_64-libslirp.packagedata) Please adjust the recipes so only one recipe provides a given file. DEBUG: Python function sstate_task_postfunc finished Bruce is 4.6.1 version in meta-virtualization still needed or can you update to libslirp 4.7.0 from oe-core? >From the git log https://git.yoctoproject.org/meta-virtualization/log/recipes-networking/slirp it looks like it was originally imported from meta-retro and later renamed from libslirp to libslirt-virt until the oe-core version is validated in runtime. And I'm seeing the same with some internal recipes (e.g. we have faultmanager recipe which provides libfm - completely different from libfm from oe-core, just library name coincidence). Cheers, On Wed, Sep 20, 2023 at 12:58 PM Richard Purdie < richard.pur...@linuxfoundation.org> wrote: > When originally implemented, overlapping symlinks in DEPLOY_DIR were > common. That > is no longer the case and these overlapping links are causing bugs in > other areas > (e.g. bug 14123). > > Therefore start showing errors for overlapping symlinks in shared areas. > Whilst here, > fix a broken file reference in the grep command to match current file > layouts and > update the message shown to users to match current times. Most of the > message content > is obsolete now due to other advances and changes in the way the staging > code > now works. > > Signed-off-by: Richard Purdie > --- > meta/classes-global/sstate.bbclass | 30 ++ > 1 file changed, 6 insertions(+), 24 deletions(-) > > diff --git a/meta/classes-global/sstate.bbclass > b/meta/classes-global/sstate.bbclass > index 706c2ae9388..afcda2980b3 100644 > --- a/meta/classes-global/sstate.bbclass > +++ b/meta/classes-global/sstate.bbclass > @@ -266,7 +266,7 @@ def sstate_install(ss, d): > overlap_allowed = (d.getVar("SSTATE_ALLOW_OVERLAP_FILES") or > "").split() > match = [] > for f in sharedfiles: > -if os.path.exists(f) and not os.path.islink(f): > +if os.path.exists(f): > f = os.path.normpath(f) > realmatch = True > for w in overlap_allowed: > @@ -276,36 +276,18 @@ def sstate_install(ss, d): > break > if realmatch: > match.append(f) > -sstate_search_cmd = "grep -rlF '%s' %s > --exclude=master.list | sed -e 's:^.*/::'" % (f, > d.expand("${SSTATE_MANIFESTS}")) > +sstate_search_cmd = "grep -rlF '%s' %s --exclude=index-* > | sed -e 's:^.*/::'" % (f, d.expand("${SSTATE_MANIFESTS}")) > search_output = subprocess.Popen(sstate_search_cmd, > shell=True, stdout=subprocess.PIPE).communicate()[0] > if search_output: > match.append(" (matched in %s)" % > search_output.decode('utf-8').rstrip()) > else: > match.append(" (not matched to any task)") > if match: > -bb.error("The recipe %s is trying to install files into a shared > " \ > - "area when those files already exist. Those files and their > manifest " \ > - "location are:\n %s\nPlease verify which recipe should provide > the " \ > - "above files.\n\nThe build has stopped, as continuing in this > scenario WILL " \ > - "break things - if not now, possibly in the future (we've seen > builds fail " \ > - "several months later). If the system knew how to recover from > this " \ > - "automatically it would, however there are several different > scenarios " \ > - "which can result in this and we don't know which one this is. > It may be " \ > - "you have switched providers of something like virtual/kernel > (e.g. from " \ > - "linux-yocto to linux-yocto-dev), in that case you need to > execute the " \ > - "clean task for both