Re: [OE-core] [RFC PATCH 1/5] classes: jobserver: support gnu make fifo jobserver

[Randy MacLeod via lists.openembedded.org]

Hi Martin,

I tested this RFC series briefly when it was posted but then some things 
came up and I haven't gotten back to it.


I was talking with Richard and he thought that his original poky-contrib 
branch commit, which it seems this work is based,
had a list of things to fix before the jobserver could be merged. Can 
you find and share that list here?


I may have time to do more testing but I think I had concluded that the 
default settings:

   INHERIT += "jobserver"
didn't have any impact on build performance, as expected, I suppose.

What testing have you done so far?

../Randy


On 2023-08-28 8:48 a.m., Martin Hundeb?ll via lists.openembedded.org wrote:

Add a class to implement the gnu make fifo style jobserver. The class
can be activated by symply adding an `INHERIT += "jobserver"` to the
local configuration.

Furthermore, one can configure an external jobserver (i.e. a server
shared between multiple builds), by configured the `JOBSERVER_FIFO`
variable to point at an existing jobserver fifo.

The jobserver class uses the fifo style jobserver, which doesn't require
passing open file descriptors around. It does, however, require
make-4.4, which isn't available in common distro yet. To work around
this, the class make all recipes (except make and its dependencies
itself) depend on `virtual/make-native`.

Signed-off-by: Martin Hundebøll
---
  meta/classes-global/jobserver.bbclass | 80 +++
  meta/conf/bitbake.conf|  2 +-
  2 files changed, 81 insertions(+), 1 deletion(-)
  create mode 100644 meta/classes-global/jobserver.bbclass

diff --git a/meta/classes-global/jobserver.bbclass 
b/meta/classes-global/jobserver.bbclass
new file mode 100644
index 00..c76909fe50
--- /dev/null
+++ b/meta/classes-global/jobserver.bbclass
@@ -0,0 +1,80 @@
+JOBSERVER_FIFO ?= ""
+JOBSERVER_FIFO[doc] = "Path to external jobserver fifo to use instead of creating a 
per-build server."
+
+addhandler jobserver_setup_fifo
+jobserver_setup_fifo[eventmask] = "bb.event.ConfigParsed"
+
+python jobserver_setup_fifo() {
+# don't setup a per-build fifo, if an external one is configured
+if d.getVar("JOBSERVER_FIFO"):
+return
+
+# don't use a job-server if no parallelism is configured
+jobs = oe.utils.parallel_make(d)
+if jobs in (None, 1):
+return
+
+# reduce jobs by one as a token has implicitly been handed to the
+# process requesting tokens
+jobs -= 1
+
+fifo = d.getVar("TMPDIR") + "/jobserver_fifo"
+
+# and old fifo might be lingering; remove it
+if os.path.exists(fifo):
+os.remove(fifo)
+
+# create a new fifo to use for communicating tokens
+os.mkfifo(fifo)
+
+# fill the fifo with the number of tokens to hand out
+wfd = os.open(fifo, os.O_RDWR)
+written = os.write(wfd, b"+" * jobs)
+if written != (jobs):
+bb.error("Failed to fil make fifo: {} != {}".format(written, jobs))
+
+# configure the per-build fifo path to use
+d.setVar("JOBSERVER_FIFO", fifo)
+}
+
+python () {
+# don't configure the fifo if none is defined
+fifo = d.getVar("JOBSERVER_FIFO")
+if not fifo:
+return
+
+# avoid making make-native or its dependencies depend on make-native itself
+if d.getVar("PN") in (
+"make-native",
+"libtool-native",
+"pkgconfig-native",
+"automake-native",
+"autoconf-native",
+"m4-native",
+"texinfo-dummy-native",
+"gettext-minimal-native",
+"quilt-native",
+"gnu-config-native",
+):
+return
+
+# don't make unwilling recipes depend on make-native
+if d.getVar('INHIBIT_DEFAULT_DEPS', False):
+return
+
+# make other recipes depend on make-native to make sure it is new enough to
+# support the --jobserver-auth=fifo: syntax (from make-4.4 and 
onwards)
+d.appendVar("DEPENDS", " virtual/make-native")
+
+# disable the "-j " flag, as that overrides the jobserver fifo tokens
+d.setVar("PARALLEL_MAKE", "")
+d.setVar("PARALLEL_MAKEINST", "")
+
+# set and export the jobserver in the environment
+d.appendVar("MAKEFLAGS", " --jobserver-auth=fifo:" + fifo)
+d.setVarFlag("MAKEFLAGS", "export", "1")
+
+# ignore the joberserver argument part of MAKEFLAGS in the hash, as that
+# shouldn't change the build output
+d.appendVarFlag("MAKEFLAGS", "vardepvalueexclude", "| 
--jobserver-auth=fifo:" + fifo)
+}
diff --git a/meta/conf/bitbake.conf b/meta/conf/bitbake.conf
index cf7ff3328c..8cf188270b 100644
--- a/meta/conf/bitbake.conf
+++ b/meta/conf/bitbake.conf
@@ -946,7 +946,7 @@ BB_HASHEXCLUDE_COMMON ?= "TMPDIR FILE PATH PWD BB_TASKHASH 
BBPATH BBSERVER DL_DI
  BB_WORKERCONTEXT BB_LIMITEDDEPS BB_UNIHASH extend_recipe_sysroot 
DEPLOY_DIR \
  SSTATE_HASHEQUIV_METHOD SSTATE_HASHEQUIV_REPORT_TASKDATA \
  SSTATE_HASHEQUIV_OWNER 

[OE-core][PATCH 1/4] python3-mako: upgrade 1.2.4 -> 1.3.0

[Trevor Gamblin]

License-Update: Updated copyright year

Changelog: https://docs.makotemplates.org/en/latest/changelog.html#change-1.3.0

Signed-off-by: Trevor Gamblin 
---
 .../python/{python3-mako_1.2.4.bb => python3-mako_1.3.0.bb}   | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename meta/recipes-devtools/python/{python3-mako_1.2.4.bb => 
python3-mako_1.3.0.bb} (73%)

diff --git a/meta/recipes-devtools/python/python3-mako_1.2.4.bb 
b/meta/recipes-devtools/python/python3-mako_1.3.0.bb
similarity index 73%
rename from meta/recipes-devtools/python/python3-mako_1.2.4.bb
rename to meta/recipes-devtools/python/python3-mako_1.3.0.bb
index 9860058723c..d180e05ceac 100644
--- a/meta/recipes-devtools/python/python3-mako_1.2.4.bb
+++ b/meta/recipes-devtools/python/python3-mako_1.3.0.bb
@@ -2,13 +2,13 @@ SUMMARY = "Templating library for Python"
 HOMEPAGE = "http://www.makotemplates.org/;
 SECTION = "devel/python"
 LICENSE = "MIT"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=ad08dd28df88e64b35bcac27c822ee34"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=fcc01df649aee6c59dcb254c894ea0d4"
 
 PYPI_PACKAGE = "Mako"
 
 inherit pypi python_setuptools_build_meta
 
-SRC_URI[sha256sum] = 
"d60a3903dc3bb01a18ad6a89cdbe2e4eadc69c0bc8ef1e3773ba53d44c3f7a34"
+SRC_URI[sha256sum] = 
"e3a9d388fd00e87043edbe8792f45880ac0114e9c4adc69f6e9bfb2c55e3b11b"
 
 RDEPENDS:${PN} = "${PYTHON_PN}-html \
   ${PYTHON_PN}-markupsafe \
-- 
2.42.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190857): 
https://lists.openembedded.org/g/openembedded-core/message/190857
Mute This Topic: https://lists.openembedded.org/mt/102654594/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][PATCH 2/4] python3-trove-classifiers: upgrade 2023.10.18 -> 2023.11.14

[Trevor Gamblin]

Changelog:
0b8493f Add `Programming Language :: Go` (#159)
68d983d Update release.yml (#162)
bd86b09 Update release.yml (#160)
44d951c Added PySimpleGUI versions 4 and 5 as a Framework (#157)
29ca293 Add Odoo 17 trove classifier (#156)

Signed-off-by: Trevor Gamblin 
---
 ...rs_2023.10.18.bb => python3-trove-classifiers_2023.11.14.bb} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-devtools/python/{python3-trove-classifiers_2023.10.18.bb 
=> python3-trove-classifiers_2023.11.14.bb} (87%)

diff --git 
a/meta/recipes-devtools/python/python3-trove-classifiers_2023.10.18.bb 
b/meta/recipes-devtools/python/python3-trove-classifiers_2023.11.14.bb
similarity index 87%
rename from meta/recipes-devtools/python/python3-trove-classifiers_2023.10.18.bb
rename to meta/recipes-devtools/python/python3-trove-classifiers_2023.11.14.bb
index b0c1b84cc5a..a6c7e95c515 100644
--- a/meta/recipes-devtools/python/python3-trove-classifiers_2023.10.18.bb
+++ b/meta/recipes-devtools/python/python3-trove-classifiers_2023.11.14.bb
@@ -3,7 +3,7 @@ HOMEPAGE = "https://github.com/pypa/trove-classifiers;
 LICENSE = "Apache-2.0"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=86d3f3a95c324c9479bd8986968f4327"
 
-SRC_URI[sha256sum] = 
"2cdfcc7f31f7ffdd57666a9957296089ac72daad4d11ab5005060e5cd7e29939"
+SRC_URI[sha256sum] = 
"64b5e78305a5de347f2cd7ec8c12d704a3ef0cb85cc10c0ca5f73488d1c201f8"
 
 inherit pypi python_setuptools_build_meta ptest
 
-- 
2.42.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190858): 
https://lists.openembedded.org/g/openembedded-core/message/190858
Mute This Topic: https://lists.openembedded.org/mt/102654595/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][PATCH 4/4] python3-cython: upgrade 0.29.36 -> 3.0.5

[Trevor Gamblin]

License-Update: Update license link to use https

cython 3.0.x attempts to remain compatible with 0.29.x but still makes
some major changes (in addition to fixing old issues). For a complete
overview it's best to view the CHANGES.rst doc rather than including
them here: https://github.com/cython/cython/blob/master/CHANGES.rst.

Note that more source files were added to cython_fix_sources to avoid
the following:

|WARNING: python3-cython-3.0.5-r0 do_package_qa: QA Issue: File 
/usr/src/debug/python3-cython/3.0.5-r0/Cython/Utils.c in package 
python3-cython-src contains reference to TMPDIR
|File /usr/src/debug/python3-cython/3.0.5-r0/Cython/StringIOTree.c in package 
python3-cython-src contains reference to TMPDIR
|File /usr/src/debug/python3-cython/3.0.5-r0/Cython/Compiler/Parsing.c in 
package python3-cython-src contains reference to TMPDIR
|File /usr/src/debug/python3-cython/3.0.5-r0/Cython/Compiler/Code.c in package 
python3-cython-src contains reference to TMPDIR
|File /usr/src/debug/python3-cython/3.0.5-r0/Cython/Plex/Machines.c in package 
python3-cython-src contains reference to TMPDIR
|File /usr/src/debug/python3-cython/3.0.5-r0/Cython/Plex/DFA.c in package 
python3-cython-src contains reference to TMPDIR
|File /usr/src/debug/python3-cython/3.0.5-r0/Cython/Plex/Transitions.c in 
package python3-cython-src contains reference to TMPDIR [buildpaths]

Signed-off-by: Trevor Gamblin 
---
 meta/recipes-devtools/python/python-cython.inc | 4 ++--
 .../{python3-cython_0.29.36.bb => python3-cython_3.0.5.bb} | 7 +++
 2 files changed, 9 insertions(+), 2 deletions(-)
 rename meta/recipes-devtools/python/{python3-cython_0.29.36.bb => 
python3-cython_3.0.5.bb} (73%)

diff --git a/meta/recipes-devtools/python/python-cython.inc 
b/meta/recipes-devtools/python/python-cython.inc
index 6aec6b012f1..e757e3f7c87 100644
--- a/meta/recipes-devtools/python/python-cython.inc
+++ b/meta/recipes-devtools/python/python-cython.inc
@@ -5,11 +5,11 @@ It's designed to bridge the gap between the nice, high-level, 
easy-to-use world
 and the messy, low-level world of C."
 SECTION = "devel/python"
 LICENSE = "Apache-2.0"
-LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=e23fadd6ceef8c618fc1c65191d846fa"
+LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=61c3ee8961575861fa86c7e62bc9f69c"
 PYPI_PACKAGE = "Cython"
 BBCLASSEXTEND = "native nativesdk"
 
-SRC_URI[sha256sum] = 
"41c0cfd2d754e383c9eeb95effc9aa4ab847d0c9747077ddd7c0dcb68c3bc01f"
+SRC_URI[sha256sum] = 
"39318348db488a2f24e7c84e08bdc82f2624853c0fea8b475ea0b70b27176492"
 UPSTREAM_CHECK_REGEX = "Cython-(?P.*)\.tar"
 
 inherit pypi
diff --git a/meta/recipes-devtools/python/python3-cython_0.29.36.bb 
b/meta/recipes-devtools/python/python3-cython_3.0.5.bb
similarity index 73%
rename from meta/recipes-devtools/python/python3-cython_0.29.36.bb
rename to meta/recipes-devtools/python/python3-cython_3.0.5.bb
index 78be2b94edb..94074aaf811 100644
--- a/meta/recipes-devtools/python/python3-cython_0.29.36.bb
+++ b/meta/recipes-devtools/python/python3-cython_3.0.5.bb
@@ -24,10 +24,17 @@ cython_fix_sources () {

${PKGD}/usr/src/debug/${PN}/${EXTENDPE}${PV}-${PR}/Cython/Compiler/FusedNode.c \

${PKGD}/usr/src/debug/${PN}/${EXTENDPE}${PV}-${PR}/Cython/Compiler/Scanning.c \

${PKGD}/usr/src/debug/${PN}/${EXTENDPE}${PV}-${PR}/Cython/Compiler/Visitor.c \
+   
${PKGD}/usr/src/debug/${PN}/${EXTENDPE}${PV}-${PR}/Cython/Compiler/Parsing.c \
+   
${PKGD}/usr/src/debug/${PN}/${EXTENDPE}${PV}-${PR}/Cython/Compiler/Code.c \

${PKGD}/usr/src/debug/${PN}/${EXTENDPE}${PV}-${PR}/Cython/Plex/Actions.c \

${PKGD}/usr/src/debug/${PN}/${EXTENDPE}${PV}-${PR}/Cython/Plex/Scanners.c \
+   
${PKGD}/usr/src/debug/${PN}/${EXTENDPE}${PV}-${PR}/Cython/Plex/Machines.c \
+   
${PKGD}/usr/src/debug/${PN}/${EXTENDPE}${PV}-${PR}/Cython/Plex/DFA.c \
+   
${PKGD}/usr/src/debug/${PN}/${EXTENDPE}${PV}-${PR}/Cython/Plex/Transitions.c \

${PKGD}/usr/src/debug/${PN}/${EXTENDPE}${PV}-${PR}/Cython/Runtime/refnanny.c \

${PKGD}/usr/src/debug/${PN}/${EXTENDPE}${PV}-${PR}/Cython/Tempita/_tempita.c \
+   
${PKGD}/usr/src/debug/${PN}/${EXTENDPE}${PV}-${PR}/Cython/StringIOTree.c \
+   
${PKGD}/usr/src/debug/${PN}/${EXTENDPE}${PV}-${PR}/Cython/Utils.c \

${PKGD}${libdir}/${PYTHON_DIR}/site-packages/Cython*/SOURCES.txt; do
if [ -e $f ]; then
sed -i -e 
's#${WORKDIR}/Cython-${PV}#/usr/src/debug/${PN}/${EXTENDPE}${PV}-${PR}#g' $f
-- 
2.42.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190860): 
https://lists.openembedded.org/g/openembedded-core/message/190860
Mute This Topic: https://lists.openembedded.org/mt/102654597/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: 

[OE-core][PATCH 3/4] python3-numpy: upgrade 1.26.0 -> 1.26.2

[Trevor Gamblin]

There were 45 pull requests in 1.26.1 and 1.26.2. See changelog:
https://github.com/numpy/numpy/releases

Signed-off-by: Trevor Gamblin 
---
 .../python/{python3-numpy_1.26.0.bb => python3-numpy_1.26.2.bb} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-devtools/python/{python3-numpy_1.26.0.bb => 
python3-numpy_1.26.2.bb} (96%)

diff --git a/meta/recipes-devtools/python/python3-numpy_1.26.0.bb 
b/meta/recipes-devtools/python/python3-numpy_1.26.2.bb
similarity index 96%
rename from meta/recipes-devtools/python/python3-numpy_1.26.0.bb
rename to meta/recipes-devtools/python/python3-numpy_1.26.2.bb
index 3ae40a33fb4..00c09b29954 100644
--- a/meta/recipes-devtools/python/python3-numpy_1.26.0.bb
+++ b/meta/recipes-devtools/python/python3-numpy_1.26.2.bb
@@ -13,7 +13,7 @@ SRC_URI = 
"${GITHUB_BASE_URI}/download/v${PV}/${SRCNAME}-${PV}.tar.gz \
file://fix_reproducibility.patch \
file://run-ptest \
"
-SRC_URI[sha256sum] = 
"f93fc78fe8bf15afe2b8d6b6499f1c73953169fad1e9a8dd086cdff3190e7fdf"
+SRC_URI[sha256sum] = 
"f65738447676ab5777f11e6bbbdb8ce11b785e105f690bc45966574816b6d3ea"
 
 GITHUB_BASE_URI = "https://github.com/numpy/numpy/releases;
 UPSTREAM_CHECK_REGEX = "releases/tag/v?(?P\d+(\.\d+)+)$"
-- 
2.42.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190859): 
https://lists.openembedded.org/g/openembedded-core/message/190859
Mute This Topic: https://lists.openembedded.org/mt/102654596/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] python3-setuptools-scm: upgrade 7.1.0 -> 8.0.4

[Tim Orling]

See 8.0.0 changelog for breaking changes.

8.0.1, 8.0.2 and 8.0.3 were bug fix releases
8.0.4 has bug fixes and other changes

https://github.com/pypa/setuptools_scm/blob/main/CHANGELOG.md#v804
https://github.com/pypa/setuptools_scm/blob/main/CHANGELOG.md#v803
https://github.com/pypa/setuptools_scm/blob/main/CHANGELOG.md#v802
https://github.com/pypa/setuptools_scm/blob/main/CHANGELOG.md#v801
https://github.com/pypa/setuptools_scm/blob/main/CHANGELOG.md#v800

* Drop PYPI_PACKAGE override (no longer needed)
* Wrap DESCRIPTION so the line length is <80 chars.

License-Update: use LICENSE file for checksum, remains MIT

Signed-off-by: Tim Orling 
---
 ...ools-scm_7.1.0.bb => python3-setuptools-scm_8.0.4.bb} | 9 +
 1 file changed, 5 insertions(+), 4 deletions(-)
 rename meta/recipes-devtools/python/{python3-setuptools-scm_7.1.0.bb => 
python3-setuptools-scm_8.0.4.bb} (69%)

diff --git a/meta/recipes-devtools/python/python3-setuptools-scm_7.1.0.bb 
b/meta/recipes-devtools/python/python3-setuptools-scm_8.0.4.bb
similarity index 69%
rename from meta/recipes-devtools/python/python3-setuptools-scm_7.1.0.bb
rename to meta/recipes-devtools/python/python3-setuptools-scm_8.0.4.bb
index bb13c654606..5467b793ce0 100644
--- a/meta/recipes-devtools/python/python3-setuptools-scm_7.1.0.bb
+++ b/meta/recipes-devtools/python/python3-setuptools-scm_8.0.4.bb
@@ -1,12 +1,13 @@
 SUMMARY = "the blessed package to manage your versions by scm tags"
 HOMEPAGE = "https://pypi.org/project/setuptools-scm/;
-DESCRIPTION = "setuptools_scm handles managing your Python package versions in 
SCM metadata instead of declaring them as the version argument or in a SCM 
managed file."
+DESCRIPTION = "setuptools_scm handles managing your Python package \
+versions in SCM metadata instead of declaring them as the version \
+argument or in a SCM managed file."
 LICENSE = "MIT"
-LIC_FILES_CHKSUM = 
"file://PKG-INFO;beginline=8;endline=8;md5=8227180126797a0148f94f483f3e1489"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=838c366f69b72c5df05c96dff79b35f2"
 
-SRC_URI[sha256sum] = 
"6c508345a771aad7d56ebff0e70628bf2b0ec7573762be9960214730de278f27"
+SRC_URI[sha256sum] = 
"b5f43ff6800669595193fd09891564ee9d1d7dcb196cab4b2506d53a2e1c95c7"
 
-PYPI_PACKAGE = "setuptools_scm"
 inherit pypi python_setuptools_build_meta
 
 UPSTREAM_CHECK_REGEX = "scm-(?P.*)\.tar"
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190856): 
https://lists.openembedded.org/g/openembedded-core/message/190856
Mute This Topic: https://lists.openembedded.org/mt/102651807/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core][kirkstone][PATCH] avahi: Fix for multiple CVE's

[Randy MacLeod via lists.openembedded.org]

Add Hari who will inform WR developers on his team once the CVE 
co-ordination scheme is available.

Add Marta.

On 2023-11-17 9:11 a.m., Meenali Gupta via lists.openembedded.org wrote:

Hi Ross,

As discussed with Vijay,  we'll cooperate on this CVE fixes.


Marta,


Do you have a wiki page set-up?


I see:

https://wiki.yoctoproject.org/wiki/Synchronization_CVEs

and it mentions, but does not point to, "A synchronization wiki page".



../Randy




Regards
Meenali

*From:* Vijay Anusuri 
*Sent:* 16 November 2023 21:31
*To:* jpuhl...@mvista.com ; Ross Burton 
; Gupta, Meenali 
*Cc:* openembedded-core@lists.openembedded.org 


*Subject:* Re: [OE-core][kirkstone][PATCH] avahi: Fix for multiple CVE's
**
*CAUTION: This email comes from a non Wind River email account!*
Do not click links or open attachments unless you recognize the sender 
and know the content is safe.

Hi Ross,

As discussed with Meenali, I agreed she was going to do this work.
She has already submitted patches for multiple branches ( master, 
mickledore and kirkstone ).


For CVE-2023-38469, we need to include 2 commits to fix the CVE. 
Meenali will send the v2 patch for CVE-2023-38469 which will include 2 
patches for all the branches.


Thank you Meenali for your timely response.

Thanks & Regards,
Vijay

On Thu, Nov 16, 2023 at 7:56 PM Jeremy Puhlman via 
lists.openembedded.org 
 
 wrote:




On 11/16/2023 3:22 AM, Ross Burton wrote:
> Hi Vijay and Meenali,
>
> Hopefully this will show everyone - especially WR and Montavista
- that we need to communicate better when working on CVEs.  In the
short term at least, Marta proposed a wiki page which can be
updated via a tool and when someone is working on an issue that
can be marked to avoid duplication of effort.  Would that be
acceptable to both of your companies?

Yeah, I think something like that would be great on our end, provided
its automated and the data can be extracted, so it can be
consolidated
in internal CVE tracking that we are currently required to.

>
> I’ve not checked that the fixes are identical, but apparently I
need to remind everyone that we take fixes in *master first* and
then backport to the releases in order.
There should also be an agree upon change decoration to indicate
non-applicability/differently addressed in earlier releases.

With 4 year LTS releases many issues are just not going to be
applicable
to master. Also there may well be very good reasons to fix a given
set
of CVEs in
completely different ways, but making sure they are addressed in
both is
important. Setting aside this example, in almost all cases on master
moving to the fixed version, is almost always the right answer,
where as
on say dunfell, moving to the new version may have too many knock on
effects to make sense.
In this instance, Khem has already indicated moving to the new
release
may make sense for both kirkstone and master.

>
> Luckily the avahi recipe is fairly untouched so this should be
trivial.  Can you both discuss and agree who is going to do this?
Vijay can you work with Meenali to consolidate this patch.
>
> Ross
>
>> On 16 Nov 2023, at 04:05, Vijay Anusuri via
lists.openembedded.org


 wrote:
>>
>> From: Vijay Anusuri 
>>
>> Patches to fix:
>> CVE-2023-38469
>> CVE-2023-38470
>> CVE-2023-38471
>> CVE-2023-38472
>> CVE-2023-38473
>>
>> Upstream-Status: Backport

[https://github.com/lathiat/avahi/commit/a337a1ba7d15853fb56deef1f464529af6e3a1cf


>> &
>>

https://github.com/lathiat/avahi/commit/c6cab87df290448a63323c8ca759baa516166237


>> &
>>

https://github.com/lathiat/avahi/commit/94cb6489114636940ac683515417990b55b5d66c


>> &
>>

[OE-core] [PATCH] python3-hypothesis: upgrade 6.88.3 -> 6.89.0

[Tim Orling]

https://hypothesis.readthedocs.io/en/latest/changes.html#v6-89-0
https://hypothesis.readthedocs.io/en/latest/changes.html#v6-88-4

6.89.0 - 2023-11-16
This release teaches from_type() to handle constraints implied by the
annotated-types package - as used by e.g. Pydantic. This is usually
efficient, but falls back to filtering in a few remaining cases.

Thanks to Viicos for pull request #3780!

6.88.4 - 2023-11-13
This patch adds a warning when @st.composite wraps a function annotated
as returning a SearchStrategy, since this is usually an error (issue #3786).
The function should return a value, and the decorator will convert it to a
function which returns a strategy.

Signed-off-by: Tim Orling 
---

Alexandre,
This is on top of the python3-hypothesis 6.88.1->6.88.3 upgrade in 
abelloni/master-next

All ptests pass on qemux86-64

 ...ython3-hypothesis_6.88.3.bb => python3-hypothesis_6.89.0.bb} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-devtools/python/{python3-hypothesis_6.88.3.bb => 
python3-hypothesis_6.89.0.bb} (91%)

diff --git a/meta/recipes-devtools/python/python3-hypothesis_6.88.3.bb 
b/meta/recipes-devtools/python/python3-hypothesis_6.89.0.bb
similarity index 91%
rename from meta/recipes-devtools/python/python3-hypothesis_6.88.3.bb
rename to meta/recipes-devtools/python/python3-hypothesis_6.89.0.bb
index ef1be95d6ab..035809c3947 100644
--- a/meta/recipes-devtools/python/python3-hypothesis_6.88.3.bb
+++ b/meta/recipes-devtools/python/python3-hypothesis_6.89.0.bb
@@ -13,7 +13,7 @@ SRC_URI += " \
 file://test_rle.py \
 "
 
-SRC_URI[sha256sum] = 
"5cfda253e34726c98ab04b9595fca15677ee9f4f6055146aea25a6278d71f6f1"
+SRC_URI[sha256sum] = 
"9168bb12cd29001067e66b5f25f1bbdeff08b80c29c3909e19fc8205d8b9aeed"
 
 RDEPENDS:${PN} += " \
 python3-attrs \
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190854): 
https://lists.openembedded.org/g/openembedded-core/message/190854
Mute This Topic: https://lists.openembedded.org/mt/102650620/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] Migration dunfell to kirkstone , init manager issue

[Frederic Martinsons]

Hello,

I recently started upgrading my system from dunfell to kirkstone and I
started with a basic (but custom nonetheless) qemu image that I used in
dunfell (before starting machine/distro specific ops).

After several corrections , many thanks by the way for the various
convert scripts !, I managed to get my qemu image built on kirkstone.

But when I didn't manage to boot it correctly (I used qemu-system-x86-64 of
my  host)  and every second on prompt I got these messages

process '-/bin/sh' (pid 143) exited. Scheduling for restart.
process '-/bin/sh' (pid 144) exited. Scheduling for restart.
process '-/bin/sh' (pid 145) exited. Scheduling for restart.
can't open /dev/tty2: No such file or directory
can't open /dev/tty3: No such file or directory
can't open /dev/tty4: No such file or directory

I looked into it more and found that the init system is set to busybox
(/sbin/init point to /bin/busybox.nosuid).
My system needs systemd as init manager  and I verify that I have set
INIT_MANAGER="systemd" in my configuration (I even perform a bitbake -e to
check that this is not overridden).

Can someone please tell me where to look (which log file, or some oe tools
that I can use)  to find why systemd is not used as the init manager ?

Thanks.

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190853): 
https://lists.openembedded.org/g/openembedded-core/message/190853
Mute This Topic: https://lists.openembedded.org/mt/102649719/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-Core][PATCH v2 1/2] curl-native: add missing ca-certificates-native dependency

[Piotr Łobacz]

Dnia środa, 15 listopada 2023 23:43:06 CET Piotr Łobacz via 
lists.openembedded.org pisze:
> Dnia środa, 15 listopada 2023 23:17:40 CET Richard Purdie pisze:
> > On Wed, 2023-11-15 at 22:52 +0100, Piotr Łobacz wrote:
> > > By default curl is being configured with:
> > > 
> > > --with-ca-bundle=${sysconfdir}/ssl/certs/ca-certificates.crt
> > > 
> > > which causes an issue for native build, when calling
> > > curl-native command, as certificates file is missing.
> > > 
> > > Signed-off-by: Piotr Łobacz 
> > > ---
> > > 
> > >  meta/recipes-support/curl/curl_8.4.0.bb | 1 +
> > >  1 file changed, 1 insertion(+)
> > > 
> > > diff --git a/meta/recipes-support/curl/curl_8.4.0.bb
> > > b/meta/recipes-support/curl/curl_8.4.0.bb index 5f97730bf4..f0e09868f6
> > > 100644
> > > --- a/meta/recipes-support/curl/curl_8.4.0.bb
> > > +++ b/meta/recipes-support/curl/curl_8.4.0.bb
> > > @@ -130,6 +130,7 @@ PACKAGES =+ "lib${BPN}"
> > > 
> > >  FILES:lib${BPN} = "${libdir}/lib*.so.*"
> > >  RRECOMMENDS:lib${BPN} += "ca-certificates"
> > > 
> > > +DEPENDS:append:class-native = " ca-certificates-native"
> > > 
> > >  FILES:${PN} += "${datadir}/zsh"
> > 
> > I think this can be an RDEPENDS:${PN}:append:class-native which would
> > have the advantage of not blocking the build of curl-native on ca-certs
> > and only require it at runtime for running it?
> 
> I can test it and get back to you with answer if it is working for me

OK this will not work as I expected, because as written in patch's comment, 
the --with-ca-bundle is being set to:

${sysconfdir}/ssl/certs/ca-certificates.crt

and this expands on native to:

build/tmp-glibc/work/x86_64-linux/curl-native/7.82.0-r0/recipe-sysroot-native/
etc/ssl/certs/ca-certificates.crt

So in general I need to use DEPENDS instead of RDEPENDS or just set --with-ca-
bundle with different path in case of EXTRA_OECONF::class-native.

Unfortunately as I already checked the ${sysconfdir} in --with-ca-bundle is 
being converted to value before passing to --with-ca-bundle and thus it always 
equals:

build/tmp-glibc/work/x86_64-linux/curl-native/7.82.0-r0/recipe-sysroot-native/
etc

meaning that even if I run curl-native from different recipe sysroot native it 
is already set with it and searches for it in that path.

The other option is to unset --with-ca-bundle for native and than it will 
search for it in common places set in the source code, which works but still 
it may/will use ca-certificate.crt stored not in recipe sysroot native but from 
the host system which is obviously not the way we want it to.

My propousal would be to somehow pass a different variable than ${sysconfdir} 
into --with-ca-bundle which will be set in sysroot native instead of bitbake 
and when curl-native is being run expanded to proper path, but I dunno if 
there is such?

BR
Piotr
> 
> > I suspect bitbake is struggling to "see" the RRECOMENDS on a non-PN
> > package for the native recipe extension.
> 
> curl-native has already RRECOMMENDS:lib${BPN} += "ca-certificates" but it
> was not working for me without DEPENDS:append:class-native = "
> ca-certificates- native"
> 
> > Cheers,
> > 
> > Richard
> 
> BR
> Piotr

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190852): 
https://lists.openembedded.org/g/openembedded-core/message/190852
Mute This Topic: https://lists.openembedded.org/mt/102615265/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core][kirkstone][PATCH] avahi: Fix for multiple CVE's

[Meenali Gupta via lists.openembedded.org]

Hi Ross,

As discussed with Vijay,  we'll cooperate on this CVE fixes.

Regards
Meenali

From: Vijay Anusuri 
Sent: 16 November 2023 21:31
To: jpuhl...@mvista.com ; Ross Burton 
; Gupta, Meenali 
Cc: openembedded-core@lists.openembedded.org 

Subject: Re: [OE-core][kirkstone][PATCH] avahi: Fix for multiple CVE's

CAUTION: This email comes from a non Wind River email account!
Do not click links or open attachments unless you recognize the sender and know 
the content is safe.
Hi Ross,

As discussed with Meenali, I agreed she was going to do this work.
She has already submitted patches for multiple branches ( master, mickledore 
and kirkstone ).

For CVE-2023-38469, we need to include 2 commits to fix the CVE. Meenali will 
send the v2 patch for CVE-2023-38469 which will include 2 patches for all the 
branches.

Thank you Meenali for your timely response.

Thanks & Regards,
Vijay

On Thu, Nov 16, 2023 at 7:56 PM Jeremy Puhlman via 
lists.openembedded.org
 
mailto:mvista@lists.openembedded.org>>
 wrote:


On 11/16/2023 3:22 AM, Ross Burton wrote:
> Hi Vijay and Meenali,
>
> Hopefully this will show everyone - especially WR and Montavista - that we 
> need to communicate better when working on CVEs.  In the short term at least, 
> Marta proposed a wiki page which can be updated via a tool and when someone 
> is working on an issue that can be marked to avoid duplication of effort.  
> Would that be acceptable to both of your companies?

Yeah, I think something like that would be great on our end, provided
its automated and the data can be extracted, so it can be consolidated
in internal CVE tracking that we are currently required to.

>
> I’ve not checked that the fixes are identical, but apparently I need to 
> remind everyone that we take fixes in *master first* and then backport to the 
> releases in order.
There should also be an agree upon change decoration to indicate
non-applicability/differently addressed in earlier releases.

With 4 year LTS releases many issues are just not going to be applicable
to master. Also there may well be very good reasons to fix a given set
of CVEs in
completely different ways, but making sure they are addressed in both is
important. Setting aside this example, in almost all cases on master
moving to the fixed version, is almost always the right answer, where as
on say dunfell, moving to the new version may have too many knock on
effects to make sense.
In this instance, Khem has already indicated moving to the new release
may make sense for both kirkstone and master.

>
> Luckily the avahi recipe is fairly untouched so this should be trivial.  Can 
> you both discuss and agree who is going to do this?
Vijay can you work with Meenali to consolidate this patch.
>
> Ross
>
>> On 16 Nov 2023, at 04:05, Vijay Anusuri via 
>> lists.openembedded.org
>>  
>> mailto:mvista@lists.openembedded.org>>
>>  wrote:
>>
>> From: Vijay Anusuri mailto:vanus...@mvista.com>>
>>
>> Patches to fix:
>> CVE-2023-38469
>> CVE-2023-38470
>> CVE-2023-38471
>> CVE-2023-38472
>> CVE-2023-38473
>>
>> Upstream-Status: Backport 
>> [https://github.com/lathiat/avahi/commit/a337a1ba7d15853fb56deef1f464529af6e3a1cf
>> &
>> https://github.com/lathiat/avahi/commit/c6cab87df290448a63323c8ca759baa516166237
>> &
>> https://github.com/lathiat/avahi/commit/94cb6489114636940ac683515417990b55b5d66c
>> &
>> https://github.com/lathiat/avahi/commit/894f085f402e023a98cbb6f5a3d117bd88d93b09
>> &
>> https://github.com/lathiat/avahi/commit/b024ae5749f4aeba03478e6391687c3c9c8dee40
>> &
>> 

Re: [oe-core][PATCH 4/5] avahi: fix CVE-2023-38472

[Meenali Gupta via lists.openembedded.org]

Hi Alexandre,

Understood your point, will abide by your request.

Regards
Meenali

From: Alexandre Belloni 
Sent: 16 November 2023 22:02
To: Gupta, Meenali 
Cc: openembedded-core@lists.openembedded.org 

Subject: Re: [oe-core][PATCH 4/5] avahi: fix CVE-2023-38472

CAUTION: This email comes from a non Wind River email account!
Do not click links or open attachments unless you recognize the sender and know 
the content is safe.

Please version properly your patches, this should have been v2.

Also please resend the whole series because now, I have to go and
cherry-pick patches from v1 because 5/5 doesn't apply standalone.

You hsould not push this work on the maintainers.

On 16/11/2023 11:44:50+, Meenali Gupta via lists.openembedded.org wrote:
> From: Meenali Gupta 
>
> A vulnerability was found in Avahi. A reachable assertion exists
> in the avahi_rdata_parse() function.
>
> Signed-off-by: Meenali Gupta 
> ---
>  meta/recipes-connectivity/avahi/avahi_0.8.bb  |  1 +
>  .../avahi/files/CVE-2023-38472.patch  | 46 +++
>  2 files changed, 47 insertions(+)
>  create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2023-38472.patch
>
> diff --git a/meta/recipes-connectivity/avahi/avahi_0.8.bb 
> b/meta/recipes-connectivity/avahi/avahi_0.8.bb
> index 9c903d6868..84eb1c554d 100644
> --- a/meta/recipes-connectivity/avahi/avahi_0.8.bb
> +++ b/meta/recipes-connectivity/avahi/avahi_0.8.bb
> @@ -29,6 +29,7 @@ SRC_URI = 
> "${GITHUB_BASE_URI}/download/v${PV}/avahi-${PV}.tar.gz \
> file://CVE-2023-38469.patch \
> file://CVE-2023-38470.patch \
> file://CVE-2023-38471.patch \
> +   file://CVE-2023-38472.patch \
> "
>
>  GITHUB_BASE_URI = "https://github.com/lathiat/avahi/releases/;
> diff --git a/meta/recipes-connectivity/avahi/files/CVE-2023-38472.patch 
> b/meta/recipes-connectivity/avahi/files/CVE-2023-38472.patch
> new file mode 100644
> index 00..a1de8e2a5a
> --- /dev/null
> +++ b/meta/recipes-connectivity/avahi/files/CVE-2023-38472.patch
> @@ -0,0 +1,46 @@
> +From 8cf606779dc356768afc6b70e53f2808a9655143 Mon Sep 17 00:00:00 2001
> +From: Michal Sekletar 
> +Date: Thu, 19 Oct 2023 17:36:44 +0200
> +Subject: [PATCH] avahi: core: make sure there is rdata to process before
> + parsing it
> +
> +Fixes #452
> +
> +Upstream-Status: Backport 
> [https://github.com/lathiat/avahi/commit/b024ae5749f4aeba03478e6391687c3c9c8dee40]
> +CVE: CVE-2023-38472
> +
> +Signed-off-by: Meenali Gupta 
> +---
> + avahi-client/client-test.c  | 3 +++
> + avahi-daemon/dbus-entry-group.c | 2 +-
> + 2 files changed, 4 insertions(+), 1 deletion(-)
> +
> +diff --git a/avahi-client/client-test.c b/avahi-client/client-test.c
> +index 7d04a6a..57750a4 100644
> +--- a/avahi-client/client-test.c
>  b/avahi-client/client-test.c
> +@@ -258,6 +258,9 @@ int main (AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED 
> char *argv[]) {
> + printf("%s\n", avahi_strerror(avahi_entry_group_add_service (group, 
> AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "Lathiat's Site", "_http._tcp", NULL, 
> NULL, 80, "foo=bar", NULL)));
> + printf("add_record: %d\n", avahi_entry_group_add_record (group, 
> AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, "TestX", 0x01, 0x10, 120, "\5booya", 
> 6));
> +
> ++error = avahi_entry_group_add_record (group, AVAHI_IF_UNSPEC, 
> AVAHI_PROTO_UNSPEC, 0, "TestX", 0x01, 0x10, 120, "", 0);
> ++assert(error != AVAHI_OK);
> ++
> + avahi_entry_group_commit (group);
> +
> + domain = avahi_domain_browser_new (avahi, AVAHI_IF_UNSPEC, 
> AVAHI_PROTO_UNSPEC, NULL, AVAHI_DOMAIN_BROWSER_BROWSE, 0, 
> avahi_domain_browser_callback, (char*) "omghai3u");
> +diff --git a/avahi-daemon/dbus-entry-group.c 
> b/avahi-daemon/dbus-entry-group.c
> +index 4e879a5..aa23d4b 100644
> +--- a/avahi-daemon/dbus-entry-group.c
>  b/avahi-daemon/dbus-entry-group.c
> +@@ -340,7 +340,7 @@ DBusHandlerResult 
> avahi_dbus_msg_entry_group_impl(DBusConnection *c, DBusMessage
> + if (!(r = avahi_record_new_full (name, clazz, type, ttl)))
> + return avahi_dbus_respond_error(c, m, AVAHI_ERR_NO_MEMORY, 
> NULL);
> +
> +-if (avahi_rdata_parse (r, rdata, size) < 0) {
> ++if (!rdata || avahi_rdata_parse (r, rdata, size) < 0) {
> + avahi_record_unref (r);
> + return avahi_dbus_respond_error(c, m, AVAHI_ERR_INVALID_RDATA, 
> NULL);
> + }
> +--
> +2.40.0
> --
> 2.40.0
>

>
> 
>


--
Alexandre Belloni, co-owner and COO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190850): 
https://lists.openembedded.org/g/openembedded-core/message/190850
Mute This Topic: https://lists.openembedded.org/mt/102625030/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]

Re: [OE-core] [AUH] Upgrade status: 2023-11-15

[Trevor Gamblin]

On 2023-11-17 08:33, Alexander Kanavin wrote:

On Wed, 15 Nov 2023 at 15:45, Auto Upgrade Helper  wrote:

 python3-cython, 3.0.5, Trevor Gamblin 
 python3-mako, 1.3.0, Trevor Gamblin 
 python3-numpy, 1.26.2, Trevor Gamblin 
 python3-trove-classifiers, 2023.11.14, Trevor Gamblin 

 python3, 3.12.0, Trevor Gamblin 
 Trevor Gamblin 
Hello Trevor,

I'm working on python 3.12.0 update. Can you handle the other four please?

Sure thing. Thanks for doing the 3.12 upgrade.


Alex

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190849): 
https://lists.openembedded.org/g/openembedded-core/message/190849
Mute This Topic: https://lists.openembedded.org/mt/102606025/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [AUH] Upgrade status: 2023-11-15

[Alexander Kanavin]

On Wed, 15 Nov 2023 at 15:45, Auto Upgrade Helper  wrote:
> python3-cython, 3.0.5, Trevor Gamblin 
> python3-mako, 1.3.0, Trevor Gamblin 
> python3-numpy, 1.26.2, Trevor Gamblin 
> python3-trove-classifiers, 2023.11.14, Trevor Gamblin 
> 
> python3, 3.12.0, Trevor Gamblin 
> Trevor Gamblin 
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190848): 
https://lists.openembedded.org/g/openembedded-core/message/190848
Mute This Topic: https://lists.openembedded.org/mt/102606025/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [RFC 1/5] valgrind: make ptest depend on all components

[Alex Kiernan]

On Wed, Nov 15, 2023 at 4:30 PM Randy MacLeod via
lists.openembedded.org
 wrote:
>
> On 2023-11-15 9:48 a.m., Alexander Kanavin wrote:
>
...
> Rust would be nice to do too.
>
> Indeed.
>
> Yash and Sundeep have 1.72/1.73 updated and are working on
>
> getting the test suite to work but struggling with that.
> I asked him to track what's happening in:
>https://bugzilla.yoctoproject.org/show_bug.cgi?id=15275
>

I did start looking at this... mostly I've failed to find enough time
to even get to the point where I've got a useful environment for
running the tests outside of bitbake (and hence avoid a complete rust
build cycle).

Rust 1.74.0 landed yesterday, so I'm going to have another look... if
it's useful to anyone my (very much WIP) tree is here:

https://github.com/akiernan/poky


--
Alex Kiernan

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190847): 
https://lists.openembedded.org/g/openembedded-core/message/190847
Mute This Topic: https://lists.openembedded.org/mt/102477896/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] Patchtest results for [PATCH 6/7] oeqa/selftest/recipetool: remove spaces on empty lines

[Patchtest]

Thank you for your submission. Patchtest identified one
or more issues with the patch. Please see the log below for
more information:

---
Testing patch 
/home/patchtest/share/mboxes/6-7-oeqa-selftest-recipetool-remove-spaces-on-empty-lines.patch

FAIL: test commit message presence: Please include a commit message on your 
patch explaining the change (test_mbox.TestMbox.test_commit_message_presence)

PASS: pretest pylint (test_python_pylint.PyLint.pretest_pylint)
PASS: test Signed-off-by presence 
(test_mbox.TestMbox.test_signed_off_by_presence)
PASS: test author valid (test_mbox.TestMbox.test_author_valid)
PASS: test max line length (test_metadata.TestMetadata.test_max_line_length)
PASS: test mbox format (test_mbox.TestMbox.test_mbox_format)
PASS: test non-AUH upgrade (test_mbox.TestMbox.test_non_auh_upgrade)
PASS: test pylint (test_python_pylint.PyLint.test_pylint)
PASS: test shortlog format (test_mbox.TestMbox.test_shortlog_format)
PASS: test shortlog length (test_mbox.TestMbox.test_shortlog_length)

SKIP: pretest src uri left files: No modified recipes, skipping pretest 
(test_metadata.TestMetadata.pretest_src_uri_left_files)
SKIP: test CVE tag format: No new CVE patches introduced 
(test_patch.TestPatch.test_cve_tag_format)
SKIP: test Signed-off-by presence: No new CVE patches introduced 
(test_patch.TestPatch.test_signed_off_by_presence)
SKIP: test Upstream-Status presence: No new CVE patches introduced 
(test_patch.TestPatch.test_upstream_status_presence_format)
SKIP: test bugzilla entry format: No bug ID found 
(test_mbox.TestMbox.test_bugzilla_entry_format)
SKIP: test lic files chksum modified not mentioned: No modified recipes, 
skipping test 
(test_metadata.TestMetadata.test_lic_files_chksum_modified_not_mentioned)
SKIP: test lic files chksum presence: No added recipes, skipping test 
(test_metadata.TestMetadata.test_lic_files_chksum_presence)
SKIP: test license presence: No added recipes, skipping test 
(test_metadata.TestMetadata.test_license_presence)
SKIP: test series merge on head: Merge test is disabled for now 
(test_mbox.TestMbox.test_series_merge_on_head)
SKIP: test src uri left files: No modified recipes, skipping pretest 
(test_metadata.TestMetadata.test_src_uri_left_files)
SKIP: test summary presence: No added recipes, skipping test 
(test_metadata.TestMetadata.test_summary_presence)
SKIP: test target mailing list: Series merged, no reason to check other mailing 
lists (test_mbox.TestMbox.test_target_mailing_list)

---

Please address the issues identified and
submit a new revision of the patch, or alternatively, reply to this
email with an explanation of why the patch should be accepted. If you
believe these results are due to an error in patchtest, please submit a
bug at https://bugzilla.yoctoproject.org/ (use the 'Patchtest' category
under 'Yocto Project Subprojects'). For more information on specific
failures, see: https://wiki.yoctoproject.org/wiki/Patchtest. Thank
you!

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190846): 
https://lists.openembedded.org/g/openembedded-core/message/190846
Mute This Topic: https://lists.openembedded.org/mt/102645601/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] Patchtest results for [PATCH 1/7] bitbake: utils: remove spaces on empty lines

[Patchtest]

Thank you for your submission. Patchtest identified one
or more issues with the patch. Please see the log below for
more information:

---
Testing patch 
/home/patchtest/share/mboxes/1-7-bitbake-utils-remove-spaces-on-empty-lines.patch

FAIL: test commit message presence: Please include a commit message on your 
patch explaining the change (test_mbox.TestMbox.test_commit_message_presence)

PASS: pretest pylint (test_python_pylint.PyLint.pretest_pylint)
PASS: test Signed-off-by presence 
(test_mbox.TestMbox.test_signed_off_by_presence)
PASS: test author valid (test_mbox.TestMbox.test_author_valid)
PASS: test max line length (test_metadata.TestMetadata.test_max_line_length)
PASS: test mbox format (test_mbox.TestMbox.test_mbox_format)
PASS: test non-AUH upgrade (test_mbox.TestMbox.test_non_auh_upgrade)
PASS: test pylint (test_python_pylint.PyLint.test_pylint)
PASS: test shortlog format (test_mbox.TestMbox.test_shortlog_format)
PASS: test shortlog length (test_mbox.TestMbox.test_shortlog_length)

SKIP: pretest src uri left files: No modified recipes, skipping pretest 
(test_metadata.TestMetadata.pretest_src_uri_left_files)
SKIP: test CVE tag format: No new CVE patches introduced 
(test_patch.TestPatch.test_cve_tag_format)
SKIP: test Signed-off-by presence: No new CVE patches introduced 
(test_patch.TestPatch.test_signed_off_by_presence)
SKIP: test Upstream-Status presence: No new CVE patches introduced 
(test_patch.TestPatch.test_upstream_status_presence_format)
SKIP: test bugzilla entry format: No bug ID found 
(test_mbox.TestMbox.test_bugzilla_entry_format)
SKIP: test lic files chksum modified not mentioned: No modified recipes, 
skipping test 
(test_metadata.TestMetadata.test_lic_files_chksum_modified_not_mentioned)
SKIP: test lic files chksum presence: No added recipes, skipping test 
(test_metadata.TestMetadata.test_lic_files_chksum_presence)
SKIP: test license presence: No added recipes, skipping test 
(test_metadata.TestMetadata.test_license_presence)
SKIP: test series merge on head: Merge test is disabled for now 
(test_mbox.TestMbox.test_series_merge_on_head)
SKIP: test src uri left files: No modified recipes, skipping pretest 
(test_metadata.TestMetadata.test_src_uri_left_files)
SKIP: test summary presence: No added recipes, skipping test 
(test_metadata.TestMetadata.test_summary_presence)
SKIP: test target mailing list: Series merged, no reason to check other mailing 
lists (test_mbox.TestMbox.test_target_mailing_list)

---

Please address the issues identified and
submit a new revision of the patch, or alternatively, reply to this
email with an explanation of why the patch should be accepted. If you
believe these results are due to an error in patchtest, please submit a
bug at https://bugzilla.yoctoproject.org/ (use the 'Patchtest' category
under 'Yocto Project Subprojects'). For more information on specific
failures, see: https://wiki.yoctoproject.org/wiki/Patchtest. Thank
you!

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190845): 
https://lists.openembedded.org/g/openembedded-core/message/190845
Mute This Topic: https://lists.openembedded.org/mt/102645600/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone][PATCH 1/1] grub: fix CVE-2023-4692

[Urade, Yogita via lists.openembedded.org]

From: Yogita Urade 

An out-of-bounds write flaw was found in grub2's NTFS filesystem driver.
This issue may allow an attacker to present a specially crafted NTFS
filesystem image, leading to grub's heap metadata corruption. In some
circumstances, the attack may also corrupt the UEFI firmware heap metadata.
As a result, arbitrary code execution and secure boot protection bypass
may be achieved.

References:
https://nvd.nist.gov/vuln/detail/CVE-2023-4692
https://bugzilla.redhat.com/show_bug.cgi?id=2236613

Signed-off-by: Yogita Urade 
---
 .../grub/files/CVE-2023-4692.patch| 97 +++
 meta/recipes-bsp/grub/grub2.inc   |  1 +
 2 files changed, 98 insertions(+)
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2023-4692.patch

diff --git a/meta/recipes-bsp/grub/files/CVE-2023-4692.patch 
b/meta/recipes-bsp/grub/files/CVE-2023-4692.patch
new file mode 100644
index 00..4780e35b7a
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/CVE-2023-4692.patch
@@ -0,0 +1,97 @@
+From  43651027d24e62a7a463254165e1e46e42aecdea Mon Sep 17 00:00:00 2001
+From: Maxim Suhanov 
+Date: Thu, 16 Nov 2023 07:21:50 +
+Subject: [PATCH] fs/ntfs: Fix an OOB write when parsing the $ATTRIBUTE_LIST
+ attribute for the $MFT file
+
+When parsing an extremely fragmented $MFT file, i.e., the file described
+using the $ATTRIBUTE_LIST attribute, current NTFS code will reuse a buffer
+containing bytes read from the underlying drive to store sector numbers,
+which are consumed later to read data from these sectors into another buffer.
+
+These sectors numbers, two 32-bit integers, are always stored at predefined
+offsets, 0x10 and 0x14, relative to first byte of the selected entry within
+the $ATTRIBUTE_LIST attribute. Usually, this won't cause any problem.
+
+However, when parsing a specially-crafted file system image, this may cause
+the NTFS code to write these integers beyond the buffer boundary, likely
+causing the GRUB memory allocator to misbehave or fail. These integers contain
+values which are controlled by on-disk structures of the NTFS file system.
+
+Such modification and resulting misbehavior may touch a memory range not
+assigned to the GRUB and owned by firmware or another EFI application/driver.
+
+This fix introduces checks to ensure that these sector numbers are never
+written beyond the boundary.
+
+Fixes: CVE-2023-4692
+
+Reported-by: Maxim Suhanov 
+Signed-off-by: Maxim Suhanov 
+Reviewed-by: Daniel Kiper 
+
+CVE: CVE-2023-4692
+Upstream-Status: Backport 
[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=43651027d24e62a7a463254165e1e46e42aecdea]
+
+Signed-off-by: Yogita Urade 
+---
+ grub-core/fs/ntfs.c | 18 +-
+ 1 file changed, 17 insertions(+), 1 deletion(-)
+
+diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c
+index 2f34f76..6009e49 100644
+--- a/grub-core/fs/ntfs.c
 b/grub-core/fs/ntfs.c
+@@ -184,7 +184,7 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr)
+ }
+   if (at->attr_end)
+ {
+-  grub_uint8_t *pa;
++  grub_uint8_t *pa, *pa_end;
+
+   at->emft_buf = grub_malloc (at->mft->data->mft_size << 
GRUB_NTFS_BLK_SHR);
+   if (at->emft_buf == NULL)
+@@ -209,11 +209,13 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr)
+   }
+ at->attr_nxt = at->edat_buf;
+ at->attr_end = at->edat_buf + u32at (pa, 0x30);
++pa_end = at->edat_buf + n;
+   }
+   else
+   {
+ at->attr_nxt = at->attr_end + u16at (pa, 0x14);
+ at->attr_end = at->attr_end + u32at (pa, 4);
++pa_end = at->mft->buf + (at->mft->data->mft_size << 
GRUB_NTFS_BLK_SHR);
+   }
+   at->flags |= GRUB_NTFS_AF_ALST;
+   while (at->attr_nxt < at->attr_end)
+@@ -230,6 +232,13 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr)
+ at->flags |= GRUB_NTFS_AF_GPOS;
+ at->attr_cur = at->attr_nxt;
+ pa = at->attr_cur;
++
++if ((pa >= pa_end) || (pa_end - pa < 0x18))
++  {
++grub_error (GRUB_ERR_BAD_FS, "can\'t parse attribute list");
++return NULL;
++  }
++
+ grub_set_unaligned32 ((char *) pa + 0x10,
+   grub_cpu_to_le32 (at->mft->data->mft_start));
+ grub_set_unaligned32 ((char *) pa + 0x14,
+@@ -240,6 +249,13 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr)
+   {
+ if (*pa != attr)
+   break;
++
++  if ((pa >= pa_end) || (pa_end - pa < 0x18))
++{
++grub_error (GRUB_ERR_BAD_FS, "can\'t parse attribute list");
++return NULL;
++  }
++
+ if (read_attr
+ (at, pa + 0x10,
+  u32at (pa, 0x10) * (at->mft->data->mft_size << 
GRUB_NTFS_BLK_SHR),
+--
+2.40.0
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index c14fe315d3..aaee8a1e03 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ 

[OE-core] [PATCH 7/7] oeqa/selftest/recipetool/devtool: add test for pypi class

[Julien Stephan]

recipetool now supports the pypi class and python recipes can by created
using the new following syntax:

* recipetool create https://pypi.org/project/
* recipetool create https://pypi.org/project//
* recipetool create https://pypi.org/project/ --version 

or the old syntax:
* recipetool create https://files.pythonhosted.org/packages/<...>

So add tests for the new syntax and modify old tests

Signed-off-by: Julien Stephan 
---
 meta/lib/oeqa/selftest/cases/devtool.py|   4 +-
 meta/lib/oeqa/selftest/cases/recipetool.py | 112 +++--
 2 files changed, 85 insertions(+), 31 deletions(-)

diff --git a/meta/lib/oeqa/selftest/cases/devtool.py 
b/meta/lib/oeqa/selftest/cases/devtool.py
index b5c488be8e8..3d9a4901ea5 100644
--- a/meta/lib/oeqa/selftest/cases/devtool.py
+++ b/meta/lib/oeqa/selftest/cases/devtool.py
@@ -543,7 +543,7 @@ class DevtoolAddTests(DevtoolBase):
 self.track_for_cleanup(self.workspacedir)
 self.add_command_to_tearDown('bitbake -c cleansstate %s' % testrecipe)
 self.add_command_to_tearDown('bitbake-layers remove-layer */workspace')
-result = runCmd('devtool add %s %s -f %s' % (testrecipe, srcdir, url))
+result = runCmd('devtool add --no-pypi %s %s -f %s' % (testrecipe, 
srcdir, url))
 self.assertExists(os.path.join(self.workspacedir, 'conf', 
'layer.conf'), 'Workspace directory not created. %s' % result.output)
 self.assertTrue(os.path.isfile(os.path.join(srcdir, 'setup.py')), 
'Unable to find setup.py in source directory')
 self.assertTrue(os.path.isdir(os.path.join(srcdir, '.git')), 'git 
repository for external source tree was not created')
@@ -562,7 +562,7 @@ class DevtoolAddTests(DevtoolBase):
 result = runCmd('devtool reset -n %s' % testrecipe)
 shutil.rmtree(srcdir)
 fakever = '1.9'
-result = runCmd('devtool add %s %s -f %s -V %s' % (testrecipe, srcdir, 
url, fakever))
+result = runCmd('devtool add --no-pypi %s %s -f %s -V %s' % 
(testrecipe, srcdir, url, fakever))
 self.assertTrue(os.path.isfile(os.path.join(srcdir, 'setup.py')), 
'Unable to find setup.py in source directory')
 # Test devtool status
 result = runCmd('devtool status')
diff --git a/meta/lib/oeqa/selftest/cases/recipetool.py 
b/meta/lib/oeqa/selftest/cases/recipetool.py
index 4bc28a4f2ee..b59e53f5994 100644
--- a/meta/lib/oeqa/selftest/cases/recipetool.py
+++ b/meta/lib/oeqa/selftest/cases/recipetool.py
@@ -457,13 +457,15 @@ class RecipetoolCreateTests(RecipetoolBase):
 
 def test_recipetool_create_python3_setuptools(self):
 # Test creating python3 package from tarball (using setuptools3 class)
+# Use the --no-pypi switch to avoid creating a pypi enabled recipe and
+# and check the created recipe as if it was a more general tarball
 temprecipe = os.path.join(self.tempdir, 'recipe')
 os.makedirs(temprecipe)
 pn = 'python-magic'
 pv = '0.4.15'
 recipefile = os.path.join(temprecipe, '%s_%s.bb' % (pn, pv))
 srcuri = 
'https://files.pythonhosted.org/packages/84/30/80932401906eaf787f2e9bd86dc458f1d2e75b064b4c187341f29516945c/python-magic-%s.tar.gz'
 % pv
-result = runCmd('recipetool create -o %s %s' % (temprecipe, srcuri))
+result = runCmd('recipetool create --no-pypi -o %s %s' % (temprecipe, 
srcuri))
 self.assertTrue(os.path.isfile(recipefile))
 checkvars = {}
 checkvars['LICENSE'] = set(['MIT'])
@@ -474,6 +476,82 @@ class RecipetoolCreateTests(RecipetoolBase):
 inherits = ['setuptools3']
 self._test_recipe_contents(recipefile, checkvars, inherits)
 
+def test_recipetool_create_python3_setuptools_pypi_tarball(self):
+# Test creating python3 package from tarball (using setuptools3 and 
pypi classes)
+temprecipe = os.path.join(self.tempdir, 'recipe')
+os.makedirs(temprecipe)
+pn = 'python-magic'
+pv = '0.4.15'
+recipefile = os.path.join(temprecipe, '%s_%s.bb' % (pn, pv))
+srcuri = 
'https://files.pythonhosted.org/packages/84/30/80932401906eaf787f2e9bd86dc458f1d2e75b064b4c187341f29516945c/python-magic-%s.tar.gz'
 % pv
+result = runCmd('recipetool create -o %s %s' % (temprecipe, srcuri))
+self.assertTrue(os.path.isfile(recipefile))
+checkvars = {}
+checkvars['LICENSE'] = set(['MIT'])
+checkvars['LIC_FILES_CHKSUM'] = 
'file://LICENSE;md5=16a934f165e8c3245f241e77d401bb88'
+checkvars['PYPI_PACKAGE'] = pn
+inherits = ['setuptools3', 'pypi']
+self._test_recipe_contents(recipefile, checkvars, inherits)
+
+def test_recipetool_create_python3_setuptools_pypi(self):
+# Test creating python3 package from pypi url (using setuptools3 and 
pypi classes)
+# Intentionnaly using setuptools3 class here instead of any of the 
pep517 class
+# to avoid the toml dependency and allows this test to run on host 
autobuilders
+ 

[OE-core] [PATCH 6/7] oeqa/selftest/recipetool: remove spaces on empty lines

[Julien Stephan]

Signed-off-by: Julien Stephan 
---
 meta/lib/oeqa/selftest/cases/recipetool.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/lib/oeqa/selftest/cases/recipetool.py 
b/meta/lib/oeqa/selftest/cases/recipetool.py
index 55cbba9ca74..4bc28a4f2ee 100644
--- a/meta/lib/oeqa/selftest/cases/recipetool.py
+++ b/meta/lib/oeqa/selftest/cases/recipetool.py
@@ -853,7 +853,7 @@ class RecipetoolTests(RecipetoolBase):
 self._test_recipe_contents(deps_require_file, checkvars, [])
 
 
-
+
 def _copy_file_with_cleanup(self, srcfile, basedstdir, *paths):
 dstdir = basedstdir
 self.assertTrue(os.path.exists(dstdir))
-- 
2.42.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190842): 
https://lists.openembedded.org/g/openembedded-core/message/190842
Mute This Topic: https://lists.openembedded.org/mt/102645290/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 5/7] recipetool: create_buildsys_python: add pypi support

[Julien Stephan]

Today, we can use devtool/recipetool to create recipes for python projects
using the github url or the direct realse tarball of the project, but the
create_buildsys_python plugin doesn't support the pypi class, since we cannot
know from the extracted source if the package is available on pypi or not.

By implementing the new optional process_url callback, we can detect
that the url is a pypi one (i.e 'https://pypi.org/project/')
and retrieve the release tarball location.
Also detect if the url points to a release tarball hosted on
"files.pythonhosted.iorg" (i.e https://files.pythonhosted.org/packages/...)

In both cases, adds the pypi class, remove 'S' and 'SRC_URIxxx'
variables from the created recipe as they will be handled by the pypi class
and add the PYPI_PACKAGE variable

This helps to produce cleaner recipes when package is hosted on pypi.

If the url points to a github url or a release tarball not coming from
"files.pythonhosted.org" website, the created recipe is the same as
before. One can also use the newly added "--no-pypi" switch to
devtool/recipetool to NOT inherit from pypi class on matching url, to
keep legacy behaviour.

To create a recipe for a pypi package, one can now use one of the
new following syntax (using recipetool create / devtool add):

* recipetool create https://pypi.org/project/
* recipetool create https://pypi.org/project//
* recipetool create https://pypi.org/project/ --version 

or the old syntax:
* recipetool create https://files.pythonhosted.org/packages/<...>

Signed-off-by: Julien Stephan 
---
 scripts/lib/devtool/standard.py   |  3 +
 scripts/lib/recipetool/create.py  |  1 +
 .../lib/recipetool/create_buildsys_python.py  | 72 +++
 3 files changed, 76 insertions(+)

diff --git a/scripts/lib/devtool/standard.py b/scripts/lib/devtool/standard.py
index d53fb810071..f18ebaa70d3 100644
--- a/scripts/lib/devtool/standard.py
+++ b/scripts/lib/devtool/standard.py
@@ -147,6 +147,8 @@ def add(args, config, basepath, workspace):
 extracmdopts += ' -a'
 if args.npm_dev:
 extracmdopts += ' --npm-dev'
+if args.no_pypi:
+extracmdopts += ' --no-pypi'
 if args.mirrors:
 extracmdopts += ' --mirrors'
 if args.srcrev:
@@ -2260,6 +2262,7 @@ def register_commands(subparsers, context):
 group.add_argument('--no-same-dir', help='Force build in a separate build 
directory', action="store_true")
 parser_add.add_argument('--fetch', '-f', help='Fetch the specified URI and 
extract it to create the source tree (deprecated - pass as positional argument 
instead)', metavar='URI')
 parser_add.add_argument('--npm-dev', help='For npm, also fetch 
devDependencies', action="store_true")
+parser_add.add_argument('--no-pypi', help='Do not inherit pypi class', 
action="store_true")
 parser_add.add_argument('--version', '-V', help='Version to use within 
recipe (PV)')
 parser_add.add_argument('--no-git', '-g', help='If fetching source, do not 
set up source tree as a git repository', action="store_true")
 group = parser_add.add_mutually_exclusive_group()
diff --git a/scripts/lib/recipetool/create.py b/scripts/lib/recipetool/create.py
index 5c5ac7ae403..963aa91421e 100644
--- a/scripts/lib/recipetool/create.py
+++ b/scripts/lib/recipetool/create.py
@@ -1413,6 +1413,7 @@ def register_commands(subparsers):
 parser_create.add_argument('-B', '--srcbranch', help='Branch in source 
repository if fetching from an SCM such as git (default master)')
 parser_create.add_argument('--keep-temp', action="store_true", help='Keep 
temporary directory (for debugging)')
 parser_create.add_argument('--npm-dev', action="store_true", help='For 
npm, also fetch devDependencies')
+parser_create.add_argument('--no-pypi', action="store_true", help='Do not 
inherit pypi class')
 parser_create.add_argument('--devtool', action="store_true", 
help=argparse.SUPPRESS)
 parser_create.add_argument('--mirrors', action="store_true", help='Enable 
PREMIRRORS and MIRRORS for source tree fetching (disabled by default).')
 parser_create.set_defaults(func=create_recipe)
diff --git a/scripts/lib/recipetool/create_buildsys_python.py 
b/scripts/lib/recipetool/create_buildsys_python.py
index b620e3271b1..5e07222ece1 100644
--- a/scripts/lib/recipetool/create_buildsys_python.py
+++ b/scripts/lib/recipetool/create_buildsys_python.py
@@ -18,7 +18,11 @@ import os
 import re
 import sys
 import subprocess
+import json
+import urllib.request
 from recipetool.create import RecipeHandler
+from urllib.parse import urldefrag
+from recipetool.create import determine_from_url
 
 logger = logging.getLogger('recipetool')
 
@@ -111,6 +115,74 @@ class PythonRecipeHandler(RecipeHandler):
 def __init__(self):
 pass
 
+def process_url(self, args, classes, handled, extravalues):
+"""
+Convert any pypi url https://pypi.org/project// into 
https://files.pythonhosted.org/packages/source/...
+

[OE-core] [PATCH 2/7] recipetool: create_buildsys_python.py: initialize metadata

[Julien Stephan]

In the case pyproject.toml doesn't contains metadatas, the metadata
variable is not initialized and the plugin throws an error and falls back
to another plugin, which is not the desired behaviour. So just ignore
metadata if we don't have them

Signed-off-by: Julien Stephan 
---
 scripts/lib/recipetool/create_buildsys_python.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/scripts/lib/recipetool/create_buildsys_python.py 
b/scripts/lib/recipetool/create_buildsys_python.py
index 9312e4abf13..b620e3271b1 100644
--- a/scripts/lib/recipetool/create_buildsys_python.py
+++ b/scripts/lib/recipetool/create_buildsys_python.py
@@ -726,6 +726,7 @@ class PythonPyprojectTomlRecipeHandler(PythonRecipeHandler):
 
 def process(self, srctree, classes, lines_before, lines_after, handled, 
extravalues):
 info = {}
+metadata = {}
 
 if 'buildsystem' in handled:
 return False
-- 
2.42.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190838): 
https://lists.openembedded.org/g/openembedded-core/message/190838
Mute This Topic: https://lists.openembedded.org/mt/102645286/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 3/7] recipetool: create: add trailing newlines

[Julien Stephan]

create_recipe() function relies on oe.recipeutils.patch_recipe_lines()
which relies on bb.utils.edit_metadata(). edit_metada expect lines to
have trailing newlines, so add it to each line before calling
patch_recipe_lines, otherwise edit_metadata will not be able to squash
blank line if there are two consecutive blanks after a removal

Signed-off-by: Julien Stephan 
---
 scripts/lib/recipetool/create.py | 8 +---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/scripts/lib/recipetool/create.py b/scripts/lib/recipetool/create.py
index 293198d1c88..f5d541eb6c1 100644
--- a/scripts/lib/recipetool/create.py
+++ b/scripts/lib/recipetool/create.py
@@ -873,8 +873,10 @@ def create_recipe(args):
 outlines.append('')
 outlines.extend(lines_after)
 
+outlines = [ line.rstrip('\n') +"\n" for line in outlines]
+
 if extravalues:
-_, outlines = oe.recipeutils.patch_recipe_lines(outlines, extravalues, 
trailing_newline=False)
+_, outlines = oe.recipeutils.patch_recipe_lines(outlines, extravalues, 
trailing_newline=True)
 
 if args.extract_to:
 scriptutils.git_convert_standalone_clone(srctree)
@@ -890,7 +892,7 @@ def create_recipe(args):
 log_info_cond('Source extracted to %s' % args.extract_to, args.devtool)
 
 if outfile == '-':
-sys.stdout.write('\n'.join(outlines) + '\n')
+sys.stdout.write(''.join(outlines) + '\n')
 else:
 with open(outfile, 'w') as f:
 lastline = None
@@ -898,7 +900,7 @@ def create_recipe(args):
 if not lastline and not line:
 # Skip extra blank lines
 continue
-f.write('%s\n' % line)
+f.write('%s' % line)
 lastline = line
 log_info_cond('Recipe %s has been created; further editing may be 
required to make it fully functional' % outfile, args.devtool)
 tinfoil.modified_files()
-- 
2.42.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190839): 
https://lists.openembedded.org/g/openembedded-core/message/190839
Mute This Topic: https://lists.openembedded.org/mt/102645287/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 4/7] recipetool: create: add new optional process_url callback for plugins

[Julien Stephan]

Add a new process_url callback that plugins can optionally implement if
they which to handle url.

Plugins can implement this callback for example, to:
* transform the url
* add special variables using extravalues
* add extra classes
* ...

If a plugin handles the url, it must append 'url' to the handled
list and must return the fetchuri

No functional changes expected for plugins non implementing this
optional callback

Signed-off-by: Julien Stephan 
---
 scripts/lib/recipetool/create.py | 54 +++-
 1 file changed, 32 insertions(+), 22 deletions(-)

diff --git a/scripts/lib/recipetool/create.py b/scripts/lib/recipetool/create.py
index f5d541eb6c1..5c5ac7ae403 100644
--- a/scripts/lib/recipetool/create.py
+++ b/scripts/lib/recipetool/create.py
@@ -423,6 +423,36 @@ def create_recipe(args):
 storeTagName = ''
 pv_srcpv = False
 
+handled = []
+classes = []
+
+# Find all plugins that want to register handlers
+logger.debug('Loading recipe handlers')
+raw_handlers = []
+for plugin in plugins:
+if hasattr(plugin, 'register_recipe_handlers'):
+plugin.register_recipe_handlers(raw_handlers)
+# Sort handlers by priority
+handlers = []
+for i, handler in enumerate(raw_handlers):
+if isinstance(handler, tuple):
+handlers.append((handler[0], handler[1], i))
+else:
+handlers.append((handler, 0, i))
+handlers.sort(key=lambda item: (item[1], -item[2]), reverse=True)
+for handler, priority, _ in handlers:
+logger.debug('Handler: %s (priority %d)' % 
(handler.__class__.__name__, priority))
+setattr(handler, '_devtool', args.devtool)
+handlers = [item[0] for item in handlers]
+
+fetchuri = None
+for handler in handlers:
+if hasattr(handler, 'process_url'):
+ret = handler.process_url(args, classes, handled, extravalues)
+if 'url' in handled and ret:
+fetchuri = ret
+break
+
 if os.path.isfile(source):
 source = 'file://%s' % os.path.abspath(source)
 
@@ -431,7 +461,8 @@ def create_recipe(args):
 if 
re.match(r'https?://github.com/[^/]+/[^/]+/archive/.+(\.tar\..*|\.zip)$', 
source):
 logger.warning('github archive files are not guaranteed to be 
stable and may be re-generated over time. If the latter occurs, the checksums 
will likely change and the recipe will fail at do_fetch. It is recommended that 
you point to an actual commit or tag in the repository instead (using the 
repository URL in conjunction with the -S/--srcrev option).')
 # Fetch a URL
-fetchuri = reformat_git_uri(urldefrag(source)[0])
+if not fetchuri:
+fetchuri = reformat_git_uri(urldefrag(source)[0])
 if args.binary:
 # Assume the archive contains the directory structure verbatim
 # so we need to extract to a subdirectory
@@ -638,8 +669,6 @@ def create_recipe(args):
 # We'll come back and replace this later in handle_license_vars()
 lines_before.append('##LICENSE_PLACEHOLDER##')
 
-handled = []
-classes = []
 
 # FIXME This is kind of a hack, we probably ought to be using bitbake to 
do this
 pn = None
@@ -718,25 +747,6 @@ def create_recipe(args):
 if args.npm_dev:
 extravalues['NPM_INSTALL_DEV'] = 1
 
-# Find all plugins that want to register handlers
-logger.debug('Loading recipe handlers')
-raw_handlers = []
-for plugin in plugins:
-if hasattr(plugin, 'register_recipe_handlers'):
-plugin.register_recipe_handlers(raw_handlers)
-# Sort handlers by priority
-handlers = []
-for i, handler in enumerate(raw_handlers):
-if isinstance(handler, tuple):
-handlers.append((handler[0], handler[1], i))
-else:
-handlers.append((handler, 0, i))
-handlers.sort(key=lambda item: (item[1], -item[2]), reverse=True)
-for handler, priority, _ in handlers:
-logger.debug('Handler: %s (priority %d)' % 
(handler.__class__.__name__, priority))
-setattr(handler, '_devtool', args.devtool)
-handlers = [item[0] for item in handlers]
-
 # Apply the handlers
 if args.binary:
 classes.append('bin_package')
-- 
2.42.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190840): 
https://lists.openembedded.org/g/openembedded-core/message/190840
Mute This Topic: https://lists.openembedded.org/mt/102645288/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 0/7] Devtool/Recipetool: adding pypi support

[Julien Stephan]

Hello all,

This series adds basic support for the pypi class in devtool/recipetool.

The idea is to be able to detect that a package is available on pypi and
in that case inherits from pypi class. This helps to produce cleaner
recipes for pypi packages.

To do this, I am adding a new optional callback "process_url" that
plugin can register to implement some logic on matching url.

By implementing this callback in create_buildsys_python we can match on
pypi URLs directly or on release tarballs hosted on "files.pythonhosted.org".

To create a recipe taking advantage of the pypi class we can use one of the
following new syntax:

* recipetool create https://pypi.org/project/
* recipetool create https://pypi.org/project//
* recipetool create https://pypi.org/project/ --version 

or the old syntax:

* recipetool create https://files.pythonhosted.org/packages/<...>

If the URL points to a github URL or a release tarball not coming from
"files.pythonhosted.org", the created recipe is the same as before.
One can also use the newly added "--no-pypi" switch to NOT inherit 
from pypi class on matching URL, to keep legacy behaviour.

This series also contains some bug fixes I found during my testing.

Pushed my dev branch here: 
https://git.yoctoproject.org/poky-contrib/log/?h=jstephan/devtool-add-pypi-support
 

Cheers
Julien

Julien Stephan (7):
  bitbake: utils: remove spaces on empty lines
  recipetool: create_buildsys_python.py: initialize metadata
  recipetool: create: add trailing newlines
  recipetool: create: add new optional process_url callback for plugins
  recipetool: create_buildsys_python: add pypi support
  oeqa/selftest/recipetool: remove spaces on empty lines
  oeqa/selftest/recipetool/devtool: add test for pypi class

 bitbake/lib/bb/utils.py   |  16 +--
 meta/lib/oeqa/selftest/cases/devtool.py   |   4 +-
 meta/lib/oeqa/selftest/cases/recipetool.py| 114 +-
 scripts/lib/devtool/standard.py   |   3 +
 scripts/lib/recipetool/create.py  |  63 ++
 .../lib/recipetool/create_buildsys_python.py  |  73 +++
 6 files changed, 208 insertions(+), 65 deletions(-)

-- 
2.42.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190836): 
https://lists.openembedded.org/g/openembedded-core/message/190836
Mute This Topic: https://lists.openembedded.org/mt/102645283/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 1/7] bitbake: utils: remove spaces on empty lines

[Julien Stephan]

Signed-off-by: Julien Stephan 
---
 bitbake/lib/bb/utils.py | 16 
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/bitbake/lib/bb/utils.py b/bitbake/lib/bb/utils.py
index b401fa5ec7a..61ffad92ce3 100644
--- a/bitbake/lib/bb/utils.py
+++ b/bitbake/lib/bb/utils.py
@@ -50,7 +50,7 @@ def clean_context():
 
 def get_context():
 return _context
-
+
 
 def set_context(ctx):
 _context = ctx
@@ -212,8 +212,8 @@ def explode_dep_versions2(s, *, sort=True):
 inversion = True
 # This list is based on behavior and supported comparisons from 
deb, opkg and rpm.
 #
-# Even though =<, <<, ==, !=, =>, and >> may not be supported, 
-# we list each possibly valid item. 
+# Even though =<, <<, ==, !=, =>, and >> may not be supported,
+# we list each possibly valid item.
 # The build system is responsible for validation of what it 
supports.
 if i.startswith(('<=', '=<', '<<', '==', '!=', '>=', '=>', '>>')):
 lastcmp = i[0:2]
@@ -347,7 +347,7 @@ def _print_exception(t, value, tb, realfile, text, context):
 exception = traceback.format_exception_only(t, value)
 error.append('Error executing a python function in %s:\n' % realfile)
 
-# Strip 'us' from the stack (better_exec call) unless that was where 
the 
+# Strip 'us' from the stack (better_exec call) unless that was where 
the
 # error came from
 if tb.tb_next is not None:
 tb = tb.tb_next
@@ -746,9 +746,9 @@ def prunedir(topdir, ionice=False):
 # but thats possibly insane and suffixes is probably going to be small
 #
 def prune_suffix(var, suffixes, d):
-""" 
+"""
 See if var ends with any of the suffixes listed and
-remove it if found 
+remove it if found
 """
 for suffix in suffixes:
 if suffix and var.endswith(suffix):
@@ -1001,9 +1001,9 @@ def umask(new_mask):
 os.umask(current_mask)
 
 def to_boolean(string, default=None):
-""" 
+"""
 Check input string and return boolean value True/False/None
-depending upon the checks 
+depending upon the checks
 """
 if not string:
 return default
-- 
2.42.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190837): 
https://lists.openembedded.org/g/openembedded-core/message/190837
Mute This Topic: https://lists.openembedded.org/mt/102645284/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH v8 1/2] vte: upgrade 2.72.2 -> 2.74.0

[Alexandre Belloni via lists.openembedded.org]

https://autobuilder.yoctoproject.org/typhoon/#/builders/44/builds/8176/steps/21/logs/stdio

ERROR: core-image-sato-1.0-r0 do_rootfs: Multilib check error: duplicate files 
/home/pokybuild/yocto-worker/multilib/build/build/tmp/work/qemux86_64-poky-linux/core-image-sato/1.0/multilib/lib32/usr/share/glib-2.0/schemas/gschemas.compiled
 
/home/pokybuild/yocto-worker/multilib/build/build/tmp/work/qemux86_64-poky-linux/core-image-sato/1.0/rootfs/usr/share/glib-2.0/schemas/gschemas.compiled
 is not the same


On 15/11/2023 10:24:15-0800, Khem Raj wrote:
> From: Markus Volk 
> 
> Rework recipe
> 
> - remove legacy of the autotools buildsystem
> - remove BBCLASSEXTEND
> - build   vapi dependent on gi-data
> - docs require gir, add   a EXTRA_OEMESON:append to avoid fail in
>   a combination   where docs=true and gir=false
> - gtk+3 and gtk4 are requested by default-> add gtk4 depending
>   on DISTRO_FEATURE
> - install systemd support files   depending on DISTRO_FEATURE
> - update 0001-Add-W_EXITCODE-macro-for-non-glibc-systems.patch
> 
> Signed-off-by: Markus Volk 
> Signed-off-by: Khem Raj 
> ---
> v8: Rebased on latest tip of trunk
> 
>  ...EXITCODE-macro-for-non-glibc-systems.patch | 35 ---
>  .../vte/{vte_0.72.2.bb => vte_0.74.0.bb}  | 29 ++-
>  2 files changed, 25 insertions(+), 39 deletions(-)
>  rename meta/recipes-support/vte/{vte_0.72.2.bb => vte_0.74.0.bb} (66%)
> 
> diff --git 
> a/meta/recipes-support/vte/vte/0001-Add-W_EXITCODE-macro-for-non-glibc-systems.patch
>  
> b/meta/recipes-support/vte/vte/0001-Add-W_EXITCODE-macro-for-non-glibc-systems.patch
> index b4100fc381e..8934d5f80a6 100644
> --- 
> a/meta/recipes-support/vte/vte/0001-Add-W_EXITCODE-macro-for-non-glibc-systems.patch
> +++ 
> b/meta/recipes-support/vte/vte/0001-Add-W_EXITCODE-macro-for-non-glibc-systems.patch
> @@ -11,32 +11,25 @@ Upstream-Status: Submitted [1]
>  Signed-off-by: Andreas Müller 
>  
>  [1] https://gitlab.gnome.org/GNOME/vte/issues/72
> -
>  ---
> - src/missing.hh | 4 
> - src/widget.cc  | 1 +
> - 2 files changed, 5 insertions(+)
> + src/widget.cc  | 4 +++
> + 1 files changed, 4 insertions(+)
>  
>  a/src/missing.hh
> -+++ b/src/missing.hh
> -@@ -24,6 +24,10 @@
> - #define NSIG (8 * sizeof(sigset_t))
> - #endif
> +diff --git a/src/widget.cc b/src/widget.cc
> +index 07f7cabf..31a77f68 100644
> +--- a/src/widget.cc
>  b/src/widget.cc
> +@@ -16,6 +16,10 @@
> +  * along with this library.  If not, see .
> +  */
>   
>  +#ifndef W_EXITCODE
>  +#define W_EXITCODE(ret, sig) ((ret) << 8 | (sig))
>  +#endif
>  +
> - #ifndef HAVE_FDWALK
> - int fdwalk(int (*cb)(void* data, int fd),
> -void* data);
>  a/src/widget.cc
> -+++ b/src/widget.cc
> -@@ -21,6 +21,7 @@
> - #include "widget.hh"
> - 
> - #include  // for W_EXITCODE
> -+#include "missing.hh" // for W_EXITCODE on non-glibc systems
> + #include "config.h"
>   
> - #include 
> - #include 
> + #include "widget.hh"
> +-- 
> +2.42.0
> +
> diff --git a/meta/recipes-support/vte/vte_0.72.2.bb 
> b/meta/recipes-support/vte/vte_0.74.0.bb
> similarity index 66%
> rename from meta/recipes-support/vte/vte_0.72.2.bb
> rename to meta/recipes-support/vte/vte_0.74.0.bb
> index 44e71491f62..21203adcf79 100644
> --- a/meta/recipes-support/vte/vte_0.72.2.bb
> +++ b/meta/recipes-support/vte/vte_0.74.0.bb
> @@ -16,32 +16,27 @@ DEPENDS = "glib-2.0 glib-2.0-native gtk+3 libpcre2 
> libxml2-native gperf-native i
>  GIR_MESON_OPTION = 'gir'
>  GIDOCGEN_MESON_OPTION = "docs"
>  
> -inherit gnomebase gi-docgen features_check upstream-version-is-even 
> gobject-introspection
> +inherit gnomebase gi-docgen features_check upstream-version-is-even 
> gobject-introspection vala
>  
> -# vapigen.m4 is required when vala is not present (but the one from vala 
> should be used normally)
>  SRC_URI += "file://0001-Add-W_EXITCODE-macro-for-non-glibc-systems.patch"
> -SRC_URI[archive.sha256sum] = 
> "f7966fd185a6981f53964162b71cfef7e606495155d6f5827b72aa0dd6741c9e"
> +SRC_URI[archive.sha256sum] = 
> "9ae08f777952ba793221152d360550451580f42d3b570e3341ebb6841984c76b"
>  
>  ANY_OF_DISTRO_FEATURES = "${GTK3DISTROFEATURES}"
>  
> -# Help g-ir-scanner find the .so for linking
> -do_compile:prepend() {
> -export GIR_EXTRA_LIBS_PATH="${B}/src/.libs"
> -}
> +EXTRA_OEMESON += "${@bb.utils.contains('GI_DATA_ENABLED', 'True', 
> '-Dvapi=true', '-Dvapi=false', d)}"
> +EXTRA_OEMESON:append = " ${@bb.utils.contains('GI_DATA_ENABLED', 'False', 
> '-Ddocs=false', '', d)}"
>  
> -# Package additional files
> -FILES:${PN}-dev += "${datadir}/vala/vapi/*"
> -
> -PACKAGECONFIG ??= "gnutls"
> -PACKAGECONFIG[vala] = "-Dvapi=true,-Dvapi=false,vala-native vala"
> +PACKAGECONFIG ??= " \
> + gnutls \
> + ${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)} \
> + ${@bb.utils.contains('DISTRO_FEATURES', 'opengl', 'gtk4', '', d)} \
> +"
> +PACKAGECONFIG[gtk4] = "-Dgtk4=true,-Dgtk4=false,gtk4"
>  PACKAGECONFIG[gnutls] = 

Re: [OE-core] [qa-build-notification] QA notification for completed autobuilder build (yocto-4.2.4.rc3)

[Jing Hui Tham]

Hi All,
 
QA for yocto-4.2.4.rc3 is completed. This is the full report for this release:  
https://git.yoctoproject.org/cgit/cgit.cgi/yocto-testresults-contrib/tree/?h=intel-yocto-testresults
 
=== Summary 
No high milestone defects.
 
No new issue found. 
 
Thanks,
Jing Hui


> -Original Message-
> From: qa-build-notificat...@lists.yoctoproject.org  notificat...@lists.yoctoproject.org> On Behalf Of Pokybuild User
> Sent: Tuesday, November 14, 2023 3:04 PM
> To: yo...@lists.yoctoproject.org
> Cc: qa-build-notificat...@lists.yoctoproject.org
> Subject: [qa-build-notification] QA notification for completed autobuilder
> build (yocto-4.2.4.rc3)
> 
> 
> A build flagged for QA (yocto-4.2.4.rc3) was completed on the autobuilder
> and is available at:
> 
> 
> https://autobuilder.yocto.io/pub/releases/yocto-4.2.4.rc3
> 
> 
> Build URL:
> https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6188
> 
> Build hash information:
> 
> bitbake: c7e094ec3beccef0bbbf67c100147c449d9c6836
> meta-agl: bf791cba6a3bc53864bf719dc913cea352146f75
> meta-arm: 9bcc166bd5bb717aa86bb0464621a36abc51fa19
> meta-aws: b288fb9d29f67af79de07f039429fcf921e2abd3
> meta-intel: 0ed9b8ed17878274b80dbf713f50aa253dcd
> meta-mingw: d87d4f00b9c6068fff03929a4b0f231a942d3873
> meta-openembedded: 39968837196cb48209b71e8852dd04a2f8ccdca8
> meta-virtualization: b8db7002764712f2902fe9dea098c171b1128076
> oecore: 23b5141400b2c676c806df3308f023f7c04e34e0
> poky: 7235399a86b134e57d5eb783d7f1f57ca0439ae5
> 
> 
> 
> This is an automated message from the Yocto Project Autobuilder
> Git: git://git.yoctoproject.org/yocto-autobuilder2
> Email: richard.pur...@linuxfoundation.org
> 
> 
> 
> 
> 
> 
> 


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190834): 
https://lists.openembedded.org/g/openembedded-core/message/190834
Mute This Topic: https://lists.openembedded.org/mt/102582355/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone][PATCH 1/1] sudo: upgrade 1.9.13p3 -> 1.9.15p2

[Soumya via lists.openembedded.org]

From: Soumya Sambu 

License-update: file removed upstream

Drop patch as issue fixed upstream.

Changelog:
===
1.9.15p2
 * Fixed a bug on BSD systems where sudo would not restore the
   terminal settings on exit if the terminal had parity enabled.
   GitHub issue #326.

1.9.15p1
 * Fixed a bug introduced in sudo 1.9.15 that prevented LDAP-based
   sudoers from being able to read the ldap.conf file.
   GitHub issue #325.

1.9.15
 * Fixed an undefined symbol problem on older versions of macOS
   when "intercept" or "log_subcmds" are enabled in sudoers.
   GitHub issue #276.
 * Fixed "make check" failure related to getpwent(3) wrapping
   on NetBSD.
 * Fixed the warning message for "sudo -l command" when the command
   is not permitted.  There was a missing space between "list" and
   the actual command due to changes in sudo 1.9.14.
 * Fixed a bug where output could go to the wrong terminal if
   "use_pty" is enabled (the default) and the standard input, output
   or error is redirected to a different terminal.  Bug #1056.
 * The visudo utility will no longer create an empty file when the
   specified sudoers file does not exist and the user exits the
   editor without making any changes.  GitHub issue #294.
 * The AIX and Solaris sudo packages on www.sudo.ws now support
   "log_subcmds" and "intercept" with both 32-bit and 64-bit
   binaries.  Previously, they only worked when running binaries
   with the same word size as the sudo binary.  GitHub issue #289.
 * The sudoers source is now logged in the JSON event log.  This
   makes it possible to tell which rule resulted in a match.
 * Running "sudo -ll command" now produces verbose output that
   includes matching rule as well as the path to the sudoers file
   the matching rule came from.  For LDAP sudoers, the name of the
   matching sudoRole is printed instead.
 * The embedded copy of zlib has been updated to version 1.3.
 * The sudoers plugin has been modified to make it more resilient
   to ROWHAMMER attacks on authentication and policy matching.
   This addresses CVE-2023-42465.
 * The sudoers plugin now constructs the user time stamp file path
   name using the user-ID instead of the user name.  This avoids a
   potential problem with user names that contain a path separator
   ('/') being interpreted as part of the path name.  A similar
   issue in sudo-rs has been assigned CVE-2023-42456.
 * A path separator ('/') in a user, group or host name is now
   replaced with an underbar character ('_') when expanding escapes
   in @include and @includedir directives as well as the "iolog_file"
   and "iolog_dir" sudoers Default settings.
 * The "intercept_verify" sudoers option is now only applied when
   the "intercept" option is set in sudoers.  Previously, it was
   also applied when "log_subcmds" was enabled.  Sudo 1.9.14
   contained an incorrect fix for this.  Bug #1058.
 * Changes to terminal settings are now performed atomically, where
   possible.  If the command is being run in a pseudo-terminal and
   the user's terminal is already in raw mode, sudo will not change
   the user's terminal settings.  This prevents concurrent sudo
   processes from restoring the terminal settings to the wrong values.
   GitHub issue #312.
 * Reverted a change from sudo 1.9.4 that resulted in PAM session
   modules being called with the environment of the command to be
   run instead of the environment of the invoking user.
   GitHub issue #318.
 * New Indonesian translation from translationproject.org.
 * The sudo_logsrvd server will now raise its open file descriptor
   limit to the maximum allowed value when it starts up.  Each
   connection can require up to nine open file descriptors so the
   default soft limit may be too low.
 * Better log message when rejecting a command if the "intercept"
   option is enabled and the "intercept_allow_setid" option is
   disabled.  Previously, "command not allowed" would be logged and
   the user had no way of knowing what the actual problem was.
 * Sudo will now log the invoking user's environment as "submitenv"
   in the JSON logs.  The command's environment ("runenv") is no
   longer logged for commands rejected by the sudoers file or an
   approval plugin.

1.9.14p3
 * Fixed a crash with Python 3.12 when the sudo Python plugin is
   unloaded.  This only affects "make check" for the Python plugin.
 * Adapted the sudo Python plugin test output to match Python 3.12.

1.9.14p2
 * Fixed a crash on Linux systems introduced in version 1.9.14 when
   running a command with a NULL argv[0] if "log_subcmds" or
   "intercept" is enabled in sudoers.
 * Fixed a problem with "stair-stepped" output when piping or
   redirecting the output of a sudo command that takes user input.
 * Fixed a bug introduced in sudo 1.9.14 that affects matching
   sudoers rules containing a Runas_Spec with an empty Runas user.
   These rules should only match when sudo's -g option is used but
   were matching even without the -g option.  GitHub