Re: [OE-core] [PATCH V3] rust-cross-canadian: Fix file conflicts for arm and aarch64
[Edited Message Follows] Hi Ross, May I know if any changes are required for this patch? If not, when it is planned to take into Kirkstone branch. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193571): https://lists.openembedded.org/g/openembedded-core/message/193571 Mute This Topic: https://lists.openembedded.org/mt/103206453/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH] glibc: Set status for CVE-2023-5156 & CVE-2023-0687
Hi Simone, I would like make a small improvements here ;). Once you're touching this file, make it little bit more optimized. Something like this: CVE_STATUS_GROUPS += "CVE_STATUS_GLIBC" CVE_STATUS_GLIBC = "CVE-2023-4527 CVE-2023-4911 CVE-2023-4806"... CVE_STATUS_GLIBC[status] = "fixed-version: Fixed in stable branch updates" Then we don't have to set the same status multiple times separately. Regards, Andy On 11.01.2024 16:20, Simone Weiß wrote: From: Simone Weiß Set `CVE_STATUS`for those CVEs, they have already been fixed with the latest pull for stable branch fixes done in rev e444d2bed0ea140a574414fcd5a689867e8ba312. Hence the issues are fixed already. Signed-off-by: Simone Weiß --- meta/recipes-core/glibc/glibc-version.inc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta/recipes-core/glibc/glibc-version.inc b/meta/recipes-core/glibc/glibc-version.inc index ccf9d505c5..5f24a10826 100644 --- a/meta/recipes-core/glibc/glibc-version.inc +++ b/meta/recipes-core/glibc/glibc-version.inc @@ -10,4 +10,6 @@ UPSTREAM_CHECK_GITTAGREGEX = "(?P\d+\.\d+(\.(?!90)\d+)*)" CVE_STATUS[CVE-2023-4527] = "fixed-version: Fixed in stable branch updates" CVE_STATUS[CVE-2023-4911] = "fixed-version: Fixed in stable branch updates" CVE_STATUS[CVE-2023-4806] = "fixed-version: Fixed in stable branch updates" +CVE_STATUS[CVE-2023-5156] = "fixed-version: Fixed in stable branch updates" CVE_STATUS[CVE-2023-4527] = "fixed-version: Fixed in stable branch updates" +CVE_STATUS[CVE-2023-0687] = "fixed-version: Fixed in stable branch updates" -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193572): https://lists.openembedded.org/g/openembedded-core/message/193572 Mute This Topic: https://lists.openembedded.org/mt/103663782/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH V3] rust-cross-canadian: Fix file conflicts for arm and aarch64
Hi Ross, May I know if any changes are required for this patch? -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193571): https://lists.openembedded.org/g/openembedded-core/message/193571 Mute This Topic: https://lists.openembedded.org/mt/103206453/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone][PATCH] Revert "curl: Backport fix CVE-2023-32001"
From: Poonam Jadhav This reverts commit 5eab65275dc9faa0b9a4371d5bcb6e95cfda61cd. CVE-2023-32001 has been marked "REJECT" in the NVD CVE List as there is no safe measure against it. These CVEs are stored in the NVD, but do not show up in search results. Link: https://nvd.nist.gov/vuln/detail/CVE-2023-32001 Signed-off-by: Poonam Jadhav poonam.jad...@kpit.com --- .../curl/curl/CVE-2023-32001.patch| 39 --- meta/recipes-support/curl/curl_7.82.0.bb | 1 - 2 files changed, 40 deletions(-) delete mode 100644 meta/recipes-support/curl/curl/CVE-2023-32001.patch diff --git a/meta/recipes-support/curl/curl/CVE-2023-32001.patch b/meta/recipes-support/curl/curl/CVE-2023-32001.patch deleted file mode 100644 index 7ea3073755..00 --- a/meta/recipes-support/curl/curl/CVE-2023-32001.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 0c667188e0c6cda615a036b8a2b4125f2c404dde Mon Sep 17 00:00:00 2001 -From: SaltyMilk -Date: Mon, 10 Jul 2023 21:43:28 +0200 -Subject: [PATCH] fopen: optimize - -Closes #11419 - -Upstream-Status: Backport [https://github.com/curl/curl/commit/0c667188e0c6cda615a036b8a2b4125f2c404dde] -CVE: CVE-2023-32001 -Signed-off-by: Ashish Sharma - - - lib/fopen.c | 12 ++-- - 1 file changed, 6 insertions(+), 6 deletions(-) - -diff --git a/lib/fopen.c b/lib/fopen.c -index c9c9e3d6e73a2..b6e3cadddef65 100644 a/lib/fopen.c -+++ b/lib/fopen.c -@@ -56,13 +56,13 @@ CURLcode Curl_fopen(struct Curl_easy *data, const char *filename, - int fd = -1; - *tempname = NULL; - -- if(stat(filename, ) == -1 || !S_ISREG(sb.st_mode)) { --/* a non-regular file, fallback to direct fopen() */ --*fh = fopen(filename, FOPEN_WRITETEXT); --if(*fh) -- return CURLE_OK; -+ *fh = fopen(filename, FOPEN_WRITETEXT); -+ if(!*fh) - goto fail; -- } -+ if(fstat(fileno(*fh), ) == -1 || !S_ISREG(sb.st_mode)) -+return CURLE_OK; -+ fclose(*fh); -+ *fh = NULL; - - result = Curl_rand_hex(data, randsuffix, sizeof(randsuffix)); - if(result) diff --git a/meta/recipes-support/curl/curl_7.82.0.bb b/meta/recipes-support/curl/curl_7.82.0.bb index a36d03f668..9e9ff00bf7 100644 --- a/meta/recipes-support/curl/curl_7.82.0.bb +++ b/meta/recipes-support/curl/curl_7.82.0.bb @@ -51,7 +51,6 @@ SRC_URI = "https://curl.se/download/${BP}.tar.xz \ file://CVE-2023-28321.patch \ file://CVE-2023-28322-1.patch \ file://CVE-2023-28322-2.patch \ - file://CVE-2023-32001.patch \ file://CVE-2023-38545.patch \ file://CVE-2023-38546.patch \ file://CVE-2023-46218.patch \ -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193570): https://lists.openembedded.org/g/openembedded-core/message/193570 Mute This Topic: https://lists.openembedded.org/mt/103678093/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [dunfell][PATCH] systemd: fix CVE-2023-7008
Upstream-Status: Backport from https://github.com/systemd/systemd/commit/3b4cc1437b51fcc0b08da8cc3f5d1175eed25eb1 Signed-off-by: Hitendra Prajapati --- .../systemd/systemd/CVE-2023-7008.patch | 40 +++ meta/recipes-core/systemd/systemd_250.5.bb| 1 + 2 files changed, 41 insertions(+) create mode 100644 meta/recipes-core/systemd/systemd/CVE-2023-7008.patch diff --git a/meta/recipes-core/systemd/systemd/CVE-2023-7008.patch b/meta/recipes-core/systemd/systemd/CVE-2023-7008.patch new file mode 100644 index 00..e2296abc49 --- /dev/null +++ b/meta/recipes-core/systemd/systemd/CVE-2023-7008.patch @@ -0,0 +1,40 @@ +From 3b4cc1437b51fcc0b08da8cc3f5d1175eed25eb1 Mon Sep 17 00:00:00 2001 +From: Michal Sekletar +Date: Wed, 20 Dec 2023 16:44:14 +0100 +Subject: [PATCH] resolved: actually check authenticated flag of SOA + transaction + +Fixes #25676 + +Upstream-Status: Backport [https://github.com/systemd/systemd/commit/3b4cc1437b51fcc0b08da8cc3f5d1175eed25eb1] +CVE: CVE-2023-7008 +Signed-off-by: Hitendra Prajapati +--- + src/resolve/resolved-dns-transaction.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c +index f937f9f7b5..7deb598400 100644 +--- a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c +@@ -2761,7 +2761,7 @@ static int dns_transaction_requires_rrsig(DnsTransaction *t, DnsResourceRecord * + if (r == 0) + continue; + +-return FLAGS_SET(t->answer_query_flags, SD_RESOLVED_AUTHENTICATED); ++return FLAGS_SET(dt->answer_query_flags, SD_RESOLVED_AUTHENTICATED); + } + + return true; +@@ -2788,7 +2788,7 @@ static int dns_transaction_requires_rrsig(DnsTransaction *t, DnsResourceRecord * + /* We found the transaction that was supposed to find the SOA RR for us. It was + * successful, but found no RR for us. This means we are not at a zone cut. In this + * case, we require authentication if the SOA lookup was authenticated too. */ +-return FLAGS_SET(t->answer_query_flags, SD_RESOLVED_AUTHENTICATED); ++return FLAGS_SET(dt->answer_query_flags, SD_RESOLVED_AUTHENTICATED); + } + + return true; +-- +2.25.1 + diff --git a/meta/recipes-core/systemd/systemd_250.5.bb b/meta/recipes-core/systemd/systemd_250.5.bb index c35557471a..889473ee1f 100644 --- a/meta/recipes-core/systemd/systemd_250.5.bb +++ b/meta/recipes-core/systemd/systemd_250.5.bb @@ -32,6 +32,7 @@ SRC_URI += "file://touchscreen.rules \ file://CVE-2022-4415-2.patch \ file://0001-network-remove-only-managed-configs-on-reconfigure-o.patch \ file://0001-nspawn-make-sure-host-root-can-write-to-the-uidmappe.patch \ + file://CVE-2023-7008.patch \ " # patches needed by musl -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193569): https://lists.openembedded.org/g/openembedded-core/message/193569 Mute This Topic: https://lists.openembedded.org/mt/103677352/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core][PATCH] kernel-devsrc: copy source files under tools/
On 1/12/24 11:22, Bruce Ashfield wrote: On Thu, Jan 11, 2024 at 10:12 PM ChenQi wrote: On 1/12/24 10:50, Bruce Ashfield wrote: On Thu, Jan 11, 2024 at 9:44 PM Chen Qi via lists.openembedded.org wrote: From: Chen Qi The source files under tools/ also need to be copied because in some case, they'll be needed. For example, in case that the CONFIG_DEBUG_INFO_BTF is enabled, we'll get the following error without this patch when doing 'make prepare'. No rule to make target '/.../tools/bpf/resolve_btfids/main.o', needed by '/.../tools/bpf/resolve_btfids/resolve_btfids-in.o'. Stop. Tools has been excluded on purpose, as it is relatively large (and complex) compared to the rest of the curated files. Figure out just what you need for bpf, and copy only those files. Bruce I can do that. However, I want to raise my concern here first. Does the 30M really matter, compared to the potential errors that would possibly give users bad impression? Yes, it actually does matter. That's the entire design principle behind devsrc. It is carefully curated. Considering something like this pops up every couple of years, I'm quite confident that there are very few bad impressions to be made. As you could see from the file that there are many specific copies from the tools/ directory structure. That should be the hint that if we wanted to copy tools in its entirety .. we would have done that long ago. Before enabling CONFIG_DEBUG_INFO_BTF, things were working pretty well for us. In fact, I was a little surprised that adding extra configs would result in failure of 'make prepare'. Not sure if CONFIG_DEBUG_INFO_BTF is the last one. I guess it's probably not. Again, if users are using kernel-devsrc for compiling things, do they really care about the 30M size? It's not relevant if they do or don't care. It is the principle of keeping it as minimal as possible and not doing things "just in case". There's a bugzilla that I've attached a patch that creates a parallel full source copy of the kernel, but we've never merged it as keeping to the low footprint design principle is important. Bruce Got it. Thanks for the info. Regards, Qi Regards, Qi Signed-off-by: Chen Qi --- meta/recipes-kernel/linux/kernel-devsrc.bb | 1 + 1 file changed, 1 insertion(+) diff --git a/meta/recipes-kernel/linux/kernel-devsrc.bb b/meta/recipes-kernel/linux/kernel-devsrc.bb index ce5777fbe9..c2aeb8e216 100644 --- a/meta/recipes-kernel/linux/kernel-devsrc.bb +++ b/meta/recipes-kernel/linux/kernel-devsrc.bb @@ -62,6 +62,7 @@ do_install() { cd ${S} cp --parents $(find -type f -name "Makefile*" -o -name "Kconfig*") $kerneldir/build cp --parents $(find -type f -name "Build" -o -name "Build.include") $kerneldir/build + cp --parents $(find tools/ -type f -name "*.c" -o -name "*.h") $kerneldir/build ) # then drop all but the needed Makefiles/Kconfig files -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193568): https://lists.openembedded.org/g/openembedded-core/message/193568 Mute This Topic: https://lists.openembedded.org/mt/103676210/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core][PATCH] kernel-devsrc: copy source files under tools/
On Thu, Jan 11, 2024 at 10:12 PM ChenQi wrote: > > On 1/12/24 10:50, Bruce Ashfield wrote: > > On Thu, Jan 11, 2024 at 9:44 PM Chen Qi via lists.openembedded.org > > wrote: > >> From: Chen Qi > >> > >> The source files under tools/ also need to be copied because in > >> some case, they'll be needed. For example, in case that the > >> CONFIG_DEBUG_INFO_BTF is enabled, we'll get the following error > >> without this patch when doing 'make prepare'. > >> > >>No rule to make target '/.../tools/bpf/resolve_btfids/main.o', > >>needed by '/.../tools/bpf/resolve_btfids/resolve_btfids-in.o'. Stop. > >> > > Tools has been excluded on purpose, as it is relatively large > > (and complex) compared to the rest of the curated files. > > > > Figure out just what you need for bpf, and copy only those > > files. > > > > Bruce > > I can do that. However, I want to raise my concern here first. Does the > 30M really matter, compared to the potential errors that would possibly > give users bad impression? Yes, it actually does matter. That's the entire design principle behind devsrc. It is carefully curated. Considering something like this pops up every couple of years, I'm quite confident that there are very few bad impressions to be made. As you could see from the file that there are many specific copies from the tools/ directory structure. That should be the hint that if we wanted to copy tools in its entirety .. we would have done that long ago. > > Before enabling CONFIG_DEBUG_INFO_BTF, things were working pretty well > for us. In fact, I was a little surprised that adding extra configs > would result in failure of 'make prepare'. > > Not sure if CONFIG_DEBUG_INFO_BTF is the last one. I guess it's probably > not. > > Again, if users are using kernel-devsrc for compiling things, do they > really care about the 30M size? It's not relevant if they do or don't care. It is the principle of keeping it as minimal as possible and not doing things "just in case". There's a bugzilla that I've attached a patch that creates a parallel full source copy of the kernel, but we've never merged it as keeping to the low footprint design principle is important. Bruce > > Regards, > > Qi > > > >> Signed-off-by: Chen Qi > >> --- > >> meta/recipes-kernel/linux/kernel-devsrc.bb | 1 + > >> 1 file changed, 1 insertion(+) > >> > >> diff --git a/meta/recipes-kernel/linux/kernel-devsrc.bb > >> b/meta/recipes-kernel/linux/kernel-devsrc.bb > >> index ce5777fbe9..c2aeb8e216 100644 > >> --- a/meta/recipes-kernel/linux/kernel-devsrc.bb > >> +++ b/meta/recipes-kernel/linux/kernel-devsrc.bb > >> @@ -62,6 +62,7 @@ do_install() { > >> cd ${S} > >> cp --parents $(find -type f -name "Makefile*" -o -name > >> "Kconfig*") $kerneldir/build > >> cp --parents $(find -type f -name "Build" -o -name > >> "Build.include") $kerneldir/build > >> + cp --parents $(find tools/ -type f -name "*.c" -o -name "*.h") > >> $kerneldir/build > >> ) > >> > >> # then drop all but the needed Makefiles/Kconfig files > >> -- > >> 2.34.1 > >> > >> > >> > >> > > > -- - Thou shalt not follow the NULL pointer, for chaos and madness await thee at its end - "Use the force Harry" - Gandalf, Star Trek II -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193567): https://lists.openembedded.org/g/openembedded-core/message/193567 Mute This Topic: https://lists.openembedded.org/mt/103676210/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core][PATCH] kernel-devsrc: copy source files under tools/
On 1/12/24 10:50, Bruce Ashfield wrote: On Thu, Jan 11, 2024 at 9:44 PM Chen Qi via lists.openembedded.org wrote: From: Chen Qi The source files under tools/ also need to be copied because in some case, they'll be needed. For example, in case that the CONFIG_DEBUG_INFO_BTF is enabled, we'll get the following error without this patch when doing 'make prepare'. No rule to make target '/.../tools/bpf/resolve_btfids/main.o', needed by '/.../tools/bpf/resolve_btfids/resolve_btfids-in.o'. Stop. Tools has been excluded on purpose, as it is relatively large (and complex) compared to the rest of the curated files. Figure out just what you need for bpf, and copy only those files. Bruce I can do that. However, I want to raise my concern here first. Does the 30M really matter, compared to the potential errors that would possibly give users bad impression? Before enabling CONFIG_DEBUG_INFO_BTF, things were working pretty well for us. In fact, I was a little surprised that adding extra configs would result in failure of 'make prepare'. Not sure if CONFIG_DEBUG_INFO_BTF is the last one. I guess it's probably not. Again, if users are using kernel-devsrc for compiling things, do they really care about the 30M size? Regards, Qi Signed-off-by: Chen Qi --- meta/recipes-kernel/linux/kernel-devsrc.bb | 1 + 1 file changed, 1 insertion(+) diff --git a/meta/recipes-kernel/linux/kernel-devsrc.bb b/meta/recipes-kernel/linux/kernel-devsrc.bb index ce5777fbe9..c2aeb8e216 100644 --- a/meta/recipes-kernel/linux/kernel-devsrc.bb +++ b/meta/recipes-kernel/linux/kernel-devsrc.bb @@ -62,6 +62,7 @@ do_install() { cd ${S} cp --parents $(find -type f -name "Makefile*" -o -name "Kconfig*") $kerneldir/build cp --parents $(find -type f -name "Build" -o -name "Build.include") $kerneldir/build + cp --parents $(find tools/ -type f -name "*.c" -o -name "*.h") $kerneldir/build ) # then drop all but the needed Makefiles/Kconfig files -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193566): https://lists.openembedded.org/g/openembedded-core/message/193566 Mute This Topic: https://lists.openembedded.org/mt/103676210/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell][PATCH] libxml2: Fix for CVE-2023-45322
From: Vijay Anusuri Backport patch for gitlab issue mentioned in NVD CVE report. * https://gitlab.gnome.org/GNOME/libxml2/-/issues/583 Backport also one of 14 patches for older issue with similar errors to have clean cherry-pick without patch fuzz. * https://gitlab.gnome.org/GNOME/libxml2/-/issues/344 The CVE is disputed because the maintainer does not think that errors after memory allocation failures are not critical enough to warrant a CVE ID. This patch will formally fix reported error case, trying to backport another 13 patches and resolve conflicts would be probably overkill due to disputed state. This CVE was ignored on master branch (as diputed). Signed-off-by: Vijay Anusuri --- .../libxml/libxml2/CVE-2023-45322-1.patch | 50 .../libxml/libxml2/CVE-2023-45322-2.patch | 80 +++ meta/recipes-core/libxml/libxml2_2.9.10.bb| 2 + 3 files changed, 132 insertions(+) create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2023-45322-1.patch create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2023-45322-2.patch diff --git a/meta/recipes-core/libxml/libxml2/CVE-2023-45322-1.patch b/meta/recipes-core/libxml/libxml2/CVE-2023-45322-1.patch new file mode 100644 index 00..182bb29abd --- /dev/null +++ b/meta/recipes-core/libxml/libxml2/CVE-2023-45322-1.patch @@ -0,0 +1,50 @@ +From a22bd982bf10291deea8ba0c61bf75b898c604ce Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer +Date: Wed, 2 Nov 2022 15:44:42 +0100 +Subject: [PATCH] malloc-fail: Fix memory leak in xmlStaticCopyNodeList + +Found with libFuzzer, see #344. + +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/a22bd982bf10291deea8ba0c61bf75b898c604ce] + +Signed-off-by: Peter Marko +Signed-off-by: Vijay Anusuri +--- + tree.c | 7 +-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/tree.c b/tree.c +index 507869efe..647288ce3 100644 +--- a/tree.c b/tree.c +@@ -4461,7 +4461,7 @@ xmlStaticCopyNodeList(xmlNodePtr node, xmlDocPtr doc, xmlNodePtr parent) { + } + if (doc->intSubset == NULL) { + q = (xmlNodePtr) xmlCopyDtd( (xmlDtdPtr) node ); +- if (q == NULL) return(NULL); ++ if (q == NULL) goto error; + q->doc = doc; + q->parent = parent; + doc->intSubset = (xmlDtdPtr) q; +@@ -4473,7 +4473,7 @@ xmlStaticCopyNodeList(xmlNodePtr node, xmlDocPtr doc, xmlNodePtr parent) { + } else + #endif /* LIBXML_TREE_ENABLED */ + q = xmlStaticCopyNode(node, doc, parent, 1); +- if (q == NULL) return(NULL); ++ if (q == NULL) goto error; + if (ret == NULL) { + q->prev = NULL; + ret = p = q; +@@ -4486,6 +4486,9 @@ xmlStaticCopyNodeList(xmlNodePtr node, xmlDocPtr doc, xmlNodePtr parent) { + node = node->next; + } + return(ret); ++error: ++xmlFreeNodeList(ret); ++return(NULL); + } + + /** +-- +GitLab + diff --git a/meta/recipes-core/libxml/libxml2/CVE-2023-45322-2.patch b/meta/recipes-core/libxml/libxml2/CVE-2023-45322-2.patch new file mode 100644 index 00..c7e9681e6a --- /dev/null +++ b/meta/recipes-core/libxml/libxml2/CVE-2023-45322-2.patch @@ -0,0 +1,80 @@ +From d39f78069dff496ec865c73aa44d7110e429bce9 Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer +Date: Wed, 23 Aug 2023 20:24:24 +0200 +Subject: [PATCH] tree: Fix copying of DTDs + +- Don't create multiple DTD nodes. +- Fix UAF if malloc fails. +- Skip DTD nodes if tree module is disabled. + +Fixes #583. + +CVE: CVE-2023-45322 +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/d39f78069dff496ec865c73aa44d7110e429bce9] + +Signed-off-by: Peter Marko +Signed-off-by: Vijay Anusuri +--- + tree.c | 31 --- + 1 file changed, 16 insertions(+), 15 deletions(-) + +diff --git a/tree.c b/tree.c +index 6c8a875b9..02c1b5791 100644 +--- a/tree.c b/tree.c +@@ -4471,29 +4471,28 @@ xmlNodePtr + xmlStaticCopyNodeList(xmlNodePtr node, xmlDocPtr doc, xmlNodePtr parent) { + xmlNodePtr ret = NULL; + xmlNodePtr p = NULL,q; ++xmlDtdPtr newSubset = NULL; + + while (node != NULL) { +-#ifdef LIBXML_TREE_ENABLED + if (node->type == XML_DTD_NODE ) { +- if (doc == NULL) { ++#ifdef LIBXML_TREE_ENABLED ++ if ((doc == NULL) || (doc->intSubset != NULL)) { + node = node->next; + continue; + } +- if (doc->intSubset == NULL) { +- q = (xmlNodePtr) xmlCopyDtd( (xmlDtdPtr) node ); +- if (q == NULL) goto error; +- q->doc = doc; +- q->parent = parent; +- doc->intSubset = (xmlDtdPtr) q; +- xmlAddChild(parent, q); +- } else { +- q = (xmlNodePtr) doc->intSubset; +- xmlAddChild(parent, q); +- } +- } else ++q = (xmlNodePtr) xmlCopyDtd( (xmlDtdPtr) node ); ++if (q == NULL) goto error; ++
Re: [OE-core][PATCH] kernel-devsrc: copy source files under tools/
On Thu, Jan 11, 2024 at 9:44 PM Chen Qi via lists.openembedded.org wrote: > > From: Chen Qi > > The source files under tools/ also need to be copied because in > some case, they'll be needed. For example, in case that the > CONFIG_DEBUG_INFO_BTF is enabled, we'll get the following error > without this patch when doing 'make prepare'. > > No rule to make target '/.../tools/bpf/resolve_btfids/main.o', > needed by '/.../tools/bpf/resolve_btfids/resolve_btfids-in.o'. Stop. > Tools has been excluded on purpose, as it is relatively large (and complex) compared to the rest of the curated files. Figure out just what you need for bpf, and copy only those files. Bruce > Signed-off-by: Chen Qi > --- > meta/recipes-kernel/linux/kernel-devsrc.bb | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/meta/recipes-kernel/linux/kernel-devsrc.bb > b/meta/recipes-kernel/linux/kernel-devsrc.bb > index ce5777fbe9..c2aeb8e216 100644 > --- a/meta/recipes-kernel/linux/kernel-devsrc.bb > +++ b/meta/recipes-kernel/linux/kernel-devsrc.bb > @@ -62,6 +62,7 @@ do_install() { > cd ${S} > cp --parents $(find -type f -name "Makefile*" -o -name "Kconfig*") > $kerneldir/build > cp --parents $(find -type f -name "Build" -o -name "Build.include") > $kerneldir/build > + cp --parents $(find tools/ -type f -name "*.c" -o -name "*.h") > $kerneldir/build > ) > > # then drop all but the needed Makefiles/Kconfig files > -- > 2.34.1 > > > > -- - Thou shalt not follow the NULL pointer, for chaos and madness await thee at its end - "Use the force Harry" - Gandalf, Star Trek II -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193564): https://lists.openembedded.org/g/openembedded-core/message/193564 Mute This Topic: https://lists.openembedded.org/mt/103676210/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][PATCH] kernel-devsrc: copy source files under tools/
From: Chen Qi The source files under tools/ also need to be copied because in some case, they'll be needed. For example, in case that the CONFIG_DEBUG_INFO_BTF is enabled, we'll get the following error without this patch when doing 'make prepare'. No rule to make target '/.../tools/bpf/resolve_btfids/main.o', needed by '/.../tools/bpf/resolve_btfids/resolve_btfids-in.o'. Stop. Signed-off-by: Chen Qi --- meta/recipes-kernel/linux/kernel-devsrc.bb | 1 + 1 file changed, 1 insertion(+) diff --git a/meta/recipes-kernel/linux/kernel-devsrc.bb b/meta/recipes-kernel/linux/kernel-devsrc.bb index ce5777fbe9..c2aeb8e216 100644 --- a/meta/recipes-kernel/linux/kernel-devsrc.bb +++ b/meta/recipes-kernel/linux/kernel-devsrc.bb @@ -62,6 +62,7 @@ do_install() { cd ${S} cp --parents $(find -type f -name "Makefile*" -o -name "Kconfig*") $kerneldir/build cp --parents $(find -type f -name "Build" -o -name "Build.include") $kerneldir/build + cp --parents $(find tools/ -type f -name "*.c" -o -name "*.h") $kerneldir/build ) # then drop all but the needed Makefiles/Kconfig files -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193563): https://lists.openembedded.org/g/openembedded-core/message/193563 Mute This Topic: https://lists.openembedded.org/mt/103676210/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] mesa: Upgrade 23.3.2 -> 23.3.3
From: Fabio Estevam Mesa 23.3.3 release notes: https://lists.freedesktop.org/archives/mesa-announce/2024-January/000742.html Signed-off-by: Fabio Estevam --- .../mesa/{mesa-gl_23.3.2.bb => mesa-gl_23.3.3.bb} | 0 meta/recipes-graphics/mesa/mesa.inc | 2 +- meta/recipes-graphics/mesa/{mesa_23.3.2.bb => mesa_23.3.3.bb} | 0 3 files changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-graphics/mesa/{mesa-gl_23.3.2.bb => mesa-gl_23.3.3.bb} (100%) rename meta/recipes-graphics/mesa/{mesa_23.3.2.bb => mesa_23.3.3.bb} (100%) diff --git a/meta/recipes-graphics/mesa/mesa-gl_23.3.2.bb b/meta/recipes-graphics/mesa/mesa-gl_23.3.3.bb similarity index 100% rename from meta/recipes-graphics/mesa/mesa-gl_23.3.2.bb rename to meta/recipes-graphics/mesa/mesa-gl_23.3.3.bb diff --git a/meta/recipes-graphics/mesa/mesa.inc b/meta/recipes-graphics/mesa/mesa.inc index ddbebccd9b..e063eb3507 100644 --- a/meta/recipes-graphics/mesa/mesa.inc +++ b/meta/recipes-graphics/mesa/mesa.inc @@ -20,7 +20,7 @@ SRC_URI = "https://mesa.freedesktop.org/archive/mesa-${PV}.tar.xz \ file://0001-gallium-Fix-build-with-llvm-17.patch \ " -SRC_URI[sha256sum] = "3cfcb81fa16f89c56abe3855d2637d396ee4e03849b659000a6b8e5f57e69adc" +SRC_URI[sha256sum] = "518307c0057fa3cee8b58df78be431d4df5aafa7edc60d09278b2d7a0a80f3b4" UPSTREAM_CHECK_GITTAGREGEX = "mesa-(?P\d+(\.\d+)+)" diff --git a/meta/recipes-graphics/mesa/mesa_23.3.2.bb b/meta/recipes-graphics/mesa/mesa_23.3.3.bb similarity index 100% rename from meta/recipes-graphics/mesa/mesa_23.3.2.bb rename to meta/recipes-graphics/mesa/mesa_23.3.3.bb -- 2.37.3 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193562): https://lists.openembedded.org/g/openembedded-core/message/193562 Mute This Topic: https://lists.openembedded.org/mt/103669037/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH v2] xmlcatalog: limit to native recipes only
From: Ross Burton The sysroot postinst is explicitly native-only, so use more overrides to ensure that we don't try to run them outside of native recipes. Also add a comment so this doesn't get forgotten again, and link to the related bug. Signed-off-by: Ross Burton --- meta/classes-recipe/xmlcatalog.bbclass | 8 ++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/meta/classes-recipe/xmlcatalog.bbclass b/meta/classes-recipe/xmlcatalog.bbclass index 5826d0a8b51..d3ef7ff43c2 100644 --- a/meta/classes-recipe/xmlcatalog.bbclass +++ b/meta/classes-recipe/xmlcatalog.bbclass @@ -4,13 +4,17 @@ # SPDX-License-Identifier: MIT # -DEPENDS = "libxml2-native" +# Note that this recipe only handles XML catalogues in the native sysroot, and doesn't +# yet support catalogue management in the target sysroot or on the target itself. +# (https://bugzilla.yoctoproject.org/13271) # A whitespace-separated list of XML catalogs to be registered, for example # "${sysconfdir}/xml/docbook-xml.xml". XMLCATALOGS ?= "" -SYSROOT_PREPROCESS_FUNCS:append = " xmlcatalog_sstate_postinst" +DEPENDS:append = " libxml2-native" + +SYSROOT_PREPROCESS_FUNCS:append:class-native = " xmlcatalog_sstate_postinst" xmlcatalog_complete() { ROOTCATALOG="${STAGING_ETCDIR_NATIVE}/xml/catalog" -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193561): https://lists.openembedded.org/g/openembedded-core/message/193561 Mute This Topic: https://lists.openembedded.org/mt/103667686/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][nanbield 12/12] pseudo: Update to pull in syncfs probe fix
From: Richard Purdie Pulls in the changes: Eilís 'pidge' Ní Fhlannagáin (1): subports: Add _GNU_SOURCE for syncfs probe Richard Purdie (1): SECURITY.md: Add file Wu Zhenyu (1): pseudo.1: Fix a typo Signed-off-by: Richard Purdie (cherry picked from commit 9aab5be508c0dd88a4d9767f65ba5b6fcd5fb9dd) Signed-off-by: Steve Sakoman --- meta/recipes-devtools/pseudo/pseudo_git.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-devtools/pseudo/pseudo_git.bb b/meta/recipes-devtools/pseudo/pseudo_git.bb index 4a894ebdd0..699cab11c6 100644 --- a/meta/recipes-devtools/pseudo/pseudo_git.bb +++ b/meta/recipes-devtools/pseudo/pseudo_git.bb @@ -14,7 +14,7 @@ SRC_URI:append:class-nativesdk = " \ file://older-glibc-symbols.patch" SRC_URI[prebuilt.sha256sum] = "ed9f456856e9d86359f169f46a70ad7be4190d6040282b84c8d97b99072485aa" -SRCREV = "ec6151a2b057109b3f798f151a36690af582e166" +SRCREV = "a8453eea4d902bbb0e01c786f1cb4a178c3bbee3" S = "${WORKDIR}/git" PV = "1.9.0+git" -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193560): https://lists.openembedded.org/g/openembedded-core/message/193560 Mute This Topic: https://lists.openembedded.org/mt/103665316/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][nanbield 11/12] zstd: fix LICENSE statement
From: Massimiliano Minella zstd is dual-licensed under BSD _OR_ GPLv2. License wording in the README for v1.5.5 is misleading, but license headers in the code clearly state that there is a choice between the two licenses. Signed-off-by: Massimiliano Minella Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie (cherry picked from commit 40f85de590c188c9c3985e64a83efaf06b0b4fbc) Signed-off-by: Steve Sakoman --- meta/recipes-extended/zstd/zstd_1.5.5.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-extended/zstd/zstd_1.5.5.bb b/meta/recipes-extended/zstd/zstd_1.5.5.bb index 5c5fb5e734..2d72af50a4 100644 --- a/meta/recipes-extended/zstd/zstd_1.5.5.bb +++ b/meta/recipes-extended/zstd/zstd_1.5.5.bb @@ -5,7 +5,7 @@ It's backed by a very fast entropy stage, provided by Huff0 and FSE library." HOMEPAGE = "http://www.zstd.net/; SECTION = "console/utils" -LICENSE = "BSD-3-Clause & GPL-2.0-only" +LICENSE = "BSD-3-Clause | GPL-2.0-only" LIC_FILES_CHKSUM = "file://LICENSE;md5=0822a32f7acdbe013606746641746ee8 \ file://COPYING;md5=39bba7d2cf0ba1036f2a6e2be52fe3f0 \ " -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193559): https://lists.openembedded.org/g/openembedded-core/message/193559 Mute This Topic: https://lists.openembedded.org/mt/103665314/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][nanbield 10/12] avahi: update URL for new project location
From: Ross Burton Avahi has moved to a new parent organisation on GitHub, so update the URLs to match. Signed-off-by: Ross Burton Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie (cherry picked from commit 02caef1567186f250e64ae3ef84fcff33d7323e4) Signed-off-by: Steve Sakoman --- meta/recipes-connectivity/avahi/avahi_0.8.bb | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/meta/recipes-connectivity/avahi/avahi_0.8.bb b/meta/recipes-connectivity/avahi/avahi_0.8.bb index bfd945c7ae..1f18d4491d 100644 --- a/meta/recipes-connectivity/avahi/avahi_0.8.bb +++ b/meta/recipes-connectivity/avahi/avahi_0.8.bb @@ -6,7 +6,7 @@ IPv4 Link-Local Addresses" (IETF RFC3927), a protocol for automatic IP address \ configuration from the link-local 169.254.0.0/16 range without the need for a central \ server.' HOMEPAGE = "http://avahi.org; -BUGTRACKER = "https://github.com/lathiat/avahi/issues; +BUGTRACKER = "https://github.com/avahi/avahi/issues; SECTION = "network" # major part is under LGPL-2.1-or-later, but several .dtd, .xsl, initscripts and @@ -37,8 +37,7 @@ SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/avahi-${PV}.tar.gz \ file://CVE-2023-38473.patch \ " -GITHUB_BASE_URI = "https://github.com/lathiat/avahi/releases/; -SRC_URI[md5sum] = "229c6aa30674fc43c202b22c5f8c2be7" +GITHUB_BASE_URI = "https://github.com/avahi/avahi/releases/; SRC_URI[sha256sum] = "060309d7a333d38d951bc27598c677af1796934dbd98e1024e7ad8de798fedda" CVE_STATUS[CVE-2021-26720] = "not-applicable-platform: Issue only affects Debian/SUSE" -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193558): https://lists.openembedded.org/g/openembedded-core/message/193558 Mute This Topic: https://lists.openembedded.org/mt/103665311/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][nanbield 09/12] cmake: Unset CMAKE_CXX_IMPLICIT_INCLUDE_DIRECTORIES
From: Zahir Hussain As discussion in [YOCTO #14717] cmake contains a OEToolchainConfig.cmake file to configure the toolchain correctly in cross-compile build for recipes using cmake. The variable CMAKE_CXX_IMPLICIT_INCLUDE_DIRECTORIES value updates incorrectly during do_compile the code. Due to this getting sporadic error like below, fatal error: stdlib.h: No such file or directory |75 | #include_next | | ^~ | compilation terminated. | ninja: build stopped: subcommand failed. | WARNING: exit code 1 from a shell command. As cmake already correctly initializes the variable from environment, So we have to unset it in the toolchain file to avoid overwriting the variable definition again. Signed-off-by: aszh07 Signed-off-by: Zahir Hussain Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie (cherry picked from commit 5aeada5793af53e8c93940952d4f314474dca4c2) Signed-off-by: Steve Sakoman --- meta/recipes-devtools/cmake/cmake/OEToolchainConfig.cmake | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta/recipes-devtools/cmake/cmake/OEToolchainConfig.cmake b/meta/recipes-devtools/cmake/cmake/OEToolchainConfig.cmake index d6a1e0464c..6434b27371 100644 --- a/meta/recipes-devtools/cmake/cmake/OEToolchainConfig.cmake +++ b/meta/recipes-devtools/cmake/cmake/OEToolchainConfig.cmake @@ -18,3 +18,6 @@ file( GLOB toolchain_config_files "${CMAKE_CURRENT_LIST_FILE}.d/*.cmake" ) foreach(config ${toolchain_config_files}) include(${config}) endforeach() + +unset(CMAKE_C_IMPLICIT_INCLUDE_DIRECTORIES) +unset(CMAKE_CXX_IMPLICIT_INCLUDE_DIRECTORIES) -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193557): https://lists.openembedded.org/g/openembedded-core/message/193557 Mute This Topic: https://lists.openembedded.org/mt/103665310/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][nanbield 08/12] documentation.conf: fix do_menuconfig description
From: Joao Marcos Costa The current description is only pertinent to the kernel, even though do_menuconfig task is used by other projects, such as Busybox and U-Boot. Replace "for the kernel" by an agnostic alternative (i.e., "in the compilation directory"). Signed-off-by: Joao Marcos Costa Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie (cherry picked from commit 52e053bce5e359995ebdaa21d6899f04ad2306a0) Signed-off-by: Steve Sakoman --- meta/conf/documentation.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/conf/documentation.conf b/meta/conf/documentation.conf index d03c497c0e..486c62b6e8 100644 --- a/meta/conf/documentation.conf +++ b/meta/conf/documentation.conf @@ -28,7 +28,7 @@ do_kernel_configcheck[doc] = "Validates the kernel configuration for a linux-yoc do_kernel_configme[doc] = "Assembles the kernel configuration for a linux-yocto style kernel" do_kernel_link_images[doc] = "Creates a symbolic link in arch/$arch/boot for vmlinux and vmlinuz kernel images" do_listtasks[doc] = "Lists all defined tasks for a target" -do_menuconfig[doc] = "Runs 'make menuconfig' for the kernel" +do_menuconfig[doc] = "Runs 'make menuconfig' in the compilation directory" do_package[doc] = "Analyzes the content of the holding area and splits it into subsets based on available packages and files" do_package_index[doc] = "Creates or updates the index in the Package Feed area" do_package_qa[doc] = "Runs QA checks on packaged files" -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193556): https://lists.openembedded.org/g/openembedded-core/message/193556 Mute This Topic: https://lists.openembedded.org/mt/103665307/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][nanbield 07/12] linux-firmware: Create bnx2x subpackage
From: Jason Andryuk bnx2x is another broadcom ethernet adapter with its own firmware. Place it into its own subpackage. Signed-off-by: Jason Andryuk Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie (cherry picked from commit 414f71bb692da7ca1899b07ebb689edeb53f8e0d) Signed-off-by: Steve Sakoman --- .../linux-firmware/linux-firmware_20231030.bb | 7 +++ 1 file changed, 7 insertions(+) diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_20231030.bb b/meta/recipes-kernel/linux-firmware/linux-firmware_20231030.bb index a1229e4827..6667f00612 100644 --- a/meta/recipes-kernel/linux-firmware/linux-firmware_20231030.bb +++ b/meta/recipes-kernel/linux-firmware/linux-firmware_20231030.bb @@ -341,6 +341,7 @@ PACKAGES =+ "${PN}-amphion-vpu-license ${PN}-amphion-vpu \ ${PN}-ice-enhanced-license ${PN}-ice-enhanced \ ${PN}-adsp-sst-license ${PN}-adsp-sst \ ${PN}-bnx2 \ + ${PN}-bnx2x \ ${PN}-liquidio \ ${PN}-nvidia-license \ ${PN}-nvidia-tegra-k1 ${PN}-nvidia-tegra \ @@ -1104,6 +1105,12 @@ FILES:${PN}-whence-license = "${nonarch_base_libdir}/firmware/WHENCE" RDEPENDS:${PN}-bnx2 += "${PN}-whence-license" RPROVIDES:${PN}-bnx2 = "${PN}-bnx2-mips" +LICENSE:${PN}-bnx2x = "WHENCE" + +FILES:${PN}-bnx2x = "${nonarch_base_libdir}/firmware/bnx2x/bnx2x*.fw" + +RDEPENDS:${PN}-bnx2x += "${PN}-whence-license" + # For cirrus LICENSE:${PN}-cirrus = "Firmware-cirrus" LICENSE:${PN}-cirrus-license = "Firmware-cirrus" -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193555): https://lists.openembedded.org/g/openembedded-core/message/193555 Mute This Topic: https://lists.openembedded.org/mt/103665306/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][nanbield 06/12] linux-firmware: Change bnx2 packaging
From: Jason Andryuk The bnx2 module uses both the mips and rv2p files, so package them all together. Remove -mips from the package name, but add an RPROVIDES for compatibility. Signed-off-by: Jason Andryuk Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie (cherry picked from commit 46f2b7b3bebc7efdb4199cdfe386dc16c049d8d7) Signed-off-by: Steve Sakoman --- .../linux-firmware/linux-firmware_20231030.bb | 14 +- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_20231030.bb b/meta/recipes-kernel/linux-firmware/linux-firmware_20231030.bb index b849c086b6..a1229e4827 100644 --- a/meta/recipes-kernel/linux-firmware/linux-firmware_20231030.bb +++ b/meta/recipes-kernel/linux-firmware/linux-firmware_20231030.bb @@ -340,7 +340,7 @@ PACKAGES =+ "${PN}-amphion-vpu-license ${PN}-amphion-vpu \ ${PN}-ice-license ${PN}-ice \ ${PN}-ice-enhanced-license ${PN}-ice-enhanced \ ${PN}-adsp-sst-license ${PN}-adsp-sst \ - ${PN}-bnx2-mips \ + ${PN}-bnx2 \ ${PN}-liquidio \ ${PN}-nvidia-license \ ${PN}-nvidia-tegra-k1 ${PN}-nvidia-tegra \ @@ -1087,18 +1087,22 @@ RDEPENDS:${PN}-bcm4356-pcie += "${PN}-cypress-license" LICENSE:${PN}-bcm4373 = "Firmware-cypress" RDEPENDS:${PN}-bcm4373 += "${PN}-cypress-license" -# For Broadcom bnx2-mips +# For Broadcom bnx2 # # which is a separate case to the other Broadcom firmwares since its # license is contained in the shared WHENCE file. -LICENSE:${PN}-bnx2-mips = "WHENCE" +LICENSE:${PN}-bnx2 = "WHENCE" LICENSE:${PN}-whence-license = "WHENCE" -FILES:${PN}-bnx2-mips = "${nonarch_base_libdir}/firmware/bnx2/bnx2-mips-09-6.2.1b.fw" +FILES:${PN}-bnx2 = " \ +${nonarch_base_libdir}/firmware/bnx2/bnx2-mips*.fw \ +${nonarch_base_libdir}/firmware/bnx2/bnx2-rv2p*.fw \ +" FILES:${PN}-whence-license = "${nonarch_base_libdir}/firmware/WHENCE" -RDEPENDS:${PN}-bnx2-mips += "${PN}-whence-license" +RDEPENDS:${PN}-bnx2 += "${PN}-whence-license" +RPROVIDES:${PN}-bnx2 = "${PN}-bnx2-mips" # For cirrus LICENSE:${PN}-cirrus = "Firmware-cirrus" -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193554): https://lists.openembedded.org/g/openembedded-core/message/193554 Mute This Topic: https://lists.openembedded.org/mt/103665303/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][nanbield 05/12] linux-firmware: Package iwlwifi .pnvm files
From: Jason Andryuk The iwlwifi uses the .pnvm files for newer AX210+ cards, so package them into the iwlwifi-misc subpackage. Signed-off-by: Jason Andryuk Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie (cherry picked from commit 056c4de1422ff06745c5669f871a1bb6f5390d01) Signed-off-by: Steve Sakoman --- .../recipes-kernel/linux-firmware/linux-firmware_20231030.bb | 5 - 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_20231030.bb b/meta/recipes-kernel/linux-firmware/linux-firmware_20231030.bb index c0394b9b3b..b849c086b6 100644 --- a/meta/recipes-kernel/linux-firmware/linux-firmware_20231030.bb +++ b/meta/recipes-kernel/linux-firmware/linux-firmware_20231030.bb @@ -1187,7 +1187,10 @@ FILES:${PN}-iwlwifi-7265d = "${nonarch_base_libdir}/firmware/iwlwifi-7265D-*.u FILES:${PN}-iwlwifi-8000c = "${nonarch_base_libdir}/firmware/iwlwifi-8000C-*.ucode" FILES:${PN}-iwlwifi-8265 = "${nonarch_base_libdir}/firmware/iwlwifi-8265-*.ucode" FILES:${PN}-iwlwifi-9000 = "${nonarch_base_libdir}/firmware/iwlwifi-9000-*.ucode" -FILES:${PN}-iwlwifi-misc = "${nonarch_base_libdir}/firmware/iwlwifi-*.ucode" +FILES:${PN}-iwlwifi-misc = " \ +${nonarch_base_libdir}/firmware/iwlwifi-*.ucode \ +${nonarch_base_libdir}/firmware/iwlwifi-*.pnvm \ +" RDEPENDS:${PN}-iwlwifi-135-6 = "${PN}-iwlwifi-license" RDEPENDS:${PN}-iwlwifi-3160-7= "${PN}-iwlwifi-license" -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193553): https://lists.openembedded.org/g/openembedded-core/message/193553 Mute This Topic: https://lists.openembedded.org/mt/103665302/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][nanbield 04/12] go: update 1.20.11 -> 1.20.12
From: Jose Quaresma Upgrade to latest 1.20.x release [1]: $ git log --oneline go1.20.11..go1.20.12 97c8ff8d53 (tag: go1.20.12, origin/release-branch.go1.20) [release-branch.go1.20] go1.20.12 6446af942e [release-branch.go1.20] net/http: limit chunked data overhead 77397ffcb2 [release-branch.go1.20] crypto/rand,runtime: revert "switch RtlGenRandom for ProcessPrng" d77307f855 [release-branch.go1.20] cmd/compile: fix findIndVar so it does not match disjointed loop headers 1bd76576fe [release-branch.go1.20] crypto/rand,runtime: switch RtlGenRandom for ProcessPrng 1b59b017db [release-branch.go1.20] path/filepath: consider \\?\c: as a volume on Windows 46bc33819a [release-branch.go1.20] cmd/go/internal/vcs: error out if the requested repo does not support a secure protocol e1dc209be8 [release-branch.go1.20] cmd/go/internal/modfetch/codehost: set core.longpaths in Git repos on Windows [1] https://github.com/golang/go/compare/go1.20.11...go1.20.12 Signed-off-by: Jose Quaresma Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie (cherry picked from commit 8515842b5c503b9a8840675d9cbcfe147d25c1d4) Signed-off-by: Steve Sakoman --- meta/recipes-devtools/go/{go-1.20.11.inc => go-1.20.12.inc} | 2 +- ...binary-native_1.20.11.bb => go-binary-native_1.20.12.bb} | 6 +++--- ...oss-canadian_1.20.11.bb => go-cross-canadian_1.20.12.bb} | 0 .../go/{go-cross_1.20.11.bb => go-cross_1.20.12.bb} | 0 .../go/{go-crosssdk_1.20.11.bb => go-crosssdk_1.20.12.bb} | 0 .../go/{go-native_1.20.11.bb => go-native_1.20.12.bb} | 0 .../go/{go-runtime_1.20.11.bb => go-runtime_1.20.12.bb} | 0 meta/recipes-devtools/go/{go_1.20.11.bb => go_1.20.12.bb} | 0 8 files changed, 4 insertions(+), 4 deletions(-) rename meta/recipes-devtools/go/{go-1.20.11.inc => go-1.20.12.inc} (89%) rename meta/recipes-devtools/go/{go-binary-native_1.20.11.bb => go-binary-native_1.20.12.bb} (78%) rename meta/recipes-devtools/go/{go-cross-canadian_1.20.11.bb => go-cross-canadian_1.20.12.bb} (100%) rename meta/recipes-devtools/go/{go-cross_1.20.11.bb => go-cross_1.20.12.bb} (100%) rename meta/recipes-devtools/go/{go-crosssdk_1.20.11.bb => go-crosssdk_1.20.12.bb} (100%) rename meta/recipes-devtools/go/{go-native_1.20.11.bb => go-native_1.20.12.bb} (100%) rename meta/recipes-devtools/go/{go-runtime_1.20.11.bb => go-runtime_1.20.12.bb} (100%) rename meta/recipes-devtools/go/{go_1.20.11.bb => go_1.20.12.bb} (100%) diff --git a/meta/recipes-devtools/go/go-1.20.11.inc b/meta/recipes-devtools/go/go-1.20.12.inc similarity index 89% rename from meta/recipes-devtools/go/go-1.20.11.inc rename to meta/recipes-devtools/go/go-1.20.12.inc index 2f510b1791..9be56c6707 100644 --- a/meta/recipes-devtools/go/go-1.20.11.inc +++ b/meta/recipes-devtools/go/go-1.20.12.inc @@ -15,4 +15,4 @@ SRC_URI += "\ file://0008-src-cmd-dist-buildgo.go-do-not-hardcode-host-compile.patch \ file://0009-go-Filter-build-paths-on-staticly-linked-arches.patch \ " -SRC_URI[main.sha256sum] = "d355c5ae3a8f7763c9ec9dc25153aae373958cbcb60dd09e91a8b56c7621b2fc" +SRC_URI[main.sha256sum] = "c5bf934751d31c315c1d0bb5fb02296545fa6d08923566f7a5afec81f2ed27d6" diff --git a/meta/recipes-devtools/go/go-binary-native_1.20.11.bb b/meta/recipes-devtools/go/go-binary-native_1.20.12.bb similarity index 78% rename from meta/recipes-devtools/go/go-binary-native_1.20.11.bb rename to meta/recipes-devtools/go/go-binary-native_1.20.12.bb index bf91067971..e555412a19 100644 --- a/meta/recipes-devtools/go/go-binary-native_1.20.11.bb +++ b/meta/recipes-devtools/go/go-binary-native_1.20.12.bb @@ -9,9 +9,9 @@ PROVIDES = "go-native" # Checksums available at https://go.dev/dl/ SRC_URI = "https://dl.google.com/go/go${PV}.${BUILD_GOOS}-${BUILD_GOARCH}.tar.gz;name=go_${BUILD_GOTUPLE}; -SRC_URI[go_linux_amd64.sha256sum] = "ef79a11aa095a08772d2a69e4f152f897c4e96ee297b0dc20264b7dec2961abe" -SRC_URI[go_linux_arm64.sha256sum] = "7908a49c6ce9d48af9b5ba76ccaa0769da45d8b635259a01065b3739acef4ada" -SRC_URI[go_linux_ppc64le.sha256sum] = "e04676e1aeafe7c415176f330322d43a4be5ea6deb14aca49905bd1449dc7072" +SRC_URI[go_linux_amd64.sha256sum] = "9c5d48c54dd8b0a3b2ef91b0f92a1190aa01f11d26e98033efa64c46a30bba7b" +SRC_URI[go_linux_arm64.sha256sum] = "8afe8e3fb6972eaa2179ef0a71678c67f26509fab4f0f67c4b00f4cdfa92dc87" +SRC_URI[go_linux_ppc64le.sha256sum] = "2ae0ec3736216dfbd7b01ff679842dc1bed365e53a024d522645bcffd01c7328" UPSTREAM_CHECK_URI = "https://golang.org/dl/; UPSTREAM_CHECK_REGEX = "go(?P\d+(\.\d+)+)\.linux" diff --git a/meta/recipes-devtools/go/go-cross-canadian_1.20.11.bb b/meta/recipes-devtools/go/go-cross-canadian_1.20.12.bb similarity index 100% rename from meta/recipes-devtools/go/go-cross-canadian_1.20.11.bb rename to meta/recipes-devtools/go/go-cross-canadian_1.20.12.bb diff --git a/meta/recipes-devtools/go/go-cross_1.20.11.bb b/meta/recipes-devtools/go/go-cross_1.20.12.bb similarity index 100% rename from meta/recipes-devtools/go/go-cross_1.20.11.bb rename
[OE-core][nanbield 03/12] go: update 1.20.10 -> 1.20.11
From: Jose Quaresma Upgrade to latest 1.20.x release [1]: $ git log --oneline go1.20.10..go1.20.11 1d0d4b149c (tag: go1.20.11) [release-branch.go1.20] go1.20.11 46fb781685 [release-branch.go1.20] path/filepath: fix various issues in parsing Windows paths 998fdce3ae [release-branch.go1.20] net/http: pull http2 underflow fix from x/net/http2 d48639094b [release-branch.go1.20] cmd/link: split text sections for arm 32-bit c8fdffb790 [release-branch.go1.20] all: tidy dependency versioning after release [1] https://github.com/golang/go/compare/go1.20.10...go1.20.11 Signed-off-by: Jose Quaresma Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie (cherry picked from commit 09fb378fb9c60c383f0ac068bbe3692f047aa617) Signed-off-by: Steve Sakoman --- meta/recipes-devtools/go/{go-1.20.10.inc => go-1.20.11.inc} | 2 +- ...binary-native_1.20.10.bb => go-binary-native_1.20.11.bb} | 6 +++--- ...oss-canadian_1.20.10.bb => go-cross-canadian_1.20.11.bb} | 0 .../go/{go-cross_1.20.10.bb => go-cross_1.20.11.bb} | 0 .../go/{go-crosssdk_1.20.10.bb => go-crosssdk_1.20.11.bb} | 0 .../go/{go-native_1.20.10.bb => go-native_1.20.11.bb} | 0 .../go/{go-runtime_1.20.10.bb => go-runtime_1.20.11.bb} | 0 meta/recipes-devtools/go/{go_1.20.10.bb => go_1.20.11.bb} | 0 8 files changed, 4 insertions(+), 4 deletions(-) rename meta/recipes-devtools/go/{go-1.20.10.inc => go-1.20.11.inc} (89%) rename meta/recipes-devtools/go/{go-binary-native_1.20.10.bb => go-binary-native_1.20.11.bb} (78%) rename meta/recipes-devtools/go/{go-cross-canadian_1.20.10.bb => go-cross-canadian_1.20.11.bb} (100%) rename meta/recipes-devtools/go/{go-cross_1.20.10.bb => go-cross_1.20.11.bb} (100%) rename meta/recipes-devtools/go/{go-crosssdk_1.20.10.bb => go-crosssdk_1.20.11.bb} (100%) rename meta/recipes-devtools/go/{go-native_1.20.10.bb => go-native_1.20.11.bb} (100%) rename meta/recipes-devtools/go/{go-runtime_1.20.10.bb => go-runtime_1.20.11.bb} (100%) rename meta/recipes-devtools/go/{go_1.20.10.bb => go_1.20.11.bb} (100%) diff --git a/meta/recipes-devtools/go/go-1.20.10.inc b/meta/recipes-devtools/go/go-1.20.11.inc similarity index 89% rename from meta/recipes-devtools/go/go-1.20.10.inc rename to meta/recipes-devtools/go/go-1.20.11.inc index 39509ed986..2f510b1791 100644 --- a/meta/recipes-devtools/go/go-1.20.10.inc +++ b/meta/recipes-devtools/go/go-1.20.11.inc @@ -15,4 +15,4 @@ SRC_URI += "\ file://0008-src-cmd-dist-buildgo.go-do-not-hardcode-host-compile.patch \ file://0009-go-Filter-build-paths-on-staticly-linked-arches.patch \ " -SRC_URI[main.sha256sum] = "72d2f51805c47150066c103754c75fddb2c19d48c9219fa33d1e46696c841dbb" +SRC_URI[main.sha256sum] = "d355c5ae3a8f7763c9ec9dc25153aae373958cbcb60dd09e91a8b56c7621b2fc" diff --git a/meta/recipes-devtools/go/go-binary-native_1.20.10.bb b/meta/recipes-devtools/go/go-binary-native_1.20.11.bb similarity index 78% rename from meta/recipes-devtools/go/go-binary-native_1.20.10.bb rename to meta/recipes-devtools/go/go-binary-native_1.20.11.bb index 691670c31e..bf91067971 100644 --- a/meta/recipes-devtools/go/go-binary-native_1.20.10.bb +++ b/meta/recipes-devtools/go/go-binary-native_1.20.11.bb @@ -9,9 +9,9 @@ PROVIDES = "go-native" # Checksums available at https://go.dev/dl/ SRC_URI = "https://dl.google.com/go/go${PV}.${BUILD_GOOS}-${BUILD_GOARCH}.tar.gz;name=go_${BUILD_GOTUPLE}; -SRC_URI[go_linux_amd64.sha256sum] = "80d34f1fd74e382d86c2d6102e0e60d4318461a7c2f457ec1efc4042752d4248" -SRC_URI[go_linux_arm64.sha256sum] = "fb3c7e15fc4413c5b81eb9f26dbd7cd4faedd5c720b30fa8e2ff77457f74cab6" -SRC_URI[go_linux_ppc64le.sha256sum] = "ebac6e713810174f9ffd7f48c17c373fbf359d50d8e6233b1dfbbdebd524fd1c" +SRC_URI[go_linux_amd64.sha256sum] = "ef79a11aa095a08772d2a69e4f152f897c4e96ee297b0dc20264b7dec2961abe" +SRC_URI[go_linux_arm64.sha256sum] = "7908a49c6ce9d48af9b5ba76ccaa0769da45d8b635259a01065b3739acef4ada" +SRC_URI[go_linux_ppc64le.sha256sum] = "e04676e1aeafe7c415176f330322d43a4be5ea6deb14aca49905bd1449dc7072" UPSTREAM_CHECK_URI = "https://golang.org/dl/; UPSTREAM_CHECK_REGEX = "go(?P\d+(\.\d+)+)\.linux" diff --git a/meta/recipes-devtools/go/go-cross-canadian_1.20.10.bb b/meta/recipes-devtools/go/go-cross-canadian_1.20.11.bb similarity index 100% rename from meta/recipes-devtools/go/go-cross-canadian_1.20.10.bb rename to meta/recipes-devtools/go/go-cross-canadian_1.20.11.bb diff --git a/meta/recipes-devtools/go/go-cross_1.20.10.bb b/meta/recipes-devtools/go/go-cross_1.20.11.bb similarity index 100% rename from meta/recipes-devtools/go/go-cross_1.20.10.bb rename to meta/recipes-devtools/go/go-cross_1.20.11.bb diff --git a/meta/recipes-devtools/go/go-crosssdk_1.20.10.bb b/meta/recipes-devtools/go/go-crosssdk_1.20.11.bb similarity index 100% rename from meta/recipes-devtools/go/go-crosssdk_1.20.10.bb rename to meta/recipes-devtools/go/go-crosssdk_1.20.11.bb diff --git a/meta/recipes-devtools/go/go-native_1.20.10.bb
[OE-core][nanbield 02/12] tiff: Backport fixes for CVE-2023-6277
From: Khem Raj Signed-off-by: Khem Raj Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie (cherry picked from commit d115e17ad7775cf5bbfd402e98e61f362ac96efa) Signed-off-by: Steve Sakoman --- ...277-Apply-1-suggestion-s-to-1-file-s.patch | 27 +++ ...ompare-data-size-of-some-tags-data-2.patch | 36 ...-compare-data-size-of-some-tags-data.patch | 162 ++ meta/recipes-multimedia/libtiff/tiff_4.6.0.bb | 3 + 4 files changed, 228 insertions(+) create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-6277-Apply-1-suggestion-s-to-1-file-s.patch create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-6277-At-image-reading-compare-data-size-of-some-tags-data-2.patch create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-6277-At-image-reading-compare-data-size-of-some-tags-data.patch diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2023-6277-Apply-1-suggestion-s-to-1-file-s.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-6277-Apply-1-suggestion-s-to-1-file-s.patch new file mode 100644 index 00..5d15dff1d9 --- /dev/null +++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-6277-Apply-1-suggestion-s-to-1-file-s.patch @@ -0,0 +1,27 @@ +From e1640519208121f916da1772a5efb6ca28971b86 Mon Sep 17 00:00:00 2001 +From: Even Rouault +Date: Tue, 31 Oct 2023 15:04:37 + +Subject: [PATCH 3/3] Apply 1 suggestion(s) to 1 file(s) + +CVE: CVE-2023-6277 +Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/merge_requests/545] +Signed-off-by: Khem Raj +--- + libtiff/tif_dirread.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c +index fe8d6f8..58a4276 100644 +--- a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c +@@ -5306,7 +5306,6 @@ static int EstimateStripByteCounts(TIFF *tif, TIFFDirEntry *dir, + { + uint64_t space; + uint16_t n; +-filesize = TIFFGetFileSize(tif); + if (!(tif->tif_flags & TIFF_BIGTIFF)) + space = sizeof(TIFFHeaderClassic) + 2 + dircount * 12 + 4; + else +-- +2.43.0 + diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2023-6277-At-image-reading-compare-data-size-of-some-tags-data-2.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-6277-At-image-reading-compare-data-size-of-some-tags-data-2.patch new file mode 100644 index 00..9fc8182fef --- /dev/null +++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-6277-At-image-reading-compare-data-size-of-some-tags-data-2.patch @@ -0,0 +1,36 @@ +From f500facf7723f1cae725dd288b2daad15e45131c Mon Sep 17 00:00:00 2001 +From: Su_Laus +Date: Mon, 30 Oct 2023 21:21:57 +0100 +Subject: [PATCH 2/3] At image reading, compare data size of some tags / data + structures (StripByteCounts, StripOffsets, StripArray, TIFF directory) with + file size to prevent provoked out-of-memory attacks. +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +See issue #614. + +Correct declaration of ‘filesize’ shadows a previous local. + +CVE: CVE-2023-6277 +Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/merge_requests/545] +Signed-off-by: Khem Raj +--- + libtiff/tif_dirread.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c +index c52d41f..fe8d6f8 100644 +--- a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c +@@ -5305,7 +5305,6 @@ static int EstimateStripByteCounts(TIFF *tif, TIFFDirEntry *dir, + if (td->td_compression != COMPRESSION_NONE) + { + uint64_t space; +-uint64_t filesize; + uint16_t n; + filesize = TIFFGetFileSize(tif); + if (!(tif->tif_flags & TIFF_BIGTIFF)) +-- +2.43.0 + diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2023-6277-At-image-reading-compare-data-size-of-some-tags-data.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-6277-At-image-reading-compare-data-size-of-some-tags-data.patch new file mode 100644 index 00..d5854a9059 --- /dev/null +++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-6277-At-image-reading-compare-data-size-of-some-tags-data.patch @@ -0,0 +1,162 @@ +From b33baa5d9c6aac8ce49b5180dd48e39697ab7a11 Mon Sep 17 00:00:00 2001 +From: Su_Laus +Date: Fri, 27 Oct 2023 22:11:10 +0200 +Subject: [PATCH 1/3] At image reading, compare data size of some tags / data + structures (StripByteCounts, StripOffsets, StripArray, TIFF directory) with + file size to prevent provoked out-of-memory attacks. + +See issue #614. + +CVE: CVE-2023-6277 +Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/merge_requests/545] +Signed-off-by: Khem Raj +--- + libtiff/tif_dirread.c | 90 +++ + 1 file changed, 90 insertions(+) + +diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c +index 2c49dc6..c52d41f 100644 +--- a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c +@@ -1308,6 +1308,21 @@
[OE-core][nanbield 01/12] shadow: Fix for CVE-2023-4641
From: Xiangyu Chen shadow-utils: possible password leak during passwd(1) change CVE: CVE-2023-4641 Upstream-Status: Backport [https://github.com/shadow-maint/shadow/commit/65c88a43a23c2391dcc90c0abda3e839e9c57904] Signed-off-by: Xiangyu Chen Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie (cherry picked from commit 7942df17d9dfcf690106b8b86506d496e6251327) Signed-off-by: Steve Sakoman --- .../shadow/files/CVE-2023-4641.patch | 147 ++ meta/recipes-extended/shadow/shadow.inc | 1 + 2 files changed, 148 insertions(+) create mode 100644 meta/recipes-extended/shadow/files/CVE-2023-4641.patch diff --git a/meta/recipes-extended/shadow/files/CVE-2023-4641.patch b/meta/recipes-extended/shadow/files/CVE-2023-4641.patch new file mode 100644 index 00..1fabfe928e --- /dev/null +++ b/meta/recipes-extended/shadow/files/CVE-2023-4641.patch @@ -0,0 +1,147 @@ +From 25dbe2ce166a13322b7536ff2f738786ea2e61e7 Mon Sep 17 00:00:00 2001 +From: Alejandro Colomar +Date: Sat, 10 Jun 2023 16:20:05 +0200 +Subject: [PATCH] gpasswd(1): Fix password leak + +How to trigger this password leak? +~~ + +When gpasswd(1) asks for the new password, it asks twice (as is usual +for confirming the new password). Each of those 2 password prompts +uses agetpass() to get the password. If the second agetpass() fails, +the first password, which has been copied into the 'static' buffer +'pass' via STRFCPY(), wasn't being zeroed. + +agetpass() is defined in <./libmisc/agetpass.c> (around line 91), and +can fail for any of the following reasons: + +- malloc(3) or readpassphrase(3) failure. + + These are going to be difficult to trigger. Maybe getting the system + to the limits of memory utilization at that exact point, so that the + next malloc(3) gets ENOMEM, and possibly even the OOM is triggered. + About readpassphrase(3), ENFILE and EINTR seem the only plausible + ones, and EINTR probably requires privilege or being the same user; + but I wouldn't discard ENFILE so easily, if a process starts opening + files. + +- The password is longer than PASS_MAX. + + The is plausible with physical access. However, at that point, a + keylogger will be a much simpler attack. + +And, the attacker must be able to know when the second password is being +introduced, which is not going to be easy. + +How to read the password after the leak? + + +Provoking the leak yourself at the right point by entering a very long +password is easy, and inspecting the process stack at that point should +be doable. Try to find some consistent patterns. + +Then, search for those patterns in free memory, right after the victim +leaks their password. + +Once you get the leak, a program should read all the free memory +searching for patterns that gpasswd(1) leaves nearby the leaked +password. + +On 6/10/23 03:14, Seth Arnold wrote: +> An attacker process wouldn't be able to use malloc(3) for this task. +> There's a handful of tools available for userspace to allocate memory: +> +> - brk / sbrk +> - mmap MAP_ANONYMOUS +> - mmap /dev/zero +> - mmap some other file +> - shm_open +> - shmget +> +> Most of these return only pages of zeros to a process. Using mmap of an +> existing file, you can get some of the contents of the file demand-loaded +> into the memory space on the first use. +> +> The MAP_UNINITIALIZED flag only works if the kernel was compiled with +> CONFIG_MMAP_ALLOW_UNINITIALIZED. This is rare. +> +> malloc(3) doesn't zero memory, to our collective frustration, but all the +> garbage in the allocations is from previous allocations in the current +> process. It isn't leftover from other processes. +> +> The avenues available for reading the memory: +> - /dev/mem and /dev/kmem (requires root, not available with Secure Boot) +> - /proc/pid/mem (requires ptrace privileges, mediated by YAMA) +> - ptrace (requires ptrace privileges, mediated by YAMA) +> - causing memory to be swapped to disk, and then inspecting the swap +> +> These all require a certain amount of privileges. + +How to fix it? +~~ + +memzero(), which internally calls explicit_bzero(3), or whatever +alternative the system provides with a slightly different name, will +make sure that the buffer is zeroed in memory, and optimizations are not +allowed to impede this zeroing. + +This is not really 100% effective, since compilers may place copies of +the string somewhere hidden in the stack. Those copies won't get zeroed +by explicit_bzero(3). However, that's arguably a compiler bug, since +compilers should make everything possible to avoid optimizing strings +that are later passed to explicit_bzero(3). But we all know that +sometimes it's impossible to have perfect knowledge in the compiler, so +this is plausible. Nevertheless, there's nothing we can do against such +issues, except minimizing the time such passwords are stored in
[OE-core][nanbield 00/12] Patch review
Please review this set of changes for nanbield and have comments back by end of day Monday, January 15 Passed a-full on autobuilder: https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6437 The following changes since commit ff595b937d37d2315386aebf315cea719e2362ea: build-appliance-image: Update to nanbield head revision (2024-01-04 04:13:37 -1000) are available in the Git repository at: https://git.openembedded.org/openembedded-core-contrib stable/nanbield-nut https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/nanbield-nut Jason Andryuk (3): linux-firmware: Package iwlwifi .pnvm files linux-firmware: Change bnx2 packaging linux-firmware: Create bnx2x subpackage Joao Marcos Costa (1): documentation.conf: fix do_menuconfig description Jose Quaresma (2): go: update 1.20.10 -> 1.20.11 go: update 1.20.11 -> 1.20.12 Khem Raj (1): tiff: Backport fixes for CVE-2023-6277 Massimiliano Minella (1): zstd: fix LICENSE statement Richard Purdie (1): pseudo: Update to pull in syncfs probe fix Ross Burton (1): avahi: update URL for new project location Xiangyu Chen (1): shadow: Fix for CVE-2023-4641 Zahir Hussain (1): cmake: Unset CMAKE_CXX_IMPLICIT_INCLUDE_DIRECTORIES meta/conf/documentation.conf | 2 +- meta/recipes-connectivity/avahi/avahi_0.8.bb | 5 +- .../cmake/cmake/OEToolchainConfig.cmake | 3 + .../go/{go-1.20.10.inc => go-1.20.12.inc} | 2 +- ...1.20.10.bb => go-binary-native_1.20.12.bb} | 6 +- 20.10.bb => go-cross-canadian_1.20.12.bb} | 0 ...o-cross_1.20.10.bb => go-cross_1.20.12.bb} | 0 ...ssdk_1.20.10.bb => go-crosssdk_1.20.12.bb} | 0 ...native_1.20.10.bb => go-native_1.20.12.bb} | 0 ...ntime_1.20.10.bb => go-runtime_1.20.12.bb} | 0 .../go/{go_1.20.10.bb => go_1.20.12.bb} | 0 meta/recipes-devtools/pseudo/pseudo_git.bb| 2 +- .../shadow/files/CVE-2023-4641.patch | 147 meta/recipes-extended/shadow/shadow.inc | 1 + meta/recipes-extended/zstd/zstd_1.5.5.bb | 2 +- .../linux-firmware/linux-firmware_20231030.bb | 26 ++- ...277-Apply-1-suggestion-s-to-1-file-s.patch | 27 +++ ...ompare-data-size-of-some-tags-data-2.patch | 36 ...-compare-data-size-of-some-tags-data.patch | 162 ++ meta/recipes-multimedia/libtiff/tiff_4.6.0.bb | 3 + 20 files changed, 408 insertions(+), 16 deletions(-) rename meta/recipes-devtools/go/{go-1.20.10.inc => go-1.20.12.inc} (89%) rename meta/recipes-devtools/go/{go-binary-native_1.20.10.bb => go-binary-native_1.20.12.bb} (78%) rename meta/recipes-devtools/go/{go-cross-canadian_1.20.10.bb => go-cross-canadian_1.20.12.bb} (100%) rename meta/recipes-devtools/go/{go-cross_1.20.10.bb => go-cross_1.20.12.bb} (100%) rename meta/recipes-devtools/go/{go-crosssdk_1.20.10.bb => go-crosssdk_1.20.12.bb} (100%) rename meta/recipes-devtools/go/{go-native_1.20.10.bb => go-native_1.20.12.bb} (100%) rename meta/recipes-devtools/go/{go-runtime_1.20.10.bb => go-runtime_1.20.12.bb} (100%) rename meta/recipes-devtools/go/{go_1.20.10.bb => go_1.20.12.bb} (100%) create mode 100644 meta/recipes-extended/shadow/files/CVE-2023-4641.patch create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-6277-Apply-1-suggestion-s-to-1-file-s.patch create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-6277-At-image-reading-compare-data-size-of-some-tags-data-2.patch create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-6277-At-image-reading-compare-data-size-of-some-tags-data.patch -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193548): https://lists.openembedded.org/g/openembedded-core/message/193548 Mute This Topic: https://lists.openembedded.org/mt/103665294/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] glibc: Set status for CVE-2023-5156 & CVE-2023-0687
From: Simone Weiß Set `CVE_STATUS`for those CVEs, they have already been fixed with the latest pull for stable branch fixes done in rev e444d2bed0ea140a574414fcd5a689867e8ba312. Hence the issues are fixed already. Signed-off-by: Simone Weiß --- meta/recipes-core/glibc/glibc-version.inc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta/recipes-core/glibc/glibc-version.inc b/meta/recipes-core/glibc/glibc-version.inc index ccf9d505c5..5f24a10826 100644 --- a/meta/recipes-core/glibc/glibc-version.inc +++ b/meta/recipes-core/glibc/glibc-version.inc @@ -10,4 +10,6 @@ UPSTREAM_CHECK_GITTAGREGEX = "(?P\d+\.\d+(\.(?!90)\d+)*)" CVE_STATUS[CVE-2023-4527] = "fixed-version: Fixed in stable branch updates" CVE_STATUS[CVE-2023-4911] = "fixed-version: Fixed in stable branch updates" CVE_STATUS[CVE-2023-4806] = "fixed-version: Fixed in stable branch updates" +CVE_STATUS[CVE-2023-5156] = "fixed-version: Fixed in stable branch updates" CVE_STATUS[CVE-2023-4527] = "fixed-version: Fixed in stable branch updates" +CVE_STATUS[CVE-2023-0687] = "fixed-version: Fixed in stable branch updates" -- 2.39.2 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193547): https://lists.openembedded.org/g/openembedded-core/message/193547 Mute This Topic: https://lists.openembedded.org/mt/103663782/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] xmlcatalog: limit to native recipes only
From: Ross Burton The sysroot postinst is explicitly native-only, so use more overrides to ensure that we don't try to run them outside of native recipes. Also add a comment so this doesn't get forgotten again, and link to the related bug. Signed-off-by: Ross Burton --- meta/classes-recipe/xmlcatalog.bbclass | 8 ++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/meta/classes-recipe/xmlcatalog.bbclass b/meta/classes-recipe/xmlcatalog.bbclass index 5826d0a8b51..70f95e2a454 100644 --- a/meta/classes-recipe/xmlcatalog.bbclass +++ b/meta/classes-recipe/xmlcatalog.bbclass @@ -4,13 +4,17 @@ # SPDX-License-Identifier: MIT # -DEPENDS = "libxml2-native" +# Note that this recipe only handles XML catalogues in the native sysroot, and doesn't +# yet support catalogue management in the target sysroot or on the target itself. +# (https://bugzilla.yoctoproject.org/13271) # A whitespace-separated list of XML catalogs to be registered, for example # "${sysconfdir}/xml/docbook-xml.xml". XMLCATALOGS ?= "" -SYSROOT_PREPROCESS_FUNCS:append = " xmlcatalog_sstate_postinst" +DEPENDS:append:class-native = " libxml2-native" + +SYSROOT_PREPROCESS_FUNCS:append:class-native = " xmlcatalog_sstate_postinst" xmlcatalog_complete() { ROOTCATALOG="${STAGING_ETCDIR_NATIVE}/xml/catalog" -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193546): https://lists.openembedded.org/g/openembedded-core/message/193546 Mute This Topic: https://lists.openembedded.org/mt/103663595/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH 4/4] rust: Upgrade 1.74.1 -> 1.75.0
On Tue, Jan 2, 2024 at 02:54 PM, Alex Kiernan wrote: > > Closing this off - for whatever reason the buildpaths check wasn't > getting run when I was testing stuff, so what I thought was a fix, > wasn't. Hello Alex, Are you working on fixing this issue? Thanks, Sundeep K. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193545): https://lists.openembedded.org/g/openembedded-core/message/193545 Mute This Topic: https://lists.openembedded.org/mt/103433093/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [yocto] QA notification for completed autobuilder build (yocto-4.3.2.rc1)
Hi All, QA for yocto-4.3.2.rc1 is completed. This is the full report for this release: https://git.yoctoproject.org/cgit/cgit.cgi/yocto-testresults-contrib/tree/?h=intel-yocto-testresults === Summary No high milestone defects. No new issue found. Thanks, Jing Hui > -Original Message- > From: yo...@lists.yoctoproject.org On Behalf > Of Pokybuild User > Sent: Friday, January 5, 2024 5:06 PM > To: yo...@lists.yoctoproject.org > Cc: qa-build-notificat...@lists.yoctoproject.org > Subject: [yocto] QA notification for completed autobuilder build (yocto- > 4.3.2.rc1) > > > A build flagged for QA (yocto-4.3.2.rc1) was completed on the autobuilder > and is available at: > > > https://autobuilder.yocto.io/pub/releases/yocto-4.3.2.rc1 > > > Build URL: > https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6420 > > Build hash information: > > bitbake: 72bf75f0b2e7f36930185e18a1de8277ce7045d8 > meta-agl: a492c25c1d2dd7a1bca42bc13d4b7449ab179a6a > meta-arm: ae11c9d47374b7373dfead6b4217374484151f6f > meta-aws: bdaaa71585e6d154ac34116d0f6c1e85fff86f63 > meta-intel: 039e45e21d2973fc3ce318a25beceae348e4428a > meta-mingw: 49617a253e09baabbf0355bc736122e9549c8ab2 > meta-openembedded: 1750c66ae8e4268c472c0b2b94748a59d6ef866d > meta-virtualization: 9e92984ff47b3ca2106b1d27a93af061b28d1e8a > oecore: ff595b937d37d2315386aebf315cea719e2362ea > poky: f768ffb8916feb6542fcbe3e946cbf30e247b151 > > > > This is an automated message from the Yocto Project Autobuilder > Git: git://git.yoctoproject.org/yocto-autobuilder2 > Email: richard.pur...@linuxfoundation.org > > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193544): https://lists.openembedded.org/g/openembedded-core/message/193544 Mute This Topic: https://lists.openembedded.org/mt/103591616/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH v3 1/2] shadow: update 4.13 -> 4.14.2
License-Update: formatting, spdx conversion Drop: 0001-Disable-use-of-syslog-for-sysroot.patch (issue fixed upstream) 0001-Fix-can-not-print-full-login.patch 0001-Overhaul-valid_field.patch CVE-2023-29383.patch (backports) libbsd is a new native dependency, as otherwise glibc >= 2.38 is needed. A similar fix is added to musl in order to define non-standard __BEGIN_DECLS/__END_DECLS. Signed-off-by: Alexander Kanavin --- ...01-Disable-use-of-syslog-for-sysroot.patch | 52 --- .../0001-Fix-can-not-print-full-login.patch | 41 - .../files/0001-Overhaul-valid_field.patch | 65 .../shadow/files/CVE-2023-29383.patch | 53 --- .../shadow/files/CVE-2023-4641.patch | 147 -- ...nexpected-open-failure-in-chroot-env.patch | 16 +- meta/recipes-extended/shadow/shadow.inc | 20 +-- .../{shadow_4.13.bb => shadow_4.14.2.bb} | 0 8 files changed, 16 insertions(+), 378 deletions(-) delete mode 100644 meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch delete mode 100644 meta/recipes-extended/shadow/files/0001-Fix-can-not-print-full-login.patch delete mode 100644 meta/recipes-extended/shadow/files/0001-Overhaul-valid_field.patch delete mode 100644 meta/recipes-extended/shadow/files/CVE-2023-29383.patch delete mode 100644 meta/recipes-extended/shadow/files/CVE-2023-4641.patch rename meta/recipes-extended/shadow/{shadow_4.13.bb => shadow_4.14.2.bb} (100%) diff --git a/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch b/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch deleted file mode 100644 index fa1532c8317..000 --- a/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 85d0444229ee3d14fefcf10d093f49c862826f82 Mon Sep 17 00:00:00 2001 -From: Richard Purdie -Date: Thu, 14 Apr 2022 23:11:53 + -Subject: [PATCH] Disable use of syslog for shadow-native tools - -Disable use of syslog to prevent sysroot user and group additions from -writing entries to the host's syslog. This patch should only be used -with the shadow-native recipe. - -Upstream-Status: Inappropriate [OE specific configuration] -Signed-off-by: Richard Purdie -Signed-off-by: Peter Kjellerstedt - - configure.ac | 2 +- - src/login_nopam.c | 3 ++- - 2 files changed, 3 insertions(+), 2 deletions(-) - -diff --git a/configure.ac b/configure.ac -index 924254a..603af81 100644 a/configure.ac -+++ b/configure.ac -@@ -191,7 +191,7 @@ AC_DEFINE_UNQUOTED(PASSWD_PROGRAM, "$shadow_cv_passwd_dir/passwd", - [Path to passwd program.]) - - dnl XXX - quick hack, should disappear before anyone notices :). --AC_DEFINE(USE_SYSLOG, 1, [Define to use syslog().]) -+#AC_DEFINE(USE_SYSLOG, 1, [Define to use syslog().]) - if test "$ac_cv_func_ruserok" = "yes"; then - AC_DEFINE(RLOGIN, 1, [Define if login should support the -r flag for rlogind.]) - AC_DEFINE(RUSEROK, 0, [Define to the ruserok() "success" return value (0 or 1).]) -diff --git a/src/login_nopam.c b/src/login_nopam.c -index df6ba88..fc24e13 100644 a/src/login_nopam.c -+++ b/src/login_nopam.c -@@ -29,7 +29,6 @@ - #ifndef USE_PAM - #ident "$Id$" - --#include "prototypes.h" - /* - * This module implements a simple but effective form of login access - * control based on login names and on host (or domain) names, internet -@@ -57,6 +56,8 @@ - #include - #include /* for inet_ntoa() */ - -+#include "prototypes.h" -+ - #if !defined(MAXHOSTNAMELEN) || (MAXHOSTNAMELEN < 64) - #undef MAXHOSTNAMELEN - #define MAXHOSTNAMELEN 256 diff --git a/meta/recipes-extended/shadow/files/0001-Fix-can-not-print-full-login.patch b/meta/recipes-extended/shadow/files/0001-Fix-can-not-print-full-login.patch deleted file mode 100644 index 89f9c05c8d3..000 --- a/meta/recipes-extended/shadow/files/0001-Fix-can-not-print-full-login.patch +++ /dev/null @@ -1,41 +0,0 @@ -commit 670cae834827a8f794e6f7464fa57790d911b63c -Author: SoumyaWind <121475834+soumyaw...@users.noreply.github.com> -Date: Tue Dec 27 17:40:17 2022 +0530 - -shadow: Fix can not print full login timeout message - -Login timed out message prints only first few bytes when write is immediately followed by exit. -Calling exit from new handler provides enough time to display full message. - -Upstream-Status: Backport [https://github.com/shadow-maint/shadow/commit/670cae834827a8f794e6f7464fa57790d911b63c] - -diff --git a/src/login.c b/src/login.c -index 116e2cb3..c55f4de0 100644 a/src/login.c -+++ b/src/login.c -@@ -120,6 +120,7 @@ static void get_pam_user (char **ptr_pam_user); - - static void init_env (void); - static void alarm_handler (int); -+static void exit_handler (int); - - /* - * usage - print login command usage and exit -@@ -391,11 +392,16 @@ static void init_env (void) - #endif/* !USE_PAM
[OE-core] [PATCH v3 2/2] shadow: link executables statically for -native variant
shadow 4.14.x adds a number of libraries it dynamically links with (md, bsd, attr). This causes troubles in setscene tasks where shadow executables are used (such as useradd), as pulling in the needed dynamic libraries needs unpleasant special-casing. Signed-off-by: Alexander Kanavin --- v2: patch only Makefiles that produce executables and libshadow.a (that executables all statically link with), do not patch libsubid/Makefile, as patching in .a linking can clash with producing dynamic libraries. libsubid is used only in getsubids executable, which is not used in setscene user management (or anywhere else from what I can see). v3: add -no-pie to linker flags, as otherwise some host distros would refuse to link against libattr produced on other host distros and supplied via sstate (libattr made with gcc 13 and used on gcc 11/12 hosts seems to be problematic) Signed-off-by: Alexander Kanavin --- meta/conf/distro/include/no-static-libs.inc | 5 + meta/recipes-extended/shadow/shadow.inc | 10 ++ 2 files changed, 15 insertions(+) diff --git a/meta/conf/distro/include/no-static-libs.inc b/meta/conf/distro/include/no-static-libs.inc index 75359928a14..8898d53d756 100644 --- a/meta/conf/distro/include/no-static-libs.inc +++ b/meta/conf/distro/include/no-static-libs.inc @@ -21,6 +21,11 @@ DISABLE_STATIC:pn-libusb1-native = "" # needed by rust DISABLE_STATIC:pn-musl = "" +# needed by shadow-native to build static executables, particularly useradd +DISABLE_STATIC:pn-attr-native = "" +DISABLE_STATIC:pn-libbsd-native = "" +DISABLE_STATIC:pn-libmd-native = "" + EXTRA_OECONF:append = "${DISABLE_STATIC}" EXTRA_OECMAKE:append:pn-libical = " -DSHARED_ONLY=True" diff --git a/meta/recipes-extended/shadow/shadow.inc b/meta/recipes-extended/shadow/shadow.inc index c024746d4ff..43f456251a5 100644 --- a/meta/recipes-extended/shadow/shadow.inc +++ b/meta/recipes-extended/shadow/shadow.inc @@ -47,6 +47,16 @@ EXTRA_OECONF += "--without-libcrack \ CFLAGS:append:libc-musl = " -DLIBBSD_OVERLAY" +# Force static linking of utilities so we can use from the sysroot/sstate for useradd +# without worrying about the dependency libraries being available +LDFLAGS:append:class-native = " -no-pie" +do_compile:prepend:class-native () { + sed -i -e 's#\(LIBS.*\)-lbsd#\1 ${STAGING_LIBDIR}/libbsd.a ${STAGING_LIBDIR}/libmd.a#g' \ + -e 's#\(LIBBSD.*\)-lbsd#\1 ${STAGING_LIBDIR}/libbsd.a ${STAGING_LIBDIR}/libmd.a#g' \ + -e 's#\(LIBATTR.*\)-lattr#\1 ${STAGING_LIBDIR}/libattr.a#g' \ + ${B}/lib/Makefile ${B}/src/Makefile +} + NSCDOPT = "" NSCDOPT:class-native = "--without-nscd" NSCDOPT:class-nativesdk = "--without-nscd" -- 2.39.2 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193543): https://lists.openembedded.org/g/openembedded-core/message/193543 Mute This Topic: https://lists.openembedded.org/mt/103661548/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] looking to collect "OE/YP best practices" docs for co-op student
g'day, eh? in my current employment, i am in charge of a number of YP (well, Wind River Linux) layers with a lot of legacy cruft^H^H^H^H^H content, and i'd like to start cleaning it up little by little. i was gifted a fairly junior co-op student for the term and figured this would be a good way to put him to use and even turn him into a moderately competent OE developer by the end of the term. so i wanted to put together a *really* comprehensive list of best practices, starting simple, open a Jira epic, and start adding increasingly sophisticated tasks for him to do day by day. i've started collecting a few docs but none of them really cover the gamut of all the pedantic things one could do to tidy up OE/YP layers. i was going to start off with just aesthetic prettification -- break absurdly long assignments of multiple values into one per line, line continuations, in alphabetical order, that sort of thing. the next step would be, i think, to get familiar with bitbake.conf and some of the bbclass files, and start removing superfluous content from various recipes. case in point -- a pile of packagegroup recipe files unnecessarily set: PACKAGES = ${PN} but that's the default so ... delete that sort of thing (as long as there's no *real* reason for it to be there). this might sound like grunt work but, as the term went on, i'd ask him to do more research and come up with cleanups of his own as he understood more of OE. i'd like to make this a truly productive term for this guy. any recommended docs that get to this level? i've already bookmarked the standard YP docs, and a couple others. rday -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193541): https://lists.openembedded.org/g/openembedded-core/message/193541 Mute This Topic: https://lists.openembedded.org/mt/103661346/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] runqemu: ahci option
Hi, On Thu, Jan 11, 2024 at 11:42:58AM +0100, Alexander Kanavin wrote: > Generally runqemu is inteded for (and tested with) specifically > qemux86_64 MACHINE (or any other qemu* machine). So if testing your > particular target bootloader with qemu isn't actually important, you > can rebuild the image for qemux86_64, and in that configuration there > is no bootloader: qemu boots the kernel directly. True, yocto has a lot of history with the assumption that every board even with common and compatible SoC's needs a specific machine configuration. I think this is a bit too old fashioned and would like to move towards generic and compatible builds where a single binary build works on a large number of instruction set compatible SoCs and boards. Thus I'd be happy to have qemu testing part of this and the hard coded assumptions of qemu configs to be removed or made optional so that they can be overwritten if needed. So patches welcome :) Cheers, -Mikko -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193540): https://lists.openembedded.org/g/openembedded-core/message/193540 Mute This Topic: https://lists.openembedded.org/mt/103658327/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [oe-core][PATCH 1/1] eudev: modify predictable network if name search
On Wed, 10 Jan 2024 at 22:54, Randy MacLeod via lists.openembedded.org wrote: > +++ b/meta/recipes-core/udev/eudev/netifnames.patch > @@ -0,0 +1,17 @@ > +eudev: consider ID_NET_NAME_MAC as an interface name > + > +eudev might not create names based on slot or path. > + > +Upstream-Status: Pending > + > +Signed-off-by: Joe Slater Please submit upstream first, or provide a reason for Pending (and it better be good). Alex -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193539): https://lists.openembedded.org/g/openembedded-core/message/193539 Mute This Topic: https://lists.openembedded.org/mt/103650019/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] runqemu: ahci option
Generally runqemu is inteded for (and tested with) specifically qemux86_64 MACHINE (or any other qemu* machine). So if testing your particular target bootloader with qemu isn't actually important, you can rebuild the image for qemux86_64, and in that configuration there is no bootloader: qemu boots the kernel directly. Alex On Thu, 11 Jan 2024 at 08:59, Sean Nyekjaer wrote: > > Hi, > > We have an x86_64 machine that we create an wic image for. > For bootloader we are using UEFI boot with u-boot as a EFI payload. > > U-boot doesn’t have support for virtio-scsi-pci, so it’s can’t detect a disk. > U-boot however does some tests with the ahci driver: > https://source.denx.de/u-boot/u-boot/-/blob/master/scripts/build-efi.sh#L116 > It also works for our case. > > But since the runqemu script checks for drivetype by “/dev/sd” I can’t easily > add something like what u-boot uses. > > Any idea’s? > > For now I use in machine conf: > QB_DEFAULT_FSTYPE = "wic" > QB_ROOTFS = "none" > QB_OPT_APPEND = "-drive > id=disk,file=@DEPLOY_DIR_IMAGE@/image-qemux86-64.rootfs.wic,if=none,format=raw > -device ahci,id=ahci -device ide-hd,drive=disk,bus=ahci.0” > > But it would be nice to have the ROOTFS env var expanded instead of declaring > it explicitly here. > > Best regards > Sean Nyekjær -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193538): https://lists.openembedded.org/g/openembedded-core/message/193538 Mute This Topic: https://lists.openembedded.org/mt/103658327/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH 2/2] shadow: link executables statically for -native variant
On Thu, 11 Jan 2024 at 11:10, Richard Purdie wrote: > There is still something not right: > > https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6440 > > :( Yes, seems like each host distro's gcc has a different issue with what we're trying to do :( I'll dig into it. Alex -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193537): https://lists.openembedded.org/g/openembedded-core/message/193537 Mute This Topic: https://lists.openembedded.org/mt/103648583/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH 2/2] shadow: link executables statically for -native variant
On Wed, 2024-01-10 at 21:03 +0100, Alexander Kanavin wrote: > shadow 4.14.x adds a number of libraries it dynamically links with > (md, bsd, attr). This causes troubles in setscene tasks where > shadow executables are used (such as useradd), as pulling in > the needed dynamic libraries needs unpleasant special-casing. > > Signed-off-by: Alexander Kanavin > > --- > v2: patch only Makefiles that produce executables and libshadow.a > (that executables all statically link with), do not patch libsubid/Makefile, > as patching in .a linking can clash with producing dynamic libraries. > libsubid is used only in getsubids executable, which is not used in > setscene user management (or anywhere else from what I can see). > --- > meta/conf/distro/include/no-static-libs.inc | 5 + > meta/recipes-extended/shadow/shadow.inc | 9 + > 2 files changed, 14 insertions(+) > > diff --git a/meta/conf/distro/include/no-static-libs.inc > b/meta/conf/distro/include/no-static-libs.inc > index 75359928a14..8898d53d756 100644 > --- a/meta/conf/distro/include/no-static-libs.inc > +++ b/meta/conf/distro/include/no-static-libs.inc > @@ -21,6 +21,11 @@ DISABLE_STATIC:pn-libusb1-native = "" > # needed by rust > DISABLE_STATIC:pn-musl = "" > > +# needed by shadow-native to build static executables, particularly useradd > +DISABLE_STATIC:pn-attr-native = "" > +DISABLE_STATIC:pn-libbsd-native = "" > +DISABLE_STATIC:pn-libmd-native = "" > + > EXTRA_OECONF:append = "${DISABLE_STATIC}" > > EXTRA_OECMAKE:append:pn-libical = " -DSHARED_ONLY=True" > diff --git a/meta/recipes-extended/shadow/shadow.inc > b/meta/recipes-extended/shadow/shadow.inc > index c024746d4ff..e16d3f010d2 100644 > --- a/meta/recipes-extended/shadow/shadow.inc > +++ b/meta/recipes-extended/shadow/shadow.inc > @@ -47,6 +47,15 @@ EXTRA_OECONF += "--without-libcrack \ > > CFLAGS:append:libc-musl = " -DLIBBSD_OVERLAY" > > +# Force static linking of utilities so we can use from the sysroot/sstate > for useradd > +# without worrying about the dependency libraries being available > +do_compile:prepend:class-native () { > + sed -i -e 's#\(LIBS.*\)-lbsd#\1 ${STAGING_LIBDIR}/libbsd.a > ${STAGING_LIBDIR}/libmd.a#g' \ > +-e 's#\(LIBBSD.*\)-lbsd#\1 ${STAGING_LIBDIR}/libbsd.a > ${STAGING_LIBDIR}/libmd.a#g' \ > +-e 's#\(LIBATTR.*\)-lattr#\1 ${STAGING_LIBDIR}/libattr.a#g' \ > + ${B}/lib/Makefile ${B}/src/Makefile > +} > + > NSCDOPT = "" > NSCDOPT:class-native = "--without-nscd" > NSCDOPT:class-nativesdk = "--without-nscd" There is still something not right: https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6440 :( Cheers, Richard -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193536): https://lists.openembedded.org/g/openembedded-core/message/193536 Mute This Topic: https://lists.openembedded.org/mt/103648583/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] create-spdx-2.2.bbclass issue
Hi all, I encountered the issue about do_create_spdx task and my descriptions as following. 1. I have two target machines whcih are ast2700-default and ast2700-emmc, respectively. 2. I have an appliction package call phosphor-logging. I succesfully to build ast2700-emmc target machine and created spdx files from tmp/deploy/spdx directory. Howerver, I changed machine name to ast2700-default to build the whole image again. I noticed do_create_spdx failed and it trited to search file "sstate:base-files:ast2700_emmc-openbmc-linux:3.0.14:r0:ast2700_emmc" but I changed my machine to "ast2700-default". It searched the wrong base-files and it caused this build error. Do you have any suggestion about how to fix it? Thanks-Jamin [['base-files', 'False sstate:base-files:ast2700_emmc-openbmc-linux:3.0.14:r0:ast2700_emmc:11: sstate:base-files::3.0.14:r0::11:'] fatal_error_here: https://github.com/openembedded/openembedded-core/blob/master/meta/classes/create-spdx-2.2.bbclass#L1135 Build Configuration: BB_VERSION = "2.6.0" BUILD_SYS = "x86_64-linux" NATIVELSBSTRING = "ubuntu-20.04" TARGET_SYS = "aarch64-openbmc-linux" MACHINE = "ast2700-default" DISTRO = "openbmc-phosphor" DISTRO_VERSION = "nodistro.0" TUNE_FEATURES = "aarch64 armv8a crc cortexa35" TARGET_FPU = "" meta meta-poky meta-oe meta-networking meta-perl meta-python meta-phosphor meta-arm meta-arm-toolchain meta-security meta-aspeed-sdk meta-ast2700-sdk = "aspeed-dev:a56e2eb3f529ed117af0312cef7fd257478ea59a" ERROR: phosphor-logging-1.0+git-r1 do_create_spdx: Cannot find any SPDX file for recipe base-files, False sstate:base-files:ast2700_emmc-openbmc-linux:3.0.14:r0:ast2700_emmc:11: sstate:base-files::3.0.14:r0::11: ERROR: Logfile of failure stored in: /home/jamin_lin/openbmc-ast2700/0111/build-ast2700/tmp/work/cortexa35-openbmc-linux/phosphor-logging/1.0+git/temp/log.do_create_spdx.2905089 ERROR: Task (/home/jamin_lin/openbmc-ast2700/0111/openbmc/meta-phosphor/recipes-phosphor/logging/phosphor-logging_git.bb:do_create_spdx) failed with exit code '1' Log: DEBUG: Executing python function extend_recipe_sysroot NOTE: Direct dependencies are ['/home/jamin_lin/openbmc-ast2700/0111/openbmc/meta/recipes-devtools/quilt/quilt-native_0.67.bb:do_populate_sysroot', 'virtual:native:/home/jamin_lin/openbmc-ast2700/0111/openbmc/meta/recipes-devtools/patch/patch_2.7.6.bb:do_populate_sysroot'] NOTE: Installed into sysroot: [] NOTE: Skipping as already exists in sysroot: ['gettext-minimal-native', 'libtool-native', 'quilt-native', 'texinfo-dummy-native', 'patch-native', 'attr-native'] DEBUG: Python function extend_recipe_sysroot finished DEBUG: Executing python function sstate_task_prefunc DEBUG: Python function sstate_task_prefunc finished DEBUG: Executing python function do_create_spdx DEBUG: Looking for patches that solves CVEs for phosphor-logging ERROR: Cannot find any SPDX file for recipe base-files, False sstate:base-files:ast2700_emmc-openbmc-linux:3.0.14:r0:ast2700_emmc:11: sstate:base-files::3.0.14:r0::11: jamin debug0 ['x86_64', 'x86_64_ubuntu-20.04', 'x86_64_x86_64_linux', 'x86_64_linux', 'x86_64_x86_64-nativesdk', 'allarch', 'cortexa35', 'aarch64', 'armv8a', 'armv8a-crc', 'cortexa35', 'ast2700_default'] jamin debug0 reverse ['ast2700_default', 'cortexa35', 'armv8a-crc', 'armv8a', 'aarch64', 'cortexa35', 'allarch', 'x86_64_x86_64-nativesdk', 'x86_64_linux', 'x86_64_x86_64_linux', 'x86_64_ubuntu-20.04', 'x86_64'] jamin debug1 [['base-files', 'False sstate:base-files:ast2700_emmc-openbmc-linux:3.0.14:r0:ast2700_emmc:11: sstate:base-files::3.0.14:r0::11:'], ['base-passwd', 'False sstate:base-passwd:cortexa35-openbmc-linux:3.6.2:r0:cortexa35:11: sstate:base-passwd::3.6.2:r0::11:'], ['dbus', 'False sstate:dbus:cortexa35-openbmc-linux:1.14.10:r0:cortexa35:11: sstate:dbus::1.14.10:r0::11:'], ['gcc-cross-aarch64', 'True sstate:gcc-cross-aarch64:x86_64-openbmc-linux:13.2.0:r0:x86_64:11: sstate:gcc-cross-aarch64::13.2.0:r0::11:'], ['gcc-runtime', 'False sstate:gcc-runtime:cortexa35-openbmc-linux:13.2.0:r0:cortexa35:11: sstate:gcc-runtime::13.2.0:r0::11:'], ['glibc', 'False sstate:glibc:cortexa35-openbmc-linux:2.38+git:r0:cortexa35:11: sstate:glibc::2.38+git:r0::11:'], ['libcereal', 'False sstate:libcereal:cortexa35-openbmc-linux:1.3.2+git:r0:cortexa35:11: sstate:libcereal::1.3.2+git:r0::11:'], ['meson-native', 'True sstate:meson-native:x86_64-linux:1.3.0:r0:x86_64:11: sstate:meson-native::1.3.0:r0::11:'], ['ninja-native', 'True sstate:ninja-native:x86_64-linux:1.11.1:r0:x86_64:11: sstate:ninja-native::1.11.1:r0::11:'], ['packagegroup-obmc-yaml-providers', 'False sstate:packagegroup-obmc-yaml-providers:cortexa35-openbmc-linux:1.0:r1:cortexa35:11: sstate:packagegroup-obmc-yaml-providers::1.0:r1::11:'], ['phosphor-dbus-interfaces', 'False sstate:phosphor-dbus-interfaces:cortexa35-openbmc-linux:1.0+git:r1:cortexa35:11: