[OE-core][dunfell][PATCH] openssl: Fix CVE-2024-0727
PKCS12 structures contain PKCS7 ContentInfo fields. These fields are optional and can be NULL even if the "type" is a valid value. OpenSSL was not properly accounting for this and a NULL dereference can occur causing a crash. Signed-off-by: virendra thakur --- .../openssl/openssl/CVE-2024-0727.patch | 122 ++ .../openssl/openssl_1.1.1w.bb | 1 + 2 files changed, 123 insertions(+) create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-0727.patch diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2024-0727.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2024-0727.patch new file mode 100644 index 00..3da6879ccb --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/CVE-2024-0727.patch @@ -0,0 +1,122 @@ +Backport of: + +From 09df4395b5071217b76dc7d3d2e630eb8c5a79c2 Mon Sep 17 00:00:00 2001 +From: Matt Caswell +Date: Fri, 19 Jan 2024 11:28:58 + +Subject: [PATCH] Add NULL checks where ContentInfo data can be NULL + +PKCS12 structures contain PKCS7 ContentInfo fields. These fields are +optional and can be NULL even if the "type" is a valid value. OpenSSL +was not properly accounting for this and a NULL dereference can occur +causing a crash. + +CVE-2024-0727 + +Reviewed-by: Tomas Mraz +Reviewed-by: Hugo Landau +Reviewed-by: Neil Horman +(Merged from https://github.com/openssl/openssl/pull/23362) + +(cherry picked from commit d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c) + +Upstream-Status: Backport [https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c] + +CVE: CVE-2024-0727 + +Signed-off-by: virendra thakur +--- + crypto/pkcs12/p12_add.c | 18 ++ + crypto/pkcs12/p12_mutl.c | 5 + + crypto/pkcs12/p12_npas.c | 5 +++-- + crypto/pkcs7/pk7_mime.c | 7 +-- + 4 files changed, 31 insertions(+), 4 deletions(-) + +--- a/crypto/pkcs12/p12_add.c b/crypto/pkcs12/p12_add.c +@@ -76,6 +76,13 @@ STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_ + PKCS12_R_CONTENT_TYPE_NOT_DATA); + return NULL; + } ++ ++if (p7->d.data == NULL) { ++PKCS12err(PKCS12_F_PKCS12_UNPACK_P7DATA, ++ PKCS12_R_DECODE_ERROR); ++return NULL; ++} ++ + return ASN1_item_unpack(p7->d.data, ASN1_ITEM_rptr(PKCS12_SAFEBAGS)); + } + +@@ -132,6 +139,12 @@ STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_ + { + if (!PKCS7_type_is_encrypted(p7)) + return NULL; ++ ++if (p7->d.encrypted == NULL) { ++PKCS12err(PKCS12_F_PKCS12_UNPACK_P7DATA, PKCS12_R_DECODE_ERROR); ++return NULL; ++} ++ + return PKCS12_item_decrypt_d2i(p7->d.encrypted->enc_data->algorithm, +ASN1_ITEM_rptr(PKCS12_SAFEBAGS), +pass, passlen, +@@ -159,6 +172,13 @@ STACK_OF(PKCS7) *PKCS12_unpack_authsafes + PKCS12_R_CONTENT_TYPE_NOT_DATA); + return NULL; + } ++ ++if (p12->authsafes->d.data == NULL) { ++PKCS12err(PKCS12_F_PKCS12_UNPACK_AUTHSAFES, ++ PKCS12_R_DECODE_ERROR); ++return NULL; ++} ++ + return ASN1_item_unpack(p12->authsafes->d.data, + ASN1_ITEM_rptr(PKCS12_AUTHSAFES)); + } +--- a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c +@@ -93,6 +93,11 @@ static int pkcs12_gen_mac(PKCS12 *p12, c + return 0; + } + ++if (p12->authsafes->d.data == NULL) { ++PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_DECODE_ERROR); ++return 0; ++} ++ + salt = p12->mac->salt->data; + saltlen = p12->mac->salt->length; + if (!p12->mac->iter) +--- a/crypto/pkcs12/p12_npas.c b/crypto/pkcs12/p12_npas.c +@@ -78,8 +78,9 @@ static int newpass_p12(PKCS12 *p12, cons + bags = PKCS12_unpack_p7data(p7); + } else if (bagnid == NID_pkcs7_encrypted) { + bags = PKCS12_unpack_p7encdata(p7, oldpass, -1); +-if (!alg_get(p7->d.encrypted->enc_data->algorithm, +- _nid, _iter, _saltlen)) ++if (p7->d.encrypted == NULL ++|| !alg_get(p7->d.encrypted->enc_data->algorithm, ++_nid, _iter, _saltlen)) + goto err; + } else { + continue; +--- a/crypto/pkcs7/pk7_mime.c b/crypto/pkcs7/pk7_mime.c +@@ -30,10 +30,13 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p + { + STACK_OF(X509_ALGOR) *mdalgs; + int ctype_nid = OBJ_obj2nid(p7->type); +-if (ctype_nid == NID_pkcs7_signed) ++if (ctype_nid == NID_pkcs7_signed) { ++if (p7->d.sign == NULL) ++return 0; + mdalgs = p7->d.sign->md_algs; +-else ++} else { + mdalgs = NULL; ++} + + flags ^= SMIME_OLDMIME; + diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1w.bb b/meta/recipes-connectivity/openssl/openssl_1.1.1w.bb index 8a53b06862..0e490eabc3 100644 ---
[OE-core][dunfell][PATCH] qemu: Ignore multiple CVEs
From: Vijay Anusuri * CVE-2023-6683: not affected, introduced in v6.1.0-rc0 * CVE-2023-6693: not affected, introduced in v5.1.0-rc0 * CVE-2023-42467: not affected, introduced in v7.1.0-rc0 & v7.1.0-rc2 * CVE-2024-24474: not affected, introduced in v6.0.0-rc0 * CVE-2024-26328: not affected, introduced in v7.0.0-rc0 Ref: https://security-tracker.debian.org/tracker/CVE-2023-6683 https://security-tracker.debian.org/tracker/CVE-2023-6693 https://security-tracker.debian.org/tracker/CVE-2023-42467 https://security-tracker.debian.org/tracker/CVE-2024-24474 https://security-tracker.debian.org/tracker/CVE-2024-26328 Signed-off-by: Vijay Anusuri --- meta/recipes-devtools/qemu/qemu.inc | 15 +++ 1 file changed, 15 insertions(+) diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc index 59ff69d51d..829c347fe3 100644 --- a/meta/recipes-devtools/qemu/qemu.inc +++ b/meta/recipes-devtools/qemu/qemu.inc @@ -176,6 +176,21 @@ CVE_CHECK_WHITELIST += "CVE-2023-2680" # Affected only `qemu-kvm` shipped with Red Hat Enterprise Linux 8.3 release. CVE_CHECK_WHITELIST += "CVE-2021-20295" +# the issue introduced in v6.1.0-rc0 +CVE_CHECK_WHITELIST += "CVE-2023-6683" + +# the issue introduced in v5.1.0-rc0 +CVE_CHECK_WHITELIST += "CVE-2023-6693" + +# the issue introduced in v7.1.0-rc0 & v7.1.0-rc2 +CVE_CHECK_WHITELIST += "CVE-2023-42467" + +# the issue introduced in v6.0.0-rc0 +CVE_CHECK_WHITELIST += "CVE-2024-24474" + +# the issue introduced in v7.0.0-rc0 +CVE_CHECK_WHITELIST += "CVE-2024-26328" + COMPATIBLE_HOST_mipsarchn32 = "null" COMPATIBLE_HOST_mipsarchn64 = "null" -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#197433): https://lists.openembedded.org/g/openembedded-core/message/197433 Mute This Topic: https://lists.openembedded.org/mt/105079365/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [master] riscv: libcamera stack smashing detected
yes I am aware of it. On Thu, Mar 21, 2024 at 3:08 PM Alexandre Belloni wrote: > > Hello, > > This report should have gone to the openembedded-devel mailing list as > libcamera is in meta-oe. But I guess Khem will have a look anyway. > > > On 20/03/2024 09:10:05-0700, Joel Winarske wrote: > > In master there is a problem running the libcamera "cam" app on a RISC-V > > device: > > > > *** stack smashing detected ***: terminated > > > > If I remove the patches in the libcamera recipe, it builds and runs on > > target without issue. > > > > libcamera bug has the details: > > https://bugs.libcamera.org/show_bug.cgi?id=214 > > > > Joel > > > > > > > > > > -- > Alexandre Belloni, co-owner and COO, Bootlin > Embedded Linux and Kernel engineering > https://bootlin.com -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#197432): https://lists.openembedded.org/g/openembedded-core/message/197432 Mute This Topic: https://lists.openembedded.org/mt/105047726/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [master] riscv: libcamera stack smashing detected
Hello, This report should have gone to the openembedded-devel mailing list as libcamera is in meta-oe. But I guess Khem will have a look anyway. On 20/03/2024 09:10:05-0700, Joel Winarske wrote: > In master there is a problem running the libcamera "cam" app on a RISC-V > device: > > *** stack smashing detected ***: terminated > > If I remove the patches in the libcamera recipe, it builds and runs on > target without issue. > > libcamera bug has the details: > https://bugs.libcamera.org/show_bug.cgi?id=214 > > Joel > > > -- Alexandre Belloni, co-owner and COO, Bootlin Embedded Linux and Kernel engineering https://bootlin.com -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#197431): https://lists.openembedded.org/g/openembedded-core/message/197431 Mute This Topic: https://lists.openembedded.org/mt/105047726/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] Patchtest results for [PATCH 2/2] tcl: skip I/O channel 46.1
Thank you for your submission. Patchtest identified one or more issues with the patch. Please see the log below for more information: --- Testing patch /home/patchtest/share/mboxes/2-2-tcl-skip-I-O-channel-46.1.patch FAIL: test bugzilla entry format: Bugzilla issue ID is not correctly formatted - specify it with format: "[YOCTO #]" (test_mbox.TestMbox.test_bugzilla_entry_format) PASS: test Signed-off-by presence (test_mbox.TestMbox.test_signed_off_by_presence) PASS: test author valid (test_mbox.TestMbox.test_author_valid) PASS: test commit message presence (test_mbox.TestMbox.test_commit_message_presence) PASS: test max line length (test_metadata.TestMetadata.test_max_line_length) PASS: test mbox format (test_mbox.TestMbox.test_mbox_format) PASS: test non-AUH upgrade (test_mbox.TestMbox.test_non_auh_upgrade) PASS: test shortlog format (test_mbox.TestMbox.test_shortlog_format) PASS: test shortlog length (test_mbox.TestMbox.test_shortlog_length) PASS: test target mailing list (test_mbox.TestMbox.test_target_mailing_list) SKIP: pretest pylint: No python related patches, skipping test (test_python_pylint.PyLint.pretest_pylint) SKIP: pretest src uri left files: Patch cannot be merged (test_metadata.TestMetadata.pretest_src_uri_left_files) SKIP: test CVE check ignore: No modified recipes or older target branch, skipping test (test_metadata.TestMetadata.test_cve_check_ignore) SKIP: test CVE tag format: No new CVE patches introduced (test_patch.TestPatch.test_cve_tag_format) SKIP: test Signed-off-by presence: No new CVE patches introduced (test_patch.TestPatch.test_signed_off_by_presence) SKIP: test Upstream-Status presence: No new CVE patches introduced (test_patch.TestPatch.test_upstream_status_presence_format) SKIP: test lic files chksum modified not mentioned: No modified recipes, skipping test (test_metadata.TestMetadata.test_lic_files_chksum_modified_not_mentioned) SKIP: test lic files chksum presence: No added recipes, skipping test (test_metadata.TestMetadata.test_lic_files_chksum_presence) SKIP: test license presence: No added recipes, skipping test (test_metadata.TestMetadata.test_license_presence) SKIP: test pylint: No python related patches, skipping test (test_python_pylint.PyLint.test_pylint) SKIP: test series merge on head: Merge test is disabled for now (test_mbox.TestMbox.test_series_merge_on_head) SKIP: test src uri left files: Patch cannot be merged (test_metadata.TestMetadata.test_src_uri_left_files) SKIP: test summary presence: No added recipes, skipping test (test_metadata.TestMetadata.test_summary_presence) --- Please address the issues identified and submit a new revision of the patch, or alternatively, reply to this email with an explanation of why the patch should be accepted. If you believe these results are due to an error in patchtest, please submit a bug at https://bugzilla.yoctoproject.org/ (use the 'Patchtest' category under 'Yocto Project Subprojects'). For more information on specific failures, see: https://wiki.yoctoproject.org/wiki/Patchtest. Thank you! -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#197430): https://lists.openembedded.org/g/openembedded-core/message/197430 Mute This Topic: https://lists.openembedded.org/mt/105073538/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe-core][PATCH 1/1] systemd: enable mac based names in NamePolicy
From: Joe Slater Some BSPs only provide information to construct a predictable network interface named based on a mac address, so we enable that NamePolicy option. This policy has been adopted for sysvinit as of commit 4a7b42fcf6981d3120c08091a7ed3d4d7bcd41f0. Signed-off-by: Joe Slater --- .../systemd/systemd/0001-NamePolicy.patch | 33 +++ meta/recipes-core/systemd/systemd_255.4.bb| 1 + 2 files changed, 34 insertions(+) create mode 100644 meta/recipes-core/systemd/systemd/0001-NamePolicy.patch diff --git a/meta/recipes-core/systemd/systemd/0001-NamePolicy.patch b/meta/recipes-core/systemd/systemd/0001-NamePolicy.patch new file mode 100644 index 00..46955cbcbb --- /dev/null +++ b/meta/recipes-core/systemd/systemd/0001-NamePolicy.patch @@ -0,0 +1,33 @@ +From 9bb09886320eb286108fb370b2634a66b3e3b9ff Mon Sep 17 00:00:00 2001 +From: Joe Slater +Date: Thu, 21 Mar 2024 16:28:31 + +Subject: [PATCH] systemd: enable mac based names in NamePolicy + +The default NamePolicy for network interface names does not +include names based on mac addresses. Some BSPs, though, do +not provide information to compute other names, so we enable +mac names as a last resort. + +Upstream-Status: Inappropriate [enable feature] + +Signed-off-by: Joe Slater +--- + network/99-default.link | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/network/99-default.link b/network/99-default.link +index 429ac31e80..543ce54661 100644 +--- a/network/99-default.link b/network/99-default.link +@@ -15,6 +15,6 @@ + OriginalName=* + + [Link] +-NamePolicy=keep kernel database onboard slot path +-AlternativeNamesPolicy=database onboard slot path ++NamePolicy=keep kernel database onboard slot path mac ++AlternativeNamesPolicy=database onboard slot path mac + MACAddressPolicy=persistent +-- +2.35.5 + diff --git a/meta/recipes-core/systemd/systemd_255.4.bb b/meta/recipes-core/systemd/systemd_255.4.bb index bcef3e6b7a..b02e44d9c0 100644 --- a/meta/recipes-core/systemd/systemd_255.4.bb +++ b/meta/recipes-core/systemd/systemd_255.4.bb @@ -28,6 +28,7 @@ SRC_URI += " \ file://systemd-pager.sh \ file://0002-binfmt-Don-t-install-dependency-links-at-install-tim.patch \ file://0008-implment-systemd-sysv-install-for-OE.patch \ + file://0001-NamePolicy.patch \ " # patches needed by musl -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#197429): https://lists.openembedded.org/g/openembedded-core/message/197429 Mute This Topic: https://lists.openembedded.org/mt/105073330/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 1/2] tcl: improve run-ptest
From: Ross Burton By setting ERROR_ON_FAILURES we don't need to grep the output to know if the tests failed. By default the log runner will print the failed test case, so we don't need to store the log at all. Set the skipped tests across multiple lines so that it's easier to see what skips are related to what bugs, and to avoid very long lines. Use basename instead of awk to get the test name. Signed-off-by: Ross Burton --- meta/recipes-devtools/tcltk/tcl/run-ptest | 24 ++- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/meta/recipes-devtools/tcltk/tcl/run-ptest b/meta/recipes-devtools/tcltk/tcl/run-ptest index 87e025fce12..affce9ab815 100644 --- a/meta/recipes-devtools/tcltk/tcl/run-ptest +++ b/meta/recipes-devtools/tcltk/tcl/run-ptest @@ -3,19 +3,25 @@ # clock.test needs a timezone to be set export TZ="Europe/London" export TCL_LIBRARY=library +export ERROR_ON_FAILURES=1 # Some tests are overly strict with timings and fail on loaded systems. -# See bugs #14825 #14882 #15081 #15321. -SKIPPED_TESTS='async-* cmdMZ-6.6 event-* exit-1.* socket-* socket_inet-*' +SKIP="" +# 15321 +SKIP="$SKIP async-\* event-\*" +# 14882 +SKIP="$SKIP cmdMZ-6.6" +# 15081 +SKIP="$SKIP exit-1.\*" +# 14825 +SKIP="$SKIP socket-\* socket_inet-\*" -for i in `ls tests/*.test | awk -F/ '{print $2}'`; do -./tcltest tests/all.tcl -file $i -skip "$SKIPPED_TESTS" >$i.log 2>&1 -grep -q -F -e "Files with failing tests:" -e "Test files exiting with errors:" $i.log +for i in tests/*.test; do +i=$(basename $i) +./tcltest tests/all.tcl -file $i -skip "$SKIP" if [ $? -eq 0 ]; then -echo "FAIL: $i" -cat $i.log -else echo "PASS: $i" +else +echo "FAIL: $i" fi -rm -f $i.log done -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#197427): https://lists.openembedded.org/g/openembedded-core/message/197427 Mute This Topic: https://lists.openembedded.org/mt/105073175/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 2/2] tcl: skip I/O channel 46.1
From: Ross Burton This test, which is in both the io and chanio test suites, has short timeouts which can trigger on loaded systems. [ YOCTO #15407 #15421 ] Signed-off-by: Ross Burton --- meta/recipes-devtools/tcltk/tcl/run-ptest | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta/recipes-devtools/tcltk/tcl/run-ptest b/meta/recipes-devtools/tcltk/tcl/run-ptest index affce9ab815..a403a74bb64 100644 --- a/meta/recipes-devtools/tcltk/tcl/run-ptest +++ b/meta/recipes-devtools/tcltk/tcl/run-ptest @@ -13,6 +13,8 @@ SKIP="$SKIP async-\* event-\*" SKIP="$SKIP cmdMZ-6.6" # 15081 SKIP="$SKIP exit-1.\*" +# 15407 15421 +SKIP="$SKIP \*io-46.1" # 14825 SKIP="$SKIP socket-\* socket_inet-\*" -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#197428): https://lists.openembedded.org/g/openembedded-core/message/197428 Mute This Topic: https://lists.openembedded.org/mt/105073176/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] bmaptool: update to latest
Upstream contains the patches that were being carried here. Signed-off-by: Trevor Woerner --- meta/recipes-support/bmaptool/bmaptool_git.bb | 12 +-- .../0001-BmapCopy.py-fix-error-message.patch | 36 ...fix-block-device-udev-race-condition.patch | 83 --- ...mapCopy.py-tweak-suggested-udev-rule.patch | 43 -- 4 files changed, 3 insertions(+), 171 deletions(-) delete mode 100644 meta/recipes-support/bmaptool/files/0001-BmapCopy.py-fix-error-message.patch delete mode 100644 meta/recipes-support/bmaptool/files/0002-CLI.py-fix-block-device-udev-race-condition.patch delete mode 100644 meta/recipes-support/bmaptool/files/0003-BmapCopy.py-tweak-suggested-udev-rule.patch diff --git a/meta/recipes-support/bmaptool/bmaptool_git.bb b/meta/recipes-support/bmaptool/bmaptool_git.bb index f70647732372..fd53c21c0663 100644 --- a/meta/recipes-support/bmaptool/bmaptool_git.bb +++ b/meta/recipes-support/bmaptool/bmaptool_git.bb @@ -9,16 +9,10 @@ SECTION = "console/utils" LICENSE = "GPL-2.0-only" LIC_FILES_CHKSUM = "file://LICENSE;md5=b234ee4d69f5fce4486a80fdaf4a4263" -FILESEXTRAPATHS:prepend := "${THISDIR}/files:" -SRC_URI = "git://github.com/yoctoproject/${BPN};branch=main;protocol=https \ - file://0001-BmapCopy.py-fix-error-message.patch \ - file://0002-CLI.py-fix-block-device-udev-race-condition.patch \ - file://0003-BmapCopy.py-tweak-suggested-udev-rule.patch \ - " - -SRCREV = "d84a6fd202fe246a0bc19ed2082e41bcdd75fb13" +SRC_URI = "git://github.com/yoctoproject/${BPN};branch=main;protocol=https" +SRCREV = "2ff5750b8a3e0b36a9993c20e2ea10a07bc62085" S = "${WORKDIR}/git" -BASEVER = "3.7" +BASEVER = "3.8.0" PV = "${BASEVER}+git" UPSTREAM_CHECK_GITTAGREGEX = "v(?P\d+(\.\d+)+)" diff --git a/meta/recipes-support/bmaptool/files/0001-BmapCopy.py-fix-error-message.patch b/meta/recipes-support/bmaptool/files/0001-BmapCopy.py-fix-error-message.patch deleted file mode 100644 index ddac322e9135.. --- a/meta/recipes-support/bmaptool/files/0001-BmapCopy.py-fix-error-message.patch +++ /dev/null @@ -1,36 +0,0 @@ -From ad0b0513a46c7d238d0fdabee0267c7084b75e84 Mon Sep 17 00:00:00 2001 -From: Trevor Woerner -Date: Thu, 11 Jan 2024 22:04:23 -0500 -Subject: [PATCH 1/3] BmapCopy.py: fix error message - -The wrong variable was being used when attempting to print out an informative -message to the user. Leading to nonsense messages such as: - - bmaptool: info: failed to enable I/O optimization, expect suboptimal speed (reason: cannot switch to the 1 I/O scheduler: 1 in use. None) - -Upstream-Status: Submitted [https://github.com/intel/bmap-tools/pull/129] -Signed-off-by: Trevor Woerner - bmaptools/BmapCopy.py | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/bmaptools/BmapCopy.py b/bmaptools/BmapCopy.py -index 9de7ef434233..b1e8e0fcbdb7 100644 a/bmaptools/BmapCopy.py -+++ b/bmaptools/BmapCopy.py -@@ -892,9 +892,9 @@ class BmapBdevCopy(BmapCopy): - _log.info( - "failed to enable I/O optimization, expect " - "suboptimal speed (reason: cannot switch to the " --f"{max_ratio_chg.temp_value} I/O scheduler: " --f"{max_ratio_chg.old_value or 'unknown scheduler'} in use. " --f"{max_ratio_chg.error})" -+f"'{scheduler_chg.temp_value}' I/O scheduler: " -+f"'{scheduler_chg.old_value or 'unknown scheduler'}' in use. " -+f"{scheduler_chg.error})" - ) - if max_ratio_chg.error or scheduler_chg.error: - _log.info( --- -2.43.0.76.g1a87c842ece3 - diff --git a/meta/recipes-support/bmaptool/files/0002-CLI.py-fix-block-device-udev-race-condition.patch b/meta/recipes-support/bmaptool/files/0002-CLI.py-fix-block-device-udev-race-condition.patch deleted file mode 100644 index ea2749a26432.. --- a/meta/recipes-support/bmaptool/files/0002-CLI.py-fix-block-device-udev-race-condition.patch +++ /dev/null @@ -1,83 +0,0 @@ -From 34f4321dfce28697f830639260076e60d765698b Mon Sep 17 00:00:00 2001 -From: Trevor Woerner -Date: Fri, 12 Jan 2024 01:16:19 -0500 -Subject: [PATCH 2/3] CLI.py: fix block device udev race condition - -We are encouraged to add a udev rule to change a block device's -bdi/max_ratio to '1' and queue/scheduler to 'none', which I did. -So I was surprised when, about 50% of the time, I kept seeing: - - ... - bmaptool: info: failed to enable I/O optimization, expect suboptimal speed (reason: cannot switch to the 'none' I/O scheduler: 'bfq' in use. [Errno 13] Permission denied: '/sys/dev/block/8:160/queue/scheduler') - bmaptool: info: You may want to set these I/O optimizations through a udev rule like this: - ... - -The strange part is that sometimes it doesn't report a problem and -sometimes it does, even if the block device is left plugged in continuously -between
[OE-core] [PATCH v2] toolchain-shar-relocate.sh: Add check for missing command 'file'
On a machine without the file command, the SDK install fails with a cryptic error message. ``` xargs: file: No such file or directory sed: no input files Failed to replace perl. Relocate script failed. Abort! ``` Add a test for 'file' to print a clear error message. ``` The command 'file' is required by the relocation script, please install it first. Abort! ``` Signed-off-by: Tom Hochstein --- meta/files/toolchain-shar-relocate.sh | 10 ++ 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/meta/files/toolchain-shar-relocate.sh b/meta/files/toolchain-shar-relocate.sh index e8ab357717..b017714df0 100644 --- a/meta/files/toolchain-shar-relocate.sh +++ b/meta/files/toolchain-shar-relocate.sh @@ -1,7 +1,9 @@ -if ! xargs --version > /dev/null 2>&1; then - echo "xargs is required by the relocation script, please install it first. Abort!" - exit 1 -fi +for cmd in xargs file; do + if ! command -v $cmd > /dev/null 2>&1; then + echo "The command '$cmd' is required by the relocation script, please install it first. Abort!" + exit 1 + fi +done # fix dynamic loader paths in all ELF SDK binaries # allow symlinks to be accessed via the find command too -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#197425): https://lists.openembedded.org/g/openembedded-core/message/197425 Mute This Topic: https://lists.openembedded.org/mt/105070397/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [[PATCH v2]] toolchain-shar-relocate.sh: Add check for missing command 'file'
On a machine without the file command, the SDK install fails with a cryptic error message. ``` xargs: file: No such file or directory sed: no input files Failed to replace perl. Relocate script failed. Abort! ``` Add a test for 'file' to print a clear error message. ``` The command 'file' is required by the relocation script, please install it first. Abort! ``` Signed-off-by: Tom Hochstein --- meta/files/toolchain-shar-relocate.sh | 10 ++ 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/meta/files/toolchain-shar-relocate.sh b/meta/files/toolchain-shar-relocate.sh index e8ab357717..b017714df0 100644 --- a/meta/files/toolchain-shar-relocate.sh +++ b/meta/files/toolchain-shar-relocate.sh @@ -1,7 +1,9 @@ -if ! xargs --version > /dev/null 2>&1; then - echo "xargs is required by the relocation script, please install it first. Abort!" - exit 1 -fi +for cmd in xargs file; do + if ! command -v $cmd > /dev/null 2>&1; then + echo "The command '$cmd' is required by the relocation script, please install it first. Abort!" + exit 1 + fi +done # fix dynamic loader paths in all ELF SDK binaries # allow symlinks to be accessed via the find command too -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#197424): https://lists.openembedded.org/g/openembedded-core/message/197424 Mute This Topic: https://lists.openembedded.org/mt/105070379/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH] toolchain-shar-relocate.sh: Add check for missing command 'file'
Thanks Alexandre, On 3/21/2024 10:19 AM, Alexandre Belloni wrote: Hello Tom, On 16/03/2024 12:35:58-0500, Tom Hochstein wrote: On a machine without the file command, the SDK install fails with a cryptic error message. ``` xargs: file: No such file or directory sed: no input files Failed to replace perl. Relocate script failed. Abort! ``` Add a test for 'file' to print a clear error message. ``` The command 'file' is required by the relocation script, please install it first. Abort! ``` Signed-off-by: Tom Hochstein --- meta/files/toolchain-shar-relocate.sh | 10 ++ 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/meta/files/toolchain-shar-relocate.sh b/meta/files/toolchain-shar-relocate.sh index e8ab357717..3d55e38102 100644 --- a/meta/files/toolchain-shar-relocate.sh +++ b/meta/files/toolchain-shar-relocate.sh @@ -1,7 +1,9 @@ -if ! xargs --version > /dev/null 2>&1; then - echo "xargs is required by the relocation script, please install it first. Abort!" - exit 1 -fi +for cmd in xargs file; do + if ! command -v $cmd &> /dev/null; then This fails on some of our builders: https://autobuilder.yoctoproject.org/typhoon/#/builders/20/builds/9148/steps/12/logs/stdio Aha, looks like &> is a bashism. V2 coming. + echo "The command '$cmd' is required by the relocation script, please install it first. Abort!" + exit 1 + fi +done # fix dynamic loader paths in all ELF SDK binaries # allow symlinks to be accessed via the find command too -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#197423): https://lists.openembedded.org/g/openembedded-core/message/197423 Mute This Topic: https://lists.openembedded.org/mt/104970783/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] u-boot: fix externalsrc not triggering do_configure on defconfig changes
From: Quentin Schulz externalsrc only monitors files listed in CONFIGURE_FILES environment variable to know if it should trigger a rebuild of do_configure. By default it is unset, but the defconfig from U-Boot should be listed otherwise an old defconfig may be used even though the change is technically detected by the do_compile logic later in the process. Because U-Boot recipe uses `make oldconfig` when no defconfig is passed, monitor .config for that special case. This fixes U-Boot recipes not detecting defconfig changes when devtool'ed. Reported-by: Iskander Amara Cc: Quentin Schulz Signed-off-by: Quentin Schulz --- Tested by running: MACHINE=qemuarm devtool modify u-boot MACHINE=qemuarm devtool build u-boot [modify configs/qemu_arm_defconfig] MACHINE=qemuarm devtool build u-boot MACHINE=qemuarm bitbake-diffsigs -t u-boot compile [Checksum for file oe-devtool-tree-sha1-u-boot changed] Apply the patch, then run: MACHINE=qemuarm devtool build u-boot [modify configs/qemu_arm_defconfig] MACHINE=qemuarm devtool build u-boot MACHINE=qemuarm bitbake-diffsigs -t u-boot compile [Hash for task dependency u-boot:do_configure changed Checksum for file qemu_arm_defconfig changed] --- meta/recipes-bsp/u-boot/u-boot-configure.inc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta/recipes-bsp/u-boot/u-boot-configure.inc b/meta/recipes-bsp/u-boot/u-boot-configure.inc index 235623d25a..378d675364 100644 --- a/meta/recipes-bsp/u-boot/u-boot-configure.inc +++ b/meta/recipes-bsp/u-boot/u-boot-configure.inc @@ -8,6 +8,8 @@ inherit uboot-config cml1 DEPENDS += "kern-tools-native" +CONFIGURE_FILES = "${@d.getVar('UBOOT_MACHINE') or '.config'}" + do_configure () { if [ -n "${UBOOT_CONFIG}" ]; then unset i j --- base-commit: 94f99434eff15a92cfdc2dce423d32a1b74aab39 change-id: 20240321-u-boot-defconfig-devtool-905683a1bedc Best regards, -- Quentin Schulz -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#197422): https://lists.openembedded.org/g/openembedded-core/message/197422 Mute This Topic: https://lists.openembedded.org/mt/105069918/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH v2] pypi.bbclass: remove vendor from CVE_PRODUCT
On 20 Mar 2024, at 16:08, Emil Kronborg via lists.openembedded.org wrote: > > By specifying the CVE vendor as python, some CVEs are not found. For > instance, the CVE_PRODUCT for python3-pyopenssl becomes > python:pyopenssl, which yields no matches in the NIST NVD database > because the correct CVE vendor is pyopenssl. > > Generally, CVE_PRODUCT ?= ${PYPI_PACKAGE}:${PYPI_PACKAGE} captures most > cases. However, some package names, such as python3-pytest, are > unrelated to the correct CVE product. In this case, the correct CVE > vendor is pytest, but the CVE product is py, resulting in no CVEs being > found. Therefore, not setting the CVE vendor is the most correct option. Have you got comparison reports for a world run before and after this change so we can see what the difference is? Ross -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#197421): https://lists.openembedded.org/g/openembedded-core/message/197421 Mute This Topic: https://lists.openembedded.org/mt/105047700/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH v2] file: add CVE_PRODUCT
On 20 Mar 2024, at 16:08, Emil Kronborg via lists.openembedded.org wrote: > > Having only file as the CVE product is too generic. What we actually > want is file from file_project to match the correct CVE(s). There’s also file:file, for example https://nvd.nist.gov/vuln/detail/CVE-2007-2799. Ross -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#197420): https://lists.openembedded.org/g/openembedded-core/message/197420 Mute This Topic: https://lists.openembedded.org/mt/105047692/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH v2] python3-pytest: add CVE_PRODUCT
On 20 Mar 2024, at 16:09, Emil Kronborg via lists.openembedded.org wrote: > > For some reason, the CVE product is just called py and not pytest in the > NIST NVD database. Since the database only accept keywords with at least > 3 characters, the CVE vendor must also be specified. I can only find two CVEs with the CPE pytest:py and either of them are actually related to the pytest package: https://nvd.nist.gov/vuln/detail/CVE-2020-29651 https://nvd.nist.gov/vuln/detail/CVE-2022-42969 These issues relate to https://github.com/pytest-dev/py which is not pytest. Ross -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#197419): https://lists.openembedded.org/g/openembedded-core/message/197419 Mute This Topic: https://lists.openembedded.org/mt/105047705/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] opkg: retry opkg_lock
When systemd is enabled, we can get into a race condition between run-postinsts and systemctl restarting services. If we fail to create the lock file (or fd), then sleep 10 seconds and retry up to 5 times. [YOCTO #15428] Patch submitted upstream to opkg: https://lists.yoctoproject.org/g/opkg/message/60 Signed-off-by: Tim Orling --- ...kg_lock-retry-if-we-fail-to-get-lock.patch | 59 +++ meta/recipes-devtools/opkg/opkg_0.6.3.bb | 1 + 2 files changed, 60 insertions(+) create mode 100644 meta/recipes-devtools/opkg/opkg/0001-opkg_lock-retry-if-we-fail-to-get-lock.patch diff --git a/meta/recipes-devtools/opkg/opkg/0001-opkg_lock-retry-if-we-fail-to-get-lock.patch b/meta/recipes-devtools/opkg/opkg/0001-opkg_lock-retry-if-we-fail-to-get-lock.patch new file mode 100644 index 000..863667fe400 --- /dev/null +++ b/meta/recipes-devtools/opkg/opkg/0001-opkg_lock-retry-if-we-fail-to-get-lock.patch @@ -0,0 +1,59 @@ +From cdc7d347f41a7095ba0e29515951a1394c632479 Mon Sep 17 00:00:00 2001 +From: Tim Orling +Date: Wed, 20 Mar 2024 23:00:31 -0700 +Subject: [opkg][PATCH] opkg_lock: retry if we fail to get lock +To: o...@lists.yoctoproject.org + +When systemd is enabled, we can get into a race condition +between run-postinsts and systemctl restarting services. + +If we fail to create the lock file (or fd), then +sleep 10 seconds and retry up to 5 times. + +[YOCTO #15428] + +Upstream-Status: Submitted [https://lists.yoctoproject.org/g/opkg/message/60] + +Signed-off-by: Tim Orling +--- + libopkg/opkg_conf.c | 22 -- + 1 file changed, 16 insertions(+), 6 deletions(-) + +diff --git a/libopkg/opkg_conf.c b/libopkg/opkg_conf.c +index 4dc777b..03bb40a 100644 +--- a/libopkg/opkg_conf.c b/libopkg/opkg_conf.c +@@ -660,14 +660,24 @@ int opkg_lock() + return -1; + } + +-r = lockf(lock_fd, F_TLOCK, (off_t) 0); ++int retry = 5; ++do { ++r = lockf(lock_fd, F_TLOCK, (off_t) 0); ++if (r == -1) { ++opkg_perror(INFO, "Could not lock %s, retry %d", opkg_config->lock_file, retry); ++r = close(lock_fd); ++ if (r == -1) ++opkg_perror(ERROR, "Couldn't close descriptor %d (%s)", lock_fd, ++opkg_config->lock_file); ++ retry--; ++sleep(10); ++} ++} ++while (retry > 0 && r == -1); ++ + if (r == -1) { + opkg_perror(ERROR, "Could not lock %s", opkg_config->lock_file); +-r = close(lock_fd); +-if (r == -1) +-opkg_perror(ERROR, "Couldn't close descriptor %d (%s)", lock_fd, +-opkg_config->lock_file); +-lock_fd = -1; ++ lock_fd = -1; + return -1; + } + +-- +2.34.1 + diff --git a/meta/recipes-devtools/opkg/opkg_0.6.3.bb b/meta/recipes-devtools/opkg/opkg_0.6.3.bb index 9592ffc5d6d..b4c7c114bcb 100644 --- a/meta/recipes-devtools/opkg/opkg_0.6.3.bb +++ b/meta/recipes-devtools/opkg/opkg_0.6.3.bb @@ -16,6 +16,7 @@ SRC_URI = "http://downloads.yoctoproject.org/releases/${BPN}/${BPN}-${PV}.tar.gz file://opkg.conf \ file://0001-opkg_conf-create-opkg.lock-in-run-instead-of-var-run.patch \ file://0001-libopkg-Use-libgen.h-to-provide-basename-API.patch \ + file://0001-opkg_lock-retry-if-we-fail-to-get-lock.patch \ file://run-ptest \ " -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#197418): https://lists.openembedded.org/g/openembedded-core/message/197418 Mute This Topic: https://lists.openembedded.org/mt/105069277/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] Final dunfell release build on April 15, 2024
If you have any patches you would like to submit for dunfell before it goes EOL, please do so now! I'll be taking patches until around April 8 in preparation for an April 15 build. Steve -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#197417): https://lists.openembedded.org/g/openembedded-core/message/197417 Mute This Topic: https://lists.openembedded.org/mt/105069079/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] Patchtest results for [PATCH] llvm: Upgrade to 18.1.2 bugfix release
Thank you for your submission. Patchtest identified one or more issues with the patch. Please see the log below for more information: --- Testing patch /home/patchtest/share/mboxes/llvm-Upgrade-to-18.1.2-bugfix-release.patch FAIL: test commit message presence: Please include a commit message on your patch explaining the change (test_mbox.TestMbox.test_commit_message_presence) PASS: pretest src uri left files (test_metadata.TestMetadata.pretest_src_uri_left_files) PASS: test CVE check ignore (test_metadata.TestMetadata.test_cve_check_ignore) PASS: test Signed-off-by presence (test_mbox.TestMbox.test_signed_off_by_presence) PASS: test author valid (test_mbox.TestMbox.test_author_valid) PASS: test lic files chksum modified not mentioned (test_metadata.TestMetadata.test_lic_files_chksum_modified_not_mentioned) PASS: test max line length (test_metadata.TestMetadata.test_max_line_length) PASS: test mbox format (test_mbox.TestMbox.test_mbox_format) PASS: test non-AUH upgrade (test_mbox.TestMbox.test_non_auh_upgrade) PASS: test shortlog format (test_mbox.TestMbox.test_shortlog_format) PASS: test shortlog length (test_mbox.TestMbox.test_shortlog_length) PASS: test src uri left files (test_metadata.TestMetadata.test_src_uri_left_files) SKIP: pretest pylint: No python related patches, skipping test (test_python_pylint.PyLint.pretest_pylint) SKIP: test CVE tag format: No new CVE patches introduced (test_patch.TestPatch.test_cve_tag_format) SKIP: test Signed-off-by presence: No new CVE patches introduced (test_patch.TestPatch.test_signed_off_by_presence) SKIP: test Upstream-Status presence: No new CVE patches introduced (test_patch.TestPatch.test_upstream_status_presence_format) SKIP: test bugzilla entry format: No bug ID found (test_mbox.TestMbox.test_bugzilla_entry_format) SKIP: test lic files chksum presence: No added recipes, skipping test (test_metadata.TestMetadata.test_lic_files_chksum_presence) SKIP: test license presence: No added recipes, skipping test (test_metadata.TestMetadata.test_license_presence) SKIP: test pylint: No python related patches, skipping test (test_python_pylint.PyLint.test_pylint) SKIP: test series merge on head: Merge test is disabled for now (test_mbox.TestMbox.test_series_merge_on_head) SKIP: test summary presence: No added recipes, skipping test (test_metadata.TestMetadata.test_summary_presence) SKIP: test target mailing list: Series merged, no reason to check other mailing lists (test_mbox.TestMbox.test_target_mailing_list) --- Please address the issues identified and submit a new revision of the patch, or alternatively, reply to this email with an explanation of why the patch should be accepted. If you believe these results are due to an error in patchtest, please submit a bug at https://bugzilla.yoctoproject.org/ (use the 'Patchtest' category under 'Yocto Project Subprojects'). For more information on specific failures, see: https://wiki.yoctoproject.org/wiki/Patchtest. Thank you! -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#197416): https://lists.openembedded.org/g/openembedded-core/message/197416 Mute This Topic: https://lists.openembedded.org/mt/105069002/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] llvm: Upgrade to 18.1.2 bugfix release
Signed-off-by: Khem Raj --- meta/recipes-devtools/llvm/llvm_git.bb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/recipes-devtools/llvm/llvm_git.bb b/meta/recipes-devtools/llvm/llvm_git.bb index 8086c9e2eb9..e1d5fc47a1f 100644 --- a/meta/recipes-devtools/llvm/llvm_git.bb +++ b/meta/recipes-devtools/llvm/llvm_git.bb @@ -17,14 +17,14 @@ inherit cmake pkgconfig # could be 'rcX' or 'git' or empty ( for release ) VER_SUFFIX = "" -PV = "18.1.1${VER_SUFFIX}" +PV = "18.1.2${VER_SUFFIX}" MAJOR_VERSION = "${@oe.utils.trim_version("${PV}", 1)}" LLVM_RELEASE = "${PV}" BRANCH = "release/${MAJOR_VERSION}.x" -SRCREV = "dba2a75e9c7ef81fe84774ba5eee5e67e01d801a" +SRCREV = "26a1d6601d727a96f4301d0d8647b5a42760ae0c" SRC_URI = "git://github.com/llvm/llvm-project.git;branch=${BRANCH};protocol=https \ file://0007-llvm-allow-env-override-of-exe-path.patch;striplevel=2 \ file://0001-AsmMatcherEmitter-sort-ClassInfo-lists-by-name-as-we.patch;striplevel=2 \ -- 2.44.0 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#197415): https://lists.openembedded.org/g/openembedded-core/message/197415 Mute This Topic: https://lists.openembedded.org/mt/105068660/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH] toolchain-shar-relocate.sh: Add check for missing command 'file'
Hello Tom, On 16/03/2024 12:35:58-0500, Tom Hochstein wrote: > On a machine without the file command, the SDK install fails with a > cryptic error message. > > ``` > xargs: file: No such file or directory > sed: no input files > Failed to replace perl. Relocate script failed. Abort! > ``` > > Add a test for 'file' to print a clear error message. > > ``` > The command 'file' is required by the relocation script, please install it > first. Abort! > ``` > > Signed-off-by: Tom Hochstein > --- > meta/files/toolchain-shar-relocate.sh | 10 ++ > 1 file changed, 6 insertions(+), 4 deletions(-) > > diff --git a/meta/files/toolchain-shar-relocate.sh > b/meta/files/toolchain-shar-relocate.sh > index e8ab357717..3d55e38102 100644 > --- a/meta/files/toolchain-shar-relocate.sh > +++ b/meta/files/toolchain-shar-relocate.sh > @@ -1,7 +1,9 @@ > -if ! xargs --version > /dev/null 2>&1; then > - echo "xargs is required by the relocation script, please install it > first. Abort!" > - exit 1 > -fi > +for cmd in xargs file; do > + if ! command -v $cmd &> /dev/null; then This fails on some of our builders: https://autobuilder.yoctoproject.org/typhoon/#/builders/20/builds/9148/steps/12/logs/stdio > + echo "The command '$cmd' is required by the relocation script, > please install it first. Abort!" > + exit 1 > + fi > +done > > # fix dynamic loader paths in all ELF SDK binaries > # allow symlinks to be accessed via the find command too > -- > 2.25.1 > > > > -- Alexandre Belloni, co-owner and COO, Bootlin Embedded Linux and Kernel engineering https://bootlin.com -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#197414): https://lists.openembedded.org/g/openembedded-core/message/197414 Mute This Topic: https://lists.openembedded.org/mt/104970783/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH v2] python3-pytest: add CVE_PRODUCT
On Wed, 2024-03-20 at 16:09 +, Emil Kronborg via lists.openembedded.org wrote: > For some reason, the CVE product is just called py and not pytest in > the > NIST NVD database. Since the database only accept keywords with at > least > 3 characters, the CVE vendor must also be specified. > > Signed-off-by: Emil Kronborg > --- > Changes in v2: > - I forgot to sign the first version. > > meta/recipes-devtools/python/python3-pytest_8.0.2.bb | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/meta/recipes-devtools/python/python3-pytest_8.0.2.bb > b/meta/recipes-devtools/python/python3-pytest_8.0.2.bb > index 57e979e909c3..080b89ebdd5e 100644 > --- a/meta/recipes-devtools/python/python3-pytest_8.0.2.bb > +++ b/meta/recipes-devtools/python/python3-pytest_8.0.2.bb > @@ -5,6 +5,8 @@ DESCRIPTION = "The pytest framework makes it easy to > write small tests, yet scal > LICENSE = "MIT" > LIC_FILES_CHKSUM = > "file://LICENSE;md5=bd27e41b6550fe0fc45356d1d81ee37c" > > +CVE_PRODUCT = "pytest:py" > + > SRC_URI[sha256sum] = > "d4051d623a2e0b7e51960ba963193b09ce6daeb9759a451844a21e4ddedfc1bd" > > DEPENDS += "python3-setuptools-scm-native" I worry this is a misfiled CPE rather than general statement that they'd always use this for pytest CVEs. We might want to talk to them about tweaking it to be consistent? I'm certainly unsure about taking this patch as it might mask future issues? Cheers, Richard -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#197413): https://lists.openembedded.org/g/openembedded-core/message/197413 Mute This Topic: https://lists.openembedded.org/mt/105047705/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone][PATCH V3] nghttp2: fix CVE-2023-44487
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. References: https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/nghttp2/nghttp2/commit/72b4af6143681f528f1d237b21a9a7aee1738832 Signed-off-by: Zahir Hussain --- .../nghttp2/nghttp2/CVE-2023-44487.patch | 927 ++ .../recipes-support/nghttp2/nghttp2_1.47.0.bb | 1 + 2 files changed, 928 insertions(+) create mode 100644 meta/recipes-support/nghttp2/nghttp2/CVE-2023-44487.patch diff --git a/meta/recipes-support/nghttp2/nghttp2/CVE-2023-44487.patch b/meta/recipes-support/nghttp2/nghttp2/CVE-2023-44487.patch new file mode 100644 index 00..3cba83307c --- /dev/null +++ b/meta/recipes-support/nghttp2/nghttp2/CVE-2023-44487.patch @@ -0,0 +1,927 @@ +From 72b4af6143681f528f1d237b21a9a7aee1738832 Mon Sep 17 00:00:00 2001 +From: Tatsuhiro Tsujikawa +Date: Sun, 1 Oct 2023 00:05:01 +0900 +Subject: [PATCH] Rework session management + +CVE: CVE-2023-44487 + +Upstream-Status: Backport [https://github.com/nghttp2/nghttp2/commit/72b4af6143681f528f1d237b21a9a7aee1738832] + +Signed-off-by: Zahir Hussain zahir.ba...@kpit.com +Signed-off-by: aszh07 +--- +CMakeLists.txt | 4 ++ +cmakeconfig.h.in | 9 +++ +configure.ac | 21 +++ +doc/Makefile.am| 1 + +lib/CMakeLists.txt | 2 + +lib/Makefile.am| 4 ++ +lib/includes/nghttp2/nghttp2.h | 17 ++ +lib/nghttp2_option.c | 7 +++ +lib/nghttp2_ratelim.c | 75 +lib/nghttp2_ratelim.h | 57 ++ +lib/nghttp2_session.c | 34 ++- +lib/nghttp2_session.h | 12 +++- +lib/nghttp2_time.c | 62 +lib/nghttp2_time.h | 38 +tests/nghttp2_ratelim_test.c | 101 +tests/nghttp2_ratelim_test.h | 35 +++ +tests/nghttp2_session_test.c | 103 + +tests/nghttp2_session_test.h | 1 + +tests/CMakeLists.txt | 1 + +tests/Makefile.am | 6 +- +lib/nghttp2_option.h | 6 ++ +tests/main.c | 7 ++- +22 files changed, 598 insertions(+), 5 deletions(-) +create mode 100644 lib/nghttp2_ratelim.c +create mode 100644 lib/nghttp2_ratelim.h +create mode 100644 lib/nghttp2_time.c +create mode 100644 lib/nghttp2_time.h +create mode 100644 tests/nghttp2_ratelim_test.c +create mode 100644 tests/nghttp2_ratelim_test.h + +--- a/CMakeLists.txt b/CMakeLists.txt +@@ -262,6 +262,7 @@ check_include_file("netinet/in.h" HAVE + check_include_file("pwd.h" HAVE_PWD_H) + check_include_file("sys/socket.h" HAVE_SYS_SOCKET_H) + check_include_file("sys/time.h" HAVE_SYS_TIME_H) ++check_include_file("sysinfoapi.h" HAVE_SYSINFOAPI_H) + check_include_file("syslog.h" HAVE_SYSLOG_H) + check_include_file("time.h" HAVE_TIME_H) + check_include_file("unistd.h" HAVE_UNISTD_H) +@@ -302,8 +303,11 @@ check_type_size("time_t" SIZEOF_TIME_T) + include(CheckFunctionExists) + check_function_exists(_Exit HAVE__EXIT) + check_function_exists(accept4 HAVE_ACCEPT4) ++check_function_exists(clock_gettime HAVE_CLOCK_GETTIME) + check_function_exists(mkostemp HAVE_MKOSTEMP) + ++check_symbol_exists(GetTickCount64 sysinfoapi.h HAVE_GETTICKCOUNT64) ++ + include(CheckSymbolExists) + # XXX does this correctly detect initgroups (un)availability on cygwin? + check_symbol_exists(initgroups grp.h HAVE_DECL_INITGROUPS) +--- a/cmakeconfig.h.in b/cmakeconfig.h.in +@@ -34,9 +34,15 @@ + /* Define to 1 if you have the `accept4` function. */ + #cmakedefine HAVE_ACCEPT4 1 + ++/* Define to 1 if you have the `clock_gettime` function. */ ++#cmakedefine HAVE_CLOCK_GETTIME 1 ++ + /* Define to 1 if you have the `mkostemp` function. */ + #cmakedefine HAVE_MKOSTEMP 1 + ++/* Define to 1 if you have the `GetTickCount64` function. */ ++#cmakedefine HAVE_GETTICKCOUNT64 1 ++ + /* Define to 1 if you have the `initgroups` function. */ + #cmakedefine01 HAVE_DECL_INITGROUPS + +@@ -73,6 +79,9 @@ + /* Define to 1 if you have the header file. */ + #cmakedefine HAVE_SYS_TIME_H 1 + ++/* Define to 1 if you have the header file. */ ++#cmakedefine HAVE_SYSINFOAPI_H 1 ++ + /* Define to 1 if you have the header file. */ + #cmakedefine HAVE_SYSLOG_H 1 + +--- a/configure.ac b/configure.ac +@@ -607,6 +607,7 @@ AC_CHECK_HEADERS([ \ + string.h \ + sys/socket.h \ + sys/time.h \ ++ sysinfoapi.h \ + syslog.h \ + time.h \ + unistd.h \ +@@ -681,6 +682,7 @@ AC_FUNC_STRNLEN + AC_CHECK_FUNCS([ \ + _Exit \ + accept4 \ ++ clock_gettime \ + dup2 \ + getcwd \ + getpwnam \ +@@ -706,6 +708,25 @@ AC_CHECK_FUNCS([ \ + AC_CHECK_FUNC([timerfd_create], + [have_timerfd_create=yes], [have_timerfd_create=no]) +
Re: [yocto] [qa-build-notification] QA notification for completed autobuilder build (yocto-4.0.17.rc1)
Hi All, QA for yocto-4.0.17.rc1 is completed. This is the full report for this release: https://git.yoctoproject.org/cgit/cgit.cgi/yocto-testresults-contrib/tree/?h=intel-yocto-testresults === Summary No high milestone defects. No new issue found. Thanks, Jing Hui > -Original Message- > From: qa-build-notificat...@lists.yoctoproject.org notificat...@lists.yoctoproject.org> On Behalf Of Pokybuild User > Sent: Thursday, March 14, 2024 8:04 AM > To: yo...@lists.yoctoproject.org > Cc: qa-build-notificat...@lists.yoctoproject.org > Subject: [qa-build-notification] QA notification for completed autobuilder > build (yocto-4.0.17.rc1) > > > A build flagged for QA (yocto-4.0.17.rc1) was completed on the autobuilder > and is available at: > > > https://autobuilder.yocto.io/pub/releases/yocto-4.0.17.rc1 > > > Build URL: > https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6676 > > Build hash information: > > bitbake: 40fd5f4eef7460ca67f32cfce8e229e67e1ff607 > meta-agl: 3fb5640211e4c3874036a6d4a61e852b348eb4ad > meta-arm: b187fb9232ca0a6b5f8f90b4715958546fc41d73 > meta-aws: 11e0184fb8062c5384085e9c91339f76ccf191f4 > meta-clang: eebe4ff2e539f3ffb01c5060cc4ca8b226ea8b52 > meta-gplv2: d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a > meta-intel: f932ebb2544170f43edd22739f44307809bf8cfb > meta-mingw: f6b38ce3c90e1600d41c2ebb41e152936a0357d7 > meta-openembedded: fda737ec0cc1d2a5217548a560074a8e4d5ec580 > meta-virtualization: 7902664f89678164b7fc90d421cee74cbec51cdf > oecore: 2501534c9581c6c3439f525d630be11554a57d24 > poky: 6d1a878bbf24c66f7186b270f823fcdf82e35383 > > > > This is an automated message from the Yocto Project Autobuilder > Git: git://git.yoctoproject.org/yocto-autobuilder2 > Email: richard.pur...@linuxfoundation.org > > > > > > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#62812): https://lists.yoctoproject.org/g/yocto/message/62812 Mute This Topic: https://lists.yoctoproject.org/mt/105062114/21656 Group Owner: yocto+ow...@lists.yoctoproject.org Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-