date:20240423

Re: [yocto] [qa-build-notification] QA notification for completed autobuilder build (yocto-3.1.33.rc1)

2024-04-23 Thread Jing Hui Tham

Hi all,
 
Intel and WR YP QA is planning for QA execution for YP build yocto-3.1.33.rc1. 
We are planning to execute following tests for this cycle:
 
OEQA-manual tests for following module:
1. OE-Core
2. BSP-hw
 
Runtime auto test for following platforms:
1. MinnowBoard Turbot - 32bit
2. Kaby Lake (7th Generation Intel(r) Core(tm) Processors)
3. Tiger Lake (11th Generation Intel(r) Core(tm) Processors)
4. Alder Lake-S (12th Generation Intel(r) Core(tm) Processors)
5. Raptor Lake-P (13th Generation Intel(r) Core(tm) Processors)
6. Edgerouter
7. Beaglebone

 
ETA for completion next Monday, April 29.
 
Best regards,
Jing Hui

> -Original Message-
> From: qa-build-notificat...@lists.yoctoproject.org  notificat...@lists.yoctoproject.org> On Behalf Of Pokybuild User
> Sent: Thursday, April 18, 2024 7:55 AM
> To: yo...@lists.yoctoproject.org
> Cc: qa-build-notificat...@lists.yoctoproject.org
> Subject: [qa-build-notification] QA notification for completed autobuilder
> build (yocto-3.1.33.rc1)
> 
> 
> A build flagged for QA (yocto-3.1.33.rc1) was completed on the autobuilder
> and is available at:
> 
> 
> https://autobuilder.yocto.io/pub/releases/yocto-3.1.33.rc1
> 
> 
> Build URL:
> https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6816
> 
> Build hash information:
> 
> bitbake: 7ce4107bf824b3e115b40558336de25f99af31f8
> meta-agl: 6febe63dbdc2655efeac2596f7a2d9cdbaa5bc6f
> meta-arm: b75b8ce1ac10dc3521c0f710a4cf79bc7e985cfd
> meta-aws: a83f0fe4cf41261cfbd22ad5c34c36d7a5106903
> meta-clang: 989ff6a4e7db59f01d511727135610006124ead2
> meta-gplv2: 60b251c25ba87e946a0ca4cdc8d17b1cb09292ac
> meta-intel: bab936cb4ae5671ceaccf50305a6c0515e6f0222
> meta-mingw: 7bdc58e6c5d1054b1b6ad5c4e480a95e995ccbae
> meta-openembedded: c74ebbddfd9dbe02d3f7422016324451eb218e1e
> meta-virtualization: 35c723774ee06b3c1831f00a2cbf25cbeae132e1
> oecore: c4fb7d1f0f157ffafd9f907f49ea74b93b2c1d40
> poky: 63d05fc061006bf1a88630d6d91cdc76ea33fbf2
> 
> 
> 
> This is an automated message from the Yocto Project Autobuilder
> Git: git://git.yoctoproject.org/yocto-autobuilder2
> Email: richard.pur...@linuxfoundation.org
> 
> 
> 
> 
> 
> 
> 


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#62993): https://lists.yoctoproject.org/g/yocto/message/62993
Mute This Topic: https://lists.yoctoproject.org/mt/105703853/21656
Group Owner: yocto+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core][PATCH v2] libbsd: Fix conflict error when enable multilib.

2024-04-23 Thread leimaohui via lists.openembedded.org

Ping



> -Original Message-
> From: openembedded-core@lists.openembedded.org
>  On Behalf Of leimaohui via
> lists.openembedded.org
> Sent: Friday, April 19, 2024 9:16 AM
> To: Alexander Kanavin 
> Cc: openembedded-core@lists.openembedded.org
> Subject: Re: [OE-core][PATCH v2] libbsd: Fix conflict error when enable 
> multilib.
> 
> Hi, Alex
> 
> > Can you explain a bit more? Why and how is it not correct? Why isn't a
> > similar fix needed in other uses of oe_multilib_header?
> 
> Reference to https://man.archlinux.org/man/libbsd.7, by default, libbsd is 
> built
> in an overlay mode, the includes in this case should be the usual system ones,
> such as  without namespaced with bsd/.
> It seems that libbsd is special.
> 
> Best regards
> Lei
> 
> 
> > -Original Message-
> > From: Alexander Kanavin 
> > Sent: Thursday, April 18, 2024 1:33 PM
> > To: Lei, Maohui 
> > Cc: openembedded-core@lists.openembedded.org
> > Subject: Re: [OE-core][PATCH v2] libbsd: Fix conflict error when enable 
> > multilib.
> >
> > On Thu, 18 Apr 2024 at 03:23, leimaohui via lists.openembedded.org
> >  wrote:
> > > - The path of cdefs-64.h and cdefs-32.h in cdefs.h is not correct
> > > for libbsd after
> > enable oe_multilib_header on cdefs.h. It is necessary to fix the path.
> > > +do_install:append () {
> > > +   oe_multilib_header bsd/sys/cdefs.h
> > > +   sed -i 's:#include  > > +${D}${includedir}/bsd/sys/cdefs.h
> >
> > Can you explain a bit more? Why and how is it not correct? Why isn't a
> > similar fix needed in other uses of oe_multilib_header?
> >
> > Alex

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#198637): 
https://lists.openembedded.org/g/openembedded-core/message/198637
Mute This Topic: https://lists.openembedded.org/mt/105590332/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [qa-build-notification] QA notification for completed autobuilder build (yocto-5.0.rc4)

2024-04-23 Thread Jing Hui Tham

Hi All,
 
QA for yocto-5.0.rc4 is completed. This is the full report for this release:  
https://git.yoctoproject.org/cgit/cgit.cgi/yocto-testresults-contrib/tree/?h=intel-yocto-testresults
 
=== Summary 
No high milestone defects.
 
No new issue found. 
 
Thanks,
Jing Hui


> -Original Message-
> From: qa-build-notificat...@lists.yoctoproject.org  notificat...@lists.yoctoproject.org> On Behalf Of Pokybuild User
> Sent: Friday, April 19, 2024 8:18 AM
> To: yo...@lists.yoctoproject.org
> Cc: qa-build-notificat...@lists.yoctoproject.org
> Subject: [qa-build-notification] QA notification for completed autobuilder
> build (yocto-5.0.rc4)
> 
> 
> A build flagged for QA (yocto-5.0.rc4) was completed on the autobuilder
> and is available at:
> 
> 
> https://autobuilder.yocto.io/pub/releases/yocto-5.0.rc4
> 
> 
> Build URL:
> https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6823
> 
> Build hash information:
> 
> bitbake: c86466d51e8ff14e57a734c1eec5bb651fdc73ef
> meta-agl: d5420276a2d6bf1fbc4a948e4500744608c3a39d
> meta-arm: 80f3b85bbd4c459a7c58afa754b40a89c2c9c102
> meta-aws: 216c095de9d546c141a90017a91a3ccb226de754
> meta-clang: 989ff6a4e7db59f01d511727135610006124ead2
> meta-intel: 0093d9f2eaf97063c81bc73736ebe7c29a69200f
> meta-mingw: acbba477893ef87388effc4679b7f40ee49fc852
> meta-openembedded: 24044fd3a010dba91f22e3b6af7788529f622795
> meta-virtualization: b7e77b69d309d8ee985720e88b19b6e9cf03fe63
> oecore: b65b4e5a8e4473d8ca43835ba17bc8bd4bdca277
> poky: fb91a49387cfb0c8d48303bb3354325ba2a05587
> 
> 
> 
> This is an automated message from the Yocto Project Autobuilder
> Git: git://git.yoctoproject.org/yocto-autobuilder2
> Email: richard.pur...@linuxfoundation.org
> 
> 
> 
> 
> 
> 
> 


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#198638): 
https://lists.openembedded.org/g/openembedded-core/message/198638
Mute This Topic: https://lists.openembedded.org/mt/105610564/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH] ffmpeg: backport patches to use new Vulkan AV1 codec API

2024-04-23 Thread Dmitry Baryshkov

On Wed, 17 Apr 2024 at 02:31, Dmitry Baryshkov via
lists.openembedded.org 
wrote:
>
> Backport two patches from ffmpeg git to fix compilation with the newest
> Vulkan API.
>
> Signed-off-by: Dmitry Baryshkov 

Gracious ping. Otherwise ffmpeg is broken on vulkan-enabled distros.

See 
https://storage.tuxsuite.com/public/linaro/nicolas/oebuilds/2fGSSDyVGWy5G5B5QwGHGAOYSlR/build.log

-- 
With best wishes
Dmitry

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#198636): 
https://lists.openembedded.org/g/openembedded-core/message/198636
Mute This Topic: https://lists.openembedded.org/mt/105567763/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[oe-core][PATCH 1/1] oe-debuginfod: add option for data storage

2024-04-23 Thread Joe Slater via lists.openembedded.org

From: Joe Slater 

Storing the data files under $HOME can be unreliable if debuginfod
is used for several projects, especially if $HOME is shared
between machines.  We provide an option to save files under the
project directory.  The default behavior is unchanged.

Signed-off-by: Joe Slater 
---
 scripts/oe-debuginfod | 17 -
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/scripts/oe-debuginfod b/scripts/oe-debuginfod
index b525310225..5e70d37b8b 100755
--- a/scripts/oe-debuginfod
+++ b/scripts/oe-debuginfod
@@ -15,14 +15,29 @@ scriptpath.add_bitbake_lib_path()
 
 import bb.tinfoil
 import subprocess
+import argparse
 
 if __name__ == "__main__":
+p = argparse.ArgumentParser()
+p.add_argument("-d", action='store_true', \
+ help="store debuginfod files in project 
sub-directory")
+
+args = p.parse_args()
+
 with bb.tinfoil.Tinfoil() as tinfoil:
 tinfoil.prepare(config_only=True)
 package_classes_var = "DEPLOY_DIR_" + 
tinfoil.config_data.getVar("PACKAGE_CLASSES").split()[0].replace("package_", 
"").upper()
 feed_dir = tinfoil.config_data.getVar(package_classes_var, expand=True)
 
+opts = [ '--verbose', '-R', '-U', feed_dir ]
+
+if args.d:
+fdir = os.path.join(os.getcwd(), 'oedid-files')
+os.makedirs(fdir, exist_ok=True)
+opts += [ '-d', os.path.join(fdir, 'did.sqlite') ]
+
 subprocess.call(['bitbake', '-c', 'addto_recipe_sysroot', 
'elfutils-native'])
 
-subprocess.call(['oe-run-native', 'elfutils-native', 'debuginfod', 
'--verbose', '-R', '-U', feed_dir])
+subprocess.call(['oe-run-native', 'elfutils-native', 'debuginfod'] + opts)
+# we should not get here
 print("\nTo use the debuginfod server please ensure that this variable 
PACKAGECONFIG:pn-elfutils-native = \"debuginfod libdebuginfod\" is set in the 
local.conf")
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#198635): 
https://lists.openembedded.org/g/openembedded-core/message/198635
Mute This Topic: https://lists.openembedded.org/mt/105700210/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Patchtest results for [OE-core][master][scarthgap][PATCH] glibc: Update to latest on stable 2.39 branch

2024-04-23 Thread Patchtest

Thank you for your submission. Patchtest identified one
or more issues with the patch. Please see the log below for
more information:

---
Testing patch 
/home/patchtest/share/mboxes/master-scarthgap-glibc-Update-to-latest-on-stable-2.39-branch.patch

FAIL: test src uri left files: Patches not removed from tree. Remove them and 
amend the submitted mbox (test_metadata.TestMetadata.test_src_uri_left_files)

PASS: pretest src uri left files 
(test_metadata.TestMetadata.pretest_src_uri_left_files)
PASS: test CVE check ignore (test_metadata.TestMetadata.test_cve_check_ignore)
PASS: test Signed-off-by presence 
(test_mbox.TestMbox.test_signed_off_by_presence)
PASS: test author valid (test_mbox.TestMbox.test_author_valid)
PASS: test commit message presence 
(test_mbox.TestMbox.test_commit_message_presence)
PASS: test lic files chksum modified not mentioned 
(test_metadata.TestMetadata.test_lic_files_chksum_modified_not_mentioned)
PASS: test max line length (test_metadata.TestMetadata.test_max_line_length)
PASS: test mbox format (test_mbox.TestMbox.test_mbox_format)
PASS: test non-AUH upgrade (test_mbox.TestMbox.test_non_auh_upgrade)
PASS: test shortlog format (test_mbox.TestMbox.test_shortlog_format)
PASS: test shortlog length (test_mbox.TestMbox.test_shortlog_length)

SKIP: pretest pylint: No python related patches, skipping test 
(test_python_pylint.PyLint.pretest_pylint)
SKIP: test CVE tag format: No new CVE patches introduced 
(test_patch.TestPatch.test_cve_tag_format)
SKIP: test Signed-off-by presence: No new CVE patches introduced 
(test_patch.TestPatch.test_signed_off_by_presence)
SKIP: test Upstream-Status presence: No new CVE patches introduced 
(test_patch.TestPatch.test_upstream_status_presence_format)
SKIP: test bugzilla entry format: No bug ID found 
(test_mbox.TestMbox.test_bugzilla_entry_format)
SKIP: test lic files chksum presence: No added recipes, skipping test 
(test_metadata.TestMetadata.test_lic_files_chksum_presence)
SKIP: test license presence: No added recipes, skipping test 
(test_metadata.TestMetadata.test_license_presence)
SKIP: test pylint: No python related patches, skipping test 
(test_python_pylint.PyLint.test_pylint)
SKIP: test series merge on head: Merge test is disabled for now 
(test_mbox.TestMbox.test_series_merge_on_head)
SKIP: test summary presence: No added recipes, skipping test 
(test_metadata.TestMetadata.test_summary_presence)
SKIP: test target mailing list: Series merged, no reason to check other mailing 
lists (test_mbox.TestMbox.test_target_mailing_list)

---

Please address the issues identified and
submit a new revision of the patch, or alternatively, reply to this
email with an explanation of why the patch should be accepted. If you
believe these results are due to an error in patchtest, please submit a
bug at https://bugzilla.yoctoproject.org/ (use the 'Patchtest' category
under 'Yocto Project Subprojects'). For more information on specific
failures, see: https://wiki.yoctoproject.org/wiki/Patchtest. Thank
you!

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#198634): 
https://lists.openembedded.org/g/openembedded-core/message/198634
Mute This Topic: https://lists.openembedded.org/mt/105699412/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][master][scarthgap][PATCH] glibc: Update to latest on stable 2.39 branch

2024-04-23 Thread Peter Marko via lists.openembedded.org

From: Peter Marko 

Adresses CVE-2024-2961

Remove backported patch included in hash update.

Changes:
31da30f23c iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape 
sequence (CVE-2024-2961)
423099a032 x86_64: Exclude SSE, AVX and FMA4 variants in libm multiarch
04df8652eb Apply the Makefile sorting fix
edb9a76e30 powerpc: Fix ld.so address determination for PCREL mode (bug 31640)
7b92f46f04 x86-64: Simplify minimum ISA check ifdef conditional with if
9883f4304c x86-64: Don't use SSE resolvers for ISA level 3 or above
9d92452c70 AArch64: Check kernel version for SVE ifuncs
395a89f61e aarch64: fix check for SVE support in assembler
b0e0a07018 aarch64/fpu: Sync libmvec routines from 2.39 and before with AOR
31c7d69af5 i386: Use generic memrchr in libc (bug 31316)
5d070d12b3 x86: Expand the comment on when REP STOSB is used on memset
6484a92698 x86: Do not prefer ERMS for memset on Zen3+
aa4249266e x86: Fix Zen3/Zen4 ERMS selection (BZ 30994)
5a461f2949 Add tst-gnu2-tls2mod1 to test-internal-extras
aded2fc004 elf: Enable TLS descriptor tests on aarch64
a8ba52bde5 arm: Update _dl_tlsdesc_dynamic to preserve caller-saved registers 
(BZ 31372)
15aebdbada Ignore undefined symbols for -mtls-dialect=gnu2
354cabcb26 x86-64: Allocate state buffer space for RDI, RSI and RBX
853e915fdd x86-64: Update _dl_tlsdesc_dynamic to preserve AMX registers
a364304718 x86: Update _dl_tlsdesc_dynamic to preserve caller-saved registers
7fc8242bf8 x86-64: Save APX registers in ld.so trampoline
983f34a125 LoongArch: Correct {__ieee754, _}_scalb -> {__ieee754, _}_scalbf
aad45c8ac3 powerpc: Placeholder and infrastructure/build support to add Power11 
related changes.
ee7f4c54e1 powerpc: Add HWCAP3/HWCAP4 data to TCB for Power Architecture.
71fcdba577 linux: Use rseq area unconditionally in sched_getcpu (bug 31479)

Signed-off-by: Peter Marko 
---
 meta/recipes-core/glibc/glibc-version.inc |  2 +-
 ...e-Pass-mcpu-along-with-march-to-dete.patch | 62 ---
 ...ss.patch => 0023-qemu-stale-process.patch} |  0
 meta/recipes-core/glibc/glibc_2.39.bb |  7 ++-
 4 files changed, 6 insertions(+), 65 deletions(-)
 delete mode 100644 
meta/recipes-core/glibc/glibc/0023-aarch64-configure-Pass-mcpu-along-with-march-to-dete.patch
 rename meta/recipes-core/glibc/glibc/{0024-qemu-stale-process.patch => 
0023-qemu-stale-process.patch} (100%)

diff --git a/meta/recipes-core/glibc/glibc-version.inc 
b/meta/recipes-core/glibc/glibc-version.inc
index 618a574566..4fc6986ffc 100644
--- a/meta/recipes-core/glibc/glibc-version.inc
+++ b/meta/recipes-core/glibc/glibc-version.inc
@@ -1,6 +1,6 @@
 SRCBRANCH ?= "release/2.39/master"
 PV = "2.39+git"
-SRCREV_glibc ?= "1b9c1a0047fb26a65a9b2a7b8cd977243f7d353c"
+SRCREV_glibc ?= "31da30f23cddd36db29d5b6a1c7619361b271fb4"
 SRCREV_localedef ?= "fab74f31b3811df543e24b6de47efdf45b538abc"
 
 GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git;protocol=https"
diff --git 
a/meta/recipes-core/glibc/glibc/0023-aarch64-configure-Pass-mcpu-along-with-march-to-dete.patch
 
b/meta/recipes-core/glibc/glibc/0023-aarch64-configure-Pass-mcpu-along-with-march-to-dete.patch
deleted file mode 100644
index f6523c5498..00
--- 
a/meta/recipes-core/glibc/glibc/0023-aarch64-configure-Pass-mcpu-along-with-march-to-dete.patch
+++ /dev/null
@@ -1,62 +0,0 @@
-From 73c26018ed0ecd9c807bb363cc2c2ab4aca66a82 Mon Sep 17 00:00:00 2001
-From: Szabolcs Nagy 
-Date: Wed, 13 Mar 2024 14:34:14 +
-Subject: [PATCH] aarch64: fix check for SVE support in assembler
-
-Due to GCC bug 110901 -mcpu can override -march setting when compiling
-asm code and thus a compiler targetting a specific cpu can fail the
-configure check even when binutils gas supports SVE.
-
-The workaround is that explicit .arch directive overrides both -mcpu
-and -march, and since that's what the actual SVE memcpy uses the
-configure check should use that too even if the GCC issue is fixed
-independently.
-
-Upstream-Status: Backport 
[https://sourceware.org/git/?p=glibc.git;a=commit;h=73c26018ed0ecd9c807bb363cc2c2ab4aca66a82]
-Signed-off-by: Khem Raj 
-Reviewed-by: Florian Weimer 

- sysdeps/aarch64/configure| 5 +++--
- sysdeps/aarch64/configure.ac | 5 +++--
- 2 files changed, 6 insertions(+), 4 deletions(-)
- mode change 100644 => 100755 sysdeps/aarch64/configure
-
-diff --git a/sysdeps/aarch64/configure b/sysdeps/aarch64/configure
-old mode 100644
-new mode 100755
-index ca57edce47..9606137e8d
 a/sysdeps/aarch64/configure
-+++ b/sysdeps/aarch64/configure
-@@ -325,9 +325,10 @@ then :
-   printf %s "(cached) " >&6
- else $as_nop
-   cat > conftest.s <<\EOF
--ptrue p0.b
-+  .arch armv8.2-a+sve
-+  ptrue p0.b
- EOF
--if { ac_try='${CC-cc} -c -march=armv8.2-a+sve conftest.s 1>&5'
-+if { ac_try='${CC-cc} -c conftest.s 1>&5'
-   { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_try\""; } >&5
-   (eval $ac_try) 2>&5
-   ac_status=$?
-diff --git a/sysdeps/aarch64/configure.ac b/sysdeps/aarch64/configure.ac

[OE-core][kirkstone][PATCH] glibc: Update to latest on stable 2.35 branch

2024-04-23 Thread Peter Marko via lists.openembedded.org

From: Peter Marko 

Adresses CVE-2024-2961

Changes:
36280d1ce5 iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape 
sequence (CVE-2024-2961)
4a7de5e215 powerpc: Fix ld.so address determination for PCREL mode (bug 31640)
f4a45af368 AArch64: Check kernel version for SVE ifuncs
7f3c143381 aarch64: fix check for SVE support in assembler
9112cda4c6 aarch64: correct CFI in rawmemchr (bug 31113)
153012dda2 AArch64: Remove Falkor memcpy
90b03336d9 AArch64: Add memset_zva64
d166309459 AArch64: Cleanup emag memset
650300d233 AArch64: Cleanup ifuncs
5bfa9f4369 AArch64: Add support for MOPS memcpy/memmove/memset
c4e222334b Add HWCAP2_MOPS from Linux 6.5 to AArch64 bits/hwcap.h
b9e93c5ff7 AArch64: Improve SVE memcpy and memmove
115c2c7717 AArch64: Improve strrchr
06fad28274 AArch64: Optimize strnlen
3a1557efef AArch64: Optimize strlen
6f2ca6aab9 AArch64: Optimize strcpy
249fff42a8 AArch64: Improve strchrnul
1c1313dbdd AArch64: Optimize strchr
80ad6cd302 AArch64: Improve strlen_asimd
65c4bb41b6 AArch64: Optimize memrchr
23be6f897e AArch64: Optimize memchr
28e40b3909 aarch64: Use memcpy_simd as the default memcpy
c503e2206e aarch64: Cleanup memset ifunc
577bd1e049 AArch64: Fix typo in sve configure check (BZ# 29394)
ea25fe5599 aarch64: Optimize string functions with shrn instruction
2c4ae9faa5 AArch64: Sort makefile entries
2c92d94407 AArch64: Add SVE memcpy
d6d295a95b linux: Use rseq area unconditionally in sched_getcpu (bug 31479)
dda5faa65e Include sys/rseq.h in tst-rseq-disable.c
c9ee9cc8b8 nptl: Unconditionally use a 32-byte rseq area
3cd02612e8 make ‘struct pthread’ a complete type
a24adf3572 support: use 64-bit time_t (bug 30111)
d47c5e4db7 malloc: Use __get_nprocs on arena_get2 (BZ 30945)
1a3326df93 x86_64: Optimize ffsll function code size.
914af4fcca NEWS: Mention bug fixes for 29039/30745/30843
5d1fe26b49 x86-64: Fix the tcb field load for x32 [BZ #31185]
2d87262c1c x86-64: Fix the dtv field load for x32 [BZ #31184]
5f08ec08d0 elf: Fix TLS modid reuse generation assignment (BZ 29039)
01ea8d9dde Revert "elf: Move l_init_called_next to old place of l_text_end in 
link map"
0222f2392d Revert "elf: Always call destructors in reverse constructor order 
(bug 30785)"
6aa8380cf5 Revert "elf: Remove unused l_text_end field from struct link_map"

Signed-off-by: Peter Marko 
---
 meta/recipes-core/glibc/glibc-version.inc | 2 +-
 meta/recipes-core/glibc/glibc_2.35.bb | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-core/glibc/glibc-version.inc 
b/meta/recipes-core/glibc/glibc-version.inc
index e0d47f283b..cd8c7ecf94 100644
--- a/meta/recipes-core/glibc/glibc-version.inc
+++ b/meta/recipes-core/glibc/glibc-version.inc
@@ -1,6 +1,6 @@
 SRCBRANCH ?= "release/2.35/master"
 PV = "2.35"
-SRCREV_glibc ?= "c84018a05aec80f5ee6f682db0da1130b0196aef"
+SRCREV_glibc ?= "36280d1ce5e245aabefb877fe4d3c6cff95dabfa"
 SRCREV_localedef ?= "794da69788cbf9bf57b59a852f9f11307663fa87"
 
 GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git"
diff --git a/meta/recipes-core/glibc/glibc_2.35.bb 
b/meta/recipes-core/glibc/glibc_2.35.bb
index 751427517f..74d7f753d8 100644
--- a/meta/recipes-core/glibc/glibc_2.35.bb
+++ b/meta/recipes-core/glibc/glibc_2.35.bb
@@ -24,7 +24,7 @@ CVE_CHECK_IGNORE += "CVE-2019-1010025"
 CVE_CHECK_IGNORE += "CVE-2023-4527"
 
 # To avoid these in cve-check reports since the recipe version did not change
-CVE_CHECK_IGNORE += "CVE-2023-0687 CVE-2023-4813 CVE-2023-4806 CVE-2023-4911 
CVE-2023-5156"
+CVE_CHECK_IGNORE += "CVE-2023-0687 CVE-2023-4813 CVE-2023-4806 CVE-2023-4911 
CVE-2023-5156 CVE-2024-2961"
 
 DEPENDS += "gperf-native bison-native"
 
-- 
2.30.2


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#198632): 
https://lists.openembedded.org/g/openembedded-core/message/198632
Mute This Topic: https://lists.openembedded.org/mt/105696785/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] OpenEmbedded Happy Hour April 24 9pm/2100 UTC

2024-04-23 Thread Denys Dmytriyenko

All,

You are invited to our regularly scheduled OpenEmbedded Happy Hour tomorrow, 
April 24 for Asia/Pacific timezones at 2100/9pm UTC (5pm ET/2pm PT)

https://www.openembedded.org/wiki/Calendar
https://www.openembedded.org/wiki/Happy_Hours
https://www.timeanddate.com/worldclock/fixedtime.html?msg=OpenEmbedded+Happy+Hour+April+24=20240424T21

Best regards,
Denys Dmytriyenko
OpenEmbedded Board of Directors

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#198631): 
https://lists.openembedded.org/g/openembedded-core/message/198631
Mute This Topic: https://lists.openembedded.org/mt/105696322/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone][PATCH] rpm: Backport fix CVE-2021-35939

2024-04-23 Thread Vivek Kumbhar via lists.openembedded.org

Upstream-Status: Backport 
https://github.com/rpm-software-management/rpm/commit/96ec957e281220f8e137a2d5eb23b83a6377d556
  
https://github.com/rpm-software-management/rpm/commit/fb13f7fd9eff012cb7b9dbf94ac5381c69404055

Signed-off-by: Vivek Kumbhar 
---
 .../rpm/files/CVE-2021-35939.patch| 378 ++
 meta/recipes-devtools/rpm/rpm_4.17.1.bb   |   1 +
 2 files changed, 379 insertions(+)
 create mode 100644 meta/recipes-devtools/rpm/files/CVE-2021-35939.patch

diff --git a/meta/recipes-devtools/rpm/files/CVE-2021-35939.patch 
b/meta/recipes-devtools/rpm/files/CVE-2021-35939.patch
new file mode 100644
index 00..b60cc0e5ce
--- /dev/null
+++ b/meta/recipes-devtools/rpm/files/CVE-2021-35939.patch
@@ -0,0 +1,378 @@
+From 96ec957e281220f8e137a2d5eb23b83a6377d556 Mon Sep 17 00:00:00 2001
+From: Panu Matilainen 
+Date: Thu, 10 Feb 2022 14:32:43 +0200
+Subject: [PATCH] Validate intermediate symlinks during installation,
+ CVE-2021-35939
+
+Whenever directory changes during unpacking, walk the entire tree from
+starting from / and validate any symlinks crossed, fail the install
+on invalid links.
+
+This is the first of step of many towards securing our file operations
+against local tamperers and besides plugging that one CVE, paves the way
+for the next step by adding the necessary directory fd tracking.
+This also bumps the rpm OS requirements to a whole new level by requiring
+the *at() family of calls from POSIX-1.2008.
+
+This necessarily does a whole lot of huffing and puffing we previously
+did not do. It should be possible to cache secure (ie root-owned)
+directory structures to avoid validating everything a million times
+but for now, just keeping things simple.
+
+Upstream-Status: Backport 
[https://github.com/rpm-software-management/rpm/commit/96ec957e281220f8e137a2d5eb23b83a6377d556]
+CVE: CVE-2021-35939
+Signed-off-by: Vivek Kumbhar 
+---
+ INSTALL  |   2 +
+ configure.ac |   3 +-
+ lib/fsm.c| 144 +--
+ lib/rpmfi.c  |  27 +++-
+ lib/rpmfi_internal.h |  17 +
+ 5 files changed, 183 insertions(+), 10 deletions(-)
+
+diff --git a/INSTALL b/INSTALL
+index 358e5ae0d..9a9c7b0d0 100644
+--- a/INSTALL
 b/INSTALL
+@@ -103,6 +103,8 @@ option to configure).  For GCC, OpenMP 4.5 is fully 
supported since GCC 6.1,
+ which is available from
+ http://www.gnu.org/
+ 
++Rpm requires a POSIX.1-2008 level operating system.
++
+ To compile RPM:
+ --
+ 
+diff --git a/configure.ac b/configure.ac
+index 78c555f90..4ddacdfe2 100644
+--- a/configure.ac
 b/configure.ac
+@@ -570,7 +570,8 @@ AC_CHECK_FUNCS([secure_getenv __secure_getenv])
+ 
+ AC_CHECK_FUNCS(
+[mkstemp getcwd basename dirname realpath setenv unsetenv regcomp lchown \
+-utimes getline localtime_r statvfs getaddrinfo ],
++utimes getline localtime_r statvfs getaddrinfo \
++openat mkdirat fstatat ],
+[], [AC_MSG_ERROR([function required by rpm])])
+ 
+ AC_LIBOBJ(fnmatch)
+diff --git a/lib/fsm.c b/lib/fsm.c
+index 935a0a5c6..0b29284e8 100644
+--- a/lib/fsm.c
 b/lib/fsm.c
+@@ -8,6 +8,7 @@
+ #include 
+ #include 
+ #include 
++#include 
+ #if WITH_CAP
+ #include 
+ #endif
+@@ -20,6 +21,7 @@
+ #include "rpmio/rpmio_internal.h" /* fdInit/FiniDigest */
+ #include "lib/fsm.h"
+ #include "lib/rpmte_internal.h"   /* XXX rpmfs */
++#include "lib/rpmfi_internal.h" /* rpmfiSetOnChdir */
+ #include "lib/rpmplugins.h"   /* rpm plugins hooks */
+ #include "lib/rpmug.h"
+ 
+@@ -406,17 +408,118 @@ static int fsmRmdir(const char *path)
+ return rc;
+ }
+ 
+-static int fsmMkdir(const char *path, mode_t mode)
++static int fsmMkdir(int dirfd, const char *path, mode_t mode)
+ {
+-int rc = mkdir(path, (mode & 0));
++int rc = mkdirat(dirfd, path, (mode & 0));
+ if (_fsm_debug)
+-  rpmlog(RPMLOG_DEBUG, " %8s (%s, 0%04o) %s\n", __func__,
+- path, (unsigned)(mode & 0),
++  rpmlog(RPMLOG_DEBUG, " %8s (%d %s, 0%04o) %s\n", __func__,
++ dirfd, path, (unsigned)(mode & 0),
+  (rc < 0 ? strerror(errno) : ""));
+ if (rc < 0)   rc = RPMERR_MKDIR_FAILED;
+ return rc;
+ }
+ 
++static int fsmOpenat(int dirfd, const char *path, int flags)
++{
++struct stat lsb, sb;
++int sflags = flags | O_NOFOLLOW;
++int fd = openat(dirfd, path, sflags);
++
++/*
++ * Only ever follow symlinks by root or target owner. Since we can't
++ * open the symlink itself, the order matters: we stat the link *after*
++ * opening the target, and if the link ownership changed between the calls
++ * it could've only been the link owner or root.
++ */
++if (fd < 0 && errno == ELOOP && flags != sflags) {
++  int ffd = openat(dirfd, path, flags);
++  if (ffd >= 0 && fstatat(dirfd, path, , AT_SYMLINK_NOFOLLOW) == 0) {
++  if (fstat(ffd, ) == 0) {
++  if (lsb.st_uid == 0 || lsb.st_uid ==

Re: [OE-Core] [PATCH 27/34] python3-setuptools: upgrade 69.1.1 -> 69.2.0

2024-04-23 Thread Ross Burton

On 23 Apr 2024, at 13:37, Ross Burton via lists.openembedded.org 
 wrote:
> 
> Somehow, this distributes a copy of the build tree:
> 
> Changes to packages/aarch64-linux/python3-setuptools-native (sysroot):
>  /usr/lib/python3.12/site-packages/build was added
>  /usr/lib/python3.12/site-packages/build/lib was added
>  /usr/lib/python3.12/site-packages/build/lib/_distutils_hack was added
>  /usr/lib/python3.12/site-packages/build/lib/_distutils_hack/__init__.py was 
> added
>  /usr/lib/python3.12/site-packages/build/lib/_distutils_hack/override.py was 
> added
>  /usr/lib/python3.12/site-packages/build/lib/pkg_resources was added
>  /usr/lib/python3.12/site-packages/build/lib/pkg_resources/extern was added
>  /usr/lib/python3.12/site-packages/build/lib/pkg_resources/extern/__init__.py 
> was added
>  /usr/lib/python3.12/site-packages/build/lib/pkg_resources/__init__.py was 
> added
>  /usr/lib/python3.12/site-packages/build/lib/pkg_resources/_vendor was added
> …
> 
> This is very broken and hopefully a newer release fixed it.

Oddly, if I rebuild the recipe this disappears.  This is _very_ odd but I can’t 
blame setuptools just yet.

Ross
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#198629): 
https://lists.openembedded.org/g/openembedded-core/message/198629
Mute This Topic: https://lists.openembedded.org/mt/105150542/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[yocto] Yocto Project Status 23 April 2024 (WW16)

2024-04-23 Thread Stephen Jolley

Current Dev Position: YP 5.0 in QA

Next Deadline: YP 5.0 Release by 30 April 2024

Next Team Meetings:

   -

   Bug Triage meeting Thursday April 25th at 7:30 am PST (
   https://zoom.us/j/454367603?pwd=ZGxoa2ZXL3FkM3Y0bFd5aVpHVVZ6dz09)
   -

   Weekly Project Engineering Sync Tuesday April 23rd at 8 am PST (
   https://zoom.us/j/990892712?pwd=cHU1MjhoM2x6ck81bkcrYjRrcmJsUT09)
   
   -

   Twitch -  See https://www.twitch.tv/theyoctojester


Key Status/Updates:

   -

   YP 5.0 rc4 is in QA.
   -

   YP 3.1.33, The final dunfell build will follow 5.0 into QA.
   -

   YP 4.0.18 is behind 3.1.33 for QA.
   -

   YP 5.0 rc2 was abandoned after issues with git in buildtools were found
   caused by a curl regression. 5.0 rc3 had further buildtools issues from
   configuration problems. 5.0 rc4 was built cleanly and went into QA to
   replace rc2.
   -

   The master branch has diverged from scarthgap and we’re trying to keep
   up to date with incoming patches there.
   -

   There are also patches under review for the patch/cve metrics page to
   improve the usability as well as build performance graphing improvements.
   -

   There is an open letter the project has created related to the CVE/NVD
   situation, more information is available here:
   https://lists.openembedded.org/g/openembedded-architecture/message/1990

Please consider signing this to show support for those changes, which would
improve our ability to analyze CVEs, and that of many other projects
(including other distros) to do so too.

   -

   We continue to watch the NIST NVD (CVE database) situation, the lack of
   CPE information is problematic for us and we are considering what
   alternatives we have.
   -

   Some CVE information is being provided for issues in meta-openembedded,
   this has been provided with help from the Sovereign Tech Fund.
   -

   The project is sponsoring Syslinbit to separate out our CVE tooling from
   the build system into a standalone tool so that it can be used on software
   manifests of output at a later date.


Ways to contribute:

   -

   As people are likely aware, the project has a number of components which
   are either unmaintained, or have people with little to no time trying to
   keep them alive. These components include: devtool, toaster, wic, oeqa,
   autobuilder, CROPs containers, pseudo and more. Many have open bugs. Help
   is welcome in trying to better look after these components!
   -

   There are bugs identified as possible for newcomers to the project:
   https://wiki.yoctoproject.org/wiki/Newcomers
   -

   There are bugs that are currently unassigned for YP 5.1. See:
   
https://wiki.yoctoproject.org/wiki/Bug_Triage#Medium+_5.1_Unassigned_Enhancements/Bugs
   -

   We’d welcome new maintainers for recipes in OE-Core. Please see the list
   at:
   
http://git.yoctoproject.org/cgit.cgi/poky/tree/meta/conf/distro/include/maintainers.inc
   and discuss with the existing maintainer, or ask on the OE-Core mailing
   list. We will likely move a chunk of these to “Unassigned” soon to help
   facilitate this.
   -

   Help is very much welcome in trying to resolve our autobuilder
   intermittent issues. You can see the list of failures we’re continuing to
   see by searching for the “AB-INT” tag in bugzilla:
   https://bugzilla.yoctoproject.org/buglist.cgi?quicksearch=AB-INT.
   -

   Help us resolve CVE issues: CVE metrics
   
   -

   We have a growing number of bugs in bugzilla, any help with them is
   appreciated.
   -

   Regarding bugs, even if you can’t fix a bug, submitting a failing test
   case that can reproduce the issue significantly improves the chances it
   might get fixed.


YP 5.0 Milestone Dates:

   -

   YP 5.0 is in QA.
   -

   YP 5.0 M4 Release date 2024/04/30


YP 5.1 Milestone Dates:

   -

   YP 5.1 M1 Build date  2024-05-20
   -

   YP 5.1 M1 Release date 2024-05-31
   -

   YP 5.1 M2 Build date  2024-07-08
   -

   YP 5.1 M2 Release date 2024-07-19
   -

   YP 5.1 M3 Build date  2024-08-26
   -

   YP 5.1 M3 Release date 2024-09-06
   -

   YP 5.1 M4 Build date  2024-09-30
   -

   YP 5.1 M4 Release date 2024-10-25


Upcoming dot releases:

   -

   YP 3.1.33 is in QA
   -

   YP 4.0.18 is in QA


   -

   YP 5.0.1 Build Date 2024-05-13
   -

   YP 5.0.1 Release Date 2024-05-24
   -

   YP 4.0.19 build date 2024-06-03
   -

   YP 4.0.19 Release date 2024-06-14
   -

   YP 5.0.2 Build Date 2024-06-24
   -

   YP 5.0.2 Release Date 2024-07-05
   -

   YP 4.0.20 Build Date 2024-07-15
   -

   YP 4.0.20 Release Date 2024-07-26
   -

   YP 5.0.3 Build Date 2024-08-12
   -

   YP 5.0.3 Release Date 2024-08-23
   -

   YP 4.0.21 Build Date 2024-09-09
   -

   YP 4.0.21 Release Date 2024-09-20
   -

   YP 5.0.4 Build Date 2024-09-23
   -

   YP 5.0.4 Release Date 2024-10-04
   -

   YP 4.0.22 Build Date 2024-10-14
   -

   YP 4.0.22 Release Date 2024-10-25
   -

   YP 5.0.5

Re: [OE-core] [PATCH v2] linux-firmware: Move Intel AC 9260 bluetooth firmware to a separate package

2024-04-23 Thread Quentin Schulz via lists.openembedded.org


Hi Iskander,

On 4/23/24 16:18, Iskander Amara wrote:

In order to use Bluetooth on Intel AC 9260, we need to select
linux-firmware-ibt-misc package that brings a lot of fimw-
ares that are, in most cases, irrelevant for the used hardware.

This adds a new package linux-firmware-ibt-18 that only includes
the corresponding firmware for Intel AC 9260 bluetooth chips.

Below, the link to the commit that adds Intel AC 9260 firmwares in linux-
firmware:

https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?h=20220610=97339b3a1d3bf3e4c40d679896a27a25fa83765f

Reported-by: Quentin Schulz 


Reviewed-by: Quentin Schulz 

Thanks!
Quentin

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#198627): 
https://lists.openembedded.org/g/openembedded-core/message/198627
Mute This Topic: https://lists.openembedded.org/mt/105690180/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH v2] linux-firmware: Move Intel AC 9260 bluetooth firmware to a separate package

2024-04-23 Thread Iskander Amara

In order to use Bluetooth on Intel AC 9260, we need to select
linux-firmware-ibt-misc package that brings a lot of fimw-
ares that are, in most cases, irrelevant for the used hardware.

This adds a new package linux-firmware-ibt-18 that only includes
the corresponding firmware for Intel AC 9260 bluetooth chips.

Below, the link to the commit that adds Intel AC 9260 firmwares in linux-
firmware:

https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?h=20220610=97339b3a1d3bf3e4c40d679896a27a25fa83765f

Reported-by: Quentin Schulz 
Signed-off-by: Iskander Amara 
---
 meta/recipes-kernel/linux-firmware/linux-firmware_20240312.bb | 4 
 1 file changed, 4 insertions(+)

diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_20240312.bb 
b/meta/recipes-kernel/linux-firmware/linux-firmware_20240312.bb
index ff79bb9b33..5042d20902 100644
--- a/meta/recipes-kernel/linux-firmware/linux-firmware_20240312.bb
+++ b/meta/recipes-kernel/linux-firmware/linux-firmware_20240312.bb
@@ -343,6 +343,7 @@ PACKAGES =+ "${PN}-amphion-vpu-license ${PN}-amphion-vpu \
  ${PN}-ibt-license ${PN}-ibt \
  ${PN}-ibt-11-5 ${PN}-ibt-12-16 ${PN}-ibt-hw-37-7 
${PN}-ibt-hw-37-8 \
  ${PN}-ibt-17 \
+ ${PN}-ibt-18 \
  ${PN}-ibt-20 \
  ${PN}-ibt-misc \
  ${PN}-i915-license ${PN}-i915 \
@@ -1272,6 +1273,7 @@ LICENSE:${PN}-ibt-hw-37-8 = "Firmware-ibt_firmware"
 LICENSE:${PN}-ibt-11-5= "Firmware-ibt_firmware"
 LICENSE:${PN}-ibt-12-16   = "Firmware-ibt_firmware"
 LICENSE:${PN}-ibt-17 = "Firmware-ibt_firmware"
+LICENSE:${PN}-ibt-18= "Firmware-ibt_firmware"
 LICENSE:${PN}-ibt-20 = "Firmware-ibt_firmware"
 LICENSE:${PN}-ibt-misc= "Firmware-ibt_firmware"
 
@@ -1281,6 +1283,7 @@ FILES:${PN}-ibt-hw-37-8 = 
"${nonarch_base_libdir}/firmware/intel/ibt-hw-37.8*.bs
 FILES:${PN}-ibt-11-5= "${nonarch_base_libdir}/firmware/intel/ibt-11-5.sfi 
${nonarch_base_libdir}/firmware/intel/ibt-11-5.ddc"
 FILES:${PN}-ibt-12-16   = "${nonarch_base_libdir}/firmware/intel/ibt-12-16.sfi 
${nonarch_base_libdir}/firmware/intel/ibt-12-16.ddc"
 FILES:${PN}-ibt-17 = "${nonarch_base_libdir}/firmware/intel/ibt-17-*.sfi 
${nonarch_base_libdir}/firmware/intel/ibt-17-*.ddc"
+FILES:${PN}-ibt-18  = "${nonarch_base_libdir}/firmware/intel/ibt-18-*.sfi 
${nonarch_base_libdir}/firmware/intel/ibt-18-*.ddc"
 FILES:${PN}-ibt-20 = "${nonarch_base_libdir}/firmware/intel/ibt-20-*.sfi 
${nonarch_base_libdir}/firmware/intel/ibt-20-*.ddc"
 FILES:${PN}-ibt-misc= "${nonarch_base_libdir}/firmware/intel/ibt-*"
 
@@ -1289,6 +1292,7 @@ RDEPENDS:${PN}-ibt-hw-37.8 = "${PN}-ibt-license"
 RDEPENDS:${PN}-ibt-11-5= "${PN}-ibt-license"
 RDEPENDS:${PN}-ibt-12-16   = "${PN}-ibt-license"
 RDEPENDS:${PN}-ibt-17 = "${PN}-ibt-license"
+RDEPENDS:${PN}-ibt-18  = "${PN}-ibt-license"
 RDEPENDS:${PN}-ibt-20 = "${PN}-ibt-license"
 RDEPENDS:${PN}-ibt-misc= "${PN}-ibt-license"
 
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#198626): 
https://lists.openembedded.org/g/openembedded-core/message/198626
Mute This Topic: https://lists.openembedded.org/mt/105690180/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH] linux-firmware: Move 9260 bluetooth firmware to a separate package

2024-04-23 Thread Quentin Schulz via lists.openembedded.org


Hi Iskander,

linux-firmware storing all firmwware, can you add "Intel AC 9260" in the 
commit title so we know what we're talking about :) ?


On 4/23/24 14:02, Iskander Amara wrote:

In order to use the Intel bluetooth 9260 firmware, we need to


"""
In order to use Bluetooth on Intel 9260,
"""

is probably a better wording here?


select linux-firmware-ibt-misc package that brings a lot of fi-
mwares that are, in most cases, irrelevant for the used hardware.
 > This adds a new package linux-firmware-ibt-9260 that only inclu-
des Intel 9260 bluetooth chip's firmware.



Would be nice to give the commit in linux-firmware that added the 
firmware for the Bluetooth part of the Intel AC 9260 to justify this 
change, c.f.:


https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?h=20220610=97339b3a1d3bf3e4c40d679896a27a25fa83765f


Reported-by: Quentin Schulz 
Signed-off-by: Iskander Amara 
---
  meta/recipes-kernel/linux-firmware/linux-firmware_20240312.bb | 4 
  1 file changed, 4 insertions(+)

diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_20240312.bb 
b/meta/recipes-kernel/linux-firmware/linux-firmware_20240312.bb
index ff79bb9b33..dfa387ec11 100644
--- a/meta/recipes-kernel/linux-firmware/linux-firmware_20240312.bb
+++ b/meta/recipes-kernel/linux-firmware/linux-firmware_20240312.bb
@@ -344,6 +344,7 @@ PACKAGES =+ "${PN}-amphion-vpu-license ${PN}-amphion-vpu \
   ${PN}-ibt-11-5 ${PN}-ibt-12-16 ${PN}-ibt-hw-37-7 
${PN}-ibt-hw-37-8 \
   ${PN}-ibt-17 \
   ${PN}-ibt-20 \
+ ${PN}-ibt-9260 \
   ${PN}-ibt-misc \
   ${PN}-i915-license ${PN}-i915 \
   ${PN}-ice-license ${PN}-ice \
@@ -1273,6 +1274,7 @@ LICENSE:${PN}-ibt-11-5= "Firmware-ibt_firmware"
  LICENSE:${PN}-ibt-12-16   = "Firmware-ibt_firmware"
  LICENSE:${PN}-ibt-17 = "Firmware-ibt_firmware"
  LICENSE:${PN}-ibt-20 = "Firmware-ibt_firmware"
+LICENSE:${PN}-ibt-9260= "Firmware-ibt_firmware"


I think we should rather name this ${PN}-ibt-18 to match what seems to 
be the naming scheme for those packages.


If you do, please order everything alphabetically (so above ibt-20 for 
example).


Looking good otherwise.

Cheers,
Quentin

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#198625): 
https://lists.openembedded.org/g/openembedded-core/message/198625
Mute This Topic: https://lists.openembedded.org/mt/105687932/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] Set the CMake BUILD_TESTING option to OFF as the default setting

2024-04-23 Thread Alexander Kanavin

I'm not sure I like the idea. This is going to break ptests or other
usage of CTest in cmake-based recipes that aren't under our control.
Building tests is also a test in itself even if you don't run them.
I'd say unless this adds significantly to build times we should leave
it as it is.

Alex

On Tue, 23 Apr 2024 at 14:31, Fabio Berton via lists.openembedded.org
 wrote:
>
> I've noticed that some recipes, like json-c [1], which use the cmake bbclass, 
> are generating files that aren't being used. This is because CMake sets the 
> BUILD_TESTING option to ON by default. According to the CMake documentation 
> [2], when CTest is included, as json-c does here [3], the module 
> automatically creates a BUILD_TESTING option. This option determines whether 
> to enable testing support, and it is ON by default.
>
> In the json-c example, the tests used by the do_install_ptest task are always 
> generated. Thus, ${B}/tests/ exists even when ptests are not included in 
> DISTRO_FEATURES.
>
> As the behavior of CTest/CMake to build tests by default is rather 
> surprising, we are wondering whether disabling this option by default is 
> feasible in the OpenEmbedded context. Recipes expecting tests to be built 
> (e.g. because of ptest support) would then turn on the flag explicitly.
>
> For example, adding this to cmake.bbclass:
>
> OECMAKE_BUILD_TESTING ??= "false"
>
> EXTRA_OECMAKE:append = "\\
> ${@bb.utils.contains('OECMAKE_BUILD_TESTING', 'false', 
> '-DBUILD_TESTING=OFF', '', d)} \\
> "
>
> and then set the OECMAKE_BUILD_TESTING in the recipe that requires 
> BUILD_TESTING=ON
>
> Do you have any suggestions on which steps we should take to verify that this 
> does not introduce any regressions?
>
>
> 1 - 
> https://git.openembedded.org/openembedded-core/tree/meta/recipes-devtools/json-c/json-c_0.17.bb?h=master
>
> 2 - https://cmake.org/cmake/help/latest/module/CTest.html
>
> 3 - https://github.com/json-c/json-c/blob/master/CMakeLists.txt#L19
>
>
> Regards,
>
> Fabio Berton
>
>
> 
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#198624): 
https://lists.openembedded.org/g/openembedded-core/message/198624
Mute This Topic: https://lists.openembedded.org/mt/105688417/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core][kirkstone][PATCH] libssh2: backport fix for CVE-2023-48795

2024-04-23 Thread Steve Sakoman

There is already a fix for this CVE in kirkstone:

https://git.yoctoproject.org/poky/commit/?h=kirkstone=888ea24812c21910e74c864313be56f02fad6c2e

Steve

On Fri, Apr 19, 2024 at 1:19 AM dnyandev via lists.openembedded.org
 wrote:
>
> Backport the upstream fix for CVE-2023-48795.
>
> (From OE-Core rev: 314fa19c5e07fa632ff0434a6adbb97de1319a02)
>
> Signed-off-by: Ross Burton 
> Signed-off-by: Richard Purdie 
> (cherry picked from commit 3adac25f899054b7d1d8c14458a1a4cd310abbd7)
> Signed-off-by: Bhabu Bindu 
> ---
>  .../libssh2/libssh2/CVE-2023-48795.patch  | 469 ++
>  .../recipes-support/libssh2/libssh2_1.10.0.bb |   1 +
>  2 files changed, 470 insertions(+)
>  create mode 100644 meta/recipes-support/libssh2/libssh2/CVE-2023-48795.patch
>
> diff --git a/meta/recipes-support/libssh2/libssh2/CVE-2023-48795.patch 
> b/meta/recipes-support/libssh2/libssh2/CVE-2023-48795.patch
> new file mode 100644
> index 00..9aaa92bb1c
> --- /dev/null
> +++ b/meta/recipes-support/libssh2/libssh2/CVE-2023-48795.patch
> @@ -0,0 +1,469 @@
> +From d4634630432594b139b3af6b9f254b890c0f275d Mon Sep 17 00:00:00 2001
> +From: Michael Buckley 
> +Date: Thu, 30 Nov 2023 15:08:02 -0800
> +Subject: [PATCH] src: add 'strict KEX' to fix CVE-2023-48795 "Terrapin 
> Attack"
> +
> +Refs:
> +https://terrapin-attack.com/
> +https://seclists.org/oss-sec/2023/q4/292
> +https://osv.dev/list?ecosystem==CVE-2023-48795
> +https://github.com/advisories/GHSA-45x7-px36-x8w8
> +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795
> +
> +Fixes #1290
> +Closes #1291
> +
> +CVE: CVE-2023-48795
> +Upstream-Status: Backport
> +Comments: Refreshed Hunks
> +
> +Signed-off-by: Ross Burton 
> +Signed-off-by: Bindu Bhabu 
> +---
> + src/kex.c  | 63 +++
> + src/libssh2_priv.h | 18 +++---
> + src/packet.c   | 83 +++---
> + src/packet.h   |  2 +-
> + src/session.c  |  3 ++
> + src/transport.c| 12 ++-
> + 6 files changed, 149 insertions(+), 32 deletions(-)
> +
> +diff --git a/src/kex.c b/src/kex.c
> +index d4034a0a..b4b748ca 100644
> +--- a/src/kex.c
>  b/src/kex.c
> +@@ -3026,6 +3026,13 @@ kex_method_ssh_curve25519_sha256 = {
> + };
> + #endif
> +
> ++static const LIBSSH2_KEX_METHOD
> ++kex_method_strict_client_extension = {
> ++"kex-strict-c-...@openssh.com",
> ++NULL,
> ++0,
> ++};
> ++
> + static const LIBSSH2_KEX_METHOD *libssh2_kex_methods[] = {
> + #if LIBSSH2_ED25519
> + _method_ssh_curve25519_sha256,
> +@@ -3043,6 +3050,7 @@ static const LIBSSH2_KEX_METHOD *libssh2
> + _method_diffie_helman_group14_sha1,
> + _method_diffie_helman_group1_sha1,
> + _method_diffie_helman_group_exchange_sha1,
> ++_method_strict_client_extension,
> +   NULL
> + };
> +
> +@@ -3281,13 +3289,13 @@ static int kexinit(LIBSSH2_SESSION * ses
> + return 0;
> + }
> +
> +-/* kex_agree_instr
> ++/* _libssh2_kex_agree_instr
> +  * Kex specific variant of strstr()
> +  * Needle must be precede by BOL or ',', and followed by ',' or EOL
> +  */
> +-static unsigned char *
> +-kex_agree_instr(unsigned char *haystack, unsigned long haystack_len,
> +-const unsigned char *needle, unsigned long needle_len)
> ++unsigned char *
> ++_libssh2_kex_agree_instr(unsigned char *haystack, size_t haystack_len,
> ++ const unsigned char *needle, size_t needle_len)
> + {
> + unsigned char *s;
> + unsigned char *end_haystack;
> +@@ -3398,7 +3406,7 @@ static int kex_agree_hostkey(LIBSSH2_SESSION * session,
> + while(s && *s) {
> + unsigned char *p = (unsigned char *) strchr((char *) s, ',');
> + size_t method_len = (p ? (size_t)(p - s) : strlen((char *) s));
> +-if(kex_agree_instr(hostkey, hostkey_len, s, method_len)) {
> ++if(_libssh2_kex_agree_instr(hostkey, hostkey_len, s, 
> method_len)) {
> + const LIBSSH2_HOSTKEY_METHOD *method =
> + (const LIBSSH2_HOSTKEY_METHOD *)
> + kex_get_method_by_name((char *) s, method_len,
> +@@ -3432,9 +3440,9 @@ static int kex_agree_hostkey(LIBSSH2_SESSION * session,
> + }
> +
> + while(hostkeyp && (*hostkeyp) && (*hostkeyp)->name) {
> +-s = kex_agree_instr(hostkey, hostkey_len,
> +-(unsigned char *) (*hostkeyp)->name,
> +-strlen((*hostkeyp)->name));
> ++s = _libssh2_kex_agree_instr(hostkey, hostkey_len,
> ++ (unsigned char *) (*hostkeyp)->name,
> ++ strlen((*hostkeyp)->name));
> + if(s) {
> + /* So far so good, but does it suit our purposes? (Encrypting vs
> +Signing) */
> +@@ -3468,6 +3476,12 @@ static int kex_agree_kex_hostkey(LIBSSH2_SESSION * 
> session, unsigned char *kex,
> + {
> + const LIBSSH2_KEX_METHOD **kexp = libssh2_kex_methods;
> + unsigned

Re: [OE-Core] [PATCH 27/34] python3-setuptools: upgrade 69.1.1 -> 69.2.0

2024-04-23 Thread Ross Burton

Somehow, this distributes a copy of the build tree:

Changes to packages/aarch64-linux/python3-setuptools-native (sysroot):
  /usr/lib/python3.12/site-packages/build was added
  /usr/lib/python3.12/site-packages/build/lib was added
  /usr/lib/python3.12/site-packages/build/lib/_distutils_hack was added
  /usr/lib/python3.12/site-packages/build/lib/_distutils_hack/__init__.py was 
added
  /usr/lib/python3.12/site-packages/build/lib/_distutils_hack/override.py was 
added
  /usr/lib/python3.12/site-packages/build/lib/pkg_resources was added
  /usr/lib/python3.12/site-packages/build/lib/pkg_resources/extern was added
  /usr/lib/python3.12/site-packages/build/lib/pkg_resources/extern/__init__.py 
was added
  /usr/lib/python3.12/site-packages/build/lib/pkg_resources/__init__.py was 
added
  /usr/lib/python3.12/site-packages/build/lib/pkg_resources/_vendor was added
…

This is very broken and hopefully a newer release fixed it.

Ross
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#198622): 
https://lists.openembedded.org/g/openembedded-core/message/198622
Mute This Topic: https://lists.openembedded.org/mt/105150542/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] Set the CMake BUILD_TESTING option to OFF as the default setting

2024-04-23 Thread Fabio Berton

I've noticed that some recipes, like json-c [1], which use the cmake 
bbclass, are generating files that aren't being used. This is because 
CMake sets the BUILD_TESTING option to ON by default. According to the 
CMake documentation [2], when CTest is included, as json-c does here 
[3], the module automatically creates a |BUILD_TESTING| option. This 
option determines whether to enable testing support, and it is ON by 
default.


In the json-c example, the tests used by the do_install_ptest task are 
always generated. Thus, ${B}/tests/ exists even when ptests are not 
included in DISTRO_FEATURES.


As the behavior of CTest/CMake to build tests by default is rather 
surprising, we are wondering whether disabling this option by default is 
feasible in the OpenEmbedded context. Recipes expecting tests to be 
built (e.g. because of ptest support) would then turn on the flag 
explicitly.


For example, adding this to cmake.bbclass:

|OECMAKE_BUILD_TESTING ??= "false" EXTRA_OECMAKE:append = "\\ 
${@bb.utils.contains('OECMAKE_BUILD_TESTING', 'false', 
'-DBUILD_TESTING=OFF', '', d)} \\ " |


and then set the OECMAKE_BUILD_TESTING in the recipe that requires 
BUILD_TESTING=ON


Do you have any suggestions on which steps we should take to verify that 
this does not introduce any regressions?



1 - 
https://git.openembedded.org/openembedded-core/tree/meta/recipes-devtools/json-c/json-c_0.17.bb?h=master


2 - https://cmake.org/cmake/help/latest/module/CTest.html

3 - https://github.com/json-c/json-c/blob/master/CMakeLists.txt#L19


Regards,

Fabio Berton

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#198621): 
https://lists.openembedded.org/g/openembedded-core/message/198621
Mute This Topic: https://lists.openembedded.org/mt/105688417/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] linux-firmware: Move 9260 bluetooth firmware to a separate package

2024-04-23 Thread Iskander Amara

In order to use the Intel bluetooth 9260 firmware, we need to
select linux-firmware-ibt-misc package that brings a lot of fi-
mwares that are, in most cases, irrelevant for the used hardware.

This adds a new package linux-firmware-ibt-9260 that only inclu-
des Intel 9260 bluetooth chip's firmware.

Reported-by: Quentin Schulz 
Signed-off-by: Iskander Amara 
---
 meta/recipes-kernel/linux-firmware/linux-firmware_20240312.bb | 4 
 1 file changed, 4 insertions(+)

diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_20240312.bb 
b/meta/recipes-kernel/linux-firmware/linux-firmware_20240312.bb
index ff79bb9b33..dfa387ec11 100644
--- a/meta/recipes-kernel/linux-firmware/linux-firmware_20240312.bb
+++ b/meta/recipes-kernel/linux-firmware/linux-firmware_20240312.bb
@@ -344,6 +344,7 @@ PACKAGES =+ "${PN}-amphion-vpu-license ${PN}-amphion-vpu \
  ${PN}-ibt-11-5 ${PN}-ibt-12-16 ${PN}-ibt-hw-37-7 
${PN}-ibt-hw-37-8 \
  ${PN}-ibt-17 \
  ${PN}-ibt-20 \
+ ${PN}-ibt-9260 \
  ${PN}-ibt-misc \
  ${PN}-i915-license ${PN}-i915 \
  ${PN}-ice-license ${PN}-ice \
@@ -1273,6 +1274,7 @@ LICENSE:${PN}-ibt-11-5= "Firmware-ibt_firmware"
 LICENSE:${PN}-ibt-12-16   = "Firmware-ibt_firmware"
 LICENSE:${PN}-ibt-17 = "Firmware-ibt_firmware"
 LICENSE:${PN}-ibt-20 = "Firmware-ibt_firmware"
+LICENSE:${PN}-ibt-9260= "Firmware-ibt_firmware"
 LICENSE:${PN}-ibt-misc= "Firmware-ibt_firmware"
 
 FILES:${PN}-ibt-license = 
"${nonarch_base_libdir}/firmware/LICENCE.ibt_firmware"
@@ -1282,6 +1284,7 @@ FILES:${PN}-ibt-11-5= 
"${nonarch_base_libdir}/firmware/intel/ibt-11-5.sfi ${
 FILES:${PN}-ibt-12-16   = "${nonarch_base_libdir}/firmware/intel/ibt-12-16.sfi 
${nonarch_base_libdir}/firmware/intel/ibt-12-16.ddc"
 FILES:${PN}-ibt-17 = "${nonarch_base_libdir}/firmware/intel/ibt-17-*.sfi 
${nonarch_base_libdir}/firmware/intel/ibt-17-*.ddc"
 FILES:${PN}-ibt-20 = "${nonarch_base_libdir}/firmware/intel/ibt-20-*.sfi 
${nonarch_base_libdir}/firmware/intel/ibt-20-*.ddc"
+FILES:${PN}-ibt-9260= "${nonarch_base_libdir}/firmware/intel/ibt-18-*.sfi 
${nonarch_base_libdir}/firmware/intel/ibt-18-*.ddc"
 FILES:${PN}-ibt-misc= "${nonarch_base_libdir}/firmware/intel/ibt-*"
 
 RDEPENDS:${PN}-ibt-hw-37-7 = "${PN}-ibt-license"
@@ -1290,6 +1293,7 @@ RDEPENDS:${PN}-ibt-11-5= "${PN}-ibt-license"
 RDEPENDS:${PN}-ibt-12-16   = "${PN}-ibt-license"
 RDEPENDS:${PN}-ibt-17 = "${PN}-ibt-license"
 RDEPENDS:${PN}-ibt-20 = "${PN}-ibt-license"
+RDEPENDS:${PN}-ibt-9260= "${PN}-ibt-license"
 RDEPENDS:${PN}-ibt-misc= "${PN}-ibt-license"
 
 ALLOW_EMPTY:${PN}-ibt= "1"
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#198620): 
https://lists.openembedded.org/g/openembedded-core/message/198620
Mute This Topic: https://lists.openembedded.org/mt/105687932/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [dunfell][PATCH] populate_sdk_ext.bbclass: only overwrite lsb string if uninative is used

2024-04-23 Thread Steve Sakoman

Dunfell has reached end of life and we are no longer taking changes.
The final build was done on April 15.

Steve

On Mon, Apr 15, 2024 at 12:21 AM Timon Bergelt via
lists.openembedded.org 
wrote:
>
> Overwriting the lsb string without inheriting from uninative causes
> shared state cache entries to end up in the wrong path where they are
> not beeing picked up by the extensible SDK environment.
>
> Signed-off-by: Timon Bergelt 
> ---
>  meta/classes/populate_sdk_ext.bbclass | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/meta/classes/populate_sdk_ext.bbclass 
> b/meta/classes/populate_sdk_ext.bbclass
> index 1bdfd92847..899f198659 100644
> --- a/meta/classes/populate_sdk_ext.bbclass
> +++ b/meta/classes/populate_sdk_ext.bbclass
> @@ -449,7 +449,7 @@ python copy_buildsystem () {
>  bb.utils.remove(sstate_out, True)
>
>  # uninative.bbclass sets NATIVELSBSTRING to 'universal%s' % 
> oe.utils.host_gcc_version(d)
> -fixedlsbstring = "universal%s" % oe.utils.host_gcc_version(d)
> +fixedlsbstring = "universal%s" % oe.utils.host_gcc_version(d) if 
> bb.data.inherits_class('uninative', d) else ""
>
>  sdk_include_toolchain = (d.getVar('SDK_INCLUDE_TOOLCHAIN') == '1')
>  sdk_ext_type = d.getVar('SDK_EXT_TYPE')
> --
> 2.34.1
>
>
>
> 
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#198619): 
https://lists.openembedded.org/g/openembedded-core/message/198619
Mute This Topic: https://lists.openembedded.org/mt/105531768/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core][dunfell][PATCH 1/4] binutils: Fix CVE-2022-44840

2024-04-23 Thread Steve Sakoman

Dunfell has reached end of life and we are no longer taking changes.
The final build was done on April 15.

Steve

On Tue, Apr 23, 2024 at 12:35 AM virendra thakur via
lists.openembedded.org
 wrote:
>
> Add patch file to fix CVE-2022-44840
>
> Reference: 
> https://answers.launchpad.net/ubuntu/+archive/primary/+sourcefiles/binutils/2.34-6ubuntu1.8/binutils_2.34-6ubuntu1.8.debian.tar.xz
>
> Signed-off-by: virendra thakur 
> ---
>  .../binutils/binutils-2.34.inc|   1 +
>  .../binutils/binutils/CVE-2022-44840.patch| 162 ++
>  2 files changed, 163 insertions(+)
>  create mode 100644 
> meta/recipes-devtools/binutils/binutils/CVE-2022-44840.patch
>
> diff --git a/meta/recipes-devtools/binutils/binutils-2.34.inc 
> b/meta/recipes-devtools/binutils/binutils-2.34.inc
> index 032263fe63..64f66a30a9 100644
> --- a/meta/recipes-devtools/binutils/binutils-2.34.inc
> +++ b/meta/recipes-devtools/binutils/binutils-2.34.inc
> @@ -62,5 +62,6 @@ SRC_URI = "\
>   file://CVE-2022-47011.patch \
>   file://CVE-2022-48063.patch \
>   file://CVE-2022-47695.patch \
> + file://CVE-2022-44840.patch \
>  "
>  S  = "${WORKDIR}/git"
> diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2022-44840.patch 
> b/meta/recipes-devtools/binutils/binutils/CVE-2022-44840.patch
> new file mode 100644
> index 00..288219871d
> --- /dev/null
> +++ b/meta/recipes-devtools/binutils/binutils/CVE-2022-44840.patch
> @@ -0,0 +1,162 @@
> +[Ubuntu note: commit af2ddf69ab85 is not included in this version of the 
> code,
> + so adjustments had to be made to the 2nd hunk in order for it to apply
> + cleanly and in order to have the added code match correct macro usage for
> + this version of binutils (SAFE_BYTE_GET64 is called with signature_high and
> + signature_low in this version of the code, but not in the added lines of the
> + original patch).
> + -- Camila Camargo de Matos ]
> +
> +Origin: backport, 
> https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=28750e3b967da2207d51cbce9fc8be262817ee59
> +
> +From 28750e3b967da2207d51cbce9fc8be262817ee59 Mon Sep 17 00:00:00 2001
> +From: Alan Modra 
> +Date: Sun, 30 Oct 2022 19:08:51 +1030
> +Subject: [PATCH] Pool section entries for DWP version 1
> +
> +Ref: https://gcc.gnu.org/wiki/DebugFissionDWP?action=recall=3
> +
> +Fuzzers have found a weakness in the code stashing pool section
> +entries.  With random nonsensical values in the index entries (rather
> +than each index pointing to its own set distinct from other sets),
> +it's possible to overflow the space allocated, losing the NULL
> +terminator.  Without a terminator, find_section_in_set can run off the
> +end of the shndx_pool buffer.  Fix this by scanning the pool directly.
> +
> +binutils/
> +   * dwarf.c (add_shndx_to_cu_tu_entry): Delete range check.
> +   (end_cu_tu_entry): Likewise.
> +   (process_cu_tu_index): Fill shndx_pool by directly scanning
> +   pool, rather than indirectly from index entries.
> +
> +Upstream-Status: Backport 
> [https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=28750e3b967da2207d51cbce9fc8be262817ee59]
> +
> +CVE: CVE-2022-44840
> +
> +Signed-off-by: Virendra Thakur 
> +---
> + binutils/dwarf.c | 90 ++--
> + 1 file changed, 41 insertions(+), 49 deletions(-)
> +
> +Index: binutils-2.34/binutils/dwarf.c
> +===
> +--- binutils-2.34.orig/binutils/dwarf.c
>  binutils-2.34/binutils/dwarf.c
> +@@ -9454,22 +9454,12 @@ prealloc_cu_tu_list (unsigned int nshndx
> + static void
> + add_shndx_to_cu_tu_entry (unsigned int shndx)
> + {
> +-  if (shndx_pool_used >= shndx_pool_size)
> +-{
> +-  error (_("Internal error: out of space in the shndx pool.\n"));
> +-  return;
> +-}
> +   shndx_pool [shndx_pool_used++] = shndx;
> + }
> +
> + static void
> + end_cu_tu_entry (void)
> + {
> +-  if (shndx_pool_used >= shndx_pool_size)
> +-{
> +-  error (_("Internal error: out of space in the shndx pool.\n"));
> +-  return;
> +-}
> +   shndx_pool [shndx_pool_used++] = 0;
> + }
> +
> +@@ -9578,54 +9568,55 @@ process_cu_tu_index (struct dwarf_sectio
> +
> +   if (version == 1)
> + {
> ++  unsigned char *shndx_list;
> ++  unsigned int shndx;
> ++
> +   if (!do_display)
> +-  prealloc_cu_tu_list ((limit - ppool) / 4);
> +-  for (i = 0; i < nslots; i++)
> +   {
> +-unsigned char *shndx_list;
> +-unsigned int shndx;
> +-
> +-SAFE_BYTE_GET64 (phash, _high, _low, limit);
> +-if (signature_high != 0 || signature_low != 0)
> ++ prealloc_cu_tu_list ((limit - ppool) / 4);
> ++ for (shndx_list = ppool + 4; shndx_list <= limit - 4; shndx_list 
> += 4)
> +   {
> +-SAFE_BYTE_GET (j, pindex, 4, limit);
> +-shndx_list = ppool + j * 4;
> +-/* PR 17531: file: 705e010d.  */
> +-if (shndx_list < ppool)

Re: [OE-core][dunfell][PATCH] perl: Fix CVE-2023-31486

2024-04-23 Thread Steve Sakoman

Dunfell has reached end of life and we are no longer taking changes.
The final build was done on April 15.

Steve

On Tue, Apr 23, 2024 at 1:21 AM virendra thakur
 wrote:
>
> From: Soumya 
>
> HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available
> standalone on CPAN, has an insecure default TLS configuration where
> users must opt in to verify certificates.
>
> References:
> https://nvd.nist.gov/vuln/detail/CVE-2023-31486
>
> Upstream patches:
> https://github.com/chansen/p5-http-tiny/commit/77f557ef84698efeb6eed04e4a9704eaf85b741d
> https://github.com/chansen/p5-http-tiny/commit/a22785783b17cbaa28afaee4a024d81a1903701d
>
> (From OE-Core rev: 5819c839e1de92ab7669a0d4997886d0306c4cc1)
>
> Signed-off-by: Soumya 
> Signed-off-by: Steve Sakoman 
> (cherry picked from commit 80ecd63cc84d7eb9db26ec47d4afcf5a59d598e8)
>
> Signed-off-by: virendra thakur 
> ---
>  .../perl/files/CVE-2023-31486-0001.patch  | 216 ++
>  .../perl/files/CVE-2023-31486-0002.patch  |  36 +++
>  meta/recipes-devtools/perl/perl_5.30.1.bb |   2 +
>  3 files changed, 254 insertions(+)
>  create mode 100644 meta/recipes-devtools/perl/files/CVE-2023-31486-0001.patch
>  create mode 100644 meta/recipes-devtools/perl/files/CVE-2023-31486-0002.patch
>
> diff --git a/meta/recipes-devtools/perl/files/CVE-2023-31486-0001.patch 
> b/meta/recipes-devtools/perl/files/CVE-2023-31486-0001.patch
> new file mode 100644
> index 00..d8326b4ef8
> --- /dev/null
> +++ b/meta/recipes-devtools/perl/files/CVE-2023-31486-0001.patch
> @@ -0,0 +1,216 @@
> +From 77f557ef84698efeb6eed04e4a9704eaf85b741d
> +From: Stig Palmquist 
> +Date: Mon Jun 5 16:46:22 2023 +0200
> +Subject: [PATCH] Change verify_SSL default to 1, add ENV var to enable
> + insecure default - Changes the `verify_SSL` default parameter from `0` to 
> `1`
> +
> +  Based on patch by Dominic Hargreaves:
> +  
> https://salsa.debian.org/perl-team/interpreter/perl/-/commit/1490431e40e22052f75a0b3449f1f53cbd27ba92
> +
> +  CVE: CVE-2023-31486
> +
> +- Add check for `$ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT}` that
> +  enables the previous insecure default behaviour if set to `1`.
> +
> +  This provides a workaround for users who encounter problems with the
> +  new `verify_SSL` default.
> +
> +  Example to disable certificate checks:
> +  ```
> +$ PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT=1 ./script.pl
> +  ```
> +
> +- Updates to documentation:
> +  - Describe changing the verify_SSL value
> +  - Describe the escape-hatch environment variable
> +  - Remove rationale for not enabling verify_SSL
> +  - Add missing certificate search paths
> +  - Replace "SSL" with "TLS/SSL" where appropriate
> +  - Use "machine-in-the-middle" instead of "man-in-the-middle"
> +
> +Upstream-Status: Backport 
> [https://github.com/chansen/p5-http-tiny/commit/77f557ef84698efeb6eed04e4a9704eaf85b741d]
> +
> +Signed-off-by: Soumya 
> +Signed-off-by: virendra thakur 
> +---
> + cpan/HTTP-Tiny/lib/HTTP/Tiny.pm | 86 ++---
> + 1 file changed, 57 insertions(+), 29 deletions(-)
> +
> +diff --git a/cpan/HTTP-Tiny/lib/HTTP/Tiny.pm 
> b/cpan/HTTP-Tiny/lib/HTTP/Tiny.pm
> +index 5803e45..1808c41 100644
> +--- a/cpan/HTTP-Tiny/lib/HTTP/Tiny.pm
>  b/cpan/HTTP-Tiny/lib/HTTP/Tiny.pm
> +@@ -39,10 +39,14 @@ sub _croak { require Carp; Carp::croak(@_) }
> + #pod   C<$ENV{no_proxy}> —)
> + #pod * C — Request timeout in seconds (default is 60) If a socket 
> open,
> + #pod   read or write takes longer than the timeout, an exception is thrown.
> +-#pod * C — A boolean that indicates whether to validate the SSL
> +-#pod   certificate of an C — connection (default is false)
> ++#pod * C — A boolean that indicates whether to validate the 
> TLS/SSL
> ++#pod   certificate of an C — connection (default is true). Changed 
> from false
> ++#pod   to true in version 0.083.
> + #pod * C — A hashref of C — options to pass through to
> + #pod   L
> ++#pod * C<$ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT}> - Changes the default
> ++#pod   certificate verification behavior to not check server identity if 
> set to 1.
> ++#pod   Only effective if C is not set. Added in version 0.083.
> + #pod
> + #pod Passing an explicit C for C, C or 
> C will
> + #pod prevent getting the corresponding proxies from the environment.
> +@@ -108,11 +112,17 @@ sub timeout {
> + sub new {
> + my($class, %args) = @_;
> +
> ++# Support lower case verify_ssl argument, but only if verify_SSL is not
> ++# true.
> ++if ( exists $args{verify_ssl} ) {
> ++$args{verify_SSL}  ||= $args{verify_ssl};
> ++}
> ++
> + my $self = {
> + max_redirect => 5,
> + timeout  => defined $args{timeout} ? $args{timeout} : 60,
> + keep_alive   => 1,
> +-verify_SSL   => $args{verify_SSL} || $args{verify_ssl} || 0, # no 
> verification by default
> ++verify_SSL   => defined $args{verify_SSL} ? $args{verify_SSL} : 
> _verify_SSL_default(),
> +

[OE-core] [PATCH 1/2] libical: disable introspection in -native

2024-04-23 Thread Alexander Kanavin

From: Alexander Kanavin 

libical has a custom cmake introspection support,
and so native provisions by g-i class aren't effective
(it has only standard autoconf/meson options).

Signed-off-by: Alexander Kanavin 
---
 meta/recipes-support/libical/libical_3.0.18.bb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/meta/recipes-support/libical/libical_3.0.18.bb 
b/meta/recipes-support/libical/libical_3.0.18.bb
index 040d23b69d0..052ca57cfb0 100644
--- a/meta/recipes-support/libical/libical_3.0.18.bb
+++ b/meta/recipes-support/libical/libical_3.0.18.bb
@@ -37,7 +37,8 @@ EXTRA_OECMAKE += "-DICAL_BUILD_DOCS=false"
 EXTRA_OECMAKE:append:class-target = " 
-DGObjectIntrospection_COMPILER=${STAGING_BINDIR}/g-ir-compiler-wrapper"
 EXTRA_OECMAKE:append:class-target = " 
-DGObjectIntrospection_SCANNER=${STAGING_BINDIR}/g-ir-scanner-wrapper"
 EXTRA_OECMAKE += "-DVAPIGEN=${STAGING_BINDIR_NATIVE}/vapigen"
-EXTRA_OECMAKE += "${@bb.utils.contains('GI_DATA_ENABLED', 'True', 
'-DGOBJECT_INTROSPECTION=ON -DICAL_GLIB_VAPI=ON', 
'-DGOBJECT_INTROSPECTION=OFF', d)}"
+EXTRA_OECMAKE += "${@bb.utils.contains('GI_DATA_ENABLED', 'True', 
'-DGOBJECT_INTROSPECTION=ON -DICAL_GLIB_VAPI=ON', '-DGOBJECT_INTROSPECTION=OFF 
-DICAL_GLIB_VAPI=OFF', d)}"
+EXTRA_OECMAKE:append:class-native = " -DGOBJECT_INTROSPECTION=OFF 
-DICAL_GLIB_VAPI=OFF"
 
 # Tell the cross-libical where the tool it needs to build is
 EXTRA_OECMAKE:append:class-target = " 
-DIMPORT_ICAL_GLIB_SRC_GENERATOR=${STAGING_LIBDIR_NATIVE}/cmake/LibIcal/IcalGlibSrcGenerator.cmake"
-- 
2.39.2


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#198615): 
https://lists.openembedded.org/g/openembedded-core/message/198615
Mute This Topic: https://lists.openembedded.org/mt/105687643/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 2/2] glib/gobject-introspection: update 2.78.4 -> 2.80.0, 1.78.1 -> 1.80.0

2024-04-23 Thread Alexander Kanavin

From: Alexander Kanavin 

With these versions, which need to be updated in lockstep, upstream has
relocated glib introspection data from g-i tree to glib tree and made
its generation a part of the overall glib build. This creates a circular
dependency, where g-i tools are linked with glib, but glib needs the tools
to build its g-i data. (I don't know why the two source trees
couldn't be simply merged into one, or g-i data for glib couldn't be generated
inside g-i build against sysroot glib).

Upstream is suggesting building glib twice, first without building g-i data,
then building g-i and linking it with that version, then building
the final glib, and that's what is being done here (via the new
glib-initial recipe, which is sysroot-only, and is not pulled in
via indirect dependencies either).

Other glib changes:
0001-Do-not-write-bindir-into-pkg-config-files.patch restores
writing bindir variable into glib.pc file (meson only writes
it out if other variables depend on it, and this custom patch
removes that dependency).

0001-girepository-introspection-correctly-install-.gir-fi.patch
ensures correct installation of .gir into something else
than $datadir (useful in multilib).

Merge previous glib .bb into .inc, so that glib and glib-initial
recipes could be cleanly separated with no duplication.

Convert from gtk-doc to gi-docgen, and manpages from xmlto to
docutils.

Signed-off-by: Alexander Kanavin 
---
 meta/conf/distro/include/maintainers.inc  |   1 +
 ...t-write-bindir-into-pkg-config-files.patch |  31 +-
 ...0001-Fix-DATADIRNAME-on-uclibc-Linux.patch |   2 +-
 ...-gio-querymodules-as-libexec_PROGRAM.patch |   6 +-
 ...ng-about-deprecated-paths-in-schemas.patch |   2 +-
 ...-correctly-when-building-with-mingw3.patch |  20 +-
 ...ces.c-comment-out-a-build-host-only-.patch |   4 +-
 ...rospection-correctly-install-.gir-fi.patch |  88 +
 ...on-Run-atomics-test-on-clang-as-well.patch |   6 +-
 ...ot-enable-pidfd-features-on-native-g.patch |   6 +-
 ...dcode-python-path-into-various-tools.patch |   4 +-
 .../{glib-2.0 => files}/meson.cross.d/common  |   0
 .../meson.cross.d/common-glibc|   0
 .../meson.cross.d/common-linux|   0
 .../meson.cross.d/common-mingw|   0
 .../meson.cross.d/common-musl |   0
 .../relocate-modules.patch|   8 +-
 .../glib-2.0/{glib-2.0 => files}/run-ptest|   0
 .../{glib-2.0 => files}/skip-timeout.patch|   7 +-
 .../glib-2.0/glib-2.0-initial_2.80.0.bb   |   5 +
 ...deprecated-distutils-module-to-the-p.patch |  34 --
 .../glib-2.0/glib-2.0/fix-regex.patch |  54 ---
 .../glib-2.0/glib-2.0/memory-monitor.patch| 361 --
 meta/recipes-core/glib-2.0/glib-2.0_2.78.4.bb |  57 ---
 meta/recipes-core/glib-2.0/glib-2.0_2.80.0.bb |   1 +
 meta/recipes-core/glib-2.0/glib.inc   |  74 +++-
 ...pository-directory-for-native-builds.patch |  11 +-
 ...8.1.bb => gobject-introspection_1.80.1.bb} |   8 +-
 28 files changed, 221 insertions(+), 569 deletions(-)
 rename meta/recipes-core/glib-2.0/{glib-2.0 => 
files}/0001-Do-not-write-bindir-into-pkg-config-files.patch (68%)
 rename meta/recipes-core/glib-2.0/{glib-2.0 => 
files}/0001-Fix-DATADIRNAME-on-uclibc-Linux.patch (92%)
 rename meta/recipes-core/glib-2.0/{glib-2.0 => 
files}/0001-Install-gio-querymodules-as-libexec_PROGRAM.patch (84%)
 rename meta/recipes-core/glib-2.0/{glib-2.0 => 
files}/0001-Remove-the-warning-about-deprecated-paths-in-schemas.patch (95%)
 rename meta/recipes-core/glib-2.0/{glib-2.0 => 
files}/0001-Set-host_machine-correctly-when-building-with-mingw3.patch (80%)
 rename meta/recipes-core/glib-2.0/{glib-2.0 => 
files}/0001-gio-tests-resources.c-comment-out-a-build-host-only-.patch (92%)
 create mode 100644 
meta/recipes-core/glib-2.0/files/0001-girepository-introspection-correctly-install-.gir-fi.patch
 rename meta/recipes-core/glib-2.0/{glib-2.0 => 
files}/0001-meson-Run-atomics-test-on-clang-as-well.patch (88%)
 rename meta/recipes-core/glib-2.0/{glib-2.0 => 
files}/0001-meson.build-do-not-enable-pidfd-features-on-native-g.patch (84%)
 rename meta/recipes-core/glib-2.0/{glib-2.0 => 
files}/0010-Do-not-hardcode-python-path-into-various-tools.patch (93%)
 rename meta/recipes-core/glib-2.0/{glib-2.0 => files}/meson.cross.d/common 
(100%)
 rename meta/recipes-core/glib-2.0/{glib-2.0 => 
files}/meson.cross.d/common-glibc (100%)
 rename meta/recipes-core/glib-2.0/{glib-2.0 => 
files}/meson.cross.d/common-linux (100%)
 rename meta/recipes-core/glib-2.0/{glib-2.0 => 
files}/meson.cross.d/common-mingw (100%)
 rename meta/recipes-core/glib-2.0/{glib-2.0 => 
files}/meson.cross.d/common-musl (100%)
 rename meta/recipes-core/glib-2.0/{glib-2.0 => files}/relocate-modules.patch 
(86%)
 rename meta/recipes-core/glib-2.0/{glib-2.0 => files}/run-ptest (100%)
 rename meta/recipes-core/glib-2.0/{glib-2.0 => files}/skip-timeout.patch (90%)
 create mode 100644

Re: [OE-core] [PATCH 19/19] connman: submit 0002-resolve-musl-does-not-implement-res_ninit.patch upstream

2024-04-23 Thread Ross Burton

On 19 Apr 2024, at 13:19, Alexander Kanavin via lists.openembedded.org 
 wrote:
> -Upstream-Status: Pending
> +Upstream-Status: Submitted [to conn...@lists.linux.dev,mar...@holtmann.org]

Links to the actual posts make it much easier to find any discussion in the 
future:

https://lore.kernel.org/connman/2024030918.1399173-1-a...@linutronix.de/T/#u

Ross
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#198614): 
https://lists.openembedded.org/g/openembedded-core/message/198614
Mute This Topic: https://lists.openembedded.org/mt/105616511/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH 14/19] libtraceevent: submit meson.patch upstream

2024-04-23 Thread Ross Burton

On 19 Apr 2024, at 13:19, Alexander Kanavin via lists.openembedded.org 
 wrote:
> -Upstream-Status: Pending
> +Upstream-Status: Submitted [via email to 
> linux-trace-de...@vger.kernel.org,rost...@goodmis.org]

A link to the thread makes it easier to find any discussion in a years time:

https://lore.kernel.org/linux-trace-devel/2024031140.1789879-1-a...@linutronix.de/T/#u

Ross


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#198613): 
https://lists.openembedded.org/g/openembedded-core/message/198613
Mute This Topic: https://lists.openembedded.org/mt/105616506/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH v2] shadow: install manpages

2024-04-23 Thread Ross Burton

On 11 Apr 2024, at 23:36, Dan McGregor via lists.openembedded.org 
 wrote:
> +do_install:append:class-nativesdk() {
> + oe_runmake -C ${B}/man DESTDIR="${D}" sbindir="${base_sbindir}" 
> usbindir="${sbindir}" install-man
> +}
> +
> +do_install:append:class-target() {
> + oe_runmake -C ${B}/man DESTDIR="${D}" sbindir="${base_sbindir}" 
> usbindir="${sbindir}" install-man
> +}

As ${mandir} is explicitly removed from the sysroot for native builds, you 
could probably just do this in do_install and let the system throw away the man 
pages in the native case.

Ross


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#198612): 
https://lists.openembedded.org/g/openembedded-core/message/198612
Mute This Topic: https://lists.openembedded.org/mt/105473133/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] git: set --with-gitconfig=/etc/gitconfig for -native builds

2024-04-23 Thread Rasmus Villemoes via lists.openembedded.org

From: Rasmus Villemoes 

Commit 6c2ae2346db0 (kern-tools: depend on git-replacement-native)
broke our kernel builds. For saving space and time, we have a DL_DIR
shared between multiple users/buildbots, not all of which run with the
same uid (and with appropriate sticky bits set so that files
downloaded by one user become owned by a common group and are readable
by others). This works fine also for git sources because the docker
images we use all have a /etc/gitconfig with

  [safe]
directory = *

But with the mentioned commit, the host's git is no longer used for
do_unpack (nor for do_fetch if re-building and sysroot has already
been populated by a previous build), causing spurious "fatal: detected
dubious ownership..." failures.

Currently, the path where the git-native binary searches for system
gitconfig is the sysroot from it was built, which obviously doesn't
contain a /etc/gitconfig. As for the nativesdk variant, respect the
host's /etc/gitconfig if present.

Signed-off-by: Rasmus Villemoes 
---
 meta/recipes-devtools/git/git_2.44.0.bb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/recipes-devtools/git/git_2.44.0.bb 
b/meta/recipes-devtools/git/git_2.44.0.bb
index 90e555eba7..78b00dd19f 100644
--- a/meta/recipes-devtools/git/git_2.44.0.bb
+++ b/meta/recipes-devtools/git/git_2.44.0.bb
@@ -40,6 +40,7 @@ EXTRA_OECONF = 
"--with-perl=${STAGING_BINDIR_NATIVE}/perl-native/perl \
--without-iconv \
 "
 EXTRA_OECONF:append:class-nativesdk = " --with-gitconfig=/etc/gitconfig "
+EXTRA_OECONF:append:class-native = " --with-gitconfig=/etc/gitconfig "
 
 # Needs brokensep as this doesn't use automake
 inherit autotools-brokensep perlnative bash-completion manpages
-- 
2.40.1.1.g1c60b9335d


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#198611): 
https://lists.openembedded.org/g/openembedded-core/message/198611
Mute This Topic: https://lists.openembedded.org/mt/105686820/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell][PATCH] perl: Fix CVE-2023-31486

2024-04-23 Thread virendra thakur

From: Soumya 

HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available
standalone on CPAN, has an insecure default TLS configuration where
users must opt in to verify certificates.

References:
https://nvd.nist.gov/vuln/detail/CVE-2023-31486

Upstream patches:
https://github.com/chansen/p5-http-tiny/commit/77f557ef84698efeb6eed04e4a9704eaf85b741d
https://github.com/chansen/p5-http-tiny/commit/a22785783b17cbaa28afaee4a024d81a1903701d

(From OE-Core rev: 5819c839e1de92ab7669a0d4997886d0306c4cc1)

Signed-off-by: Soumya 
Signed-off-by: Steve Sakoman 
(cherry picked from commit 80ecd63cc84d7eb9db26ec47d4afcf5a59d598e8)

Signed-off-by: virendra thakur 
---
 .../perl/files/CVE-2023-31486-0001.patch  | 216 ++
 .../perl/files/CVE-2023-31486-0002.patch  |  36 +++
 meta/recipes-devtools/perl/perl_5.30.1.bb |   2 +
 3 files changed, 254 insertions(+)
 create mode 100644 meta/recipes-devtools/perl/files/CVE-2023-31486-0001.patch
 create mode 100644 meta/recipes-devtools/perl/files/CVE-2023-31486-0002.patch

diff --git a/meta/recipes-devtools/perl/files/CVE-2023-31486-0001.patch 
b/meta/recipes-devtools/perl/files/CVE-2023-31486-0001.patch
new file mode 100644
index 00..d8326b4ef8
--- /dev/null
+++ b/meta/recipes-devtools/perl/files/CVE-2023-31486-0001.patch
@@ -0,0 +1,216 @@
+From 77f557ef84698efeb6eed04e4a9704eaf85b741d
+From: Stig Palmquist 
+Date: Mon Jun 5 16:46:22 2023 +0200
+Subject: [PATCH] Change verify_SSL default to 1, add ENV var to enable
+ insecure default - Changes the `verify_SSL` default parameter from `0` to `1`
+
+  Based on patch by Dominic Hargreaves:
+  
https://salsa.debian.org/perl-team/interpreter/perl/-/commit/1490431e40e22052f75a0b3449f1f53cbd27ba92
+
+  CVE: CVE-2023-31486
+
+- Add check for `$ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT}` that
+  enables the previous insecure default behaviour if set to `1`.
+
+  This provides a workaround for users who encounter problems with the
+  new `verify_SSL` default.
+
+  Example to disable certificate checks:
+  ```
+$ PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT=1 ./script.pl
+  ```
+
+- Updates to documentation:
+  - Describe changing the verify_SSL value
+  - Describe the escape-hatch environment variable
+  - Remove rationale for not enabling verify_SSL
+  - Add missing certificate search paths
+  - Replace "SSL" with "TLS/SSL" where appropriate
+  - Use "machine-in-the-middle" instead of "man-in-the-middle"
+
+Upstream-Status: Backport 
[https://github.com/chansen/p5-http-tiny/commit/77f557ef84698efeb6eed04e4a9704eaf85b741d]
+
+Signed-off-by: Soumya 
+Signed-off-by: virendra thakur 
+---
+ cpan/HTTP-Tiny/lib/HTTP/Tiny.pm | 86 ++---
+ 1 file changed, 57 insertions(+), 29 deletions(-)
+
+diff --git a/cpan/HTTP-Tiny/lib/HTTP/Tiny.pm b/cpan/HTTP-Tiny/lib/HTTP/Tiny.pm
+index 5803e45..1808c41 100644
+--- a/cpan/HTTP-Tiny/lib/HTTP/Tiny.pm
 b/cpan/HTTP-Tiny/lib/HTTP/Tiny.pm
+@@ -39,10 +39,14 @@ sub _croak { require Carp; Carp::croak(@_) }
+ #pod   C<$ENV{no_proxy}> ???)
+ #pod * C ??? Request timeout in seconds (default is 60) If a socket 
open,
+ #pod   read or write takes longer than the timeout, an exception is thrown.
+-#pod * C ??? A boolean that indicates whether to validate the SSL
+-#pod   certificate of an C ??? connection (default is false)
++#pod * C ??? A boolean that indicates whether to validate the 
TLS/SSL
++#pod   certificate of an C ??? connection (default is true). Changed 
from false
++#pod   to true in version 0.083.
+ #pod * C ??? A hashref of C ??? options to pass through to
+ #pod   L
++#pod * C<$ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT}> - Changes the default
++#pod   certificate verification behavior to not check server identity if set 
to 1.
++#pod   Only effective if C is not set. Added in version 0.083.
+ #pod
+ #pod Passing an explicit C for C, C or 
C will
+ #pod prevent getting the corresponding proxies from the environment.
+@@ -108,11 +112,17 @@ sub timeout {
+ sub new {
+ my($class, %args) = @_;
+
++# Support lower case verify_ssl argument, but only if verify_SSL is not
++# true.
++if ( exists $args{verify_ssl} ) {
++$args{verify_SSL}  ||= $args{verify_ssl};
++}
++
+ my $self = {
+ max_redirect => 5,
+ timeout  => defined $args{timeout} ? $args{timeout} : 60,
+ keep_alive   => 1,
+-verify_SSL   => $args{verify_SSL} || $args{verify_ssl} || 0, # no 
verification by default
++verify_SSL   => defined $args{verify_SSL} ? $args{verify_SSL} : 
_verify_SSL_default(),
+ no_proxy => $ENV{no_proxy},
+ };
+
+@@ -131,6 +141,13 @@ sub new {
+ return $self;
+ }
+
++sub _verify_SSL_default {
++my ($self) = @_;
++# Check if insecure default certificate verification behaviour has been
++# changed by the user by setting PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT=1
++return (($ENV{PERL_HTTP_TINY_INSECURE_BY_DEFAULT} || '') eq '1') ? 0 : 1;
++}
++
+

[OE-core][dunfell][PATCH 4/4] binutils: Mark CVE-2022-47673 as patch

2024-04-23 Thread virendra thakur

the fix for this issue seems to be the same as the one for the issue
described by CVE-2023-25584.

Reference: https://ubuntu.com/security/CVE-2022-47673

Signed-off-by: virendra thakur 
---
 meta/recipes-devtools/binutils/binutils/CVE-2023-25584.patch | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2023-25584.patch 
b/meta/recipes-devtools/binutils/binutils/CVE-2023-25584.patch
index 732ea43210..f85e9c08de 100644
--- a/meta/recipes-devtools/binutils/binutils/CVE-2023-25584.patch
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2023-25584.patch
@@ -1,6 +1,7 @@
-CVE: CVE-2023-25584
+CVE: CVE-2023-25584 CVE-2022-47673
 Upstream-Status: Backport [ import from ubuntu 
http://archive.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.34-6ubuntu1.7.debian.tar.xz
  upstream  
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=77c225bdeb410cf60da804879ad41622f5f1aa44
 ]
 Signed-off-by: Lee Chee Yang 
+Signed-off-by: Virendra Thakur 
 
 [Ubuntu note: this is backport of the original patch, no major changes just
  fix this patch for this release]
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#198609): 
https://lists.openembedded.org/g/openembedded-core/message/198609
Mute This Topic: https://lists.openembedded.org/mt/105685935/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell][PATCH 3/4] binutils: Fix CVE-2022-48065

2024-04-23 Thread virendra thakur

Add patch file to fix CVE-2022-48065

Reference: 
https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/binutils/2.34-6ubuntu1.9/binutils_2.34-6ubuntu1.9.debian.tar.xz

Signed-off-by: virendra thakur 
---
 .../binutils/binutils-2.34.inc|   1 +
 .../binutils/binutils/CVE-2022-48065.patch| 115 ++
 2 files changed, 116 insertions(+)
 create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2022-48065.patch

diff --git a/meta/recipes-devtools/binutils/binutils-2.34.inc 
b/meta/recipes-devtools/binutils/binutils-2.34.inc
index fd6138be1e..5ebc7c6f34 100644
--- a/meta/recipes-devtools/binutils/binutils-2.34.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.34.inc
@@ -61,6 +61,7 @@ SRC_URI = "\
  file://CVE-2022-47010.patch \
  file://CVE-2022-47011.patch \
  file://CVE-2022-48063.patch \
+ file://CVE-2022-48065.patch \
  file://CVE-2022-47695.patch \
  file://CVE-2022-44840.patch \
  file://CVE-2022-45703-0.patch \
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2022-48065.patch 
b/meta/recipes-devtools/binutils/binutils/CVE-2022-48065.patch
new file mode 100644
index 00..c157a6144c
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2022-48065.patch
@@ -0,0 +1,115 @@
+From: Nick Galanis 
+Subject: [SECURITY UPDATE] Memory leak in find_abstract_instance 
(CVE-2022-48065)
+Description:
+
+ Origin: backport, 
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d28fbc7197ba0e021a43f873eff90b05dcdcff6a
+
+ [Canonical note: (nickgalanis) Minor backports were needed for almost every 
hunk
+  in order to apply to current code. Those backports do not change the 
functionality
+  of the code or alter the patch, whose goal is to not use the `name` var.
+  Moreover, in scan_unit_for_symbols(), the if statement originally present in 
the
+  patch was removed, as its introudction by PR28691 needed an intrusive 
backport
+  to apply. Again, the nature of the fix is not changed, as its goal is to 
free the 
+  variables before their re-assignment, something that is being achieved]
+
+ From d28fbc7197ba0e021a43f873eff90b05dcdcff6a Mon Sep 17 00:00:00 2001
+ From: Alan Modra 
+ Date: Wed, 21 Dec 2022 21:40:12 +1030
+ Subject: [PATCH] PR29925, Memory leak in find_abstract_instance
+ 
+ The testcase in the PR had a variable with both DW_AT_decl_file and
+ DW_AT_specification, where the DW_AT_specification also specified
+ DW_AT_decl_file.  This leads to a memory leak as the file name is
+ malloced and duplicates are not expected.
+
+ I've also changed find_abstract_instance to not use a temp for "name",
+ because that can result in a change in behaviour from the usual last
+ of duplicate attributes wins.
+
+   PR 29925 
+   * dwarf2.c (find_abstract_instance): Delete "name" variable.
+   Free *filename_ptr before assigning new file name.
+   (scan_unit_for_symbols): Similarly free func->file and
+   var->file before assigning.
+
+Upstream-Status: Backport 
[https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d28fbc7197ba0e021a43f873eff90b05dcdcff6a]
+
+CVE: CVE-2022-48065
+
+Signed-off-by: Virendra Thakur 
+ ---
+  bfd/dwarf2.c | 31 +++
+  1 file changed, 19 insertions(+), 12 deletions(-)
+
+Index: binutils-2.34/bfd/dwarf2.c
+===
+--- binutils-2.34.orig/bfd/dwarf2.c
 binutils-2.34/bfd/dwarf2.c
+@@ -2910,7 +2910,6 @@ find_abstract_instance (struct comp_unit
+   struct abbrev_info *abbrev;
+   bfd_uint64_t die_ref = attr_ptr->u.val;
+   struct attribute attr;
+-  const char *name = NULL;
+ 
+   if (recur_count == 100)
+ {
+@@ -3077,16 +3076,16 @@ find_abstract_instance (struct comp_unit
+   case DW_AT_name:
+ /* Prefer DW_AT_MIPS_linkage_name or DW_AT_linkage_name
+over DW_AT_name.  */
+-if (name == NULL && is_str_attr (attr.form))
++if (*pname == NULL && is_str_attr (attr.form))
+   {
+-name = attr.u.str;
++*pname = attr.u.str;
+ if (non_mangled (unit->lang))
+   *is_linkage = TRUE;
+   }
+ break;
+   case DW_AT_specification:
+ if (!find_abstract_instance (unit, , recur_count + 1,
+- , is_linkage,
++ pname, is_linkage,
+  filename_ptr, linenumber_ptr))
+   return FALSE;
+ break;
+@@ -3096,13 +3095,14 @@ find_abstract_instance (struct comp_unit
+non-string forms into these attributes.  */
+ if (is_str_attr (attr.form))
+   {
+-name = attr.u.str;
++*pname = attr.u.str;
+ *is_linkage = TRUE;
+

[OE-core][dunfell][PATCH 2/4] binutils: Fix CVE-2022-45703

2024-04-23 Thread virendra thakur

Add patch file to fix CVE-2022-45703

Reference: 
https://answers.launchpad.net/ubuntu/+archive/primary/+sourcefiles/binutils/2.34-6ubuntu1.8/binutils_2.34-6ubuntu1.8.debian.tar.xz

Signed-off-by: virendra thakur 
---
 .../binutils/binutils-2.34.inc|   2 +
 .../binutils/binutils/CVE-2022-45703-0.patch  | 148 ++
 .../binutils/binutils/CVE-2022-45703-1.patch  |  36 +
 3 files changed, 186 insertions(+)
 create mode 100644 
meta/recipes-devtools/binutils/binutils/CVE-2022-45703-0.patch
 create mode 100644 
meta/recipes-devtools/binutils/binutils/CVE-2022-45703-1.patch

diff --git a/meta/recipes-devtools/binutils/binutils-2.34.inc 
b/meta/recipes-devtools/binutils/binutils-2.34.inc
index 64f66a30a9..fd6138be1e 100644
--- a/meta/recipes-devtools/binutils/binutils-2.34.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.34.inc
@@ -63,5 +63,7 @@ SRC_URI = "\
  file://CVE-2022-48063.patch \
  file://CVE-2022-47695.patch \
  file://CVE-2022-44840.patch \
+ file://CVE-2022-45703-0.patch \
+ file://CVE-2022-45703-1.patch \
 "
 S  = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2022-45703-0.patch 
b/meta/recipes-devtools/binutils/binutils/CVE-2022-45703-0.patch
new file mode 100644
index 00..a89456cae4
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2022-45703-0.patch
@@ -0,0 +1,148 @@
+Origin: backport, 
https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=244e19c79111eed017ee38ab1d44fb2a6cd1b636
+
+From 244e19c79111eed017ee38ab1d44fb2a6cd1b636 Mon Sep 17 00:00:00 2001
+From: Alan Modra 
+Date: Tue, 24 May 2022 09:32:14 +0930
+Subject: [PATCH] PR29169, invalid read displaying fuzzed .gdb_index
+
+   PR 29169
+   * dwarf.c (display_gdb_index): Combine sanity checks.  Calculate
+   element counts, not word counts.
+
+Upstream-Status: Backport 
[https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=244e19c79111eed017ee38ab1d44fb2a6cd1b636]
+
+CVE: CVE-2022-45703
+
+Signed-off-by: Virendra Thakur 
+---
+ binutils/dwarf.c | 80 +---
+ 1 file changed, 22 insertions(+), 58 deletions(-)
+
+Index: binutils-2.34/binutils/dwarf.c
+===
+--- binutils-2.34.orig/binutils/dwarf.c
 binutils-2.34/binutils/dwarf.c
+@@ -9208,7 +9208,7 @@ display_gdb_index (struct dwarf_section
+   uint32_t cu_list_offset, tu_list_offset;
+   uint32_t address_table_offset, symbol_table_offset, constant_pool_offset;
+   unsigned int cu_list_elements, tu_list_elements;
+-  unsigned int address_table_size, symbol_table_slots;
++  unsigned int address_table_elements, symbol_table_slots;
+   unsigned char *cu_list, *tu_list;
+   unsigned char *address_table, *symbol_table, *constant_pool;
+   unsigned int i;
+@@ -9256,48 +9256,19 @@ display_gdb_index (struct dwarf_section
+   || tu_list_offset > section->size
+   || address_table_offset > section->size
+   || symbol_table_offset > section->size
+-  || constant_pool_offset > section->size)
++  || constant_pool_offset > section->size
++  || tu_list_offset < cu_list_offset
++  || address_table_offset < tu_list_offset
++  || symbol_table_offset < address_table_offset
++  || constant_pool_offset < symbol_table_offset)
+ {
+   warn (_("Corrupt header in the %s section.\n"), section->name);
+   return 0;
+ }
+ 
+-  /* PR 17531: file: 418d0a8a.  */
+-  if (tu_list_offset < cu_list_offset)
+-{
+-  warn (_("TU offset (%x) is less than CU offset (%x)\n"),
+-  tu_list_offset, cu_list_offset);
+-  return 0;
+-}
+-
+-  cu_list_elements = (tu_list_offset - cu_list_offset) / 8;
+-
+-  if (address_table_offset < tu_list_offset)
+-{
+-  warn (_("Address table offset (%x) is less than TU offset (%x)\n"),
+-  address_table_offset, tu_list_offset);
+-  return 0;
+-}
+-
+-  tu_list_elements = (address_table_offset - tu_list_offset) / 8;
+-
+-  /* PR 17531: file: 18a47d3d.  */
+-  if (symbol_table_offset < address_table_offset)
+-{
+-  warn (_("Symbol table offset (%x) is less then Address table offset 
(%x)\n"),
+-  symbol_table_offset, address_table_offset);
+-  return 0;
+-}
+-
+-  address_table_size = symbol_table_offset - address_table_offset;
+-
+-  if (constant_pool_offset < symbol_table_offset)
+-{
+-  warn (_("Constant pool offset (%x) is less than symbol table offset 
(%x)\n"),
+-  constant_pool_offset, symbol_table_offset);
+-  return 0;
+-}
+-
++  cu_list_elements = (tu_list_offset - cu_list_offset) / 16;
++  tu_list_elements = (address_table_offset - tu_list_offset) / 24;
++  address_table_elements = (symbol_table_offset - address_table_offset) / 20;
+   symbol_table_slots = (constant_pool_offset - symbol_table_offset) / 8;
+ 
+   cu_list = start + cu_list_offset;
+@@ -9306,31 +9277,25 @@ display_gdb_index (struct dwarf_section
+

[OE-core][dunfell][PATCH 1/4] binutils: Fix CVE-2022-44840

2024-04-23 Thread virendra thakur

Add patch file to fix CVE-2022-44840

Reference: 
https://answers.launchpad.net/ubuntu/+archive/primary/+sourcefiles/binutils/2.34-6ubuntu1.8/binutils_2.34-6ubuntu1.8.debian.tar.xz

Signed-off-by: virendra thakur 
---
 .../binutils/binutils-2.34.inc|   1 +
 .../binutils/binutils/CVE-2022-44840.patch| 162 ++
 2 files changed, 163 insertions(+)
 create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2022-44840.patch

diff --git a/meta/recipes-devtools/binutils/binutils-2.34.inc 
b/meta/recipes-devtools/binutils/binutils-2.34.inc
index 032263fe63..64f66a30a9 100644
--- a/meta/recipes-devtools/binutils/binutils-2.34.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.34.inc
@@ -62,5 +62,6 @@ SRC_URI = "\
  file://CVE-2022-47011.patch \
  file://CVE-2022-48063.patch \
  file://CVE-2022-47695.patch \
+ file://CVE-2022-44840.patch \
 "
 S  = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2022-44840.patch 
b/meta/recipes-devtools/binutils/binutils/CVE-2022-44840.patch
new file mode 100644
index 00..288219871d
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2022-44840.patch
@@ -0,0 +1,162 @@
+[Ubuntu note: commit af2ddf69ab85 is not included in this version of the code,
+ so adjustments had to be made to the 2nd hunk in order for it to apply
+ cleanly and in order to have the added code match correct macro usage for
+ this version of binutils (SAFE_BYTE_GET64 is called with signature_high and
+ signature_low in this version of the code, but not in the added lines of the
+ original patch).
+ -- Camila Camargo de Matos ]
+
+Origin: backport, 
https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=28750e3b967da2207d51cbce9fc8be262817ee59
+
+From 28750e3b967da2207d51cbce9fc8be262817ee59 Mon Sep 17 00:00:00 2001
+From: Alan Modra 
+Date: Sun, 30 Oct 2022 19:08:51 +1030
+Subject: [PATCH] Pool section entries for DWP version 1
+
+Ref: https://gcc.gnu.org/wiki/DebugFissionDWP?action=recall=3
+
+Fuzzers have found a weakness in the code stashing pool section
+entries.  With random nonsensical values in the index entries (rather
+than each index pointing to its own set distinct from other sets),
+it's possible to overflow the space allocated, losing the NULL
+terminator.  Without a terminator, find_section_in_set can run off the
+end of the shndx_pool buffer.  Fix this by scanning the pool directly.
+
+binutils/
+   * dwarf.c (add_shndx_to_cu_tu_entry): Delete range check.
+   (end_cu_tu_entry): Likewise.
+   (process_cu_tu_index): Fill shndx_pool by directly scanning
+   pool, rather than indirectly from index entries.
+
+Upstream-Status: Backport 
[https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=28750e3b967da2207d51cbce9fc8be262817ee59]
+
+CVE: CVE-2022-44840
+
+Signed-off-by: Virendra Thakur 
+---
+ binutils/dwarf.c | 90 ++--
+ 1 file changed, 41 insertions(+), 49 deletions(-)
+
+Index: binutils-2.34/binutils/dwarf.c
+===
+--- binutils-2.34.orig/binutils/dwarf.c
 binutils-2.34/binutils/dwarf.c
+@@ -9454,22 +9454,12 @@ prealloc_cu_tu_list (unsigned int nshndx
+ static void
+ add_shndx_to_cu_tu_entry (unsigned int shndx)
+ {
+-  if (shndx_pool_used >= shndx_pool_size)
+-{
+-  error (_("Internal error: out of space in the shndx pool.\n"));
+-  return;
+-}
+   shndx_pool [shndx_pool_used++] = shndx;
+ }
+ 
+ static void
+ end_cu_tu_entry (void)
+ {
+-  if (shndx_pool_used >= shndx_pool_size)
+-{
+-  error (_("Internal error: out of space in the shndx pool.\n"));
+-  return;
+-}
+   shndx_pool [shndx_pool_used++] = 0;
+ }
+ 
+@@ -9578,54 +9568,55 @@ process_cu_tu_index (struct dwarf_sectio
+ 
+   if (version == 1)
+ {
++  unsigned char *shndx_list;
++  unsigned int shndx;
++
+   if (!do_display)
+-  prealloc_cu_tu_list ((limit - ppool) / 4);
+-  for (i = 0; i < nslots; i++)
+   {
+-unsigned char *shndx_list;
+-unsigned int shndx;
+-
+-SAFE_BYTE_GET64 (phash, _high, _low, limit);
+-if (signature_high != 0 || signature_low != 0)
++ prealloc_cu_tu_list ((limit - ppool) / 4);
++ for (shndx_list = ppool + 4; shndx_list <= limit - 4; shndx_list += 
4)
+   {
+-SAFE_BYTE_GET (j, pindex, 4, limit);
+-shndx_list = ppool + j * 4;
+-/* PR 17531: file: 705e010d.  */
+-if (shndx_list < ppool)
+-  {
+-warn (_("Section index pool located before start of 
section\n"));
+-return 0;
+-  }
+-
+-if (do_display)
++shndx = byte_get (shndx_list, 4);
++add_shndx_to_cu_tu_entry (shndx);
++  }
++end_cu_tu_entry ();
++  }
++  else
++  for (i = 0; i < nslots; i++)
++{
++  SAFE_BYTE_GET64 (phash, _high, _low,

Re: [OE-core] [PATCH 1/1] [mesa] Update do_install as needed per upstream changes

2024-04-23 Thread Alexander Kanavin

On Mon, 22 Apr 2024 at 16:50, Joseph Mills via lists.openembedded.org
 wrote:
>
> Signed-off-by: Joseph Mills 
>
> Developer's Certificate of Origin 1.1
...

Please remove the text of the DCO from the commit message, it is
entirely unnecessary.

Commit title should be 'mesa: correct sed expression in do_install to
match upstream changes'.

>  #because we cannot rely on the fact that all apps will use pkgconfig,
> -#make eglplatform.h independent of MESA_EGL_NO_X11_HEADER
> +#make eglplatform.h independent of USE_X11
>  do_install:append() {
># sed can't find EGL/eglplatform.h as it doesn't get installed when glvnd 
> enabled.
># So, check if EGL/eglplatform.h exists before running sed.
>if ${@bb.utils.contains('PACKAGECONFIG', 'egl', 'true', 'false', d)} && [ 
> -f ${D}${includedir}/EGL/eglplatform.h ]; then
> -  sed -i -e 's/^#elif defined(__unix__) && defined(EGL_NO_X11)$/#elif 
> defined(__unix__) \&\& defined(EGL_NO_X11) || 
> ${@bb.utils.contains('PACKAGECONFIG', 'x11', '0', '1', d)}/' 
> ${D}${includedir}/EGL/eglplatform.h
> +  sed -i -e 's/^#elif defined(USE_X11)$/#elif 
> ${@bb.utils.contains('PACKAGECONFIG', 'x11', '1', '0', d)}/' 
> ${D}${includedir}/EGL/eglplatform.h

Is there a way to make this into a proper source code patch that can
be applied in a way that would fail when upstream changes the code?
Sed expressions are notoriously unreliable, and this can well again
quietly regress.

What is this patching really needed for, and why do we need to do it
after the fact? Is there some issue that needs to be resolved
upstream? I'm honestly tempted to drop this rather horrible snippet
altogether, and force people to resolve it properly.

Alex

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#198605): 
https://lists.openembedded.org/g/openembedded-core/message/198605
Mute This Topic: https://lists.openembedded.org/mt/105670960/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [yocto] [qa-build-notification] QA notification for completed autobuilder build (yocto-3.1.33.rc1)

Re: [OE-core][PATCH v2] libbsd: Fix conflict error when enable multilib.

Re: [OE-core] [qa-build-notification] QA notification for completed autobuilder build (yocto-5.0.rc4)

Re: [OE-core] [PATCH] ffmpeg: backport patches to use new Vulkan AV1 codec API

[oe-core][PATCH 1/1] oe-debuginfod: add option for data storage

Patchtest results for [OE-core][master][scarthgap][PATCH] glibc: Update to latest on stable 2.39 branch

[OE-core][master][scarthgap][PATCH] glibc: Update to latest on stable 2.39 branch

[OE-core][kirkstone][PATCH] glibc: Update to latest on stable 2.35 branch

[OE-core] OpenEmbedded Happy Hour April 24 9pm/2100 UTC

[OE-core][kirkstone][PATCH] rpm: Backport fix CVE-2021-35939

Re: [OE-Core] [PATCH 27/34] python3-setuptools: upgrade 69.1.1 -> 69.2.0

[yocto] Yocto Project Status 23 April 2024 (WW16)

Re: [OE-core] [PATCH v2] linux-firmware: Move Intel AC 9260 bluetooth firmware to a separate package

[OE-core] [PATCH v2] linux-firmware: Move Intel AC 9260 bluetooth firmware to a separate package

Re: [OE-core] [PATCH] linux-firmware: Move 9260 bluetooth firmware to a separate package

Re: [OE-core] Set the CMake BUILD_TESTING option to OFF as the default setting

Re: [OE-core][kirkstone][PATCH] libssh2: backport fix for CVE-2023-48795

Re: [OE-Core] [PATCH 27/34] python3-setuptools: upgrade 69.1.1 -> 69.2.0

[OE-core] Set the CMake BUILD_TESTING option to OFF as the default setting

[OE-core] [PATCH] linux-firmware: Move 9260 bluetooth firmware to a separate package

Re: [OE-core] [dunfell][PATCH] populate_sdk_ext.bbclass: only overwrite lsb string if uninative is used

Re: [OE-core][dunfell][PATCH 1/4] binutils: Fix CVE-2022-44840

Re: [OE-core][dunfell][PATCH] perl: Fix CVE-2023-31486

[OE-core] [PATCH 1/2] libical: disable introspection in -native

[OE-core] [PATCH 2/2] glib/gobject-introspection: update 2.78.4 -> 2.80.0, 1.78.1 -> 1.80.0

Re: [OE-core] [PATCH 19/19] connman: submit 0002-resolve-musl-does-not-implement-res_ninit.patch upstream

Re: [OE-core] [PATCH 14/19] libtraceevent: submit meson.patch upstream

Re: [OE-core] [PATCH v2] shadow: install manpages

[OE-core] [PATCH] git: set --with-gitconfig=/etc/gitconfig for -native builds

[OE-core][dunfell][PATCH] perl: Fix CVE-2023-31486

[OE-core][dunfell][PATCH 4/4] binutils: Mark CVE-2022-47673 as patch

[OE-core][dunfell][PATCH 3/4] binutils: Fix CVE-2022-48065

[OE-core][dunfell][PATCH 2/4] binutils: Fix CVE-2022-45703

[OE-core][dunfell][PATCH 1/4] binutils: Fix CVE-2022-44840

Re: [OE-core] [PATCH 1/1] [mesa] Update do_install as needed per upstream changes

35 matches

Site Navigation

Mail list logo

Footer information