[OE-core] [PATCH] classextend.py: don't extend file for file dependency
From: Changqing Li Fix error like: lib32-e2fsprogs-1.45.3-r0 do_package_qa: QA Issue: /usr/sbin/e2scrub_all contained in package lib32-e2fsprogs-e2scrub requires /bin/bash, but no providers found in RDEPENDS_lib32-e2fsprogs-e2scrub For some lib32 packages(eg: lib32-bash, lib32-sed) which probvides files, extend is not needed Eg: RPROVIDES of lib32-bash expects to have /bin/bash, with original extend, it will become lib32-/bin/bash, then will cause above error Fix by don't extend file dependency, and skip multilib check for file dependency in do_package_qa to avoid error like: WARNING: lib32-bash-5.0-r0 do_package: QA Issue: lib32-bash package lib32-bash - suspicious values '/bin/bash /bin/sh' in RPROVIDES [multilib] Signed-off-by: Changqing Li --- meta/classes/multilib.bbclass | 2 +- meta/lib/oe/classextend.py| 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/meta/classes/multilib.bbclass b/meta/classes/multilib.bbclass index d625bd5..1a9295d 100644 --- a/meta/classes/multilib.bbclass +++ b/meta/classes/multilib.bbclass @@ -187,7 +187,7 @@ python do_package_qa_multilib() { if (not i.startswith('kernel-module')) and (not i.startswith(mlprefix)) and \ (not 'cross-canadian' in i) and (not i.startswith("nativesdk-")) and \ (not i.startswith("rtld")) and (not i.startswith('kernel-vmlinux')) \ -and (not i.startswith("kernel-image")): +and (not i.startswith("kernel-image")) and (not i.startswith("/")): candidates.append(i) if len(candidates) > 0: msg = "%s package %s - suspicious values '%s' in %s" \ diff --git a/meta/lib/oe/classextend.py b/meta/lib/oe/classextend.py index e25122e..f02fbe9 100644 --- a/meta/lib/oe/classextend.py +++ b/meta/lib/oe/classextend.py @@ -24,6 +24,8 @@ class ClassExtender(object): if not subs.startswith(self.extname): return "virtual/" + self.extname + "-" + subs return name +if name.startswith("/"): +return name if not name.startswith(self.extname): return self.extname + "-" + name return name -- 2.7.4 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] ✗ patchtest: failure for grub does not require freetype
== Series Details == Series: grub does not require freetype Revision: 1 URL : https://patchwork.openembedded.org/series/19959/ State : failure == Summary == Thank you for submitting this patch series to OpenEmbedded Core. This is an automated response. Several tests have been executed on the proposed series by patchtest resulting in the following failures: * Patchgrub does not require freetype Issue Shortlog does not follow expected format [test_shortlog_format] Suggested fixCommit shortlog (first line of commit message) should follow the format ": " * Patchgrub does not require freetype Issue Patch is missing Signed-off-by [test_signed_off_by_presence] Suggested fixSign off the patch (either manually or with "git commit --amend -s") If you believe any of these test results are incorrect, please reply to the mailing list (openembedded-core@lists.openembedded.org) raising your concerns. Otherwise we would appreciate you correcting the issues and submitting a new version of the patchset if applicable. Please ensure you add/increment the version number when sending the new version (i.e. [PATCH] -> [PATCH v2] -> [PATCH v3] -> ...). --- Guidelines: https://www.openembedded.org/wiki/Commit_Patch_Message_Guidelines Test framework: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest Test suite: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest-oe -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] grub does not require freetype
Freetype is only needed for the grub-mkfont utility, but that is disabled at configure time by passing --disable-grub-mkfont. --- meta/recipes-bsp/grub/grub-efi_2.04.bb | 2 +- meta/recipes-bsp/grub/grub_2.04.bb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/recipes-bsp/grub/grub-efi_2.04.bb b/meta/recipes-bsp/grub/grub-efi_2.04.bb index aaa198ea23..e3a8bf39ab 100644 --- a/meta/recipes-bsp/grub/grub-efi_2.04.bb +++ b/meta/recipes-bsp/grub/grub-efi_2.04.bb @@ -3,7 +3,7 @@ require grub2.inc GRUBPLATFORM = "efi" DEPENDS_append_class-target = " grub-efi-native" -RDEPENDS_${PN}_class-target = "diffutils freetype grub-common virtual/grub-bootconf" +RDEPENDS_${PN}_class-target = "diffutils grub-common virtual/grub-bootconf" SRC_URI += " \ file://cfg \ diff --git a/meta/recipes-bsp/grub/grub_2.04.bb b/meta/recipes-bsp/grub/grub_2.04.bb index 1d1a45670c..3166d1f2fb 100644 --- a/meta/recipes-bsp/grub/grub_2.04.bb +++ b/meta/recipes-bsp/grub/grub_2.04.bb @@ -1,7 +1,7 @@ require grub2.inc RDEPENDS_${PN}-common += "${PN}-editenv" -RDEPENDS_${PN} += "diffutils freetype ${PN}-common" +RDEPENDS_${PN} += "diffutils ${PN}-common" RPROVIDES_${PN}-editenv += "${PN}-efi-editenv" -- 2.20.1 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH]] curl: update to 7.66.0
I think double ]] will leave a ] in commit message. Please resend with this addressed On Fri, Sep 13, 2019 at 12:16 PM Oleksandr Kravchuk wrote: > > Signed-off-by: Oleksandr Kravchuk > --- > meta/recipes-support/curl/{curl_7.65.3.bb => curl_7.66.0.bb} | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > rename meta/recipes-support/curl/{curl_7.65.3.bb => curl_7.66.0.bb} (95%) > > diff --git a/meta/recipes-support/curl/curl_7.65.3.bb > b/meta/recipes-support/curl/curl_7.66.0.bb > similarity index 95% > rename from meta/recipes-support/curl/curl_7.65.3.bb > rename to meta/recipes-support/curl/curl_7.66.0.bb > index 96f90fb8ba..d1975f2460 100644 > --- a/meta/recipes-support/curl/curl_7.65.3.bb > +++ b/meta/recipes-support/curl/curl_7.66.0.bb > @@ -9,8 +9,8 @@ SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \ > file://0001-replace-krb5-config-with-pkg-config.patch \ > " > > -SRC_URI[md5sum] = "bdd220d018c23e7f9ee82894e62a70bc" > -SRC_URI[sha256sum] = > "0a855e83be482d7bc9ea00e05bdb1551a44966076762f9650959179c89fce509" > +SRC_URI[md5sum] = "c238aa394e3aa47ca4fcb0491774149f" > +SRC_URI[sha256sum] = > "6618234e0235c420a21f4cb4c2dd0badde76e6139668739085a70c4e2fe7a141" > > CVE_PRODUCT = "curl libcurl" > inherit autotools pkgconfig binconfig multilib_header > -- > 2.17.1 > > -- > ___ > Openembedded-core mailing list > Openembedded-core@lists.openembedded.org > http://lists.openembedded.org/mailman/listinfo/openembedded-core -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH v3] systemd: upgrade to 243
On Sat, 2019-09-14 at 08:00 -0700, akuster808 wrote: > > On 9/13/19 4:26 PM, Scott Murray wrote: > > PATCH REBASED: > > == > > 0001-binfmt-Don-t-install-dependency-links-at-install-tim.patch > > 0001-do-not-disable-buffer-in-writing-files.patch > > 0002-use-lnr-wrapper-instead-of-looking-for-relative-opti.patch > > 0004-add-fallback-parse_printf_format-implementation.patch > > 0004-rules-whitelist-hd-devices.patch > > 0005-rules-watch-metadata-changes-in-ide-devices.patch > > 0005-src-basic-missing.h-check-for-missing-strndupa.patch > > 0006-Include-netinet-if_ether.h.patch > > 0007-don-t-fail-if-GLOB_BRACE-and-GLOB_ALTDIRFUNC-is-not.patch > > 0017-Do-not-disable-buffering-when-writing-to-oom_score_a.patch > > > > PATCH DROPPED: > > == > > 0001-Replace-the-legacy-ULONG_LONG_MAX-with-the-C99-ULLON.patch > > 0001-src-udev-udev-event.c-must-include-sys-wait.h.patch > > 0023-socket-util.h-include-string.h.patch > > 0025-fs-utilh-add-missing-sys-stat-include.patch > > > > PATCH ADDED: > > > > 0002-src-login-brightness.c-include-sys-wait.h.patch > > 0003-src-basic-copy.c-include-signal.h.patch > > 0004-src-shared-cpu-set-util.h-add-__cpu_mask-definition.patch > > > > Also applied libc-glibc over-ride to pkg_postinst and pkg_prerm > > function > > definitions, as musl does not provide nsswitch.conf. > > This update did not introduce any new issues. We had hoped it might > address the mips-alt systmed timeouts we are seeing but it did not. > > Hopefully this is a data point for Richard when he gets back. Its a good data point thanks! Cheers, Richard -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [warrior][v2][PATCH] Curl: Security fix for CVE-2019-5482
From: Armin Kuster Source: curl.org MR: 99905 Type: Security Fix Disposition: Backport from https://github.com/curl/curl/commit/facb0e4662415b5f28163e853dc6742ac5fafb3d ChangeID: e0c807da8937f687a4b2e28eaa6b4b5a51845bc5 Description: Fixes CVE-2019-5482 - Affected versions: libcurl >= 7.19.4 to and including 7.65.3 - Not affected versions: libcurl < 7.19.4 Signed-off-by: Armin Kuster --- meta/recipes-support/curl/curl/CVE-2019-5482.patch | 65 ++ meta/recipes-support/curl/curl_7.64.1.bb | 1 + 2 files changed, 66 insertions(+) create mode 100644 meta/recipes-support/curl/curl/CVE-2019-5482.patch diff --git a/meta/recipes-support/curl/curl/CVE-2019-5482.patch b/meta/recipes-support/curl/curl/CVE-2019-5482.patch new file mode 100644 index 000..30122d1 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2019-5482.patch @@ -0,0 +1,65 @@ +From facb0e4662415b5f28163e853dc6742ac5fafb3d Mon Sep 17 00:00:00 2001 +From: Thomas Vegas <> +Date: Sat, 31 Aug 2019 17:30:51 +0200 +Subject: [PATCH] tftp: Alloc maximum blksize, and use default unless OACK is + received + +Fixes potential buffer overflow from 'recvfrom()', should the server +return an OACK without blksize. + +Bug: https://curl.haxx.se/docs/CVE-2019-5482.html +CVE-2019-5482 + +Upstream-Status: Backport +CVE: CVE-2019-5482 + +Signed-off-by: Armin Kuster + +--- + lib/tftp.c | 12 +--- + 1 file changed, 9 insertions(+), 3 deletions(-) + +Index: curl-7.64.1/lib/tftp.c +=== +--- curl-7.64.1.orig/lib/tftp.c curl-7.64.1/lib/tftp.c +@@ -973,6 +973,7 @@ static CURLcode tftp_connect(struct conn + { + tftp_state_data_t *state; + int blksize; ++ int need_blksize; + + blksize = TFTP_BLKSIZE_DEFAULT; + +@@ -987,15 +988,20 @@ static CURLcode tftp_connect(struct conn + return CURLE_TFTP_ILLEGAL; + } + ++ need_blksize = blksize; ++ /* default size is the fallback when no OACK is received */ ++ if(need_blksize < TFTP_BLKSIZE_DEFAULT) ++need_blksize = TFTP_BLKSIZE_DEFAULT; ++ + if(!state->rpacket.data) { +-state->rpacket.data = calloc(1, blksize + 2 + 2); ++state->rpacket.data = calloc(1, need_blksize + 2 + 2); + + if(!state->rpacket.data) + return CURLE_OUT_OF_MEMORY; + } + + if(!state->spacket.data) { +-state->spacket.data = calloc(1, blksize + 2 + 2); ++state->spacket.data = calloc(1, need_blksize + 2 + 2); + + if(!state->spacket.data) + return CURLE_OUT_OF_MEMORY; +@@ -1009,7 +1015,7 @@ static CURLcode tftp_connect(struct conn + state->sockfd = state->conn->sock[FIRSTSOCKET]; + state->state = TFTP_STATE_START; + state->error = TFTP_ERR_NONE; +- state->blksize = blksize; ++ state->blksize = TFTP_BLKSIZE_DEFAULT; /* Unless updated by OACK response */ + state->requested_blksize = blksize; + + ((struct sockaddr *)>local_addr)->sa_family = diff --git a/meta/recipes-support/curl/curl_7.64.1.bb b/meta/recipes-support/curl/curl_7.64.1.bb index 00c8c5a..151d74a 100644 --- a/meta/recipes-support/curl/curl_7.64.1.bb +++ b/meta/recipes-support/curl/curl_7.64.1.bb @@ -9,6 +9,7 @@ SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \ file://0001-replace-krb5-config-with-pkg-config.patch \ file://CVE-2019-5435.patch \ file://CVE-2019-5436.patch \ + file://CVE-2019-5482.patch \ " SRC_URI[md5sum] = "790c101927845208a9d7e8c429ddd1b2" -- 2.7.4 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core