Re: [OE-core] Dunfell CVE reduction fun: December raffle -- Winner announcement!
On Wed, 2021-01-06 at 07:27 -1000, Steve Sakoman wrote: > The winner was selected live on the #yocto irc channel this morning: > > (07:10:59 AM) sakoman: Time to select the CVE raffle winner > (07:11:38 AM) sakoman: Looks like there are 50 entries: > (07:11:42 AM) sakoman: steve@octo:~/Desktop$ wc -l cve-raffle-sorted- > nodups > (07:11:42 AM) sakoman: 50 cve-raffle-sorted-nodups > (07:12:04 AM) sakoman: And the winner by random selection is: > (07:12:21 AM) sakoman: steve@octo:~/Desktop$ shuf -n 1 cve-raffle- > sorted-nodups > (07:12:21 AM) sakoman: CVE-2020-1971: Robert Joslyn > > > Congrats Robert! And thanks for helping reduce the number of CVEs. > Please contact me off list with your shipping address and choice of > coffee or tea. > > Thanks to all who participated, I really appreciate the help! > > Steve Well that was unexpected, thanks! I feel a little bad since I only submitted one patch last month, but I'll try earn the coffee a bit more this month with some more patches :-) Thanks, Robert -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#146456): https://lists.openembedded.org/g/openembedded-core/message/146456 Mute This Topic: https://lists.openembedded.org/mt/79479760/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH 2/3] buildtools-tarball: Add nativesdk-ccache
Hi RP, On 1/6/21 9:56 PM, Richard Purdie wrote: On Wed, 2021-01-06 at 04:09 -0800, Robert Yang wrote: Add it to buildtools-tarball so that there will be a unify version of ccache, which can help avoid various compile errors. Signed-off-by: Robert Yang --- meta/recipes-core/meta/buildtools-tarball.bb | 1 + 1 file changed, 1 insertion(+) diff --git a/meta/recipes-core/meta/buildtools-tarball.bb b/meta/recipes-core/meta/buildtools-tarball.bb index 9da81d55235..2ffdd7c7253 100644 --- a/meta/recipes-core/meta/buildtools-tarball.bb +++ b/meta/recipes-core/meta/buildtools-tarball.bb @@ -29,6 +29,7 @@ TOOLCHAIN_HOST_TASK ?= "\ nativesdk-rpcsvc-proto \ nativesdk-patch \ nativesdk-mtools \ +nativesdk-ccache \ " My view is we should not start to ship ccache with buildtools by default. Its something that the user can install if they want/need it The problem is that user installed ccache may not work with our recipes, for example, we found the following recipes failed to build with ccache on different hosts: cdrtools-native fribidi rocksdb So have a fixed version of ccache can make sure the recipes work well, it also helps us to reproduce the errors easily when user reported a bug. // Robert but its not essential, required or helps much in standard builds (which would reuse from sstate if built previously). Cheers, Richard -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#146455): https://lists.openembedded.org/g/openembedded-core/message/146455 Mute This Topic: https://lists.openembedded.org/mt/79473091/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH 2/4] qemu: Upgrade 5.1.0->5.2.0
On Wed, Jan 6, 2021 at 2:36 PM Richard Purdie wrote: > > This involves some pretty major changes for qemu. In particular, they > switched to meson+ninja so we have to adapt to that. > > Patch changes: > * CVE patches - dropped as backports > * cflags fix - upstream code changed significantly, need new patch if still > issues > * mips TLB entries - dropped as merged upstream > * usb fix - dropped as merged upstream > * find_datadir - dropped as code no longer present that I could find > > A patch was added to allow us to force the configure script into "cross" mode > without setting cross_prefix which has other effects we don't need/want. > > Dependencies on meson/ninja were added. > > Specifying the python interpreter causes the internal meson copy to be > built/used which is undesireable for us so don't do that. The correct > python is in PATH anyway. > > Signed-off-by: Richard Purdie Acked-by: Alistair Francis Alistair > --- > meta/conf/distro/include/tcmode-default.inc | 2 +- > ...u-native_5.1.0.bb => qemu-native_5.2.0.bb} | 0 > ...e_5.1.0.bb => qemu-system-native_5.2.0.bb} | 0 > meta/recipes-devtools/qemu/qemu.inc | 19 ++-- > .../qemu/0001-Add-enable-disable-udev.patch | 8 +- > ...emu-Add-missing-wacom-HID-descriptor.patch | 16 +-- > ...mu-Do-not-include-file-if-not-exists.patch | 8 +- > ...ease-number-of-TLB-entries-on-the-34.patch | 59 -- > ...test-which-runs-all-unit-test-cases-.patch | 12 +-- > ...n-environment-space-to-boot-loader-q.patch | 8 +- > .../qemu/0004-qemu-disable-Valgrind.patch | 8 +- > ...ld.bfd-fix-cflags-and-set-some-envir.patch | 28 - > ...-connect-socket-to-a-spawned-command.patch | 44 > .../0007-apic-fixup-fallthrough-to-PIC.patch | 8 +- > ...webkitgtk-hangs-on-32-bit-x86-target.patch | 6 +- > .../qemu/qemu/0009-Fix-webkitgtk-builds.patch | 40 +++ > ...dd-pkg-config-handling-for-libgcrypt.patch | 23 ++-- > .../qemu/qemu/CVE-2020-24352.patch| 52 - > .../qemu/qemu/CVE-2020-25624.patch| 101 -- > .../qemu/qemu/CVE-2020-25723.patch| 51 - > .../qemu/qemu/CVE-2020-28916.patch| 49 - > .../qemu/CVE-2020-29129-CVE-2020-29130.patch | 64 --- > meta/recipes-devtools/qemu/qemu/cross.patch | 30 ++ > .../qemu/qemu/find_datadir.patch | 39 --- > .../qemu/qemu/usb-fix-setup_len-init.patch| 89 --- > .../qemu/{qemu_5.1.0.bb => qemu_5.2.0.bb} | 2 +- > 26 files changed, 127 insertions(+), 639 deletions(-) > rename meta/recipes-devtools/qemu/{qemu-native_5.1.0.bb => > qemu-native_5.2.0.bb} (100%) > rename meta/recipes-devtools/qemu/{qemu-system-native_5.1.0.bb => > qemu-system-native_5.2.0.bb} (100%) > delete mode 100644 > meta/recipes-devtools/qemu/qemu/0001-target-mips-Increase-number-of-TLB-entries-on-the-34.patch > delete mode 100644 > meta/recipes-devtools/qemu/qemu/0005-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch > delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-24352.patch > delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-25624.patch > delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-25723.patch > delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-28916.patch > delete mode 100644 > meta/recipes-devtools/qemu/qemu/CVE-2020-29129-CVE-2020-29130.patch > create mode 100644 meta/recipes-devtools/qemu/qemu/cross.patch > delete mode 100644 meta/recipes-devtools/qemu/qemu/find_datadir.patch > delete mode 100644 > meta/recipes-devtools/qemu/qemu/usb-fix-setup_len-init.patch > rename meta/recipes-devtools/qemu/{qemu_5.1.0.bb => qemu_5.2.0.bb} (93%) > > diff --git a/meta/conf/distro/include/tcmode-default.inc > b/meta/conf/distro/include/tcmode-default.inc > index fd4d760b3fe..5540e37bcf9 100644 > --- a/meta/conf/distro/include/tcmode-default.inc > +++ b/meta/conf/distro/include/tcmode-default.inc > @@ -22,7 +22,7 @@ BINUVERSION ?= "2.35%" > GDBVERSION ?= "10.%" > GLIBCVERSION ?= "2.32" > LINUXLIBCVERSION ?= "5.10%" > -QEMUVERSION ?= "5.1%" > +QEMUVERSION ?= "5.2%" > GOVERSION ?= "1.15%" > # This can not use wildcards like 8.0.% since it is also used in mesa to > denote > # llvm version being used, so always bump it with llvm recipe version bump > diff --git a/meta/recipes-devtools/qemu/qemu-native_5.1.0.bb > b/meta/recipes-devtools/qemu/qemu-native_5.2.0.bb > similarity index 100% > rename from meta/recipes-devtools/qemu/qemu-native_5.1.0.bb > rename to meta/recipes-devtools/qemu/qemu-native_5.2.0.bb > diff --git a/meta/recipes-devtools/qemu/qemu-system-native_5.1.0.bb > b/meta/recipes-devtools/qemu/qemu-system-native_5.2.0.bb > similarity index 100% > rename from meta/recipes-devtools/qemu/qemu-system-native_5.1.0.bb > rename to meta/recipes-devtools/qemu/qemu-system-native_5.2.0.bb > diff --git a/meta/recipes-devtools/qemu/qemu.inc > b/meta/recipes-devtools/qemu/qemu.in
[OE-core] [PATCH] kbd: fix transaction conflict
From: Mingli Yu After kdb upgrades to 2.4.0, vlock.pamd will be copied to /etc/pam.d/vlock when install as [1]. And it will result in below Transaction error during do_rootfs when both vlock and kbd installed: | Transaction test error: file /etc/pam.d/vlock conflicts between attempted installs of vlock-2.2.3-r0.corei7_64 and kbd-2.4.0-r0.corei7_64 So rename vlock to vlock.kbd to fix the gap. [1] https://git.kernel.org/pub/scm/linux/kernel/git/legion/kbd.git/commit/?id=b9cbb05038e01a7c4b3899589c591734e643a281 Signed-off-by: Mingli Yu --- meta/recipes-core/kbd/kbd_2.4.0.bb | 7 +++ 1 file changed, 7 insertions(+) diff --git a/meta/recipes-core/kbd/kbd_2.4.0.bb b/meta/recipes-core/kbd/kbd_2.4.0.bb index 4d32263e84..65ba70bf47 100644 --- a/meta/recipes-core/kbd/kbd_2.4.0.bb +++ b/meta/recipes-core/kbd/kbd_2.4.0.bb @@ -29,6 +29,13 @@ FILES_${PN}-consoletrans = "${datadir}/consoletrans" FILES_${PN}-keymaps = "${datadir}/keymaps" FILES_${PN}-unimaps = "${datadir}/unimaps" +do_install_append () { +if [ ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'yes', '', d)} = yes ] \ +&& [ -f ${D}${sysconfdir}/pam.d/vlock ]; then +mv -f ${D}${sysconfdir}/pam.d/vlock ${D}${sysconfdir}/pam.d/vlock.kbd +fi +} + inherit update-alternatives ALTERNATIVE_${PN} = "chvt deallocvt fgconsole openvt showkey \ -- 2.17.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#146453): https://lists.openembedded.org/g/openembedded-core/message/146453 Mute This Topic: https://lists.openembedded.org/mt/79489448/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH] libpam: support usrmerge
On 1/6/21 9:58 PM, Richard Purdie wrote: On Wed, 2021-01-06 at 16:49 +0800, Changqing Li wrote: Signed-off-by: Changqing Li --- .../0001-Makefile.am-support-usrmage.patch| 28 +++ meta/recipes-extended/pam/libpam_1.5.1.bb | 1 + 2 files changed, 29 insertions(+) create mode 100644 meta/recipes-extended/pam/libpam/0001-Makefile.am-support-usrmage.patch diff --git a/meta/recipes-extended/pam/libpam/0001-Makefile.am-support-usrmage.patch b/meta/recipes-extended/pam/libpam/0001-Makefile.am-support-usrmage.patch new file mode 100644 index 00..5c6bc92705 --- /dev/null +++ b/meta/recipes-extended/pam/libpam/0001-Makefile.am-support-usrmage.patch @@ -0,0 +1,28 @@ +From c09e012590c1ec2d3b622b64f1bfc10a2286c9ea Mon Sep 17 00:00:00 2001 +From: Changqing Li +Date: Wed, 6 Jan 2021 12:08:20 +0800 +Subject: [PATCH] Makefile.am: support usrmage + +Upstream-Status: Inappropriate [oe-specific] + +Signed-off-by: Changqing Li +--- + modules/pam_namespace/Makefile.am | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/modules/pam_namespace/Makefile.am b/modules/pam_namespace/Makefile.am +index ddd5fc0..a1f1bec 100644 +--- a/modules/pam_namespace/Makefile.am b/modules/pam_namespace/Makefile.am +@@ -18,7 +18,7 @@ TESTS = $(dist_check_SCRIPTS) + securelibdir = $(SECUREDIR) + secureconfdir = $(SCONFIGDIR) + namespaceddir = $(SCONFIGDIR)/namespace.d +-servicedir = /lib/systemd/system ++servicedir = $(systemd_system_unitdir) + + AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ + -DSECURECONF_DIR=\"$(SCONFIGDIR)/\" $(WARN_CFLAGS) +-- +2.17.1 + diff --git a/meta/recipes-extended/pam/libpam_1.5.1.bb b/meta/recipes-extended/pam/libpam_1.5.1.bb index 486c9d8aad..8c008a9701 100644 --- a/meta/recipes-extended/pam/libpam_1.5.1.bb +++ b/meta/recipes-extended/pam/libpam_1.5.1.bb @@ -22,6 +22,7 @@ SRC_URI = "https://github.com/linux-pam/linux-pam/releases/download/v${PV}/Linux file://pam.d/other \ file://libpam-xtests.patch \ file://0001-modules-pam_namespace-Makefile.am-correctly-install-.patch \ + file://0001-Makefile.am-support-usrmage.patch \ " SRC_URI[sha256sum] = "201d40730b1135b1b3cdea09f2c28ac634d73181ccd0172ceddee3649c5792fc" I think we meed to create a patch which stands some better chance of making it upstream. Can we add something to allow servicedir to be set through configure? That patch might then be acceptable upstream? Thanks for the comments, I will try to upstream it with more proper change for upstream. Cheers, Richard -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#146452): https://lists.openembedded.org/g/openembedded-core/message/146452 Mute This Topic: https://lists.openembedded.org/mt/79471184/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH 3/4] qemu: Drop vm reservation changes to resolve build issues
On Wed, Jan 6, 2021 at 2:36 PM Richard Purdie wrote: > > When building with the new version of qemu we see errors like: > > """ > qemu-i386: Unable to reserve 0x7000 bytes of virtual address space at > 0x1000 (Success) for use as guest address space (check your virtual memory > ulimit setting, min_mmap_addr or reserve less using -R option) > > ERROR: The postinstall intercept hook 'update_gio_module_cache-nativesdk' > failed > """ > > The VM reseration patches we're carrying look suspicious in this context. > Drop them since we don't appear to be seeing those issues any more on the > autobuilder and I suspect the patches have become broken and a liability. > webkitgtk builds seem to be ok now. Yes! Getting rid of these patches is great! > > Signed-off-by: Richard Purdie Reviewed-by: Alistair Francis Alistair > --- > meta/recipes-devtools/qemu/qemu.inc | 2 - > ...webkitgtk-hangs-on-32-bit-x86-target.patch | 33 - > .../qemu/qemu/0009-Fix-webkitgtk-builds.patch | 137 -- > 3 files changed, 172 deletions(-) > delete mode 100644 > meta/recipes-devtools/qemu/qemu/0008-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch > delete mode 100644 > meta/recipes-devtools/qemu/qemu/0009-Fix-webkitgtk-builds.patch > > diff --git a/meta/recipes-devtools/qemu/qemu.inc > b/meta/recipes-devtools/qemu/qemu.inc > index 23d0adb901a..4c1502da7f1 100644 > --- a/meta/recipes-devtools/qemu/qemu.inc > +++ b/meta/recipes-devtools/qemu/qemu.inc > @@ -23,8 +23,6 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \ > file://0004-qemu-disable-Valgrind.patch \ > file://0006-chardev-connect-socket-to-a-spawned-command.patch \ > file://0007-apic-fixup-fallthrough-to-PIC.patch \ > - > file://0008-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch \ > - file://0009-Fix-webkitgtk-builds.patch \ > file://0010-configure-Add-pkg-config-handling-for-libgcrypt.patch > \ > file://0001-Add-enable-disable-udev.patch \ > file://0001-qemu-Do-not-include-file-if-not-exists.patch \ > diff --git > a/meta/recipes-devtools/qemu/qemu/0008-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch > > b/meta/recipes-devtools/qemu/qemu/0008-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch > deleted file mode 100644 > index 74621a08e80..000 > --- > a/meta/recipes-devtools/qemu/qemu/0008-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch > +++ /dev/null > @@ -1,33 +0,0 @@ > -From cf8c9aac5243f506a1a3e8e284414f311cde04f5 Mon Sep 17 00:00:00 2001 > -From: Alistair Francis > -Date: Wed, 17 Jan 2018 10:51:49 -0800 > -Subject: [PATCH] linux-user: Fix webkitgtk hangs on 32-bit x86 target > - > -Since commit "linux-user: Tidy and enforce reserved_va initialization" > -(18e80c55bb6ec17c05ec0ba717ec83933c2bfc07) the Yocto webkitgtk build > -hangs when cross compiling for 32-bit x86 on a 64-bit x86 machine using > -musl. > - > -To fix the issue reduce the MAX_RESERVED_VA macro to be a closer match > -to what it was before the problematic commit. > - > -Upstream-Status: Submitted > http://lists.gnu.org/archive/html/qemu-devel/2018-01/msg04185.html > -Signed-off-by: Alistair Francis > - > > - linux-user/main.c | 2 +- > - 1 file changed, 1 insertion(+), 1 deletion(-) > - > -Index: qemu-5.2.0/linux-user/main.c > -=== > qemu-5.2.0.orig/linux-user/main.c > -+++ qemu-5.2.0/linux-user/main.c > -@@ -92,7 +92,7 @@ static int last_log_mask; > - (TARGET_LONG_BITS == 32 || defined(TARGET_ABI32)) > - /* There are a number of places where we assign reserved_va to a variable > -of type abi_ulong and expect it to fit. Avoid the last page. */ > --# define MAX_RESERVED_VA(CPU) (0xul & TARGET_PAGE_MASK) > -+# define MAX_RESERVED_VA(CPU) (0x7ffful & TARGET_PAGE_MASK) > - # else > - # define MAX_RESERVED_VA(CPU) (1ul << TARGET_VIRT_ADDR_SPACE_BITS) > - # endif > diff --git a/meta/recipes-devtools/qemu/qemu/0009-Fix-webkitgtk-builds.patch > b/meta/recipes-devtools/qemu/qemu/0009-Fix-webkitgtk-builds.patch > deleted file mode 100644 > index 2ddc09966c4..000 > --- a/meta/recipes-devtools/qemu/qemu/0009-Fix-webkitgtk-builds.patch > +++ /dev/null > @@ -1,137 +0,0 @@ > -From 815c97ba0de02da9dace3fcfcbdf9b20e029f0d7 Mon Sep 17 00:00:00 2001 > -From: Martin Jansa > -Date: Fri, 1 Jun 2018 08:41:07 + > -Subject: [PATCH] Fix webkitgtk builds > - > -This is a partial revert of "linux-user: fix > mmap/munmap/mprotect/mremap/shmat". > - > -This patch fixes qemu-i386 hangs during gobject-introspection in webkitgtk > build > -when musl is used on qemux86. This is the same issue that > -0008-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch was > -fixing in the 2.11 release. > - > -This patch also fixes a build failure when building webkitgtk for > -qemumips. A QEMU assert is seen whil
[OE-core] [PATCH 3/4] qemu: Drop vm reservation changes to resolve build issues
When building with the new version of qemu we see errors like: """ qemu-i386: Unable to reserve 0x7000 bytes of virtual address space at 0x1000 (Success) for use as guest address space (check your virtual memory ulimit setting, min_mmap_addr or reserve less using -R option) ERROR: The postinstall intercept hook 'update_gio_module_cache-nativesdk' failed """ The VM reseration patches we're carrying look suspicious in this context. Drop them since we don't appear to be seeing those issues any more on the autobuilder and I suspect the patches have become broken and a liability. webkitgtk builds seem to be ok now. Signed-off-by: Richard Purdie --- meta/recipes-devtools/qemu/qemu.inc | 2 - ...webkitgtk-hangs-on-32-bit-x86-target.patch | 33 - .../qemu/qemu/0009-Fix-webkitgtk-builds.patch | 137 -- 3 files changed, 172 deletions(-) delete mode 100644 meta/recipes-devtools/qemu/qemu/0008-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch delete mode 100644 meta/recipes-devtools/qemu/qemu/0009-Fix-webkitgtk-builds.patch diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc index 23d0adb901a..4c1502da7f1 100644 --- a/meta/recipes-devtools/qemu/qemu.inc +++ b/meta/recipes-devtools/qemu/qemu.inc @@ -23,8 +23,6 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \ file://0004-qemu-disable-Valgrind.patch \ file://0006-chardev-connect-socket-to-a-spawned-command.patch \ file://0007-apic-fixup-fallthrough-to-PIC.patch \ - file://0008-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch \ - file://0009-Fix-webkitgtk-builds.patch \ file://0010-configure-Add-pkg-config-handling-for-libgcrypt.patch \ file://0001-Add-enable-disable-udev.patch \ file://0001-qemu-Do-not-include-file-if-not-exists.patch \ diff --git a/meta/recipes-devtools/qemu/qemu/0008-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch b/meta/recipes-devtools/qemu/qemu/0008-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch deleted file mode 100644 index 74621a08e80..000 --- a/meta/recipes-devtools/qemu/qemu/0008-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch +++ /dev/null @@ -1,33 +0,0 @@ -From cf8c9aac5243f506a1a3e8e284414f311cde04f5 Mon Sep 17 00:00:00 2001 -From: Alistair Francis -Date: Wed, 17 Jan 2018 10:51:49 -0800 -Subject: [PATCH] linux-user: Fix webkitgtk hangs on 32-bit x86 target - -Since commit "linux-user: Tidy and enforce reserved_va initialization" -(18e80c55bb6ec17c05ec0ba717ec83933c2bfc07) the Yocto webkitgtk build -hangs when cross compiling for 32-bit x86 on a 64-bit x86 machine using -musl. - -To fix the issue reduce the MAX_RESERVED_VA macro to be a closer match -to what it was before the problematic commit. - -Upstream-Status: Submitted http://lists.gnu.org/archive/html/qemu-devel/2018-01/msg04185.html -Signed-off-by: Alistair Francis - - linux-user/main.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -Index: qemu-5.2.0/linux-user/main.c -=== qemu-5.2.0.orig/linux-user/main.c -+++ qemu-5.2.0/linux-user/main.c -@@ -92,7 +92,7 @@ static int last_log_mask; - (TARGET_LONG_BITS == 32 || defined(TARGET_ABI32)) - /* There are a number of places where we assign reserved_va to a variable -of type abi_ulong and expect it to fit. Avoid the last page. */ --# define MAX_RESERVED_VA(CPU) (0xul & TARGET_PAGE_MASK) -+# define MAX_RESERVED_VA(CPU) (0x7ffful & TARGET_PAGE_MASK) - # else - # define MAX_RESERVED_VA(CPU) (1ul << TARGET_VIRT_ADDR_SPACE_BITS) - # endif diff --git a/meta/recipes-devtools/qemu/qemu/0009-Fix-webkitgtk-builds.patch b/meta/recipes-devtools/qemu/qemu/0009-Fix-webkitgtk-builds.patch deleted file mode 100644 index 2ddc09966c4..000 --- a/meta/recipes-devtools/qemu/qemu/0009-Fix-webkitgtk-builds.patch +++ /dev/null @@ -1,137 +0,0 @@ -From 815c97ba0de02da9dace3fcfcbdf9b20e029f0d7 Mon Sep 17 00:00:00 2001 -From: Martin Jansa -Date: Fri, 1 Jun 2018 08:41:07 + -Subject: [PATCH] Fix webkitgtk builds - -This is a partial revert of "linux-user: fix mmap/munmap/mprotect/mremap/shmat". - -This patch fixes qemu-i386 hangs during gobject-introspection in webkitgtk build -when musl is used on qemux86. This is the same issue that -0008-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch was -fixing in the 2.11 release. - -This patch also fixes a build failure when building webkitgtk for -qemumips. A QEMU assert is seen while building webkitgtk: -page_check_range: Assertion `start < ((target_ulong)1 << L1_MAP_ADDR_SPACE_BITS)' failed. - -This reverts commit ebf9a3630c911d0cfc9c20f7cafe9ba4f88cf583. - -Upstream-Status: Pending -Signed-off-by: Alistair Francis - -[update patch context] -Signed-off-by: Sakib Sajal - include/exec/cpu-all.h | 6 +- - include/exec/cpu_ldst
[OE-core] [PATCH 2/4] qemu: Upgrade 5.1.0->5.2.0
This involves some pretty major changes for qemu. In particular, they switched to meson+ninja so we have to adapt to that. Patch changes: * CVE patches - dropped as backports * cflags fix - upstream code changed significantly, need new patch if still issues * mips TLB entries - dropped as merged upstream * usb fix - dropped as merged upstream * find_datadir - dropped as code no longer present that I could find A patch was added to allow us to force the configure script into "cross" mode without setting cross_prefix which has other effects we don't need/want. Dependencies on meson/ninja were added. Specifying the python interpreter causes the internal meson copy to be built/used which is undesireable for us so don't do that. The correct python is in PATH anyway. Signed-off-by: Richard Purdie --- meta/conf/distro/include/tcmode-default.inc | 2 +- ...u-native_5.1.0.bb => qemu-native_5.2.0.bb} | 0 ...e_5.1.0.bb => qemu-system-native_5.2.0.bb} | 0 meta/recipes-devtools/qemu/qemu.inc | 19 ++-- .../qemu/0001-Add-enable-disable-udev.patch | 8 +- ...emu-Add-missing-wacom-HID-descriptor.patch | 16 +-- ...mu-Do-not-include-file-if-not-exists.patch | 8 +- ...ease-number-of-TLB-entries-on-the-34.patch | 59 -- ...test-which-runs-all-unit-test-cases-.patch | 12 +-- ...n-environment-space-to-boot-loader-q.patch | 8 +- .../qemu/0004-qemu-disable-Valgrind.patch | 8 +- ...ld.bfd-fix-cflags-and-set-some-envir.patch | 28 - ...-connect-socket-to-a-spawned-command.patch | 44 .../0007-apic-fixup-fallthrough-to-PIC.patch | 8 +- ...webkitgtk-hangs-on-32-bit-x86-target.patch | 6 +- .../qemu/qemu/0009-Fix-webkitgtk-builds.patch | 40 +++ ...dd-pkg-config-handling-for-libgcrypt.patch | 23 ++-- .../qemu/qemu/CVE-2020-24352.patch| 52 - .../qemu/qemu/CVE-2020-25624.patch| 101 -- .../qemu/qemu/CVE-2020-25723.patch| 51 - .../qemu/qemu/CVE-2020-28916.patch| 49 - .../qemu/CVE-2020-29129-CVE-2020-29130.patch | 64 --- meta/recipes-devtools/qemu/qemu/cross.patch | 30 ++ .../qemu/qemu/find_datadir.patch | 39 --- .../qemu/qemu/usb-fix-setup_len-init.patch| 89 --- .../qemu/{qemu_5.1.0.bb => qemu_5.2.0.bb} | 2 +- 26 files changed, 127 insertions(+), 639 deletions(-) rename meta/recipes-devtools/qemu/{qemu-native_5.1.0.bb => qemu-native_5.2.0.bb} (100%) rename meta/recipes-devtools/qemu/{qemu-system-native_5.1.0.bb => qemu-system-native_5.2.0.bb} (100%) delete mode 100644 meta/recipes-devtools/qemu/qemu/0001-target-mips-Increase-number-of-TLB-entries-on-the-34.patch delete mode 100644 meta/recipes-devtools/qemu/qemu/0005-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-24352.patch delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-25624.patch delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-25723.patch delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-28916.patch delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-29129-CVE-2020-29130.patch create mode 100644 meta/recipes-devtools/qemu/qemu/cross.patch delete mode 100644 meta/recipes-devtools/qemu/qemu/find_datadir.patch delete mode 100644 meta/recipes-devtools/qemu/qemu/usb-fix-setup_len-init.patch rename meta/recipes-devtools/qemu/{qemu_5.1.0.bb => qemu_5.2.0.bb} (93%) diff --git a/meta/conf/distro/include/tcmode-default.inc b/meta/conf/distro/include/tcmode-default.inc index fd4d760b3fe..5540e37bcf9 100644 --- a/meta/conf/distro/include/tcmode-default.inc +++ b/meta/conf/distro/include/tcmode-default.inc @@ -22,7 +22,7 @@ BINUVERSION ?= "2.35%" GDBVERSION ?= "10.%" GLIBCVERSION ?= "2.32" LINUXLIBCVERSION ?= "5.10%" -QEMUVERSION ?= "5.1%" +QEMUVERSION ?= "5.2%" GOVERSION ?= "1.15%" # This can not use wildcards like 8.0.% since it is also used in mesa to denote # llvm version being used, so always bump it with llvm recipe version bump diff --git a/meta/recipes-devtools/qemu/qemu-native_5.1.0.bb b/meta/recipes-devtools/qemu/qemu-native_5.2.0.bb similarity index 100% rename from meta/recipes-devtools/qemu/qemu-native_5.1.0.bb rename to meta/recipes-devtools/qemu/qemu-native_5.2.0.bb diff --git a/meta/recipes-devtools/qemu/qemu-system-native_5.1.0.bb b/meta/recipes-devtools/qemu/qemu-system-native_5.2.0.bb similarity index 100% rename from meta/recipes-devtools/qemu/qemu-system-native_5.1.0.bb rename to meta/recipes-devtools/qemu/qemu-system-native_5.2.0.bb diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc index 4864d7e93c1..23d0adb901a 100644 --- a/meta/recipes-devtools/qemu/qemu.inc +++ b/meta/recipes-devtools/qemu/qemu.inc @@ -21,7 +21,6 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \ file://0002-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch
[OE-core] [PATCH 1/4] sanity: Bump min python version to 3.6
There are a number of reasons 3.6 is a good minimum version. Of our supported/tested distros, only debian 9 still had python 3.5, the others have 3.6+ or already required buildtools-tarball. New versions of qemu need python 3.6 as a minimum. We could work around that but it seems simper to require 3.6 which will allow other improvements. As such, bump the minimum python version requirement to 3.6. Signed-off-by: Richard Purdie --- meta/classes/sanity.bbclass | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/meta/classes/sanity.bbclass b/meta/classes/sanity.bbclass index 3262d08fbfe..d134b40a87b 100644 --- a/meta/classes/sanity.bbclass +++ b/meta/classes/sanity.bbclass @@ -770,10 +770,10 @@ def check_sanity_everybuild(status, d): if 0 == os.getuid(): raise_sanity_error("Do not use Bitbake as root.", d) -# Check the Python version, we now have a minimum of Python 3.4 +# Check the Python version, we now have a minimum of Python 3.6 import sys -if sys.hexversion < 0x030500F0: -status.addresult('The system requires at least Python 3.5 to run. Please update your Python interpreter.\n') +if sys.hexversion < 0x030600F0: +status.addresult('The system requires at least Python 3.6 to run. Please update your Python interpreter.\n') # Check the bitbake version meets minimum requirements from distutils.version import LooseVersion -- 2.27.0 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#146447): https://lists.openembedded.org/g/openembedded-core/message/146447 Mute This Topic: https://lists.openembedded.org/mt/79486599/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 4/4] pseudo: Add lchmod wrapper
New versions of glibc have an lchmod function so we need to wrap it. Identified through a reproducibility issue in initramfs-base where /dev/console created by mknod from coreutils changed permissions depending on the host distro (mknod used the gnulib wrapper on most hosts but newer ones used the libc call). [YOCTO #14162] Signed-off-by: Richard Purdie --- meta/recipes-devtools/pseudo/pseudo_git.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-devtools/pseudo/pseudo_git.bb b/meta/recipes-devtools/pseudo/pseudo_git.bb index 78c6b01f094..c7c5e615329 100644 --- a/meta/recipes-devtools/pseudo/pseudo_git.bb +++ b/meta/recipes-devtools/pseudo/pseudo_git.bb @@ -6,7 +6,7 @@ SRC_URI = "git://git.yoctoproject.org/pseudo;branch=oe-core \ file://fallback-group \ " -SRCREV = "6fd57da7b1de1a2b6cf530e336d58bb5f8bdd015" +SRCREV = "1ee9a1e05e200f189f6644411ba9304e8a479b0" S = "${WORKDIR}/git" PV = "1.9.0+git${SRCPV}" -- 2.27.0 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#146449): https://lists.openembedded.org/g/openembedded-core/message/146449 Mute This Topic: https://lists.openembedded.org/mt/79486602/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH v2] pulseaudio: define -mfloat-abi=softfp for CC on armv5
On Tue, 2021-01-05 at 21:04 +0200, Tanu Kaskinen wrote: > On Tue, 2021-01-05 at 12:37 +, Richard Purdie wrote: > > sed -i -e "s/\(; *\)\?$2 =.*/$2 = $3/" "$1" > > > > I really don't want to add things like this to the recipe, I think it > > will interfere with other parts of the compilation. In many ways I'd > > prefer an option added to meson. Do we know what upstream are thinking > > in relation to this? > > I think Meson should be fixed, but it may be necessary to add a build > option to PulseAudio to disable the neon code while waiting for Meson > to get fixed. > > I now filed a bug for Meson: > https://github.com/mesonbuild/meson/issues/8156 > > and another for PulseAudio: > https://gitlab.freedesktop.org/pulseaudio/pulseaudio/-/issues/1088 > > so at least the relevant projects know about the issue now. I may work > on fixing these myself if nobody else does, but I don't expect that to > happen quickly. Thanks for that, it does seem to be getting a little attention so hopefully a solution will emerge! Cheers, Richard -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#146446): https://lists.openembedded.org/g/openembedded-core/message/146446 Mute This Topic: https://lists.openembedded.org/mt/79443916/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [RFC PATCH 1/2] qemu-system-native: install qmp python module
The qmp python module supports the Qemu Machine Protocol [0]. This module needs to be installed in a known location so the qemurunner python script can find the qmp module. hosttools seemed like a logical static location, for reference the usage in qemurunner is: sys.path.append('./tmp/hosttools') import qmp [0] https://github.com/qemu/qemu/blob/master/docs/interop/qmp-spec.txt Signed-off-by: Saul Wold --- meta/recipes-devtools/qemu/qemu-system-native_5.1.0.bb | 4 1 file changed, 4 insertions(+) diff --git a/meta/recipes-devtools/qemu/qemu-system-native_5.1.0.bb b/meta/recipes-devtools/qemu/qemu-system-native_5.1.0.bb index 222b55cbc6..dad7fde96b 100644 --- a/meta/recipes-devtools/qemu/qemu-system-native_5.1.0.bb +++ b/meta/recipes-devtools/qemu/qemu-system-native_5.1.0.bb @@ -2,6 +2,7 @@ BPN = "qemu" require qemu-native.inc +inherit python3-dir # As some of the files installed by qemu-native and qemu-system-native # are the same, we depend on qemu-native to get the full installation set # and avoid file clashes @@ -23,4 +24,7 @@ do_install_append() { rm -f ${D}${datadir}/qemu/trace-events-all rm -rf ${D}${datadir}/qemu/keymaps rm -rf ${D}${datadir}/icons/ + +# Install qmp.py to be used with testimage +install -D ${S}/python/qemu/qmp.py ${HOSTTOOLS_DIR}/qmp.py } -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#146443): https://lists.openembedded.org/g/openembedded-core/message/146443 Mute This Topic: https://lists.openembedded.org/mt/79482561/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [RFC PATCH 0/2] Enable QMP Dumping for testimage
This is the second pass at enabling getting debug information from QEMU via the Qemu Machine Protocol interface. The Qemu source provides a qmp.py module which I current install in tmp/hosttools as a known location. I am sure there are various possible locations. The initial commands that I issue to qmp with a failure is detected is: query-status and query-block. The output goes into formated json files as follows: tmp/log/runtime-hostdump/202101061054_qmp ├── qmp_00_query-block ├── qmp_00_query-status ├── qmp_01_query-block └── qmp_01_query-status Comments welcome, I tested this by calling the monitor_dump code directly in the target/ssh.py code instead of waiting for a given failure. Sau! Saul Wold (2): qemu-system-native: install qmp python module qemurunner: Add support for qmp commands meta/classes/testimage.bbclass| 6 meta/lib/oeqa/core/target/qemu.py | 6 meta/lib/oeqa/core/target/ssh.py | 17 +- meta/lib/oeqa/targetcontrol.py| 3 ++ meta/lib/oeqa/utils/dump.py | 31 +-- meta/lib/oeqa/utils/qemurunner.py | 29 - .../qemu/qemu-system-native_5.1.0.bb | 4 +++ 7 files changed, 91 insertions(+), 5 deletions(-) -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#146442): https://lists.openembedded.org/g/openembedded-core/message/146442 Mute This Topic: https://lists.openembedded.org/mt/79482559/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [RFC PATCH 2/2] qemurunner: Add support for qmp commands
This adds support for the Qemu Machine Protocol [0] extending the current dump process for Host and Target. The commands are added in the testimage.bbclass. Currently, we setup qemu to stall until qmp gets connected and sends the initialization and continue commands, this works correctly. With this version, the monitor_dumper is created in OEQemuTarget but then set in OESSHTarget as that's where we get the SSH failure happens. Python's @property is used to create a setter/getter type of setup in OESSHTarget to get overridden by OEQemuTarget. By default the data is currently dumped to files for each command in TMPDIR/log/runtime-hostdump/_qmp/unknown__qemu_monitor as this is the naming convenstion in the dump.py code. We use the qmp.py from qemu, which needs to get installed in a known static location. [0] https://github.com/qemu/qemu/blob/master/docs/interop/qmp-spec.txt Signed-off-by: Saul Wold --- meta/classes/testimage.bbclass| 6 ++ meta/lib/oeqa/core/target/qemu.py | 6 ++ meta/lib/oeqa/core/target/ssh.py | 17 - meta/lib/oeqa/targetcontrol.py| 3 +++ meta/lib/oeqa/utils/dump.py | 31 --- meta/lib/oeqa/utils/qemurunner.py | 29 - 6 files changed, 87 insertions(+), 5 deletions(-) diff --git a/meta/classes/testimage.bbclass b/meta/classes/testimage.bbclass index 78da4b09bd..5db384d342 100644 --- a/meta/classes/testimage.bbclass +++ b/meta/classes/testimage.bbclass @@ -127,6 +127,11 @@ testimage_dump_host () { netstat -an } +testimage_dump_monitor () { +query-status +query-block +} + python do_testimage() { testimage_main(d) } @@ -319,6 +324,7 @@ def testimage_main(d): target_kwargs['powercontrol_extra_args'] = d.getVar("TEST_POWERCONTROL_EXTRA_ARGS") or "" target_kwargs['serialcontrol_cmd'] = d.getVar("TEST_SERIALCONTROL_CMD") or None target_kwargs['serialcontrol_extra_args'] = d.getVar("TEST_SERIALCONTROL_EXTRA_ARGS") or "" +target_kwargs['testimage_dump_monitor'] = d.getVar("testimage_dump_monitor") or "" target_kwargs['testimage_dump_target'] = d.getVar("testimage_dump_target") or "" def export_ssh_agent(d): diff --git a/meta/lib/oeqa/core/target/qemu.py b/meta/lib/oeqa/core/target/qemu.py index 0f29414df5..a73d82d9af 100644 --- a/meta/lib/oeqa/core/target/qemu.py +++ b/meta/lib/oeqa/core/target/qemu.py @@ -12,6 +12,7 @@ from collections import defaultdict from .ssh import OESSHTarget from oeqa.utils.qemurunner import QemuRunner +from oeqa.utils.dump import MonitorDumper from oeqa.utils.dump import TargetDumper supported_fstypes = ['ext3', 'ext4', 'cpio.gz', 'wic'] @@ -43,6 +44,11 @@ class OEQemuTarget(OESSHTarget): dump_host_cmds=dump_host_cmds, logger=logger, serial_ports=serial_ports, boot_patterns = boot_patterns, use_ovmf=ovmf) +dump_monitor_cmds = kwargs.get("testimage_dump_monitor") +self.monitor_dumper = MonitorDumper(dump_monitor_cmds, dump_dir, self.runner) +if self.monitor_dumper: +self.monitor_dumper.create_dir("qmp") + dump_target_cmds = kwargs.get("testimage_dump_target") self.target_dumper = TargetDumper(dump_target_cmds, dump_dir, self.runner) self.target_dumper.create_dir("qemu") diff --git a/meta/lib/oeqa/core/target/ssh.py b/meta/lib/oeqa/core/target/ssh.py index 461448dbc5..923a223b25 100644 --- a/meta/lib/oeqa/core/target/ssh.py +++ b/meta/lib/oeqa/core/target/ssh.py @@ -43,6 +43,7 @@ class OESSHTarget(OETarget): if port: self.ssh = self.ssh + [ '-p', port ] self.scp = self.scp + [ '-P', port ] +self._monitor_dumper = None def start(self, **kwargs): pass @@ -50,6 +51,15 @@ class OESSHTarget(OETarget): def stop(self, **kwargs): pass +@property +def monitor_dumper(self): +return self._monitor_dumper + +@monitor_dumper.setter +def monitor_dumper(self, dumper): +self._monitor_dumper = dumper +self.monitor_dumper.dump_monitor() + def _run(self, command, timeout=None, ignore_status=True): """ Runs command in target using SSHProcess. @@ -87,9 +97,14 @@ class OESSHTarget(OETarget): processTimeout = self.timeout status, output = self._run(sshCmd, processTimeout, True) -self.logger.debug('Command: %s\nOutput: %s\n' % (command, output)) +self.logger.debug('Command: %s\nStatus: %d Output: %s\n' % (command, status, output)) if (status == 255) and (('No route to host') in output): +if self.monitor_dumper: +self.monitor_dumper.dump_monitor() +if status == 255: self.target_dumper.dump_target() +if self.monitor_dumper: +self.monitor_dumper.dump_monitor() return (status, output)
[OE-core] [PATCH] qemurunner: Add support for qmp commands
This adds support for the Qemu Machine Protocol [0] extending the current dump process for Host and Target. The commands are added in the testimage.bbclass. Currently, we setup qemu to stall until qmp gets connected and sends the initialization and continue commands, this works correctly. With this version, the monitor_dumper is created in OEQemuTarget but then set in OESSHTarget as that's where we get the SSH failure happens. Python's @property is used to create a setter/getter type of setup in OESSHTarget to get overridden by OEQemuTarget. By default the data is currently dumped to files for each command in TMPDIR/log/runtime-hostdump/_qmp/unknown__qemu_monitor as this is the naming convenstion in the dump.py code. We use the qmp.py from qemu, which needs to get installed in a known static location. [0] https://github.com/qemu/qemu/blob/master/docs/interop/qmp-spec.txt Signed-off-by: Saul Wold --- meta/classes/testimage.bbclass| 6 ++ meta/lib/oeqa/core/target/qemu.py | 6 ++ meta/lib/oeqa/core/target/ssh.py | 17 - meta/lib/oeqa/targetcontrol.py| 3 +++ meta/lib/oeqa/utils/dump.py | 31 --- meta/lib/oeqa/utils/qemurunner.py | 29 - 6 files changed, 87 insertions(+), 5 deletions(-) diff --git a/meta/classes/testimage.bbclass b/meta/classes/testimage.bbclass index 78da4b09bd..5db384d342 100644 --- a/meta/classes/testimage.bbclass +++ b/meta/classes/testimage.bbclass @@ -127,6 +127,11 @@ testimage_dump_host () { netstat -an } +testimage_dump_monitor () { +query-status +query-block +} + python do_testimage() { testimage_main(d) } @@ -319,6 +324,7 @@ def testimage_main(d): target_kwargs['powercontrol_extra_args'] = d.getVar("TEST_POWERCONTROL_EXTRA_ARGS") or "" target_kwargs['serialcontrol_cmd'] = d.getVar("TEST_SERIALCONTROL_CMD") or None target_kwargs['serialcontrol_extra_args'] = d.getVar("TEST_SERIALCONTROL_EXTRA_ARGS") or "" +target_kwargs['testimage_dump_monitor'] = d.getVar("testimage_dump_monitor") or "" target_kwargs['testimage_dump_target'] = d.getVar("testimage_dump_target") or "" def export_ssh_agent(d): diff --git a/meta/lib/oeqa/core/target/qemu.py b/meta/lib/oeqa/core/target/qemu.py index 0f29414df5..a73d82d9af 100644 --- a/meta/lib/oeqa/core/target/qemu.py +++ b/meta/lib/oeqa/core/target/qemu.py @@ -12,6 +12,7 @@ from collections import defaultdict from .ssh import OESSHTarget from oeqa.utils.qemurunner import QemuRunner +from oeqa.utils.dump import MonitorDumper from oeqa.utils.dump import TargetDumper supported_fstypes = ['ext3', 'ext4', 'cpio.gz', 'wic'] @@ -43,6 +44,11 @@ class OEQemuTarget(OESSHTarget): dump_host_cmds=dump_host_cmds, logger=logger, serial_ports=serial_ports, boot_patterns = boot_patterns, use_ovmf=ovmf) +dump_monitor_cmds = kwargs.get("testimage_dump_monitor") +self.monitor_dumper = MonitorDumper(dump_monitor_cmds, dump_dir, self.runner) +if self.monitor_dumper: +self.monitor_dumper.create_dir("qmp") + dump_target_cmds = kwargs.get("testimage_dump_target") self.target_dumper = TargetDumper(dump_target_cmds, dump_dir, self.runner) self.target_dumper.create_dir("qemu") diff --git a/meta/lib/oeqa/core/target/ssh.py b/meta/lib/oeqa/core/target/ssh.py index 461448dbc5..923a223b25 100644 --- a/meta/lib/oeqa/core/target/ssh.py +++ b/meta/lib/oeqa/core/target/ssh.py @@ -43,6 +43,7 @@ class OESSHTarget(OETarget): if port: self.ssh = self.ssh + [ '-p', port ] self.scp = self.scp + [ '-P', port ] +self._monitor_dumper = None def start(self, **kwargs): pass @@ -50,6 +51,15 @@ class OESSHTarget(OETarget): def stop(self, **kwargs): pass +@property +def monitor_dumper(self): +return self._monitor_dumper + +@monitor_dumper.setter +def monitor_dumper(self, dumper): +self._monitor_dumper = dumper +self.monitor_dumper.dump_monitor() + def _run(self, command, timeout=None, ignore_status=True): """ Runs command in target using SSHProcess. @@ -87,9 +97,14 @@ class OESSHTarget(OETarget): processTimeout = self.timeout status, output = self._run(sshCmd, processTimeout, True) -self.logger.debug('Command: %s\nOutput: %s\n' % (command, output)) +self.logger.debug('Command: %s\nStatus: %d Output: %s\n' % (command, status, output)) if (status == 255) and (('No route to host') in output): +if self.monitor_dumper: +self.monitor_dumper.dump_monitor() +if status == 255: self.target_dumper.dump_target() +if self.monitor_dumper: +self.monitor_dumper.dump_monitor() return (status, output)
Re: [OE-core] Dunfell CVE reduction fun: December raffle -- Winner announcement!
The winner was selected live on the #yocto irc channel this morning: (07:10:59 AM) sakoman: Time to select the CVE raffle winner (07:11:38 AM) sakoman: Looks like there are 50 entries: (07:11:42 AM) sakoman: steve@octo:~/Desktop$ wc -l cve-raffle-sorted-nodups (07:11:42 AM) sakoman: 50 cve-raffle-sorted-nodups (07:12:04 AM) sakoman: And the winner by random selection is: (07:12:21 AM) sakoman: steve@octo:~/Desktop$ shuf -n 1 cve-raffle-sorted-nodups (07:12:21 AM) sakoman: CVE-2020-1971: Robert Joslyn Congrats Robert! And thanks for helping reduce the number of CVEs. Please contact me off list with your shipping address and choice of coffee or tea. Thanks to all who participated, I really appreciate the help! Steve On Mon, Nov 30, 2020 at 7:12 AM Steve Sakoman wrote: > > We've been making good progress on reducing the number of issues > reported by the CVE checker. We went from 202 on August 16 to 59 on > November 29. > > Some of these reductions have come from sending in corrections to the > CVE database where there were errors in version matching, and others > have come from backported fixes or whitelisting.. Many thanks to all > who have helped! > > To encourage more folks to contribute to this effort I'm going to be > holding a raffle during the month of December. You'll get one entry > for each CVE fix patch that I merge into dunfell. And a database > update that results in a reduction in dunell reported issues will also > get you an entry. > > The prize? A bag of fresh roasted whole bean coffee from my small > coffee orchard here on the Big Island of Hawaii. If the winner isn't > a coffee drinker I'll try to get some locally grown tea as a > substitute prize. > > The fine print: > > 1. Patches and database update requests must be submitted during the > month of December to receive a raffle entry. > > 2. CVE patch submissions should follow the guidelines in the "Patch > name convention and commit message" section of > https://wiki.yoctoproject.org/wiki/Security > > 3. If the patch also applies to master please send the patch for > master and note that it should be backported to dunfell/gatesgarth as > appropriate. I'll pull this type of patch into dunfell only after it > hits master. > > 4. CVE database update requests should be sent to: > cpe_diction...@nist.gov You should note the CVE number and provide > supporting links for why you think an update is appropriate. When you > receive a "Thank you for bringing this to our attention. We appreciate > community input" response please forward a copy to me. I'll add your > raffle entry to the pool when the database is updated and the dunfell > cve count reduced. > > 5. To help avoid people working on the same CVE's I'll start a "CVE > raffle: collision avoidance" thread on this list. Just do a quick > reply noting which CVE you plan to work on. Please don't claim one > unless you really intend to follow through! > > Steve -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#146441): https://lists.openembedded.org/g/openembedded-core/message/146441 Mute This Topic: https://lists.openembedded.org/mt/79479760/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 2/2] ppp: Update 2.4.8 -> 2.4.9
This is the first ppp release in a long time. Many patches were resolved upstream: * musl fixes were merged * EAP patch was a backport added upstream * cflags were fixed upstream * CVE fix was merged upstream and a backport * pcap header from the host was fixed upstream * suid bits during install was removed upstream The only patch left was the /var/ redirect for resolv.conf which no longer applied cleanly after upstream changes. For this on the patch will need to be rewritten (and preferably submitted upstream) by someone who needs/uses it. It was presumbaly for RO rootfs and may be resolved by symlinks in modern system usage anyway. Tweak the files pulled into the pppoe package for a compatibility symlink and module rename. Add CC to the OEMAKE command to allow builds correctly. [Big thanks to Alex Kanavin for a lot of the work with upstream and pre-release testing of this] Signed-off-by: Richard Purdie --- .../ppp/ppp/0001-Fix-build-with-musl.patch| 124 -- .../0001-ppp-Remove-unneeded-include.patch| 43 -- ...01-pppd-Fix-bounds-check-in-EAP-code.patch | 47 --- meta/recipes-connectivity/ppp/ppp/copts.patch | 21 --- .../ppp/ppp/fix-CVE-2015-3310.patch | 30 - .../makefile-remove-hard-usr-reference.patch | 34 - .../ppp/ppp/makefile.patch| 115 .../ppp/ppp/pppd-resolv-varrun.patch | 45 --- .../ppp/{ppp_2.4.8.bb => ppp_2.4.9.bb}| 20 +-- 9 files changed, 6 insertions(+), 473 deletions(-) delete mode 100644 meta/recipes-connectivity/ppp/ppp/0001-Fix-build-with-musl.patch delete mode 100644 meta/recipes-connectivity/ppp/ppp/0001-ppp-Remove-unneeded-include.patch delete mode 100644 meta/recipes-connectivity/ppp/ppp/0001-pppd-Fix-bounds-check-in-EAP-code.patch delete mode 100644 meta/recipes-connectivity/ppp/ppp/copts.patch delete mode 100644 meta/recipes-connectivity/ppp/ppp/fix-CVE-2015-3310.patch delete mode 100644 meta/recipes-connectivity/ppp/ppp/makefile-remove-hard-usr-reference.patch delete mode 100644 meta/recipes-connectivity/ppp/ppp/makefile.patch delete mode 100644 meta/recipes-connectivity/ppp/ppp/pppd-resolv-varrun.patch rename meta/recipes-connectivity/ppp/{ppp_2.4.8.bb => ppp_2.4.9.bb} (85%) diff --git a/meta/recipes-connectivity/ppp/ppp/0001-Fix-build-with-musl.patch b/meta/recipes-connectivity/ppp/ppp/0001-Fix-build-with-musl.patch deleted file mode 100644 index 65291368bd6..000 --- a/meta/recipes-connectivity/ppp/ppp/0001-Fix-build-with-musl.patch +++ /dev/null @@ -1,124 +0,0 @@ -From e50cdaed07e51f2508f94eb1f34fe43776e4ca78 Mon Sep 17 00:00:00 2001 -From: Khem Raj -Date: Fri, 29 May 2015 14:57:05 -0700 -Subject: [PATCH] Fix build with musl - -There are several assumption about glibc - -Signed-off-by: Khem Raj -Upstream-Status: Pending - include/net/ppp_defs.h | 2 ++ - pppd/Makefile.linux | 2 +- - pppd/plugins/rp-pppoe/config.h | 3 ++- - pppd/plugins/rp-pppoe/plugin.c | 1 - - pppd/plugins/rp-pppoe/pppoe-discovery.c | 8 - pppd/plugins/rp-pppoe/pppoe.h | 2 +- - pppd/sys-linux.c| 3 ++- - 7 files changed, 12 insertions(+), 9 deletions(-) - -diff --git a/include/net/ppp_defs.h b/include/net/ppp_defs.h -index b06eda5..dafa36c 100644 a/include/net/ppp_defs.h -+++ b/include/net/ppp_defs.h -@@ -38,6 +38,8 @@ - #ifndef _PPP_DEFS_H_ - #define _PPP_DEFS_H_ - -+#include -+ - /* - * The basic PPP frame. - */ -diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux -index 4e485a1..76411bc 100644 a/pppd/Makefile.linux -+++ b/pppd/Makefile.linux -@@ -131,7 +131,7 @@ LIBS += -lcrypt - endif - - ifdef USE_LIBUTIL --CFLAGS+= -DHAVE_LOGWTMP=1 -+#CFLAGS += -DHAVE_LOGWTMP=1 - LIBS += -lutil - endif - -diff --git a/pppd/plugins/rp-pppoe/config.h b/pppd/plugins/rp-pppoe/config.h -index a708859..4a16a88 100644 a/pppd/plugins/rp-pppoe/config.h -+++ b/pppd/plugins/rp-pppoe/config.h -@@ -78,8 +78,9 @@ - #define HAVE_NET_IF_ARP_H 1 - - /* Define if you have the header file. */ -+#ifdef __GLIBC__ - #define HAVE_NET_ETHERNET_H 1 -- -+#endif - /* Define if you have the header file. */ - #define HAVE_NET_IF_H 1 - -diff --git a/pppd/plugins/rp-pppoe/plugin.c b/pppd/plugins/rp-pppoe/plugin.c -index 44e0c31..93c0906 100644 a/pppd/plugins/rp-pppoe/plugin.c -+++ b/pppd/plugins/rp-pppoe/plugin.c -@@ -46,7 +46,6 @@ static char const RCSID[] = - #include - #include - #include --#include - #include - #include - #include -diff --git a/pppd/plugins/rp-pppoe/pppoe-discovery.c b/pppd/plugins/rp-pppoe/pppoe-discovery.c -index f19c6d8..f45df2c 100644 a/pppd/plugins/rp-pppoe/pppoe-discovery.c -+++ b/pppd/plugins/rp-pppoe/pppoe-discovery.c -@@ -29,10 +29,6 @@ - #include - #endif - --#ifdef HAVE_NET_ETHERNET_H --#include --#endif -- - #ifdef HAVE_ASM_TYPES_H - #include - #endif -diff --git a/pppd/plugins/rp-pppoe/pppoe.h b/p
[OE-core] [PATCH 1/2] bitbake.conf: Add /run/ to PSEUDO_IGNORE_PATHS
Builds were failing on WSL2 which turns out to be due to accesses to /run/ on those systems. Add this to PSEUDO_IGNORE_PATHS to fix builds on WSL2. [YOCTO #14175] Signed-off-by: Richard Purdie --- meta/conf/bitbake.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/conf/bitbake.conf b/meta/conf/bitbake.conf index a04005b0f57..be94b78eb15 100644 --- a/meta/conf/bitbake.conf +++ b/meta/conf/bitbake.conf @@ -685,7 +685,7 @@ SRC_URI = "" PSEUDO_LOCALSTATEDIR ?= "${WORKDIR}/pseudo/" PSEUDO_PASSWD ?= "${STAGING_DIR_TARGET}:${PSEUDO_SYSROOT}" PSEUDO_SYSROOT = "${COMPONENTS_DIR}/${BUILD_ARCH}/pseudo-native" -PSEUDO_IGNORE_PATHS = "/usr/,/etc/,/lib,/dev/,${T},${WORKDIR}/recipe-sysroot,${SSTATE_DIR},${STAMPS_DIR},${WORKDIR}/pkgdata-sysroot,${TMPDIR}/sstate-control,${DEPLOY_DIR},${WORKDIR}/deploy-,${TMPDIR}/buildstats,${WORKDIR}/sstate-build-package_,${WORKDIR}/sstate-install-package_,${WORKDIR}/sstate-build-image_complete,${TMPDIR}/sysroots-components,${BUILDHISTORY_DIR},${TMPDIR}/pkgdata,${TOPDIR}/cache,${COREBASE}/scripts,${CCACHE_DIR}" +PSEUDO_IGNORE_PATHS = "/usr/,/etc/,/lib,/dev/,/run/,${T},${WORKDIR}/recipe-sysroot,${SSTATE_DIR},${STAMPS_DIR},${WORKDIR}/pkgdata-sysroot,${TMPDIR}/sstate-control,${DEPLOY_DIR},${WORKDIR}/deploy-,${TMPDIR}/buildstats,${WORKDIR}/sstate-build-package_,${WORKDIR}/sstate-install-package_,${WORKDIR}/sstate-build-image_complete,${TMPDIR}/sysroots-components,${BUILDHISTORY_DIR},${TMPDIR}/pkgdata,${TOPDIR}/cache,${COREBASE}/scripts,${CCACHE_DIR}" export PSEUDO_DISABLED = "1" #export PSEUDO_PREFIX = "${STAGING_DIR_NATIVE}${prefix_native}" -- 2.27.0 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#146439): https://lists.openembedded.org/g/openembedded-core/message/146439 Mute This Topic: https://lists.openembedded.org/mt/79475768/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [meta-oe][PATCH] libsmi: set awk as target path
smistrip contains absolute path and prevent to create reproducible builds. smistrip should use target awk not host one, so override path. Signed-off-by: Oleksiy Obitotskyy --- meta-oe/recipes-support/libsmi/libsmi_0.5.0.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-oe/recipes-support/libsmi/libsmi_0.5.0.bb b/meta-oe/recipes-support/libsmi/libsmi_0.5.0.bb index 98cc63eb3..212b1e797 100644 --- a/meta-oe/recipes-support/libsmi/libsmi_0.5.0.bb +++ b/meta-oe/recipes-support/libsmi/libsmi_0.5.0.bb @@ -16,7 +16,7 @@ RDEPENDS_${PN} += "wget" inherit autotools -EXTRA_OECONF = "ac_cv_path_SH=${base_bindir}/sh ac_cv_path_WGET=${bindir}/wget" +EXTRA_OECONF = "ac_cv_path_SH=${base_bindir}/sh ac_cv_path_WGET=${bindir}/wget ac_cv_path_AWK=${bindir}/awk" do_install_append () { install -d ${D}${sysconfdir} -- 2.26.2.Cisco -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#146438): https://lists.openembedded.org/g/openembedded-core/message/146438 Mute This Topic: https://lists.openembedded.org/mt/79475717/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH] libpam: support usrmerge
On Wed, 2021-01-06 at 16:49 +0800, Changqing Li wrote: > Signed-off-by: Changqing Li > --- > .../0001-Makefile.am-support-usrmage.patch| 28 +++ > meta/recipes-extended/pam/libpam_1.5.1.bb | 1 + > 2 files changed, 29 insertions(+) > create mode 100644 > meta/recipes-extended/pam/libpam/0001-Makefile.am-support-usrmage.patch > > diff --git > a/meta/recipes-extended/pam/libpam/0001-Makefile.am-support-usrmage.patch > b/meta/recipes-extended/pam/libpam/0001-Makefile.am-support-usrmage.patch > new file mode 100644 > index 00..5c6bc92705 > --- /dev/null > +++ b/meta/recipes-extended/pam/libpam/0001-Makefile.am-support-usrmage.patch > @@ -0,0 +1,28 @@ > +From c09e012590c1ec2d3b622b64f1bfc10a2286c9ea Mon Sep 17 00:00:00 2001 > +From: Changqing Li > +Date: Wed, 6 Jan 2021 12:08:20 +0800 > +Subject: [PATCH] Makefile.am: support usrmage > + > +Upstream-Status: Inappropriate [oe-specific] > + > +Signed-off-by: Changqing Li > +--- > + modules/pam_namespace/Makefile.am | 2 +- > + 1 file changed, 1 insertion(+), 1 deletion(-) > + > +diff --git a/modules/pam_namespace/Makefile.am > b/modules/pam_namespace/Makefile.am > +index ddd5fc0..a1f1bec 100644 > +--- a/modules/pam_namespace/Makefile.am > b/modules/pam_namespace/Makefile.am > +@@ -18,7 +18,7 @@ TESTS = $(dist_check_SCRIPTS) > + securelibdir = $(SECUREDIR) > + secureconfdir = $(SCONFIGDIR) > + namespaceddir = $(SCONFIGDIR)/namespace.d > +-servicedir = /lib/systemd/system > ++servicedir = $(systemd_system_unitdir) > + > + AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ > + -DSECURECONF_DIR=\"$(SCONFIGDIR)/\" $(WARN_CFLAGS) > +-- > +2.17.1 > + > diff --git a/meta/recipes-extended/pam/libpam_1.5.1.bb > b/meta/recipes-extended/pam/libpam_1.5.1.bb > index 486c9d8aad..8c008a9701 100644 > --- a/meta/recipes-extended/pam/libpam_1.5.1.bb > +++ b/meta/recipes-extended/pam/libpam_1.5.1.bb > @@ -22,6 +22,7 @@ SRC_URI = > "https://github.com/linux-pam/linux-pam/releases/download/v${PV}/Linux > file://pam.d/other \ > file://libpam-xtests.patch \ > > file://0001-modules-pam_namespace-Makefile.am-correctly-install-.patch \ > + file://0001-Makefile.am-support-usrmage.patch \ > " > > > > > SRC_URI[sha256sum] = > "201d40730b1135b1b3cdea09f2c28ac634d73181ccd0172ceddee3649c5792fc" I think we meed to create a patch which stands some better chance of making it upstream. Can we add something to allow servicedir to be set through configure? That patch might then be acceptable upstream? Cheers, Richard -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#146437): https://lists.openembedded.org/g/openembedded-core/message/146437 Mute This Topic: https://lists.openembedded.org/mt/79471184/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH 2/3] buildtools-tarball: Add nativesdk-ccache
On Wed, 2021-01-06 at 04:09 -0800, Robert Yang wrote: > Add it to buildtools-tarball so that there will be a unify version of ccache, > which can help avoid various compile errors. > > Signed-off-by: Robert Yang > --- > meta/recipes-core/meta/buildtools-tarball.bb | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/meta/recipes-core/meta/buildtools-tarball.bb > b/meta/recipes-core/meta/buildtools-tarball.bb > index 9da81d55235..2ffdd7c7253 100644 > --- a/meta/recipes-core/meta/buildtools-tarball.bb > +++ b/meta/recipes-core/meta/buildtools-tarball.bb > @@ -29,6 +29,7 @@ TOOLCHAIN_HOST_TASK ?= "\ > nativesdk-rpcsvc-proto \ > nativesdk-patch \ > nativesdk-mtools \ > +nativesdk-ccache \ > " My view is we should not start to ship ccache with buildtools by default. Its something that the user can install if they want/need it but its not essential, required or helps much in standard builds (which would reuse from sstate if built previously). Cheers, Richard -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#146436): https://lists.openembedded.org/g/openembedded-core/message/146436 Mute This Topic: https://lists.openembedded.org/mt/79473091/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 2/3] buildtools-tarball: Add nativesdk-ccache
Add it to buildtools-tarball so that there will be a unify version of ccache, which can help avoid various compile errors. Signed-off-by: Robert Yang --- meta/recipes-core/meta/buildtools-tarball.bb | 1 + 1 file changed, 1 insertion(+) diff --git a/meta/recipes-core/meta/buildtools-tarball.bb b/meta/recipes-core/meta/buildtools-tarball.bb index 9da81d55235..2ffdd7c7253 100644 --- a/meta/recipes-core/meta/buildtools-tarball.bb +++ b/meta/recipes-core/meta/buildtools-tarball.bb @@ -29,6 +29,7 @@ TOOLCHAIN_HOST_TASK ?= "\ nativesdk-rpcsvc-proto \ nativesdk-patch \ nativesdk-mtools \ +nativesdk-ccache \ " MULTIMACH_TARGET_SYS = "${SDK_ARCH}-nativesdk${SDK_VENDOR}-${SDK_OS}" -- 2.17.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#146434): https://lists.openembedded.org/g/openembedded-core/message/146434 Mute This Topic: https://lists.openembedded.org/mt/79473091/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 3/3] ccache.bbclass: Set CCACHE_TEMPDIR
Fixed when build with buildtools-tarball: $ bitbake linux-libc-headers HOSTCC arch/x86/tools/relocs_common.o ccache: error: Failed to create directory /run/user/0/ccache-tmp: Permission denied Signed-off-by: Robert Yang --- meta/classes/ccache.bbclass | 4 1 file changed, 4 insertions(+) diff --git a/meta/classes/ccache.bbclass b/meta/classes/ccache.bbclass index 11a3f1cb52e..f00fafc292a 100644 --- a/meta/classes/ccache.bbclass +++ b/meta/classes/ccache.bbclass @@ -35,6 +35,10 @@ export CCACHE_CONFIGPATH ?= "${COREBASE}/meta/conf/ccache.conf" export CCACHE_DIR ?= "${CCACHE_TOP_DIR}/${MULTIMACH_TARGET_SYS}/${PN}" +# Fixed errors: +# ccache: error: Failed to create directory /run/user/0/ccache-tmp: Permission denied +export CCACHE_TEMPDIR ?= "${CCACHE_DIR}/tmp" + # We need to stop ccache considering the current directory or the # debug-prefix-map target directory to be significant when calculating # its hash. Without this the cache would be invalidated every time -- 2.17.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#146435): https://lists.openembedded.org/g/openembedded-core/message/146435 Mute This Topic: https://lists.openembedded.org/mt/79473092/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 0/3] ccache: Fixes for 4.1
The following changes since commit 23cb39a5fa2a55681e7bc2605f435135cec9173b: diffstat: point the license checksum at the license (2021-01-05 13:48:07 +) are available in the Git repository at: git://git.openembedded.org/openembedded-core-contrib rbt/ccache http://cgit.openembedded.org/openembedded-core-contrib/log/?h=rbt/ccache Robert Yang (3): ccache: Extend to nativesdk buildtools-tarball: Add nativesdk-ccache ccache.bbclass: Set CCACHE_TEMPDIR meta/classes/ccache.bbclass | 4 meta/recipes-core/meta/buildtools-tarball.bb | 1 + meta/recipes-devtools/ccache/ccache_4.1.bb | 2 +- 3 files changed, 6 insertions(+), 1 deletion(-) -- 2.17.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#146432): https://lists.openembedded.org/g/openembedded-core/message/146432 Mute This Topic: https://lists.openembedded.org/mt/79473089/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 1/3] ccache: Extend to nativesdk
Now we have to use host's ccache as described by: f5b29367af ccache.bbclass: use ccache from host distribution So extend it to nativesdk and will add it to buildtools-tarball. Signed-off-by: Robert Yang --- meta/recipes-devtools/ccache/ccache_4.1.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-devtools/ccache/ccache_4.1.bb b/meta/recipes-devtools/ccache/ccache_4.1.bb index 96254a38753..1205f4996cb 100644 --- a/meta/recipes-devtools/ccache/ccache_4.1.bb +++ b/meta/recipes-devtools/ccache/ccache_4.1.bb @@ -23,4 +23,4 @@ inherit cmake PATCHTOOL = "patch" -BBCLASSEXTEND = "native" +BBCLASSEXTEND = "native nativesdk" -- 2.17.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#146433): https://lists.openembedded.org/g/openembedded-core/message/146433 Mute This Topic: https://lists.openembedded.org/mt/79473090/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 1/1] base.bbclass: Fix dangling NATIVELSBSTRING
Fixed: $ rm -fr tmp; bitbake quilt-native -n Build Configuration: [snip] NATIVELSBSTRING = "ubuntu-18.04" [snip] And when run bitbake again: $ bitbake quilt-native -n Build Configuration: NATIVELSBSTRING = "universal" It has been changed from ubuntu-18.04 to universal on the same host and build directory, this is because it is overridded by NATIVELSBSTRING. This patch makes it print the correct value. Signed-off-by: Robert Yang --- meta/classes/base.bbclass | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta/classes/base.bbclass b/meta/classes/base.bbclass index 78ae28bb0f4..aeb41efd24d 100644 --- a/meta/classes/base.bbclass +++ b/meta/classes/base.bbclass @@ -208,6 +208,8 @@ BUILDCFG_FUNCS[type] = "list" def buildcfg_vars(d): statusvars = oe.data.typed_value('BUILDCFG_VARS', d) for var in statusvars: +if var == 'NATIVELSBSTRING': +var = 'ORIGNATIVELSBSTRING' value = d.getVar(var) if value is not None: yield '%-20s = "%s"' % (var, value) -- 2.17.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#146431): https://lists.openembedded.org/g/openembedded-core/message/146431 Mute This Topic: https://lists.openembedded.org/mt/79473024/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 0/1] base.bbclass: Fix dangling NATIVELSBSTRING
The following changes since commit 23cb39a5fa2a55681e7bc2605f435135cec9173b: diffstat: point the license checksum at the license (2021-01-05 13:48:07 +) are available in the Git repository at: git://git.openembedded.org/openembedded-core-contrib rbt/lsb http://cgit.openembedded.org/openembedded-core-contrib/log/?h=rbt/lsb Robert Yang (1): base.bbclass: Fix dangling NATIVELSBSTRING meta/classes/base.bbclass | 2 ++ 1 file changed, 2 insertions(+) -- 2.17.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#146430): https://lists.openembedded.org/g/openembedded-core/message/146430 Mute This Topic: https://lists.openembedded.org/mt/79473023/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [poky][sumo][PATCH] busybox: Add fix for CVE-2011-5325
Applied patch that Ubuntu applied to busybox 1.27.2 The patch is available from file: http://archive.ubuntu.com/ubuntu/pool/main/b/busybox/busybox_1.27.2-2ubuntu3.2.debian.tar.xz in path debian/patches/. The below patch is added: CVE-2011-5325-4.patch Signed-off-by: Rahul.Taya --- .../busybox/busybox/CVE-2011-5325-4.patch | 31 +++ meta/recipes-core/busybox/busybox_1.27.2.bb | 1 + 2 files changed, 32 insertions(+) create mode 100644 meta/recipes-core/busybox/busybox/CVE-2011-5325-4.patch diff --git a/meta/recipes-core/busybox/busybox/CVE-2011-5325-4.patch b/meta/recipes-core/busybox/busybox/CVE-2011-5325-4.patch new file mode 100644 index 00..dafb471a78 --- /dev/null +++ b/meta/recipes-core/busybox/busybox/CVE-2011-5325-4.patch @@ -0,0 +1,31 @@ +From d9503224c8a93a30b0c8627084b2744d3ee6f403 Mon Sep 17 00:00:00 2001 +From: Natanael Copa +Date: Fri, 30 Mar 2018 20:18:12 +0200 +Subject: cpio: extract "unsafe" symlinks the same way tar/unzip does + +function old new delta +cpio_main588 596 +8 + +Signed-off-by: Natanael Copa +Signed-off-by: Denys Vlasenko +--- + archival/cpio.c | 2 ++ + 1 file changed, 2 insertions(+) + +CVE: CVE-2011-5325 +Upstream-Status: Backport [http://archive.ubuntu.com/ubuntu/pool/main/b/busybox/busybox_1.27.2-2ubuntu3.2.debian.tar] +diff --git a/archival/cpio.c b/archival/cpio.c +index 1d6cbd1..308ec1b 100644 +--- a/archival/cpio.c b/archival/cpio.c +@@ -508,6 +508,8 @@ int cpio_main(int argc UNUSED_PARAM, char **argv) + while (get_header_cpio(archive_handle) == EXIT_SUCCESS) + continue; + ++ create_symlinks_from_list(archive_handle->symlink_placeholders); ++ + if (archive_handle->cpio__blocks != (off_t)-1 +&& !(opt & OPT_QUIET) + ) { +-- +cgit v0.12 diff --git a/meta/recipes-core/busybox/busybox_1.27.2.bb b/meta/recipes-core/busybox/busybox_1.27.2.bb index 716a0650fc..975ac2056c 100644 --- a/meta/recipes-core/busybox/busybox_1.27.2.bb +++ b/meta/recipes-core/busybox/busybox_1.27.2.bb @@ -49,6 +49,7 @@ SRC_URI = "http://www.busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \ file://busybox-fix-lzma-segfaults.patch \ file://umount-ignore-c.patch \ file://CVE-2017-15874.patch \ + file://CVE-2011-5325-4.patch \ " SRC_URI_append_libc-musl = " file://musl.cfg " -- 2.17.1 This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#146429): https://lists.openembedded.org/g/openembedded-core/message/146429 Mute This Topic: https://lists.openembedded.org/mt/79472614/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [poky][sumo][PATCH] busybox: Add fix for CVE-2018-20679
Applied patch that Ubuntu applied to busybox 1.27.2 The patch is available from file: http://archive.ubuntu.com/ubuntu/pool/main/b/busybox/busybox_1.27.2-2ubuntu3.2.debian.tar.xz in path debian/patches/. The below patch is added: CVE-2018-20679.patch Signed-off-by: Rahul.Taya --- .../busybox/busybox/CVE-2018-20679.patch | 136 ++ meta/recipes-core/busybox/busybox_1.27.2.bb | 1 + 2 files changed, 137 insertions(+) create mode 100644 meta/recipes-core/busybox/busybox/CVE-2018-20679.patch diff --git a/meta/recipes-core/busybox/busybox/CVE-2018-20679.patch b/meta/recipes-core/busybox/busybox/CVE-2018-20679.patch new file mode 100644 index 00..963b360e13 --- /dev/null +++ b/meta/recipes-core/busybox/busybox/CVE-2018-20679.patch @@ -0,0 +1,136 @@ +From 6d3b4bb24da9a07c263f3c1acf8df85382ff562c Mon Sep 17 00:00:00 2001 +From: Denys Vlasenko +Date: Mon, 17 Dec 2018 18:07:18 +0100 +Subject: udhcpc: check that 4-byte options are indeed 4-byte, closes 11506 + +function old new delta +udhcp_get_option32 - 27 +27 +udhcp_get_option 231 248 +17 +-- +(add/remove: 1/0 grow/shrink: 1/0 up/down: 44/0) Total: 44 bytes + +Signed-off-by: Denys Vlasenko +CVE-2018-20679 +[http://archive.ubuntu.com/ubuntu/pool/main/b/busybox/busybox_1.27.2-2ubuntu3.2.debian.tar.xz] +Upstream-Status: Backport +--- + networking/udhcp/common.c | 19 +++ + networking/udhcp/common.h | 4 + networking/udhcp/dhcpc.c | 6 +++--- + networking/udhcp/dhcpd.c | 6 +++--- + 4 files changed, 29 insertions(+), 6 deletions(-) + +Index: busybox-1.27.2/networking/udhcp/common.c +=== +--- busybox-1.27.2.orig/networking/udhcp/common.c 2019-03-06 15:10:40.241569417 -0500 busybox-1.27.2/networking/udhcp/common.c 2019-03-06 15:10:40.237569397 -0500 +@@ -270,6 +270,15 @@ uint8_t* FAST_FUNC udhcp_get_option(stru + goto complain; /* complain and return NULL */ + + if (optionptr[OPT_CODE] == code) { ++ if (optionptr[OPT_LEN] == 0) { ++ /* So far no valid option with length 0 known. ++ * Having this check means that searching ++ * for DHCP_MESSAGE_TYPE need not worry ++ * that returned pointer might be unsafe ++ * to dereference. ++ */ ++ goto complain; /* complain and return NULL */ ++ } + log_option("option found", optionptr); + return optionptr + OPT_DATA; + } +@@ -287,6 +296,16 @@ uint8_t* FAST_FUNC udhcp_get_option(stru + return NULL; + } + ++uint8_t* FAST_FUNC udhcp_get_option32(struct dhcp_packet *packet, int code) ++{ ++ uint8_t *r = udhcp_get_option(packet, code); ++ if (r) { ++ if (r[-1] != 4) ++ r = NULL; ++ } ++ return r; ++} ++ + /* Return the position of the 'end' option (no bounds checking) */ + int FAST_FUNC udhcp_end_option(uint8_t *optionptr) + { +Index: busybox-1.27.2/networking/udhcp/common.h +=== +--- busybox-1.27.2.orig/networking/udhcp/common.h 2019-03-06 15:10:40.241569417 -0500 busybox-1.27.2/networking/udhcp/common.h 2019-03-06 15:10:40.237569397 -0500 +@@ -200,6 +200,10 @@ extern const uint8_t dhcp_option_lengths + unsigned FAST_FUNC udhcp_option_idx(const char *name, const char *option_strings); + + uint8_t *udhcp_get_option(struct dhcp_packet *packet, int code) FAST_FUNC; ++/* Same as above + ensures that option length is 4 bytes ++ * (returns NULL if size is different) ++ */ ++uint8_t *udhcp_get_option32(struct dhcp_packet *packet, int code) FAST_FUNC; + int udhcp_end_option(uint8_t *optionptr) FAST_FUNC; + void udhcp_add_binary_option(struct dhcp_packet *packet, uint8_t *addopt) FAST_FUNC; + #if ENABLE_UDHCPC || ENABLE_UDHCPD +Index: busybox-1.27.2/networking/udhcp/dhcpc.c +=== +--- busybox-1.27.2.orig/networking/udhcp/dhcpc.c 2019-03-06 15:10:40.241569417 -0500 busybox-1.27.2/networking/udhcp/dhcpc.c2019-03-06 15:10:40.237569397 -0500 +@@ -1706,7 +1706,7 @@ int udhcpc_main(int argc UNUSED_PARAM, c + * They say ISC DHCP client supports this case. + */ + server_addr = 0; +- temp = udhcp_get_option(&packet, DHCP_SERVER_ID); ++ temp = udhcp_get_option32(&packet, DHCP_SERVER_ID); + if (!temp) { +
[OE-core] [poky][sumo][PATCH] busybox: Add fix for CVE-2018-1000517
Applied patch that Ubuntu applied to busybox 1.27.2 The patch is available from file: http://archive.ubuntu.com/ubuntu/pool/main/b/busybox/busybox_1.27.2-2ubuntu3.2.debian.tar.xz in path debian/patches/. The below patch is added: CVE-2018-1000517.patch Signed-off-by: Rahul.Taya --- .../busybox/busybox/CVE-2018-1000517.patch| 56 +++ meta/recipes-core/busybox/busybox_1.27.2.bb | 1 + 2 files changed, 57 insertions(+) create mode 100644 meta/recipes-core/busybox/busybox/CVE-2018-1000517.patch diff --git a/meta/recipes-core/busybox/busybox/CVE-2018-1000517.patch b/meta/recipes-core/busybox/busybox/CVE-2018-1000517.patch new file mode 100644 index 00..8b1eb3d45c --- /dev/null +++ b/meta/recipes-core/busybox/busybox/CVE-2018-1000517.patch @@ -0,0 +1,56 @@ +Backport of: + +From 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e Mon Sep 17 00:00:00 2001 +From: Denys Vlasenko +Date: Sun, 8 Apr 2018 18:06:24 +0200 +Subject: wget: check chunk length for overflowing off_t + +function old new delta +retrieve_file_data 428 465 +37 +wget_main 23862389 +3 +-- +(add/remove: 0/0 grow/shrink: 2/0 up/down: 40/0) Total: 40 bytes + +Signed-off-by: Denys Vlasenko +CVE-2018-1000517 +[http://archive.ubuntu.com/ubuntu/pool/main/b/busybox/busybox_1.27.2-2ubuntu3.2.debian.tar.xz] +Upstream-Status: Backport +--- + networking/wget.c | 14 +++--- + 1 file changed, 11 insertions(+), 3 deletions(-) + +Index: busybox-1.27.2/networking/wget.c +=== +--- busybox-1.27.2.orig/networking/wget.c 2019-03-06 15:03:11.447280336 -0500 busybox-1.27.2/networking/wget.c 2019-03-06 15:09:58.757358868 -0500 +@@ -642,7 +642,7 @@ static FILE* prepare_ftp_session(FILE ** + if (ftpcmd("SIZE ", target->path, sfp) == 213) { + G.content_len = BB_STRTOOFF(G.wget_buf + 4, NULL, 10); + if (G.content_len < 0 || errno) { +- bb_error_msg_and_die("SIZE value is garbage"); ++ bb_error_msg_and_die("bad SIZE value '%s'", G.wget_buf + 4); + } + G.got_clen = 1; + } +@@ -925,11 +925,19 @@ static void NOINLINE retrieve_file_data( + if (!G.chunked) + break; + +- fgets_and_trim(dfp, NULL); /* Eat empty line */ ++ /* Each chunk ends with "\r\n" - eat it */ ++ fgets_and_trim(dfp, NULL); + get_clen: ++ /* chunk size format is "HEXNUM[;name[=val]]\r\n" */ + fgets_and_trim(dfp, NULL); ++ errno = 0; + G.content_len = STRTOOFF(G.wget_buf, NULL, 16); +- /* FIXME: error check? */ ++ /* ++ * Had a bug with inputs like "0001f400" ++ * smashing the heap later. Ensure >= 0. ++ */ ++ if (G.content_len < 0 || errno) ++ bb_error_msg_and_die("bad chunk length '%s'", G.wget_buf); + if (G.content_len == 0) + break; /* all done! */ + G.got_clen = 1; diff --git a/meta/recipes-core/busybox/busybox_1.27.2.bb b/meta/recipes-core/busybox/busybox_1.27.2.bb index 716a0650fc..67ba7fe423 100644 --- a/meta/recipes-core/busybox/busybox_1.27.2.bb +++ b/meta/recipes-core/busybox/busybox_1.27.2.bb @@ -49,6 +49,7 @@ SRC_URI = "http://www.busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \ file://busybox-fix-lzma-segfaults.patch \ file://umount-ignore-c.patch \ file://CVE-2017-15874.patch \ + file://CVE-2018-1000517.patch \ " SRC_URI_append_libc-musl = " file://musl.cfg " -- 2.17.1 This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#146427): https://lists.openembedded.org/g/openembedded-core/message/146427 Mute This Topic: https://lists.openembedded.org/mt/79472636/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [poky][sumo][PATCH] busybox: Add fix for CVE-2011-5325
Applied patch that Ubuntu applied to busybox 1.27.2 The patch is available from file: http://archive.ubuntu.com/ubuntu/pool/main/b/busybox/busybox_1.27.2-2ubuntu3.2.debian.tar.xz in path debian/patches/. The below patch is added: CVE-2011-5325-5.patch Signed-off-by: Rahul.Taya --- .../busybox/busybox/CVE-2011-5325-5.patch | 35 +++ meta/recipes-core/busybox/busybox_1.27.2.bb | 1 + 2 files changed, 36 insertions(+) create mode 100644 meta/recipes-core/busybox/busybox/CVE-2011-5325-5.patch diff --git a/meta/recipes-core/busybox/busybox/CVE-2011-5325-5.patch b/meta/recipes-core/busybox/busybox/CVE-2011-5325-5.patch new file mode 100644 index 00..92e0e2289d --- /dev/null +++ b/meta/recipes-core/busybox/busybox/CVE-2011-5325-5.patch @@ -0,0 +1,35 @@ +From dd56921e2d404c8fc9484290a36411a13d14df1a Mon Sep 17 00:00:00 2001 +From: Denys Vlasenko +Date: Fri, 13 Apr 2018 13:26:33 +0200 +Subject: dpkg: fix symlink creation, closes 10941 + +function old new delta +get_header_ar434 442 +8 + +Signed-off-by: Denys Vlasenko + +CVE: CVE-2011-5325 +[http://archive.ubuntu.com/ubuntu/pool/main/b/busybox/busybox_1.27.2-2ubuntu3.2.debian.tar.xz] +Upstream-Status: Backport +--- + archival/libarchive/get_header_ar.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/archival/libarchive/get_header_ar.c b/archival/libarchive/get_header_ar.c +index 93e071c..a979706 100644 +--- a/archival/libarchive/get_header_ar.c b/archival/libarchive/get_header_ar.c +@@ -127,8 +127,10 @@ char FAST_FUNC get_header_ar(archive_handle_t *archive_handle) + archive_handle->action_header(typed); + #if ENABLE_DPKG || ENABLE_DPKG_DEB + if (archive_handle->dpkg__sub_archive) { +- while (archive_handle->dpkg__action_data_subarchive(archive_handle->dpkg__sub_archive) == EXIT_SUCCESS) ++ struct archive_handle_t *sa = archive_handle->dpkg__sub_archive; ++ while (archive_handle->dpkg__action_data_subarchive(sa) == EXIT_SUCCESS) + continue; ++ create_symlinks_from_list(sa->symlink_placeholders); + } else + #endif + archive_handle->action_data(archive_handle); +-- +cgit v0.12 diff --git a/meta/recipes-core/busybox/busybox_1.27.2.bb b/meta/recipes-core/busybox/busybox_1.27.2.bb index 716a0650fc..ecb3e8f643 100644 --- a/meta/recipes-core/busybox/busybox_1.27.2.bb +++ b/meta/recipes-core/busybox/busybox_1.27.2.bb @@ -49,6 +49,7 @@ SRC_URI = "http://www.busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \ file://busybox-fix-lzma-segfaults.patch \ file://umount-ignore-c.patch \ file://CVE-2017-15874.patch \ + file://CVE-2011-5325-5.patch \ " SRC_URI_append_libc-musl = " file://musl.cfg " -- 2.17.1 This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#146426): https://lists.openembedded.org/g/openembedded-core/message/146426 Mute This Topic: https://lists.openembedded.org/mt/79472614/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [poky][sumo][PATCH] busybox: Add fix for CVE-2019-5747
Applied patch that Ubuntu applied to busybox 1.27.2 The patch is available from file: http://archive.ubuntu.com/ubuntu/pool/main/b/busybox/busybox_1.27.2-2ubuntu3.2.debian.tar.xz in path debian/patches/. The below patch is added: CVE-2019-5747.patch Signed-off-by: Rahul.Taya --- .../busybox/busybox/CVE-2019-5747.patch | 57 +++ meta/recipes-core/busybox/busybox_1.27.2.bb | 1 + 2 files changed, 58 insertions(+) create mode 100644 meta/recipes-core/busybox/busybox/CVE-2019-5747.patch diff --git a/meta/recipes-core/busybox/busybox/CVE-2019-5747.patch b/meta/recipes-core/busybox/busybox/CVE-2019-5747.patch new file mode 100644 index 00..c209e48e73 --- /dev/null +++ b/meta/recipes-core/busybox/busybox/CVE-2019-5747.patch @@ -0,0 +1,57 @@ +From 74d9f1ba37010face4bd1449df4d60dd84450b06 Mon Sep 17 00:00:00 2001 +From: Denys Vlasenko +Date: Mon, 7 Jan 2019 15:33:42 +0100 +Subject: udhcpc: when decoding DHCP_SUBNET, ensure it is 4 bytes long + +function old new delta +udhcp_run_script 795 801 +6 + +Signed-off-by: Denys Vlasenko +CVE-2019-5747 +[http://archive.ubuntu.com/ubuntu/pool/main/b/busybox/busybox_1.27.2-2ubuntu3.2.debian.tar.xz] +Upstream-Status: Backport +--- + networking/udhcp/common.c | 2 +- + networking/udhcp/common.h | 2 +- + networking/udhcp/dhcpc.c | 2 +- + 3 files changed, 3 insertions(+), 3 deletions(-) + +Index: busybox-1.27.2/networking/udhcp/common.c +=== +--- busybox-1.27.2.orig/networking/udhcp/common.c 2019-03-06 15:10:51.569626885 -0500 busybox-1.27.2/networking/udhcp/common.c 2019-03-06 15:10:51.569626885 -0500 +@@ -300,7 +300,7 @@ uint8_t* FAST_FUNC udhcp_get_option32(st + { + uint8_t *r = udhcp_get_option(packet, code); + if (r) { +- if (r[-1] != 4) ++ if (r[-OPT_DATA + OPT_LEN] != 4) + r = NULL; + } + return r; +Index: busybox-1.27.2/networking/udhcp/common.h +=== +--- busybox-1.27.2.orig/networking/udhcp/common.h 2019-03-06 15:10:51.569626885 -0500 busybox-1.27.2/networking/udhcp/common.h 2019-03-06 15:10:51.569626885 -0500 +@@ -119,7 +119,7 @@ enum { + //#define DHCP_TIME_SERVER 0x04 /* RFC 868 time server (32-bit, 0 = 1.1.1900) */ + //#define DHCP_NAME_SERVER 0x05 /* IEN 116 _really_ ancient kind of NS */ + //#define DHCP_DNS_SERVER 0x06 +-//#define DHCP_LOG_SERVER 0x07 /* port 704 UDP log (not syslog) ++//#define DHCP_LOG_SERVER 0x07 /* port 704 UDP log (not syslog) */ + //#define DHCP_COOKIE_SERVER0x08 /* "quote of the day" server */ + //#define DHCP_LPR_SERVER 0x09 + #define DHCP_HOST_NAME 0x0c /* either client informs server or server gives name to client */ +Index: busybox-1.27.2/networking/udhcp/dhcpc.c +=== +--- busybox-1.27.2.orig/networking/udhcp/dhcpc.c 2019-03-06 15:10:51.569626885 -0500 busybox-1.27.2/networking/udhcp/dhcpc.c2019-03-06 15:10:51.569626885 -0500 +@@ -524,7 +524,7 @@ static char **fill_envp(struct dhcp_pack + temp = udhcp_get_option(packet, code); + *curr = xmalloc_optname_optval(temp, &dhcp_optflags[i], opt_name); + putenv(*curr++); +- if (code == DHCP_SUBNET) { ++ if (code == DHCP_SUBNET && temp[-OPT_DATA + OPT_LEN] == 4) { + /* Subnet option: make things like "$ip/$mask" possible */ + uint32_t subnet; + move_from_unaligned32(subnet, temp); diff --git a/meta/recipes-core/busybox/busybox_1.27.2.bb b/meta/recipes-core/busybox/busybox_1.27.2.bb index 716a0650fc..4f0b0db69c 100644 --- a/meta/recipes-core/busybox/busybox_1.27.2.bb +++ b/meta/recipes-core/busybox/busybox_1.27.2.bb @@ -49,6 +49,7 @@ SRC_URI = "http://www.busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \ file://busybox-fix-lzma-segfaults.patch \ file://umount-ignore-c.patch \ file://CVE-2017-15874.patch \ + file://CVE-2019-5747.patch \ " SRC_URI_append_libc-musl = " file://musl.cfg " -- 2.17.1 This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (
[OE-core] [poky][sumo][PATCH] libxml2: add patch for CVE-2019-19956
From: Rahul Taya Fixes memory leak. https://security-tracker.debian.org/tracker/CVE-2019-19956 https://gitlab.gnome.org/GNOME/libxml2/commit/5a02583c7e683896d84878bd90641d8d9b0d0549 Signed-off-by: Rahul.Taya --- .../libxml/libxml2/CVE-2019-19956.patch | 29 +++ meta/recipes-core/libxml/libxml2_2.9.7.bb | 1 + 2 files changed, 30 insertions(+) create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2019-19956.patch diff --git a/meta/recipes-core/libxml/libxml2/CVE-2019-19956.patch b/meta/recipes-core/libxml/libxml2/CVE-2019-19956.patch new file mode 100644 index 00..8dd9dd82db --- /dev/null +++ b/meta/recipes-core/libxml/libxml2/CVE-2019-19956.patch @@ -0,0 +1,29 @@ +Fix memory leak in xmlParseBalancedChunkMemoryRecover + +When doc is NULL, namespace created in xmlTreeEnsureXMLDecl +is bind to newDoc->oldNs, in this case, set newDoc->oldNs to +NULL and free newDoc will cause a memory leak. + +Found with libFuzzer. + +Closes #82. + +https://security-tracker.debian.org/tracker/CVE-2019-19956 +https://gitlab.gnome.org/GNOME/libxml2/commit/5a02583c7e683896d84878bd90641d8d9b0d0549 + +Upstream-Status: Backport [http://security.debian.org/debian-security/pool/updates/main/libx/libxml2/libxml2_2.9.1+dfsg1-5+deb8u8.debian.tar.xz] + +CVE: CVE-2019-19956 + +--- libxml2-2.9.1+dfsg1.orig/parser.c libxml2-2.9.1+dfsg1/parser.c +@@ -13892,7 +13892,8 @@ xmlParseBalancedChunkMemoryRecover(xmlDo + xmlFreeParserCtxt(ctxt); + newDoc->intSubset = NULL; + newDoc->extSubset = NULL; +-newDoc->oldNs = NULL; ++if(doc != NULL) ++ newDoc->oldNs = NULL; + xmlFreeDoc(newDoc); + + return(ret); diff --git a/meta/recipes-core/libxml/libxml2_2.9.7.bb b/meta/recipes-core/libxml/libxml2_2.9.7.bb index c749a81657..7c1fa4ceb3 100644 --- a/meta/recipes-core/libxml/libxml2_2.9.7.bb +++ b/meta/recipes-core/libxml/libxml2_2.9.7.bb @@ -22,6 +22,7 @@ SRC_URI = "http://www.xmlsoft.org/sources/libxml2-${PV}.tar.gz;name=libtar \ file://0001-Make-ptest-run-the-python-tests-if-python-is-enabled.patch \ file://fix-execution-of-ptests.patch \ file://CVE-2018-14404.patch \ + file://CVE-2019-19956.patch \ " SRC_URI[libtar.md5sum] = "896608641a08b465098a40ddf51cefba" -- 2.17.1 This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#146424): https://lists.openembedded.org/g/openembedded-core/message/146424 Mute This Topic: https://lists.openembedded.org/mt/79472303/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [poky][sumo][PATCH] libjpeg-turbo: add security fix for CVE-2018-14498
From: Rahul Taya This patch fixes OOB read caused by malformed 8-bit BMP Signed-off-by: Rahul.Taya --- .../jpeg/files/CVE-2018-14498.patch | 145 ++ .../jpeg/libjpeg-turbo_1.5.3.bb | 4 +- 2 files changed, 148 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-graphics/jpeg/files/CVE-2018-14498.patch diff --git a/meta/recipes-graphics/jpeg/files/CVE-2018-14498.patch b/meta/recipes-graphics/jpeg/files/CVE-2018-14498.patch new file mode 100644 index 00..8e77be6960 --- /dev/null +++ b/meta/recipes-graphics/jpeg/files/CVE-2018-14498.patch @@ -0,0 +1,145 @@ +From 9c78a04df4e44ef6487eee99c4258397f4fdca55 Mon Sep 17 00:00:00 2001 +From: DRC +Date: Fri, 20 Jul 2018 17:21:36 -0500 +Subject: [PATCH] cjpeg: Fix OOB read caused by malformed 8-bit BMP + +... in which one or more of the color indices is out of range for the +number of palette entries. + +Fix partly borrowed from jpeg-9c. This commit also adopts Guido's +JERR_PPM_OUTOFRANGE enum value in lieu of our project-specific +JERR_PPM_TOOLARGE enum value. + +Fixes #258 +CVE: CVE-2018-14498 +Upstream-Status: Backport [https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9c78a04df4e44ef6487eee99c4258397f4fdca55] + +diff --git a/cderror.h b/cderror.h +index 63de498..e57a8c8 100644 +--- a/cderror.h b/cderror.h +@@ -2,7 +2,7 @@ + * cderror.h + * + * Copyright (C) 1994-1997, Thomas G. Lane. +- * Modified 2009 by Guido Vollbeding. ++ * Modified 2009-2017 by Guido Vollbeding. + * This file is part of the Independent JPEG Group's software. + * For conditions of distribution and use, see the accompanying README.ijg + * file. +@@ -49,6 +49,7 @@ JMESSAGE(JERR_BMP_COLORSPACE, "BMP output must be grayscale or RGB") + JMESSAGE(JERR_BMP_COMPRESSED, "Sorry, compressed BMPs not yet supported") + JMESSAGE(JERR_BMP_EMPTY, "Empty BMP image") + JMESSAGE(JERR_BMP_NOT, "Not a BMP file - does not start with BM") ++JMESSAGE(JERR_BMP_OUTOFRANGE, "Numeric value out of range in BMP file") + JMESSAGE(JTRC_BMP, "%ux%u 24-bit BMP image") + JMESSAGE(JTRC_BMP_MAPPED, "%ux%u 8-bit colormapped BMP image") + JMESSAGE(JTRC_BMP_OS2, "%ux%u 24-bit OS2 BMP image") +@@ -75,8 +76,8 @@ JMESSAGE(JWRN_GIF_NOMOREDATA, "Ran out of GIF bits") + #ifdef PPM_SUPPORTED + JMESSAGE(JERR_PPM_COLORSPACE, "PPM output must be grayscale or RGB") + JMESSAGE(JERR_PPM_NONNUMERIC, "Nonnumeric data in PPM file") +-JMESSAGE(JERR_PPM_TOOLARGE, "Integer value too large in PPM file") + JMESSAGE(JERR_PPM_NOT, "Not a PPM/PGM file") ++JMESSAGE(JERR_PPM_OUTOFRANGE, "Numeric value out of range in PPM file") + JMESSAGE(JTRC_PGM, "%ux%u PGM image") + JMESSAGE(JTRC_PGM_TEXT, "%ux%u text PGM image") + JMESSAGE(JTRC_PPM, "%ux%u PPM image") +diff --git a/rdbmp.c b/rdbmp.c +index eaa7086..5e6dbc3 100644 +--- a/rdbmp.c b/rdbmp.c +@@ -3,7 +3,7 @@ + * + * This file was part of the Independent JPEG Group's software: + * Copyright (C) 1994-1996, Thomas G. Lane. +- * Modified 2009-2010 by Guido Vollbeding. ++ * Modified 2009-2017 by Guido Vollbeding. + * libjpeg-turbo Modifications: + * Modified 2011 by Siarhei Siamashka. + * Copyright (C) 2015, D. R. Commander. +@@ -66,6 +66,7 @@ typedef struct _bmp_source_struct { + JDIMENSION row_width; /* Physical width of scanlines in file */ + + int bits_per_pixel; /* remembers 8- or 24-bit format */ ++ int cmap_length; /* colormap length */ + } bmp_source_struct; + + +@@ -126,6 +127,7 @@ get_8bit_row (j_compress_ptr cinfo, cjpeg_source_ptr sinfo) + { + bmp_source_ptr source = (bmp_source_ptr) sinfo; + register JSAMPARRAY colormap = source->colormap; ++ int cmaplen = source->cmap_length; + JSAMPARRAY image_ptr; + register int t; + register JSAMPROW inptr, outptr; +@@ -142,6 +144,8 @@ get_8bit_row (j_compress_ptr cinfo, cjpeg_source_ptr sinfo) + outptr = source->pub.buffer[0]; + for (col = cinfo->image_width; col > 0; col--) { + t = GETJSAMPLE(*inptr++); ++ if (t >= cmaplen) ++ERREXIT(cinfo, JERR_BMP_OUTOFRANGE); + *outptr++ = colormap[0][t]; /* can omit GETJSAMPLE() safely */ + *outptr++ = colormap[1][t]; + *outptr++ = colormap[2][t]; +@@ -401,6 +405,7 @@ start_input_bmp (j_compress_ptr cinfo, cjpeg_source_ptr sinfo) + source->colormap = (*cinfo->mem->alloc_sarray) + ((j_common_ptr) cinfo, JPOOL_IMAGE, +(JDIMENSION) biClrUsed, (JDIMENSION) 3); ++source->cmap_length = (int)biClrUsed; + /* and read it from the file */ + read_colormap(source, (int) biClrUsed, mapentrysize); + /* account for size of colormap */ +diff --git a/rdppm.c b/rdppm.c +index 33ff749..c0c0962 100644 +--- a/rdppm.c b/rdppm.c +@@ -69,7 +69,7 @@ typedef struct { + JSAMPROW pixrow; /* compressor input buffer */ + size_t buffer_width; /* width of I/O buffer */ + JSAMPLE *rescale; /* => maxval-remapping array, or NULL */ +- int maxval; ++ unsigned int maxval; + } ppm_source_struct; + + typedef
[OE-core] [poky][sumo][PATCH] ncurses: fix CVE-2019-17594, CVE-2019-17595
From: Trevor Gamblin Backport changes to tinfo/comp_hash.c, tinfo/parse_entry.c, and progs/dump_entry.c from upstream to fix CVEs. (From OE-Core rev: 7ec70aeb0c6f6080523efa0f983fa36b92cb5558) Signed-off-by: Trevor Gamblin Signed-off-by: Armin Kuster Signed-off-by: Richard Purdie Signed-off-by: Sana Kazi --- ...selective-backport-of-20191012-patch.patch | 158 ++ .../ncurses/ncurses_6.0+20171125.bb | 1 + 2 files changed, 159 insertions(+) create mode 100644 meta/recipes-core/ncurses/files/0001-ncurses-selective-backport-of-20191012-patch.patch diff --git a/meta/recipes-core/ncurses/files/0001-ncurses-selective-backport-of-20191012-patch.patch b/meta/recipes-core/ncurses/files/0001-ncurses-selective-backport-of-20191012-patch.patch new file mode 100644 index 00..989a8ccd4e --- /dev/null +++ b/meta/recipes-core/ncurses/files/0001-ncurses-selective-backport-of-20191012-patch.patch @@ -0,0 +1,158 @@ +From 064b77f173337aa790f1cec0d741bfbc61a33d31 Mon Sep 17 00:00:00 2001 +From: Trevor Gamblin +Date: Fri, 18 Oct 2019 09:57:43 -0400 +Subject: [PATCH] ncurses: selective backport of 20191012 patch + +Upstream-Status: Backport [https://salsa.debian.org/debian/ncurses/commit/243908b1e3d81] + +Contents of the upstream patch that are not applied to comp_hash.c, +parse_entry.c, or dump_entry.c have been omitted. + +CVE: CVE-2019-17594 +CVE: CVE-2019-17595 + +Signed-off-by: Trevor Gamblin + +--- + ncurses/tinfo/comp_hash.c | 14 ++ + ncurses/tinfo/parse_entry.c | 32 + progs/dump_entry.c | 7 --- + 3 files changed, 30 insertions(+), 23 deletions(-) + +diff --git a/ncurses/tinfo/comp_hash.c b/ncurses/tinfo/comp_hash.c +index 21f165ca..a62d38f9 100644 +--- a/ncurses/tinfo/comp_hash.c b/ncurses/tinfo/comp_hash.c +@@ -44,7 +44,7 @@ + #include + #include + +-MODULE_ID("$Id: comp_hash.c,v 1.48 2009/08/08 17:36:21 tom Exp $") ++MODULE_ID("$Id: comp_hash.c,v 1.51 2019/10/12 16:32:13 tom Exp $") + + /* + * Finds the entry for the given string in the hash table if present. +@@ -63,7 +63,9 @@ _nc_find_entry(const char *string, + + hashvalue = data->hash_of(string); + +-if (data->table_data[hashvalue] >= 0) { ++if (hashvalue >= 0 ++ && (unsigned) hashvalue < data->table_size ++ && data->table_data[hashvalue] >= 0) { + + real_table = _nc_get_table(termcap); + ptr = real_table + data->table_data[hashvalue]; +@@ -96,7 +98,9 @@ _nc_find_type_entry(const char *string, + const HashData *data = _nc_get_hash_info(termcap); + int hashvalue = data->hash_of(string); + +-if (data->table_data[hashvalue] >= 0) { ++if (hashvalue >= 0 ++ && (unsigned) hashvalue < data->table_size ++ && data->table_data[hashvalue] >= 0) { + const struct name_table_entry *const table = _nc_get_table(termcap); + + ptr = table + data->table_data[hashvalue]; +diff --git a/ncurses/tinfo/parse_entry.c b/ncurses/tinfo/parse_entry.c +index f8cca8b5..064376c5 100644 +--- a/ncurses/tinfo/parse_entry.c b/ncurses/tinfo/parse_entry.c +@@ -47,7 +47,7 @@ + #include + #include + +-MODULE_ID("$Id: parse_entry.c,v 1.91 2017/08/26 16:13:34 tom Exp $") ++MODULE_ID("$Id: parse_entry.c,v 1.98 2019/10/12 00:50:31 tom Exp $") + + #ifdef LINT + static short const parametrized[] = +@@ -654,12 +654,12 @@ _nc_capcmp(const char *s, const char *t) + } + + static void +-append_acs0(string_desc * dst, int code, int src) ++append_acs0(string_desc * dst, int code, char *src, size_t off) + { +-if (src != 0) { ++if (src != 0 && off < strlen(src)) { + char temp[3]; + temp[0] = (char) code; +- temp[1] = (char) src; ++ temp[1] = src[off]; + temp[2] = 0; + _nc_safe_strcat(dst, temp); + } +@@ -669,7 +669,7 @@ static void + append_acs(string_desc * dst, int code, char *src) + { + if (VALID_STRING(src) && strlen(src) == 1) { +- append_acs0(dst, code, *src); ++ append_acs0(dst, code, src, 0); + } + } + +@@ -1038,17 +1038,17 @@ postprocess_terminfo(TERMTYPE2 *tp) + _nc_str_init(&result, buf2, sizeof(buf2)); + _nc_safe_strcat(&result, acs_chars); + +- append_acs0(&result, 'l', box_chars_1[0]); /* ACS_ULCORNER */ +- append_acs0(&result, 'q', box_chars_1[1]); /* ACS_HLINE */ +- append_acs0(&result, 'k', box_chars_1[2]); /* ACS_URCORNER */ +- append_acs0(&result, 'x', box_chars_1[3]); /* ACS_VLINE */ +- append_acs0(&result, 'j', box_chars_1[4]); /* ACS_LRCORNER */ +- append_acs0(&result, 'm', box_chars_1[5]); /* ACS_LLCORNER */ +- append_acs0(&result, 'w', box_chars_1[6]); /* ACS_TTEE */ +- append_acs0(&result, 'u', box_chars_1[7]); /* ACS_RTEE */ +- append_acs0(&result, 'v', box_chars_1[8]); /* ACS_BTEE */ +- append_acs0(&result, 't', box_chars_1[9]); /* ACS_LTEE */ +- append_acs0(&result, 'n', box_chars_1[10]); /* ACS_PLUS */ ++
Re: [OE-core] [poky][sumo][PATCH] ncurses: fix CVE-2019-17594, CVE-2019-17595
Regards, Sana Kazi From: Sana Kazi Sent: Wednesday, January 6, 2021 2:39 PM To: openembedded-core@lists.openembedded.org ; raj.k...@gmail.com Cc: Nisha Parrakat ; Aditya Tayade ; Trevor Gamblin ; Armin Kuster ; Richard Purdie ; Sana Kazi Subject: [poky][sumo][PATCH] ncurses: fix CVE-2019-17594, CVE-2019-17595 From: Trevor Gamblin Backport changes to tinfo/comp_hash.c, tinfo/parse_entry.c, and progs/dump_entry.c from upstream to fix CVEs. (From OE-Core rev: 7ec70aeb0c6f6080523efa0f983fa36b92cb5558) Signed-off-by: Trevor Gamblin Signed-off-by: Armin Kuster Signed-off-by: Richard Purdie Signed-off-by: Sana Kazi --- ...selective-backport-of-20191012-patch.patch | 158 ++ .../ncurses/ncurses_6.0+20171125.bb | 1 + 2 files changed, 159 insertions(+) create mode 100644 meta/recipes-core/ncurses/files/0001-ncurses-selective-backport-of-20191012-patch.patch diff --git a/meta/recipes-core/ncurses/files/0001-ncurses-selective-backport-of-20191012-patch.patch b/meta/recipes-core/ncurses/files/0001-ncurses-selective-backport-of-20191012-patch.patch new file mode 100644 index 00..989a8ccd4e --- /dev/null +++ b/meta/recipes-core/ncurses/files/0001-ncurses-selective-backport-of-20191012-patch.patch @@ -0,0 +1,158 @@ +From 064b77f173337aa790f1cec0d741bfbc61a33d31 Mon Sep 17 00:00:00 2001 +From: Trevor Gamblin +Date: Fri, 18 Oct 2019 09:57:43 -0400 +Subject: [PATCH] ncurses: selective backport of 20191012 patch + +Upstream-Status: Backport [https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsalsa.debian.org%2Fdebian%2Fncurses%2Fcommit%2F243908b1e3d81&data=04%7C01%7CSana.Kazi%40kpit.com%7C80550d084ab7442c06d508d8b222cd4c%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637455209903558555%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=J%2FrCRcik47L1Q0BQfVRWutz%2FObINAgtgrEv4sIYVj%2FM%3D&reserved=0] + +Contents of the upstream patch that are not applied to comp_hash.c, +parse_entry.c, or dump_entry.c have been omitted. + +CVE: CVE-2019-17594 +CVE: CVE-2019-17595 + +Signed-off-by: Trevor Gamblin + +--- + ncurses/tinfo/comp_hash.c | 14 ++ + ncurses/tinfo/parse_entry.c | 32 + progs/dump_entry.c | 7 --- + 3 files changed, 30 insertions(+), 23 deletions(-) + +diff --git a/ncurses/tinfo/comp_hash.c b/ncurses/tinfo/comp_hash.c +index 21f165ca..a62d38f9 100644 +--- a/ncurses/tinfo/comp_hash.c b/ncurses/tinfo/comp_hash.c +@@ -44,7 +44,7 @@ + #include + #include + +-MODULE_ID("$Id: comp_hash.c,v 1.48 2009/08/08 17:36:21 tom Exp $") ++MODULE_ID("$Id: comp_hash.c,v 1.51 2019/10/12 16:32:13 tom Exp $") + + /* + * Finds the entry for the given string in the hash table if present. +@@ -63,7 +63,9 @@ _nc_find_entry(const char *string, + + hashvalue = data->hash_of(string); + +-if (data->table_data[hashvalue] >= 0) { ++if (hashvalue >= 0 ++ && (unsigned) hashvalue < data->table_size ++ && data->table_data[hashvalue] >= 0) { + +real_table = _nc_get_table(termcap); +ptr = real_table + data->table_data[hashvalue]; +@@ -96,7 +98,9 @@ _nc_find_type_entry(const char *string, + const HashData *data = _nc_get_hash_info(termcap); + int hashvalue = data->hash_of(string); + +-if (data->table_data[hashvalue] >= 0) { ++if (hashvalue >= 0 ++ && (unsigned) hashvalue < data->table_size ++ && data->table_data[hashvalue] >= 0) { +const struct name_table_entry *const table = _nc_get_table(termcap); + +ptr = table + data->table_data[hashvalue]; +diff --git a/ncurses/tinfo/parse_entry.c b/ncurses/tinfo/parse_entry.c +index f8cca8b5..064376c5 100644 +--- a/ncurses/tinfo/parse_entry.c b/ncurses/tinfo/parse_entry.c +@@ -47,7 +47,7 @@ + #include + #include + +-MODULE_ID("$Id: parse_entry.c,v 1.91 2017/08/26 16:13:34 tom Exp $") ++MODULE_ID("$Id: parse_entry.c,v 1.98 2019/10/12 00:50:31 tom Exp $") + + #ifdef LINT + static short const parametrized[] = +@@ -654,12 +654,12 @@ _nc_capcmp(const char *s, const char *t) + } + + static void +-append_acs0(string_desc * dst, int code, int src) ++append_acs0(string_desc * dst, int code, char *src, size_t off) + { +-if (src != 0) { ++if (src != 0 && off < strlen(src)) { +char temp[3]; +temp[0] = (char) code; +- temp[1] = (char) src; ++ temp[1] = src[off]; +temp[2] = 0; +_nc_safe_strcat(dst, temp); + } +@@ -669,7 +669,7 @@ static void + append_acs(string_desc * dst, int code, char *src) + { + if (VALID_STRING(src) && strlen(src) == 1) { +- append_acs0(dst, code, *src); ++ append_acs0(dst, code, src, 0); + } + } + +@@ -1038,17 +1038,17 @@ postprocess_terminfo(TERMTYPE2 *tp) +_nc_str_init(&result, buf2, sizeof(buf2)); +_nc_safe_strcat(&result, acs_chars); + +- append_acs0(&result, 'l', box_chars_1[0]); /* ACS_ULCORNE
[OE-core] [PATCH] libpam: support usrmerge
Signed-off-by: Changqing Li --- .../0001-Makefile.am-support-usrmage.patch| 28 +++ meta/recipes-extended/pam/libpam_1.5.1.bb | 1 + 2 files changed, 29 insertions(+) create mode 100644 meta/recipes-extended/pam/libpam/0001-Makefile.am-support-usrmage.patch diff --git a/meta/recipes-extended/pam/libpam/0001-Makefile.am-support-usrmage.patch b/meta/recipes-extended/pam/libpam/0001-Makefile.am-support-usrmage.patch new file mode 100644 index 00..5c6bc92705 --- /dev/null +++ b/meta/recipes-extended/pam/libpam/0001-Makefile.am-support-usrmage.patch @@ -0,0 +1,28 @@ +From c09e012590c1ec2d3b622b64f1bfc10a2286c9ea Mon Sep 17 00:00:00 2001 +From: Changqing Li +Date: Wed, 6 Jan 2021 12:08:20 +0800 +Subject: [PATCH] Makefile.am: support usrmage + +Upstream-Status: Inappropriate [oe-specific] + +Signed-off-by: Changqing Li +--- + modules/pam_namespace/Makefile.am | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/modules/pam_namespace/Makefile.am b/modules/pam_namespace/Makefile.am +index ddd5fc0..a1f1bec 100644 +--- a/modules/pam_namespace/Makefile.am b/modules/pam_namespace/Makefile.am +@@ -18,7 +18,7 @@ TESTS = $(dist_check_SCRIPTS) + securelibdir = $(SECUREDIR) + secureconfdir = $(SCONFIGDIR) + namespaceddir = $(SCONFIGDIR)/namespace.d +-servicedir = /lib/systemd/system ++servicedir = $(systemd_system_unitdir) + + AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ + -DSECURECONF_DIR=\"$(SCONFIGDIR)/\" $(WARN_CFLAGS) +-- +2.17.1 + diff --git a/meta/recipes-extended/pam/libpam_1.5.1.bb b/meta/recipes-extended/pam/libpam_1.5.1.bb index 486c9d8aad..8c008a9701 100644 --- a/meta/recipes-extended/pam/libpam_1.5.1.bb +++ b/meta/recipes-extended/pam/libpam_1.5.1.bb @@ -22,6 +22,7 @@ SRC_URI = "https://github.com/linux-pam/linux-pam/releases/download/v${PV}/Linux file://pam.d/other \ file://libpam-xtests.patch \ file://0001-modules-pam_namespace-Makefile.am-correctly-install-.patch \ + file://0001-Makefile.am-support-usrmage.patch \ " SRC_URI[sha256sum] = "201d40730b1135b1b3cdea09f2c28ac634d73181ccd0172ceddee3649c5792fc" -- 2.17.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#146420): https://lists.openembedded.org/g/openembedded-core/message/146420 Mute This Topic: https://lists.openembedded.org/mt/79471184/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-