[OE-core] [dunfell][PATCH] apr: Security fix for CVE-2021-35940
From: Armin Kuster Source: https://dist.apache.org MR: 112793 Type: Security Fix Disposition: Backport from https://dist.apache.org/repos/dist/release/apr/patches/apr-1.7.0-CVE-2021-35940.patch ChangeID: c8247210204ffcc7d1425e3d60f077ad3dd54ebc Description: An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same issue. Signed-off-by: Armin Kuster --- .../apr/apr/CVE-2021-35940.patch | 58 +++ meta/recipes-support/apr/apr_1.7.0.bb | 1 + 2 files changed, 59 insertions(+) create mode 100644 meta/recipes-support/apr/apr/CVE-2021-35940.patch diff --git a/meta/recipes-support/apr/apr/CVE-2021-35940.patch b/meta/recipes-support/apr/apr/CVE-2021-35940.patch new file mode 100644 index 00..00befdacee --- /dev/null +++ b/meta/recipes-support/apr/apr/CVE-2021-35940.patch @@ -0,0 +1,58 @@ + +SECURITY: CVE-2021-35940 (cve.mitre.org) + +Restore fix for CVE-2017-12613 which was missing in 1.7.x branch, though +was addressed in 1.6.x in 1.6.3 and later via r1807976. + +The fix was merged back to 1.7.x in r1891198. + +Since this was a regression in 1.7.0, a new CVE name has been assigned +to track this, CVE-2021-35940. + +Thanks to Iveta Cesalova for reporting this issue. + +https://svn.apache.org/viewvc?view=revision=1891198 + +Upstream-Status: Backport +CVE: CVE-2021-35940 +Signed-off-by: Armin Kuster + + +Index: time/unix/time.c +=== +--- a/time/unix/time.c (revision 1891197) b/time/unix/time.c (revision 1891198) +@@ -142,6 +142,9 @@ + static const int dayoffset[12] = + {306, 337, 0, 31, 61, 92, 122, 153, 184, 214, 245, 275}; + ++if (xt->tm_mon < 0 || xt->tm_mon >= 12) ++return APR_EBADDATE; ++ + /* shift new year to 1st March in order to make leap year calc easy */ + + if (xt->tm_mon < 2) +Index: time/win32/time.c +=== +--- a/time/win32/time.c(revision 1891197) b/time/win32/time.c(revision 1891198) +@@ -54,6 +54,9 @@ + static const int dayoffset[12] = + {0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334}; + ++if (tm->wMonth < 1 || tm->wMonth > 12) ++return APR_EBADDATE; ++ + /* Note; the caller is responsible for filling in detailed tm_usec, + * tm_gmtoff and tm_isdst data when applicable. + */ +@@ -228,6 +231,9 @@ + static const int dayoffset[12] = + {306, 337, 0, 31, 61, 92, 122, 153, 184, 214, 245, 275}; + ++if (xt->tm_mon < 0 || xt->tm_mon >= 12) ++return APR_EBADDATE; ++ + /* shift new year to 1st March in order to make leap year calc easy */ + + if (xt->tm_mon < 2) diff --git a/meta/recipes-support/apr/apr_1.7.0.bb b/meta/recipes-support/apr/apr_1.7.0.bb index 432fa3255c..92cc61a864 100644 --- a/meta/recipes-support/apr/apr_1.7.0.bb +++ b/meta/recipes-support/apr/apr_1.7.0.bb @@ -23,6 +23,7 @@ SRC_URI = "${APACHE_MIRROR}/apr/${BPN}-${PV}.tar.bz2 \ file://0007-explicitly-link-libapr-against-phtread-to-make-gold-.patch \ file://libtoolize_check.patch \ file://0001-Add-option-to-disable-timed-dependant-tests.patch \ + file://CVE-2021-35940.patch \ " SRC_URI[md5sum] = "7a14a83d664e87599ea25ff4432e48a7" -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#155938): https://lists.openembedded.org/g/openembedded-core/message/155938 Mute This Topic: https://lists.openembedded.org/mt/85526157/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [master][honister][hardknott][PATCH] apr: Security fix for CVE-2021-35940
An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same issue. Signed-off-by: Armin Kuster --- .../apr/apr/CVE-2021-35940.patch | 58 +++ meta/recipes-support/apr/apr_1.7.0.bb | 1 + 2 files changed, 59 insertions(+) create mode 100644 meta/recipes-support/apr/apr/CVE-2021-35940.patch diff --git a/meta/recipes-support/apr/apr/CVE-2021-35940.patch b/meta/recipes-support/apr/apr/CVE-2021-35940.patch new file mode 100644 index 00..00befdacee --- /dev/null +++ b/meta/recipes-support/apr/apr/CVE-2021-35940.patch @@ -0,0 +1,58 @@ + +SECURITY: CVE-2021-35940 (cve.mitre.org) + +Restore fix for CVE-2017-12613 which was missing in 1.7.x branch, though +was addressed in 1.6.x in 1.6.3 and later via r1807976. + +The fix was merged back to 1.7.x in r1891198. + +Since this was a regression in 1.7.0, a new CVE name has been assigned +to track this, CVE-2021-35940. + +Thanks to Iveta Cesalova for reporting this issue. + +https://svn.apache.org/viewvc?view=revision=1891198 + +Upstream-Status: Backport +CVE: CVE-2021-35940 +Signed-off-by: Armin Kuster + + +Index: time/unix/time.c +=== +--- a/time/unix/time.c (revision 1891197) b/time/unix/time.c (revision 1891198) +@@ -142,6 +142,9 @@ + static const int dayoffset[12] = + {306, 337, 0, 31, 61, 92, 122, 153, 184, 214, 245, 275}; + ++if (xt->tm_mon < 0 || xt->tm_mon >= 12) ++return APR_EBADDATE; ++ + /* shift new year to 1st March in order to make leap year calc easy */ + + if (xt->tm_mon < 2) +Index: time/win32/time.c +=== +--- a/time/win32/time.c(revision 1891197) b/time/win32/time.c(revision 1891198) +@@ -54,6 +54,9 @@ + static const int dayoffset[12] = + {0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334}; + ++if (tm->wMonth < 1 || tm->wMonth > 12) ++return APR_EBADDATE; ++ + /* Note; the caller is responsible for filling in detailed tm_usec, + * tm_gmtoff and tm_isdst data when applicable. + */ +@@ -228,6 +231,9 @@ + static const int dayoffset[12] = + {306, 337, 0, 31, 61, 92, 122, 153, 184, 214, 245, 275}; + ++if (xt->tm_mon < 0 || xt->tm_mon >= 12) ++return APR_EBADDATE; ++ + /* shift new year to 1st March in order to make leap year calc easy */ + + if (xt->tm_mon < 2) diff --git a/meta/recipes-support/apr/apr_1.7.0.bb b/meta/recipes-support/apr/apr_1.7.0.bb index 82317396cd..b70edfaf42 100644 --- a/meta/recipes-support/apr/apr_1.7.0.bb +++ b/meta/recipes-support/apr/apr_1.7.0.bb @@ -24,6 +24,7 @@ SRC_URI = "${APACHE_MIRROR}/apr/${BPN}-${PV}.tar.bz2 \ file://libtoolize_check.patch \ file://0001-Add-option-to-disable-timed-dependant-tests.patch \ file://autoconf270.patch \ + file://CVE-2021-35940.patch \ " SRC_URI[md5sum] = "7a14a83d664e87599ea25ff4432e48a7" -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#155937): https://lists.openembedded.org/g/openembedded-core/message/155937 Mute This Topic: https://lists.openembedded.org/mt/85526150/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [master][honister][hardknott][PATCH] apr: Security fix for CVE-2021-35940
An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same issue. Signed-off-by: Armin Kuster --- .../apr/apr/CVE-2021-35940.patch | 58 +++ meta/recipes-support/apr/apr_1.7.0.bb | 1 + 2 files changed, 59 insertions(+) create mode 100644 meta/recipes-support/apr/apr/CVE-2021-35940.patch diff --git a/meta/recipes-support/apr/apr/CVE-2021-35940.patch b/meta/recipes-support/apr/apr/CVE-2021-35940.patch new file mode 100644 index 00..00befdacee --- /dev/null +++ b/meta/recipes-support/apr/apr/CVE-2021-35940.patch @@ -0,0 +1,58 @@ + +SECURITY: CVE-2021-35940 (cve.mitre.org) + +Restore fix for CVE-2017-12613 which was missing in 1.7.x branch, though +was addressed in 1.6.x in 1.6.3 and later via r1807976. + +The fix was merged back to 1.7.x in r1891198. + +Since this was a regression in 1.7.0, a new CVE name has been assigned +to track this, CVE-2021-35940. + +Thanks to Iveta Cesalova for reporting this issue. + +https://svn.apache.org/viewvc?view=revision=1891198 + +Upstream-Status: Backport +CVE: CVE-2021-35940 +Signed-off-by: Armin Kuster + + +Index: time/unix/time.c +=== +--- a/time/unix/time.c (revision 1891197) b/time/unix/time.c (revision 1891198) +@@ -142,6 +142,9 @@ + static const int dayoffset[12] = + {306, 337, 0, 31, 61, 92, 122, 153, 184, 214, 245, 275}; + ++if (xt->tm_mon < 0 || xt->tm_mon >= 12) ++return APR_EBADDATE; ++ + /* shift new year to 1st March in order to make leap year calc easy */ + + if (xt->tm_mon < 2) +Index: time/win32/time.c +=== +--- a/time/win32/time.c(revision 1891197) b/time/win32/time.c(revision 1891198) +@@ -54,6 +54,9 @@ + static const int dayoffset[12] = + {0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334}; + ++if (tm->wMonth < 1 || tm->wMonth > 12) ++return APR_EBADDATE; ++ + /* Note; the caller is responsible for filling in detailed tm_usec, + * tm_gmtoff and tm_isdst data when applicable. + */ +@@ -228,6 +231,9 @@ + static const int dayoffset[12] = + {306, 337, 0, 31, 61, 92, 122, 153, 184, 214, 245, 275}; + ++if (xt->tm_mon < 0 || xt->tm_mon >= 12) ++return APR_EBADDATE; ++ + /* shift new year to 1st March in order to make leap year calc easy */ + + if (xt->tm_mon < 2) diff --git a/meta/recipes-support/apr/apr_1.7.0.bb b/meta/recipes-support/apr/apr_1.7.0.bb index 82317396cd..b70edfaf42 100644 --- a/meta/recipes-support/apr/apr_1.7.0.bb +++ b/meta/recipes-support/apr/apr_1.7.0.bb @@ -24,6 +24,7 @@ SRC_URI = "${APACHE_MIRROR}/apr/${BPN}-${PV}.tar.bz2 \ file://libtoolize_check.patch \ file://0001-Add-option-to-disable-timed-dependant-tests.patch \ file://autoconf270.patch \ + file://CVE-2021-35940.patch \ " SRC_URI[md5sum] = "7a14a83d664e87599ea25ff4432e48a7" -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#155936): https://lists.openembedded.org/g/openembedded-core/message/155936 Mute This Topic: https://lists.openembedded.org/mt/85526150/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [dunfell][PATCH] libgcrypt: Security fix CVE-2021-33560
From: Armin Kuster Source: https://sources.debian.org/patches/libgcrypt20/1.8.4-5+deb10u1 MR: 111591 Type: Security Fix Disposition: Backport from https://sources.debian.org/data/main/libg/libgcrypt20/1.8.4-5%2Bdeb10u1/debian/patches/31_cipher-Fix-ElGamal-encryption-for-other-implementati.patch ChangeID: d066a9baacc0d967dd80ac54c684cde031ac686e Description: Affects before 1.8.8 and 1.9.x before 1.9.3 Signed-off-by: Armin Kuster --- .../libgcrypt/files/CVE-2021-33560.patch | 109 ++ .../libgcrypt/libgcrypt_1.8.5.bb | 1 + 2 files changed, 110 insertions(+) create mode 100644 meta/recipes-support/libgcrypt/files/CVE-2021-33560.patch diff --git a/meta/recipes-support/libgcrypt/files/CVE-2021-33560.patch b/meta/recipes-support/libgcrypt/files/CVE-2021-33560.patch new file mode 100644 index 00..c0d00485e6 --- /dev/null +++ b/meta/recipes-support/libgcrypt/files/CVE-2021-33560.patch @@ -0,0 +1,109 @@ +From 707c3c5c511ee70ad0e39ec613471f665305fbea Mon Sep 17 00:00:00 2001 +From: NIIBE Yutaka +Date: Fri, 21 May 2021 11:15:07 +0900 +Subject: [PATCH] cipher: Fix ElGamal encryption for other implementations. + +* cipher/elgamal.c (gen_k): Remove support of smaller K. +(do_encrypt): Never use smaller K. +(sign): Folllow the change of gen_k. + +-- + +Cherry-pick master commit of: + 632d80ef30e13de6926d503aa697f92b5dbfbc5e + +This change basically reverts encryption changes in two commits: + + 74386120dad6b3da62db37f7044267c8ef34689b + 78531373a342aeb847950f404343a05e36022065 + +Use of smaller K for ephemeral key in ElGamal encryption is only good, +when we can guarantee that recipient's key is generated by our +implementation (or compatible). + +For detail, please see: + +Luca De Feo, Bertram Poettering, Alessandro Sorniotti, +"On the (in)security of ElGamal in OpenPGP"; +in the proceedings of CCS'2021. + +CVE-id: CVE-2021-33560 +GnuPG-bug-id: 5328 +Suggested-by: Luca De Feo, Bertram Poettering, Alessandro Sorniotti +Signed-off-by: NIIBE Yutaka + +Upstream-Status: Backport +CVE: CVE-2021-33560 +Signed-off-by: Armin Kuster +--- + cipher/elgamal.c | 24 ++-- + 1 file changed, 6 insertions(+), 18 deletions(-) + +diff --git a/cipher/elgamal.c b/cipher/elgamal.c +index 4eb52d62..ae7a631e 100644 +--- a/cipher/elgamal.c b/cipher/elgamal.c +@@ -66,7 +66,7 @@ static const char *elg_names[] = + + + static int test_keys (ELG_secret_key *sk, unsigned int nbits, int nodie); +-static gcry_mpi_t gen_k (gcry_mpi_t p, int small_k); ++static gcry_mpi_t gen_k (gcry_mpi_t p); + static gcry_err_code_t generate (ELG_secret_key *sk, unsigned nbits, + gcry_mpi_t **factors); + static int check_secret_key (ELG_secret_key *sk); +@@ -189,11 +189,10 @@ test_keys ( ELG_secret_key *sk, unsigned int nbits, int nodie ) + + / + * Generate a random secret exponent k from prime p, so that k is +- * relatively prime to p-1. With SMALL_K set, k will be selected for +- * better encryption performance - this must never be used signing! ++ * relatively prime to p-1. + */ + static gcry_mpi_t +-gen_k( gcry_mpi_t p, int small_k ) ++gen_k( gcry_mpi_t p ) + { + gcry_mpi_t k = mpi_alloc_secure( 0 ); + gcry_mpi_t temp = mpi_alloc( mpi_get_nlimbs(p) ); +@@ -202,18 +201,7 @@ gen_k( gcry_mpi_t p, int small_k ) + unsigned int nbits, nbytes; + char *rndbuf = NULL; + +- if (small_k) +-{ +- /* Using a k much lesser than p is sufficient for encryption and +- * it greatly improves the encryption performance. We use +- * Wiener's table and add a large safety margin. */ +- nbits = wiener_map( orig_nbits ) * 3 / 2; +- if( nbits >= orig_nbits ) +-BUG(); +-} +- else +-nbits = orig_nbits; +- ++ nbits = orig_nbits; + + nbytes = (nbits+7)/8; + if( DBG_CIPHER ) +@@ -492,7 +480,7 @@ do_encrypt(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, ELG_public_key *pkey ) +* error code. +*/ + +- k = gen_k( pkey->p, 1 ); ++ k = gen_k( pkey->p ); + mpi_powm (a, pkey->g, k, pkey->p); + + /* b = (y^k * input) mod p +@@ -594,7 +582,7 @@ sign(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, ELG_secret_key *skey ) + * + */ + mpi_sub_ui(p_1, p_1, 1); +-k = gen_k( skey->p, 0 /* no small K ! */ ); ++k = gen_k( skey->p ); + mpi_powm( a, skey->g, k, skey->p ); + mpi_mul(t, skey->x, a ); + mpi_subm(t, input, t, p_1 ); +-- +2.30.2 + diff --git a/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb b/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb index 16a58ad9b8..174b087b24 100644 --- a/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb +++ b/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb @@ -28,6 +28,7 @@ SRC_URI = "${GNUPG_MIRROR}/libgcrypt/libgcrypt-${PV}.tar.bz2 \ file://0002-AES-move-look-up-tables-to-.data-section-and-unshare.patch \
Re: [OE-core] [PATCH] package-manager: escape package names for regexps
On 10/09/2021 21:37:29+0200, Alexandre Belloni wrote: > Hello, > > On 08/09/2021 19:46:41+0200, tobias.kaufm...@wusto.de wrote: > > From: Tobias Kaufmann > > > > If a package-name contains characters which are used > > in regular expressions (e.g. libstdc++) this might > > break the regexp compilation. > > > > To solve this issue the package names are escaped before using > > them in the regular expression > > > > I believe this is the cause of: > https://autobuilder.yoctoproject.org/typhoon/#/builders/79/builds/2528/steps/14/logs/stdio > can you check? > Sorry, to make it easier for you, the error is: ERROR: core-image-minimal-1.0-r0 do_rootfs: Cannot get the installed packages list. Command '/home/pokybuild/yocto-worker/oe-selftest-centos/build/build-st-1565688/tmp/work/qemux86_64-poky-linux/core-image-minimal/1.0-r0/recipe-sysroot-native/usr/bin/dpkg-query --admindir=/home/pokybuild/yocto-worker/oe-selftest-centos/build/build-st-1565688/tmp/work/qemux86_64-poky-linux/core-image-minimal/1.0-r0/rootfs/var/lib/dpkg -W -f=Package: ${Package} Architecture: ${PackageArch} Version: ${Version} File: ${Package}_${Version}_${Architecture}.deb Depends: ${Depends} Recommends: ${Recommends} Provides: ${Provides} ' returned 2: dpkg-query: error: parsing file '/home/pokybuild/yocto-worker/oe-selftest-centos/build/build-st-1565688/tmp/work/qemux86_64-poky-linux/core-image-minimal/1.0-r0/rootfs/var/lib/dpkg/status' near line 1060: invalid package name in 'Package' field: character '\' not allowed (only letters, digits and characters '-+._') > > Signed-off-by: Tobias Kaufmann > > --- > > meta/lib/oe/package_manager/deb/__init__.py | 5 +++-- > > meta/lib/oe/package_manager/ipk/__init__.py | 5 +++-- > > 2 files changed, 6 insertions(+), 4 deletions(-) > > > > diff --git a/meta/lib/oe/package_manager/deb/__init__.py > > b/meta/lib/oe/package_manager/deb/__init__.py > > index 9f112ae25b..4d5921044a 100644 > > --- a/meta/lib/oe/package_manager/deb/__init__.py > > +++ b/meta/lib/oe/package_manager/deb/__init__.py > > @@ -208,8 +208,9 @@ class DpkgPM(OpkgDpkgPM): > > > > status = sf.read() > > for pkg in packages: > > -status = re.sub(r"Package: > > %s\n((?:[^\n]+\n)*?)Status: (.*)(?:unpacked|installed)" % pkg, > > -r"Package: %s\n\1Status: \2%s" % > > (pkg, status_tag), > > +_pkg = re.escape(pkg) > > +status = re.sub(r"Package: > > %s\n((?:[^\n]+\n)*?)Status: (.*)(?:unpacked|installed)" % _pkg, > > +r"Package: %s\n\1Status: \2%s" % > > (_pkg, status_tag), > > status) > > > > tmp_sf.write(status) > > diff --git a/meta/lib/oe/package_manager/ipk/__init__.py > > b/meta/lib/oe/package_manager/ipk/__init__.py > > index 4cd3963111..503a4f5181 100644 > > --- a/meta/lib/oe/package_manager/ipk/__init__.py > > +++ b/meta/lib/oe/package_manager/ipk/__init__.py > > @@ -207,8 +207,9 @@ class OpkgPM(OpkgDpkgPM): > > > > status = sf.read() > > for pkg in packages: > > -status = re.sub(r"Package: > > %s\n((?:[^\n]+\n)*?)Status: (.*)(?:unpacked|installed)" % pkg, > > -r"Package: %s\n\1Status: \2%s" % > > (pkg, status_tag), > > +_pkg = re.escape(pkg) > > +status = re.sub(r"Package: > > %s\n((?:[^\n]+\n)*?)Status: (.*)(?:unpacked|installed)" % _pkg, > > +r"Package: %s\n\1Status: \2%s" % > > (_pkg, status_tag), > > status) > > > > tmp_sf.write(status) > > -- > > 2.33.0 > > > > > > > > > > > > -- > Alexandre Belloni, co-owner and COO, Bootlin > Embedded Linux and Kernel engineering > https://bootlin.com -- Alexandre Belloni, co-owner and COO, Bootlin Embedded Linux and Kernel engineering https://bootlin.com -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#155934): https://lists.openembedded.org/g/openembedded-core/message/155934 Mute This Topic: https://lists.openembedded.org/mt/85465297/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH] package-manager: escape package names for regexps
Hello, On 08/09/2021 19:46:41+0200, tobias.kaufm...@wusto.de wrote: > From: Tobias Kaufmann > > If a package-name contains characters which are used > in regular expressions (e.g. libstdc++) this might > break the regexp compilation. > > To solve this issue the package names are escaped before using > them in the regular expression > I believe this is the cause of: https://autobuilder.yoctoproject.org/typhoon/#/builders/79/builds/2528/steps/14/logs/stdio can you check? > Signed-off-by: Tobias Kaufmann > --- > meta/lib/oe/package_manager/deb/__init__.py | 5 +++-- > meta/lib/oe/package_manager/ipk/__init__.py | 5 +++-- > 2 files changed, 6 insertions(+), 4 deletions(-) > > diff --git a/meta/lib/oe/package_manager/deb/__init__.py > b/meta/lib/oe/package_manager/deb/__init__.py > index 9f112ae25b..4d5921044a 100644 > --- a/meta/lib/oe/package_manager/deb/__init__.py > +++ b/meta/lib/oe/package_manager/deb/__init__.py > @@ -208,8 +208,9 @@ class DpkgPM(OpkgDpkgPM): > > status = sf.read() > for pkg in packages: > -status = re.sub(r"Package: > %s\n((?:[^\n]+\n)*?)Status: (.*)(?:unpacked|installed)" % pkg, > -r"Package: %s\n\1Status: \2%s" % > (pkg, status_tag), > +_pkg = re.escape(pkg) > +status = re.sub(r"Package: > %s\n((?:[^\n]+\n)*?)Status: (.*)(?:unpacked|installed)" % _pkg, > +r"Package: %s\n\1Status: \2%s" % > (_pkg, status_tag), > status) > > tmp_sf.write(status) > diff --git a/meta/lib/oe/package_manager/ipk/__init__.py > b/meta/lib/oe/package_manager/ipk/__init__.py > index 4cd3963111..503a4f5181 100644 > --- a/meta/lib/oe/package_manager/ipk/__init__.py > +++ b/meta/lib/oe/package_manager/ipk/__init__.py > @@ -207,8 +207,9 @@ class OpkgPM(OpkgDpkgPM): > > status = sf.read() > for pkg in packages: > -status = re.sub(r"Package: > %s\n((?:[^\n]+\n)*?)Status: (.*)(?:unpacked|installed)" % pkg, > -r"Package: %s\n\1Status: \2%s" % > (pkg, status_tag), > +_pkg = re.escape(pkg) > +status = re.sub(r"Package: > %s\n((?:[^\n]+\n)*?)Status: (.*)(?:unpacked|installed)" % _pkg, > +r"Package: %s\n\1Status: \2%s" % > (_pkg, status_tag), > status) > > tmp_sf.write(status) > -- > 2.33.0 > > > > -- Alexandre Belloni, co-owner and COO, Bootlin Embedded Linux and Kernel engineering https://bootlin.com -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#155933): https://lists.openembedded.org/g/openembedded-core/message/155933 Mute This Topic: https://lists.openembedded.org/mt/85465297/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [pseudo][PATCH v2] fcntl: Add support for fcntl F_GETPIPE_SZ and F_SETPIPE_SZ
On Fri, 2021-09-10 at 17:36 +0100, Mike Crowe wrote: > On Monday 06 September 2021 at 17:37:14 +0100, Mike Crowe via > lists.openembedded.org wrote: > > On Friday 13 August 2021 at 12:05:09 +0100, Mike Crowe via > > lists.openembedded.org wrote: > > > When running the test suite on my Debian 11 box I see many occurrences > > > of: > > > > > > unknown fcntl argument 1032, assuming long argument. > > > > > > (for example from test-execl.sh.) > > > > > > It appears that this is F_GETPIPE_SZ and it takes no arguments. Let's > > > add it and the corresponding F_SETPIPE_SZ too to avoid the warning > > > messages. > > > > > > F_SETPIPE_SZ accepts an int argument, which strictly speaking isn't the > > > same as the long that the wrapper expects. However, this is also true > > > for F_DUPFD which seems to be working correctly on all the targets that > > > people care about. > > > > > > We need to define the command constants if the system headers don't > > > provide them to ensure that a binary built on an old system works > > > without the new commands works correctly only a newer one that tries to > > > use them. If the system values differ from the expected ones then such a > > > binary would also be incompatible, so fail the build in that case too. > > > > > > Signed-off-by: Mike Crowe > > > --- > > > Makefile.in | 1 + > > > ports/linux/guts/fcntl.c | 21 +++ > > > test/test-fcntl.c| 58 > > > test/test-fcntl.sh | 5 > > > 4 files changed, 85 insertions(+) > > > create mode 100644 test/test-fcntl.c > > > create mode 100755 test/test-fcntl.sh > > Hi Richard & Seebs, > > It looks like only part of this change landed as > 328452d74917ce9314c8c4afe2bd277473a4c076: > > > Makefile.in | 1 + > > ports/linux/guts/fcntl.c | 21 + > > This means that the tests no longer pass: > > cc: error: test/test-fcntl.c: No such file or directory > > It looks like something similar happened with test-statx leading to > https://lists.openembedded.org/g/openembedded-core/message/154797 so I > wonder whether there's some sort of tooling fault somewhere? Thanks, I've added those. I really don't know what happened. This all gets tricky as I have to fix up the email list mangling of your sender addresses, get these patches applied in a pseudo recipe as patches, run test builds, then get the patches over to the pseudo repo, push those then update the recipe. I guess the issue is we don't run the pseudo tests anywhere so we don't spot when they're missing. For most other issues I would see failures and fix things. Not sure if/where we'd want to run them but it is something to think about. We don't really have a good place for native tool testing. Cheers, Richard -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#155932): https://lists.openembedded.org/g/openembedded-core/message/155932 Mute This Topic: https://lists.openembedded.org/mt/84860960/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [pseudo][PATCH v2] fcntl: Add support for fcntl F_GETPIPE_SZ and F_SETPIPE_SZ
On Monday 06 September 2021 at 17:37:14 +0100, Mike Crowe via lists.openembedded.org wrote: > On Friday 13 August 2021 at 12:05:09 +0100, Mike Crowe via > lists.openembedded.org wrote: > > When running the test suite on my Debian 11 box I see many occurrences > > of: > > > > unknown fcntl argument 1032, assuming long argument. > > > > (for example from test-execl.sh.) > > > > It appears that this is F_GETPIPE_SZ and it takes no arguments. Let's > > add it and the corresponding F_SETPIPE_SZ too to avoid the warning > > messages. > > > > F_SETPIPE_SZ accepts an int argument, which strictly speaking isn't the > > same as the long that the wrapper expects. However, this is also true > > for F_DUPFD which seems to be working correctly on all the targets that > > people care about. > > > > We need to define the command constants if the system headers don't > > provide them to ensure that a binary built on an old system works > > without the new commands works correctly only a newer one that tries to > > use them. If the system values differ from the expected ones then such a > > binary would also be incompatible, so fail the build in that case too. > > > > Signed-off-by: Mike Crowe > > --- > > Makefile.in | 1 + > > ports/linux/guts/fcntl.c | 21 +++ > > test/test-fcntl.c| 58 > > test/test-fcntl.sh | 5 > > 4 files changed, 85 insertions(+) > > create mode 100644 test/test-fcntl.c > > create mode 100755 test/test-fcntl.sh Hi Richard & Seebs, It looks like only part of this change landed as 328452d74917ce9314c8c4afe2bd277473a4c076: | Makefile.in | 1 + | ports/linux/guts/fcntl.c | 21 + This means that the tests no longer pass: cc: error: test/test-fcntl.c: No such file or directory It looks like something similar happened with test-statx leading to https://lists.openembedded.org/g/openembedded-core/message/154797 so I wonder whether there's some sort of tooling fault somewhere? Thanks. Mike. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#155931): https://lists.openembedded.org/g/openembedded-core/message/155931 Mute This Topic: https://lists.openembedded.org/mt/84860960/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core][dunfell 0/6] Pull request (cover letter only)
On Thu, 2021-09-09 at 16:58 -1000, Steve Sakoman wrote: > The following changes since commit b46b059a306b2823624e64adecded9f76430471a: > > layer.conf: fix syntax error in PATH setting (2021-09-03 04:05:12 -1000) > > are available in the Git repository at: > > git://git.openembedded.org/openembedded-core-contrib stable/dunfell-next > > http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-next > > Changqing Li (1): > gdk-pixbuf: fix CVE-2021-20240 > > Martin Jansa (1): > default-distrovars.inc: Set BBINCLUDELOGS to empty to disable printing > failed task output multiple times I've merged this apart from the above patch since this was just reverted in master with better fixes in bitbake. Cheers, Richard -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#155930): https://lists.openembedded.org/g/openembedded-core/message/155930 Mute This Topic: https://lists.openembedded.org/mt/85501406/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [dunfell][PATCH] glib-2.0: Several Security fixes
From: Armin Kuster Source: https://gitlab.gnome.org/GNOME/glib MR: 108788, 108795, 109707 Type: Security Fix https://gitlab.gnome.org/GNOME/glib branch glic-2-66 Disposition: Backport from ChangeID: 96b965a23bcdb0881b0de534d6eb5878f6d99d9a Description: https://gitlab.gnome.org/GNOME/glib/-/commit/e8fe1d51fe07f506211680c76145eea737f4bf30 https://gitlab.gnome.org/GNOME/glib/-/commit/8670c78dabefe5621e8a073fff3eb4235afb6254 https://gitlab.gnome.org/GNOME/glib/-/commit/01c5468e10707cbf78e6e83bbcf1ce9c866f2885 Fixes: CVE-2021-27219 CVE-2021-27218 CVE-2021-28153 Signed-off-by: Armin Kuster --- .../glib-2.0/glib-2.0/CVE-2021-27218.patch| 132 +++ .../glib-2.0/glib-2.0/CVE-2021-27219_1.patch | 175 ++ .../glib-2.0/glib-2.0/CVE-2021-27219_10.patch | 60 .../glib-2.0/glib-2.0/CVE-2021-27219_2.patch | 264 ++ .../glib-2.0/glib-2.0/CVE-2021-27219_3.patch | 138 .../glib-2.0/glib-2.0/CVE-2021-27219_4.patch | 322 ++ .../glib-2.0/glib-2.0/CVE-2021-27219_5.patch | 49 +++ .../glib-2.0/glib-2.0/CVE-2021-27219_6.patch | 99 ++ .../glib-2.0/glib-2.0/CVE-2021-27219_7.patch | 99 ++ .../glib-2.0/glib-2.0/CVE-2021-27219_8.patch | 101 ++ .../glib-2.0/glib-2.0/CVE-2021-27219_9.patch | 57 .../glib-2.0/glib-2.0/CVE-2021-28153.patch| 28 ++ .../glib-2.0/glib-2.0/CVE-2021-28153_2.patch | 43 +++ .../glib-2.0/glib-2.0/CVE-2021-28153_3.patch | 56 +++ .../glib-2.0/glib-2.0/CVE-2021-28153_4.patch | 261 ++ .../glib-2.0/glib-2.0/CVE-2021-28153_5.patch | 56 +++ meta/recipes-core/glib-2.0/glib-2.0_2.62.6.bb | 15 + 17 files changed, 1955 insertions(+) create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27218.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219_1.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219_10.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219_2.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219_3.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219_4.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219_5.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219_6.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219_7.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219_8.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219_9.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-28153.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-28153_2.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-28153_3.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-28153_4.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-28153_5.patch diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27218.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27218.patch new file mode 100644 index 00..85d79d07f1 --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27218.patch @@ -0,0 +1,132 @@ +From 0f384c88a241bbbd884487b1c40b7b75f1e638d3 Mon Sep 17 00:00:00 2001 +From: Krzesimir Nowak +Date: Wed, 10 Feb 2021 23:51:07 +0100 +Subject: [PATCH] gbytearray: Do not accept too large byte arrays + +GByteArray uses guint for storing the length of the byte array, but it +also has a constructor (g_byte_array_new_take) that takes length as a +gsize. gsize may be larger than guint (64 bits for gsize vs 32 bits +for guint). It is possible to call the function with a value greater +than G_MAXUINT, which will result in silent length truncation. This +may happen as a result of unreffing GBytes into GByteArray, so rather +be loud about it. + +(Test case tweaked by Philip Withnall.) + +(Backport 2.66: Add #include gstrfuncsprivate.h in the test case for +`g_memdup2()`.) + +Upstream-Status: Backport +CVE: CVE-2021-27218 +Signed-off-by: Armin Kuster + +--- + glib/garray.c | 6 ++ + glib/gbytes.c | 4 + glib/tests/bytes.c | 35 ++- + 3 files changed, 44 insertions(+), 1 deletion(-) + +Index: glib-2.62.6/glib/garray.c +=== +--- glib-2.62.6.orig/glib/garray.c glib-2.62.6/glib/garray.c +@@ -2013,6 +2013,10 @@ g_byte_array_new (void) + * Create byte array containing the data. The data will be owned by the array + * and will be freed with g_free(), i.e. it could be allocated using g_strdup(). + * ++ * Do not use it if @len is greater than %G_MAXUINT. #GByteArray ++ * stores the length of its data in #guint, which may be shorter than ++ * #gsize. ++ * + * Since: 2.32 + * + * Returns: (transfer full): a new #GByteArray +@@ -2024,6 +2028,8 @@ g_byte_array_new_take (guint8 *data, + GByteArray *array; + GRealArray *real; + ++ g_return_val_if_fail
[OE-core][dunfell 9/9] go: Several Security fixes
From: Armin Kuster Source: golang.org MR: 111958, 112390, 112393 Type: Security Fix Disposition: Backport from https://github.com/golang/go.git ChangeID: 662d021814f025b3d768a04864498486f94819a7 Description: Affects < 1.16.5 Fixes: CVE-2021-33196 CVE-2021-33197 CVE-2021-34558 Signed-off-by: Armin Kuster Signed-off-by: Steve Sakoman --- meta/recipes-devtools/go/go-1.14.inc | 3 + .../go/go-1.14/CVE-2021-33196.patch | 124 ++ .../go/go-1.14/CVE-2021-33197.patch | 152 ++ .../go/go-1.14/CVE-2021-34558.patch | 51 ++ 4 files changed, 330 insertions(+) create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2021-33196.patch create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2021-33197.patch create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2021-34558.patch diff --git a/meta/recipes-devtools/go/go-1.14.inc b/meta/recipes-devtools/go/go-1.14.inc index 50136ca841..abc6f42184 100644 --- a/meta/recipes-devtools/go/go-1.14.inc +++ b/meta/recipes-devtools/go/go-1.14.inc @@ -16,6 +16,9 @@ SRC_URI += "\ file://0006-cmd-dist-separate-host-and-target-builds.patch \ file://0007-cmd-go-make-GOROOT-precious-by-default.patch \ file://0008-use-GOBUILDMODE-to-set-buildmode.patch \ +file://CVE-2021-34558.patch \ +file://CVE-2021-33196.patch \ +file://CVE-2021-33197.patch \ " SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch" SRC_URI[main.sha256sum] = "7ed13b2209e54a451835997f78035530b331c5b6943cdcd68a3d815fdc009149" diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2021-33196.patch b/meta/recipes-devtools/go/go-1.14/CVE-2021-33196.patch new file mode 100644 index 00..2e2dc62c49 --- /dev/null +++ b/meta/recipes-devtools/go/go-1.14/CVE-2021-33196.patch @@ -0,0 +1,124 @@ +From 74242baa4136c7a9132a8ccd9881354442788c8c Mon Sep 17 00:00:00 2001 +From: Roland Shoemaker +Date: Tue, 11 May 2021 11:31:31 -0700 +Subject: [PATCH] archive/zip: only preallocate File slice if reasonably sized + +Since the number of files in the EOCD record isn't validated, it isn't +safe to preallocate Reader.Files using that field. A malformed archive +can indicate it contains up to 1 << 128 - 1 files. We can still safely +preallocate the slice by checking if the specified number of files in +the archive is reasonable, given the size of the archive. + +Thanks to the OSS-Fuzz project for discovering this issue and to +Emmanuel Odeke for reporting it. + +Fixes #46242 +Fixes CVE-2021-33196 + +Change-Id: I3c76d8eec178468b380d87fdb4a3f2cb06f0ee76 +Reviewed-on: https://go-review.googlesource.com/c/go/+/318909 +Trust: Roland Shoemaker +Trust: Katie Hockman +Trust: Joe Tsai +Run-TryBot: Roland Shoemaker +TryBot-Result: Go Bot +Reviewed-by: Katie Hockman +Reviewed-by: Joe Tsai + +Upstream-Status: Backport +CVE: CVE-2021-33196 +Signed-off-by: Armin Kuster + +--- + src/archive/zip/reader.go | 10 +- + src/archive/zip/reader_test.go | 59 ++ + 2 files changed, 68 insertions(+), 1 deletion(-) + +Index: go/src/archive/zip/reader.go +=== +--- go.orig/src/archive/zip/reader.go go/src/archive/zip/reader.go +@@ -84,7 +84,15 @@ func (z *Reader) init(r io.ReaderAt, siz + return err + } + z.r = r +- z.File = make([]*File, 0, end.directoryRecords) ++ // Since the number of directory records is not validated, it is not ++ // safe to preallocate z.File without first checking that the specified ++ // number of files is reasonable, since a malformed archive may ++ // indicate it contains up to 1 << 128 - 1 files. Since each file has a ++ // header which will be _at least_ 30 bytes we can safely preallocate ++ // if (data size / 30) >= end.directoryRecords. ++ if (uint64(size)-end.directorySize)/30 >= end.directoryRecords { ++ z.File = make([]*File, 0, end.directoryRecords) ++ } + z.Comment = end.comment + rs := io.NewSectionReader(r, 0, size) + if _, err = rs.Seek(int64(end.directoryOffset), io.SeekStart); err != nil { +Index: go/src/archive/zip/reader_test.go +=== +--- go.orig/src/archive/zip/reader_test.go go/src/archive/zip/reader_test.go +@@ -1070,3 +1070,62 @@ func TestIssue12449(t *testing.T) { + t.Errorf("Error reading the archive: %v", err) + } + } ++ ++func TestCVE202133196(t *testing.T) { ++ // Archive that indicates it has 1 << 128 -1 files, ++ // this would previously cause a panic due to attempting ++ // to allocate a slice with 1 << 128 -1 elements. ++ data := []byte{ ++ 0x50, 0x4b, 0x03, 0x04, 0x14, 0x00, 0x08, 0x08, ++ 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++
[OE-core][dunfell 8/9] xserver-xorg: Security fix for CVE-2020-14360/-25712
From: Armin Kuster Source: https://gitlab.freedesktop.org/xorg/xserver MR: 108223, Type: Security Fix Disposition: Backport from https://gitlab.freedesktop.org/xorg/xserver/-/commit/446ff2d3177087b8173fa779fa5b77a2a128988b and https://gitlab.freedesktop.org/xorg/xserver/-/commit/87c64fc5b0db9f62f4e361444f4b60501ebf67b9 ChangeID: 496c2a2d80e4f8fff9b0d3148fca70c090cec31e Description: affects < 1.20.10 Fixes CVE-2020-14360 and CVE-2020-25712 Signed-off-by: Armin Kuster Signed-off-by: Steve Sakoman --- .../xserver-xorg/CVE-2020-14360.patch | 132 ++ .../xserver-xorg/CVE-2020-25712.patch | 102 ++ .../xorg-xserver/xserver-xorg_1.20.8.bb | 2 + 3 files changed, 236 insertions(+) create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14360.patch create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-25712.patch diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14360.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14360.patch new file mode 100644 index 00..e9ab42742e --- /dev/null +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14360.patch @@ -0,0 +1,132 @@ +From 446ff2d3177087b8173fa779fa5b77a2a128988b Mon Sep 17 00:00:00 2001 +From: Matthieu Herrb +Date: Thu, 12 Nov 2020 19:15:07 +0100 +Subject: [PATCH] Check SetMap request length carefully. + +Avoid out of bounds memory accesses on too short request. + +ZDI-CAN 11572 / CVE-2020-14360 + +This vulnerability was discovered by: +Jan-Niklas Sohn working with Trend Micro Zero Day Initiative + +Signed-off-by: Matthieu Herrb + +Upstream-Status: Backport +https://gitlab.freedesktop.org/xorg/xserver/-/commit/446ff2d3177087b8173fa779fa5b77a2a128988b +CVE: CVE-2020-14360 +Signed-off-by: Armin Kuster +--- + xkb/xkb.c | 92 +++ + 1 file changed, 92 insertions(+) + +Index: xorg-server-1.20.8/xkb/xkb.c +=== +--- xorg-server-1.20.8.orig/xkb/xkb.c xorg-server-1.20.8/xkb/xkb.c +@@ -2382,6 +2382,93 @@ SetVirtualModMap(XkbSrvInfoPtr xkbi, + return (char *) wire; + } + ++#define _add_check_len(new) \ ++if (len > UINT32_MAX - (new) || len > req_len - (new)) goto bad; \ ++else len += new ++ ++/** ++ * Check the length of the SetMap request ++ */ ++static int ++_XkbSetMapCheckLength(xkbSetMapReq *req) ++{ ++size_t len = sz_xkbSetMapReq, req_len = req->length << 2; ++xkbKeyTypeWireDesc *keytype; ++xkbSymMapWireDesc *symmap; ++BOOL preserve; ++int i, map_count, nSyms; ++ ++if (req_len < len) ++goto bad; ++/* types */ ++if (req->present & XkbKeyTypesMask) { ++keytype = (xkbKeyTypeWireDesc *)(req + 1); ++for (i = 0; i < req->nTypes; i++) { ++_add_check_len(XkbPaddedSize(sz_xkbKeyTypeWireDesc)); ++if (req->flags & XkbSetMapResizeTypes) { ++_add_check_len(keytype->nMapEntries ++ * sz_xkbKTSetMapEntryWireDesc); ++preserve = keytype->preserve; ++map_count = keytype->nMapEntries; ++if (preserve) { ++_add_check_len(map_count * sz_xkbModsWireDesc); ++} ++keytype += 1; ++keytype = (xkbKeyTypeWireDesc *) ++ ((xkbKTSetMapEntryWireDesc *)keytype + map_count); ++if (preserve) ++keytype = (xkbKeyTypeWireDesc *) ++ ((xkbModsWireDesc *)keytype + map_count); ++} ++} ++} ++/* syms */ ++if (req->present & XkbKeySymsMask) { ++symmap = (xkbSymMapWireDesc *)((char *)req + len); ++for (i = 0; i < req->nKeySyms; i++) { ++_add_check_len(sz_xkbSymMapWireDesc); ++nSyms = symmap->nSyms; ++_add_check_len(nSyms*sizeof(CARD32)); ++symmap += 1; ++symmap = (xkbSymMapWireDesc *)((CARD32 *)symmap + nSyms); ++} ++} ++/* actions */ ++if (req->present & XkbKeyActionsMask) { ++_add_check_len(req->totalActs * sz_xkbActionWireDesc ++ + XkbPaddedSize(req->nKeyActs)); ++} ++/* behaviours */ ++if (req->present & XkbKeyBehaviorsMask) { ++_add_check_len(req->totalKeyBehaviors * sz_xkbBehaviorWireDesc); ++} ++/* vmods */ ++if (req->present & XkbVirtualModsMask) { ++_add_check_len(XkbPaddedSize(Ones(req->virtualMods))); ++} ++/* explicit */ ++if (req->present & XkbExplicitComponentsMask) { ++/* two bytes per non-zero explicit componen */ ++_add_check_len(XkbPaddedSize(req->totalKeyExplicit * sizeof(CARD16))); ++} ++/* modmap */ ++if (req->present & XkbModifierMapMask) { ++ /* two bytes per non-zero modmap component */ ++
[OE-core][dunfell 7/9] go: Exclude CVE-2021-29923 from report list
From: Richard Purdie Upstream don't believe it is a signifiant real world issue and will only fix in 1.17 onwards. Therefore exclude it from our reports. https://github.com/golang/go/issues/30999#issuecomment-910470358 Signed-off-by: Richard Purdie (cherry picked from commit 5bd5faf0c34b47b2443975d66b71482d2380a01a) Signed-off-by: Steve Sakoman --- meta/recipes-devtools/go/go-1.14.inc | 6 ++ 1 file changed, 6 insertions(+) diff --git a/meta/recipes-devtools/go/go-1.14.inc b/meta/recipes-devtools/go/go-1.14.inc index 3dfd671d11..50136ca841 100644 --- a/meta/recipes-devtools/go/go-1.14.inc +++ b/meta/recipes-devtools/go/go-1.14.inc @@ -19,3 +19,9 @@ SRC_URI += "\ " SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch" SRC_URI[main.sha256sum] = "7ed13b2209e54a451835997f78035530b331c5b6943cdcd68a3d815fdc009149" + +# Upstream don't believe it is a signifiant real world issue and will only +# fix in 1.17 onwards where we can drop this. +# https://github.com/golang/go/issues/30999#issuecomment-910470358 +CVE_CHECK_WHITELIST += "CVE-2021-29923" + -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#155926): https://lists.openembedded.org/g/openembedded-core/message/155926 Mute This Topic: https://lists.openembedded.org/mt/85510119/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 6/9] flex: Add CVE-2019-6293 to exclusions for checks
From: Richard Purdie CVE is effectively disputed - yes there is stack exhaustion but no bug and it is building the parser, not running it, effectively similar to a compiler ICE. Upstream no plans to address and there is no security issue. https://github.com/westes/flex/issues/414 Signed-off-by: Richard Purdie (cherry picked from commit 0cae5d7a24bedf6784781b62cbb3795a44bab4d1) Signed-off-by: Steve Sakoman --- meta/conf/distro/include/cve-extra-exclusions.inc | 4 meta/recipes-devtools/flex/flex_2.6.4.bb | 5 + 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/meta/conf/distro/include/cve-extra-exclusions.inc b/meta/conf/distro/include/cve-extra-exclusions.inc index cf07acce1d..a6f52b5de7 100644 --- a/meta/conf/distro/include/cve-extra-exclusions.inc +++ b/meta/conf/distro/include/cve-extra-exclusions.inc @@ -61,10 +61,6 @@ CVE_CHECK_WHITELIST += "CVE-2020-29509 CVE-2020-29511" # There was a proposed patch https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html # however qemu maintainers are sure the patch is incorrect and should not be applied. -# flex:flex-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-6293 -# Upstream bug, still open: https://github.com/westes/flex/issues/414 -# Causes memory exhaustion so potential DoS but no buffer overflow, low priority - # wget https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31879 # https://mail.gnu.org/archive/html/bug-wget/2021-02/msg2.html # No response upstream as of 2021/5/12 diff --git a/meta/recipes-devtools/flex/flex_2.6.4.bb b/meta/recipes-devtools/flex/flex_2.6.4.bb index 1d43d2228a..50d3bf8de1 100644 --- a/meta/recipes-devtools/flex/flex_2.6.4.bb +++ b/meta/recipes-devtools/flex/flex_2.6.4.bb @@ -26,6 +26,11 @@ SRC_URI[sha256sum] = "e87aae032bf07c26f85ac0ed3250998c37621d95f8bd748b31f15b33c4 UPSTREAM_CHECK_URI = "https://github.com/westes/flex/releases; UPSTREAM_CHECK_REGEX = "flex-(?P\d+(\.\d+)+)\.tar" +# Disputed - yes there is stack exhaustion but no bug and it is building the +# parser, not running it, effectively similar to a compiler ICE. Upstream no plans to address +# https://github.com/westes/flex/issues/414 +CVE_CHECK_WHITELIST += "CVE-2019-6293" + inherit autotools gettext texinfo ptest M4 = "${bindir}/m4" -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#155925): https://lists.openembedded.org/g/openembedded-core/message/155925 Mute This Topic: https://lists.openembedded.org/mt/85510117/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 5/9] dbus: upgrade 1.12.18 -> 1.12.20
From: Wang Mingyu Source: https://git.openembedded.org/openembedded-core MR: 108825 Type: Security Fix Disposition: Backport from https://git.openembedded.org/openembedded-core/commit/meta/recipes-core/dbus?id=bfaef91e77cd54e4f642e966903aac3f3291c325 ChangeID: bfaef91e77cd54e4f642e966903aac3f3291c325 Description: Bugz only update Includes fix for CVE-2020-35512 ab88811768 (HEAD, tag: dbus-1.12.20) v1.12.20 5757fd5480 Update NEWS f3b2574f0c userdb: Reference-count DBusUserInfo, DBusGroupInfo <- cve fix 37b36d49a6 userdb: Make lookups return a const pointer 732284d530 Solaris and derivatives do not adjust cmsg_len on MSG_CTRUNC 1f8c42c7cd Start 1.12.20 development (From OE-Core rev: bfaef91e77cd54e4f642e966903aac3f3291c325) Signed-off-by: Wang Mingyu Signed-off-by: Richard Purdie (cherry picked from commit bfaef91e77cd54e4f642e966903aac3f3291c325) Signed-off-by: Armin Kuster Signed-off-by: Steve Sakoman --- .../dbus/{dbus-test_1.12.18.bb => dbus-test_1.12.20.bb} | 0 meta/recipes-core/dbus/dbus.inc | 4 ++-- meta/recipes-core/dbus/{dbus_1.12.18.bb => dbus_1.12.20.bb} | 0 3 files changed, 2 insertions(+), 2 deletions(-) rename meta/recipes-core/dbus/{dbus-test_1.12.18.bb => dbus-test_1.12.20.bb} (100%) rename meta/recipes-core/dbus/{dbus_1.12.18.bb => dbus_1.12.20.bb} (100%) diff --git a/meta/recipes-core/dbus/dbus-test_1.12.18.bb b/meta/recipes-core/dbus/dbus-test_1.12.20.bb similarity index 100% rename from meta/recipes-core/dbus/dbus-test_1.12.18.bb rename to meta/recipes-core/dbus/dbus-test_1.12.20.bb diff --git a/meta/recipes-core/dbus/dbus.inc b/meta/recipes-core/dbus/dbus.inc index 3bdb7ea4ff..dcbcc0a9d6 100644 --- a/meta/recipes-core/dbus/dbus.inc +++ b/meta/recipes-core/dbus/dbus.inc @@ -10,8 +10,8 @@ SRC_URI = "https://dbus.freedesktop.org/releases/dbus/dbus-${PV}.tar.gz \ file://clear-guid_from_server-if-send_negotiate_unix_f.patch \ " -SRC_URI[md5sum] = "4ca570c281be35d0b30ab83436712242" -SRC_URI[sha256sum] = "64cf4d70840230e5e9bc784d153880775ab3db19d656ead8a0cb9c0ab5a95306" +SRC_URI[md5sum] = "dfe8a71f412e0b53be26ed4fbfdc91c4" +SRC_URI[sha256sum] = "f77620140ecb4cdc67f37fb444f8a6bea70b5b6461f12f1cbe2cec60fa7de5fe" EXTRA_OECONF = "--disable-xml-docs \ --disable-doxygen-docs \ diff --git a/meta/recipes-core/dbus/dbus_1.12.18.bb b/meta/recipes-core/dbus/dbus_1.12.20.bb similarity index 100% rename from meta/recipes-core/dbus/dbus_1.12.18.bb rename to meta/recipes-core/dbus/dbus_1.12.20.bb -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#155924): https://lists.openembedded.org/g/openembedded-core/message/155924 Mute This Topic: https://lists.openembedded.org/mt/85510113/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 4/9] dbus,dbus-test: Move common parts to dbus.inc
From: Ovidiu Panait dbus and dbus-test share the same source code and base configuration options, so factor out the common parts into dbus.inc. This way we can eliminate the need to keep the two recipes in sync. When they are not properly in sync (e.g. when dbus recipe has extra patches/config options that are not duplicated in dbus-test) ptest testsuite will actually test a slightly different codebase. This is due to the fact that dbus-test does not run the testsuite against the system libdbus library, but instead it generates a local libdbus.so that needs to configured/compiled as close as possible to the system one. (From OE-Core rev: 1cde2935526d2eec7d6b17a6c622647b0c132439) Signed-off-by: Ovidiu Panait Signed-off-by: Richard Purdie (cherry picked from commit 44ae5d8d6f26fda4ab1a3fef9fc49d74e4ac89f0) Signed-off-by: Armin Kuster Signed-off-by: Steve Sakoman --- meta/recipes-core/dbus/dbus-test_1.12.18.bb | 38 +--- meta/recipes-core/dbus/dbus.inc | 34 ++ meta/recipes-core/dbus/dbus_1.12.18.bb | 39 +++-- 3 files changed, 47 insertions(+), 64 deletions(-) create mode 100644 meta/recipes-core/dbus/dbus.inc diff --git a/meta/recipes-core/dbus/dbus-test_1.12.18.bb b/meta/recipes-core/dbus/dbus-test_1.12.18.bb index 68fcdc847f..755c841bad 100644 --- a/meta/recipes-core/dbus/dbus-test_1.12.18.bb +++ b/meta/recipes-core/dbus/dbus-test_1.12.18.bb @@ -1,53 +1,31 @@ SUMMARY = "D-Bus test package (for D-bus functionality testing only)" HOMEPAGE = "http://dbus.freedesktop.org; SECTION = "base" -LICENSE = "AFL-2.1 | GPLv2+" -LIC_FILES_CHKSUM = "file://COPYING;md5=10dded3b58148f3f1fd804b26354af3e \ - file://dbus/dbus.h;beginline=6;endline=20;md5=7755c9d7abccd5dbd25a6a974538bb3c" -DEPENDS = "dbus glib-2.0" +require dbus.inc -RDEPENDS_${PN}-dev = "" +SRC_URI += "file://run-ptest \ +file://python-config.patch \ + " -SRC_URI = "http://dbus.freedesktop.org/releases/dbus/dbus-${PV}.tar.gz \ - file://tmpdir.patch \ - file://run-ptest \ - file://python-config.patch \ - file://clear-guid_from_server-if-send_negotiate_unix_f.patch \ - " +DEPENDS = "dbus glib-2.0" -SRC_URI[md5sum] = "4ca570c281be35d0b30ab83436712242" -SRC_URI[sha256sum] = "64cf4d70840230e5e9bc784d153880775ab3db19d656ead8a0cb9c0ab5a95306" +RDEPENDS_${PN}-dev = "" S="${WORKDIR}/dbus-${PV}" FILESEXTRAPATHS =. "${FILE_DIRNAME}/dbus:" -inherit autotools pkgconfig gettext ptest upstream-version-is-even +inherit ptest -EXTRA_OECONF = "--enable-tests \ +EXTRA_OECONF += "--enable-tests \ --enable-modular-tests \ --enable-installed-tests \ --enable-checks \ --enable-asserts \ ---enable-largefile \ ---disable-xml-docs \ ---disable-doxygen-docs \ ---disable-libaudit \ --with-dbus-test-dir=${PTEST_PATH} \ --enable-embedded-tests \ " -EXTRA_OECONF_append_class-target = " SYSTEMCTL=${base_bindir}/systemctl" - -PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd x11', d)}" -PACKAGECONFIG_class-native = "" -PACKAGECONFIG_class-nativesdk = "" - -PACKAGECONFIG[systemd] = "--enable-systemd --with-systemdsystemunitdir=${systemd_system_unitdir},--disable-systemd --without-systemdsystemunitdir,systemd" -PACKAGECONFIG[x11] = "--with-x --enable-x11-autolaunch,--without-x --disable-x11-autolaunch, virtual/libx11 libsm" -PACKAGECONFIG[user-session] = "--enable-user-session --with-systemduserunitdir=${systemd_user_unitdir},--disable-user-session" -PACKAGECONFIG[verbose-mode] = "--enable-verbose-mode,,," - do_install() { : } diff --git a/meta/recipes-core/dbus/dbus.inc b/meta/recipes-core/dbus/dbus.inc new file mode 100644 index 00..3bdb7ea4ff --- /dev/null +++ b/meta/recipes-core/dbus/dbus.inc @@ -0,0 +1,34 @@ +inherit autotools pkgconfig gettext upstream-version-is-even + +LICENSE = "AFL-2.1 | GPLv2+" +LIC_FILES_CHKSUM = "file://COPYING;md5=10dded3b58148f3f1fd804b26354af3e \ + file://dbus/dbus.h;beginline=6;endline=20;md5=7755c9d7abccd5dbd25a6a974538bb3c" + +SRC_URI = "https://dbus.freedesktop.org/releases/dbus/dbus-${PV}.tar.gz \ + file://tmpdir.patch \ + file://dbus-1.init \ + file://clear-guid_from_server-if-send_negotiate_unix_f.patch \ +" + +SRC_URI[md5sum] = "4ca570c281be35d0b30ab83436712242" +SRC_URI[sha256sum] = "64cf4d70840230e5e9bc784d153880775ab3db19d656ead8a0cb9c0ab5a95306" + +EXTRA_OECONF = "--disable-xml-docs \ +--disable-doxygen-docs \ +--disable-libaudit \ +--enable-largefile \ +--with-system-socket=/run/dbus/system_bus_socket \ +" +EXTRA_OECONF_append_class-target = " SYSTEMCTL=${base_bindir}/systemctl" +EXTRA_OECONF_append_class-native = "
[OE-core][dunfell 3/9] dbus-test: Remove EXTRA_OECONF_X configs
From: Ovidiu Panait X specific configs are already handled through PACKAGECONFIG: PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd x11', d)}" ... PACKAGECONFIG[x11] = "--with-x --enable-x11-autolaunch,--without-x --disable-x11-autolaunch, virtual/libx11 libsm" Remove duplicated EXTRA_OECONF_X args. (From OE-Core rev: 7dc107b05a29f8a3e8903d73f84ef8069f68af6f) Signed-off-by: Ovidiu Panait Signed-off-by: Richard Purdie (cherry picked from commit 036e3436e51a44de3fc9b4b8e5b1ff149e3aaa9d) Signed-off-by: Armin Kuster Signed-off-by: Steve Sakoman --- meta/recipes-core/dbus/dbus-test_1.12.18.bb | 4 1 file changed, 4 deletions(-) diff --git a/meta/recipes-core/dbus/dbus-test_1.12.18.bb b/meta/recipes-core/dbus/dbus-test_1.12.18.bb index 0063dcce67..68fcdc847f 100644 --- a/meta/recipes-core/dbus/dbus-test_1.12.18.bb +++ b/meta/recipes-core/dbus/dbus-test_1.12.18.bb @@ -24,9 +24,6 @@ FILESEXTRAPATHS =. "${FILE_DIRNAME}/dbus:" inherit autotools pkgconfig gettext ptest upstream-version-is-even -EXTRA_OECONF_X = "${@bb.utils.contains('DISTRO_FEATURES', 'x11', '--with-x', '--without-x', d)}" -EXTRA_OECONF_X_class-native = "--without-x" - EXTRA_OECONF = "--enable-tests \ --enable-modular-tests \ --enable-installed-tests \ @@ -37,7 +34,6 @@ EXTRA_OECONF = "--enable-tests \ --disable-doxygen-docs \ --disable-libaudit \ --with-dbus-test-dir=${PTEST_PATH} \ -${EXTRA_OECONF_X} \ --enable-embedded-tests \ " -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#155917): https://lists.openembedded.org/g/openembedded-core/message/155917 Mute This Topic: https://lists.openembedded.org/mt/85510104/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 4/4] linux-yocto/5.10: update to v5.10.63
From: Bruce Ashfield Updating linux-yocto/5.10 to the latest korg -stable release that comprises the following commits: e07f317d5a28 Linux 5.10.63 4405ea221dea media: stkwebcam: fix memory leak in stk_camera_probe ad5e13f15db7 fuse: fix illegal access to inode with reused nodeid 40ba433a85db new helper: inode_wrong_type() ded9137fcf0d spi: Switch to signed types for *_native_cs SPI controller fields 55bb5193cec5 serial: 8250: 8250_omap: Fix possible array out of bounds access 8e41134a92a5 ALSA: pcm: fix divide error in snd_pcm_lib_ioctl 4ffde17862b0 ALSA: hda/realtek: Workaround for conflicting SSID on ASUS ROG Strix G17 4ee2686b3745 ALSA: hda/realtek: Quirk for HP Spectre x360 14 amp setup 2808d59fb29b cryptoloop: add a deprecation warning 61a038f80c80 perf/x86/amd/power: Assign pmu.module ec9a82e034f6 perf/x86/amd/ibs: Work around erratum #1197 23c29490b84d ceph: fix possible null-pointer dereference in ceph_mdsmap_decode() d2064a1444d6 perf/x86/intel/pt: Fix mask of num_address_ranges 0e74bba60452 qede: Fix memset corruption 35f223cb21b1 net: macb: Add a NULL check on desc_ptp cf50d02e474b qed: Fix the VF msix vectors flow 2177c4943e40 reset: reset-zynqmp: Fixed the argument data type 9872349b088d gpu: ipu-v3: Fix i.MX IPU-v3 offset calculations for (semi)planar U/V formats b983d60292a6 ARM: OMAP1: ams-delta: remove unused function ams_delta_camera_power bc860c3f0945 xtensa: fix kconfig unmet dependency warning for HAVE_FUTEX_CMPXCHG b1075d2a7052 static_call: Fix unused variable warn w/o MODULE ae16b7c66837 Revert "Add a reference to ucounts for each cred" 1aa3f27e592d Revert "cred: add missing return error code when set_cred_ucounts() failed" 0c1443874e1c Revert "ucounts: Increase ucounts reference counter before the security hook" 0479b2bd2959 ubifs: report correct st_size for encrypted symlinks 3ac01789f6d9 f2fs: report correct st_size for encrypted symlinks 894a02236d0d ext4: report correct st_size for encrypted symlinks b8c298cf57dc fscrypt: add fscrypt_symlink_getattr() for computing st_size 09a379549620 ext4: fix race writing to an inline_data file while its xattrs are changing f6dd002450bf Linux 5.10.62 0c9a876f2897 bpf: Fix potentially incorrect results with bpf_get_local_storage() 38c1915d3e9f audit: move put_tree() to avoid trim_trees refcount underflow and UAF 1890ee7ff87f net: don't unconditionally copy_from_user a struct ifreq for socket ioctls 0085646e02b2 Revert "parisc: Add assembly implementations for memset, strlen, strcpy, strncpy and strcat" 17982c664f8b Revert "floppy: reintroduce O_NDELAY fix" 709c162ddc83 kthread: Fix PF_KTHREAD vs to_kthread() race c43add24dffd btrfs: fix NULL pointer dereference when deleting device by invalid id 1604c42a1ca9 arm64: dts: qcom: msm8994-angler: Fix gpio-reserved-ranges 85-88 f760c1101f52 lkdtm: Enable DOUBLE_FAULT on all architectures b6c657abb893 net: dsa: mt7530: fix VLAN traffic leaks again f8242f554c82 usb: typec: ucsi: Clear pending after acking connector change e15e32d519fa usb: typec: ucsi: Work around PPM losing change information 08953884aad4 usb: typec: ucsi: acpi: Always decode connector change information 9a4f1dc8a17c tracepoint: Use rcu get state and cond sync for static call updates b6ae3854075e srcu: Provide polling interfaces for Tiny SRCU grace periods 450948b06ce8 srcu: Make Tiny SRCU use multi-bit grace-period counter 641e1d88404a srcu: Provide internal interface to start a Tiny SRCU grace period f789de3be808 srcu: Provide polling interfaces for Tree SRCU grace periods fdf66e5a7fc8 srcu: Provide internal interface to start a Tree SRCU grace period d3c38d8549c0 powerpc/perf: Invoke per-CPU variable access with disabled interrupts 77b77d45a4b1 perf annotate: Fix jump parsing for C++ code. 9f9e40ddfca3 perf tools: Fix arm64 build error with gcc-11 94687c49b65b perf record: Fix memory leak in vDSO found using ASAN e0ca67030fda perf symbol-elf: Fix memory leak by freeing sdt_note.args 0d8e39bb9416 perf env: Fix memory leak of bpf_prog_info_linear member 133d7f93eecd riscv: Fixup patch_text panic in ftrace 7e2087249e87 riscv: Fixup wrong ftrace remove cflag b42fde92cdde Bluetooth: btusb: check conditions before enabling USB ALT 3 for WBS 60d69cb4e60d vt_kdsetmode: extend console locking 0a178a015161 tipc: call tipc_wait_for_connect only when dlen is not 0 ded6da217ced mtd: spinand: Fix incorrect parameters for on-die ECC 3b2018f9c9c0 pipe: do FASYNC notifications for every pipe IO, not just state changes e91da23c1be1 pipe: avoid unnecessary EPOLLET wakeups under normal loads d845f89d59fc btrfs: fix race between marking inode needs to be logged and log syncing 6f38d95f33be net/rds: dma_map_sg is entitled to merge entries b882dda2bf7a
[OE-core] [PATCH 3/4] linux-yocto/5.10: update to v5.10.61
From: Bruce Ashfield Updating linux-yocto/5.10 to the latest korg -stable release that comprises the following commits: 452ea6a15ed2 Linux 5.10.61 f15e64267393 io_uring: only assign io_uring_enter() SQPOLL error in actual error case 695ab28a7fa1 io_uring: fix xa_alloc_cycle() error return value check 0d5fcfc6406e fs: warn about impending deprecation of mandatory locks 8132fc2bf4b7 mm: memcontrol: fix occasional OOMs due to proportional memory.low reclaim 53e81668e119 ASoC: intel: atom: Fix breakage for PCM buffer address setup 88f65f57a0b9 ALSA: hda/realtek: Limit mic boost on HP ProBook 445 G8 b6672f67ec28 PCI: Increase D3 delay for AMD Renoir/Cezanne XHCI a69326e134d4 s390/pci: fix use after free of zpci_dev 05b56e05543c ALSA: hda/via: Apply runtime PM workaround for ASUS B23E 67fece6289a9 btrfs: prevent rename2 from exchanging a subvol with a directory from different parents 16cfa72766b5 mmc: sdhci-iproc: Set SDHCI_QUIRK_CAP_CLOCK_BASE_BROKEN on BCM2711 2566c1d8239d mmc: sdhci-iproc: Cap min clock frequency on BCM2711 110b7f72f6d0 ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9510 laptop 258782b93701 ipack: tpci200: fix memory leak in the tpci200_register 3ee1b08097c1 ipack: tpci200: fix many double free issues in tpci200_pci_probe 0775bc462ae7 slimbus: ngd: reset dma setup during runtime pm 45d6fc21cd4d slimbus: messaging: check for valid transaction id b700b523ddaf slimbus: messaging: start transaction ids from 1 instead of zero bd0c2f83d072 tracing / histogram: Fix NULL pointer dereference on strcmp() on NULL event name f7c125493c78 ALSA: hda - fix the 'Capture Switch' value change notifications 7451c309c7a3 clk: qcom: gdsc: Ensure regulator init state matches GDSC state 7203b4986d9a clk: imx6q: fix uart earlycon unwork 3f8920c5706e mmc: sdhci-msm: Update the software timeout value for sdhc 8f499a90e7ee mmc: mmci: stm32: Check when the voltage switch procedure should be done f8dac276a9b4 mmc: dw_mmc: Fix hang on data CRC error 645fd92c3ed4 Revert "flow_offload: action should not be NULL when it is referenced" 2f6c42806e10 iavf: Fix ping is lost after untrusted VF had tried to change MAC 7873c29832a3 i40e: Fix ATR queue selection e003a8921949 r8152: fix writing USB_BP2_EN 21ca0b18ad64 iommu/vt-d: Fix incomplete cache flush in intel_pasid_tear_down_entry() 81578e587c08 iommu/vt-d: Consolidate duplicate cache invaliation code eee84eafc3bb ovs: clear skb->tstamp in forwarding path 47a1161dacb1 net: mdio-mux: Handle -EPROBE_DEFER correctly 13af9c81e62f net: mdio-mux: Don't ignore memory allocation errors df61235881c8 sch_cake: fix srchost/dsthost hashing mode e1ec5858bae1 ixgbe, xsk: clean up the resources in ixgbe_xsk_pool_enable error path 3b7397b203cc net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32 9bc2d1a5a890 virtio-net: use NETIF_F_GRO_HW instead of NETIF_F_LRO b7adfde94930 virtio-net: support XDP when not more queues 1ce62fe6e4cb vrf: Reset skb conntrack connection on VRF rcv 8ae539a36194 bnxt_en: Add missing DMA memory barriers 9751aa443695 bnxt_en: Disable aRFS if running on 212 firmware efd9b79b92a3 ptp_pch: Restore dependency on PCI 85e0518f181a net: 6pack: fix slab-out-of-bounds in decode_data e0ae16836027 bnxt: count Tx drops 296fe765dd02 bnxt: make sure xmit_more + errors does not miss doorbells d913d5cc3ba5 bnxt: disable napi before canceling DIM 5b24ae8f05ca bnxt: don't lock the tx queue from napi poll 585ff7344ec1 bpf: Clear zext_dst of dead insns 8dfdeeb1e98e drm/mediatek: Add AAL output size configuration a8b8d61babb4 drm/mediatek: Fix aal size config 6715cefa72f6 soc / drm: mediatek: Move DDP component defines into mtk-mmsys.h 1b6fc6f739d4 vdpa/mlx5: Avoid destroying MR on empty iotlb ecdd7c488062 vhost: Fix the calculation in vhost_overflow() e0b603c89a93 bus: ti-sysc: Fix error handling for sysc_check_active_timer() 1af7ccbd920a vhost-vdpa: Fix integer overflow in vhost_vdpa_process_iotlb_update() 293180f59342 virtio: Protect vqs list access 9108120fbe31 dccp: add do-while-0 stubs for dccp_pr_debug macros e352531ed020 cpufreq: armada-37xx: forbid cpufreq for 1.2 GHz variant d2ab5491de91 iommu: Check if group is NULL before remove device 44f454a146c0 arm64: dts: qcom: msm8992-bullhead: Remove PSCI 95ed753d91bf arm64: dts: qcom: c630: fix correct powerdown pin for WSA881x d7d04c67492e Bluetooth: hidp: use correct wait queue when removing ctrl_wait 2e6cc93e1b8c drm/amd/display: workaround for hard hang on HPD on native DP dcc8c5fb8d85 drm/amd/display: Fix Dynamic bpp issue with 8K30 with Navi 1X 8849a8c7058e net: usb: lan78xx: don't modify phy_device state concurrently 735e613fa587 net: usb: pegasus: Check the return value of get_geristers() and friends; 6b368411bc0f ARM:
[OE-core] [PATCH 2/4] linux-yocto/5.13: update to v5.13.15
From: Bruce Ashfield Updating linux-yocto/5.13 to the latest korg -stable release that comprises the following commits: b8c3cc76091b Linux 5.13.15 2f939f346edb media: stkwebcam: fix memory leak in stk_camera_probe 26874d67198b ALSA: pcm: fix divide error in snd_pcm_lib_ioctl 0c9cca4cbd05 ALSA: hda/realtek: Workaround for conflicting SSID on ASUS ROG Strix G17 a0bdfbbb6d79 ALSA: usb-audio: Fix regression on Sony WALKMAN NW-A45 DAC 237d4c2abcf8 ALSA: hda/realtek: Quirk for HP Spectre x360 14 amp setup deb48f56a556 USB: serial: cp210x: fix flow-control error handling 4df3f36f3e43 USB: serial: cp210x: fix control-characters error handling 7dac6a6ae0ec USB: serial: pl2303: fix GL type detection af64ddb6600f xtensa: fix kconfig unmet dependency warning for HAVE_FUTEX_CMPXCHG 391cfacf8c81 cryptoloop: add a deprecation warning 39c6cf24c4ff perf/x86/amd/power: Assign pmu.module 3e3bb99d69a3 perf/x86/amd/ibs: Work around erratum #1197 c7858c55cb5d ceph: fix possible null-pointer dereference in ceph_mdsmap_decode() 1ab026cbc7c4 perf/x86/intel/pt: Fix mask of num_address_ranges 610832256fd2 qede: Fix memset corruption 8475b024be01 net: macb: Add a NULL check on desc_ptp 9809b708655a riscv: dts: microchip: Add ethernet0 to the aliases node b13e2bf00cc2 riscv: dts: microchip: Use 'local-mac-address' for emac1 2aad925a0c8e net: dsa: mv88e6xxx: Update mv88e6393x serdes errata 9bf0c451fc85 qed: Fix the VF msix vectors flow eb5392205208 reset: reset-zynqmp: Fixed the argument data type 241581af858b gpu: ipu-v3: Fix i.MX IPU-v3 offset calculations for (semi)planar U/V formats b6de6ec37320 ext4: fix e2fsprogs checksum failure for mounted filesystem c764e8fa4491 ext4: fix race writing to an inline_data file while its xattrs are changing a603798fb168 Linux 5.13.14 49da19a85383 platform/x86: Make dual_accel_detect() KIOX010A + KIOX020A detect more robust 4e25ac3793f7 audit: move put_tree() to avoid trim_trees refcount underflow and UAF f8132a4726df net: don't unconditionally copy_from_user a struct ifreq for socket ioctls 6b58e692a685 Revert "parisc: Add assembly implementations for memset, strlen, strcpy, strncpy and strcat" 9caa2e5a818d ubifs: report correct st_size for encrypted symlinks 7532df5ee085 f2fs: report correct st_size for encrypted symlinks f04584399d1c ext4: report correct st_size for encrypted symlinks 2bc40caa8099 fscrypt: add fscrypt_symlink_getattr() for computing st_size ba17363729d2 Revert "floppy: reintroduce O_NDELAY fix" 301aabe0239f btrfs: fix NULL pointer dereference when deleting device by invalid id 8e2112d600b2 arm64: dts: qcom: msm8994-angler: Fix gpio-reserved-ranges 85-88 98d1fcc6c937 net: dsa: mt7530: fix VLAN traffic leaks again 339e8ba1a3d0 Bluetooth: btusb: check conditions before enabling USB ALT 3 for WBS a5dfcf3d8ecc vt_kdsetmode: extend console locking 65f5602cd767 tipc: call tipc_wait_for_connect only when dlen is not 0 6b7533e796aa pipe: do FASYNC notifications for every pipe IO, not just state changes 4abb1d77321a pipe: avoid unnecessary EPOLLET wakeups under normal loads eec6f991bf28 arm64: initialize all of CNTHCTL_EL2 c9ecaffe65cb net/rds: dma_map_sg is entitled to merge entries 66d8d0677e4d platform/x86: gigabyte-wmi: add support for B450M S2H V2 b484bcabe66b drm/nouveau/kms/nv50: workaround EFI GOP window channel format differences 045f785ad859 drm/nouveau/disp: power down unused DP links during init 4dc8c06fd51e drm/nouveau: recognise GA107 2a0e1f9a62e5 platform/x86: gigabyte-wmi: add support for X570 GAMING X 7e6c3b5c9864 drm: Copy drm_wait_vblank to user before returning 65bafad4556d blk-mq: don't grab rq's refcount in blk_mq_check_expired() 1ae8c1e2dbd7 drm/amd/pm: change the workload type for some cards 19be3ad020b1 Revert "drm/amd/pm: fix workload mismatch on vega10" e5baac733182 qed: Fix null-pointer dereference in qed_rdma_create_qp() b6d485eb00e1 qed: qed ll2 race condition fixes e415d2209567 platform/x86: asus-nb-wmi: Add tablet_mode_sw=lid-flip quirk for the TP200s aa4ad193d83b platform/x86: asus-nb-wmi: Allow configuring SW_TABLET_MODE method with a module option 05f085e6 tools/virtio: fix build 2aef43ab6de1 vringh: Use wiov->used to check for read/write desc order 839815ea5f1d virtio_vdpa: reject invalid vq indices 2f18a3c91fde virtio_pci: Support surprise removal of virtio pci device 6c4072f94fab virtio: Improve vq->broken access to avoid any compiler optimization 25d4ff7e59aa cpufreq: blocklist Qualcomm sm8150 in cpufreq-dt-platdev ef3738a60d18 opp: remove WARN when no valid OPPs remain 184caa4f8b83 iwlwifi: add new so-jf devices eed3c6bb51fe iwlwifi: add new SoF with JF devices 0dabf99c08de iwlwifi: pnvm: accept multiple HW-type TLVs 2fcb7f101fa2 clk: renesas:
[OE-core] [PATCH 1/4] linux-yocto/5.13: update to v5.13.13
From: Bruce Ashfield Updating linux-yocto/5.13 to the latest korg -stable release that comprises the following commits: 7aeadb5bb82a Linux 5.13.13 2ff626b14003 fs: warn about impending deprecation of mandatory locks a57b2a703e44 io_uring: fix xa_alloc_cycle() error return value check 515b6124df6a hugetlb: don't pass page cache pages to restore_reserve_on_error 371fb63d0926 kfence: fix is_kfence_address() for addresses below KFENCE_POOL_SIZE 9690e6ffac0b mm/hwpoison: retry with shake_page() for unhandlable pages 59e5c9ecdeb0 mm,hwpoison: make get_hwpoison_page() call get_any_page() e4e8c58cc78e mm: memcontrol: fix occasional OOMs due to proportional memory.low reclaim 2d1704c3fe30 riscv: Fix a number of free'd resources in init_resources() 8c5beac92d0e ASoC: intel: atom: Fix breakage for PCM buffer address setup 8f4eb032a019 ALSA: hda/realtek: Limit mic boost on HP ProBook 445 G8 59734f7eaaa4 PCI: Increase D3 delay for AMD Renoir/Cezanne XHCI 00609919ec4d powerpc/32s: Fix random crashes by adding isync() after locking/unlocking KUEP 33bd5804ac66 powerpc/32s: Refactor update of user segment registers efe40fdb6d30 powerpc/32s: Move setup_{kuep/kuap}() into {kuep/kuap}.c 534a0bc7c87a usb: typec: tcpm: Fix VDMs sometimes not being forwarded to alt-mode drivers 21d6e237bcc2 s390/pci: fix use after free of zpci_dev fe2edb82e5be ALSA: hda/via: Apply runtime PM workaround for ASUS B23E 41f0262ffb44 tracing: Apply trace filters on all output channels f7c707f8ec18 btrfs: prevent rename2 from exchanging a subvol with a directory from different parents ddd7fff18986 mmc: sdhci-iproc: Set SDHCI_QUIRK_CAP_CLOCK_BASE_BROKEN on BCM2711 f41b4c30fb73 mmc: sdhci-iproc: Cap min clock frequency on BCM2711 70063522ee90 opp: Drop empty-table checks from _put functions 30392f88dace ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9510 laptop da8495661fe9 io_uring: only assign io_uring_enter() SQPOLL error in actual error case 501449420a42 io_uring: fix code style problems 606f36948a9a ipack: tpci200: fix memory leak in the tpci200_register d09bfebbdf22 ipack: tpci200: fix many double free issues in tpci200_pci_probe c1001de019ef slimbus: ngd: reset dma setup during runtime pm c8f6e68a95c2 slimbus: ngd: set correct device for pm 28b55e58b864 slimbus: messaging: check for valid transaction id e0e46e209e9d slimbus: messaging: start transaction ids from 1 instead of zero 65a4722bb931 tracing / histogram: Fix NULL pointer dereference on strcmp() on NULL event name 0ce48083d843 tracing: define needed config DYNAMIC_FTRACE_WITH_ARGS 2152ee71c164 ALSA: hda - fix the 'Capture Switch' value change notifications 8681e95da50b cfi: Use rcu_read_{un}lock_sched_notrace 82d1ea87b9d5 arm64: clean vdso & vdso32 files 03c33905ee88 clk: qcom: gdsc: Ensure regulator init state matches GDSC state 95e5238a2fba clk: imx6q: fix uart earlycon unwork 2fcb62673120 mmc: sdhci-msm: Update the software timeout value for sdhc 87762c77c39f mmc: mmci: stm32: Check when the voltage switch procedure should be done fffcf7fc898a mmc: dw_mmc: Fix hang on data CRC error 7179eac5556e iommu/dma: Fix leak in non-contiguous API b89542f4a60b net: dpaa2-switch: disable the control interface on error path 5d547d83abb2 Revert "flow_offload: action should not be NULL when it is referenced" 260b1eb312a0 iavf: Fix ping is lost after untrusted VF had tried to change MAC ea1cf8a6d966 i40e: Fix ATR queue selection 1d9d64cad2fe PCI/sysfs: Use correct variable for the legacy_mem sysfs object f21adfddafdf r8152: fix the maximum number of PLA bp for RTL8153C 5809f8d9b7c0 r8152: fix writing USB_BP2_EN dedbf29c6b36 mptcp: full fully established support after ADD_ADDR 828c3a32238c mptcp: fix memory leak on address flush 11c79e1615a4 net: mscc: ocelot: allow forwarding from bridge ports to the tag_8021q CPU port 751f4b539afb drm/amd/display: Use DCN30 watermark calc for DCN301 e0f2d91e0869 drm/i915: Tweaked Wa_14010685332 for all PCHs 678b67771cef drm/i915: Skip display interruption setup when display is not available 936eca018fee iommu/vt-d: Fix incomplete cache flush in intel_pasid_tear_down_entry() 4e4f3cb41d68 net: usb: asix: refactor asix_read_phy_addr() and handle errors on return cf4c1661c40e ovs: clear skb->tstamp in forwarding path 9581895b37fe net: mdio-mux: Handle -EPROBE_DEFER correctly b2973b87ba11 net: mdio-mux: Don't ignore memory allocation errors 0e805b74cd13 sch_cake: fix srchost/dsthost hashing mode ac161cf77818 ixgbe, xsk: clean up the resources in ixgbe_xsk_pool_enable error path 7af09aeddbae net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32 39af3583c8fb mac80211: fix locking in ieee80211_restart_work() 0de9c4de5ca1 virtio-net: use NETIF_F_GRO_HW instead of NETIF_F_LRO
[OE-core] [PATCH 0/4] kernel-yocto: -stable updates
From: Bruce Ashfield Richard, Here are the latest -stable updates for the active kernels. Nothing jumped out as particularly risky. I've kept the updates separeate on purpose, since they represent a test point and a known good state. Which will come in handy if something does pop up during integration runs. I'll follow up with bumps to the h/w reference BSPs shortly. Bruce The following changes since commit fd9c3a5a14fb54268707f6ece6a5fa11e4378200: bitbake: runqueue: Fix issues with multiconfig deferred task deadlock messages (2021-09-08 15:33:14 +0100) are available in the Git repository at: git://git.yoctoproject.org/poky-contrib zedd/kernel http://git.yoctoproject.org/cgit.cgi/poky-contrib/log/?h=zedd/kernel Bruce Ashfield (4): linux-yocto/5.13: update to v5.13.13 linux-yocto/5.13: update to v5.13.15 linux-yocto/5.10: update to v5.10.61 linux-yocto/5.10: update to v5.10.63 .../linux/linux-yocto-rt_5.10.bb | 4 ++-- .../linux/linux-yocto-rt_5.13.bb | 4 ++-- .../linux/linux-yocto-tiny_5.10.bb| 6 ++--- .../linux/linux-yocto-tiny_5.13.bb| 6 ++--- meta/recipes-kernel/linux/linux-yocto_5.10.bb | 22 - meta/recipes-kernel/linux/linux-yocto_5.13.bb | 24 +-- 6 files changed, 33 insertions(+), 33 deletions(-) -- 2.19.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#155918): https://lists.openembedded.org/g/openembedded-core/message/155918 Mute This Topic: https://lists.openembedded.org/mt/85510105/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 2/9] dbus-test: upgrade 1.12.16 -> 1.12.18
From: Wang Mingyu (From OE-Core rev: 839695e0c1b0c0fcfbb924c2b174c4a638067a32) Signed-off-by: Wang Mingyu Signed-off-by: Richard Purdie (cherry picked from commit 5cbf053481642a820b9f4c6bed9ac79246719087) Signed-off-by: Armin Kuster Signed-off-by: Steve Sakoman --- .../dbus/{dbus-test_1.12.16.bb => dbus-test_1.12.18.bb} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename meta/recipes-core/dbus/{dbus-test_1.12.16.bb => dbus-test_1.12.18.bb} (95%) diff --git a/meta/recipes-core/dbus/dbus-test_1.12.16.bb b/meta/recipes-core/dbus/dbus-test_1.12.18.bb similarity index 95% rename from meta/recipes-core/dbus/dbus-test_1.12.16.bb rename to meta/recipes-core/dbus/dbus-test_1.12.18.bb index bea0e74ed0..0063dcce67 100644 --- a/meta/recipes-core/dbus/dbus-test_1.12.16.bb +++ b/meta/recipes-core/dbus/dbus-test_1.12.18.bb @@ -16,8 +16,8 @@ SRC_URI = "http://dbus.freedesktop.org/releases/dbus/dbus-${PV}.tar.gz \ file://clear-guid_from_server-if-send_negotiate_unix_f.patch \ " -SRC_URI[md5sum] = "2dbeae80dfc9e3632320c6a53d5e8890" -SRC_URI[sha256sum] = "54a22d2fa42f2eb2a871f32811c6005b531b9613b1b93a0d269b05e7549fec80" +SRC_URI[md5sum] = "4ca570c281be35d0b30ab83436712242" +SRC_URI[sha256sum] = "64cf4d70840230e5e9bc784d153880775ab3db19d656ead8a0cb9c0ab5a95306" S="${WORKDIR}/dbus-${PV}" FILESEXTRAPATHS =. "${FILE_DIRNAME}/dbus:" -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#155916): https://lists.openembedded.org/g/openembedded-core/message/155916 Mute This Topic: https://lists.openembedded.org/mt/85510103/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 1/9] dbus: upgrade 1.12.16 -> 1.12.18
From: Wang Mingyu (From OE-Core rev: 8d33a2a4e4b6ff8f831523e5b1b16ead6b29cc79) Signed-off-by: Wang Mingyu Signed-off-by: Richard Purdie (cherry picked from commit a62471f0641551717a260c67690d3a7d280ac028) [Bug fix only update, drop cve patch now included a0926ef86f (tag: dbus-1.12.18) Prepare 1.12.18 8bc1381819 fdpass test: Assert that we don't leak file descriptors 272d484283 sysdeps-unix: On MSG_CTRUNC, close the fds we did receive <- cve fix 31297172f1 Update NEWS 041d579139 dbus-daemon test: Don't test fd limits if in an unprivileged container 55b3f71376 Update NEWS ced04aabc7 doxygen: fix example for dbus_message_append_args 3e40637b10 Update NEWS 3e0ea34966 cmake: Add X11 include path for tools d0992805d7 doc: replace dbus-send's --address with --peer and --bus dd32f6b617 Update NEWS d251fe7850 Merge branch 'cherry-pick-b034b83b' into 'dbus-1.12' 2c6b0ad7f6 bus: Don't explicitly clear BusConnections.monitors df0c675b93 Merge branch 'cherry-pick-bf71a58e' into 'dbus-1.12' beb79b94fb doc: Fix environment variable name in dbus-daemon(1) eab5d4a420 Start 1.12.18 development] Signed-off-by: Armin Kuster Signed-off-by: Steve Sakoman --- .../dbus/dbus/CVE-2020-12049.patch| 78 --- .../dbus/{dbus_1.12.16.bb => dbus_1.12.18.bb} | 5 +- 2 files changed, 2 insertions(+), 81 deletions(-) delete mode 100644 meta/recipes-core/dbus/dbus/CVE-2020-12049.patch rename meta/recipes-core/dbus/{dbus_1.12.16.bb => dbus_1.12.18.bb} (97%) diff --git a/meta/recipes-core/dbus/dbus/CVE-2020-12049.patch b/meta/recipes-core/dbus/dbus/CVE-2020-12049.patch deleted file mode 100644 index ac7a4b7a71..00 --- a/meta/recipes-core/dbus/dbus/CVE-2020-12049.patch +++ /dev/null @@ -1,78 +0,0 @@ -From 872b085f12f56da25a2dbd9bd0b2dff31d5aea63 Mon Sep 17 00:00:00 2001 -From: Simon McVittie -Date: Thu, 16 Apr 2020 14:45:11 +0100 -Subject: [PATCH] sysdeps-unix: On MSG_CTRUNC, close the fds we did receive - -MSG_CTRUNC indicates that we have received fewer fds that we should -have done because the buffer was too small, but we were treating it -as though it indicated that we received *no* fds. If we received any, -we still have to make sure we close them, otherwise they will be leaked. - -On the system bus, if an attacker can induce us to leak fds in this -way, that's a local denial of service via resource exhaustion. - -Reported-by: Kevin Backhouse, GitHub Security Lab -Fixes: dbus#294 -Fixes: CVE-2020-12049 -Fixes: GHSL-2020-057 - -Upstream-Status: Backport [https://gitlab.freedesktop.org/dbus/dbus/-/commit/872b085f12f56da25a2dbd9bd0b2dff31d5aea63] -CVE: CVE-2020-12049 -Signed-off-by: Lee Chee Yang - dbus/dbus-sysdeps-unix.c | 32 - 1 file changed, 20 insertions(+), 12 deletions(-) - -diff --git a/dbus/dbus-sysdeps-unix.c b/dbus/dbus-sysdeps-unix.c -index b5fc2466..b176dae1 100644 a/dbus/dbus-sysdeps-unix.c -+++ b/dbus/dbus-sysdeps-unix.c -@@ -435,18 +435,6 @@ _dbus_read_socket_with_unix_fds (DBusSocketfd, - struct cmsghdr *cm; - dbus_bool_t found = FALSE; - -- if (m.msg_flags & MSG_CTRUNC) --{ -- /* Hmm, apparently the control data was truncated. The bad -- thing is that we might have completely lost a couple of fds -- without chance to recover them. Hence let's treat this as a -- serious error. */ -- -- errno = ENOSPC; -- _dbus_string_set_length (buffer, start); -- return -1; --} -- - for (cm = CMSG_FIRSTHDR(); cm; cm = CMSG_NXTHDR(, cm)) - if (cm->cmsg_level == SOL_SOCKET && cm->cmsg_type == SCM_RIGHTS) - { -@@ -501,6 +489,26 @@ _dbus_read_socket_with_unix_fds (DBusSocketfd, - if (!found) - *n_fds = 0; - -+ if (m.msg_flags & MSG_CTRUNC) -+{ -+ unsigned int i; -+ -+ /* Hmm, apparently the control data was truncated. The bad -+ thing is that we might have completely lost a couple of fds -+ without chance to recover them. Hence let's treat this as a -+ serious error. */ -+ -+ /* We still need to close whatever fds we *did* receive, -+ * otherwise they'll never get closed. (CVE-2020-12049) */ -+ for (i = 0; i < *n_fds; i++) -+close (fds[i]); -+ -+ *n_fds = 0; -+ errno = ENOSPC; -+ _dbus_string_set_length (buffer, start); -+ return -1; -+} -+ - /* put length back (doesn't actually realloc) */ - _dbus_string_set_length (buffer, start + bytes_read); - --- -2.25.1 - diff --git a/meta/recipes-core/dbus/dbus_1.12.16.bb b/meta/recipes-core/dbus/dbus_1.12.18.bb similarity index 97% rename from meta/recipes-core/dbus/dbus_1.12.16.bb rename to meta/recipes-core/dbus/dbus_1.12.18.bb index 10d1b34448..2fcb3079ad 100644 --- a/meta/recipes-core/dbus/dbus_1.12.16.bb +++ b/meta/recipes-core/dbus/dbus_1.12.18.bb @@ -16,11 +16,10 @@ SRC_URI =
[OE-core][dunfell 0/9] Patch review
Please review this next set of patches for dunfell and have comments back by end of day Monday. Passed a-full on autobuilder: https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/2570 The following changes since commit fcc609d3bafef2f63039dc54c0fd0eaf062710a1: rt-tests: set branch name in SRC_URI (2021-09-08 04:50:47 -1000) are available in the Git repository at: git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut Armin Kuster (2): xserver-xorg: Security fix for CVE-2020-14360/-25712 go: Several Security fixes Ovidiu Panait (2): dbus-test: Remove EXTRA_OECONF_X configs dbus,dbus-test: Move common parts to dbus.inc Richard Purdie (2): flex: Add CVE-2019-6293 to exclusions for checks go: Exclude CVE-2021-29923 from report list Wang Mingyu (3): dbus: upgrade 1.12.16 -> 1.12.18 dbus-test: upgrade 1.12.16 -> 1.12.18 dbus: upgrade 1.12.18 -> 1.12.20 .../distro/include/cve-extra-exclusions.inc | 4 - ...s-test_1.12.16.bb => dbus-test_1.12.20.bb} | 42 + meta/recipes-core/dbus/dbus.inc | 34 .../dbus/dbus/CVE-2020-12049.patch| 78 - .../dbus/{dbus_1.12.16.bb => dbus_1.12.20.bb} | 40 + meta/recipes-devtools/flex/flex_2.6.4.bb | 5 + meta/recipes-devtools/go/go-1.14.inc | 9 ++ .../go/go-1.14/CVE-2021-33196.patch | 124 ++ .../go/go-1.14/CVE-2021-33197.patch | 152 ++ .../go/go-1.14/CVE-2021-34558.patch | 51 ++ .../xserver-xorg/CVE-2020-14360.patch | 132 +++ .../xserver-xorg/CVE-2020-25712.patch | 102 .../xorg-xserver/xserver-xorg_1.20.8.bb | 2 + 13 files changed, 624 insertions(+), 151 deletions(-) rename meta/recipes-core/dbus/{dbus-test_1.12.16.bb => dbus-test_1.12.20.bb} (51%) create mode 100644 meta/recipes-core/dbus/dbus.inc delete mode 100644 meta/recipes-core/dbus/dbus/CVE-2020-12049.patch rename meta/recipes-core/dbus/{dbus_1.12.16.bb => dbus_1.12.20.bb} (75%) create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2021-33196.patch create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2021-33197.patch create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2021-34558.patch create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14360.patch create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-25712.patch -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#155914): https://lists.openembedded.org/g/openembedded-core/message/155914 Mute This Topic: https://lists.openembedded.org/mt/85510098/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] systemd: add packageconfig for wheel-group
If the distro does not include the group 'wheel' systemd will complain when trying to parse ACL rules for tmpfiles.d. systemd-tmpfiles[273]: Failed to parse ACL "d:group:adm:r-x,d:group:wheel:r-x": Invalid argument. Ignoring Systemd has a configuration parameter to avoid using 'wheel' group in the standard config files for tmpfiles. Add this as a PACKAGECONFIG and enable it by default to keep default. Signed-off-by: Peter Bergin --- meta/recipes-core/systemd/systemd_249.3.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta/recipes-core/systemd/systemd_249.3.bb b/meta/recipes-core/systemd/systemd_249.3.bb index c1594d7cc5..c027b88fd6 100644 --- a/meta/recipes-core/systemd/systemd_249.3.bb +++ b/meta/recipes-core/systemd/systemd_249.3.bb @@ -93,6 +93,7 @@ PACKAGECONFIG ??= " \ userdb \ utmp \ vconsole \ +wheel-group \ zstd \ " @@ -196,6 +197,7 @@ PACKAGECONFIG[userdb] = "-Duserdb=true,-Duserdb=false" PACKAGECONFIG[utmp] = "-Dutmp=true,-Dutmp=false" PACKAGECONFIG[valgrind] = "-DVALGRIND=1,,valgrind" PACKAGECONFIG[vconsole] = "-Dvconsole=true,-Dvconsole=false,,${PN}-vconsole-setup" +PACKAGECONFIG[wheel-group] = "-Dwheel-group=true, -Dwheel-group=false" PACKAGECONFIG[xdg-autostart] = "-Dxdg-autostart=true,-Dxdg-autostart=false" # Verify keymaps on locale change PACKAGECONFIG[xkbcommon] = "-Dxkbcommon=true,-Dxkbcommon=false,libxkbcommon" -- 2.30.2 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#155913): https://lists.openembedded.org/g/openembedded-core/message/155913 Mute This Topic: https://lists.openembedded.org/mt/85508061/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH 1/7] testimage: TEST_SERVER_IP isn't mandatory
Hold off on this, it breaks some potential use-cases. Ross On Fri, 10 Sept 2021 at 11:20, Ross Burton via lists.openembedded.org wrote: > > When using the simpleremote test target, TEST_SERVER_IP doesn't have to > be configured as the code will detect the host's IP if it isn't set. > > Signed-off-by: Ross Burton > --- > meta/classes/testimage.bbclass | 7 ++- > 1 file changed, 2 insertions(+), 5 deletions(-) > > diff --git a/meta/classes/testimage.bbclass b/meta/classes/testimage.bbclass > index 3c689aec913..8bf6b17af8a 100644 > --- a/meta/classes/testimage.bbclass > +++ b/meta/classes/testimage.bbclass > @@ -143,11 +143,8 @@ do_testimage[depends] += "${TESTIMAGEDEPENDS}" > do_testimage[lockfiles] += "${TESTIMAGELOCK}" > > def testimage_sanity(d): > -if (d.getVar('TEST_TARGET') == 'simpleremote' > -and (not d.getVar('TEST_TARGET_IP') > - or not d.getVar('TEST_SERVER_IP'))): > -bb.fatal('When TEST_TARGET is set to "simpleremote" ' > - 'TEST_TARGET_IP and TEST_SERVER_IP are needed too.') > +if d.getVar('TEST_TARGET') == 'simpleremote' and not > d.getVar('TEST_TARGET_IP'): > +bb.fatal('When TEST_TARGET is set to "simpleremote" TEST_TARGET_IP > must be set.') > > def get_testimage_configuration(d, test_type, machine): > import platform > -- > 2.25.1 > > > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#155912): https://lists.openembedded.org/g/openembedded-core/message/155912 Mute This Topic: https://lists.openembedded.org/mt/85506110/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] oeqa/selftest: Add tests for bitbake shell/python task output
We've seen issues where shell/python tasks lose their log file entries or output and also where output is duplicated. Add some tests to attempt to spot regressions in this area in future. Signed-off-by: Richard Purdie --- .../recipes-test/logging-test/logging-test.bb | 24 meta/lib/oeqa/selftest/cases/bblogging.py | 104 ++ 2 files changed, 128 insertions(+) create mode 100644 meta-selftest/recipes-test/logging-test/logging-test.bb create mode 100644 meta/lib/oeqa/selftest/cases/bblogging.py diff --git a/meta-selftest/recipes-test/logging-test/logging-test.bb b/meta-selftest/recipes-test/logging-test/logging-test.bb new file mode 100644 index 000..a6100123f9d --- /dev/null +++ b/meta-selftest/recipes-test/logging-test/logging-test.bb @@ -0,0 +1,24 @@ +SUMMARY = "Destined to fail" +LICENSE = "CLOSED" + +deltask do_patch +INHIBIT_DEFAULT_DEPS = "1" + +do_shelltest() { +echo "This is shell stdout" +echo "This is shell stderr" >&2 +exit 1 +} +addtask do_shelltest + +python do_pythontest_exit () { +print("This is python stdout") +sys.exit(1) +} +addtask do_pythontest_exit + +python do_pythontest_fatal () { +print("This is python fatal test stdout") +bb.fatal("This is a fatal error") +} +addtask do_pythontest_fatal diff --git a/meta/lib/oeqa/selftest/cases/bblogging.py b/meta/lib/oeqa/selftest/cases/bblogging.py new file mode 100644 index 000..ea6c3c8c77e --- /dev/null +++ b/meta/lib/oeqa/selftest/cases/bblogging.py @@ -0,0 +1,104 @@ +# +# SPDX-License-Identifier: MIT +# + + +from oeqa.selftest.case import OESelftestTestCase +from oeqa.utils.commands import bitbake + +class BitBakeLogging(OESelftestTestCase): + +def assertCount(self, item, entry, count): +self.assertEqual(item.count(entry), count, msg="Output:\n'''\n%s\n'''\ndoesn't contain %d copies of:\n'''\n%s\n'''\n" % (item, count, entry)) + +def test_shell_logging(self): +# no logs, no verbose +self.write_config('BBINCLUDELOGS = ""') +result = bitbake("logging-test -c shelltest -f", ignore_status = True) +self.assertIn("ERROR: Logfile of failure stored in:", result.output) +self.assertNotIn("This is shell stdout", result.output) +self.assertNotIn("This is shell stderr", result.output) + +# logs, no verbose +self.write_config('BBINCLUDELOGS = "yes"') +result = bitbake("logging-test -c shelltest -f", ignore_status = True) +self.assertIn("ERROR: Logfile of failure stored in:", result.output) +self.assertCount(result.output, "This is shell stdout", 1) +self.assertCount(result.output, "This is shell stderr", 1) + +# no logs, verbose +self.write_config('BBINCLUDELOGS = ""') +result = bitbake("logging-test -c shelltest -f -v", ignore_status = True) +self.assertIn("ERROR: Logfile of failure stored in:", result.output) +# two copies due to set +x +self.assertCount(result.output, "This is shell stdout", 2) +self.assertCount(result.output, "This is shell stderr", 2) + +# logs, verbose +self.write_config('BBINCLUDELOGS = "yes"') +result = bitbake("logging-test -c shelltest -f -v", ignore_status = True) +self.assertIn("ERROR: Logfile of failure stored in:", result.output) +# two copies due to set +x +self.assertCount(result.output, "This is shell stdout", 2) +self.assertCount(result.output, "This is shell stderr", 2) + +def test_python_exit_logging(self): +# no logs, no verbose +self.write_config('BBINCLUDELOGS = ""') +result = bitbake("logging-test -c pythontest_exit -f", ignore_status = True) +self.assertIn("ERROR: Logfile of failure stored in:", result.output) +self.assertNotIn("This is python stdout", result.output) + +# logs, no verbose +self.write_config('BBINCLUDELOGS = "yes"') +result = bitbake("logging-test -c pythontest_exit -f", ignore_status = True) +self.assertIn("ERROR: Logfile of failure stored in:", result.output) +# A sys.exit() should include the output +self.assertCount(result.output, "This is python stdout", 1) + +# no logs, verbose +self.write_config('BBINCLUDELOGS = ""') +result = bitbake("logging-test -c pythontest_exit -f -v", ignore_status = True) +self.assertIn("ERROR: Logfile of failure stored in:", result.output) +# python tasks don't log output with -v currently +#self.assertCount(result.output, "This is python stdout", 1) + +# logs, verbose +self.write_config('BBINCLUDELOGS = "yes"') +result = bitbake("logging-test -c pythontest_exit -f -v", ignore_status = True) +self.assertIn("ERROR: Logfile of failure stored in:", result.output) +# python tasks don't log output with -v currently +#self.assertCount(result.output, "This is python
[OE-core] [PATCH 5/7] oeqa/core/target: remove server port parameter
Specifying a port that the test host can open sockets on isn't that useful as the package management tests will open multiple ports, so the specified port won't be used anyway. The value was never set so used the default of value, which meant the kernel picked the port. Remove the server port parameter entirely, and let the kernel pick a free port. Signed-off-by: Ross Burton --- meta/lib/oeqa/core/target/qemu.py | 1 - meta/lib/oeqa/core/target/ssh.py| 3 +-- meta/lib/oeqa/runtime/cases/apt.py | 4 +--- meta/lib/oeqa/runtime/cases/dnf.py | 3 +-- meta/lib/oeqa/runtime/cases/opkg.py | 4 +--- meta/lib/oeqa/runtime/context.py| 6 -- 6 files changed, 4 insertions(+), 17 deletions(-) diff --git a/meta/lib/oeqa/core/target/qemu.py b/meta/lib/oeqa/core/target/qemu.py index 7c6e353edf2..66551607fb9 100644 --- a/meta/lib/oeqa/core/target/qemu.py +++ b/meta/lib/oeqa/core/target/qemu.py @@ -28,7 +28,6 @@ class OEQemuTarget(OESSHTarget): super().__init__(logger, None, server_ip, timeout, user, port) -self.server_port = 0 self.machine = machine self.rootfs = rootfs self.kernel = kernel diff --git a/meta/lib/oeqa/core/target/ssh.py b/meta/lib/oeqa/core/target/ssh.py index 4da1e4c2b2d..bbf621c8e38 100644 --- a/meta/lib/oeqa/core/target/ssh.py +++ b/meta/lib/oeqa/core/target/ssh.py @@ -15,7 +15,7 @@ from . import OETarget class OESSHTarget(OETarget): def __init__(self, logger, ip, server_ip, timeout=300, user='root', - port=None, server_port=0, **kwargs): + port=None, **kwargs): if not logger: logger = logging.getLogger('target') logger.setLevel(logging.INFO) @@ -29,7 +29,6 @@ class OESSHTarget(OETarget): super().__init__(logger, server_ip) self.ip = ip -self.server_port = server_port self.timeout = timeout self.user = user ssh_options = [ diff --git a/meta/lib/oeqa/runtime/cases/apt.py b/meta/lib/oeqa/runtime/cases/apt.py index 53745df93f9..ed531a619aa 100644 --- a/meta/lib/oeqa/runtime/cases/apt.py +++ b/meta/lib/oeqa/runtime/cases/apt.py @@ -22,9 +22,7 @@ class AptRepoTest(AptTest): @classmethod def setUpClass(cls): service_repo = os.path.join(cls.tc.td['DEPLOY_DIR_DEB'], 'all') -cls.repo_server = HTTPService(service_repo, - '0.0.0.0', port=cls.tc.target.server_port, - logger=cls.tc.logger) +cls.repo_server = HTTPService(service_repo, '0.0.0.0', logger=cls.tc.logger) cls.repo_server.start() @classmethod diff --git a/meta/lib/oeqa/runtime/cases/dnf.py b/meta/lib/oeqa/runtime/cases/dnf.py index f40c63026e5..937acaab597 100644 --- a/meta/lib/oeqa/runtime/cases/dnf.py +++ b/meta/lib/oeqa/runtime/cases/dnf.py @@ -53,8 +53,7 @@ class DnfRepoTest(DnfTest): @classmethod def setUpClass(cls): cls.repo_server = HTTPService(os.path.join(cls.tc.td['WORKDIR'], 'oe-testimage-repo'), - '0.0.0.0', port=cls.tc.target.server_port, - logger=cls.tc.logger) + '0.0.0.0', logger=cls.tc.logger) cls.repo_server.start() @classmethod diff --git a/meta/lib/oeqa/runtime/cases/opkg.py b/meta/lib/oeqa/runtime/cases/opkg.py index 9cfee1cd886..581ddf58749 100644 --- a/meta/lib/oeqa/runtime/cases/opkg.py +++ b/meta/lib/oeqa/runtime/cases/opkg.py @@ -25,9 +25,7 @@ class OpkgRepoTest(OpkgTest): if cls.tc.td["MULTILIB_VARIANTS"]: allarchfeed = cls.tc.td["TUNE_PKGARCH"] service_repo = os.path.join(cls.tc.td['DEPLOY_DIR_IPK'], allarchfeed) -cls.repo_server = HTTPService(service_repo, - '0.0.0.0', port=cls.tc.target.server_port, - logger=cls.tc.logger) +cls.repo_server = HTTPService(service_repo, '0.0.0.0', logger=cls.tc.logger) cls.repo_server.start() @classmethod diff --git a/meta/lib/oeqa/runtime/context.py b/meta/lib/oeqa/runtime/context.py index 3826f276421..8552aa782bc 100644 --- a/meta/lib/oeqa/runtime/context.py +++ b/meta/lib/oeqa/runtime/context.py @@ -99,12 +99,6 @@ class OERuntimeTestContextExecutor(OETestContextExecutor): target_ip = target_ip_port[0] kwargs['port'] = target_ip_port[1] -if server_ip: -server_ip_port = server_ip.split(':') -if len(server_ip_port) == 2: -server_ip = server_ip_port[0] -kwargs['server_port'] = int(server_ip_port[1]) - if target_type == 'simpleremote': target = OESSHTarget(logger, target_ip, server_ip, **kwargs) elif target_type == 'qemu': -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#155908):
[OE-core] [PATCH 2/7] testimage: pass the base image name to the target class
Also pass the the base image name to the target class. This is the full path to the deploy directory and the image name without any extensions, so makes it easier to find ancillary files. Signed-off-by: Ross Burton --- meta/classes/testimage.bbclass | 1 + 1 file changed, 1 insertion(+) diff --git a/meta/classes/testimage.bbclass b/meta/classes/testimage.bbclass index 8bf6b17af8a..d139df9925f 100644 --- a/meta/classes/testimage.bbclass +++ b/meta/classes/testimage.bbclass @@ -309,6 +309,7 @@ def testimage_main(d): 'serial_ports': len(d.getVar("SERIAL_CONSOLES").split()), 'ovmf': ovmf, 'tmpfsdir': d.getVar("RUNQEMU_TMPFS_DIR"), + 'image_name' : image_name } if d.getVar("TESTIMAGE_BOOT_PATTERNS"): -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#155905): https://lists.openembedded.org/g/openembedded-core/message/155905 Mute This Topic: https://lists.openembedded.org/mt/85506109/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 4/7] oeqa/core/target: move server_ip to superclass
Move towards a consistent interface across OETarget subclasses by moving server_ip to the superclass. Signed-off-by: Ross Burton --- meta/lib/oeqa/core/target/__init__.py | 3 ++- meta/lib/oeqa/core/target/qemu.py | 4 +--- meta/lib/oeqa/core/target/ssh.py | 3 +-- 3 files changed, 4 insertions(+), 6 deletions(-) diff --git a/meta/lib/oeqa/core/target/__init__.py b/meta/lib/oeqa/core/target/__init__.py index 3da66038342..aff02ecc439 100644 --- a/meta/lib/oeqa/core/target/__init__.py +++ b/meta/lib/oeqa/core/target/__init__.py @@ -7,7 +7,8 @@ class OETarget: -def __init__(self, logger, *args, **kwargs): +def __init__(self, logger, server_ip): +self.server_ip = server_ip self.logger = logger def start(self): diff --git a/meta/lib/oeqa/core/target/qemu.py b/meta/lib/oeqa/core/target/qemu.py index 79fd724f7d4..7c6e353edf2 100644 --- a/meta/lib/oeqa/core/target/qemu.py +++ b/meta/lib/oeqa/core/target/qemu.py @@ -26,10 +26,8 @@ class OEQemuTarget(OESSHTarget): tmpdir='', dir_image='', boottime=60, serial_ports=2, boot_patterns = defaultdict(str), ovmf=False, tmpfsdir=None, **kwargs): -super(OEQemuTarget, self).__init__(logger, None, server_ip, timeout, -user, port) +super().__init__(logger, None, server_ip, timeout, user, port) -self.server_ip = server_ip self.server_port = 0 self.machine = machine self.rootfs = rootfs diff --git a/meta/lib/oeqa/core/target/ssh.py b/meta/lib/oeqa/core/target/ssh.py index 923a223b25b..4da1e4c2b2d 100644 --- a/meta/lib/oeqa/core/target/ssh.py +++ b/meta/lib/oeqa/core/target/ssh.py @@ -27,9 +27,8 @@ class OESSHTarget(OETarget): fileHandler.setFormatter(formatter) logger.addHandler(fileHandler) -super(OESSHTarget, self).__init__(logger) +super().__init__(logger, server_ip) self.ip = ip -self.server_ip = server_ip self.server_port = server_port self.timeout = timeout self.user = user -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#155907): https://lists.openembedded.org/g/openembedded-core/message/155907 Mute This Topic: https://lists.openembedded.org/mt/85506111/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 7/7] oeqa/target/ssh: don't assume target_dumper is set
The target_dumper property is only set by the QemuTarget subclass, so assign a default value and check it isn't None before calling it. Signed-off-by: Ross Burton --- meta/lib/oeqa/core/target/ssh.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/meta/lib/oeqa/core/target/ssh.py b/meta/lib/oeqa/core/target/ssh.py index b61c7d141d9..8cd2966fa38 100644 --- a/meta/lib/oeqa/core/target/ssh.py +++ b/meta/lib/oeqa/core/target/ssh.py @@ -41,6 +41,7 @@ class OESSHTarget(OETarget): self.ssh = self.ssh + [ '-p', port ] self.scp = self.scp + [ '-P', port ] self._monitor_dumper = None +self.target_dumper = None def start(self, **kwargs): pass @@ -99,7 +100,8 @@ class OESSHTarget(OETarget): if self.monitor_dumper: self.monitor_dumper.dump_monitor() if status == 255: -self.target_dumper.dump_target() +if self.target_dumper: +self.target_dumper.dump_target() if self.monitor_dumper: self.monitor_dumper.dump_monitor() return (status, output) -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#155910): https://lists.openembedded.org/g/openembedded-core/message/155910 Mute This Topic: https://lists.openembedded.org/mt/85506115/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 6/7] oeqa/core/target: add target_ip to superclass
Move towards a consistent interface across OETarget subclasses by moving target_ip to the superclass. QemuTarget automatically determines the target IP on startup, so default that to None. Signed-off-by: Ross Burton --- meta/lib/oeqa/core/target/__init__.py | 3 ++- meta/lib/oeqa/core/target/qemu.py | 4 ++-- meta/lib/oeqa/core/target/ssh.py | 5 ++--- meta/lib/oeqa/runtime/context.py | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/meta/lib/oeqa/core/target/__init__.py b/meta/lib/oeqa/core/target/__init__.py index aff02ecc439..45ed3e54b40 100644 --- a/meta/lib/oeqa/core/target/__init__.py +++ b/meta/lib/oeqa/core/target/__init__.py @@ -7,8 +7,9 @@ class OETarget: -def __init__(self, logger, server_ip): +def __init__(self, logger, server_ip, target_ip): self.server_ip = server_ip +self.ip = target_ip self.logger = logger def start(self): diff --git a/meta/lib/oeqa/core/target/qemu.py b/meta/lib/oeqa/core/target/qemu.py index 66551607fb9..ef567939ad8 100644 --- a/meta/lib/oeqa/core/target/qemu.py +++ b/meta/lib/oeqa/core/target/qemu.py @@ -20,13 +20,13 @@ from oeqa.utils.dump import TargetDumper supported_fstypes = ['ext3', 'ext4', 'cpio.gz', 'wic'] class OEQemuTarget(OESSHTarget): -def __init__(self, logger, server_ip, timeout=300, user='root', +def __init__(self, logger, server_ip, target_ip=None, timeout=300, user='root', port=None, machine='', rootfs='', kernel='', kvm=False, slirp=False, dump_dir='', dump_host_cmds='', display='', bootlog='', tmpdir='', dir_image='', boottime=60, serial_ports=2, boot_patterns = defaultdict(str), ovmf=False, tmpfsdir=None, **kwargs): -super().__init__(logger, None, server_ip, timeout, user, port) +super().__init__(logger, server_ip, target_ip, timeout, user, port) self.machine = machine self.rootfs = rootfs diff --git a/meta/lib/oeqa/core/target/ssh.py b/meta/lib/oeqa/core/target/ssh.py index bbf621c8e38..b61c7d141d9 100644 --- a/meta/lib/oeqa/core/target/ssh.py +++ b/meta/lib/oeqa/core/target/ssh.py @@ -14,7 +14,7 @@ import codecs from . import OETarget class OESSHTarget(OETarget): -def __init__(self, logger, ip, server_ip, timeout=300, user='root', +def __init__(self, logger, server_ip, target_ip, timeout=300, user='root', port=None, **kwargs): if not logger: logger = logging.getLogger('target') @@ -27,8 +27,7 @@ class OESSHTarget(OETarget): fileHandler.setFormatter(formatter) logger.addHandler(fileHandler) -super().__init__(logger, server_ip) -self.ip = ip +super().__init__(logger, server_ip, target_ip) self.timeout = timeout self.user = user ssh_options = [ diff --git a/meta/lib/oeqa/runtime/context.py b/meta/lib/oeqa/runtime/context.py index 8552aa782bc..76cae4ee789 100644 --- a/meta/lib/oeqa/runtime/context.py +++ b/meta/lib/oeqa/runtime/context.py @@ -100,7 +100,7 @@ class OERuntimeTestContextExecutor(OETestContextExecutor): kwargs['port'] = target_ip_port[1] if target_type == 'simpleremote': -target = OESSHTarget(logger, target_ip, server_ip, **kwargs) +target = OESSHTarget(logger, server_ip, target_ip, **kwargs) elif target_type == 'qemu': target = OEQemuTarget(logger, server_ip, **kwargs) else: -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#155909): https://lists.openembedded.org/g/openembedded-core/message/155909 Mute This Topic: https://lists.openembedded.org/mt/85506114/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 3/7] oeqa/core/target: remove abstract decorations
There's no need to inherit from object in Python 3, and marking the methods as abstract is overkill considering the type hierarchy. Signed-off-by: Ross Burton --- meta/lib/oeqa/core/target/__init__.py | 9 + 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/meta/lib/oeqa/core/target/__init__.py b/meta/lib/oeqa/core/target/__init__.py index 1382aa9b523..3da66038342 100644 --- a/meta/lib/oeqa/core/target/__init__.py +++ b/meta/lib/oeqa/core/target/__init__.py @@ -4,33 +4,26 @@ # SPDX-License-Identifier: MIT # -from abc import abstractmethod -class OETarget(object): +class OETarget: def __init__(self, logger, *args, **kwargs): self.logger = logger -@abstractmethod def start(self): pass -@abstractmethod def stop(self): pass -@abstractmethod def run(self, cmd, timeout=None): pass -@abstractmethod def copyTo(self, localSrc, remoteDst): pass -@abstractmethod def copyFrom(self, remoteSrc, localDst): pass -@abstractmethod def copyDirTo(self, localSrc, remoteDst): pass -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#155904): https://lists.openembedded.org/g/openembedded-core/message/155904 Mute This Topic: https://lists.openembedded.org/mt/85506108/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 1/7] testimage: TEST_SERVER_IP isn't mandatory
When using the simpleremote test target, TEST_SERVER_IP doesn't have to be configured as the code will detect the host's IP if it isn't set. Signed-off-by: Ross Burton --- meta/classes/testimage.bbclass | 7 ++- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/meta/classes/testimage.bbclass b/meta/classes/testimage.bbclass index 3c689aec913..8bf6b17af8a 100644 --- a/meta/classes/testimage.bbclass +++ b/meta/classes/testimage.bbclass @@ -143,11 +143,8 @@ do_testimage[depends] += "${TESTIMAGEDEPENDS}" do_testimage[lockfiles] += "${TESTIMAGELOCK}" def testimage_sanity(d): -if (d.getVar('TEST_TARGET') == 'simpleremote' -and (not d.getVar('TEST_TARGET_IP') - or not d.getVar('TEST_SERVER_IP'))): -bb.fatal('When TEST_TARGET is set to "simpleremote" ' - 'TEST_TARGET_IP and TEST_SERVER_IP are needed too.') +if d.getVar('TEST_TARGET') == 'simpleremote' and not d.getVar('TEST_TARGET_IP'): +bb.fatal('When TEST_TARGET is set to "simpleremote" TEST_TARGET_IP must be set.') def get_testimage_configuration(d, test_type, machine): import platform -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#155906): https://lists.openembedded.org/g/openembedded-core/message/155906 Mute This Topic: https://lists.openembedded.org/mt/85506110/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH 1/1] oeqa/sdk: assimp.py -> cmake.py
On Fri, 10 Sept 2021 at 09:08, Robert Yang wrote: > -self._run("cd {build} && cmake -DCMAKE_VERBOSE_MAKEFILE:BOOL=ON > {source}".format(**dirs)) > +self._run("cd {build} && cmake {source}".format(**dirs)) Verbose makefiles were turned on for a reason: when it breaks, we want to see the full log. > self._run("cmake --build {build} -- -j".format(**dirs)) > self._run("cmake --build {build} --target install -- > DESTDIR={install}".format(**dirs)) > -self.check_elf(os.path.join(dirs["install"], "usr", "local", > "lib", "libassimp.so.4.1.0")) > +self.check_elf(os.path.join(dirs["install"], > "usr/local/lib/libexpat.so.1.8.1")) Using join() but passing a hardcoded path string seems suboptimal. Ross -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#155903): https://lists.openembedded.org/g/openembedded-core/message/155903 Mute This Topic: https://lists.openembedded.org/mt/85504678/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH] wic/bootimg-efi: Add Unified Kernel Image option
On Thu, 2021-09-09 at 17:53 +, Kristian Klausen via lists.openembedded.org wrote: > "A unified kernel image is a single EFI PE executable combining an EFI > stub loader, a kernel image, an initramfs image, and the kernel command > line. > > [...] > > Images of this type have the advantage that all metadata and payload > that makes up the boot entry is monopolized in a single PE file that can > be signed cryptographically as one for the purpose of EFI > SecureBoot."[1] > > This commit adds a create-unified-kernel-image=true option to the > bootimg-efi plugin for creating a Unified Kernel Image[1] and installing > it into $BOOT/EFI/Linux/ with a .efi extension per the the Boot Loader > Specification[1][2]. This is useful for implementing Secure Boot. > > systemd-boot is the only mainstream bootloader implementing the > specification, but GRUB should be able to boot the EFI binary, this > commit however doesn't implement the necessary changes to the GRUB > config generation logic to boot the Unified Kernel Image. > > [1] > https://systemd.io/BOOT_LOADER_SPECIFICATION/#type-2-efi-unified-kernel-images > [2] https://systemd.io/BOOT_LOADER_SPECIFICATION/ > > Signed-off-by: Kristian Klausen > --- > > This patch supersedes: > "[RFC][PATCH] kernel: Add Unified Kernel Image image type"[1] > and: > "[PATCH] wic/bootimg-efi: Add option for only installing the bootloader"[2] > > The latter is perhaps still useful, but with this patch it is no longer > needed for using a Unified Kernel Image with systemd-boot. > > [1] https://lists.openembedded.org/g/openembedded-core/message/155801 > [2] https://lists.openembedded.org/g/openembedded-core/message/155789 > > scripts/lib/wic/plugins/source/bootimg-efi.py | 69 --- > 1 file changed, 59 insertions(+), 10 deletions(-) Do we need to add a test for this into meta/lib/oeqa/selftest/cases/wic.py? Cheers, Richard -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#155902): https://lists.openembedded.org/g/openembedded-core/message/155902 Mute This Topic: https://lists.openembedded.org/mt/85490739/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH 3/3] tar: add pkgconfig for selinux
On Wed, 2021-09-08 at 16:05 +0800, Yu, Mingli wrote: > From: Mingli Yu > > Add pkgconfig setting for selinux. > > Signed-off-by: Mingli Yu > --- > meta/recipes-extended/tar/tar_1.34.bb | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/meta/recipes-extended/tar/tar_1.34.bb > b/meta/recipes-extended/tar/tar_1.34.bb > index 98755a11cc..a6a417a1a5 100644 > --- a/meta/recipes-extended/tar/tar_1.34.bb > +++ b/meta/recipes-extended/tar/tar_1.34.bb > @@ -16,6 +16,7 @@ PACKAGECONFIG ??= "" > PACKAGECONFIG:append:class-target = " ${@bb.utils.filter('DISTRO_FEATURES', > 'acl', d)}" > > PACKAGECONFIG[acl] = "--with-posix-acls,--without-posix-acls,acl" > +PACKAGECONFIG[selinux] = "--with-selinux,--without-selinux,libselinux" > > EXTRA_OECONF += "DEFAULT_RMT_DIR=${sbindir}" > This breaks one of the selftests, you could reproduce with oe-selftest -r oescripts.OEListPackageconfigTests.test_packageconfig_flags_default however I've added a patch to fix it. Cheers, Richard -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#155901): https://lists.openembedded.org/g/openembedded-core/message/155901 Mute This Topic: https://lists.openembedded.org/mt/85454436/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] oeqa/oescripts: Fix after tar recipe changes
Signed-off-by: Richard Purdie --- meta/lib/oeqa/selftest/cases/oescripts.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/lib/oeqa/selftest/cases/oescripts.py b/meta/lib/oeqa/selftest/cases/oescripts.py index 8a10ff357be..1decce39e96 100644 --- a/meta/lib/oeqa/selftest/cases/oescripts.py +++ b/meta/lib/oeqa/selftest/cases/oescripts.py @@ -150,7 +150,7 @@ class OEListPackageconfigTests(OEScriptTests): expected_endlines = [] expected_endlines.append("RECIPE NAME PACKAGECONFIG FLAGS") expected_endlines.append("pinentry gtk2 libcap ncurses qt secret") -expected_endlines.append("tar acl") +expected_endlines.append("tar acl selinux") self.check_endlines(results, expected_endlines) -- 2.32.0 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#155900): https://lists.openembedded.org/g/openembedded-core/message/155900 Mute This Topic: https://lists.openembedded.org/mt/85504874/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] pseudo: Update with fcntl and glibc 2.34 fixes
Pull in the following changes: * pseudo_client: Make msg static in pseudo_op_client * ports/linux/guts: Add close_range wrapper for glibc 2.34 * pseudo_client: Do not pass null argument to pseudo_diag() * test-openat: Consider device as well as inode number * test: Add missing test-statx test case * fcntl: Add support for fcntl F_GETPIPE_SZ and F_SETPIPE_SZ Signed-off-by: Richard Purdie --- meta/recipes-devtools/pseudo/pseudo_git.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-devtools/pseudo/pseudo_git.bb b/meta/recipes-devtools/pseudo/pseudo_git.bb index 328177c9bf0..a9ea8b4ef66 100644 --- a/meta/recipes-devtools/pseudo/pseudo_git.bb +++ b/meta/recipes-devtools/pseudo/pseudo_git.bb @@ -13,7 +13,7 @@ SRC_URI:append:class-nativesdk = " \ file://older-glibc-symbols.patch" SRC_URI[prebuilt.sha256sum] = "ed9f456856e9d86359f169f46a70ad7be4190d6040282b84c8d97b99072485aa" -SRCREV = "b988b0a6b8afd8d459bc9a2528e834f63a3d59b2" +SRCREV = "21ff2fb690efbe57e7dd867c39aff36ab72a6ac5" S = "${WORKDIR}/git" PV = "1.9.0+git${SRCPV}" -- 2.32.0 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#155899): https://lists.openembedded.org/g/openembedded-core/message/155899 Mute This Topic: https://lists.openembedded.org/mt/85504817/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [hardknott][PATCH] mc: fix CVE-2021-36370
From: Kai Kang Backport patch to fix CVE-2021-36370. CVE: CVE-2021-36370 Signed-off-by: Kai Kang --- .../mc/files/CVE-2021-36370.patch | 609 ++ meta/recipes-extended/mc/mc_4.8.26.bb | 1 + 2 files changed, 610 insertions(+) create mode 100644 meta/recipes-extended/mc/files/CVE-2021-36370.patch diff --git a/meta/recipes-extended/mc/files/CVE-2021-36370.patch b/meta/recipes-extended/mc/files/CVE-2021-36370.patch new file mode 100644 index 00..d6a26871bd --- /dev/null +++ b/meta/recipes-extended/mc/files/CVE-2021-36370.patch @@ -0,0 +1,609 @@ +Backport patch to fix CVE-2021-36370. + +Upstream-Status: Backport [https://github.com/MidnightCommander/mc/commit/9235d3c] +CVE: CVE-2021-36370 + +Signed-off-by: Kai Kang + +From 9235d3c232d13ad7f973346077c9cf2eaa77dc5f Mon Sep 17 00:00:00 2001 +From: Andrew Borodin +Date: Mon, 12 Jul 2021 08:48:18 +0300 +Subject: [PATCH] SFTPFS: verify server fingerprint (fix CVE-2021-36370). + +Use ~/.ssh/known_hosts file to verify server fingerprint +using ssh way: + +$ ssh localhost +The authenticity of host 'localhost (127.0.0.1)' can't be established. +ED25519 key fingerprint is SHA256:FzqKTNTroFuNUj1wUzSeV2x/1lpcESnT0ZRCmq5H6o8. +Are you sure you want to continue connecting (yes/no)? no +ssh: Host key verification failed. + +$ ssh localhost +The authenticity of host 'localhost (127.0.0.1)' can't be established. +ED25519 key fingerprint is SHA256:FzqKTNTroFuNUj1wUzSeV2x/1lpcESnT0ZRCmq5H6o8. +Are you sure you want to continue connecting (yes/no)? yes +Warning: Permanently added 'localhost' (ED25519) to the list of known hosts. +andrew@localhost's password: + +Thanks the Curl project for the used code. + +Signed-off-by: Andrew Borodin +Signed-off-by: Yury V. Zaytsev +--- + doc/man/mc.1.in | 15 ++ + doc/man/ru/mc.1.in | 14 ++ + src/vfs/sftpfs/connection.c | 428 +++- + src/vfs/sftpfs/internal.h | 5 +- + 4 files changed, 452 insertions(+), 10 deletions(-) + +diff --git a/doc/man/mc.1.in b/doc/man/mc.1.in +index c0c06e32f7..7a3d118384 100644 +--- a/doc/man/mc.1.in b/doc/man/mc.1.in +@@ -3364,6 +3364,21 @@ Examples: + sftp://j...@noncompressed.ssh.edu/private + sftp://j...@somehost.ssh.edu:/private + .fi ++.PP ++When establishing the connection, server key fingerprint is verified using ++the ~/.ssh/known_hosts file. If the host/key pair is not found or the host is found, ++but the key doesn't match, an appropriate message is shown. ++There are three buttons in the message dialog: ++.PP ++.B [Yes] ++add new host/key pair to the ~/.ssh/known_hosts file and continue. ++.PP ++.B [Ignore] ++do not add new host/key pair to the ~/.ssh/known_hosts file, but continue ++nevertheless (at you own risk). ++.PP ++.B [No] ++abort connection. + .\"NODE " Undelete File System" + .SH " Undelete File System" + On Linux systems, if you asked configure to use the ext2fs undelete +diff --git a/doc/man/ru/mc.1.in b/doc/man/ru/mc.1.in +index 7609da1127..bc0c1810a9 100644 +--- a/doc/man/ru/mc.1.in b/doc/man/ru/mc.1.in +@@ -3874,6 +3874,20 @@ bash\-совместимая оболочка shell. + sftp://j...@noncompressed.ssh.edu/private + sftp://j...@somehost.ssh.edu:/private + .fi ++При установлении соединения происходит проверка ключа сервера с использованием ++файла ~/.ssh/known_hosts file. Если пара сервер/ключ в этом файле не найдена ++или сервер найден, но ключ не соответствует, пользователю показывается ++окно с соответствующим сообщением, содержащее три кнопки: ++.PP ++.B [Да] ++добавить новую пару сервер/ключ в файл ~/.ssh/known_hosts и продолжить соединение. ++.PP ++.B [Игнорировать] ++не добавлять новую пару сервер/ключ в файл ~/.ssh/known_hosts и всё равно ++продолжить соединение (на свой страх и риск). ++.PP ++.B [Нет] ++прервать соединение. + .\"NODE " Undelete File System" + .SH " Файловая система UFS (Undelete File System)" + В ОС Linux можно сконфигурировать файловую систему ext2fs, используемую +diff --git a/src/vfs/sftpfs/connection.c b/src/vfs/sftpfs/connection.c +index 9f8ea5633b..acd5026515 100644 +--- a/src/vfs/sftpfs/connection.c b/src/vfs/sftpfs/connection.c +@@ -42,6 +42,8 @@ + #include "lib/util.h" + #include "lib/tty/tty.h"/* tty_enable_interrupt_key () */ + #include "lib/vfs/utilvfs.h" ++#include "lib/mcconfig.h" /* mc_config_get_home_dir () */ ++#include "lib/widget.h" /* query_dialog () */ + + #include "internal.h" + +@@ -49,10 +51,37 @@ + + /*** file scope macro definitions / + ++#define SHA1_DIGEST_LENGTH 20 ++ + /*** file scope type declarations / + + /*** file scope variables / + ++#ifdef LIBSSH2_KNOWNHOST_KEY_ED25519 ++static const char *const hostkey_method_ssh_ed25519 = "ssh-ed25519"; ++#endif ++#ifdef
[OE-core] [PATCH 1/1] oeqa/sdk: assimp.py -> cmake.py
The downloaded non-free sources, now download expat-2.4.1.tar.bz2 to replace it, and also rename the test case to cmake.py since it is used for testing cmake. Signed-off-by: Robert Yang --- meta/lib/oeqa/sdk/cases/{assimp.py => cmake.py} | 12 ++-- 1 file changed, 6 insertions(+), 6 deletions(-) rename meta/lib/oeqa/sdk/cases/{assimp.py => cmake.py} (70%) diff --git a/meta/lib/oeqa/sdk/cases/assimp.py b/meta/lib/oeqa/sdk/cases/cmake.py similarity index 70% rename from meta/lib/oeqa/sdk/cases/assimp.py rename to meta/lib/oeqa/sdk/cases/cmake.py index f166758e498..13b24072109 100644 --- a/meta/lib/oeqa/sdk/cases/assimp.py +++ b/meta/lib/oeqa/sdk/cases/cmake.py @@ -21,12 +21,12 @@ class BuildAssimp(OESDKTestCase): self.tc.hasHostPackage("cmake-native")): raise unittest.SkipTest("Needs cmake") -def test_assimp(self): -with tempfile.TemporaryDirectory(prefix="assimp", dir=self.tc.sdk_dir) as testdir: -tarball = self.fetch(testdir, self.td["DL_DIR"], "https://github.com/assimp/assimp/archive/v4.1.0.tar.gz;) +def test_cmake(self): +with tempfile.TemporaryDirectory(prefix="cmake", dir=self.tc.sdk_dir) as testdir: +tarball = self.fetch(testdir, self.td["DL_DIR"], "https://downloads.sourceforge.net/expat/expat-2.4.1.tar.bz2;) dirs = {} -dirs["source"] = os.path.join(testdir, "assimp-4.1.0") +dirs["source"] = os.path.join(testdir, "expat-2.4.1") dirs["build"] = os.path.join(testdir, "build") dirs["install"] = os.path.join(testdir, "install") @@ -34,7 +34,7 @@ class BuildAssimp(OESDKTestCase): self.assertTrue(os.path.isdir(dirs["source"])) os.makedirs(dirs["build"]) -self._run("cd {build} && cmake -DCMAKE_VERBOSE_MAKEFILE:BOOL=ON {source}".format(**dirs)) +self._run("cd {build} && cmake {source}".format(**dirs)) self._run("cmake --build {build} -- -j".format(**dirs)) self._run("cmake --build {build} --target install -- DESTDIR={install}".format(**dirs)) -self.check_elf(os.path.join(dirs["install"], "usr", "local", "lib", "libassimp.so.4.1.0")) +self.check_elf(os.path.join(dirs["install"], "usr/local/lib/libexpat.so.1.8.1")) -- 2.31.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#155897): https://lists.openembedded.org/g/openembedded-core/message/155897 Mute This Topic: https://lists.openembedded.org/mt/85504678/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 0/1] oeqa/sdk: assimp.py -> cmake.py
* Test info IMAGE_CLASSES += "testimage" $ bitbake core-image-sato -cpopulate_sdk && bitbake core-image-sato -ctestsdk The following changes since commit ec20e1a0e0ba61a7615b361bfc9d9dc58a91f9b3: create-spdx: remove trailing comma (2021-09-08 15:32:45 +0100) are available in the Git repository at: git://git.openembedded.org/openembedded-core-contrib rbt/test http://cgit.openembedded.org/openembedded-core-contrib/log/?h=rbt/test Robert Yang (1): oeqa/sdk: assimp.py -> cmake.py meta/lib/oeqa/sdk/cases/{assimp.py => cmake.py} | 12 ++-- 1 file changed, 6 insertions(+), 6 deletions(-) rename meta/lib/oeqa/sdk/cases/{assimp.py => cmake.py} (70%) -- 2.31.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#155896): https://lists.openembedded.org/g/openembedded-core/message/155896 Mute This Topic: https://lists.openembedded.org/mt/85504677/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH 0/1] assimp: Remove it
On 9/9/21 11:43 PM, Khem Raj wrote: On Thu, Sep 9, 2021 at 3:26 AM Robert Yang wrote: Hi Khem, On 9/9/21 1:06 PM, Khem Raj wrote: also delete meta/lib/oeqa/sdk/cases/assimp.py It's a test case for testing cmake, it should be OK to keep it? Or we need add a new one to replace it. is it downloading assimp code etc. ? if so I would suggest to replace it with something else too as a followup. Yes, it does, I've sent a patch to use expat to replace assimp for the test. // Robert // Robert On Tue, Sep 7, 2021 at 1:46 AM Robert Yang wrote: The following changes since commit 70de1dbb660461bdf0613494f53ec4c78738ae2a: vim: Add packageconfig for sound notification support (2021-09-06 09:49:13 +0100) are available in the Git repository at: git://git.openembedded.org/openembedded-core-contrib rbt/assimp http://cgit.openembedded.org/openembedded-core-contrib/log/?h=rbt/assimp Robert Yang (1): assimp: Remove it meta/conf/distro/include/maintainers.inc |1 - ...hared-lib-from-_IMPORT_CHECK_TARGETS.patch | 32 - ...hub.com-assimp-assimp-issues-2733-up.patch | 1664 - .../use-GNUInstallDirs-where-possible.patch | 257 --- meta/recipes-graphics/vulkan/assimp_5.0.1.bb | 26 - 5 files changed, 1980 deletions(-) delete mode 100644 meta/recipes-graphics/vulkan/assimp/0001-assimp-remove-shared-lib-from-_IMPORT_CHECK_TARGETS.patch delete mode 100644 meta/recipes-graphics/vulkan/assimp/0001-closes-https-github.com-assimp-assimp-issues-2733-up.patch delete mode 100644 meta/recipes-graphics/vulkan/assimp/use-GNUInstallDirs-where-possible.patch delete mode 100644 meta/recipes-graphics/vulkan/assimp_5.0.1.bb -- 2.17.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#155895): https://lists.openembedded.org/g/openembedded-core/message/155895 Mute This Topic: https://lists.openembedded.org/mt/85431029/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [qa-build-notification] QA notification for completed autobuilder build (yocto-3.3.3.rc2)
Hello all, Intel and WR YP QA is planning for QA execution for YP build yocto-3.3.3.rc2 We are planning to execute following tests for this cycle: OEQA-manual tests for following module: 1. OE-Core 2. BSP-hw Runtime auto test for following platforms: 1. MinnowTurbot 32-bit 2. Coffee Lake 3. NUC 7 4. NUC 6 5. Edgerouter 6. Beaglebone ETA for completion is next Wednesday, 15 September. Thanks, Jay > -Original Message- > From: qa-build-notificat...@lists.yoctoproject.org notificat...@lists.yoctoproject.org> On Behalf Of Richard Purdie > Sent: Friday, 10 September, 2021 4:00 AM > To: > Cc: qa-build-notification > Subject: [qa-build-notification] QA notification for completed autobuilder > build > (yocto-3.3.3.rc2) > > A build flagged for QA (yocto-3.3.3.rc2) was completed on the autobuilder and > is > available at: > > > https://autobuilder.yocto.io/pub/releases/yocto-3.3.3.rc2 > > > Build hash information: > > bitbake: c7b506d11df78cfc4610db6578745eaa6220b13a > meta-agl: 60344efa7a50dc2548fc4b5d68b5ad4d60c4023a > meta-arm: ba82ea920a3a43244a0a72bd74817e2f00f4a1af > meta-aws: 171aa2cf4d12ff4877e9104b6ec46be54128e3d8 > meta-gplv2: 9e119f333cc8f53bd3cf64326f826dbc6ce3db0f > meta-intel: 5c4a6b02f650a99a5ec55561443fcf880a863d19 > meta-mingw: 422b96cb2b6116442be1f40dfb5bd77447d1219e > meta-openembedded: 7bd7e1da9034e72ca4262dba55f70b2b23499aae > oecore: 567dd35d893c5d8969d41f263a24da8fbae3fc2f > poky: 0a2ca9d60f3851515a79d5aa9ddd8b4069b5a206 > > > > This is an automated message from the Yocto Project Autobuilder > Git: git://git.yoctoproject.org/yocto-autobuilder2 > Email: richard.pur...@linuxfoundation.org > > > > > > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#155894): https://lists.openembedded.org/g/openembedded-core/message/155894 Mute This Topic: https://lists.openembedded.org/mt/85503853/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-