[OE-core] [dunfell][PATCH] apr: Security fix for CVE-2021-35940

[Armin Kuster]

From: Armin Kuster 

Source:  https://dist.apache.org
MR: 112793
Type: Security Fix
Disposition: Backport from 
https://dist.apache.org/repos/dist/release/apr/patches/apr-1.7.0-CVE-2021-35940.patch
ChangeID: c8247210204ffcc7d1425e3d60f077ad3dd54ebc
Description:

An out-of-bounds array read in the apr_time_exp*() functions was fixed in the
Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue
was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 
regressed
compared to 1.6.3 and is vulnerable to the same issue.

Signed-off-by: Armin Kuster 
---
 .../apr/apr/CVE-2021-35940.patch  | 58 +++
 meta/recipes-support/apr/apr_1.7.0.bb |  1 +
 2 files changed, 59 insertions(+)
 create mode 100644 meta/recipes-support/apr/apr/CVE-2021-35940.patch

diff --git a/meta/recipes-support/apr/apr/CVE-2021-35940.patch 
b/meta/recipes-support/apr/apr/CVE-2021-35940.patch
new file mode 100644
index 00..00befdacee
--- /dev/null
+++ b/meta/recipes-support/apr/apr/CVE-2021-35940.patch
@@ -0,0 +1,58 @@
+
+SECURITY: CVE-2021-35940 (cve.mitre.org)
+
+Restore fix for CVE-2017-12613 which was missing in 1.7.x branch, though
+was addressed in 1.6.x in 1.6.3 and later via r1807976.
+
+The fix was merged back to 1.7.x in r1891198.
+
+Since this was a regression in 1.7.0, a new CVE name has been assigned
+to track this, CVE-2021-35940.
+
+Thanks to Iveta Cesalova  for reporting this issue.
+
+https://svn.apache.org/viewvc?view=revision=1891198
+
+Upstream-Status: Backport
+CVE: CVE-2021-35940
+Signed-off-by: Armin Kuster 
+
+
+Index: time/unix/time.c
+===
+--- a/time/unix/time.c (revision 1891197)
 b/time/unix/time.c (revision 1891198)
+@@ -142,6 +142,9 @@
+ static const int dayoffset[12] =
+ {306, 337, 0, 31, 61, 92, 122, 153, 184, 214, 245, 275};
+ 
++if (xt->tm_mon < 0 || xt->tm_mon >= 12)
++return APR_EBADDATE;
++
+ /* shift new year to 1st March in order to make leap year calc easy */
+ 
+ if (xt->tm_mon < 2)
+Index: time/win32/time.c
+===
+--- a/time/win32/time.c(revision 1891197)
 b/time/win32/time.c(revision 1891198)
+@@ -54,6 +54,9 @@
+ static const int dayoffset[12] =
+ {0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334};
+ 
++if (tm->wMonth < 1 || tm->wMonth > 12)
++return APR_EBADDATE;
++
+ /* Note; the caller is responsible for filling in detailed tm_usec,
+  * tm_gmtoff and tm_isdst data when applicable.
+  */
+@@ -228,6 +231,9 @@
+ static const int dayoffset[12] =
+ {306, 337, 0, 31, 61, 92, 122, 153, 184, 214, 245, 275};
+ 
++if (xt->tm_mon < 0 || xt->tm_mon >= 12)
++return APR_EBADDATE;
++
+ /* shift new year to 1st March in order to make leap year calc easy */
+ 
+ if (xt->tm_mon < 2)
diff --git a/meta/recipes-support/apr/apr_1.7.0.bb 
b/meta/recipes-support/apr/apr_1.7.0.bb
index 432fa3255c..92cc61a864 100644
--- a/meta/recipes-support/apr/apr_1.7.0.bb
+++ b/meta/recipes-support/apr/apr_1.7.0.bb
@@ -23,6 +23,7 @@ SRC_URI = "${APACHE_MIRROR}/apr/${BPN}-${PV}.tar.bz2 \

file://0007-explicitly-link-libapr-against-phtread-to-make-gold-.patch \
file://libtoolize_check.patch \
file://0001-Add-option-to-disable-timed-dependant-tests.patch \
+   file://CVE-2021-35940.patch \
"
 
 SRC_URI[md5sum] = "7a14a83d664e87599ea25ff4432e48a7"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#155938): 
https://lists.openembedded.org/g/openembedded-core/message/155938
Mute This Topic: https://lists.openembedded.org/mt/85526157/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [master][honister][hardknott][PATCH] apr: Security fix for CVE-2021-35940

[Armin Kuster]

An out-of-bounds array read in the apr_time_exp*() functions was fixed in the
Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue
was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 
regressed
compared to 1.6.3 and is vulnerable to the same issue.

Signed-off-by: Armin Kuster 
---
 .../apr/apr/CVE-2021-35940.patch  | 58 +++
 meta/recipes-support/apr/apr_1.7.0.bb |  1 +
 2 files changed, 59 insertions(+)
 create mode 100644 meta/recipes-support/apr/apr/CVE-2021-35940.patch

diff --git a/meta/recipes-support/apr/apr/CVE-2021-35940.patch 
b/meta/recipes-support/apr/apr/CVE-2021-35940.patch
new file mode 100644
index 00..00befdacee
--- /dev/null
+++ b/meta/recipes-support/apr/apr/CVE-2021-35940.patch
@@ -0,0 +1,58 @@
+
+SECURITY: CVE-2021-35940 (cve.mitre.org)
+
+Restore fix for CVE-2017-12613 which was missing in 1.7.x branch, though
+was addressed in 1.6.x in 1.6.3 and later via r1807976.
+
+The fix was merged back to 1.7.x in r1891198.
+
+Since this was a regression in 1.7.0, a new CVE name has been assigned
+to track this, CVE-2021-35940.
+
+Thanks to Iveta Cesalova  for reporting this issue.
+
+https://svn.apache.org/viewvc?view=revision=1891198
+
+Upstream-Status: Backport
+CVE: CVE-2021-35940
+Signed-off-by: Armin Kuster 
+
+
+Index: time/unix/time.c
+===
+--- a/time/unix/time.c (revision 1891197)
 b/time/unix/time.c (revision 1891198)
+@@ -142,6 +142,9 @@
+ static const int dayoffset[12] =
+ {306, 337, 0, 31, 61, 92, 122, 153, 184, 214, 245, 275};
+ 
++if (xt->tm_mon < 0 || xt->tm_mon >= 12)
++return APR_EBADDATE;
++
+ /* shift new year to 1st March in order to make leap year calc easy */
+ 
+ if (xt->tm_mon < 2)
+Index: time/win32/time.c
+===
+--- a/time/win32/time.c(revision 1891197)
 b/time/win32/time.c(revision 1891198)
+@@ -54,6 +54,9 @@
+ static const int dayoffset[12] =
+ {0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334};
+ 
++if (tm->wMonth < 1 || tm->wMonth > 12)
++return APR_EBADDATE;
++
+ /* Note; the caller is responsible for filling in detailed tm_usec,
+  * tm_gmtoff and tm_isdst data when applicable.
+  */
+@@ -228,6 +231,9 @@
+ static const int dayoffset[12] =
+ {306, 337, 0, 31, 61, 92, 122, 153, 184, 214, 245, 275};
+ 
++if (xt->tm_mon < 0 || xt->tm_mon >= 12)
++return APR_EBADDATE;
++
+ /* shift new year to 1st March in order to make leap year calc easy */
+ 
+ if (xt->tm_mon < 2)
diff --git a/meta/recipes-support/apr/apr_1.7.0.bb 
b/meta/recipes-support/apr/apr_1.7.0.bb
index 82317396cd..b70edfaf42 100644
--- a/meta/recipes-support/apr/apr_1.7.0.bb
+++ b/meta/recipes-support/apr/apr_1.7.0.bb
@@ -24,6 +24,7 @@ SRC_URI = "${APACHE_MIRROR}/apr/${BPN}-${PV}.tar.bz2 \
file://libtoolize_check.patch \
file://0001-Add-option-to-disable-timed-dependant-tests.patch \
file://autoconf270.patch \
+   file://CVE-2021-35940.patch \
"
 
 SRC_URI[md5sum] = "7a14a83d664e87599ea25ff4432e48a7"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#155937): 
https://lists.openembedded.org/g/openembedded-core/message/155937
Mute This Topic: https://lists.openembedded.org/mt/85526150/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [master][honister][hardknott][PATCH] apr: Security fix for CVE-2021-35940

[Armin Kuster]

An out-of-bounds array read in the apr_time_exp*() functions was fixed in the
Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue
was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 
regressed
compared to 1.6.3 and is vulnerable to the same issue.

Signed-off-by: Armin Kuster 
---
 .../apr/apr/CVE-2021-35940.patch  | 58 +++
 meta/recipes-support/apr/apr_1.7.0.bb |  1 +
 2 files changed, 59 insertions(+)
 create mode 100644 meta/recipes-support/apr/apr/CVE-2021-35940.patch

diff --git a/meta/recipes-support/apr/apr/CVE-2021-35940.patch 
b/meta/recipes-support/apr/apr/CVE-2021-35940.patch
new file mode 100644
index 00..00befdacee
--- /dev/null
+++ b/meta/recipes-support/apr/apr/CVE-2021-35940.patch
@@ -0,0 +1,58 @@
+
+SECURITY: CVE-2021-35940 (cve.mitre.org)
+
+Restore fix for CVE-2017-12613 which was missing in 1.7.x branch, though
+was addressed in 1.6.x in 1.6.3 and later via r1807976.
+
+The fix was merged back to 1.7.x in r1891198.
+
+Since this was a regression in 1.7.0, a new CVE name has been assigned
+to track this, CVE-2021-35940.
+
+Thanks to Iveta Cesalova  for reporting this issue.
+
+https://svn.apache.org/viewvc?view=revision=1891198
+
+Upstream-Status: Backport
+CVE: CVE-2021-35940
+Signed-off-by: Armin Kuster 
+
+
+Index: time/unix/time.c
+===
+--- a/time/unix/time.c (revision 1891197)
 b/time/unix/time.c (revision 1891198)
+@@ -142,6 +142,9 @@
+ static const int dayoffset[12] =
+ {306, 337, 0, 31, 61, 92, 122, 153, 184, 214, 245, 275};
+ 
++if (xt->tm_mon < 0 || xt->tm_mon >= 12)
++return APR_EBADDATE;
++
+ /* shift new year to 1st March in order to make leap year calc easy */
+ 
+ if (xt->tm_mon < 2)
+Index: time/win32/time.c
+===
+--- a/time/win32/time.c(revision 1891197)
 b/time/win32/time.c(revision 1891198)
+@@ -54,6 +54,9 @@
+ static const int dayoffset[12] =
+ {0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334};
+ 
++if (tm->wMonth < 1 || tm->wMonth > 12)
++return APR_EBADDATE;
++
+ /* Note; the caller is responsible for filling in detailed tm_usec,
+  * tm_gmtoff and tm_isdst data when applicable.
+  */
+@@ -228,6 +231,9 @@
+ static const int dayoffset[12] =
+ {306, 337, 0, 31, 61, 92, 122, 153, 184, 214, 245, 275};
+ 
++if (xt->tm_mon < 0 || xt->tm_mon >= 12)
++return APR_EBADDATE;
++
+ /* shift new year to 1st March in order to make leap year calc easy */
+ 
+ if (xt->tm_mon < 2)
diff --git a/meta/recipes-support/apr/apr_1.7.0.bb 
b/meta/recipes-support/apr/apr_1.7.0.bb
index 82317396cd..b70edfaf42 100644
--- a/meta/recipes-support/apr/apr_1.7.0.bb
+++ b/meta/recipes-support/apr/apr_1.7.0.bb
@@ -24,6 +24,7 @@ SRC_URI = "${APACHE_MIRROR}/apr/${BPN}-${PV}.tar.bz2 \
file://libtoolize_check.patch \
file://0001-Add-option-to-disable-timed-dependant-tests.patch \
file://autoconf270.patch \
+   file://CVE-2021-35940.patch \
"
 
 SRC_URI[md5sum] = "7a14a83d664e87599ea25ff4432e48a7"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#155936): 
https://lists.openembedded.org/g/openembedded-core/message/155936
Mute This Topic: https://lists.openembedded.org/mt/85526150/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [dunfell][PATCH] libgcrypt: Security fix CVE-2021-33560

[Armin Kuster]

From: Armin Kuster 

Source: https://sources.debian.org/patches/libgcrypt20/1.8.4-5+deb10u1
MR: 111591
Type: Security Fix
Disposition: Backport from 
https://sources.debian.org/data/main/libg/libgcrypt20/1.8.4-5%2Bdeb10u1/debian/patches/31_cipher-Fix-ElGamal-encryption-for-other-implementati.patch
ChangeID: d066a9baacc0d967dd80ac54c684cde031ac686e
Description:

Affects before 1.8.8 and 1.9.x before 1.9.3

Signed-off-by: Armin Kuster 
---
 .../libgcrypt/files/CVE-2021-33560.patch  | 109 ++
 .../libgcrypt/libgcrypt_1.8.5.bb  |   1 +
 2 files changed, 110 insertions(+)
 create mode 100644 meta/recipes-support/libgcrypt/files/CVE-2021-33560.patch

diff --git a/meta/recipes-support/libgcrypt/files/CVE-2021-33560.patch 
b/meta/recipes-support/libgcrypt/files/CVE-2021-33560.patch
new file mode 100644
index 00..c0d00485e6
--- /dev/null
+++ b/meta/recipes-support/libgcrypt/files/CVE-2021-33560.patch
@@ -0,0 +1,109 @@
+From 707c3c5c511ee70ad0e39ec613471f665305fbea Mon Sep 17 00:00:00 2001
+From: NIIBE Yutaka 
+Date: Fri, 21 May 2021 11:15:07 +0900
+Subject: [PATCH] cipher: Fix ElGamal encryption for other implementations.
+
+* cipher/elgamal.c (gen_k): Remove support of smaller K.
+(do_encrypt): Never use smaller K.
+(sign): Folllow the change of gen_k.
+
+--
+
+Cherry-pick master commit of:
+   632d80ef30e13de6926d503aa697f92b5dbfbc5e
+
+This change basically reverts encryption changes in two commits:
+
+   74386120dad6b3da62db37f7044267c8ef34689b
+   78531373a342aeb847950f404343a05e36022065
+
+Use of smaller K for ephemeral key in ElGamal encryption is only good,
+when we can guarantee that recipient's key is generated by our
+implementation (or compatible).
+
+For detail, please see:
+
+Luca De Feo, Bertram Poettering, Alessandro Sorniotti,
+"On the (in)security of ElGamal in OpenPGP";
+in the proceedings of  CCS'2021.
+
+CVE-id: CVE-2021-33560
+GnuPG-bug-id: 5328
+Suggested-by: Luca De Feo, Bertram Poettering, Alessandro Sorniotti
+Signed-off-by: NIIBE Yutaka 
+
+Upstream-Status: Backport
+CVE: CVE-2021-33560
+Signed-off-by: Armin Kuster 
+---
+ cipher/elgamal.c | 24 ++--
+ 1 file changed, 6 insertions(+), 18 deletions(-)
+
+diff --git a/cipher/elgamal.c b/cipher/elgamal.c
+index 4eb52d62..ae7a631e 100644
+--- a/cipher/elgamal.c
 b/cipher/elgamal.c
+@@ -66,7 +66,7 @@ static const char *elg_names[] =
+ 
+ 
+ static int test_keys (ELG_secret_key *sk, unsigned int nbits, int nodie);
+-static gcry_mpi_t gen_k (gcry_mpi_t p, int small_k);
++static gcry_mpi_t gen_k (gcry_mpi_t p);
+ static gcry_err_code_t generate (ELG_secret_key *sk, unsigned nbits,
+  gcry_mpi_t **factors);
+ static int  check_secret_key (ELG_secret_key *sk);
+@@ -189,11 +189,10 @@ test_keys ( ELG_secret_key *sk, unsigned int nbits, int 
nodie )
+ 
+ /
+  * Generate a random secret exponent k from prime p, so that k is
+- * relatively prime to p-1.  With SMALL_K set, k will be selected for
+- * better encryption performance - this must never be used signing!
++ * relatively prime to p-1.
+  */
+ static gcry_mpi_t
+-gen_k( gcry_mpi_t p, int small_k )
++gen_k( gcry_mpi_t p )
+ {
+   gcry_mpi_t k = mpi_alloc_secure( 0 );
+   gcry_mpi_t temp = mpi_alloc( mpi_get_nlimbs(p) );
+@@ -202,18 +201,7 @@ gen_k( gcry_mpi_t p, int small_k )
+   unsigned int nbits, nbytes;
+   char *rndbuf = NULL;
+ 
+-  if (small_k)
+-{
+-  /* Using a k much lesser than p is sufficient for encryption and
+-   * it greatly improves the encryption performance.  We use
+-   * Wiener's table and add a large safety margin. */
+-  nbits = wiener_map( orig_nbits ) * 3 / 2;
+-  if( nbits >= orig_nbits )
+-BUG();
+-}
+-  else
+-nbits = orig_nbits;
+-
++  nbits = orig_nbits;
+ 
+   nbytes = (nbits+7)/8;
+   if( DBG_CIPHER )
+@@ -492,7 +480,7 @@ do_encrypt(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, 
ELG_public_key *pkey )
+* error code.
+*/
+ 
+-  k = gen_k( pkey->p, 1 );
++  k = gen_k( pkey->p );
+   mpi_powm (a, pkey->g, k, pkey->p);
+ 
+   /* b = (y^k * input) mod p
+@@ -594,7 +582,7 @@ sign(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, 
ELG_secret_key *skey )
+ *
+ */
+ mpi_sub_ui(p_1, p_1, 1);
+-k = gen_k( skey->p, 0 /* no small K ! */ );
++k = gen_k( skey->p );
+ mpi_powm( a, skey->g, k, skey->p );
+ mpi_mul(t, skey->x, a );
+ mpi_subm(t, input, t, p_1 );
+-- 
+2.30.2
+
diff --git a/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb 
b/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb
index 16a58ad9b8..174b087b24 100644
--- a/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb
+++ b/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb
@@ -28,6 +28,7 @@ SRC_URI = "${GNUPG_MIRROR}/libgcrypt/libgcrypt-${PV}.tar.bz2 \

file://0002-AES-move-look-up-tables-to-.data-section-and-unshare.patch \

Re: [OE-core] [PATCH] package-manager: escape package names for regexps

[Alexandre Belloni]

On 10/09/2021 21:37:29+0200, Alexandre Belloni wrote:
> Hello,
> 
> On 08/09/2021 19:46:41+0200, tobias.kaufm...@wusto.de wrote:
> > From: Tobias Kaufmann 
> > 
> > If a package-name contains characters which are used
> > in regular expressions (e.g. libstdc++) this might
> > break the regexp compilation.
> > 
> > To solve this issue the package names are escaped before using
> > them in the regular expression
> > 
> 
> I believe this is the cause of:
> https://autobuilder.yoctoproject.org/typhoon/#/builders/79/builds/2528/steps/14/logs/stdio
> can you check?
> 

Sorry, to make it easier for you, the error is:

ERROR: core-image-minimal-1.0-r0 do_rootfs: Cannot get the installed packages 
list. Command 
'/home/pokybuild/yocto-worker/oe-selftest-centos/build/build-st-1565688/tmp/work/qemux86_64-poky-linux/core-image-minimal/1.0-r0/recipe-sysroot-native/usr/bin/dpkg-query
 
--admindir=/home/pokybuild/yocto-worker/oe-selftest-centos/build/build-st-1565688/tmp/work/qemux86_64-poky-linux/core-image-minimal/1.0-r0/rootfs/var/lib/dpkg
 -W -f=Package: ${Package}
Architecture: ${PackageArch}
Version: ${Version}
File: ${Package}_${Version}_${Architecture}.deb
Depends: ${Depends}
Recommends: ${Recommends}
Provides: ${Provides}
' returned 2:
dpkg-query: error: parsing file 
'/home/pokybuild/yocto-worker/oe-selftest-centos/build/build-st-1565688/tmp/work/qemux86_64-poky-linux/core-image-minimal/1.0-r0/rootfs/var/lib/dpkg/status'
 near line 1060:
 invalid package name in 'Package' field: character '\' not allowed (only 
letters, digits and characters '-+._')


> > Signed-off-by: Tobias Kaufmann 
> > ---
> >  meta/lib/oe/package_manager/deb/__init__.py | 5 +++--
> >  meta/lib/oe/package_manager/ipk/__init__.py | 5 +++--
> >  2 files changed, 6 insertions(+), 4 deletions(-)
> > 
> > diff --git a/meta/lib/oe/package_manager/deb/__init__.py 
> > b/meta/lib/oe/package_manager/deb/__init__.py
> > index 9f112ae25b..4d5921044a 100644
> > --- a/meta/lib/oe/package_manager/deb/__init__.py
> > +++ b/meta/lib/oe/package_manager/deb/__init__.py
> > @@ -208,8 +208,9 @@ class DpkgPM(OpkgDpkgPM):
> >  
> >  status = sf.read()
> >  for pkg in packages:
> > -status = re.sub(r"Package: 
> > %s\n((?:[^\n]+\n)*?)Status: (.*)(?:unpacked|installed)" % pkg,
> > -r"Package: %s\n\1Status: \2%s" % 
> > (pkg, status_tag),
> > +_pkg = re.escape(pkg)
> > +status = re.sub(r"Package: 
> > %s\n((?:[^\n]+\n)*?)Status: (.*)(?:unpacked|installed)" % _pkg,
> > +r"Package: %s\n\1Status: \2%s" % 
> > (_pkg, status_tag),
> >  status)
> >  
> >  tmp_sf.write(status)
> > diff --git a/meta/lib/oe/package_manager/ipk/__init__.py 
> > b/meta/lib/oe/package_manager/ipk/__init__.py
> > index 4cd3963111..503a4f5181 100644
> > --- a/meta/lib/oe/package_manager/ipk/__init__.py
> > +++ b/meta/lib/oe/package_manager/ipk/__init__.py
> > @@ -207,8 +207,9 @@ class OpkgPM(OpkgDpkgPM):
> >  
> >  status = sf.read()
> >  for pkg in packages:
> > -status = re.sub(r"Package: 
> > %s\n((?:[^\n]+\n)*?)Status: (.*)(?:unpacked|installed)" % pkg,
> > -r"Package: %s\n\1Status: \2%s" % 
> > (pkg, status_tag),
> > +_pkg = re.escape(pkg)
> > +status = re.sub(r"Package: 
> > %s\n((?:[^\n]+\n)*?)Status: (.*)(?:unpacked|installed)" % _pkg,
> > +r"Package: %s\n\1Status: \2%s" % 
> > (_pkg, status_tag),
> >  status)
> >  
> >  tmp_sf.write(status)
> > -- 
> > 2.33.0
> > 
> 
> > 
> > 
> > 
> 
> 
> -- 
> Alexandre Belloni, co-owner and COO, Bootlin
> Embedded Linux and Kernel engineering
> https://bootlin.com

-- 
Alexandre Belloni, co-owner and COO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#155934): 
https://lists.openembedded.org/g/openembedded-core/message/155934
Mute This Topic: https://lists.openembedded.org/mt/85465297/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH] package-manager: escape package names for regexps

[Alexandre Belloni]

Hello,

On 08/09/2021 19:46:41+0200, tobias.kaufm...@wusto.de wrote:
> From: Tobias Kaufmann 
> 
> If a package-name contains characters which are used
> in regular expressions (e.g. libstdc++) this might
> break the regexp compilation.
> 
> To solve this issue the package names are escaped before using
> them in the regular expression
> 

I believe this is the cause of:
https://autobuilder.yoctoproject.org/typhoon/#/builders/79/builds/2528/steps/14/logs/stdio
can you check?

> Signed-off-by: Tobias Kaufmann 
> ---
>  meta/lib/oe/package_manager/deb/__init__.py | 5 +++--
>  meta/lib/oe/package_manager/ipk/__init__.py | 5 +++--
>  2 files changed, 6 insertions(+), 4 deletions(-)
> 
> diff --git a/meta/lib/oe/package_manager/deb/__init__.py 
> b/meta/lib/oe/package_manager/deb/__init__.py
> index 9f112ae25b..4d5921044a 100644
> --- a/meta/lib/oe/package_manager/deb/__init__.py
> +++ b/meta/lib/oe/package_manager/deb/__init__.py
> @@ -208,8 +208,9 @@ class DpkgPM(OpkgDpkgPM):
>  
>  status = sf.read()
>  for pkg in packages:
> -status = re.sub(r"Package: 
> %s\n((?:[^\n]+\n)*?)Status: (.*)(?:unpacked|installed)" % pkg,
> -r"Package: %s\n\1Status: \2%s" % 
> (pkg, status_tag),
> +_pkg = re.escape(pkg)
> +status = re.sub(r"Package: 
> %s\n((?:[^\n]+\n)*?)Status: (.*)(?:unpacked|installed)" % _pkg,
> +r"Package: %s\n\1Status: \2%s" % 
> (_pkg, status_tag),
>  status)
>  
>  tmp_sf.write(status)
> diff --git a/meta/lib/oe/package_manager/ipk/__init__.py 
> b/meta/lib/oe/package_manager/ipk/__init__.py
> index 4cd3963111..503a4f5181 100644
> --- a/meta/lib/oe/package_manager/ipk/__init__.py
> +++ b/meta/lib/oe/package_manager/ipk/__init__.py
> @@ -207,8 +207,9 @@ class OpkgPM(OpkgDpkgPM):
>  
>  status = sf.read()
>  for pkg in packages:
> -status = re.sub(r"Package: 
> %s\n((?:[^\n]+\n)*?)Status: (.*)(?:unpacked|installed)" % pkg,
> -r"Package: %s\n\1Status: \2%s" % 
> (pkg, status_tag),
> +_pkg = re.escape(pkg)
> +status = re.sub(r"Package: 
> %s\n((?:[^\n]+\n)*?)Status: (.*)(?:unpacked|installed)" % _pkg,
> +r"Package: %s\n\1Status: \2%s" % 
> (_pkg, status_tag),
>  status)
>  
>  tmp_sf.write(status)
> -- 
> 2.33.0
> 

> 
> 
> 


-- 
Alexandre Belloni, co-owner and COO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#155933): 
https://lists.openembedded.org/g/openembedded-core/message/155933
Mute This Topic: https://lists.openembedded.org/mt/85465297/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [pseudo][PATCH v2] fcntl: Add support for fcntl F_GETPIPE_SZ and F_SETPIPE_SZ

[Richard Purdie]

On Fri, 2021-09-10 at 17:36 +0100, Mike Crowe wrote:
> On Monday 06 September 2021 at 17:37:14 +0100, Mike Crowe via 
> lists.openembedded.org wrote:
> > On Friday 13 August 2021 at 12:05:09 +0100, Mike Crowe via 
> > lists.openembedded.org wrote:
> > > When running the test suite on my Debian 11 box I see many occurrences
> > > of:
> > > 
> > >  unknown fcntl argument 1032, assuming long argument.
> > > 
> > > (for example from test-execl.sh.)
> > > 
> > > It appears that this is F_GETPIPE_SZ and it takes no arguments. Let's
> > > add it and the corresponding F_SETPIPE_SZ too to avoid the warning
> > > messages.
> > > 
> > > F_SETPIPE_SZ accepts an int argument, which strictly speaking isn't the
> > > same as the long that the wrapper expects. However, this is also true
> > > for F_DUPFD which seems to be working correctly on all the targets that
> > > people care about.
> > > 
> > > We need to define the command constants if the system headers don't
> > > provide them to ensure that a binary built on an old system works
> > > without the new commands works correctly only a newer one that tries to
> > > use them. If the system values differ from the expected ones then such a
> > > binary would also be incompatible, so fail the build in that case too.
> > > 
> > > Signed-off-by: Mike Crowe 
> > > ---
> > >  Makefile.in  |  1 +
> > >  ports/linux/guts/fcntl.c | 21 +++
> > >  test/test-fcntl.c| 58 
> > >  test/test-fcntl.sh   |  5 
> > >  4 files changed, 85 insertions(+)
> > >  create mode 100644 test/test-fcntl.c
> > >  create mode 100755 test/test-fcntl.sh
> 
> Hi Richard & Seebs,
> 
> It looks like only part of this change landed as
> 328452d74917ce9314c8c4afe2bd277473a4c076:
> 
> >  Makefile.in  |  1 +
> >  ports/linux/guts/fcntl.c | 21 +
> 
> This means that the tests no longer pass:
> 
> cc: error: test/test-fcntl.c: No such file or directory
> 
> It looks like something similar happened with test-statx leading to
> https://lists.openembedded.org/g/openembedded-core/message/154797 so I
> wonder whether there's some sort of tooling fault somewhere?

Thanks, I've added those.

I really don't know what happened. This all gets tricky as I have to fix up the
email list mangling of your sender addresses, get these patches applied in a
pseudo recipe as patches, run test builds, then get the patches over to the
pseudo repo, push those then update the recipe.

I guess the issue is we don't run the pseudo tests anywhere so we don't spot
when they're missing. For most other issues I would see failures and fix things.
Not sure if/where we'd want to run them but it is something to think about. We
don't really have a good place for native tool testing.

Cheers,

Richard


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#155932): 
https://lists.openembedded.org/g/openembedded-core/message/155932
Mute This Topic: https://lists.openembedded.org/mt/84860960/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [pseudo][PATCH v2] fcntl: Add support for fcntl F_GETPIPE_SZ and F_SETPIPE_SZ

[Mike Crowe via lists.openembedded.org]

On Monday 06 September 2021 at 17:37:14 +0100, Mike Crowe via 
lists.openembedded.org wrote:
> On Friday 13 August 2021 at 12:05:09 +0100, Mike Crowe via 
> lists.openembedded.org wrote:
> > When running the test suite on my Debian 11 box I see many occurrences
> > of:
> > 
> >  unknown fcntl argument 1032, assuming long argument.
> > 
> > (for example from test-execl.sh.)
> > 
> > It appears that this is F_GETPIPE_SZ and it takes no arguments. Let's
> > add it and the corresponding F_SETPIPE_SZ too to avoid the warning
> > messages.
> > 
> > F_SETPIPE_SZ accepts an int argument, which strictly speaking isn't the
> > same as the long that the wrapper expects. However, this is also true
> > for F_DUPFD which seems to be working correctly on all the targets that
> > people care about.
> > 
> > We need to define the command constants if the system headers don't
> > provide them to ensure that a binary built on an old system works
> > without the new commands works correctly only a newer one that tries to
> > use them. If the system values differ from the expected ones then such a
> > binary would also be incompatible, so fail the build in that case too.
> > 
> > Signed-off-by: Mike Crowe 
> > ---
> >  Makefile.in  |  1 +
> >  ports/linux/guts/fcntl.c | 21 +++
> >  test/test-fcntl.c| 58 
> >  test/test-fcntl.sh   |  5 
> >  4 files changed, 85 insertions(+)
> >  create mode 100644 test/test-fcntl.c
> >  create mode 100755 test/test-fcntl.sh

Hi Richard & Seebs,

It looks like only part of this change landed as
328452d74917ce9314c8c4afe2bd277473a4c076:

|  Makefile.in  |  1 +
|  ports/linux/guts/fcntl.c | 21 +

This means that the tests no longer pass:

cc: error: test/test-fcntl.c: No such file or directory

It looks like something similar happened with test-statx leading to
https://lists.openembedded.org/g/openembedded-core/message/154797 so I
wonder whether there's some sort of tooling fault somewhere?

Thanks.

Mike.

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#155931): 
https://lists.openembedded.org/g/openembedded-core/message/155931
Mute This Topic: https://lists.openembedded.org/mt/84860960/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core][dunfell 0/6] Pull request (cover letter only)

[Richard Purdie]

On Thu, 2021-09-09 at 16:58 -1000, Steve Sakoman wrote:
> The following changes since commit b46b059a306b2823624e64adecded9f76430471a:
> 
>   layer.conf: fix syntax error in PATH setting (2021-09-03 04:05:12 -1000)
> 
> are available in the Git repository at:
> 
>   git://git.openembedded.org/openembedded-core-contrib stable/dunfell-next
>   
> http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-next
> 
> Changqing Li (1):
>   gdk-pixbuf: fix CVE-2021-20240
> 
> Martin Jansa (1):
>   default-distrovars.inc: Set BBINCLUDELOGS to empty to disable printing
> failed task output multiple times

I've merged this apart from the above patch since this was just reverted in
master with better fixes in bitbake.

Cheers,

Richard


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#155930): 
https://lists.openembedded.org/g/openembedded-core/message/155930
Mute This Topic: https://lists.openembedded.org/mt/85501406/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [dunfell][PATCH] glib-2.0: Several Security fixes

[Armin Kuster]

From: Armin Kuster 

Source: https://gitlab.gnome.org/GNOME/glib
MR: 108788, 108795, 109707
Type: Security Fix https://gitlab.gnome.org/GNOME/glib branch glic-2-66
Disposition: Backport from
ChangeID: 96b965a23bcdb0881b0de534d6eb5878f6d99d9a
Description:

https://gitlab.gnome.org/GNOME/glib/-/commit/e8fe1d51fe07f506211680c76145eea737f4bf30
https://gitlab.gnome.org/GNOME/glib/-/commit/8670c78dabefe5621e8a073fff3eb4235afb6254
https://gitlab.gnome.org/GNOME/glib/-/commit/01c5468e10707cbf78e6e83bbcf1ce9c866f2885

Fixes:
CVE-2021-27219
CVE-2021-27218
CVE-2021-28153

Signed-off-by: Armin Kuster 
---
 .../glib-2.0/glib-2.0/CVE-2021-27218.patch| 132 +++
 .../glib-2.0/glib-2.0/CVE-2021-27219_1.patch  | 175 ++
 .../glib-2.0/glib-2.0/CVE-2021-27219_10.patch |  60 
 .../glib-2.0/glib-2.0/CVE-2021-27219_2.patch  | 264 ++
 .../glib-2.0/glib-2.0/CVE-2021-27219_3.patch  | 138 
 .../glib-2.0/glib-2.0/CVE-2021-27219_4.patch  | 322 ++
 .../glib-2.0/glib-2.0/CVE-2021-27219_5.patch  |  49 +++
 .../glib-2.0/glib-2.0/CVE-2021-27219_6.patch  |  99 ++
 .../glib-2.0/glib-2.0/CVE-2021-27219_7.patch  |  99 ++
 .../glib-2.0/glib-2.0/CVE-2021-27219_8.patch  | 101 ++
 .../glib-2.0/glib-2.0/CVE-2021-27219_9.patch  |  57 
 .../glib-2.0/glib-2.0/CVE-2021-28153.patch|  28 ++
 .../glib-2.0/glib-2.0/CVE-2021-28153_2.patch  |  43 +++
 .../glib-2.0/glib-2.0/CVE-2021-28153_3.patch  |  56 +++
 .../glib-2.0/glib-2.0/CVE-2021-28153_4.patch  | 261 ++
 .../glib-2.0/glib-2.0/CVE-2021-28153_5.patch  |  56 +++
 meta/recipes-core/glib-2.0/glib-2.0_2.62.6.bb |  15 +
 17 files changed, 1955 insertions(+)
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27218.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219_1.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219_10.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219_2.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219_3.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219_4.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219_5.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219_6.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219_7.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219_8.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219_9.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-28153.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-28153_2.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-28153_3.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-28153_4.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-28153_5.patch

diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27218.patch 
b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27218.patch
new file mode 100644
index 00..85d79d07f1
--- /dev/null
+++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27218.patch
@@ -0,0 +1,132 @@
+From 0f384c88a241bbbd884487b1c40b7b75f1e638d3 Mon Sep 17 00:00:00 2001
+From: Krzesimir Nowak 
+Date: Wed, 10 Feb 2021 23:51:07 +0100
+Subject: [PATCH] gbytearray: Do not accept too large byte arrays
+
+GByteArray uses guint for storing the length of the byte array, but it
+also has a constructor (g_byte_array_new_take) that takes length as a
+gsize. gsize may be larger than guint (64 bits for gsize vs 32 bits
+for guint). It is possible to call the function with a value greater
+than G_MAXUINT, which will result in silent length truncation. This
+may happen as a result of unreffing GBytes into GByteArray, so rather
+be loud about it.
+
+(Test case tweaked by Philip Withnall.)
+
+(Backport 2.66: Add #include gstrfuncsprivate.h in the test case for
+`g_memdup2()`.)
+
+Upstream-Status: Backport
+CVE: CVE-2021-27218
+Signed-off-by: Armin Kuster 
+
+---
+ glib/garray.c  |  6 ++
+ glib/gbytes.c  |  4 
+ glib/tests/bytes.c | 35 ++-
+ 3 files changed, 44 insertions(+), 1 deletion(-)
+
+Index: glib-2.62.6/glib/garray.c
+===
+--- glib-2.62.6.orig/glib/garray.c
 glib-2.62.6/glib/garray.c
+@@ -2013,6 +2013,10 @@ g_byte_array_new (void)
+  * Create byte array containing the data. The data will be owned by the array
+  * and will be freed with g_free(), i.e. it could be allocated using 
g_strdup().
+  *
++ * Do not use it if @len is greater than %G_MAXUINT. #GByteArray
++ * stores the length of its data in #guint, which may be shorter than
++ * #gsize.
++ *
+  * Since: 2.32
+  *
+  * Returns: (transfer full): a new #GByteArray
+@@ -2024,6 +2028,8 @@ g_byte_array_new_take (guint8 *data,
+   GByteArray *array;
+   GRealArray *real;
+ 
++  g_return_val_if_fail 

[OE-core][dunfell 9/9] go: Several Security fixes

[Steve Sakoman]

From: Armin Kuster 

Source: golang.org
MR: 111958, 112390, 112393
Type: Security Fix
Disposition: Backport from https://github.com/golang/go.git
ChangeID: 662d021814f025b3d768a04864498486f94819a7
Description:

Affects < 1.16.5

Fixes:
CVE-2021-33196
CVE-2021-33197
CVE-2021-34558

Signed-off-by: Armin Kuster 
Signed-off-by: Steve Sakoman 
---
 meta/recipes-devtools/go/go-1.14.inc  |   3 +
 .../go/go-1.14/CVE-2021-33196.patch   | 124 ++
 .../go/go-1.14/CVE-2021-33197.patch   | 152 ++
 .../go/go-1.14/CVE-2021-34558.patch   |  51 ++
 4 files changed, 330 insertions(+)
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2021-33196.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2021-33197.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2021-34558.patch

diff --git a/meta/recipes-devtools/go/go-1.14.inc 
b/meta/recipes-devtools/go/go-1.14.inc
index 50136ca841..abc6f42184 100644
--- a/meta/recipes-devtools/go/go-1.14.inc
+++ b/meta/recipes-devtools/go/go-1.14.inc
@@ -16,6 +16,9 @@ SRC_URI += "\
 file://0006-cmd-dist-separate-host-and-target-builds.patch \
 file://0007-cmd-go-make-GOROOT-precious-by-default.patch \
 file://0008-use-GOBUILDMODE-to-set-buildmode.patch \
+file://CVE-2021-34558.patch \
+file://CVE-2021-33196.patch \
+file://CVE-2021-33197.patch \
 "
 SRC_URI_append_libc-musl = " 
file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch"
 SRC_URI[main.sha256sum] = 
"7ed13b2209e54a451835997f78035530b331c5b6943cdcd68a3d815fdc009149"
diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2021-33196.patch 
b/meta/recipes-devtools/go/go-1.14/CVE-2021-33196.patch
new file mode 100644
index 00..2e2dc62c49
--- /dev/null
+++ b/meta/recipes-devtools/go/go-1.14/CVE-2021-33196.patch
@@ -0,0 +1,124 @@
+From 74242baa4136c7a9132a8ccd9881354442788c8c Mon Sep 17 00:00:00 2001
+From: Roland Shoemaker 
+Date: Tue, 11 May 2021 11:31:31 -0700
+Subject: [PATCH] archive/zip: only preallocate File slice if reasonably sized
+
+Since the number of files in the EOCD record isn't validated, it isn't
+safe to preallocate Reader.Files using that field. A malformed archive
+can indicate it contains up to 1 << 128 - 1 files. We can still safely
+preallocate the slice by checking if the specified number of files in
+the archive is reasonable, given the size of the archive.
+
+Thanks to the OSS-Fuzz project for discovering this issue and to
+Emmanuel Odeke for reporting it.
+
+Fixes #46242
+Fixes CVE-2021-33196
+
+Change-Id: I3c76d8eec178468b380d87fdb4a3f2cb06f0ee76
+Reviewed-on: https://go-review.googlesource.com/c/go/+/318909
+Trust: Roland Shoemaker 
+Trust: Katie Hockman 
+Trust: Joe Tsai 
+Run-TryBot: Roland Shoemaker 
+TryBot-Result: Go Bot 
+Reviewed-by: Katie Hockman 
+Reviewed-by: Joe Tsai 
+
+Upstream-Status: Backport
+CVE: CVE-2021-33196
+Signed-off-by: Armin Kuster 
+
+---
+ src/archive/zip/reader.go  | 10 +-
+ src/archive/zip/reader_test.go | 59 ++
+ 2 files changed, 68 insertions(+), 1 deletion(-)
+
+Index: go/src/archive/zip/reader.go
+===
+--- go.orig/src/archive/zip/reader.go
 go/src/archive/zip/reader.go
+@@ -84,7 +84,15 @@ func (z *Reader) init(r io.ReaderAt, siz
+   return err
+   }
+   z.r = r
+-  z.File = make([]*File, 0, end.directoryRecords)
++  // Since the number of directory records is not validated, it is not
++  // safe to preallocate z.File without first checking that the specified
++  // number of files is reasonable, since a malformed archive may
++  // indicate it contains up to 1 << 128 - 1 files. Since each file has a
++  // header which will be _at least_ 30 bytes we can safely preallocate
++  // if (data size / 30) >= end.directoryRecords.
++  if (uint64(size)-end.directorySize)/30 >= end.directoryRecords {
++  z.File = make([]*File, 0, end.directoryRecords)
++  }
+   z.Comment = end.comment
+   rs := io.NewSectionReader(r, 0, size)
+   if _, err = rs.Seek(int64(end.directoryOffset), io.SeekStart); err != 
nil {
+Index: go/src/archive/zip/reader_test.go
+===
+--- go.orig/src/archive/zip/reader_test.go
 go/src/archive/zip/reader_test.go
+@@ -1070,3 +1070,62 @@ func TestIssue12449(t *testing.T) {
+   t.Errorf("Error reading the archive: %v", err)
+   }
+ }
++
++func TestCVE202133196(t *testing.T) {
++  // Archive that indicates it has 1 << 128 -1 files,
++  // this would previously cause a panic due to attempting
++  // to allocate a slice with 1 << 128 -1 elements.
++  data := []byte{
++  0x50, 0x4b, 0x03, 0x04, 0x14, 0x00, 0x08, 0x08,
++  0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++  

[OE-core][dunfell 8/9] xserver-xorg: Security fix for CVE-2020-14360/-25712

[Steve Sakoman]

From: Armin Kuster 

Source: https://gitlab.freedesktop.org/xorg/xserver
MR: 108223,
Type: Security Fix
Disposition: Backport from 
https://gitlab.freedesktop.org/xorg/xserver/-/commit/446ff2d3177087b8173fa779fa5b77a2a128988b
 and 
https://gitlab.freedesktop.org/xorg/xserver/-/commit/87c64fc5b0db9f62f4e361444f4b60501ebf67b9
ChangeID: 496c2a2d80e4f8fff9b0d3148fca70c090cec31e
Description:

affects < 1.20.10
Fixes CVE-2020-14360 and  CVE-2020-25712

Signed-off-by: Armin Kuster 
Signed-off-by: Steve Sakoman 
---
 .../xserver-xorg/CVE-2020-14360.patch | 132 ++
 .../xserver-xorg/CVE-2020-25712.patch | 102 ++
 .../xorg-xserver/xserver-xorg_1.20.8.bb   |   2 +
 3 files changed, 236 insertions(+)
 create mode 100644 
meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14360.patch
 create mode 100644 
meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-25712.patch

diff --git 
a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14360.patch 
b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14360.patch
new file mode 100644
index 00..e9ab42742e
--- /dev/null
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14360.patch
@@ -0,0 +1,132 @@
+From 446ff2d3177087b8173fa779fa5b77a2a128988b Mon Sep 17 00:00:00 2001
+From: Matthieu Herrb 
+Date: Thu, 12 Nov 2020 19:15:07 +0100
+Subject: [PATCH] Check SetMap request length carefully.
+
+Avoid out of bounds memory accesses on too short request.
+
+ZDI-CAN 11572 /  CVE-2020-14360
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+
+Signed-off-by: Matthieu Herrb 
+
+Upstream-Status: Backport 
+https://gitlab.freedesktop.org/xorg/xserver/-/commit/446ff2d3177087b8173fa779fa5b77a2a128988b
+CVE: CVE-2020-14360
+Signed-off-by: Armin Kuster 
+---
+ xkb/xkb.c | 92 +++
+ 1 file changed, 92 insertions(+)
+
+Index: xorg-server-1.20.8/xkb/xkb.c
+===
+--- xorg-server-1.20.8.orig/xkb/xkb.c
 xorg-server-1.20.8/xkb/xkb.c
+@@ -2382,6 +2382,93 @@ SetVirtualModMap(XkbSrvInfoPtr xkbi,
+ return (char *) wire;
+ }
+ 
++#define _add_check_len(new) \
++if (len > UINT32_MAX - (new) || len > req_len - (new)) goto bad; \
++else len += new
++
++/**
++ * Check the length of the SetMap request
++ */
++static int
++_XkbSetMapCheckLength(xkbSetMapReq *req)
++{
++size_t len = sz_xkbSetMapReq, req_len = req->length << 2;
++xkbKeyTypeWireDesc *keytype;
++xkbSymMapWireDesc *symmap;
++BOOL preserve;
++int i, map_count, nSyms;
++
++if (req_len < len)
++goto bad;
++/* types */
++if (req->present & XkbKeyTypesMask) {
++keytype = (xkbKeyTypeWireDesc *)(req + 1);
++for (i = 0; i < req->nTypes; i++) {
++_add_check_len(XkbPaddedSize(sz_xkbKeyTypeWireDesc));
++if (req->flags & XkbSetMapResizeTypes) {
++_add_check_len(keytype->nMapEntries
++   * sz_xkbKTSetMapEntryWireDesc);
++preserve = keytype->preserve;
++map_count = keytype->nMapEntries;
++if (preserve) {
++_add_check_len(map_count * sz_xkbModsWireDesc);
++}
++keytype += 1;
++keytype = (xkbKeyTypeWireDesc *)
++  ((xkbKTSetMapEntryWireDesc *)keytype + map_count);
++if (preserve)
++keytype = (xkbKeyTypeWireDesc *)
++  ((xkbModsWireDesc *)keytype + map_count);
++}
++}
++}
++/* syms */
++if (req->present & XkbKeySymsMask) {
++symmap = (xkbSymMapWireDesc *)((char *)req + len);
++for (i = 0; i < req->nKeySyms; i++) {
++_add_check_len(sz_xkbSymMapWireDesc);
++nSyms = symmap->nSyms;
++_add_check_len(nSyms*sizeof(CARD32));
++symmap += 1;
++symmap = (xkbSymMapWireDesc *)((CARD32 *)symmap + nSyms);
++}
++}
++/* actions */
++if (req->present & XkbKeyActionsMask) {
++_add_check_len(req->totalActs * sz_xkbActionWireDesc 
++   + XkbPaddedSize(req->nKeyActs));
++}
++/* behaviours */
++if (req->present & XkbKeyBehaviorsMask) {
++_add_check_len(req->totalKeyBehaviors * sz_xkbBehaviorWireDesc);
++}
++/* vmods */
++if (req->present & XkbVirtualModsMask) {
++_add_check_len(XkbPaddedSize(Ones(req->virtualMods)));
++}
++/* explicit */
++if (req->present & XkbExplicitComponentsMask) {
++/* two bytes per non-zero explicit componen */
++_add_check_len(XkbPaddedSize(req->totalKeyExplicit * sizeof(CARD16)));
++}
++/* modmap */
++if (req->present & XkbModifierMapMask) {
++ /* two bytes per non-zero modmap component */
++

[OE-core][dunfell 7/9] go: Exclude CVE-2021-29923 from report list

[Steve Sakoman]

From: Richard Purdie 

Upstream don't believe it is a signifiant real world issue and will only
fix in 1.17 onwards. Therefore exclude it from our reports.

https://github.com/golang/go/issues/30999#issuecomment-910470358

Signed-off-by: Richard Purdie 
(cherry picked from commit 5bd5faf0c34b47b2443975d66b71482d2380a01a)
Signed-off-by: Steve Sakoman 
---
 meta/recipes-devtools/go/go-1.14.inc | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/meta/recipes-devtools/go/go-1.14.inc 
b/meta/recipes-devtools/go/go-1.14.inc
index 3dfd671d11..50136ca841 100644
--- a/meta/recipes-devtools/go/go-1.14.inc
+++ b/meta/recipes-devtools/go/go-1.14.inc
@@ -19,3 +19,9 @@ SRC_URI += "\
 "
 SRC_URI_append_libc-musl = " 
file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch"
 SRC_URI[main.sha256sum] = 
"7ed13b2209e54a451835997f78035530b331c5b6943cdcd68a3d815fdc009149"
+
+# Upstream don't believe it is a signifiant real world issue and will only
+# fix in 1.17 onwards where we can drop this.
+# https://github.com/golang/go/issues/30999#issuecomment-910470358
+CVE_CHECK_WHITELIST += "CVE-2021-29923"
+
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#155926): 
https://lists.openembedded.org/g/openembedded-core/message/155926
Mute This Topic: https://lists.openembedded.org/mt/85510119/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 6/9] flex: Add CVE-2019-6293 to exclusions for checks

[Steve Sakoman]

From: Richard Purdie 

CVE is effectively disputed - yes there is stack exhaustion but no bug and it
is building the parser, not running it, effectively similar to a compiler ICE.
Upstream no plans to address and there is no security issue.

https://github.com/westes/flex/issues/414

Signed-off-by: Richard Purdie 
(cherry picked from commit 0cae5d7a24bedf6784781b62cbb3795a44bab4d1)
Signed-off-by: Steve Sakoman 
---
 meta/conf/distro/include/cve-extra-exclusions.inc | 4 
 meta/recipes-devtools/flex/flex_2.6.4.bb  | 5 +
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/meta/conf/distro/include/cve-extra-exclusions.inc 
b/meta/conf/distro/include/cve-extra-exclusions.inc
index cf07acce1d..a6f52b5de7 100644
--- a/meta/conf/distro/include/cve-extra-exclusions.inc
+++ b/meta/conf/distro/include/cve-extra-exclusions.inc
@@ -61,10 +61,6 @@ CVE_CHECK_WHITELIST += "CVE-2020-29509 CVE-2020-29511"
 # There was a proposed patch 
https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html
 # however qemu maintainers are sure the patch is incorrect and should not be 
applied.
 
-# flex:flex-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-6293
-# Upstream bug, still open: https://github.com/westes/flex/issues/414
-# Causes memory exhaustion so potential DoS but no buffer overflow, low 
priority
-
 # wget https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31879
 # https://mail.gnu.org/archive/html/bug-wget/2021-02/msg2.html
 # No response upstream as of 2021/5/12
diff --git a/meta/recipes-devtools/flex/flex_2.6.4.bb 
b/meta/recipes-devtools/flex/flex_2.6.4.bb
index 1d43d2228a..50d3bf8de1 100644
--- a/meta/recipes-devtools/flex/flex_2.6.4.bb
+++ b/meta/recipes-devtools/flex/flex_2.6.4.bb
@@ -26,6 +26,11 @@ SRC_URI[sha256sum] = 
"e87aae032bf07c26f85ac0ed3250998c37621d95f8bd748b31f15b33c4
 UPSTREAM_CHECK_URI = "https://github.com/westes/flex/releases;
 UPSTREAM_CHECK_REGEX = "flex-(?P\d+(\.\d+)+)\.tar"
 
+# Disputed - yes there is stack exhaustion but no bug and it is building the
+# parser, not running it, effectively similar to a compiler ICE. Upstream no 
plans to address
+# https://github.com/westes/flex/issues/414
+CVE_CHECK_WHITELIST += "CVE-2019-6293"
+
 inherit autotools gettext texinfo ptest
 
 M4 = "${bindir}/m4"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#155925): 
https://lists.openembedded.org/g/openembedded-core/message/155925
Mute This Topic: https://lists.openembedded.org/mt/85510117/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 5/9] dbus: upgrade 1.12.18 -> 1.12.20

[Steve Sakoman]

From: Wang Mingyu 

Source: https://git.openembedded.org/openembedded-core
MR: 108825
Type: Security Fix
Disposition: Backport from 
https://git.openembedded.org/openembedded-core/commit/meta/recipes-core/dbus?id=bfaef91e77cd54e4f642e966903aac3f3291c325
ChangeID: bfaef91e77cd54e4f642e966903aac3f3291c325
Description:

Bugz only update
Includes fix for CVE-2020-35512

ab88811768 (HEAD, tag: dbus-1.12.20) v1.12.20
5757fd5480 Update NEWS
f3b2574f0c userdb: Reference-count DBusUserInfo, DBusGroupInfo <- cve fix
37b36d49a6 userdb: Make lookups return a const pointer
732284d530 Solaris and derivatives do not adjust cmsg_len on MSG_CTRUNC
1f8c42c7cd Start 1.12.20 development

(From OE-Core rev: bfaef91e77cd54e4f642e966903aac3f3291c325)

Signed-off-by: Wang Mingyu 
Signed-off-by: Richard Purdie 
(cherry picked from commit bfaef91e77cd54e4f642e966903aac3f3291c325)
Signed-off-by: Armin Kuster 
Signed-off-by: Steve Sakoman 
---
 .../dbus/{dbus-test_1.12.18.bb => dbus-test_1.12.20.bb}   | 0
 meta/recipes-core/dbus/dbus.inc   | 4 ++--
 meta/recipes-core/dbus/{dbus_1.12.18.bb => dbus_1.12.20.bb}   | 0
 3 files changed, 2 insertions(+), 2 deletions(-)
 rename meta/recipes-core/dbus/{dbus-test_1.12.18.bb => dbus-test_1.12.20.bb} 
(100%)
 rename meta/recipes-core/dbus/{dbus_1.12.18.bb => dbus_1.12.20.bb} (100%)

diff --git a/meta/recipes-core/dbus/dbus-test_1.12.18.bb 
b/meta/recipes-core/dbus/dbus-test_1.12.20.bb
similarity index 100%
rename from meta/recipes-core/dbus/dbus-test_1.12.18.bb
rename to meta/recipes-core/dbus/dbus-test_1.12.20.bb
diff --git a/meta/recipes-core/dbus/dbus.inc b/meta/recipes-core/dbus/dbus.inc
index 3bdb7ea4ff..dcbcc0a9d6 100644
--- a/meta/recipes-core/dbus/dbus.inc
+++ b/meta/recipes-core/dbus/dbus.inc
@@ -10,8 +10,8 @@ SRC_URI = 
"https://dbus.freedesktop.org/releases/dbus/dbus-${PV}.tar.gz \
file://clear-guid_from_server-if-send_negotiate_unix_f.patch \
 "
 
-SRC_URI[md5sum] = "4ca570c281be35d0b30ab83436712242"
-SRC_URI[sha256sum] = 
"64cf4d70840230e5e9bc784d153880775ab3db19d656ead8a0cb9c0ab5a95306"
+SRC_URI[md5sum] = "dfe8a71f412e0b53be26ed4fbfdc91c4"
+SRC_URI[sha256sum] = 
"f77620140ecb4cdc67f37fb444f8a6bea70b5b6461f12f1cbe2cec60fa7de5fe"
 
 EXTRA_OECONF = "--disable-xml-docs \
 --disable-doxygen-docs \
diff --git a/meta/recipes-core/dbus/dbus_1.12.18.bb 
b/meta/recipes-core/dbus/dbus_1.12.20.bb
similarity index 100%
rename from meta/recipes-core/dbus/dbus_1.12.18.bb
rename to meta/recipes-core/dbus/dbus_1.12.20.bb
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#155924): 
https://lists.openembedded.org/g/openembedded-core/message/155924
Mute This Topic: https://lists.openembedded.org/mt/85510113/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 4/9] dbus,dbus-test: Move common parts to dbus.inc

[Steve Sakoman]

From: Ovidiu Panait 

dbus and dbus-test share the same source code and base configuration options,
so factor out the common parts into dbus.inc.

This way we can eliminate the need to keep the two recipes in sync. When they
are not properly in sync (e.g. when dbus recipe has extra patches/config
options that are not duplicated in dbus-test) ptest testsuite will actually
test a slightly different codebase. This is due to the fact that dbus-test does
not run the testsuite against the system libdbus library, but instead it
generates a local libdbus.so that needs to configured/compiled as close as
possible to the system one.

(From OE-Core rev: 1cde2935526d2eec7d6b17a6c622647b0c132439)

Signed-off-by: Ovidiu Panait 
Signed-off-by: Richard Purdie 
(cherry picked from commit 44ae5d8d6f26fda4ab1a3fef9fc49d74e4ac89f0)
Signed-off-by: Armin Kuster 
Signed-off-by: Steve Sakoman 
---
 meta/recipes-core/dbus/dbus-test_1.12.18.bb | 38 +---
 meta/recipes-core/dbus/dbus.inc | 34 ++
 meta/recipes-core/dbus/dbus_1.12.18.bb  | 39 +++--
 3 files changed, 47 insertions(+), 64 deletions(-)
 create mode 100644 meta/recipes-core/dbus/dbus.inc

diff --git a/meta/recipes-core/dbus/dbus-test_1.12.18.bb 
b/meta/recipes-core/dbus/dbus-test_1.12.18.bb
index 68fcdc847f..755c841bad 100644
--- a/meta/recipes-core/dbus/dbus-test_1.12.18.bb
+++ b/meta/recipes-core/dbus/dbus-test_1.12.18.bb
@@ -1,53 +1,31 @@
 SUMMARY = "D-Bus test package (for D-bus functionality testing only)"
 HOMEPAGE = "http://dbus.freedesktop.org;
 SECTION = "base"
-LICENSE = "AFL-2.1 | GPLv2+"
-LIC_FILES_CHKSUM = "file://COPYING;md5=10dded3b58148f3f1fd804b26354af3e \
-
file://dbus/dbus.h;beginline=6;endline=20;md5=7755c9d7abccd5dbd25a6a974538bb3c"
 
-DEPENDS = "dbus glib-2.0"
+require dbus.inc
 
-RDEPENDS_${PN}-dev = ""
+SRC_URI += "file://run-ptest \
+file://python-config.patch \
+   "
 
-SRC_URI = "http://dbus.freedesktop.org/releases/dbus/dbus-${PV}.tar.gz \
-   file://tmpdir.patch \
-   file://run-ptest \
-   file://python-config.patch \
-   file://clear-guid_from_server-if-send_negotiate_unix_f.patch \
-   "
+DEPENDS = "dbus glib-2.0"
 
-SRC_URI[md5sum] = "4ca570c281be35d0b30ab83436712242"
-SRC_URI[sha256sum] = 
"64cf4d70840230e5e9bc784d153880775ab3db19d656ead8a0cb9c0ab5a95306"
+RDEPENDS_${PN}-dev = ""
 
 S="${WORKDIR}/dbus-${PV}"
 FILESEXTRAPATHS =. "${FILE_DIRNAME}/dbus:"
 
-inherit autotools pkgconfig gettext ptest upstream-version-is-even
+inherit ptest
 
-EXTRA_OECONF = "--enable-tests \
+EXTRA_OECONF += "--enable-tests \
 --enable-modular-tests \
 --enable-installed-tests \
 --enable-checks \
 --enable-asserts \
---enable-largefile \
---disable-xml-docs \
---disable-doxygen-docs \
---disable-libaudit \
 --with-dbus-test-dir=${PTEST_PATH} \
 --enable-embedded-tests \
  "
 
-EXTRA_OECONF_append_class-target = " SYSTEMCTL=${base_bindir}/systemctl"
-
-PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd x11', d)}"
-PACKAGECONFIG_class-native = ""
-PACKAGECONFIG_class-nativesdk = ""
-
-PACKAGECONFIG[systemd] = "--enable-systemd 
--with-systemdsystemunitdir=${systemd_system_unitdir},--disable-systemd 
--without-systemdsystemunitdir,systemd"
-PACKAGECONFIG[x11] = "--with-x --enable-x11-autolaunch,--without-x 
--disable-x11-autolaunch, virtual/libx11 libsm"
-PACKAGECONFIG[user-session] = "--enable-user-session 
--with-systemduserunitdir=${systemd_user_unitdir},--disable-user-session"
-PACKAGECONFIG[verbose-mode] = "--enable-verbose-mode,,,"
-
 do_install() {
 :
 }
diff --git a/meta/recipes-core/dbus/dbus.inc b/meta/recipes-core/dbus/dbus.inc
new file mode 100644
index 00..3bdb7ea4ff
--- /dev/null
+++ b/meta/recipes-core/dbus/dbus.inc
@@ -0,0 +1,34 @@
+inherit autotools pkgconfig gettext upstream-version-is-even
+
+LICENSE = "AFL-2.1 | GPLv2+"
+LIC_FILES_CHKSUM = "file://COPYING;md5=10dded3b58148f3f1fd804b26354af3e \
+
file://dbus/dbus.h;beginline=6;endline=20;md5=7755c9d7abccd5dbd25a6a974538bb3c"
+
+SRC_URI = "https://dbus.freedesktop.org/releases/dbus/dbus-${PV}.tar.gz \
+   file://tmpdir.patch \
+   file://dbus-1.init \
+   file://clear-guid_from_server-if-send_negotiate_unix_f.patch \
+"
+
+SRC_URI[md5sum] = "4ca570c281be35d0b30ab83436712242"
+SRC_URI[sha256sum] = 
"64cf4d70840230e5e9bc784d153880775ab3db19d656ead8a0cb9c0ab5a95306"
+
+EXTRA_OECONF = "--disable-xml-docs \
+--disable-doxygen-docs \
+--disable-libaudit \
+--enable-largefile \
+--with-system-socket=/run/dbus/system_bus_socket \
+"
+EXTRA_OECONF_append_class-target = " SYSTEMCTL=${base_bindir}/systemctl"
+EXTRA_OECONF_append_class-native = " 

[OE-core][dunfell 3/9] dbus-test: Remove EXTRA_OECONF_X configs

[Steve Sakoman]

From: Ovidiu Panait 

X specific configs are already handled through PACKAGECONFIG:
PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd x11', d)}"
...
PACKAGECONFIG[x11] = "--with-x --enable-x11-autolaunch,--without-x
  --disable-x11-autolaunch, virtual/libx11 libsm"

Remove duplicated EXTRA_OECONF_X args.

(From OE-Core rev: 7dc107b05a29f8a3e8903d73f84ef8069f68af6f)

Signed-off-by: Ovidiu Panait 
Signed-off-by: Richard Purdie 
(cherry picked from commit 036e3436e51a44de3fc9b4b8e5b1ff149e3aaa9d)
Signed-off-by: Armin Kuster 
Signed-off-by: Steve Sakoman 
---
 meta/recipes-core/dbus/dbus-test_1.12.18.bb | 4 
 1 file changed, 4 deletions(-)

diff --git a/meta/recipes-core/dbus/dbus-test_1.12.18.bb 
b/meta/recipes-core/dbus/dbus-test_1.12.18.bb
index 0063dcce67..68fcdc847f 100644
--- a/meta/recipes-core/dbus/dbus-test_1.12.18.bb
+++ b/meta/recipes-core/dbus/dbus-test_1.12.18.bb
@@ -24,9 +24,6 @@ FILESEXTRAPATHS =. "${FILE_DIRNAME}/dbus:"
 
 inherit autotools pkgconfig gettext ptest upstream-version-is-even
 
-EXTRA_OECONF_X = "${@bb.utils.contains('DISTRO_FEATURES', 'x11', '--with-x', 
'--without-x', d)}"
-EXTRA_OECONF_X_class-native = "--without-x"
-
 EXTRA_OECONF = "--enable-tests \
 --enable-modular-tests \
 --enable-installed-tests \
@@ -37,7 +34,6 @@ EXTRA_OECONF = "--enable-tests \
 --disable-doxygen-docs \
 --disable-libaudit \
 --with-dbus-test-dir=${PTEST_PATH} \
-${EXTRA_OECONF_X} \
 --enable-embedded-tests \
  "
 
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#155917): 
https://lists.openembedded.org/g/openembedded-core/message/155917
Mute This Topic: https://lists.openembedded.org/mt/85510104/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 4/4] linux-yocto/5.10: update to v5.10.63

[Bruce Ashfield]

From: Bruce Ashfield 

Updating linux-yocto/5.10 to the latest korg -stable release that comprises
the following commits:

e07f317d5a28 Linux 5.10.63
4405ea221dea media: stkwebcam: fix memory leak in stk_camera_probe
ad5e13f15db7 fuse: fix illegal access to inode with reused nodeid
40ba433a85db new helper: inode_wrong_type()
ded9137fcf0d spi: Switch to signed types for *_native_cs SPI controller 
fields
55bb5193cec5 serial: 8250: 8250_omap: Fix possible array out of bounds 
access
8e41134a92a5 ALSA: pcm: fix divide error in snd_pcm_lib_ioctl
4ffde17862b0 ALSA: hda/realtek: Workaround for conflicting SSID on ASUS ROG 
Strix G17
4ee2686b3745 ALSA: hda/realtek: Quirk for HP Spectre x360 14 amp setup
2808d59fb29b cryptoloop: add a deprecation warning
61a038f80c80 perf/x86/amd/power: Assign pmu.module
ec9a82e034f6 perf/x86/amd/ibs: Work around erratum #1197
23c29490b84d ceph: fix possible null-pointer dereference in 
ceph_mdsmap_decode()
d2064a1444d6 perf/x86/intel/pt: Fix mask of num_address_ranges
0e74bba60452 qede: Fix memset corruption
35f223cb21b1 net: macb: Add a NULL check on desc_ptp
cf50d02e474b qed: Fix the VF msix vectors flow
2177c4943e40 reset: reset-zynqmp: Fixed the argument data type
9872349b088d gpu: ipu-v3: Fix i.MX IPU-v3 offset calculations for 
(semi)planar U/V formats
b983d60292a6 ARM: OMAP1: ams-delta: remove unused function 
ams_delta_camera_power
bc860c3f0945 xtensa: fix kconfig unmet dependency warning for 
HAVE_FUTEX_CMPXCHG
b1075d2a7052 static_call: Fix unused variable warn w/o MODULE
ae16b7c66837 Revert "Add a reference to ucounts for each cred"
1aa3f27e592d Revert "cred: add missing return error code when 
set_cred_ucounts() failed"
0c1443874e1c Revert "ucounts: Increase ucounts reference counter before the 
security hook"
0479b2bd2959 ubifs: report correct st_size for encrypted symlinks
3ac01789f6d9 f2fs: report correct st_size for encrypted symlinks
894a02236d0d ext4: report correct st_size for encrypted symlinks
b8c298cf57dc fscrypt: add fscrypt_symlink_getattr() for computing st_size
09a379549620 ext4: fix race writing to an inline_data file while its xattrs 
are changing
f6dd002450bf Linux 5.10.62
0c9a876f2897 bpf: Fix potentially incorrect results with 
bpf_get_local_storage()
38c1915d3e9f audit: move put_tree() to avoid trim_trees refcount underflow 
and UAF
1890ee7ff87f net: don't unconditionally copy_from_user a struct ifreq for 
socket ioctls
0085646e02b2 Revert "parisc: Add assembly implementations for memset, 
strlen, strcpy, strncpy and strcat"
17982c664f8b Revert "floppy: reintroduce O_NDELAY fix"
709c162ddc83 kthread: Fix PF_KTHREAD vs to_kthread() race
c43add24dffd btrfs: fix NULL pointer dereference when deleting device by 
invalid id
1604c42a1ca9 arm64: dts: qcom: msm8994-angler: Fix gpio-reserved-ranges 
85-88
f760c1101f52 lkdtm: Enable DOUBLE_FAULT on all architectures
b6c657abb893 net: dsa: mt7530: fix VLAN traffic leaks again
f8242f554c82 usb: typec: ucsi: Clear pending after acking connector change
e15e32d519fa usb: typec: ucsi: Work around PPM losing change information
08953884aad4 usb: typec: ucsi: acpi: Always decode connector change 
information
9a4f1dc8a17c tracepoint: Use rcu get state and cond sync for static call 
updates
b6ae3854075e srcu: Provide polling interfaces for Tiny SRCU grace periods
450948b06ce8 srcu: Make Tiny SRCU use multi-bit grace-period counter
641e1d88404a srcu: Provide internal interface to start a Tiny SRCU grace 
period
f789de3be808 srcu: Provide polling interfaces for Tree SRCU grace periods
fdf66e5a7fc8 srcu: Provide internal interface to start a Tree SRCU grace 
period
d3c38d8549c0 powerpc/perf: Invoke per-CPU variable access with disabled 
interrupts
77b77d45a4b1 perf annotate: Fix jump parsing for C++ code.
9f9e40ddfca3 perf tools: Fix arm64 build error with gcc-11
94687c49b65b perf record: Fix memory leak in vDSO found using ASAN
e0ca67030fda perf symbol-elf: Fix memory leak by freeing sdt_note.args
0d8e39bb9416 perf env: Fix memory leak of bpf_prog_info_linear member
133d7f93eecd riscv: Fixup patch_text panic in ftrace
7e2087249e87 riscv: Fixup wrong ftrace remove cflag
b42fde92cdde Bluetooth: btusb: check conditions before enabling USB ALT 3 
for WBS
60d69cb4e60d vt_kdsetmode: extend console locking
0a178a015161 tipc: call tipc_wait_for_connect only when dlen is not 0
ded6da217ced mtd: spinand: Fix incorrect parameters for on-die ECC
3b2018f9c9c0 pipe: do FASYNC notifications for every pipe IO, not just 
state changes
e91da23c1be1 pipe: avoid unnecessary EPOLLET wakeups under normal loads
d845f89d59fc btrfs: fix race between marking inode needs to be logged and 
log syncing
6f38d95f33be net/rds: dma_map_sg is entitled to merge entries
b882dda2bf7a 

[OE-core] [PATCH 3/4] linux-yocto/5.10: update to v5.10.61

[Bruce Ashfield]

From: Bruce Ashfield 

Updating linux-yocto/5.10 to the latest korg -stable release that comprises
the following commits:

452ea6a15ed2 Linux 5.10.61
f15e64267393 io_uring: only assign io_uring_enter() SQPOLL error in actual 
error case
695ab28a7fa1 io_uring: fix xa_alloc_cycle() error return value check
0d5fcfc6406e fs: warn about impending deprecation of mandatory locks
8132fc2bf4b7 mm: memcontrol: fix occasional OOMs due to proportional 
memory.low reclaim
53e81668e119 ASoC: intel: atom: Fix breakage for PCM buffer address setup
88f65f57a0b9 ALSA: hda/realtek: Limit mic boost on HP ProBook 445 G8
b6672f67ec28 PCI: Increase D3 delay for AMD Renoir/Cezanne XHCI
a69326e134d4 s390/pci: fix use after free of zpci_dev
05b56e05543c ALSA: hda/via: Apply runtime PM workaround for ASUS B23E
67fece6289a9 btrfs: prevent rename2 from exchanging a subvol with a 
directory from different parents
16cfa72766b5 mmc: sdhci-iproc: Set SDHCI_QUIRK_CAP_CLOCK_BASE_BROKEN on 
BCM2711
2566c1d8239d mmc: sdhci-iproc: Cap min clock frequency on BCM2711
110b7f72f6d0 ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 
9510 laptop
258782b93701 ipack: tpci200: fix memory leak in the tpci200_register
3ee1b08097c1 ipack: tpci200: fix many double free issues in 
tpci200_pci_probe
0775bc462ae7 slimbus: ngd: reset dma setup during runtime pm
45d6fc21cd4d slimbus: messaging: check for valid transaction id
b700b523ddaf slimbus: messaging: start transaction ids from 1 instead of 
zero
bd0c2f83d072 tracing / histogram: Fix NULL pointer dereference on strcmp() 
on NULL event name
f7c125493c78 ALSA: hda - fix the 'Capture Switch' value change notifications
7451c309c7a3 clk: qcom: gdsc: Ensure regulator init state matches GDSC state
7203b4986d9a clk: imx6q: fix uart earlycon unwork
3f8920c5706e mmc: sdhci-msm: Update the software timeout value for sdhc
8f499a90e7ee mmc: mmci: stm32: Check when the voltage switch procedure 
should be done
f8dac276a9b4 mmc: dw_mmc: Fix hang on data CRC error
645fd92c3ed4 Revert "flow_offload: action should not be NULL when it is 
referenced"
2f6c42806e10 iavf: Fix ping is lost after untrusted VF had tried to change 
MAC
7873c29832a3 i40e: Fix ATR queue selection
e003a8921949 r8152: fix writing USB_BP2_EN
21ca0b18ad64 iommu/vt-d: Fix incomplete cache flush in 
intel_pasid_tear_down_entry()
81578e587c08 iommu/vt-d: Consolidate duplicate cache invaliation code
eee84eafc3bb ovs: clear skb->tstamp in forwarding path
47a1161dacb1 net: mdio-mux: Handle -EPROBE_DEFER correctly
13af9c81e62f net: mdio-mux: Don't ignore memory allocation errors
df61235881c8 sch_cake: fix srchost/dsthost hashing mode
e1ec5858bae1 ixgbe, xsk: clean up the resources in ixgbe_xsk_pool_enable 
error path
3b7397b203cc net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32
9bc2d1a5a890 virtio-net: use NETIF_F_GRO_HW instead of NETIF_F_LRO
b7adfde94930 virtio-net: support XDP when not more queues
1ce62fe6e4cb vrf: Reset skb conntrack connection on VRF rcv
8ae539a36194 bnxt_en: Add missing DMA memory barriers
9751aa443695 bnxt_en: Disable aRFS if running on 212 firmware
efd9b79b92a3 ptp_pch: Restore dependency on PCI
85e0518f181a net: 6pack: fix slab-out-of-bounds in decode_data
e0ae16836027 bnxt: count Tx drops
296fe765dd02 bnxt: make sure xmit_more + errors does not miss doorbells
d913d5cc3ba5 bnxt: disable napi before canceling DIM
5b24ae8f05ca bnxt: don't lock the tx queue from napi poll
585ff7344ec1 bpf: Clear zext_dst of dead insns
8dfdeeb1e98e drm/mediatek: Add AAL output size configuration
a8b8d61babb4 drm/mediatek: Fix aal size config
6715cefa72f6 soc / drm: mediatek: Move DDP component defines into 
mtk-mmsys.h
1b6fc6f739d4 vdpa/mlx5: Avoid destroying MR on empty iotlb
ecdd7c488062 vhost: Fix the calculation in vhost_overflow()
e0b603c89a93 bus: ti-sysc: Fix error handling for sysc_check_active_timer()
1af7ccbd920a vhost-vdpa: Fix integer overflow in 
vhost_vdpa_process_iotlb_update()
293180f59342 virtio: Protect vqs list access
9108120fbe31 dccp: add do-while-0 stubs for dccp_pr_debug macros
e352531ed020 cpufreq: armada-37xx: forbid cpufreq for 1.2 GHz variant
d2ab5491de91 iommu: Check if group is NULL before remove device
44f454a146c0 arm64: dts: qcom: msm8992-bullhead: Remove PSCI
95ed753d91bf arm64: dts: qcom: c630: fix correct powerdown pin for WSA881x
d7d04c67492e Bluetooth: hidp: use correct wait queue when removing ctrl_wait
2e6cc93e1b8c drm/amd/display: workaround for hard hang on HPD on native DP
dcc8c5fb8d85 drm/amd/display: Fix Dynamic bpp issue with 8K30 with Navi 1X
8849a8c7058e net: usb: lan78xx: don't modify phy_device state concurrently
735e613fa587 net: usb: pegasus: Check the return value of get_geristers() 
and friends;
6b368411bc0f ARM: 

[OE-core] [PATCH 2/4] linux-yocto/5.13: update to v5.13.15

[Bruce Ashfield]

From: Bruce Ashfield 

Updating linux-yocto/5.13 to the latest korg -stable release that comprises
the following commits:

b8c3cc76091b Linux 5.13.15
2f939f346edb media: stkwebcam: fix memory leak in stk_camera_probe
26874d67198b ALSA: pcm: fix divide error in snd_pcm_lib_ioctl
0c9cca4cbd05 ALSA: hda/realtek: Workaround for conflicting SSID on ASUS ROG 
Strix G17
a0bdfbbb6d79 ALSA: usb-audio: Fix regression on Sony WALKMAN NW-A45 DAC
237d4c2abcf8 ALSA: hda/realtek: Quirk for HP Spectre x360 14 amp setup
deb48f56a556 USB: serial: cp210x: fix flow-control error handling
4df3f36f3e43 USB: serial: cp210x: fix control-characters error handling
7dac6a6ae0ec USB: serial: pl2303: fix GL type detection
af64ddb6600f xtensa: fix kconfig unmet dependency warning for 
HAVE_FUTEX_CMPXCHG
391cfacf8c81 cryptoloop: add a deprecation warning
39c6cf24c4ff perf/x86/amd/power: Assign pmu.module
3e3bb99d69a3 perf/x86/amd/ibs: Work around erratum #1197
c7858c55cb5d ceph: fix possible null-pointer dereference in 
ceph_mdsmap_decode()
1ab026cbc7c4 perf/x86/intel/pt: Fix mask of num_address_ranges
610832256fd2 qede: Fix memset corruption
8475b024be01 net: macb: Add a NULL check on desc_ptp
9809b708655a riscv: dts: microchip: Add ethernet0 to the aliases node
b13e2bf00cc2 riscv: dts: microchip: Use 'local-mac-address' for emac1
2aad925a0c8e net: dsa: mv88e6xxx: Update mv88e6393x serdes errata
9bf0c451fc85 qed: Fix the VF msix vectors flow
eb5392205208 reset: reset-zynqmp: Fixed the argument data type
241581af858b gpu: ipu-v3: Fix i.MX IPU-v3 offset calculations for 
(semi)planar U/V formats
b6de6ec37320 ext4: fix e2fsprogs checksum failure for mounted filesystem
c764e8fa4491 ext4: fix race writing to an inline_data file while its xattrs 
are changing
a603798fb168 Linux 5.13.14
49da19a85383 platform/x86: Make dual_accel_detect() KIOX010A + KIOX020A 
detect more robust
4e25ac3793f7 audit: move put_tree() to avoid trim_trees refcount underflow 
and UAF
f8132a4726df net: don't unconditionally copy_from_user a struct ifreq for 
socket ioctls
6b58e692a685 Revert "parisc: Add assembly implementations for memset, 
strlen, strcpy, strncpy and strcat"
9caa2e5a818d ubifs: report correct st_size for encrypted symlinks
7532df5ee085 f2fs: report correct st_size for encrypted symlinks
f04584399d1c ext4: report correct st_size for encrypted symlinks
2bc40caa8099 fscrypt: add fscrypt_symlink_getattr() for computing st_size
ba17363729d2 Revert "floppy: reintroduce O_NDELAY fix"
301aabe0239f btrfs: fix NULL pointer dereference when deleting device by 
invalid id
8e2112d600b2 arm64: dts: qcom: msm8994-angler: Fix gpio-reserved-ranges 
85-88
98d1fcc6c937 net: dsa: mt7530: fix VLAN traffic leaks again
339e8ba1a3d0 Bluetooth: btusb: check conditions before enabling USB ALT 3 
for WBS
a5dfcf3d8ecc vt_kdsetmode: extend console locking
65f5602cd767 tipc: call tipc_wait_for_connect only when dlen is not 0
6b7533e796aa pipe: do FASYNC notifications for every pipe IO, not just 
state changes
4abb1d77321a pipe: avoid unnecessary EPOLLET wakeups under normal loads
eec6f991bf28 arm64: initialize all of CNTHCTL_EL2
c9ecaffe65cb net/rds: dma_map_sg is entitled to merge entries
66d8d0677e4d platform/x86: gigabyte-wmi: add support for B450M S2H V2
b484bcabe66b drm/nouveau/kms/nv50: workaround EFI GOP window channel format 
differences
045f785ad859 drm/nouveau/disp: power down unused DP links during init
4dc8c06fd51e drm/nouveau: recognise GA107
2a0e1f9a62e5 platform/x86: gigabyte-wmi: add support for X570 GAMING X
7e6c3b5c9864 drm: Copy drm_wait_vblank to user before returning
65bafad4556d blk-mq: don't grab rq's refcount in blk_mq_check_expired()
1ae8c1e2dbd7 drm/amd/pm: change the workload type for some cards
19be3ad020b1 Revert "drm/amd/pm: fix workload mismatch on vega10"
e5baac733182 qed: Fix null-pointer dereference in qed_rdma_create_qp()
b6d485eb00e1 qed: qed ll2 race condition fixes
e415d2209567 platform/x86: asus-nb-wmi: Add tablet_mode_sw=lid-flip quirk 
for the TP200s
aa4ad193d83b platform/x86: asus-nb-wmi: Allow configuring SW_TABLET_MODE 
method with a module option
05f085e6 tools/virtio: fix build
2aef43ab6de1 vringh: Use wiov->used to check for read/write desc order
839815ea5f1d virtio_vdpa: reject invalid vq indices
2f18a3c91fde virtio_pci: Support surprise removal of virtio pci device
6c4072f94fab virtio: Improve vq->broken access to avoid any compiler 
optimization
25d4ff7e59aa cpufreq: blocklist Qualcomm sm8150 in cpufreq-dt-platdev
ef3738a60d18 opp: remove WARN when no valid OPPs remain
184caa4f8b83 iwlwifi: add new so-jf devices
eed3c6bb51fe iwlwifi: add new SoF with JF devices
0dabf99c08de iwlwifi: pnvm: accept multiple HW-type TLVs
2fcb7f101fa2 clk: renesas: 

[OE-core] [PATCH 1/4] linux-yocto/5.13: update to v5.13.13

[Bruce Ashfield]

From: Bruce Ashfield 

Updating linux-yocto/5.13 to the latest korg -stable release that comprises
the following commits:

7aeadb5bb82a Linux 5.13.13
2ff626b14003 fs: warn about impending deprecation of mandatory locks
a57b2a703e44 io_uring: fix xa_alloc_cycle() error return value check
515b6124df6a hugetlb: don't pass page cache pages to 
restore_reserve_on_error
371fb63d0926 kfence: fix is_kfence_address() for addresses below 
KFENCE_POOL_SIZE
9690e6ffac0b mm/hwpoison: retry with shake_page() for unhandlable pages
59e5c9ecdeb0 mm,hwpoison: make get_hwpoison_page() call get_any_page()
e4e8c58cc78e mm: memcontrol: fix occasional OOMs due to proportional 
memory.low reclaim
2d1704c3fe30 riscv: Fix a number of free'd resources in init_resources()
8c5beac92d0e ASoC: intel: atom: Fix breakage for PCM buffer address setup
8f4eb032a019 ALSA: hda/realtek: Limit mic boost on HP ProBook 445 G8
59734f7eaaa4 PCI: Increase D3 delay for AMD Renoir/Cezanne XHCI
00609919ec4d powerpc/32s: Fix random crashes by adding isync() after 
locking/unlocking KUEP
33bd5804ac66 powerpc/32s: Refactor update of user segment registers
efe40fdb6d30 powerpc/32s: Move setup_{kuep/kuap}() into {kuep/kuap}.c
534a0bc7c87a usb: typec: tcpm: Fix VDMs sometimes not being forwarded to 
alt-mode drivers
21d6e237bcc2 s390/pci: fix use after free of zpci_dev
fe2edb82e5be ALSA: hda/via: Apply runtime PM workaround for ASUS B23E
41f0262ffb44 tracing: Apply trace filters on all output channels
f7c707f8ec18 btrfs: prevent rename2 from exchanging a subvol with a 
directory from different parents
ddd7fff18986 mmc: sdhci-iproc: Set SDHCI_QUIRK_CAP_CLOCK_BASE_BROKEN on 
BCM2711
f41b4c30fb73 mmc: sdhci-iproc: Cap min clock frequency on BCM2711
70063522ee90 opp: Drop empty-table checks from _put functions
30392f88dace ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 
9510 laptop
da8495661fe9 io_uring: only assign io_uring_enter() SQPOLL error in actual 
error case
501449420a42 io_uring: fix code style problems
606f36948a9a ipack: tpci200: fix memory leak in the tpci200_register
d09bfebbdf22 ipack: tpci200: fix many double free issues in 
tpci200_pci_probe
c1001de019ef slimbus: ngd: reset dma setup during runtime pm
c8f6e68a95c2 slimbus: ngd: set correct device for pm
28b55e58b864 slimbus: messaging: check for valid transaction id
e0e46e209e9d slimbus: messaging: start transaction ids from 1 instead of 
zero
65a4722bb931 tracing / histogram: Fix NULL pointer dereference on strcmp() 
on NULL event name
0ce48083d843 tracing: define needed config DYNAMIC_FTRACE_WITH_ARGS
2152ee71c164 ALSA: hda - fix the 'Capture Switch' value change notifications
8681e95da50b cfi: Use rcu_read_{un}lock_sched_notrace
82d1ea87b9d5 arm64: clean vdso & vdso32 files
03c33905ee88 clk: qcom: gdsc: Ensure regulator init state matches GDSC state
95e5238a2fba clk: imx6q: fix uart earlycon unwork
2fcb62673120 mmc: sdhci-msm: Update the software timeout value for sdhc
87762c77c39f mmc: mmci: stm32: Check when the voltage switch procedure 
should be done
fffcf7fc898a mmc: dw_mmc: Fix hang on data CRC error
7179eac5556e iommu/dma: Fix leak in non-contiguous API
b89542f4a60b net: dpaa2-switch: disable the control interface on error path
5d547d83abb2 Revert "flow_offload: action should not be NULL when it is 
referenced"
260b1eb312a0 iavf: Fix ping is lost after untrusted VF had tried to change 
MAC
ea1cf8a6d966 i40e: Fix ATR queue selection
1d9d64cad2fe PCI/sysfs: Use correct variable for the legacy_mem sysfs object
f21adfddafdf r8152: fix the maximum number of PLA bp for RTL8153C
5809f8d9b7c0 r8152: fix writing USB_BP2_EN
dedbf29c6b36 mptcp: full fully established support after ADD_ADDR
828c3a32238c mptcp: fix memory leak on address flush
11c79e1615a4 net: mscc: ocelot: allow forwarding from bridge ports to the 
tag_8021q CPU port
751f4b539afb drm/amd/display: Use DCN30 watermark calc for DCN301
e0f2d91e0869 drm/i915: Tweaked Wa_14010685332 for all PCHs
678b67771cef drm/i915: Skip display interruption setup when display is not 
available
936eca018fee iommu/vt-d: Fix incomplete cache flush in 
intel_pasid_tear_down_entry()
4e4f3cb41d68 net: usb: asix: refactor asix_read_phy_addr() and handle 
errors on return
cf4c1661c40e ovs: clear skb->tstamp in forwarding path
9581895b37fe net: mdio-mux: Handle -EPROBE_DEFER correctly
b2973b87ba11 net: mdio-mux: Don't ignore memory allocation errors
0e805b74cd13 sch_cake: fix srchost/dsthost hashing mode
ac161cf77818 ixgbe, xsk: clean up the resources in ixgbe_xsk_pool_enable 
error path
7af09aeddbae net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32
39af3583c8fb mac80211: fix locking in ieee80211_restart_work()
0de9c4de5ca1 virtio-net: use NETIF_F_GRO_HW instead of NETIF_F_LRO
  

[OE-core] [PATCH 0/4] kernel-yocto: -stable updates

[Bruce Ashfield]

From: Bruce Ashfield 

Richard,

Here are the latest -stable updates for the active kernels. Nothing jumped
out as particularly risky.

I've kept the updates separeate on purpose, since they represent a test
point and a known good state. Which will come in handy if something does pop
up during integration runs.

I'll follow up with bumps to the h/w reference BSPs shortly.

Bruce

The following changes since commit fd9c3a5a14fb54268707f6ece6a5fa11e4378200:

  bitbake: runqueue: Fix issues with multiconfig deferred task deadlock 
messages (2021-09-08 15:33:14 +0100)

are available in the Git repository at:

  git://git.yoctoproject.org/poky-contrib zedd/kernel
  http://git.yoctoproject.org/cgit.cgi/poky-contrib/log/?h=zedd/kernel

Bruce Ashfield (4):
  linux-yocto/5.13: update to v5.13.13
  linux-yocto/5.13: update to v5.13.15
  linux-yocto/5.10: update to v5.10.61
  linux-yocto/5.10: update to v5.10.63

 .../linux/linux-yocto-rt_5.10.bb  |  4 ++--
 .../linux/linux-yocto-rt_5.13.bb  |  4 ++--
 .../linux/linux-yocto-tiny_5.10.bb|  6 ++---
 .../linux/linux-yocto-tiny_5.13.bb|  6 ++---
 meta/recipes-kernel/linux/linux-yocto_5.10.bb | 22 -
 meta/recipes-kernel/linux/linux-yocto_5.13.bb | 24 +--
 6 files changed, 33 insertions(+), 33 deletions(-)

-- 
2.19.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#155918): 
https://lists.openembedded.org/g/openembedded-core/message/155918
Mute This Topic: https://lists.openembedded.org/mt/85510105/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 2/9] dbus-test: upgrade 1.12.16 -> 1.12.18

[Steve Sakoman]

From: Wang Mingyu 

(From OE-Core rev: 839695e0c1b0c0fcfbb924c2b174c4a638067a32)

Signed-off-by: Wang Mingyu 
Signed-off-by: Richard Purdie 
(cherry picked from commit 5cbf053481642a820b9f4c6bed9ac79246719087)
Signed-off-by: Armin Kuster 
Signed-off-by: Steve Sakoman 
---
 .../dbus/{dbus-test_1.12.16.bb => dbus-test_1.12.18.bb}   | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename meta/recipes-core/dbus/{dbus-test_1.12.16.bb => dbus-test_1.12.18.bb} 
(95%)

diff --git a/meta/recipes-core/dbus/dbus-test_1.12.16.bb 
b/meta/recipes-core/dbus/dbus-test_1.12.18.bb
similarity index 95%
rename from meta/recipes-core/dbus/dbus-test_1.12.16.bb
rename to meta/recipes-core/dbus/dbus-test_1.12.18.bb
index bea0e74ed0..0063dcce67 100644
--- a/meta/recipes-core/dbus/dbus-test_1.12.16.bb
+++ b/meta/recipes-core/dbus/dbus-test_1.12.18.bb
@@ -16,8 +16,8 @@ SRC_URI = 
"http://dbus.freedesktop.org/releases/dbus/dbus-${PV}.tar.gz \
file://clear-guid_from_server-if-send_negotiate_unix_f.patch \
"
 
-SRC_URI[md5sum] = "2dbeae80dfc9e3632320c6a53d5e8890"
-SRC_URI[sha256sum] = 
"54a22d2fa42f2eb2a871f32811c6005b531b9613b1b93a0d269b05e7549fec80"
+SRC_URI[md5sum] = "4ca570c281be35d0b30ab83436712242"
+SRC_URI[sha256sum] = 
"64cf4d70840230e5e9bc784d153880775ab3db19d656ead8a0cb9c0ab5a95306"
 
 S="${WORKDIR}/dbus-${PV}"
 FILESEXTRAPATHS =. "${FILE_DIRNAME}/dbus:"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#155916): 
https://lists.openembedded.org/g/openembedded-core/message/155916
Mute This Topic: https://lists.openembedded.org/mt/85510103/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 1/9] dbus: upgrade 1.12.16 -> 1.12.18

[Steve Sakoman]

From: Wang Mingyu 

(From OE-Core rev: 8d33a2a4e4b6ff8f831523e5b1b16ead6b29cc79)

Signed-off-by: Wang Mingyu 
Signed-off-by: Richard Purdie 
(cherry picked from commit a62471f0641551717a260c67690d3a7d280ac028)
[Bug fix only update, drop cve patch now included

a0926ef86f (tag: dbus-1.12.18) Prepare 1.12.18
8bc1381819 fdpass test: Assert that we don't leak file descriptors
272d484283 sysdeps-unix: On MSG_CTRUNC, close the fds we did receive <- cve fix
31297172f1 Update NEWS
041d579139 dbus-daemon test: Don't test fd limits if in an unprivileged 
container
55b3f71376 Update NEWS
ced04aabc7 doxygen: fix example for dbus_message_append_args
3e40637b10 Update NEWS
3e0ea34966 cmake: Add X11 include path for tools
d0992805d7 doc: replace dbus-send's --address with --peer and --bus
dd32f6b617 Update NEWS
d251fe7850 Merge branch 'cherry-pick-b034b83b' into 'dbus-1.12'
2c6b0ad7f6 bus: Don't explicitly clear BusConnections.monitors
df0c675b93 Merge branch 'cherry-pick-bf71a58e' into 'dbus-1.12'
beb79b94fb doc: Fix environment variable name in dbus-daemon(1)
eab5d4a420 Start 1.12.18 development]
Signed-off-by: Armin Kuster 

Signed-off-by: Steve Sakoman 
---
 .../dbus/dbus/CVE-2020-12049.patch| 78 ---
 .../dbus/{dbus_1.12.16.bb => dbus_1.12.18.bb} |  5 +-
 2 files changed, 2 insertions(+), 81 deletions(-)
 delete mode 100644 meta/recipes-core/dbus/dbus/CVE-2020-12049.patch
 rename meta/recipes-core/dbus/{dbus_1.12.16.bb => dbus_1.12.18.bb} (97%)

diff --git a/meta/recipes-core/dbus/dbus/CVE-2020-12049.patch 
b/meta/recipes-core/dbus/dbus/CVE-2020-12049.patch
deleted file mode 100644
index ac7a4b7a71..00
--- a/meta/recipes-core/dbus/dbus/CVE-2020-12049.patch
+++ /dev/null
@@ -1,78 +0,0 @@
-From 872b085f12f56da25a2dbd9bd0b2dff31d5aea63 Mon Sep 17 00:00:00 2001
-From: Simon McVittie 
-Date: Thu, 16 Apr 2020 14:45:11 +0100
-Subject: [PATCH] sysdeps-unix: On MSG_CTRUNC, close the fds we did receive
-
-MSG_CTRUNC indicates that we have received fewer fds that we should
-have done because the buffer was too small, but we were treating it
-as though it indicated that we received *no* fds. If we received any,
-we still have to make sure we close them, otherwise they will be leaked.
-
-On the system bus, if an attacker can induce us to leak fds in this
-way, that's a local denial of service via resource exhaustion.
-
-Reported-by: Kevin Backhouse, GitHub Security Lab
-Fixes: dbus#294
-Fixes: CVE-2020-12049
-Fixes: GHSL-2020-057
-
-Upstream-Status: Backport 
[https://gitlab.freedesktop.org/dbus/dbus/-/commit/872b085f12f56da25a2dbd9bd0b2dff31d5aea63]
-CVE: CVE-2020-12049
-Signed-off-by: Lee Chee Yang 

- dbus/dbus-sysdeps-unix.c | 32 
- 1 file changed, 20 insertions(+), 12 deletions(-)
-
-diff --git a/dbus/dbus-sysdeps-unix.c b/dbus/dbus-sysdeps-unix.c
-index b5fc2466..b176dae1 100644
 a/dbus/dbus-sysdeps-unix.c
-+++ b/dbus/dbus-sysdeps-unix.c
-@@ -435,18 +435,6 @@ _dbus_read_socket_with_unix_fds (DBusSocketfd,
-   struct cmsghdr *cm;
-   dbus_bool_t found = FALSE;
- 
--  if (m.msg_flags & MSG_CTRUNC)
--{
--  /* Hmm, apparently the control data was truncated. The bad
-- thing is that we might have completely lost a couple of fds
-- without chance to recover them. Hence let's treat this as a
-- serious error. */
--
--  errno = ENOSPC;
--  _dbus_string_set_length (buffer, start);
--  return -1;
--}
--
-   for (cm = CMSG_FIRSTHDR(); cm; cm = CMSG_NXTHDR(, cm))
- if (cm->cmsg_level == SOL_SOCKET && cm->cmsg_type == SCM_RIGHTS)
-   {
-@@ -501,6 +489,26 @@ _dbus_read_socket_with_unix_fds (DBusSocketfd,
-   if (!found)
- *n_fds = 0;
- 
-+  if (m.msg_flags & MSG_CTRUNC)
-+{
-+  unsigned int i;
-+
-+  /* Hmm, apparently the control data was truncated. The bad
-+ thing is that we might have completely lost a couple of fds
-+ without chance to recover them. Hence let's treat this as a
-+ serious error. */
-+
-+  /* We still need to close whatever fds we *did* receive,
-+   * otherwise they'll never get closed. (CVE-2020-12049) */
-+  for (i = 0; i < *n_fds; i++)
-+close (fds[i]);
-+
-+  *n_fds = 0;
-+  errno = ENOSPC;
-+  _dbus_string_set_length (buffer, start);
-+  return -1;
-+}
-+
-   /* put length back (doesn't actually realloc) */
-   _dbus_string_set_length (buffer, start + bytes_read);
- 
--- 
-2.25.1
-
diff --git a/meta/recipes-core/dbus/dbus_1.12.16.bb 
b/meta/recipes-core/dbus/dbus_1.12.18.bb
similarity index 97%
rename from meta/recipes-core/dbus/dbus_1.12.16.bb
rename to meta/recipes-core/dbus/dbus_1.12.18.bb
index 10d1b34448..2fcb3079ad 100644
--- a/meta/recipes-core/dbus/dbus_1.12.16.bb
+++ b/meta/recipes-core/dbus/dbus_1.12.18.bb
@@ -16,11 +16,10 @@ SRC_URI = 

[OE-core][dunfell 0/9] Patch review

[Steve Sakoman]

Please review this next set of patches for dunfell and have comments back by
end of day Monday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/2570

The following changes since commit fcc609d3bafef2f63039dc54c0fd0eaf062710a1:

  rt-tests: set branch name in SRC_URI (2021-09-08 04:50:47 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Armin Kuster (2):
  xserver-xorg: Security fix for CVE-2020-14360/-25712
  go: Several Security fixes

Ovidiu Panait (2):
  dbus-test: Remove EXTRA_OECONF_X configs
  dbus,dbus-test: Move common parts to dbus.inc

Richard Purdie (2):
  flex: Add CVE-2019-6293 to exclusions for checks
  go: Exclude CVE-2021-29923 from report list

Wang Mingyu (3):
  dbus: upgrade 1.12.16 -> 1.12.18
  dbus-test: upgrade 1.12.16 -> 1.12.18
  dbus: upgrade 1.12.18 -> 1.12.20

 .../distro/include/cve-extra-exclusions.inc   |   4 -
 ...s-test_1.12.16.bb => dbus-test_1.12.20.bb} |  42 +
 meta/recipes-core/dbus/dbus.inc   |  34 
 .../dbus/dbus/CVE-2020-12049.patch|  78 -
 .../dbus/{dbus_1.12.16.bb => dbus_1.12.20.bb} |  40 +
 meta/recipes-devtools/flex/flex_2.6.4.bb  |   5 +
 meta/recipes-devtools/go/go-1.14.inc  |   9 ++
 .../go/go-1.14/CVE-2021-33196.patch   | 124 ++
 .../go/go-1.14/CVE-2021-33197.patch   | 152 ++
 .../go/go-1.14/CVE-2021-34558.patch   |  51 ++
 .../xserver-xorg/CVE-2020-14360.patch | 132 +++
 .../xserver-xorg/CVE-2020-25712.patch | 102 
 .../xorg-xserver/xserver-xorg_1.20.8.bb   |   2 +
 13 files changed, 624 insertions(+), 151 deletions(-)
 rename meta/recipes-core/dbus/{dbus-test_1.12.16.bb => dbus-test_1.12.20.bb} 
(51%)
 create mode 100644 meta/recipes-core/dbus/dbus.inc
 delete mode 100644 meta/recipes-core/dbus/dbus/CVE-2020-12049.patch
 rename meta/recipes-core/dbus/{dbus_1.12.16.bb => dbus_1.12.20.bb} (75%)
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2021-33196.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2021-33197.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2021-34558.patch
 create mode 100644 
meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14360.patch
 create mode 100644 
meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-25712.patch

-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#155914): 
https://lists.openembedded.org/g/openembedded-core/message/155914
Mute This Topic: https://lists.openembedded.org/mt/85510098/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] systemd: add packageconfig for wheel-group

[Peter Bergin]

If the distro does not include the group 'wheel' systemd will
complain when trying to parse ACL rules for tmpfiles.d.

  systemd-tmpfiles[273]: Failed to parse ACL 
"d:group:adm:r-x,d:group:wheel:r-x": Invalid argument. Ignoring

Systemd has a configuration parameter to avoid using 'wheel'
group in the standard config files for tmpfiles. Add this as
a PACKAGECONFIG and enable it by default to keep default.

Signed-off-by: Peter Bergin 
---
 meta/recipes-core/systemd/systemd_249.3.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/recipes-core/systemd/systemd_249.3.bb 
b/meta/recipes-core/systemd/systemd_249.3.bb
index c1594d7cc5..c027b88fd6 100644
--- a/meta/recipes-core/systemd/systemd_249.3.bb
+++ b/meta/recipes-core/systemd/systemd_249.3.bb
@@ -93,6 +93,7 @@ PACKAGECONFIG ??= " \
 userdb \
 utmp \
 vconsole \
+wheel-group \
 zstd \
 "
 
@@ -196,6 +197,7 @@ PACKAGECONFIG[userdb] = "-Duserdb=true,-Duserdb=false"
 PACKAGECONFIG[utmp] = "-Dutmp=true,-Dutmp=false"
 PACKAGECONFIG[valgrind] = "-DVALGRIND=1,,valgrind"
 PACKAGECONFIG[vconsole] = 
"-Dvconsole=true,-Dvconsole=false,,${PN}-vconsole-setup"
+PACKAGECONFIG[wheel-group] = "-Dwheel-group=true, -Dwheel-group=false"
 PACKAGECONFIG[xdg-autostart] = "-Dxdg-autostart=true,-Dxdg-autostart=false"
 # Verify keymaps on locale change
 PACKAGECONFIG[xkbcommon] = "-Dxkbcommon=true,-Dxkbcommon=false,libxkbcommon"
-- 
2.30.2


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#155913): 
https://lists.openembedded.org/g/openembedded-core/message/155913
Mute This Topic: https://lists.openembedded.org/mt/85508061/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH 1/7] testimage: TEST_SERVER_IP isn't mandatory

[Ross Burton]

Hold off on this, it breaks some potential use-cases.

Ross

On Fri, 10 Sept 2021 at 11:20, Ross Burton via lists.openembedded.org
 wrote:
>
> When using the simpleremote test target, TEST_SERVER_IP doesn't have to
> be configured as the code will detect the host's IP if it isn't set.
>
> Signed-off-by: Ross Burton 
> ---
>  meta/classes/testimage.bbclass | 7 ++-
>  1 file changed, 2 insertions(+), 5 deletions(-)
>
> diff --git a/meta/classes/testimage.bbclass b/meta/classes/testimage.bbclass
> index 3c689aec913..8bf6b17af8a 100644
> --- a/meta/classes/testimage.bbclass
> +++ b/meta/classes/testimage.bbclass
> @@ -143,11 +143,8 @@ do_testimage[depends] += "${TESTIMAGEDEPENDS}"
>  do_testimage[lockfiles] += "${TESTIMAGELOCK}"
>
>  def testimage_sanity(d):
> -if (d.getVar('TEST_TARGET') == 'simpleremote'
> -and (not d.getVar('TEST_TARGET_IP')
> - or not d.getVar('TEST_SERVER_IP'))):
> -bb.fatal('When TEST_TARGET is set to "simpleremote" '
> - 'TEST_TARGET_IP and TEST_SERVER_IP are needed too.')
> +if d.getVar('TEST_TARGET') == 'simpleremote' and not 
> d.getVar('TEST_TARGET_IP'):
> +bb.fatal('When TEST_TARGET is set to "simpleremote" TEST_TARGET_IP 
> must be set.')
>
>  def get_testimage_configuration(d, test_type, machine):
>  import platform
> --
> 2.25.1
>
>
> 
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#155912): 
https://lists.openembedded.org/g/openembedded-core/message/155912
Mute This Topic: https://lists.openembedded.org/mt/85506110/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] oeqa/selftest: Add tests for bitbake shell/python task output

[Richard Purdie]

We've seen issues where shell/python tasks lose their log file entries
or output and also where output is duplicated. Add some tests to attempt
to spot regressions in this area in future.

Signed-off-by: Richard Purdie 
---
 .../recipes-test/logging-test/logging-test.bb |  24 
 meta/lib/oeqa/selftest/cases/bblogging.py | 104 ++
 2 files changed, 128 insertions(+)
 create mode 100644 meta-selftest/recipes-test/logging-test/logging-test.bb
 create mode 100644 meta/lib/oeqa/selftest/cases/bblogging.py

diff --git a/meta-selftest/recipes-test/logging-test/logging-test.bb 
b/meta-selftest/recipes-test/logging-test/logging-test.bb
new file mode 100644
index 000..a6100123f9d
--- /dev/null
+++ b/meta-selftest/recipes-test/logging-test/logging-test.bb
@@ -0,0 +1,24 @@
+SUMMARY = "Destined to fail"
+LICENSE = "CLOSED"
+
+deltask do_patch
+INHIBIT_DEFAULT_DEPS = "1"
+
+do_shelltest() {
+echo "This is shell stdout"
+echo "This is shell stderr" >&2
+exit 1
+}
+addtask do_shelltest
+
+python do_pythontest_exit () {
+print("This is python stdout")
+sys.exit(1)
+}
+addtask do_pythontest_exit
+
+python do_pythontest_fatal () {
+print("This is python fatal test stdout")
+bb.fatal("This is a fatal error")
+}
+addtask do_pythontest_fatal
diff --git a/meta/lib/oeqa/selftest/cases/bblogging.py 
b/meta/lib/oeqa/selftest/cases/bblogging.py
new file mode 100644
index 000..ea6c3c8c77e
--- /dev/null
+++ b/meta/lib/oeqa/selftest/cases/bblogging.py
@@ -0,0 +1,104 @@
+#
+# SPDX-License-Identifier: MIT
+#
+
+
+from oeqa.selftest.case import OESelftestTestCase
+from oeqa.utils.commands import bitbake
+
+class BitBakeLogging(OESelftestTestCase):
+
+def assertCount(self, item, entry, count):
+self.assertEqual(item.count(entry), count, 
msg="Output:\n'''\n%s\n'''\ndoesn't contain %d copies of:\n'''\n%s\n'''\n" % 
(item, count, entry))
+
+def test_shell_logging(self):
+# no logs, no verbose
+self.write_config('BBINCLUDELOGS = ""')
+result = bitbake("logging-test -c shelltest -f", ignore_status = True)
+self.assertIn("ERROR: Logfile of failure stored in:", result.output)
+self.assertNotIn("This is shell stdout", result.output)
+self.assertNotIn("This is shell stderr", result.output)
+
+# logs, no verbose
+self.write_config('BBINCLUDELOGS = "yes"')
+result = bitbake("logging-test -c shelltest -f", ignore_status = True)
+self.assertIn("ERROR: Logfile of failure stored in:", result.output)
+self.assertCount(result.output, "This is shell stdout", 1)
+self.assertCount(result.output, "This is shell stderr", 1)
+
+# no logs, verbose
+self.write_config('BBINCLUDELOGS = ""')
+result = bitbake("logging-test -c shelltest -f -v", ignore_status = 
True)
+self.assertIn("ERROR: Logfile of failure stored in:", result.output)
+# two copies due to set +x
+self.assertCount(result.output, "This is shell stdout", 2)
+self.assertCount(result.output, "This is shell stderr", 2)
+
+# logs, verbose
+self.write_config('BBINCLUDELOGS = "yes"')
+result = bitbake("logging-test -c shelltest -f -v", ignore_status = 
True)
+self.assertIn("ERROR: Logfile of failure stored in:", result.output)
+# two copies due to set +x
+self.assertCount(result.output, "This is shell stdout", 2)
+self.assertCount(result.output, "This is shell stderr", 2)
+
+def test_python_exit_logging(self):
+# no logs, no verbose
+self.write_config('BBINCLUDELOGS = ""')
+result = bitbake("logging-test -c pythontest_exit -f", ignore_status = 
True)
+self.assertIn("ERROR: Logfile of failure stored in:", result.output)
+self.assertNotIn("This is python stdout", result.output)
+
+# logs, no verbose
+self.write_config('BBINCLUDELOGS = "yes"')
+result = bitbake("logging-test -c pythontest_exit -f", ignore_status = 
True)
+self.assertIn("ERROR: Logfile of failure stored in:", result.output)
+# A sys.exit() should include the output
+self.assertCount(result.output, "This is python stdout", 1)
+
+# no logs, verbose
+self.write_config('BBINCLUDELOGS = ""')
+result = bitbake("logging-test -c pythontest_exit -f -v", 
ignore_status = True)
+self.assertIn("ERROR: Logfile of failure stored in:", result.output)
+# python tasks don't log output with -v currently
+#self.assertCount(result.output, "This is python stdout", 1)
+
+# logs, verbose
+self.write_config('BBINCLUDELOGS = "yes"')
+result = bitbake("logging-test -c pythontest_exit -f -v", 
ignore_status = True)
+self.assertIn("ERROR: Logfile of failure stored in:", result.output)
+# python tasks don't log output with -v currently
+#self.assertCount(result.output, "This is python 

[OE-core] [PATCH 5/7] oeqa/core/target: remove server port parameter

[Ross Burton]

Specifying a port that the test host can open sockets on isn't that
useful as the package management tests will open multiple ports, so the
specified port won't be used anyway.  The value was never set so used
the default of value, which meant the kernel picked the port.

Remove the server port parameter entirely, and let the kernel pick a
free port.

Signed-off-by: Ross Burton 
---
 meta/lib/oeqa/core/target/qemu.py   | 1 -
 meta/lib/oeqa/core/target/ssh.py| 3 +--
 meta/lib/oeqa/runtime/cases/apt.py  | 4 +---
 meta/lib/oeqa/runtime/cases/dnf.py  | 3 +--
 meta/lib/oeqa/runtime/cases/opkg.py | 4 +---
 meta/lib/oeqa/runtime/context.py| 6 --
 6 files changed, 4 insertions(+), 17 deletions(-)

diff --git a/meta/lib/oeqa/core/target/qemu.py 
b/meta/lib/oeqa/core/target/qemu.py
index 7c6e353edf2..66551607fb9 100644
--- a/meta/lib/oeqa/core/target/qemu.py
+++ b/meta/lib/oeqa/core/target/qemu.py
@@ -28,7 +28,6 @@ class OEQemuTarget(OESSHTarget):
 
 super().__init__(logger, None, server_ip, timeout, user, port)
 
-self.server_port = 0
 self.machine = machine
 self.rootfs = rootfs
 self.kernel = kernel
diff --git a/meta/lib/oeqa/core/target/ssh.py b/meta/lib/oeqa/core/target/ssh.py
index 4da1e4c2b2d..bbf621c8e38 100644
--- a/meta/lib/oeqa/core/target/ssh.py
+++ b/meta/lib/oeqa/core/target/ssh.py
@@ -15,7 +15,7 @@ from . import OETarget
 
 class OESSHTarget(OETarget):
 def __init__(self, logger, ip, server_ip, timeout=300, user='root',
- port=None, server_port=0, **kwargs):
+ port=None, **kwargs):
 if not logger:
 logger = logging.getLogger('target')
 logger.setLevel(logging.INFO)
@@ -29,7 +29,6 @@ class OESSHTarget(OETarget):
 
 super().__init__(logger, server_ip)
 self.ip = ip
-self.server_port = server_port
 self.timeout = timeout
 self.user = user
 ssh_options = [
diff --git a/meta/lib/oeqa/runtime/cases/apt.py 
b/meta/lib/oeqa/runtime/cases/apt.py
index 53745df93f9..ed531a619aa 100644
--- a/meta/lib/oeqa/runtime/cases/apt.py
+++ b/meta/lib/oeqa/runtime/cases/apt.py
@@ -22,9 +22,7 @@ class AptRepoTest(AptTest):
 @classmethod
 def setUpClass(cls):
 service_repo = os.path.join(cls.tc.td['DEPLOY_DIR_DEB'], 'all')
-cls.repo_server = HTTPService(service_repo,
-  '0.0.0.0', 
port=cls.tc.target.server_port,
-  logger=cls.tc.logger)
+cls.repo_server = HTTPService(service_repo, '0.0.0.0', 
logger=cls.tc.logger)
 cls.repo_server.start()
 
 @classmethod
diff --git a/meta/lib/oeqa/runtime/cases/dnf.py 
b/meta/lib/oeqa/runtime/cases/dnf.py
index f40c63026e5..937acaab597 100644
--- a/meta/lib/oeqa/runtime/cases/dnf.py
+++ b/meta/lib/oeqa/runtime/cases/dnf.py
@@ -53,8 +53,7 @@ class DnfRepoTest(DnfTest):
 @classmethod
 def setUpClass(cls):
 cls.repo_server = HTTPService(os.path.join(cls.tc.td['WORKDIR'], 
'oe-testimage-repo'),
-  '0.0.0.0', 
port=cls.tc.target.server_port,
-  logger=cls.tc.logger)
+  '0.0.0.0', logger=cls.tc.logger)
 cls.repo_server.start()
 
 @classmethod
diff --git a/meta/lib/oeqa/runtime/cases/opkg.py 
b/meta/lib/oeqa/runtime/cases/opkg.py
index 9cfee1cd886..581ddf58749 100644
--- a/meta/lib/oeqa/runtime/cases/opkg.py
+++ b/meta/lib/oeqa/runtime/cases/opkg.py
@@ -25,9 +25,7 @@ class OpkgRepoTest(OpkgTest):
 if cls.tc.td["MULTILIB_VARIANTS"]:
 allarchfeed = cls.tc.td["TUNE_PKGARCH"]
 service_repo = os.path.join(cls.tc.td['DEPLOY_DIR_IPK'], allarchfeed)
-cls.repo_server = HTTPService(service_repo,
-  '0.0.0.0', 
port=cls.tc.target.server_port,
-  logger=cls.tc.logger)
+cls.repo_server = HTTPService(service_repo, '0.0.0.0', 
logger=cls.tc.logger)
 cls.repo_server.start()
 
 @classmethod
diff --git a/meta/lib/oeqa/runtime/context.py b/meta/lib/oeqa/runtime/context.py
index 3826f276421..8552aa782bc 100644
--- a/meta/lib/oeqa/runtime/context.py
+++ b/meta/lib/oeqa/runtime/context.py
@@ -99,12 +99,6 @@ class OERuntimeTestContextExecutor(OETestContextExecutor):
 target_ip = target_ip_port[0]
 kwargs['port'] = target_ip_port[1]
 
-if server_ip:
-server_ip_port = server_ip.split(':')
-if len(server_ip_port) == 2:
-server_ip = server_ip_port[0]
-kwargs['server_port'] = int(server_ip_port[1])
-
 if target_type == 'simpleremote':
 target = OESSHTarget(logger, target_ip, server_ip, **kwargs)
 elif target_type == 'qemu':
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#155908): 

[OE-core] [PATCH 2/7] testimage: pass the base image name to the target class

[Ross Burton]

Also pass the the base image name to the target class. This is the full
path to the deploy directory and the image name without any extensions,
so makes it easier to find ancillary files.

Signed-off-by: Ross Burton 
---
 meta/classes/testimage.bbclass | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/classes/testimage.bbclass b/meta/classes/testimage.bbclass
index 8bf6b17af8a..d139df9925f 100644
--- a/meta/classes/testimage.bbclass
+++ b/meta/classes/testimage.bbclass
@@ -309,6 +309,7 @@ def testimage_main(d):
   'serial_ports': len(d.getVar("SERIAL_CONSOLES").split()),
   'ovmf': ovmf,
   'tmpfsdir': d.getVar("RUNQEMU_TMPFS_DIR"),
+  'image_name'  : image_name
 }
 
 if d.getVar("TESTIMAGE_BOOT_PATTERNS"):
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#155905): 
https://lists.openembedded.org/g/openembedded-core/message/155905
Mute This Topic: https://lists.openembedded.org/mt/85506109/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 4/7] oeqa/core/target: move server_ip to superclass

[Ross Burton]

Move towards a consistent interface across OETarget subclasses by
moving server_ip to the superclass.

Signed-off-by: Ross Burton 
---
 meta/lib/oeqa/core/target/__init__.py | 3 ++-
 meta/lib/oeqa/core/target/qemu.py | 4 +---
 meta/lib/oeqa/core/target/ssh.py  | 3 +--
 3 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/meta/lib/oeqa/core/target/__init__.py 
b/meta/lib/oeqa/core/target/__init__.py
index 3da66038342..aff02ecc439 100644
--- a/meta/lib/oeqa/core/target/__init__.py
+++ b/meta/lib/oeqa/core/target/__init__.py
@@ -7,7 +7,8 @@
 
 class OETarget:
 
-def __init__(self, logger, *args, **kwargs):
+def __init__(self, logger, server_ip):
+self.server_ip = server_ip
 self.logger = logger
 
 def start(self):
diff --git a/meta/lib/oeqa/core/target/qemu.py 
b/meta/lib/oeqa/core/target/qemu.py
index 79fd724f7d4..7c6e353edf2 100644
--- a/meta/lib/oeqa/core/target/qemu.py
+++ b/meta/lib/oeqa/core/target/qemu.py
@@ -26,10 +26,8 @@ class OEQemuTarget(OESSHTarget):
 tmpdir='', dir_image='', boottime=60, serial_ports=2,
 boot_patterns = defaultdict(str), ovmf=False, tmpfsdir=None, 
**kwargs):
 
-super(OEQemuTarget, self).__init__(logger, None, server_ip, timeout,
-user, port)
+super().__init__(logger, None, server_ip, timeout, user, port)
 
-self.server_ip = server_ip
 self.server_port = 0
 self.machine = machine
 self.rootfs = rootfs
diff --git a/meta/lib/oeqa/core/target/ssh.py b/meta/lib/oeqa/core/target/ssh.py
index 923a223b25b..4da1e4c2b2d 100644
--- a/meta/lib/oeqa/core/target/ssh.py
+++ b/meta/lib/oeqa/core/target/ssh.py
@@ -27,9 +27,8 @@ class OESSHTarget(OETarget):
 fileHandler.setFormatter(formatter)
 logger.addHandler(fileHandler)
 
-super(OESSHTarget, self).__init__(logger)
+super().__init__(logger, server_ip)
 self.ip = ip
-self.server_ip = server_ip
 self.server_port = server_port
 self.timeout = timeout
 self.user = user
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#155907): 
https://lists.openembedded.org/g/openembedded-core/message/155907
Mute This Topic: https://lists.openembedded.org/mt/85506111/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 7/7] oeqa/target/ssh: don't assume target_dumper is set

[Ross Burton]

The target_dumper property is only set by the QemuTarget subclass, so
assign a default value and check it isn't None before calling it.

Signed-off-by: Ross Burton 
---
 meta/lib/oeqa/core/target/ssh.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/meta/lib/oeqa/core/target/ssh.py b/meta/lib/oeqa/core/target/ssh.py
index b61c7d141d9..8cd2966fa38 100644
--- a/meta/lib/oeqa/core/target/ssh.py
+++ b/meta/lib/oeqa/core/target/ssh.py
@@ -41,6 +41,7 @@ class OESSHTarget(OETarget):
 self.ssh = self.ssh + [ '-p', port ]
 self.scp = self.scp + [ '-P', port ]
 self._monitor_dumper = None
+self.target_dumper = None
 
 def start(self, **kwargs):
 pass
@@ -99,7 +100,8 @@ class OESSHTarget(OETarget):
 if self.monitor_dumper:
 self.monitor_dumper.dump_monitor()
 if status == 255:
-self.target_dumper.dump_target()
+if self.target_dumper:
+self.target_dumper.dump_target()
 if self.monitor_dumper:
 self.monitor_dumper.dump_monitor()
 return (status, output)
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#155910): 
https://lists.openembedded.org/g/openembedded-core/message/155910
Mute This Topic: https://lists.openembedded.org/mt/85506115/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 6/7] oeqa/core/target: add target_ip to superclass

[Ross Burton]

Move towards a consistent interface across OETarget subclasses by
moving target_ip to the superclass.

QemuTarget automatically determines the target IP on startup, so default
that to None.

Signed-off-by: Ross Burton 
---
 meta/lib/oeqa/core/target/__init__.py | 3 ++-
 meta/lib/oeqa/core/target/qemu.py | 4 ++--
 meta/lib/oeqa/core/target/ssh.py  | 5 ++---
 meta/lib/oeqa/runtime/context.py  | 2 +-
 4 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/meta/lib/oeqa/core/target/__init__.py 
b/meta/lib/oeqa/core/target/__init__.py
index aff02ecc439..45ed3e54b40 100644
--- a/meta/lib/oeqa/core/target/__init__.py
+++ b/meta/lib/oeqa/core/target/__init__.py
@@ -7,8 +7,9 @@
 
 class OETarget:
 
-def __init__(self, logger, server_ip):
+def __init__(self, logger, server_ip, target_ip):
 self.server_ip = server_ip
+self.ip = target_ip
 self.logger = logger
 
 def start(self):
diff --git a/meta/lib/oeqa/core/target/qemu.py 
b/meta/lib/oeqa/core/target/qemu.py
index 66551607fb9..ef567939ad8 100644
--- a/meta/lib/oeqa/core/target/qemu.py
+++ b/meta/lib/oeqa/core/target/qemu.py
@@ -20,13 +20,13 @@ from oeqa.utils.dump import TargetDumper
 supported_fstypes = ['ext3', 'ext4', 'cpio.gz', 'wic']
 
 class OEQemuTarget(OESSHTarget):
-def __init__(self, logger, server_ip, timeout=300, user='root',
+def __init__(self, logger, server_ip, target_ip=None, timeout=300, 
user='root',
 port=None, machine='', rootfs='', kernel='', kvm=False, 
slirp=False,
 dump_dir='', dump_host_cmds='', display='', bootlog='',
 tmpdir='', dir_image='', boottime=60, serial_ports=2,
 boot_patterns = defaultdict(str), ovmf=False, tmpfsdir=None, 
**kwargs):
 
-super().__init__(logger, None, server_ip, timeout, user, port)
+super().__init__(logger, server_ip, target_ip, timeout, user, port)
 
 self.machine = machine
 self.rootfs = rootfs
diff --git a/meta/lib/oeqa/core/target/ssh.py b/meta/lib/oeqa/core/target/ssh.py
index bbf621c8e38..b61c7d141d9 100644
--- a/meta/lib/oeqa/core/target/ssh.py
+++ b/meta/lib/oeqa/core/target/ssh.py
@@ -14,7 +14,7 @@ import codecs
 from . import OETarget
 
 class OESSHTarget(OETarget):
-def __init__(self, logger, ip, server_ip, timeout=300, user='root',
+def __init__(self, logger, server_ip, target_ip, timeout=300, user='root',
  port=None, **kwargs):
 if not logger:
 logger = logging.getLogger('target')
@@ -27,8 +27,7 @@ class OESSHTarget(OETarget):
 fileHandler.setFormatter(formatter)
 logger.addHandler(fileHandler)
 
-super().__init__(logger, server_ip)
-self.ip = ip
+super().__init__(logger, server_ip, target_ip)
 self.timeout = timeout
 self.user = user
 ssh_options = [
diff --git a/meta/lib/oeqa/runtime/context.py b/meta/lib/oeqa/runtime/context.py
index 8552aa782bc..76cae4ee789 100644
--- a/meta/lib/oeqa/runtime/context.py
+++ b/meta/lib/oeqa/runtime/context.py
@@ -100,7 +100,7 @@ class OERuntimeTestContextExecutor(OETestContextExecutor):
 kwargs['port'] = target_ip_port[1]
 
 if target_type == 'simpleremote':
-target = OESSHTarget(logger, target_ip, server_ip, **kwargs)
+target = OESSHTarget(logger, server_ip, target_ip, **kwargs)
 elif target_type == 'qemu':
 target = OEQemuTarget(logger, server_ip, **kwargs)
 else:
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#155909): 
https://lists.openembedded.org/g/openembedded-core/message/155909
Mute This Topic: https://lists.openembedded.org/mt/85506114/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 3/7] oeqa/core/target: remove abstract decorations

[Ross Burton]

There's no need to inherit from object in Python 3, and marking the
methods as abstract is overkill considering the type hierarchy.

Signed-off-by: Ross Burton 
---
 meta/lib/oeqa/core/target/__init__.py | 9 +
 1 file changed, 1 insertion(+), 8 deletions(-)

diff --git a/meta/lib/oeqa/core/target/__init__.py 
b/meta/lib/oeqa/core/target/__init__.py
index 1382aa9b523..3da66038342 100644
--- a/meta/lib/oeqa/core/target/__init__.py
+++ b/meta/lib/oeqa/core/target/__init__.py
@@ -4,33 +4,26 @@
 # SPDX-License-Identifier: MIT
 #
 
-from abc import abstractmethod
 
-class OETarget(object):
+class OETarget:
 
 def __init__(self, logger, *args, **kwargs):
 self.logger = logger
 
-@abstractmethod
 def start(self):
 pass
 
-@abstractmethod
 def stop(self):
 pass
 
-@abstractmethod
 def run(self, cmd, timeout=None):
 pass
 
-@abstractmethod
 def copyTo(self, localSrc, remoteDst):
 pass
 
-@abstractmethod
 def copyFrom(self, remoteSrc, localDst):
 pass
 
-@abstractmethod
 def copyDirTo(self, localSrc, remoteDst):
 pass
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#155904): 
https://lists.openembedded.org/g/openembedded-core/message/155904
Mute This Topic: https://lists.openembedded.org/mt/85506108/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 1/7] testimage: TEST_SERVER_IP isn't mandatory

[Ross Burton]

When using the simpleremote test target, TEST_SERVER_IP doesn't have to
be configured as the code will detect the host's IP if it isn't set.

Signed-off-by: Ross Burton 
---
 meta/classes/testimage.bbclass | 7 ++-
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/meta/classes/testimage.bbclass b/meta/classes/testimage.bbclass
index 3c689aec913..8bf6b17af8a 100644
--- a/meta/classes/testimage.bbclass
+++ b/meta/classes/testimage.bbclass
@@ -143,11 +143,8 @@ do_testimage[depends] += "${TESTIMAGEDEPENDS}"
 do_testimage[lockfiles] += "${TESTIMAGELOCK}"
 
 def testimage_sanity(d):
-if (d.getVar('TEST_TARGET') == 'simpleremote'
-and (not d.getVar('TEST_TARGET_IP')
- or not d.getVar('TEST_SERVER_IP'))):
-bb.fatal('When TEST_TARGET is set to "simpleremote" '
- 'TEST_TARGET_IP and TEST_SERVER_IP are needed too.')
+if d.getVar('TEST_TARGET') == 'simpleremote' and not 
d.getVar('TEST_TARGET_IP'):
+bb.fatal('When TEST_TARGET is set to "simpleremote" TEST_TARGET_IP 
must be set.')
 
 def get_testimage_configuration(d, test_type, machine):
 import platform
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#155906): 
https://lists.openembedded.org/g/openembedded-core/message/155906
Mute This Topic: https://lists.openembedded.org/mt/85506110/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH 1/1] oeqa/sdk: assimp.py -> cmake.py

[Ross Burton]

On Fri, 10 Sept 2021 at 09:08, Robert Yang  wrote:
> -self._run("cd {build} && cmake -DCMAKE_VERBOSE_MAKEFILE:BOOL=ON 
> {source}".format(**dirs))
> +self._run("cd {build} && cmake {source}".format(**dirs))

Verbose makefiles were turned on for a reason: when it breaks, we want
to see the full log.

>  self._run("cmake --build {build} -- -j".format(**dirs))
>  self._run("cmake --build {build} --target install -- 
> DESTDIR={install}".format(**dirs))
> -self.check_elf(os.path.join(dirs["install"], "usr", "local", 
> "lib", "libassimp.so.4.1.0"))
> +self.check_elf(os.path.join(dirs["install"], 
> "usr/local/lib/libexpat.so.1.8.1"))

Using join() but passing a hardcoded path string seems suboptimal.

Ross

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#155903): 
https://lists.openembedded.org/g/openembedded-core/message/155903
Mute This Topic: https://lists.openembedded.org/mt/85504678/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH] wic/bootimg-efi: Add Unified Kernel Image option

[Richard Purdie]

On Thu, 2021-09-09 at 17:53 +, Kristian Klausen via lists.openembedded.org
wrote:
> "A unified kernel image is a single EFI PE executable combining an EFI
> stub loader, a kernel image, an initramfs image, and the kernel command
> line.
> 
> [...]
> 
> Images of this type have the advantage that all metadata and payload
> that makes up the boot entry is monopolized in a single PE file that can
> be signed cryptographically as one for the purpose of EFI
> SecureBoot."[1]
> 
> This commit adds a create-unified-kernel-image=true option to the
> bootimg-efi plugin for creating a Unified Kernel Image[1] and installing
> it into $BOOT/EFI/Linux/ with a .efi extension per the the Boot Loader
> Specification[1][2]. This is useful for implementing Secure Boot.
> 
> systemd-boot is the only mainstream bootloader implementing the
> specification, but GRUB should be able to boot the EFI binary, this
> commit however doesn't implement the necessary changes to the GRUB
> config generation logic to boot the Unified Kernel Image.
> 
> [1] 
> https://systemd.io/BOOT_LOADER_SPECIFICATION/#type-2-efi-unified-kernel-images
> [2] https://systemd.io/BOOT_LOADER_SPECIFICATION/
> 
> Signed-off-by: Kristian Klausen 
> ---
> 
> This patch supersedes:
> "[RFC][PATCH] kernel: Add Unified Kernel Image image type"[1]
> and:
> "[PATCH] wic/bootimg-efi: Add option for only installing the bootloader"[2]
> 
> The latter is perhaps still useful, but with this patch it is no longer
> needed for using a Unified Kernel Image with systemd-boot.
> 
> [1] https://lists.openembedded.org/g/openembedded-core/message/155801
> [2] https://lists.openembedded.org/g/openembedded-core/message/155789
> 
>  scripts/lib/wic/plugins/source/bootimg-efi.py | 69 ---
>  1 file changed, 59 insertions(+), 10 deletions(-)

Do we need to add a test for this into meta/lib/oeqa/selftest/cases/wic.py?

Cheers,

Richard


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#155902): 
https://lists.openembedded.org/g/openembedded-core/message/155902
Mute This Topic: https://lists.openembedded.org/mt/85490739/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH 3/3] tar: add pkgconfig for selinux

[Richard Purdie]

On Wed, 2021-09-08 at 16:05 +0800, Yu, Mingli wrote:
> From: Mingli Yu 
> 
> Add pkgconfig setting for selinux.
> 
> Signed-off-by: Mingli Yu 
> ---
>  meta/recipes-extended/tar/tar_1.34.bb | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/meta/recipes-extended/tar/tar_1.34.bb 
> b/meta/recipes-extended/tar/tar_1.34.bb
> index 98755a11cc..a6a417a1a5 100644
> --- a/meta/recipes-extended/tar/tar_1.34.bb
> +++ b/meta/recipes-extended/tar/tar_1.34.bb
> @@ -16,6 +16,7 @@ PACKAGECONFIG ??= ""
>  PACKAGECONFIG:append:class-target = " ${@bb.utils.filter('DISTRO_FEATURES', 
> 'acl', d)}"
>  
>  PACKAGECONFIG[acl] = "--with-posix-acls,--without-posix-acls,acl"
> +PACKAGECONFIG[selinux] = "--with-selinux,--without-selinux,libselinux"
>  
>  EXTRA_OECONF += "DEFAULT_RMT_DIR=${sbindir}"
>  

This breaks one of the selftests, you could reproduce with

oe-selftest -r 
oescripts.OEListPackageconfigTests.test_packageconfig_flags_default

however I've added a patch to fix it.

Cheers,

Richard




-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#155901): 
https://lists.openembedded.org/g/openembedded-core/message/155901
Mute This Topic: https://lists.openembedded.org/mt/85454436/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] oeqa/oescripts: Fix after tar recipe changes

[Richard Purdie]

Signed-off-by: Richard Purdie 
---
 meta/lib/oeqa/selftest/cases/oescripts.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/lib/oeqa/selftest/cases/oescripts.py 
b/meta/lib/oeqa/selftest/cases/oescripts.py
index 8a10ff357be..1decce39e96 100644
--- a/meta/lib/oeqa/selftest/cases/oescripts.py
+++ b/meta/lib/oeqa/selftest/cases/oescripts.py
@@ -150,7 +150,7 @@ class OEListPackageconfigTests(OEScriptTests):
 expected_endlines = []
 expected_endlines.append("RECIPE NAME  PACKAGECONFIG 
FLAGS")
 expected_endlines.append("pinentry gtk2 libcap 
ncurses qt secret")
-expected_endlines.append("tar  acl")
+expected_endlines.append("tar  acl selinux")
 
 self.check_endlines(results, expected_endlines)
 
-- 
2.32.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#155900): 
https://lists.openembedded.org/g/openembedded-core/message/155900
Mute This Topic: https://lists.openembedded.org/mt/85504874/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] pseudo: Update with fcntl and glibc 2.34 fixes

[Richard Purdie]

Pull in the following changes:

* pseudo_client: Make msg static in pseudo_op_client
* ports/linux/guts: Add close_range wrapper for glibc 2.34
* pseudo_client: Do not pass null argument to pseudo_diag()
* test-openat: Consider device as well as inode number
* test: Add missing test-statx test case
* fcntl: Add support for fcntl F_GETPIPE_SZ and F_SETPIPE_SZ

Signed-off-by: Richard Purdie 
---
 meta/recipes-devtools/pseudo/pseudo_git.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-devtools/pseudo/pseudo_git.bb 
b/meta/recipes-devtools/pseudo/pseudo_git.bb
index 328177c9bf0..a9ea8b4ef66 100644
--- a/meta/recipes-devtools/pseudo/pseudo_git.bb
+++ b/meta/recipes-devtools/pseudo/pseudo_git.bb
@@ -13,7 +13,7 @@ SRC_URI:append:class-nativesdk = " \
 file://older-glibc-symbols.patch"
 SRC_URI[prebuilt.sha256sum] = 
"ed9f456856e9d86359f169f46a70ad7be4190d6040282b84c8d97b99072485aa"
 
-SRCREV = "b988b0a6b8afd8d459bc9a2528e834f63a3d59b2"
+SRCREV = "21ff2fb690efbe57e7dd867c39aff36ab72a6ac5"
 S = "${WORKDIR}/git"
 PV = "1.9.0+git${SRCPV}"
 
-- 
2.32.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#155899): 
https://lists.openembedded.org/g/openembedded-core/message/155899
Mute This Topic: https://lists.openembedded.org/mt/85504817/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [hardknott][PATCH] mc: fix CVE-2021-36370

[kai]

From: Kai Kang 

Backport patch to fix CVE-2021-36370.

CVE: CVE-2021-36370

Signed-off-by: Kai Kang 
---
 .../mc/files/CVE-2021-36370.patch | 609 ++
 meta/recipes-extended/mc/mc_4.8.26.bb |   1 +
 2 files changed, 610 insertions(+)
 create mode 100644 meta/recipes-extended/mc/files/CVE-2021-36370.patch

diff --git a/meta/recipes-extended/mc/files/CVE-2021-36370.patch 
b/meta/recipes-extended/mc/files/CVE-2021-36370.patch
new file mode 100644
index 00..d6a26871bd
--- /dev/null
+++ b/meta/recipes-extended/mc/files/CVE-2021-36370.patch
@@ -0,0 +1,609 @@
+Backport patch to fix CVE-2021-36370.
+
+Upstream-Status: Backport 
[https://github.com/MidnightCommander/mc/commit/9235d3c]
+CVE: CVE-2021-36370
+
+Signed-off-by: Kai Kang 
+
+From 9235d3c232d13ad7f973346077c9cf2eaa77dc5f Mon Sep 17 00:00:00 2001
+From: Andrew Borodin 
+Date: Mon, 12 Jul 2021 08:48:18 +0300
+Subject: [PATCH] SFTPFS: verify server fingerprint (fix CVE-2021-36370).
+
+Use ~/.ssh/known_hosts file to verify server fingerprint
+using ssh way:
+
+$ ssh localhost
+The authenticity of host 'localhost (127.0.0.1)' can't be established.
+ED25519 key fingerprint is SHA256:FzqKTNTroFuNUj1wUzSeV2x/1lpcESnT0ZRCmq5H6o8.
+Are you sure you want to continue connecting (yes/no)? no
+ssh: Host key verification failed.
+
+$ ssh localhost
+The authenticity of host 'localhost (127.0.0.1)' can't be established.
+ED25519 key fingerprint is SHA256:FzqKTNTroFuNUj1wUzSeV2x/1lpcESnT0ZRCmq5H6o8.
+Are you sure you want to continue connecting (yes/no)? yes
+Warning: Permanently added 'localhost' (ED25519) to the list of known hosts.
+andrew@localhost's password:
+
+Thanks the Curl project for the used code.
+
+Signed-off-by: Andrew Borodin 
+Signed-off-by: Yury V. Zaytsev 
+---
+ doc/man/mc.1.in |  15 ++
+ doc/man/ru/mc.1.in  |  14 ++
+ src/vfs/sftpfs/connection.c | 428 +++-
+ src/vfs/sftpfs/internal.h   |   5 +-
+ 4 files changed, 452 insertions(+), 10 deletions(-)
+
+diff --git a/doc/man/mc.1.in b/doc/man/mc.1.in
+index c0c06e32f7..7a3d118384 100644
+--- a/doc/man/mc.1.in
 b/doc/man/mc.1.in
+@@ -3364,6 +3364,21 @@ Examples:
+ sftp://j...@noncompressed.ssh.edu/private
+ sftp://j...@somehost.ssh.edu:/private
+ .fi
++.PP
++When establishing the connection, server key fingerprint is verified using
++the ~/.ssh/known_hosts file. If the host/key pair is not found or the host is 
found,
++but the key doesn't match, an appropriate message is shown.
++There are three buttons in the message dialog:
++.PP
++.B [Yes]
++add new host/key pair to the ~/.ssh/known_hosts file and continue.
++.PP
++.B [Ignore]
++do not add new host/key pair to the ~/.ssh/known_hosts file, but continue
++nevertheless (at you own risk).
++.PP
++.B [No]
++abort connection.
+ .\"NODE "  Undelete File System"
+ .SH "  Undelete File System"
+ On Linux systems, if you asked configure to use the ext2fs undelete
+diff --git a/doc/man/ru/mc.1.in b/doc/man/ru/mc.1.in
+index 7609da1127..bc0c1810a9 100644
+--- a/doc/man/ru/mc.1.in
 b/doc/man/ru/mc.1.in
+@@ -3874,6 +3874,20 @@ bash\-совместимая оболочка shell.
+ sftp://j...@noncompressed.ssh.edu/private
+ sftp://j...@somehost.ssh.edu:/private
+ .fi
++При установлении соединения происходит проверка ключа сервера с использованием
++файла ~/.ssh/known_hosts file. Если пара сервер/ключ в этом файле не найдена
++или сервер найден, но ключ не соответствует, пользователю показывается
++окно с соответствующим сообщением, содержащее три кнопки:
++.PP
++.B [Да]
++добавить новую пару сервер/ключ в файл ~/.ssh/known_hosts и продолжить 
соединение.
++.PP
++.B [Игнорировать]
++не добавлять новую пару сервер/ключ в файл ~/.ssh/known_hosts и всё равно
++продолжить соединение (на свой страх и риск).
++.PP
++.B [Нет]
++прервать соединение.
+ .\"NODE "  Undelete File System"
+ .SH "  Файловая система UFS (Undelete File System)"
+ В ОС Linux можно сконфигурировать файловую систему ext2fs, используемую
+diff --git a/src/vfs/sftpfs/connection.c b/src/vfs/sftpfs/connection.c
+index 9f8ea5633b..acd5026515 100644
+--- a/src/vfs/sftpfs/connection.c
 b/src/vfs/sftpfs/connection.c
+@@ -42,6 +42,8 @@
+ #include "lib/util.h"
+ #include "lib/tty/tty.h"/* tty_enable_interrupt_key () */
+ #include "lib/vfs/utilvfs.h"
++#include "lib/mcconfig.h"   /* mc_config_get_home_dir () */
++#include "lib/widget.h" /* query_dialog () */
+ 
+ #include "internal.h"
+ 
+@@ -49,10 +51,37 @@
+ 
+ /*** file scope macro definitions 
/
+ 
++#define SHA1_DIGEST_LENGTH 20
++
+ /*** file scope type declarations 
/
+ 
+ /*** file scope variables 
/
+ 
++#ifdef LIBSSH2_KNOWNHOST_KEY_ED25519
++static const char *const hostkey_method_ssh_ed25519 = "ssh-ed25519";
++#endif
++#ifdef 

[OE-core] [PATCH 1/1] oeqa/sdk: assimp.py -> cmake.py

[Robert Yang]

The downloaded non-free sources, now download expat-2.4.1.tar.bz2 to replace
it, and also rename the test case to cmake.py since it is used for testing 
cmake.

Signed-off-by: Robert Yang 
---
 meta/lib/oeqa/sdk/cases/{assimp.py => cmake.py} | 12 ++--
 1 file changed, 6 insertions(+), 6 deletions(-)
 rename meta/lib/oeqa/sdk/cases/{assimp.py => cmake.py} (70%)

diff --git a/meta/lib/oeqa/sdk/cases/assimp.py 
b/meta/lib/oeqa/sdk/cases/cmake.py
similarity index 70%
rename from meta/lib/oeqa/sdk/cases/assimp.py
rename to meta/lib/oeqa/sdk/cases/cmake.py
index f166758e498..13b24072109 100644
--- a/meta/lib/oeqa/sdk/cases/assimp.py
+++ b/meta/lib/oeqa/sdk/cases/cmake.py
@@ -21,12 +21,12 @@ class BuildAssimp(OESDKTestCase):
 self.tc.hasHostPackage("cmake-native")):
 raise unittest.SkipTest("Needs cmake")
 
-def test_assimp(self):
-with tempfile.TemporaryDirectory(prefix="assimp", dir=self.tc.sdk_dir) 
as testdir:
-tarball = self.fetch(testdir, self.td["DL_DIR"], 
"https://github.com/assimp/assimp/archive/v4.1.0.tar.gz;)
+def test_cmake(self):
+with tempfile.TemporaryDirectory(prefix="cmake", dir=self.tc.sdk_dir) 
as testdir:
+tarball = self.fetch(testdir, self.td["DL_DIR"], 
"https://downloads.sourceforge.net/expat/expat-2.4.1.tar.bz2;)
 
 dirs = {}
-dirs["source"] = os.path.join(testdir, "assimp-4.1.0")
+dirs["source"] = os.path.join(testdir, "expat-2.4.1")
 dirs["build"] = os.path.join(testdir, "build")
 dirs["install"] = os.path.join(testdir, "install")
 
@@ -34,7 +34,7 @@ class BuildAssimp(OESDKTestCase):
 self.assertTrue(os.path.isdir(dirs["source"]))
 os.makedirs(dirs["build"])
 
-self._run("cd {build} && cmake -DCMAKE_VERBOSE_MAKEFILE:BOOL=ON 
{source}".format(**dirs))
+self._run("cd {build} && cmake {source}".format(**dirs))
 self._run("cmake --build {build} -- -j".format(**dirs))
 self._run("cmake --build {build} --target install -- 
DESTDIR={install}".format(**dirs))
-self.check_elf(os.path.join(dirs["install"], "usr", "local", 
"lib", "libassimp.so.4.1.0"))
+self.check_elf(os.path.join(dirs["install"], 
"usr/local/lib/libexpat.so.1.8.1"))
-- 
2.31.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#155897): 
https://lists.openembedded.org/g/openembedded-core/message/155897
Mute This Topic: https://lists.openembedded.org/mt/85504678/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 0/1] oeqa/sdk: assimp.py -> cmake.py

[Robert Yang]

* Test info
IMAGE_CLASSES += "testimage"

$ bitbake core-image-sato -cpopulate_sdk && bitbake core-image-sato -ctestsdk


The following changes since commit ec20e1a0e0ba61a7615b361bfc9d9dc58a91f9b3:

  create-spdx: remove trailing comma (2021-09-08 15:32:45 +0100)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib rbt/test
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=rbt/test

Robert Yang (1):
  oeqa/sdk: assimp.py -> cmake.py

 meta/lib/oeqa/sdk/cases/{assimp.py => cmake.py} | 12 ++--
 1 file changed, 6 insertions(+), 6 deletions(-)
 rename meta/lib/oeqa/sdk/cases/{assimp.py => cmake.py} (70%)

-- 
2.31.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#155896): 
https://lists.openembedded.org/g/openembedded-core/message/155896
Mute This Topic: https://lists.openembedded.org/mt/85504677/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH 0/1] assimp: Remove it

[Robert Yang]

On 9/9/21 11:43 PM, Khem Raj wrote:

On Thu, Sep 9, 2021 at 3:26 AM Robert Yang  wrote:


Hi Khem,

On 9/9/21 1:06 PM, Khem Raj wrote:

also delete meta/lib/oeqa/sdk/cases/assimp.py


It's a test case for testing cmake, it should be OK to keep it? Or we need add a
new one to replace it.


is it downloading assimp code etc. ? if so I would suggest to replace
it with something else too as a followup.


Yes, it does, I've sent a patch to use expat to replace assimp for the test.

// Robert





// Robert



On Tue, Sep 7, 2021 at 1:46 AM Robert Yang  wrote:


The following changes since commit 70de1dbb660461bdf0613494f53ec4c78738ae2a:

vim: Add packageconfig for sound notification support (2021-09-06 09:49:13 
+0100)

are available in the Git repository at:

git://git.openembedded.org/openembedded-core-contrib rbt/assimp
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=rbt/assimp

Robert Yang (1):
assimp: Remove it

   meta/conf/distro/include/maintainers.inc  |1 -
   ...hared-lib-from-_IMPORT_CHECK_TARGETS.patch |   32 -
   ...hub.com-assimp-assimp-issues-2733-up.patch | 1664 -
   .../use-GNUInstallDirs-where-possible.patch   |  257 ---
   meta/recipes-graphics/vulkan/assimp_5.0.1.bb  |   26 -
   5 files changed, 1980 deletions(-)
   delete mode 100644 
meta/recipes-graphics/vulkan/assimp/0001-assimp-remove-shared-lib-from-_IMPORT_CHECK_TARGETS.patch
   delete mode 100644 
meta/recipes-graphics/vulkan/assimp/0001-closes-https-github.com-assimp-assimp-issues-2733-up.patch
   delete mode 100644 
meta/recipes-graphics/vulkan/assimp/use-GNUInstallDirs-where-possible.patch
   delete mode 100644 meta/recipes-graphics/vulkan/assimp_5.0.1.bb

--
2.17.1





-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#155895): 
https://lists.openembedded.org/g/openembedded-core/message/155895
Mute This Topic: https://lists.openembedded.org/mt/85431029/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [qa-build-notification] QA notification for completed autobuilder build (yocto-3.3.3.rc2)

[Teoh, Jay Shen]

Hello all,

Intel and WR YP QA is planning for QA execution for YP build yocto-3.3.3.rc2 We 
are planning to execute following tests for this cycle:

OEQA-manual tests for following module:
1. OE-Core
2. BSP-hw

Runtime auto test for following platforms:
1. MinnowTurbot 32-bit
2. Coffee Lake
3. NUC 7
4. NUC 6
5. Edgerouter
6. Beaglebone

ETA for completion is next Wednesday, 15 September.

Thanks,
Jay
> -Original Message-
> From: qa-build-notificat...@lists.yoctoproject.org  notificat...@lists.yoctoproject.org> On Behalf Of Richard Purdie
> Sent: Friday, 10 September, 2021 4:00 AM
> To:  
> Cc: qa-build-notification 
> Subject: [qa-build-notification] QA notification for completed autobuilder 
> build
> (yocto-3.3.3.rc2)
> 
> A build flagged for QA (yocto-3.3.3.rc2) was completed on the autobuilder and 
> is
> available at:
> 
> 
> https://autobuilder.yocto.io/pub/releases/yocto-3.3.3.rc2
> 
> 
> Build hash information:
> 
> bitbake: c7b506d11df78cfc4610db6578745eaa6220b13a
> meta-agl: 60344efa7a50dc2548fc4b5d68b5ad4d60c4023a
> meta-arm: ba82ea920a3a43244a0a72bd74817e2f00f4a1af
> meta-aws: 171aa2cf4d12ff4877e9104b6ec46be54128e3d8
> meta-gplv2: 9e119f333cc8f53bd3cf64326f826dbc6ce3db0f
> meta-intel: 5c4a6b02f650a99a5ec55561443fcf880a863d19
> meta-mingw: 422b96cb2b6116442be1f40dfb5bd77447d1219e
> meta-openembedded: 7bd7e1da9034e72ca4262dba55f70b2b23499aae
> oecore: 567dd35d893c5d8969d41f263a24da8fbae3fc2f
> poky: 0a2ca9d60f3851515a79d5aa9ddd8b4069b5a206
> 
> 
> 
> This is an automated message from the Yocto Project Autobuilder
> Git: git://git.yoctoproject.org/yocto-autobuilder2
> Email: richard.pur...@linuxfoundation.org
> 
> 
> 
> 
> 
> 
> 


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#155894): 
https://lists.openembedded.org/g/openembedded-core/message/155894
Mute This Topic: https://lists.openembedded.org/mt/85503853/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-