[OE-core][PATCH] shadow: backport patch to fix CVE-2023-29383

[Xiangyu Chen]

From: Xiangyu Chen 

Signed-off-by: Xiangyu Chen 
---
 .../0001-Added-control-character-check.patch  | 53 +++
 meta/recipes-extended/shadow/shadow.inc   |  1 +
 2 files changed, 54 insertions(+)
 create mode 100644 
meta/recipes-extended/shadow/files/0001-Added-control-character-check.patch

diff --git 
a/meta/recipes-extended/shadow/files/0001-Added-control-character-check.patch 
b/meta/recipes-extended/shadow/files/0001-Added-control-character-check.patch
new file mode 100644
index 00..f53341d3fc
--- /dev/null
+++ 
b/meta/recipes-extended/shadow/files/0001-Added-control-character-check.patch
@@ -0,0 +1,53 @@
+From e5905c4b84d4fb90aefcd96ee618411ebfac663d Mon Sep 17 00:00:00 2001
+From: tomspiderlabs <128755403+tomspiderl...@users.noreply.github.com>
+Date: Thu, 23 Mar 2023 23:39:38 +
+Subject: [PATCH] Added control character check
+
+Added control character check, returning -1 (to "err") if control characters 
are present.
+
+CVE: CVE-2023-29383
+Upstream-Status: Backport
+
+Reference to upstream:
+https://github.com/shadow-maint/shadow/commit/e5905c4b84d4fb90aefcd96ee618411ebfac663d
+
+Signed-off-by: Xiangyu Chen 
+---
+ lib/fields.c | 11 +++
+ 1 file changed, 7 insertions(+), 4 deletions(-)
+
+diff --git a/lib/fields.c b/lib/fields.c
+index 640be931..fb51b582 100644
+--- a/lib/fields.c
 b/lib/fields.c
+@@ -21,9 +21,9 @@
+  *
+  * The supplied field is scanned for non-printable and other illegal
+  * characters.
+- *  + -1 is returned if an illegal character is present.
+- *  +  1 is returned if no illegal characters are present, but the field
+- *   contains a non-printable character.
++ *  + -1 is returned if an illegal or control character is present.
++ *  +  1 is returned if no illegal or control characters are present,
++ *   but the field contains a non-printable character.
+  *  +  0 is returned otherwise.
+  */
+ int valid_field (const char *field, const char *illegal)
+@@ -45,10 +45,13 @@ int valid_field (const char *field, const char *illegal)
+   }
+ 
+   if (0 == err) {
+-  /* Search if there are some non-printable characters */
++  /* Search if there are non-printable or control characters */
+   for (cp = field; '\0' != *cp; cp++) {
+   if (!isprint (*cp)) {
+   err = 1;
++  }
++  if (!iscntrl (*cp)) {
++  err = -1;
+   break;
+   }
+   }
+-- 
+2.34.1
+
diff --git a/meta/recipes-extended/shadow/shadow.inc 
b/meta/recipes-extended/shadow/shadow.inc
index 2c70a2d00e..e8f58f30dd 100644
--- a/meta/recipes-extended/shadow/shadow.inc
+++ b/meta/recipes-extended/shadow/shadow.inc
@@ -14,6 +14,7 @@ GITHUB_BASE_URI = 
"https://github.com/shadow-maint/shadow/releases;
 SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/${BP}.tar.gz \
${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', 
d)} \
file://useradd \
+   file://0001-Added-control-character-check.patch \
"
 
 SRC_URI:append:class-target = " \
-- 
2.32.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#180178): 
https://lists.openembedded.org/g/openembedded-core/message/180178
Mute This Topic: https://lists.openembedded.org/mt/98338269/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH V1] coreutils: Add gcc parameter for ptest

[Khem Raj]

On Mon, Apr 17, 2023 at 8:42 PM qi...@fujitsu.com  wrote:

> This should be a symlink to gcc on target so I wonder why it does not work
>
> First, see the coreutils’ files which installed on target.
>
> 
>
>   Makefile  -->created by cross-compile
>
>   build-aux
>
>   init.cfg --> copied from src
>
>   run-ptest
>
> tests
>
> 
>
> In Makefile, CC is defined by aarch64-agl-linux-gcc with
> --sysroot=recipe-sysroot.
>
>  CC = aarch64-agl-linux-gcc  -fstack-protector-strong  -O2
> -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security
> --sysroot=recipe-sysroot
>
> In init.cfg, CC  is used to compile k.c file.
>
>  $CC -Wall -shared --std=gnu99 -fPIC -O2 $* "$in" -o "$out"
> $gcc_shared_libs_
>
> Because of “--sysroot=recipe-sysroot”, it does not work.
>
> So, we could add “-I /usr/include” in Makefile or init.cfg, or delete “
> --sysroot=recipe-sysroot” from Makefile.
>
> Which one is better?
>

Delete sysroot

> Let me know, and I will send the patch v2.
>
> thanks.
>
> 
>
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#180177): 
https://lists.openembedded.org/g/openembedded-core/message/180177
Mute This Topic: https://lists.openembedded.org/mt/98258324/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [qa-build-notification] QA notification for completed autobuilder build (yocto-4.0.9.rc1)

[Jing Hui Tham]

Hi All,
 
QA for yocto-4.0.9.rc1 is completed. This is the full report for this release:  
https://git.yoctoproject.org/cgit/cgit.cgi/yocto-testresults-contrib/tree/?h=intel-yocto-testresults
 
=== Summary 
No high milestone defects.
 
No new issue found. 
 
Thanks,
Jing Hui


> -Original Message-
> From: qa-build-notificat...@lists.yoctoproject.org  notificat...@lists.yoctoproject.org> On Behalf Of Pokybuild User
> Sent: Thursday, April 13, 2023 6:38 AM
> To: yo...@lists.yoctoproject.org
> Cc: qa-build-notificat...@lists.yoctoproject.org
> Subject: [qa-build-notification] QA notification for completed autobuilder
> build (yocto-4.0.9.rc1)
> 
> 
> A build flagged for QA (yocto-4.0.9.rc1) was completed on the autobuilder
> and is available at:
> 
> 
> https://autobuilder.yocto.io/pub/releases/yocto-4.0.9.rc1
> 
> 
> Build hash information:
> 
> bitbake: 2802adb572eb73a3eb2725a74a9bbdaafc543fa7
> meta-agl: 535bc8f54ce5fcb4a94204df5f2b3317beb53f23
> meta-arm: a0216a41bde3f191037332a9238648bedfbc61bd
> meta-aws: 3f7ab5912239d667764e7df885776b267eddf265
> meta-gplv2: d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a
> meta-intel: 4c6cc14669d0e9de36e1a050ce4084ca14181722
> meta-mingw: a90614a6498c3345704e9611f2842eb933dc51c1
> meta-openembedded: 571e36e20e9d1f27af0eb4545291beeb64f280e2
> meta-virtualization: bfa6727718bc4eb550c24e2c03a4118b4e7bc842
> oecore: ff4b57903a93b710284c7c7f916ddd74712f
> poky: 09def309f91929f47c6cce386016ccb777bd2cfc
> 
> 
> 
> This is an automated message from the Yocto Project Autobuilder
> Git: git://git.yoctoproject.org/yocto-autobuilder2
> Email: richard.pur...@linuxfoundation.org
> 
> 
> 
> 
> 
> 
> 


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#180176): 
https://lists.openembedded.org/g/openembedded-core/message/180176
Mute This Topic: https://lists.openembedded.org/mt/98310546/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [kirkstone][PATCH] curl: CVE-2023-27538 fix SSH connection too eager reuse

[Hitendra Prajapati]

Hi Steve,

It is fine with combined patch as it contains fix for CVE-2023-27538.

Thank you & Regards,

Hitendra

On 17/04/23 22:11, Steve Sakoman wrote:

There is also a patch submitted today that fixes this CVE as well as
two others:https://lists.openembedded.org/g/openembedded-core/message/180143

Could you review the above patch and ack if you approve.  It would be
nice to fix all three patches in a single commit if possible.

Thanks!

Steve

On Sun, Apr 16, 2023 at 10:05 PM Hitendra Prajapati
  wrote:

Upstream-Status: Backport 
fromhttps://github.com/curl/curl/commit/af369db4d3833272b8ed443f7fcc2e757a0872eb

Signed-off-by: Hitendra Prajapati
---
  .../curl/curl/CVE-2023-27538.patch| 31 +++
  meta/recipes-support/curl/curl_7.82.0.bb  |  1 +
  2 files changed, 32 insertions(+)
  create mode 100644 meta/recipes-support/curl/curl/CVE-2023-27538.patch

diff --git a/meta/recipes-support/curl/curl/CVE-2023-27538.patch 
b/meta/recipes-support/curl/curl/CVE-2023-27538.patch
new file mode 100644
index 00..8ef81fb306
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2023-27538.patch
@@ -0,0 +1,31 @@
+From af369db4d3833272b8ed443f7fcc2e757a0872eb Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg
+Date: Fri, 10 Mar 2023 08:22:51 +0100
+Subject: [PATCH] url: fix the SSH connection reuse check
+
+Reported-by: Harry Sintonen
+Closes #10735
+
+CVE: CVE-2023-27538
+Upstream-Status: Backport 
[https://github.com/curl/curl/commit/af369db4d3833272b8ed443f7fcc2e757a0872eb]
+Signed-off-by: Hitendra Prajapati
+---
+ lib/url.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/url.c b/lib/url.c
+index f5e54c7..7dd342a 100644
+--- a/lib/url.c
 b/lib/url.c
+@@ -1353,7 +1353,7 @@ ConnectionExists(struct Curl_easy *data,
+  (data->state.httpwant < CURL_HTTP_VERSION_2_0))
+ continue;
+
+-  if(get_protocol_family(needle->handler) == PROTO_FAMILY_SSH) {
++  if(get_protocol_family(needle->handler) & PROTO_FAMILY_SSH) {
+ if(!ssh_config_matches(needle, check))
+   continue;
+   }
+--
+2.25.1
+
diff --git a/meta/recipes-support/curl/curl_7.82.0.bb 
b/meta/recipes-support/curl/curl_7.82.0.bb
index 4c18afe293..b0a456016d 100644
--- a/meta/recipes-support/curl/curl_7.82.0.bb
+++ b/meta/recipes-support/curl/curl_7.82.0.bb
@@ -42,6 +42,7 @@ SRC_URI ="https://curl.se/download/${BP}.tar.xz \ file://CVE-2023-23916.patch 
\ file://CVE-2023-27533.patch \ file://CVE-2023-27534.patch \ + 
file://CVE-2023-27538.patch \ "

  SRC_URI[sha256sum] = 
"0aaa12d7bd04b0966254f2703ce80dd5c38dbbd76af0297d3d690cdce58a583c"

--
2.25.1





--
Regards,
Hitendra Prajapati
MontaVista Software LLC

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#180175): 
https://lists.openembedded.org/g/openembedded-core/message/180175
Mute This Topic: https://lists.openembedded.org/mt/98314707/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH V1] coreutils: Add gcc parameter for ptest

[qi...@fujitsu.com]

> 
> 
> 
> This should be a symlink to gcc on target so I wonder why it does not work
> 
> 
> 

First, see the coreutils’ files which installed on target.



Makefile  -->created by cross-compile

build-aux

init.cfg --> copied from src

run-ptest

tests



In Makefile, CC is defined by aarch64-agl-linux-gcc with 
--sysroot=recipe-sysroot.

CC = aarch64-agl-linux-gcc  -fstack-protector-strong  -O2 -D_FORTIFY_SOURCE=2 
-Wformat -Wformat-security -Werror=format-security --sysroot=recipe-sysroot

In init.cfg, CC  is used to compile k.c file.

$CC -Wall -shared --std=gnu99 -fPIC -O2 $* "$in" -o "$out" $gcc_shared_libs_

Because of “ --sysroot=recipe-sysroot ” , it does not work.

So, we could add “ -I /usr/include ” in Makefile or init.cfg, or delete “ 
--sysroot=recipe-sysroot ” from Makefile.

Which one is better?

Let me know, and I will send the patch v2.

thanks.

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#180174): 
https://lists.openembedded.org/g/openembedded-core/message/180174
Mute This Topic: https://lists.openembedded.org/mt/98258324/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH V1] coreutils: Add gcc parameter for ptest

[qi...@fujitsu.com]

From: Khem Raj 
Sent: Tuesday, April 18, 2023 9:14 AM
To: Qiu, Tingting/仇 婷婷 
Cc: Richard Purdie ; FNST fnstml-fujitsuten 
; openembedded-core@lists.openembedded.org
Subject: Re: [OE-core] [PATCH V1] coreutils: Add gcc parameter for ptest



On Mon, Apr 17, 2023 at 6:05 PM Tingting Qiu (Fujitsu) 
mailto:qi...@fujitsu.com>> wrote:


> -Original Message-
> From: Khem Raj mailto:raj.k...@gmail.com>>
> Sent: Saturday, April 15, 2023 12:11 AM
> To: Richard Purdie 
> mailto:richard.pur...@linuxfoundation.org>>
> Cc: Qiu, Tingting/仇 婷婷 mailto:qi...@fujitsu.com>>;
> openembedded-core@lists.openembedded.org;
>  FNST fnstml-fujitsuten
> mailto:fnstml-fujitsu...@fujitsu.com>>
> Subject: Re: [OE-core] [PATCH V1] coreutils: Add gcc parameter for ptest
>
> On Fri, Apr 14, 2023 at 3:06 AM Richard Purdie
> mailto:richard.pur...@linuxfoundation.org>>
>  wrote:
> >
> > On Fri, 2023-04-14 at 16:53 +0800, 
> > qi...@fujitsu.com wrote:
> > > From: Qiu Tingting mailto:qi...@fujitsu.com>>
> > >
> > > If gcc is installed in image, ptest result has 4 ERROR.
> > >   ERROR: tests/rm/r-root.sh
> > >   ERROR: tests/rm/rm-readdir-fail.sh
> > >   ERROR: tests/cp/nfs-removal-race.sh
> > >   ERROR: tests/ls/getxattr-speedup.sh
> > >
> > > r-root.log as an example:
> > >   --
> > >   k.c:1:10: fatal error: stdio.h: No such file or directory
> > >   1 | #include 
> > > |  ^
> > >   compilation terminated.
> > >   r-root.sh: set-up failure: failed to build shared library
> > >   ERROR tests/rm/r-root.sh (exit status: 99)
> > >   --
> > >
> > > reason:
> > >   In these cases, k.c file is created and compiled by gcc before run.
> > >   There is a stdio.h file in /usr/include/ directory,
> > >   but gcc parameter is not set it.
> > >
> > > solution:
> > >   Add "-l /usr/include/" in gcc parameter.
> > >
> > > other:
> > >   If gcc is not installed in image, these cases will be skipped.
> > >
> > > Signed-off-by: Qiu Tingting mailto:qi...@fujitsu.com>>
> > > ---
> > >  meta/recipes-core/coreutils/coreutils_9.1.bb | 
> > > 1 +
> > >  1 file changed, 1 insertion(+)
> >
> >
> > I'm a bit puzzled by this. Wouldn't on target gcc have /usr/include as
> > part of it's default search path? Why isn't the default search path
> > working?
>
> yeah. Perhaps looking at full compiler commandline used just for this test
> would help maybe there is something like -ffreestanding or something passed
> to it.

Normal gcc have /usr/include as part of its default search path.
I used aarch64-agl-linux-gcc for aarch64 board, which does not search this path.

This should be a symlink to gcc on target so I wonder why it does not work

First, see the coreutils’ files which installed on target.

  Makefile  -->created by cross-compile
  build-aux
  init.cfg --> copied from src
  run-ptest
tests

In Makefile, CC is defined by aarch64-agl-linux-gcc with 
--sysroot=recipe-sysroot.
 CC = aarch64-agl-linux-gcc  -fstack-protector-strong  -O2 -D_FORTIFY_SOURCE=2 
-Wformat -Wformat-security -Werror=format-security --sysroot=recipe-sysroot
In init.cfg, CC  is used to compile k.c file.
 $CC -Wall -shared --std=gnu99 -fPIC -O2 $* "$in" -o "$out" $gcc_shared_libs_
Because of “--sysroot=recipe-sysroot”, it does not work.
So, we could add “-I /usr/include” in Makefile or init.cfg, or delete 
“--sysroot=recipe-sysroot” from Makefile.
Which one is better?
Let me know, and I will send the patch v2.
thanks.

Best regards,
Qiu Tingting


Best regards,
Qiu Tingting
>
> >
> > Cheers,
> >
> > Richard
> >
> >
> > >
> > > diff --git 
> > > a/meta/recipes-core/coreutils/coreutils_9.1.bb
> > > b/meta/recipes-core/coreutils/coreutils_9.1.bb
> > > index 4807eefd04..fe785b673d 100644
> > > --- 
> > > a/meta/recipes-core/coreutils/coreutils_9.1.bb
> > > +++ 
> > > b/meta/recipes-core/coreutils/coreutils_9.1.bb
> > > @@ -184,6 +184,7 @@ do_install_ptest () {
> > >  install ${S}/build-aux/test-driver ${D}${PTEST_PATH}/build-aux/
> > >  cp ${B}/Makefile ${D}${PTEST_PATH}/
> > >  cp ${S}/init.cfg ${D}${PTEST_PATH}/
> > > +sed -i 's/CC -Wall -shared/CC -Wall -shared -l
> > > + \/usr\/include\//g' ${D}${PTEST_PATH}/init.cfg
> > >  cp -r ${B}/src ${D}${PTEST_PATH}/
> > >  cp -r ${S}/src/*.c ${D}${PTEST_PATH}/src
> > >  sed -i '/^VPATH/s/= .*$/= ./g' ${D}${PTEST_PATH}/Makefile
> > >
> > >
> >
> >
> > 
> >

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#180173): 
https://lists.openembedded.org/g/openembedded-core/message/180173
Mute This Topic: https://lists.openembedded.org/mt/98258324/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: 

Re: [OE-core] [PATCH V1] coreutils: Add gcc parameter for ptest

[Khem Raj]

On Mon, Apr 17, 2023 at 6:05 PM Tingting Qiu (Fujitsu) 
wrote:

>
>
> > -Original Message-
> > From: Khem Raj 
> > Sent: Saturday, April 15, 2023 12:11 AM
> > To: Richard Purdie 
> > Cc: Qiu, Tingting/仇 婷婷 ;
> > openembedded-core@lists.openembedded.org; FNST fnstml-fujitsuten
> > 
> > Subject: Re: [OE-core] [PATCH V1] coreutils: Add gcc parameter for ptest
> >
> > On Fri, Apr 14, 2023 at 3:06 AM Richard Purdie
> >  wrote:
> > >
> > > On Fri, 2023-04-14 at 16:53 +0800, qi...@fujitsu.com wrote:
> > > > From: Qiu Tingting 
> > > >
> > > > If gcc is installed in image, ptest result has 4 ERROR.
> > > >   ERROR: tests/rm/r-root.sh
> > > >   ERROR: tests/rm/rm-readdir-fail.sh
> > > >   ERROR: tests/cp/nfs-removal-race.sh
> > > >   ERROR: tests/ls/getxattr-speedup.sh
> > > >
> > > > r-root.log as an example:
> > > >   --
> > > >   k.c:1:10: fatal error: stdio.h: No such file or directory
> > > >   1 | #include 
> > > > |  ^
> > > >   compilation terminated.
> > > >   r-root.sh: set-up failure: failed to build shared library
> > > >   ERROR tests/rm/r-root.sh (exit status: 99)
> > > >   --
> > > >
> > > > reason:
> > > >   In these cases, k.c file is created and compiled by gcc before run.
> > > >   There is a stdio.h file in /usr/include/ directory,
> > > >   but gcc parameter is not set it.
> > > >
> > > > solution:
> > > >   Add "-l /usr/include/" in gcc parameter.
> > > >
> > > > other:
> > > >   If gcc is not installed in image, these cases will be skipped.
> > > >
> > > > Signed-off-by: Qiu Tingting 
> > > > ---
> > > >  meta/recipes-core/coreutils/coreutils_9.1.bb | 1 +
> > > >  1 file changed, 1 insertion(+)
> > >
> > >
> > > I'm a bit puzzled by this. Wouldn't on target gcc have /usr/include as
> > > part of it's default search path? Why isn't the default search path
> > > working?
> >
> > yeah. Perhaps looking at full compiler commandline used just for this
> test
> > would help maybe there is something like -ffreestanding or something
> passed
> > to it.
>
> Normal gcc have /usr/include as part of its default search path.
> I used aarch64-agl-linux-gcc for aarch64 board, which does not search this
> path.


This should be a symlink to gcc on target so I wonder why it does not work


>
> Best regards,
> Qiu Tingting
> >
> > >
> > > Cheers,
> > >
> > > Richard
> > >
> > >
> > > >
> > > > diff --git a/meta/recipes-core/coreutils/coreutils_9.1.bb
> > > > b/meta/recipes-core/coreutils/coreutils_9.1.bb
> > > > index 4807eefd04..fe785b673d 100644
> > > > --- a/meta/recipes-core/coreutils/coreutils_9.1.bb
> > > > +++ b/meta/recipes-core/coreutils/coreutils_9.1.bb
> > > > @@ -184,6 +184,7 @@ do_install_ptest () {
> > > >  install ${S}/build-aux/test-driver ${D}${PTEST_PATH}/build-aux/
> > > >  cp ${B}/Makefile ${D}${PTEST_PATH}/
> > > >  cp ${S}/init.cfg ${D}${PTEST_PATH}/
> > > > +sed -i 's/CC -Wall -shared/CC -Wall -shared -l
> > > > + \/usr\/include\//g' ${D}${PTEST_PATH}/init.cfg
> > > >  cp -r ${B}/src ${D}${PTEST_PATH}/
> > > >  cp -r ${S}/src/*.c ${D}${PTEST_PATH}/src
> > > >  sed -i '/^VPATH/s/= .*$/= ./g' ${D}${PTEST_PATH}/Makefile
> > > >
> > > >
> > >
> > >
> > > 
> > >
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#180172): 
https://lists.openembedded.org/g/openembedded-core/message/180172
Mute This Topic: https://lists.openembedded.org/mt/98258324/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH V1] coreutils: Add gcc parameter for ptest

[qi...@fujitsu.com]

> -Original Message-
> From: Khem Raj 
> Sent: Saturday, April 15, 2023 12:11 AM
> To: Richard Purdie 
> Cc: Qiu, Tingting/仇 婷婷 ;
> openembedded-core@lists.openembedded.org; FNST fnstml-fujitsuten
> 
> Subject: Re: [OE-core] [PATCH V1] coreutils: Add gcc parameter for ptest
> 
> On Fri, Apr 14, 2023 at 3:06 AM Richard Purdie
>  wrote:
> >
> > On Fri, 2023-04-14 at 16:53 +0800, qi...@fujitsu.com wrote:
> > > From: Qiu Tingting 
> > >
> > > If gcc is installed in image, ptest result has 4 ERROR.
> > >   ERROR: tests/rm/r-root.sh
> > >   ERROR: tests/rm/rm-readdir-fail.sh
> > >   ERROR: tests/cp/nfs-removal-race.sh
> > >   ERROR: tests/ls/getxattr-speedup.sh
> > >
> > > r-root.log as an example:
> > >   --
> > >   k.c:1:10: fatal error: stdio.h: No such file or directory
> > >   1 | #include 
> > > |  ^
> > >   compilation terminated.
> > >   r-root.sh: set-up failure: failed to build shared library
> > >   ERROR tests/rm/r-root.sh (exit status: 99)
> > >   --
> > >
> > > reason:
> > >   In these cases, k.c file is created and compiled by gcc before run.
> > >   There is a stdio.h file in /usr/include/ directory,
> > >   but gcc parameter is not set it.
> > >
> > > solution:
> > >   Add "-l /usr/include/" in gcc parameter.
> > >
> > > other:
> > >   If gcc is not installed in image, these cases will be skipped.
> > >
> > > Signed-off-by: Qiu Tingting 
> > > ---
> > >  meta/recipes-core/coreutils/coreutils_9.1.bb | 1 +
> > >  1 file changed, 1 insertion(+)
> >
> >
> > I'm a bit puzzled by this. Wouldn't on target gcc have /usr/include as
> > part of it's default search path? Why isn't the default search path
> > working?
> 
> yeah. Perhaps looking at full compiler commandline used just for this test
> would help maybe there is something like -ffreestanding or something passed
> to it.

Normal gcc have /usr/include as part of its default search path.
I used aarch64-agl-linux-gcc for aarch64 board, which does not search this path.

Best regards,
Qiu Tingting
> 
> >
> > Cheers,
> >
> > Richard
> >
> >
> > >
> > > diff --git a/meta/recipes-core/coreutils/coreutils_9.1.bb
> > > b/meta/recipes-core/coreutils/coreutils_9.1.bb
> > > index 4807eefd04..fe785b673d 100644
> > > --- a/meta/recipes-core/coreutils/coreutils_9.1.bb
> > > +++ b/meta/recipes-core/coreutils/coreutils_9.1.bb
> > > @@ -184,6 +184,7 @@ do_install_ptest () {
> > >  install ${S}/build-aux/test-driver ${D}${PTEST_PATH}/build-aux/
> > >  cp ${B}/Makefile ${D}${PTEST_PATH}/
> > >  cp ${S}/init.cfg ${D}${PTEST_PATH}/
> > > +sed -i 's/CC -Wall -shared/CC -Wall -shared -l
> > > + \/usr\/include\//g' ${D}${PTEST_PATH}/init.cfg
> > >  cp -r ${B}/src ${D}${PTEST_PATH}/
> > >  cp -r ${S}/src/*.c ${D}${PTEST_PATH}/src
> > >  sed -i '/^VPATH/s/= .*$/= ./g' ${D}${PTEST_PATH}/Makefile
> > >
> > >
> >
> >
> > 
> >

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#180171): 
https://lists.openembedded.org/g/openembedded-core/message/180171
Mute This Topic: https://lists.openembedded.org/mt/98258324/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH V1] coreutils: Add gcc parameter for ptest

[qi...@fujitsu.com]

Hi Luca,

> -Original Message-
> From: Luca Ceresoli 
> Sent: Friday, April 14, 2023 5:41 PM
> To: Qiu, Tingting/仇 婷婷 
> Cc: openembedded-core@lists.openembedded.org; FNST fnstml-fujitsuten
> 
> Subject: Re: [OE-core] [PATCH V1] coreutils: Add gcc parameter for ptest
> 
> Hello Qiu,
> 
> On Fri, 14 Apr 2023 16:53:20 +0800
> "qi...@fujitsu.com"  wrote:
> 
> > From: Qiu Tingting 
> >
> > If gcc is installed in image, ptest result has 4 ERROR.
> >   ERROR: tests/rm/r-root.sh
> >   ERROR: tests/rm/rm-readdir-fail.sh
> >   ERROR: tests/cp/nfs-removal-race.sh
> >   ERROR: tests/ls/getxattr-speedup.sh
> >
> > r-root.log as an example:
> >   --
> >   k.c:1:10: fatal error: stdio.h: No such file or directory
> >   1 | #include 
> > |  ^
> >   compilation terminated.
> >   r-root.sh: set-up failure: failed to build shared library
> >   ERROR tests/rm/r-root.sh (exit status: 99)
> >   --
> >
> > reason:
> >   In these cases, k.c file is created and compiled by gcc before run.
> >   There is a stdio.h file in /usr/include/ directory,
> >   but gcc parameter is not set it.
> >
> > solution:
> >   Add "-l /usr/include/" in gcc parameter.
> 
> Why "-l"? Shouldn't it be "-I"?
Yes, it should be "-I".
Thanks

Best regards,
Qiu Tingting
> 
> Best regards,
> Luca
> 
> --
> Luca Ceresoli, Bootlin
> Embedded Linux and Kernel engineering
> https://bootlin.com

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#180170): 
https://lists.openembedded.org/g/openembedded-core/message/180170
Mute This Topic: https://lists.openembedded.org/mt/98258324/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH] make-mod-scripts: preserve libraries when rm_work is used

[Jose Quaresma]

Richard Purdie  escreveu no dia
segunda, 17/04/2023 à(s) 20:51:

> On Sun, 2023-04-16 at 12:30 +0200, Christoph Lauer wrote:
> > From: Christoph Lauer 
> >
> > With rm_work active, external module signing throws an error:
> > scripts/sign-file: error while loading shared libraries: libcrypto.so.3:
> cannot open shared object file: No such file or directory
> > Preserve libraries that sign-file script needs during runtime.
> >
> > Signed-off-by: Christoph Lauer 
> > ---
> >  meta/recipes-kernel/make-mod-scripts/make-mod-scripts_1.0.bb | 3 +++
> >  1 file changed, 3 insertions(+)
> >
> > diff --git a/meta/recipes-kernel/make-mod-scripts/
> make-mod-scripts_1.0.bb b/meta/recipes-kernel/make-mod-scripts/
> make-mod-scripts_1.0.bb
> > index 28e0807d1d..0e24efc597 100644
> > --- a/meta/recipes-kernel/make-mod-scripts/make-mod-scripts_1.0.bb
> > +++ b/meta/recipes-kernel/make-mod-scripts/make-mod-scripts_1.0.bb
> > @@ -32,3 +32,6 @@ do_configure() {
> >   -C ${STAGING_KERNEL_DIR} O=${STAGING_KERNEL_BUILDDIR} $t
> >   done
> >  }
> > +
> > +# keep native libraries required for module signing
> > +RM_WORK_EXCLUDE_ITEMS += "recipe-sysroot-native"
>
> I'm really reluctant to take this change as it isn't the way
> dependencies are meant to work.
>
> It sounds like something in a shared workdir is depending on something
> in a recipe workdir and we simply don't support that. Everything needed
> should be in the shared workdir. At best this is a bandaid and there
> will be other ways to make this fail such as cleaning make-mod-scripts.
>

The problem is because for signing the kernel modules the sign-file.c [1]
is linked dynamically with openssl-native.
This works when building the in tree kernel modules but will fail when we
try to sing any out of tree kernel module.
To sign the out of tree kernel we will use the binaries from the shared
workdir but the native libcrypto.so.3 is removed by
the rm_work bbclass. We need to link the sign-file statically otherwise it
will not work with the rm_work bbclass.

[1] https://github.com/torvalds/linux/blob/master/scripts/sign-file.c

Another solution for this problem can be changing the make-mod-scripts to
be a native tool and in this way
they will be installed and the dependencies will be handled correctly.


> I'm even less keen to take it when I think it's going to be backported
> "everywhere" as if is the correct solution too.
>
> I don't know what the right fix is unfortunately. I'm sure people would
> like me to think about it and come up with one but there are simply too
> many different things people would like me to do that with and even for
> me, it does take a while to work these things out. I'm just out of
> bandwidth, sorry :(
>

It is true that it is not the correct solution but it is the most suitable
in my opinion.
I totally understand what you say and I'm a little sorry that I could still
help in this same fix.

This problem is something I would also like to fix because I am using the
RM_WORK_EXCLUDE
for quite some time to fix this issue on my distro.
I would like to convert the make-mod-scripts to be a native tool but I
haven't had time for that either.

Sorry and thank you for all your dedication and help.

Jose


> Cheers,
>
> Richard
>
>
>
> 
>
>

-- 
Best regards,

José Quaresma

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#180169): 
https://lists.openembedded.org/g/openembedded-core/message/180169
Mute This Topic: https://lists.openembedded.org/mt/98296212/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] Recipes containing both git and npmsw sources in the SRC_URI fail during fetch from the shrinkwrap. It seems that when the fetcher is fetching from the shrinkwrap, the SRCREV variabl

[Svend Meyland Nicolaisen]

From: Svend Meyland Nicolaisen 

Signed-off-by: Svend Meyland Nicolaisen 
---
 lib/bb/fetch2/npmsw.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/bb/fetch2/npmsw.py b/lib/bb/fetch2/npmsw.py
index 36fcbfba..cc81100b 100644
--- a/lib/bb/fetch2/npmsw.py
+++ b/lib/bb/fetch2/npmsw.py
@@ -205,7 +205,9 @@ class NpmShrinkWrap(FetchMethod):
 # This fetcher resolves multiple URIs from a shrinkwrap file and then
 # forwards it to a proxy fetcher. The management of the donestamp file,
 # the lockfile and the checksums are forwarded to the proxy fetcher.
-ud.proxy = Fetch([dep["url"] for dep in ud.deps if dep["url"]], data)
+shrinkwrap_urls = [dep["url"] for dep in ud.deps if dep["url"]]
+if shrinkwrap_urls:
+ud.proxy = Fetch(shrinkwrap_urls, data)
 ud.needdonestamp = False
 
 @staticmethod
-- 
2.39.2.windows.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#180168): 
https://lists.openembedded.org/g/openembedded-core/message/180168
Mute This Topic: https://lists.openembedded.org/mt/98330179/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH] make-mod-scripts: preserve libraries when rm_work is used

[Richard Purdie]

On Sun, 2023-04-16 at 12:30 +0200, Christoph Lauer wrote:
> From: Christoph Lauer 
> 
> With rm_work active, external module signing throws an error:
> scripts/sign-file: error while loading shared libraries: libcrypto.so.3: 
> cannot open shared object file: No such file or directory
> Preserve libraries that sign-file script needs during runtime.
> 
> Signed-off-by: Christoph Lauer 
> ---
>  meta/recipes-kernel/make-mod-scripts/make-mod-scripts_1.0.bb | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/meta/recipes-kernel/make-mod-scripts/make-mod-scripts_1.0.bb 
> b/meta/recipes-kernel/make-mod-scripts/make-mod-scripts_1.0.bb
> index 28e0807d1d..0e24efc597 100644
> --- a/meta/recipes-kernel/make-mod-scripts/make-mod-scripts_1.0.bb
> +++ b/meta/recipes-kernel/make-mod-scripts/make-mod-scripts_1.0.bb
> @@ -32,3 +32,6 @@ do_configure() {
>   -C ${STAGING_KERNEL_DIR} O=${STAGING_KERNEL_BUILDDIR} $t
>   done
>  }
> +
> +# keep native libraries required for module signing
> +RM_WORK_EXCLUDE_ITEMS += "recipe-sysroot-native"

I'm really reluctant to take this change as it isn't the way
dependencies are meant to work.

It sounds like something in a shared workdir is depending on something
in a recipe workdir and we simply don't support that. Everything needed
should be in the shared workdir. At best this is a bandaid and there
will be other ways to make this fail such as cleaning make-mod-scripts.

I'm even less keen to take it when I think it's going to be backported
"everywhere" as if is the correct solution too.

I don't know what the right fix is unfortunately. I'm sure people would
like me to think about it and come up with one but there are simply too
many different things people would like me to do that with and even for
me, it does take a while to work these things out. I'm just out of
bandwidth, sorry :(

Cheers,

Richard



-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#180167): 
https://lists.openembedded.org/g/openembedded-core/message/180167
Mute This Topic: https://lists.openembedded.org/mt/98296212/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH] make-mod-scripts: preserve libraries when rm_work is used

[Bruce Ashfield]

On Sun, Apr 16, 2023 at 6:31 AM Christoph Lauer
 wrote:
>
> From: Christoph Lauer 
>
> With rm_work active, external module signing throws an error:
> scripts/sign-file: error while loading shared libraries: libcrypto.so.3: 
> cannot open shared object file: No such file or directory
> Preserve libraries that sign-file script needs during runtime.
>

We are by design installing the output of the scripts target to the
staging kernel build dir.

If there's some part of the build and install that isn't going to the
shared location, then we should be making sure it goes to that shared
location (and is cleaned with the rest of the artifacts).

Users of those same scripts need to be able to locate and load the
artifacts from the staging kernel build dir, but that's
solvable/preferable.

If you've tried the above and it doesn't work, it would be useful to
capture that in the commit log.

Bruce

> Signed-off-by: Christoph Lauer 
> ---
>  meta/recipes-kernel/make-mod-scripts/make-mod-scripts_1.0.bb | 3 +++
>  1 file changed, 3 insertions(+)
>
> diff --git a/meta/recipes-kernel/make-mod-scripts/make-mod-scripts_1.0.bb 
> b/meta/recipes-kernel/make-mod-scripts/make-mod-scripts_1.0.bb
> index 28e0807d1d..0e24efc597 100644
> --- a/meta/recipes-kernel/make-mod-scripts/make-mod-scripts_1.0.bb
> +++ b/meta/recipes-kernel/make-mod-scripts/make-mod-scripts_1.0.bb
> @@ -32,3 +32,6 @@ do_configure() {
> -C ${STAGING_KERNEL_DIR} O=${STAGING_KERNEL_BUILDDIR} $t
> done
>  }
> +
> +# keep native libraries required for module signing
> +RM_WORK_EXCLUDE_ITEMS += "recipe-sysroot-native"
> --
> 2.17.1
>
>
> 
>


-- 
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#180166): 
https://lists.openembedded.org/g/openembedded-core/message/180166
Mute This Topic: https://lists.openembedded.org/mt/98296212/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH] make-mod-scripts: preserve libraries when rm_work is used

[Christoph Lauer]

Hi Jose,

Thanks for your comment; I intend to backport the patch to all actively
maintained branches once it is accepted for master merge.

Christoph

Am 17.04.23 um 12:19 schrieb Jose Quaresma:

Hi Christoph,

This patch is also applicable on kirstone so it can be backported.
I use in my distro RM_WORK_EXCLUDE += "make-mod-scripts" but your fix
looks better.
Thanks.

Jose

Christoph Lauer mailto:christoph.la...@email.de>> escreveu no dia domingo, 16/04/2023
à(s) 11:31:

From: Christoph Lauer mailto:christoph.la...@xtronic.de>>

With rm_work active, external module signing throws an error:
scripts/sign-file: error while loading shared libraries:
libcrypto.so.3: cannot open shared object file: No such file or
directory
Preserve libraries that sign-file script needs during runtime.

Signed-off-by: Christoph Lauer mailto:christoph.la...@xtronic.de>>
---
  meta/recipes-kernel/make-mod-scripts/make-mod-scripts_1.0.bb
 | 3 +++
  1 file changed, 3 insertions(+)

diff --git
a/meta/recipes-kernel/make-mod-scripts/make-mod-scripts_1.0.bb

b/meta/recipes-kernel/make-mod-scripts/make-mod-scripts_1.0.bb

index 28e0807d1d..0e24efc597 100644
--- a/meta/recipes-kernel/make-mod-scripts/make-mod-scripts_1.0.bb

+++ b/meta/recipes-kernel/make-mod-scripts/make-mod-scripts_1.0.bb

@@ -32,3 +32,6 @@ do_configure() {
                 -C ${STAGING_KERNEL_DIR}
O=${STAGING_KERNEL_BUILDDIR} $t
         done
  }
+
+# keep native libraries required for module signing
+RM_WORK_EXCLUDE_ITEMS += "recipe-sysroot-native"
--
2.17.1







--
Best regards,

José Quaresma

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#180165): 
https://lists.openembedded.org/g/openembedded-core/message/180165
Mute This Topic: https://lists.openembedded.org/mt/98296212/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [kirkstone][PATCH] curl: Fix CVE-2023-27536

[Steve Sakoman]

There is also a patch submitted today that fixes this CVE as well as
two others: https://lists.openembedded.org/g/openembedded-core/message/180143

Could you review the above patch and ack if you approve.  It would be
nice to fix all three patches in a single commit if possible.

Thanks!

Steve

On Sun, Apr 16, 2023 at 8:22 PM Yu, Mingli  wrote:
>
> From: Mingli Yu 
>
> Backport patch [1] to fix CVE-2023-27536.
>
> [1] https://github.com/curl/curl/commit/cb49e67303dba
>
> Signed-off-by: Mingli Yu 
> ---
>  .../curl/curl/CVE-2023-27536.patch| 57 +++
>  meta/recipes-support/curl/curl_7.82.0.bb  |  1 +
>  2 files changed, 58 insertions(+)
>  create mode 100644 meta/recipes-support/curl/curl/CVE-2023-27536.patch
>
> diff --git a/meta/recipes-support/curl/curl/CVE-2023-27536.patch 
> b/meta/recipes-support/curl/curl/CVE-2023-27536.patch
> new file mode 100644
> index 00..842c70785a
> --- /dev/null
> +++ b/meta/recipes-support/curl/curl/CVE-2023-27536.patch
> @@ -0,0 +1,57 @@
> +From 6b1ef6d5ebbfd5e68dea1eea2dc0c6cc4dc2e394 Mon Sep 17 00:00:00 2001
> +From: Daniel Stenberg 
> +Date: Mon, 17 Apr 2023 05:36:18 +
> +Subject: [PATCH] url: only reuse connections with same GSS delegation
> +
> +Reported-by: Harry Sintonen
> +Closes #10731
> +
> +CVE: CVE-2023-27536
> +
> +Upstream-Status: Backport [https://github.com/curl/curl/commit/cb49e67303dba]
> +
> +Signed-off-by: Mingli Yu 
> +---
> + lib/url.c | 6 ++
> + lib/urldata.h | 1 +
> + 2 files changed, 7 insertions(+)
> +
> +diff --git a/lib/url.c b/lib/url.c
> +index df4377d..8c43c3b 100644
> +--- a/lib/url.c
>  b/lib/url.c
> +@@ -1350,6 +1350,11 @@ ConnectionExists(struct Curl_easy *data,
> + }
> +   }
> +
> ++  /* GSS delegation differences do not actually affect every connection
> ++ and auth method, but this check takes precaution before efficiency 
> */
> ++  if(needle->gssapi_delegation != check->gssapi_delegation)
> ++continue;
> ++
> +   /* If multiplexing isn't enabled on the h2 connection and h1 is
> +  explicitly requested, handle it: */
> +   if((needle->handler->protocol & PROTO_FAMILY_HTTP) &&
> +@@ -1807,6 +1812,7 @@ static struct connectdata *allocate_conn(struct 
> Curl_easy *data)
> +   conn->fclosesocket = data->set.fclosesocket;
> +   conn->closesocket_client = data->set.closesocket_client;
> +   conn->lastused = Curl_now(); /* used now */
> ++  conn->gssapi_delegation = data->set.gssapi_delegation;
> +
> +   return conn;
> +   error:
> +diff --git a/lib/urldata.h b/lib/urldata.h
> +index 69eb2ee..c2a7e6c 100644
> +--- a/lib/urldata.h
>  b/lib/urldata.h
> +@@ -1131,6 +1131,7 @@ struct connectdata {
> +   int socks5_gssapi_enctype;
> + #endif
> +   unsigned short localport;
> ++  unsigned char gssapi_delegation; /* inherited from set.gssapi_delegation 
> */
> + };
> +
> + /* The end of connectdata. */
> +--
> +2.23.0
> +
> diff --git a/meta/recipes-support/curl/curl_7.82.0.bb 
> b/meta/recipes-support/curl/curl_7.82.0.bb
> index 945745cdde..888527857a 100644
> --- a/meta/recipes-support/curl/curl_7.82.0.bb
> +++ b/meta/recipes-support/curl/curl_7.82.0.bb
> @@ -40,6 +40,7 @@ SRC_URI = "https://curl.se/download/${BP}.tar.xz \
> file://CVE-2023-23914_5-4.patch \
> file://CVE-2023-23914_5-5.patch \
> file://CVE-2023-23916.patch \
> +   file://CVE-2023-27536.patch \
> "
>  SRC_URI[sha256sum] = 
> "0aaa12d7bd04b0966254f2703ce80dd5c38dbbd76af0297d3d690cdce58a583c"
>
> --
> 2.25.1
>
>
> 
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#180164): 
https://lists.openembedded.org/g/openembedded-core/message/180164
Mute This Topic: https://lists.openembedded.org/mt/98313621/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [kirkstone][PATCH] curl: CVE-2023-27538 fix SSH connection too eager reuse

[Steve Sakoman]

There is also a patch submitted today that fixes this CVE as well as
two others: https://lists.openembedded.org/g/openembedded-core/message/180143

Could you review the above patch and ack if you approve.  It would be
nice to fix all three patches in a single commit if possible.

Thanks!

Steve

On Sun, Apr 16, 2023 at 10:05 PM Hitendra Prajapati
 wrote:
>
> Upstream-Status: Backport from 
> https://github.com/curl/curl/commit/af369db4d3833272b8ed443f7fcc2e757a0872eb
>
> Signed-off-by: Hitendra Prajapati 
> ---
>  .../curl/curl/CVE-2023-27538.patch| 31 +++
>  meta/recipes-support/curl/curl_7.82.0.bb  |  1 +
>  2 files changed, 32 insertions(+)
>  create mode 100644 meta/recipes-support/curl/curl/CVE-2023-27538.patch
>
> diff --git a/meta/recipes-support/curl/curl/CVE-2023-27538.patch 
> b/meta/recipes-support/curl/curl/CVE-2023-27538.patch
> new file mode 100644
> index 00..8ef81fb306
> --- /dev/null
> +++ b/meta/recipes-support/curl/curl/CVE-2023-27538.patch
> @@ -0,0 +1,31 @@
> +From af369db4d3833272b8ed443f7fcc2e757a0872eb Mon Sep 17 00:00:00 2001
> +From: Daniel Stenberg 
> +Date: Fri, 10 Mar 2023 08:22:51 +0100
> +Subject: [PATCH] url: fix the SSH connection reuse check
> +
> +Reported-by: Harry Sintonen
> +Closes #10735
> +
> +CVE: CVE-2023-27538
> +Upstream-Status: Backport 
> [https://github.com/curl/curl/commit/af369db4d3833272b8ed443f7fcc2e757a0872eb]
> +Signed-off-by: Hitendra Prajapati 
> +---
> + lib/url.c | 2 +-
> + 1 file changed, 1 insertion(+), 1 deletion(-)
> +
> +diff --git a/lib/url.c b/lib/url.c
> +index f5e54c7..7dd342a 100644
> +--- a/lib/url.c
>  b/lib/url.c
> +@@ -1353,7 +1353,7 @@ ConnectionExists(struct Curl_easy *data,
> +  (data->state.httpwant < CURL_HTTP_VERSION_2_0))
> + continue;
> +
> +-  if(get_protocol_family(needle->handler) == PROTO_FAMILY_SSH) {
> ++  if(get_protocol_family(needle->handler) & PROTO_FAMILY_SSH) {
> + if(!ssh_config_matches(needle, check))
> +   continue;
> +   }
> +--
> +2.25.1
> +
> diff --git a/meta/recipes-support/curl/curl_7.82.0.bb 
> b/meta/recipes-support/curl/curl_7.82.0.bb
> index 4c18afe293..b0a456016d 100644
> --- a/meta/recipes-support/curl/curl_7.82.0.bb
> +++ b/meta/recipes-support/curl/curl_7.82.0.bb
> @@ -42,6 +42,7 @@ SRC_URI = "https://curl.se/download/${BP}.tar.xz \
> file://CVE-2023-23916.patch \
> file://CVE-2023-27533.patch \
> file://CVE-2023-27534.patch \
> +   file://CVE-2023-27538.patch \
> "
>  SRC_URI[sha256sum] = 
> "0aaa12d7bd04b0966254f2703ce80dd5c38dbbd76af0297d3d690cdce58a583c"
>
> --
> 2.25.1
>
>
> 
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#180163): 
https://lists.openembedded.org/g/openembedded-core/message/180163
Mute This Topic: https://lists.openembedded.org/mt/98314707/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] OE-core CVE metrics for langdale on Mon 17 Apr 2023 06:19:57 AM HST

[Steve Sakoman]

Branch: langdale

New this week: 5 CVEs
CVE-2023-24537 (CVSS3: 7.5 HIGH): go 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-24537 *
CVE-2023-24626 (CVSS3: 7.8 HIGH): screen 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-24626 *
CVE-2023-27535 (CVSS3: 7.5 HIGH): curl:curl-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27535 *
CVE-2023-27536 (CVSS3: 9.8 CRITICAL): curl:curl-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27536 *
CVE-2023-27538 (CVSS3: 5.5 MEDIUM): curl:curl-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27538 *

Removed this week: 1 CVEs
CVE-2022-4055 (CVSS3: 7.4 HIGH): xdg-utils 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4055 *

Full list:  Found 34 unpatched CVEs
CVE-2020-10735 (CVSS3: 7.5 HIGH): python3:python3-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10735 *
CVE-2022-3219 (CVSS3: 5.5 MEDIUM): gnupg:gnupg-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3219 *
CVE-2022-3515 (CVSS3: 9.8 CRITICAL): gnupg:gnupg-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3515 *
CVE-2022-37454 (CVSS3: 9.8 CRITICAL): python3:python3-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-37454 *
CVE-2022-3872 (CVSS3: 8.6 HIGH): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3872 *
CVE-2022-42919 (CVSS3: 7.8 HIGH): python3:python3-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-42919 *
CVE-2022-44370 (CVSS3: 7.8 HIGH): nasm:nasm-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-44370 *
CVE-2022-44617 (CVSS3: 7.5 HIGH): libxpm 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-44617 *
CVE-2022-45061 (CVSS3: 7.5 HIGH): python3:python3-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-45061 *
CVE-2022-46285 (CVSS3: 7.5 HIGH): libxpm 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46285 *
CVE-2022-4645 (CVSS3: 5.5 MEDIUM): tiff 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4645 *
CVE-2022-46908 (CVSS3: 7.3 HIGH): sqlite3:sqlite3-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46908 *
CVE-2022-4743 (CVSS3: 7.5 HIGH): libsdl2:libsdl2-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4743 *
CVE-2022-4883 (CVSS3: 8.8 HIGH): libxpm 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4883 *
CVE-2023-0664 (CVSS3: 7.8 HIGH): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0664 *
CVE-2023-1544 (CVSS3: 6.3 MEDIUM): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1544 *
CVE-2023-23914 (CVSS3: 9.1 CRITICAL): curl:curl-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-23914 *
CVE-2023-23915 (CVSS3: 6.5 MEDIUM): curl:curl-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-23915 *
CVE-2023-23916 (CVSS3: 7.5 HIGH): curl:curl-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-23916 *
CVE-2023-24329 (CVSS3: 7.5 HIGH): python3:python3-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-24329 *
CVE-2023-24537 (CVSS3: 7.5 HIGH): go 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-24537 *
CVE-2023-24626 (CVSS3: 7.8 HIGH): screen 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-24626 *
CVE-2023-25358 (CVSS3: 9.8 CRITICAL): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25358 *
CVE-2023-25360 (CVSS3: 9.8 CRITICAL): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25360 *
CVE-2023-25361 (CVSS3: 9.8 CRITICAL): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25361 *
CVE-2023-25362 (CVSS3: 9.8 CRITICAL): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25362 *
CVE-2023-25363 (CVSS3: 9.8 CRITICAL): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25363 *
CVE-2023-27533 (CVSS3: 8.8 HIGH): curl:curl-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27533 *
CVE-2023-27534 (CVSS3: 8.8 HIGH): curl:curl-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27534 *
CVE-2023-27535 (CVSS3: 7.5 HIGH): curl:curl-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27535 *
CVE-2023-27536 (CVSS3: 9.8 CRITICAL): curl:curl-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27536 *
CVE-2023-27538 (CVSS3: 5.5 MEDIUM): curl:curl-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27538 *
CVE-2023-28531 (CVSS3: 9.8 CRITICAL): openssh 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28531 *
CVE-2023-28879 (CVSS3: 9.8 CRITICAL): ghostscript:ghostscript-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28879 *

For further information see: 
https://autobuilder.yocto.io/pub/non-release/patchmetrics/

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to 

[OE-core] OE-core CVE metrics for kirkstone on Mon 17 Apr 2023 06:09:59 AM HST

[Steve Sakoman]

Branch: kirkstone

New this week: 5 CVEs
CVE-2023-24537 (CVSS3: 7.5 HIGH): go 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-24537 *
CVE-2023-24626 (CVSS3: 7.8 HIGH): screen 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-24626 *
CVE-2023-27535 (CVSS3: 7.5 HIGH): curl:curl-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27535 *
CVE-2023-27536 (CVSS3: 9.8 CRITICAL): curl:curl-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27536 *
CVE-2023-27538 (CVSS3: 5.5 MEDIUM): curl:curl-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27538 *

Removed this week: 7 CVEs
CVE-2022-2879 (CVSS3: 7.5 HIGH): go 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2879 *
CVE-2022-41720 (CVSS3: 7.5 HIGH): go 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41720 *
CVE-2022-41723 (CVSS3: 7.5 HIGH): go 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41723 *
CVE-2023-0464 (CVSS3: 7.5 HIGH): openssl:openssl-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0464 *
CVE-2023-0465 (CVSS3: 5.3 MEDIUM): openssl:openssl-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0465 *
CVE-2023-0466 (CVSS3: 5.3 MEDIUM): openssl:openssl-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0466 *
CVE-2023-23916 (CVSS3: 7.5 HIGH): curl:curl-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-23916 *

Full list:  Found 34 unpatched CVEs
CVE-2021-35937 (CVSS3: 6.4 MEDIUM): rpm:rpm-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35937 *
CVE-2021-35938 (CVSS3: 6.7 MEDIUM): rpm:rpm-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35938 *
CVE-2021-35939 (CVSS3: 6.7 MEDIUM): rpm:rpm-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35939 *
CVE-2022-3219 (CVSS3: 5.5 MEDIUM): gnupg:gnupg-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3219 *
CVE-2022-3515 (CVSS3: 9.8 CRITICAL): gnupg:gnupg-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3515 *
CVE-2022-3553 (CVSS3: 6.5 MEDIUM): xserver-xorg 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3553 *
CVE-2022-3872 (CVSS3: 8.6 HIGH): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3872 *
CVE-2022-4055 (CVSS3: 7.4 HIGH): xdg-utils 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4055 *
CVE-2022-41716 (CVSS3: 7.5 HIGH): go 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41716 *
CVE-2022-41722 (CVSS3: 7.5 HIGH): go 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41722 *
CVE-2022-41724 (CVSS3: 7.5 HIGH): go 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41724 *
CVE-2022-41725 (CVSS3: 7.5 HIGH): go 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41725 *
CVE-2022-44370 (CVSS3: 7.8 HIGH): nasm:nasm-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-44370 *
CVE-2022-44617 (CVSS3: 7.5 HIGH): libxpm 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-44617 *
CVE-2022-46285 (CVSS3: 7.5 HIGH): libxpm 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46285 *
CVE-2022-4645 (CVSS3: 5.5 MEDIUM): tiff 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4645 *
CVE-2022-4883 (CVSS3: 8.8 HIGH): libxpm 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4883 *
CVE-2023-0664 (CVSS3: 7.8 HIGH): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0664 *
CVE-2023-0795 (CVSS3: 5.5 MEDIUM): tiff 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0795 *
CVE-2023-0796 (CVSS3: 5.5 MEDIUM): tiff 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0796 *
CVE-2023-0797 (CVSS3: 5.5 MEDIUM): tiff 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0797 *
CVE-2023-0798 (CVSS3: 5.5 MEDIUM): tiff 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0798 *
CVE-2023-0799 (CVSS3: 5.5 MEDIUM): tiff 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0799 *
CVE-2023-1544 (CVSS3: 6.3 MEDIUM): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1544 *
CVE-2023-24532 (CVSS3: 5.3 MEDIUM): go 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-24532 *
CVE-2023-24537 (CVSS3: 7.5 HIGH): go 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-24537 *
CVE-2023-24626 (CVSS3: 7.8 HIGH): screen 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-24626 *
CVE-2023-27533 (CVSS3: 8.8 HIGH): curl:curl-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27533 *
CVE-2023-27534 (CVSS3: 8.8 HIGH): curl:curl-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27534 *
CVE-2023-27535 (CVSS3: 7.5 HIGH): curl:curl-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27535 *
CVE-2023-27536 (CVSS3: 9.8 CRITICAL): curl:curl-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27536 *

[OE-core] OE-core CVE metrics for dunfell on Mon 17 Apr 2023 06:03:27 AM HST

[Steve Sakoman]

Branch: dunfell

New this week: 5 CVEs
CVE-2023-24537 (CVSS3: 7.5 HIGH): go:go-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-24537 *
CVE-2023-24626 (CVSS3: 7.8 HIGH): screen 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-24626 *
CVE-2023-27535 (CVSS3: 7.5 HIGH): curl:curl-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27535 *
CVE-2023-27536 (CVSS3: 9.8 CRITICAL): curl:curl-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27536 *
CVE-2023-27538 (CVSS3: 5.5 MEDIUM): curl:curl-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27538 *

Removed this week: 4 CVEs
CVE-2022-41723 (CVSS3: 7.5 HIGH): go:go-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41723 *
CVE-2023-22490 (CVSS3: 5.5 MEDIUM): git 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22490 *
CVE-2023-23916 (CVSS3: 7.5 HIGH): curl:curl-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-23916 *
CVE-2023-23946 (CVSS3: 7.5 HIGH): git 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-23946 *

Full list:  Found 97 unpatched CVEs
CVE-2020-15705 (CVSS3: 6.4 MEDIUM): grub:grub-efi:grub-efi-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15705 *
CVE-2020-25742 (CVSS3: 3.2 LOW): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25742 *
CVE-2020-25743 (CVSS3: 3.2 LOW): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25743 *
CVE-2020-27749 (CVSS3: 6.7 MEDIUM): grub:grub-efi:grub-efi-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27749 *
CVE-2020-27918 (CVSS3: 7.8 HIGH): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27918 *
CVE-2020-29510 (CVSS3: 5.6 MEDIUM): go:go-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29510 *
CVE-2020-29623 (CVSS3: 3.3 LOW): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29623 *
CVE-2020-35503 (CVSS3: 6.0 MEDIUM): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35503 *
CVE-2020-35506 (CVSS3: 6.7 MEDIUM): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35506 *
CVE-2020-9948 (CVSS3: 8.8 HIGH): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9948 *
CVE-2020-9951 (CVSS3: 8.8 HIGH): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9951 *
CVE-2020-9952 (CVSS3: 7.1 HIGH): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9952 *
CVE-2021-1765 (CVSS3: 6.5 MEDIUM): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1765 *
CVE-2021-1789 (CVSS3: 8.8 HIGH): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1789 *
CVE-2021-1799 (CVSS3: 6.5 MEDIUM): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1799 *
CVE-2021-1801 (CVSS3: 6.5 MEDIUM): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1801 *
CVE-2021-1870 (CVSS3: 9.8 CRITICAL): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1870 *
CVE-2021-20225 (CVSS3: 6.7 MEDIUM): grub:grub-efi:grub-efi-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20225 *
CVE-2021-20233 (CVSS3: 8.2 HIGH): grub:grub-efi:grub-efi-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20233 *
CVE-2021-20269 (CVSS3: 5.5 MEDIUM): kexec-tools 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20269 *
CVE-2021-20295 (CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20295 *
CVE-2021-27097 (CVSS3: 7.8 HIGH): u-boot 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27097 *
CVE-2021-27138 (CVSS3: 7.8 HIGH): u-boot 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27138 *
CVE-2021-31879 (CVSS3: 6.1 MEDIUM): wget 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31879 *
CVE-2021-3418 (CVSS3: 6.4 MEDIUM): grub:grub-efi:grub-efi-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3418 *
CVE-2021-3445 (CVSS3: 7.5 HIGH): libdnf 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3445 *
CVE-2021-35937 (CVSS3: 6.4 MEDIUM): rpm:rpm-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35937 *
CVE-2021-35938 (CVSS3: 6.7 MEDIUM): rpm:rpm-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35938 *
CVE-2021-35939 (CVSS3: 6.7 MEDIUM): rpm:rpm-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35939 *
CVE-2021-3611 (CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3611 *
CVE-2021-3782 (CVSS3: 9.8 CRITICAL): wayland:wayland-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3782 *
CVE-2021-3800 (CVSS3: 5.5 MEDIUM): glib-2.0:glib-2.0-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3800 *

[OE-core] OE-core CVE metrics for master on Mon 17 Apr 2023 05:59:27 AM HST

[Steve Sakoman]

Branch: master

New this week: 7 CVEs
CVE-2023-1393 (CVSS3: 7.8 HIGH): xserver-xorg 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1393 *
CVE-2023-1579 (CVSS3: 7.8 HIGH): 
binutils:binutils-cross-testsuite:binutils-cross-x86_64 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1579 *
CVE-2023-1611 (CVSS3: 6.3 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1611 *
CVE-2023-1855 (CVSS3: 6.3 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1855 *
CVE-2023-24537 (CVSS3: 7.5 HIGH): 
go:go-binary-native:go-cross-core2-64:go-runtime 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-24537 *
CVE-2023-24626 (CVSS3: 7.8 HIGH): screen 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-24626 *
CVE-2023-30456 (CVSS3: 7.8 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30456 *

Removed this week: 5 CVEs
CVE-2022-38457 (CVSS3: 5.5 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-38457 *
CVE-2022-40133 (CVSS3: 5.5 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40133 *
CVE-2023-1075 (CVSS3: 3.3 LOW): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1075 *
CVE-2023-1076 (CVSS3: 5.5 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1076 *
CVE-2023-23005 (CVSS3: 5.5 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-23005 *

Full list:  Found 33 unpatched CVEs
CVE-2021-3714 (CVSS3: 7.5 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3714 *
CVE-2021-3864 (CVSS3: 7.0 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3864 *
CVE-2022-0400 (CVSS3: 7.5 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0400 *
CVE-2022-1247 (CVSS3: 7.0 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1247 *
CVE-2022-3219 (CVSS3: 5.5 MEDIUM): gnupg:gnupg-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3219 *
CVE-2022-3533 (CVSS3: 5.7 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3533 *
CVE-2022-3606 (CVSS3: 5.5 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3606 *
CVE-2022-36402 (CVSS3: 5.5 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36402 *
CVE-2022-38096 (CVSS3: 5.5 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-38096 *
CVE-2022-44370 (CVSS3: 7.8 HIGH): nasm:nasm-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-44370 *
CVE-2022-4543 (CVSS3: 5.5 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4543 *
CVE-2022-46456 (CVSS3: 6.1 MEDIUM): nasm:nasm-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46456 *
CVE-2022-48425 (CVSS3: 7.8 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48425 *
CVE-2023-0330 (CVSS3: 6.0 MEDIUM): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0330 *
CVE-2023-0465 (CVSS3: 5.3 MEDIUM): openssl:openssl-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0465 *
CVE-2023-0466 (CVSS3: 5.3 MEDIUM): openssl:openssl-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0466 *
CVE-2023-0615 (CVSS3: 5.5 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0615 *
CVE-2023-0664 (CVSS3: 7.8 HIGH): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0664 *
CVE-2023-1380 (CVSS3: 7.1 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1380 *
CVE-2023-1393 (CVSS3: 7.8 HIGH): xserver-xorg 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1393 *
CVE-2023-1544 (CVSS3: 6.3 MEDIUM): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1544 *
CVE-2023-1579 (CVSS3: 7.8 HIGH): 
binutils:binutils-cross-testsuite:binutils-cross-x86_64 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1579 *
CVE-2023-1611 (CVSS3: 6.3 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1611 *
CVE-2023-1652 (CVSS3: 7.1 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1652 *
CVE-2023-1855 (CVSS3: 6.3 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1855 *
CVE-2023-23039 (CVSS3: 5.7 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-23039 *
CVE-2023-24532 (CVSS3: 5.3 MEDIUM): go-binary-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-24532 *
CVE-2023-24537 (CVSS3: 7.5 HIGH): 
go:go-binary-native:go-cross-core2-64:go-runtime 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-24537 *
CVE-2023-24626 (CVSS3: 7.8 HIGH): screen 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-24626 

[OE-core] [PATCH] wic: add support for proper kernel name to bootimg-pcbios

[Sergey Zhmylev]

From: Sergei Zhmylev 

Use appropriate kernel image name instead of hard-coded vmlinuz for 
bootimg-pcbios plugin.

Signed-off-by: Sergei Zhmylev 
---
 scripts/lib/wic/plugins/source/bootimg-pcbios.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/scripts/lib/wic/plugins/source/bootimg-pcbios.py 
b/scripts/lib/wic/plugins/source/bootimg-pcbios.py
index 32e47f1831..a207a83530 100644
--- a/scripts/lib/wic/plugins/source/bootimg-pcbios.py
+++ b/scripts/lib/wic/plugins/source/bootimg-pcbios.py
@@ -122,7 +122,7 @@ class BootimgPcbiosPlugin(SourcePlugin):
 syslinux_conf += "DEFAULT boot\n"
 syslinux_conf += "LABEL boot\n"
 
-kernel = "/vmlinuz"
+kernel = "/" + get_bitbake_var("KERNEL_IMAGETYPE")
 syslinux_conf += "KERNEL " + kernel + "\n"
 
 syslinux_conf += "APPEND label=boot root=%s %s\n" % \
@@ -155,8 +155,8 @@ class BootimgPcbiosPlugin(SourcePlugin):
 kernel = "%s-%s.bin" % \
 (get_bitbake_var("KERNEL_IMAGETYPE"), 
get_bitbake_var("INITRAMFS_LINK_NAME"))
 
-cmds = ("install -m 0644 %s/%s %s/vmlinuz" %
-(staging_kernel_dir, kernel, hdddir),
+cmds = ("install -m 0644 %s/%s %s/%s" %
+(staging_kernel_dir, kernel, hdddir, 
get_bitbake_var("KERNEL_IMAGETYPE")),
 "install -m 444 %s/syslinux/ldlinux.sys %s/ldlinux.sys" %
 (bootimg_dir, hdddir),
 "install -m 0644 %s/syslinux/vesamenu.c32 %s/vesamenu.c32" %
-- 
2.40.0



-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#180158): 
https://lists.openembedded.org/g/openembedded-core/message/180158
Mute This Topic: https://lists.openembedded.org/mt/98321836/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH] make-mod-scripts: preserve libraries when rm_work is used

[Jose Quaresma]

Hi Christoph,

This patch is also applicable on kirstone so it can be backported.
I use in my distro RM_WORK_EXCLUDE += "make-mod-scripts" but your fix looks
better.
Thanks.

Jose

Christoph Lauer  escreveu no dia domingo,
16/04/2023 à(s) 11:31:

> From: Christoph Lauer 
>
> With rm_work active, external module signing throws an error:
> scripts/sign-file: error while loading shared libraries: libcrypto.so.3:
> cannot open shared object file: No such file or directory
> Preserve libraries that sign-file script needs during runtime.
>
> Signed-off-by: Christoph Lauer 
> ---
>  meta/recipes-kernel/make-mod-scripts/make-mod-scripts_1.0.bb | 3 +++
>  1 file changed, 3 insertions(+)
>
> diff --git a/meta/recipes-kernel/make-mod-scripts/make-mod-scripts_1.0.bb
> b/meta/recipes-kernel/make-mod-scripts/make-mod-scripts_1.0.bb
> index 28e0807d1d..0e24efc597 100644
> --- a/meta/recipes-kernel/make-mod-scripts/make-mod-scripts_1.0.bb
> +++ b/meta/recipes-kernel/make-mod-scripts/make-mod-scripts_1.0.bb
> @@ -32,3 +32,6 @@ do_configure() {
> -C ${STAGING_KERNEL_DIR} O=${STAGING_KERNEL_BUILDDIR} $t
> done
>  }
> +
> +# keep native libraries required for module signing
> +RM_WORK_EXCLUDE_ITEMS += "recipe-sysroot-native"
> --
> 2.17.1
>
>
> 
>
>

-- 
Best regards,

José Quaresma

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#180157): 
https://lists.openembedded.org/g/openembedded-core/message/180157
Mute This Topic: https://lists.openembedded.org/mt/98296212/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] stress-ng: upgrade 0.15.06 -> 0.15.07

[wangmy]

From: Wang Mingyu 

Signed-off-by: Wang Mingyu 
---
 .../stress-ng/{stress-ng_0.15.06.bb => stress-ng_0.15.07.bb}| 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-extended/stress-ng/{stress-ng_0.15.06.bb => 
stress-ng_0.15.07.bb} (94%)

diff --git a/meta/recipes-extended/stress-ng/stress-ng_0.15.06.bb 
b/meta/recipes-extended/stress-ng/stress-ng_0.15.07.bb
similarity index 94%
rename from meta/recipes-extended/stress-ng/stress-ng_0.15.06.bb
rename to meta/recipes-extended/stress-ng/stress-ng_0.15.07.bb
index 31cf2e8987..674c58a6a2 100644
--- a/meta/recipes-extended/stress-ng/stress-ng_0.15.06.bb
+++ b/meta/recipes-extended/stress-ng/stress-ng_0.15.07.bb
@@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = 
"file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
 
 SRC_URI = 
"git://github.com/ColinIanKing/stress-ng.git;protocol=https;branch=master \
"
-SRCREV = "f2a80e4fdba0aaf71d7d3687acb34e3827e68886"
+SRCREV = "83ab1d2d7e39d9accba9d6dd0cc567645bb21d92"
 S = "${WORKDIR}/git"
 
 DEPENDS = "coreutils-native libbsd"
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#180156): 
https://lists.openembedded.org/g/openembedded-core/message/180156
Mute This Topic: https://lists.openembedded.org/mt/98314737/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] python3-pytest: upgrade 7.2.2 -> 7.3.1

[wangmy]

From: Wang Mingyu 

Changelog:
https://docs.pytest.org/en/stable/changelog.html

Signed-off-by: Wang Mingyu 
---
 .../python/{python3-pytest_7.2.2.bb => python3-pytest_7.3.1.bb} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-devtools/python/{python3-pytest_7.2.2.bb => 
python3-pytest_7.3.1.bb} (92%)

diff --git a/meta/recipes-devtools/python/python3-pytest_7.2.2.bb 
b/meta/recipes-devtools/python/python3-pytest_7.3.1.bb
similarity index 92%
rename from meta/recipes-devtools/python/python3-pytest_7.2.2.bb
rename to meta/recipes-devtools/python/python3-pytest_7.3.1.bb
index 4e2c86f641..9965844d1a 100644
--- a/meta/recipes-devtools/python/python3-pytest_7.2.2.bb
+++ b/meta/recipes-devtools/python/python3-pytest_7.3.1.bb
@@ -5,7 +5,7 @@ DESCRIPTION = "The pytest framework makes it easy to write 
small tests, yet scal
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=bd27e41b6550fe0fc45356d1d81ee37c"
 
-SRC_URI[sha256sum] = 
"c99ab0c73aceb050f68929bc93af19ab6db0558791c6a0715723abe9d0ade9d4"
+SRC_URI[sha256sum] = 
"434afafd78b1d78ed0addf160ad2b77a30d35d4bdf8af234fe621919d9ed15e3"
 
 DEPENDS += "python3-setuptools-scm-native"
 
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#180155): 
https://lists.openembedded.org/g/openembedded-core/message/180155
Mute This Topic: https://lists.openembedded.org/mt/98314736/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] python3-packaging: upgrade 23.0 -> 23.1

[wangmy]

From: Wang Mingyu 

Changelog:
===
 Parse raw metadata
 Import underlying parser functions as an underscored variable
 Improve error for local version label with unsupported operators
 Add dedicated error for specifiers with incorrect .* suffix
 Replace spaces in platform names with underscores
 Relax typing of _key on _BaseVersion
 Handle prefix match with zeros at end of prefix correctly

Signed-off-by: Wang Mingyu 
---
 .../{python3-packaging_23.0.bb => python3-packaging_23.1.bb}| 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-devtools/python/{python3-packaging_23.0.bb => 
python3-packaging_23.1.bb} (83%)

diff --git a/meta/recipes-devtools/python/python3-packaging_23.0.bb 
b/meta/recipes-devtools/python/python3-packaging_23.1.bb
similarity index 83%
rename from meta/recipes-devtools/python/python3-packaging_23.0.bb
rename to meta/recipes-devtools/python/python3-packaging_23.1.bb
index bda124e32c..53d3522dd7 100644
--- a/meta/recipes-devtools/python/python3-packaging_23.0.bb
+++ b/meta/recipes-devtools/python/python3-packaging_23.1.bb
@@ -3,7 +3,7 @@ HOMEPAGE = "https://github.com/pypa/packaging;
 LICENSE = "Apache-2.0 | BSD-2-Clause"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=faadaedca9251a90b205c9167578ce91"
 
-SRC_URI[sha256sum] = 
"b6ad297f8907de0fa2fe1ccbd26fdaf387f5f47c7275fedf8cce89f99446cf97"
+SRC_URI[sha256sum] = 
"a392980d2b6cffa644431898be54b0045151319d1e7ec34f0cfed48767dd334f"
 
 inherit pypi python_flit_core
 
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#180154): 
https://lists.openembedded.org/g/openembedded-core/message/180154
Mute This Topic: https://lists.openembedded.org/mt/98314729/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] python3-dtschema: upgrade 2023.1 -> 2023.4

[wangmy]

From: Wang Mingyu 

Changelog:
==
Schemas:
 - Add missing PCI descriptions and properties
 - Add I2C clock stretching property
 - Add 'firmware-name' property
 - Add UEFI chosen properties
 - Enable cache schema

Meta-schemas:
 - Improve checking non-patterns in patternProperties
 - Allow 'not' at top-level of schemas
 - Relax meta-schema checks on referenced schemas

Tools:
 - Handle examples with 'interrupt-controller' node

Signed-off-by: Wang Mingyu 
---
 .../{python3-dtschema_2023.1.bb => python3-dtschema_2023.4.bb}  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-devtools/python/{python3-dtschema_2023.1.bb => 
python3-dtschema_2023.4.bb} (83%)

diff --git a/meta/recipes-devtools/python/python3-dtschema_2023.1.bb 
b/meta/recipes-devtools/python/python3-dtschema_2023.4.bb
similarity index 83%
rename from meta/recipes-devtools/python/python3-dtschema_2023.1.bb
rename to meta/recipes-devtools/python/python3-dtschema_2023.4.bb
index 74ca55cf04..f87563facd 100644
--- a/meta/recipes-devtools/python/python3-dtschema_2023.1.bb
+++ b/meta/recipes-devtools/python/python3-dtschema_2023.4.bb
@@ -7,7 +7,7 @@ inherit pypi setuptools3
 
 PYPI_PACKAGE = "dtschema"
 
-SRC_URI[sha256sum] = 
"8fc8c269e4c57e9d008af7b32cd33b77afd4ea1ac9552bcfa96b41b9e0c52586"
+SRC_URI[sha256sum] = 
"6daefb8f54403b4d82961b3346571200571747ab01950fd36c1f69950fa7a8cf"
 
 DEPENDS += "python3-setuptools-scm-native"
 RDEPENDS:${PN} += "python3-ruamel-yaml python3-jsonschema python3-rfc3987"
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#180153): 
https://lists.openembedded.org/g/openembedded-core/message/180153
Mute This Topic: https://lists.openembedded.org/mt/98314728/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] parted: upgrade 3.5 -> 3.6

[wangmy]

From: Wang Mingyu 

Signed-off-by: Wang Mingyu 
---
 meta/recipes-extended/parted/{parted_3.5.bb => parted_3.6.bb} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-extended/parted/{parted_3.5.bb => parted_3.6.bb} (96%)

diff --git a/meta/recipes-extended/parted/parted_3.5.bb 
b/meta/recipes-extended/parted/parted_3.6.bb
similarity index 96%
rename from meta/recipes-extended/parted/parted_3.5.bb
rename to meta/recipes-extended/parted/parted_3.6.bb
index ea2b68bbd8..05d57507fb 100644
--- a/meta/recipes-extended/parted/parted_3.5.bb
+++ b/meta/recipes-extended/parted/parted_3.6.bb
@@ -11,7 +11,7 @@ SRC_URI = "${GNU_MIRROR}/parted/parted-${PV}.tar.xz \
file://run-ptest \
"
 
-SRC_URI[sha256sum] = 
"4938dd5c1c125f6c78b1f4b3e297526f18ee74aa43d45c248578b1d2470c05a2"
+SRC_URI[sha256sum] = 
"3b43dbe33cca0f9a18601ebab56b7852b128ec1a3df3a9b30ccde5e73359e612"
 
 inherit autotools pkgconfig gettext texinfo ptest
 
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#180152): 
https://lists.openembedded.org/g/openembedded-core/message/180152
Mute This Topic: https://lists.openembedded.org/mt/98314724/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [kirkstone][PATCH] curl: CVE-2023-27538 fix SSH connection too eager reuse

[Hitendra Prajapati]

Upstream-Status: Backport from 
https://github.com/curl/curl/commit/af369db4d3833272b8ed443f7fcc2e757a0872eb

Signed-off-by: Hitendra Prajapati 
---
 .../curl/curl/CVE-2023-27538.patch| 31 +++
 meta/recipes-support/curl/curl_7.82.0.bb  |  1 +
 2 files changed, 32 insertions(+)
 create mode 100644 meta/recipes-support/curl/curl/CVE-2023-27538.patch

diff --git a/meta/recipes-support/curl/curl/CVE-2023-27538.patch 
b/meta/recipes-support/curl/curl/CVE-2023-27538.patch
new file mode 100644
index 00..8ef81fb306
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2023-27538.patch
@@ -0,0 +1,31 @@
+From af369db4d3833272b8ed443f7fcc2e757a0872eb Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg 
+Date: Fri, 10 Mar 2023 08:22:51 +0100
+Subject: [PATCH] url: fix the SSH connection reuse check
+
+Reported-by: Harry Sintonen
+Closes #10735
+
+CVE: CVE-2023-27538
+Upstream-Status: Backport 
[https://github.com/curl/curl/commit/af369db4d3833272b8ed443f7fcc2e757a0872eb]
+Signed-off-by: Hitendra Prajapati 
+---
+ lib/url.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/url.c b/lib/url.c
+index f5e54c7..7dd342a 100644
+--- a/lib/url.c
 b/lib/url.c
+@@ -1353,7 +1353,7 @@ ConnectionExists(struct Curl_easy *data,
+  (data->state.httpwant < CURL_HTTP_VERSION_2_0))
+ continue;
+ 
+-  if(get_protocol_family(needle->handler) == PROTO_FAMILY_SSH) {
++  if(get_protocol_family(needle->handler) & PROTO_FAMILY_SSH) {
+ if(!ssh_config_matches(needle, check))
+   continue;
+   }
+-- 
+2.25.1
+
diff --git a/meta/recipes-support/curl/curl_7.82.0.bb 
b/meta/recipes-support/curl/curl_7.82.0.bb
index 4c18afe293..b0a456016d 100644
--- a/meta/recipes-support/curl/curl_7.82.0.bb
+++ b/meta/recipes-support/curl/curl_7.82.0.bb
@@ -42,6 +42,7 @@ SRC_URI = "https://curl.se/download/${BP}.tar.xz \
file://CVE-2023-23916.patch \
file://CVE-2023-27533.patch \
file://CVE-2023-27534.patch \
+   file://CVE-2023-27538.patch \
"
 SRC_URI[sha256sum] = 
"0aaa12d7bd04b0966254f2703ce80dd5c38dbbd76af0297d3d690cdce58a583c"
 
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#180151): 
https://lists.openembedded.org/g/openembedded-core/message/180151
Mute This Topic: https://lists.openembedded.org/mt/98314707/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] ofono: upgrade 2.0 -> 2.1

[wangmy]

From: Wang Mingyu 

Signed-off-by: Wang Mingyu 
---
 meta/recipes-connectivity/ofono/{ofono_2.0.bb => ofono_2.1.bb} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-connectivity/ofono/{ofono_2.0.bb => ofono_2.1.bb} (95%)

diff --git a/meta/recipes-connectivity/ofono/ofono_2.0.bb 
b/meta/recipes-connectivity/ofono/ofono_2.1.bb
similarity index 95%
rename from meta/recipes-connectivity/ofono/ofono_2.0.bb
rename to meta/recipes-connectivity/ofono/ofono_2.1.bb
index afd43d26f3..0ecac9e11c 100644
--- a/meta/recipes-connectivity/ofono/ofono_2.0.bb
+++ b/meta/recipes-connectivity/ofono/ofono_2.1.bb
@@ -13,7 +13,7 @@ SRC_URI = "\
 file://0001-mbim-add-an-optional-TEMP_FAILURE_RETRY-macro-copy.patch \
 file://0002-mbim-Fix-build-with-ell-0.39-by-restoring-unlikely-m.patch \
 "
-SRC_URI[sha256sum] = 
"b0a31bf4d8ff3030c4aef9f8413df999c54df9db2ff0a1d3ec1710e0a9d1a49e"
+SRC_URI[sha256sum] = 
"92913dcce9a15cac2174daca249457716a0ec036878d22035e83af0e19e79c52"
 
 inherit autotools pkgconfig update-rc.d systemd gobject-introspection-data
 
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#180150): 
https://lists.openembedded.org/g/openembedded-core/message/180150
Mute This Topic: https://lists.openembedded.org/mt/98314705/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] boost: upgrade 1.81.0 -> 1.82.0

[wangmy]

From: Wang Mingyu 

Changelog:
https://www.boost.org/users/history/version_1_82_0.html

Signed-off-by: Wang Mingyu 
---
 .../boost/{boost-1.81.0.inc => boost-1.82.0.inc}| 2 +-
 ...oost-build-native_1.81.0.bb => boost-build-native_1.82.0.bb} | 2 +-
 meta/recipes-support/boost/{boost_1.81.0.bb => boost_1.82.0.bb} | 0
 3 files changed, 2 insertions(+), 2 deletions(-)
 rename meta/recipes-support/boost/{boost-1.81.0.inc => boost-1.82.0.inc} (90%)
 rename meta/recipes-support/boost/{boost-build-native_1.81.0.bb => 
boost-build-native_1.82.0.bb} (92%)
 rename meta/recipes-support/boost/{boost_1.81.0.bb => boost_1.82.0.bb} (100%)

diff --git a/meta/recipes-support/boost/boost-1.81.0.inc 
b/meta/recipes-support/boost/boost-1.82.0.inc
similarity index 90%
rename from meta/recipes-support/boost/boost-1.81.0.inc
rename to meta/recipes-support/boost/boost-1.82.0.inc
index 291796c736..39d3c9ce5d 100644
--- a/meta/recipes-support/boost/boost-1.81.0.inc
+++ b/meta/recipes-support/boost/boost-1.82.0.inc
@@ -12,7 +12,7 @@ BOOST_MAJ = "${@"_".join(d.getVar("PV").split(".")[0:2])}"
 BOOST_P = "boost_${BOOST_VER}"
 
 SRC_URI = 
"https://boostorg.jfrog.io/artifactory/main/release/${PV}/source/${BOOST_P}.tar.bz2;
-SRC_URI[sha256sum] = 
"71feeed900fbccca04a3b4f2f84a7c217186f28a940ed8b7ed4725986baf99fa"
+SRC_URI[sha256sum] = 
"a6e1ab9b0860e6a2881dd7b21fe9f737a095e5f33a3a874afc6a345228597ee6"
 
 UPSTREAM_CHECK_URI = "http://www.boost.org/users/download/;
 UPSTREAM_CHECK_REGEX = "release/(?P.*)/source/"
diff --git a/meta/recipes-support/boost/boost-build-native_1.81.0.bb 
b/meta/recipes-support/boost/boost-build-native_1.82.0.bb
similarity index 92%
rename from meta/recipes-support/boost/boost-build-native_1.81.0.bb
rename to meta/recipes-support/boost/boost-build-native_1.82.0.bb
index d01c7658d5..dcfb65e3d6 100644
--- a/meta/recipes-support/boost/boost-build-native_1.81.0.bb
+++ b/meta/recipes-support/boost/boost-build-native_1.82.0.bb
@@ -7,7 +7,7 @@ LICENSE = "BSL-1.0"
 LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=e4224ccaecb14d942c71d31bef20d78c"
 
 SRC_URI = "git://github.com/boostorg/build;protocol=https;branch=master"
-SRCREV = "0271fafc1141c182d4aaa8db8b1c08a109d04c87"
+SRCREV = "9f488e003a568dffe0caed05d86ed6f1a8f8c7f3"
 PE = "1"
 
 UPSTREAM_CHECK_GITTAGREGEX = "boost-(?P(\d+(\.\d+)+))"
diff --git a/meta/recipes-support/boost/boost_1.81.0.bb 
b/meta/recipes-support/boost/boost_1.82.0.bb
similarity index 100%
rename from meta/recipes-support/boost/boost_1.81.0.bb
rename to meta/recipes-support/boost/boost_1.82.0.bb
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#180149): 
https://lists.openembedded.org/g/openembedded-core/message/180149
Mute This Topic: https://lists.openembedded.org/mt/98314704/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] libxml2: upgrade 2.10.3 -> 2.10.4

[wangmy]

From: Wang Mingyu 

Changelog:
==
### Security

- [CVE-2023-29469] Hashing of empty dict strings isn't deterministic
- [CVE-2023-28484] Fix null deref in xmlSchemaFixupComplexType
- schemas: Fix null-pointer-deref in xmlSchemaCheckCOSSTDerivedOK

### Regressions

- SAX2: Ignore namespaces in HTML documents
- io: Fix "buffer full" error with certain buffer sizes

Signed-off-by: Wang Mingyu 
---
 .../libxml/{libxml2_2.10.3.bb => libxml2_2.10.4.bb} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-core/libxml/{libxml2_2.10.3.bb => libxml2_2.10.4.bb} (97%)

diff --git a/meta/recipes-core/libxml/libxml2_2.10.3.bb 
b/meta/recipes-core/libxml/libxml2_2.10.4.bb
similarity index 97%
rename from meta/recipes-core/libxml/libxml2_2.10.3.bb
rename to meta/recipes-core/libxml/libxml2_2.10.4.bb
index 6b3dd3ec42..f01964bec8 100644
--- a/meta/recipes-core/libxml/libxml2_2.10.3.bb
+++ b/meta/recipes-core/libxml/libxml2_2.10.4.bb
@@ -21,7 +21,7 @@ SRC_URI += 
"http://www.w3.org/XML/Test/xmlts20130923.tar;subdir=${BP};name=testt
file://libxml-m4-use-pkgconfig.patch \
"
 
-SRC_URI[archive.sha256sum] = 
"5d2cc3d78bec3dbe212a9d7fa629ada25a7da928af432c93060ff5c17ee28a9c"
+SRC_URI[archive.sha256sum] = 
"ed0c91c5845008f1936739e4eee2035531c1c94742c6541f44ee66d885948d45"
 SRC_URI[testtar.sha256sum] = 
"c6b2d42ee50b8b236e711a97d68e6c4b5c8d83e69a2be4722379f08702ea7273"
 
 BINCONFIG = "${bindir}/xml2-config"
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#180148): 
https://lists.openembedded.org/g/openembedded-core/message/180148
Mute This Topic: https://lists.openembedded.org/mt/98314703/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] libsolv: upgrade 0.7.23 -> 0.7.24

[wangmy]

From: Wang Mingyu 

Changelog:
==
- selected bug fixes:
  * handle learnt rules in solver_alternativeinfo()
- new features:
  * support x86_64_v[234] architecture levels
  * implement decision sorting for package decisionlists

Signed-off-by: Wang Mingyu 
---
 .../libsolv/{libsolv_0.7.23.bb => libsolv_0.7.24.bb}| 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-extended/libsolv/{libsolv_0.7.23.bb => libsolv_0.7.24.bb} 
(95%)

diff --git a/meta/recipes-extended/libsolv/libsolv_0.7.23.bb 
b/meta/recipes-extended/libsolv/libsolv_0.7.24.bb
similarity index 95%
rename from meta/recipes-extended/libsolv/libsolv_0.7.23.bb
rename to meta/recipes-extended/libsolv/libsolv_0.7.24.bb
index 1256905720..7c8f1fd372 100644
--- a/meta/recipes-extended/libsolv/libsolv_0.7.23.bb
+++ b/meta/recipes-extended/libsolv/libsolv_0.7.24.bb
@@ -12,7 +12,7 @@ SRC_URI = 
"git://github.com/openSUSE/libsolv.git;branch=master;protocol=https \
file://0001-utils-Conside-musl-when-wrapping-qsort_r.patch \
 "
 
-SRCREV = "6deaca7cf61ec2b32c4a3b494a751c8d15efbe8b"
+SRCREV = "4d05dca3974156faf2f025ca4a82b68904848307"
 
 UPSTREAM_CHECK_GITTAGREGEX = "(?P\d+(\.\d+)+)"
 
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#180147): 
https://lists.openembedded.org/g/openembedded-core/message/180147
Mute This Topic: https://lists.openembedded.org/mt/98314701/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] libgit2: upgrade 1.6.3 -> 1.6.4

[wangmy]

From: Wang Mingyu 

Bug fixes
=
config: return GIT_ENOTFOUND for missing programdata 

Signed-off-by: Wang Mingyu 
---
 .../libgit2/{libgit2_1.6.3.bb => libgit2_1.6.4.bb}  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-support/libgit2/{libgit2_1.6.3.bb => libgit2_1.6.4.bb} 
(92%)

diff --git a/meta/recipes-support/libgit2/libgit2_1.6.3.bb 
b/meta/recipes-support/libgit2/libgit2_1.6.4.bb
similarity index 92%
rename from meta/recipes-support/libgit2/libgit2_1.6.3.bb
rename to meta/recipes-support/libgit2/libgit2_1.6.4.bb
index cab7d7a20a..ffe00d8653 100644
--- a/meta/recipes-support/libgit2/libgit2_1.6.3.bb
+++ b/meta/recipes-support/libgit2/libgit2_1.6.4.bb
@@ -6,7 +6,7 @@ LIC_FILES_CHKSUM = 
"file://COPYING;md5=5bdf47bbc9a39dc6ce076d59e322dc17"
 DEPENDS = "curl openssl zlib libssh2 libgcrypt libpcre2"
 
 SRC_URI = 
"git://github.com/libgit2/libgit2.git;branch=maint/v1.6;protocol=https"
-SRCREV = "c058aa87dce4c67a3b86b3349beebd64b7bedcd3"
+SRCREV = "e6325351ceee58cf56f58bdce61b38907805544f"
 
 S = "${WORKDIR}/git"
 
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#180146): 
https://lists.openembedded.org/g/openembedded-core/message/180146
Mute This Topic: https://lists.openembedded.org/mt/98314695/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [oe] [meta-oe] [PATCH] capnproto: upgrade 0.10.3 -> 0.10.4

[Luca Ceresoli via lists.openembedded.org]

Hello wangmy,

On Mon, 17 Apr 2023 14:37:35 +0800
"wangmy"  wrote:

> From: Wang Mingyu 
> 
> Signed-off-by: Wang Mingyu 
> ---
>  .../capnproto/{capnproto_0.10.3.bb => capnproto_0.10.4.bb}| 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>  rename meta-oe/recipes-devtools/capnproto/{capnproto_0.10.3.bb => 
> capnproto_0.10.4.bb} (90%)

You have sent several patches today, but they all should be sent to
meta-oe instead of oe-core.

Best regards,
Luca

-- 
Luca Ceresoli, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#180145): 
https://lists.openembedded.org/g/openembedded-core/message/180145
Mute This Topic: https://lists.openembedded.org/mt/98313768/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [oe] [meta-oe] [PATCH] tcsh: upgrade 6.24.07 -> 6.24.10

[wangmy]

Sorry, the email address was written incorrectly when sending the patch. 
The emails of meta-oe were sent here, please ignore then.
  --
Best Regards
---
Wang Mingyu
Development Dept.I
Nanjing Fujitsu Nanda Software Tech. Co., Ltd.(FNST) No. 6 Wenzhu Road, 
Nanjing, 210012, China
TEL: +86+25-86630566-8568
COINS: 79988548
FAX: +86+25-83317685
MAIL: wan...@fujitsu.com
http://www.fujitsu.com/cn/fnst/

> -Original Message-
> From: Wang, Mingyu/王 鸣瑜 
> Sent: Monday, April 17, 2023 3:05 PM
> To: openembedded-core@lists.openembedded.org
> Cc: Wang, Mingyu/王 鸣瑜 
> Subject: [oe] [meta-oe] [PATCH] tcsh: upgrade 6.24.07 -> 6.24.10
> 
> From: Wang Mingyu 
> 
> Changelog:
>- Avoid non-default settings in system-wide init files.
> 
> Signed-off-by: Wang Mingyu 
> ---
>  .../recipes-shells/tcsh/{tcsh_6.24.07.bb => tcsh_6.24.10.bb}| 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)  rename
> meta-oe/recipes-shells/tcsh/{tcsh_6.24.07.bb => tcsh_6.24.10.bb} (94%)
> 
> diff --git a/meta-oe/recipes-shells/tcsh/tcsh_6.24.07.bb
> b/meta-oe/recipes-shells/tcsh/tcsh_6.24.10.bb
> similarity index 94%
> rename from meta-oe/recipes-shells/tcsh/tcsh_6.24.07.bb
> rename to meta-oe/recipes-shells/tcsh/tcsh_6.24.10.bb
> index f136c06b7..abeb6e803 100644
> --- a/meta-oe/recipes-shells/tcsh/tcsh_6.24.07.bb
> +++ b/meta-oe/recipes-shells/tcsh/tcsh_6.24.10.bb
> @@ -13,7 +13,7 @@ SRC_URI = " \
>  file://0001-Enable-system-malloc-on-all-linux.patch \
>  file://0002-Add-debian-csh-scripts.patch \  "
> -SRC_URI[sha256sum] =
> "74e4e9805cbd9413ed34b4ffa1d72fc8d0ef81a5b79476854091416ce9336995"
> +SRC_URI[sha256sum] =
> "13475c0fbeb74139d33ed793bf00ffbbb2ac2dc9fb1d44467a410760aba36664"
> 
>  EXTRA_OEMAKE += "CC_FOR_GETHOST='${BUILD_CC}'"
>  inherit autotools
> --
> 2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#180144): 
https://lists.openembedded.org/g/openembedded-core/message/180144
Mute This Topic: https://lists.openembedded.org/mt/98314144/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone][PATCH] curl: Security fix for CVE-2023-27535, CVE-2023-27536, CVE-2023-27538

[Siddharth]

From: Siddharth Doshi 

Upstream-Status: Backport from 
[https://github.com/curl/curl/commit/ed5095ed94281989e103c72e032200b83be37878, 
https://github.com/curl/curl/commit/8f4608468b890dce2dad9f91d5607ee7e9c1aba1, 
https://github.com/curl/curl/commit/af369db4d3833272b8ed443f7fcc2e757a0872eb, 
https://github.com/curl/curl/commit/af369db4d3833272b8ed443f7fcc2e757a0872eb]

Signed-off-by: Siddharth Doshi 
---
 .../curl/curl/CVE-2023-27535-pre1.patch   | 196 ++
 .../CVE-2023-27535_and_CVE-2023-27538.patch   | 170 +++
 .../curl/curl/CVE-2023-27536.patch|  52 +
 meta/recipes-support/curl/curl_7.82.0.bb  |   3 +
 4 files changed, 421 insertions(+)
 create mode 100644 meta/recipes-support/curl/curl/CVE-2023-27535-pre1.patch
 create mode 100644 
meta/recipes-support/curl/curl/CVE-2023-27535_and_CVE-2023-27538.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2023-27536.patch

diff --git a/meta/recipes-support/curl/curl/CVE-2023-27535-pre1.patch 
b/meta/recipes-support/curl/curl/CVE-2023-27535-pre1.patch
new file mode 100644
index 00..57e1cb9e13
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2023-27535-pre1.patch
@@ -0,0 +1,196 @@
+From ed5095ed94281989e103c72e032200b83be37878 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg 
+Date: Thu, 6 Oct 2022 00:49:10 +0200
+Subject: [PATCH] strcase: add and use Curl_timestrcmp
+
+This is a strcmp() alternative function for comparing "secrets",
+designed to take the same time no matter the content to not leak
+match/non-match info to observers based on how fast it is.
+
+The time this function takes is only a function of the shortest input
+string.
+
+Reported-by: Trail of Bits
+
+Closes #9658
+
+Upstream-Status: Backport from 
[https://github.com/curl/curl/commit/ed5095ed94281989e103c72e032200b83be37878]
+Comment: to backport fix for CVE-2023-27535, add function Curl_timestrcmp.
+Signed-off-by: Siddharth Doshi 
+---
+ lib/netrc.c |  6 +++---
+ lib/strcase.c   | 22 ++
+ lib/strcase.h   |  1 +
+ lib/url.c   | 33 +
+ lib/vauth/digest_sspi.c |  4 ++--
+ lib/vtls/vtls.c |  4 ++--
+ 6 files changed, 43 insertions(+), 27 deletions(-)
+
+diff --git a/lib/netrc.c b/lib/netrc.c
+index 0a4ae2c..b771b60 100644
+--- a/lib/netrc.c
 b/lib/netrc.c
+@@ -140,9 +140,9 @@ static int parsenetrc(const char *host,
+   /* we are now parsing sub-keywords concerning "our" host */
+   if(state_login) {
+ if(specific_login) {
+-  state_our_login = strcasecompare(login, tok);
++  state_our_login = !Curl_timestrcmp(login, tok);
+ }
+-else if(!login || strcmp(login, tok)) {
++else if(!login || Curl_timestrcmp(login, tok)) {
+   if(login_alloc) {
+ free(login);
+ login_alloc = FALSE;
+@@ -158,7 +158,7 @@ static int parsenetrc(const char *host,
+   }
+   else if(state_password) {
+ if((state_our_login || !specific_login)
+-&& (!password || strcmp(password, tok))) {
++   && (!password || Curl_timestrcmp(password, tok))) {
+   if(password_alloc) {
+ free(password);
+ password_alloc = FALSE;
+diff --git a/lib/strcase.c b/lib/strcase.c
+index 692a3f1..be085b3 100644
+--- a/lib/strcase.c
 b/lib/strcase.c
+@@ -141,6 +141,28 @@ bool Curl_safecmp(char *a, char *b)
+   return !a && !b;
+ }
+ 
++/*
++ * Curl_timestrcmp() returns 0 if the two strings are identical. The time this
++ * function spends is a function of the shortest string, not of the contents.
++ */
++int Curl_timestrcmp(const char *a, const char *b)
++{
++  int match = 0;
++  int i = 0;
++
++  if(a && b) {
++while(1) {
++  match |= a[i]^b[i];
++  if(!a[i] || !b[i])
++break;
++  i++;
++}
++  }
++  else
++return a || b;
++  return match;
++}
++
+ /* --- public functions --- */
+ 
+ int curl_strequal(const char *first, const char *second)
+diff --git a/lib/strcase.h b/lib/strcase.h
+index 382b80a..c6979da 100644
+--- a/lib/strcase.h
 b/lib/strcase.h
+@@ -48,5 +48,6 @@ void Curl_strntoupper(char *dest, const char *src, size_t n);
+ void Curl_strntolower(char *dest, const char *src, size_t n);
+ 
+ bool Curl_safecmp(char *a, char *b);
++int Curl_timestrcmp(const char *first, const char *second);
+ 
+ #endif /* HEADER_CURL_STRCASE_H */
+diff --git a/lib/url.c b/lib/url.c
+index df4377d..c397b57 100644
+--- a/lib/url.c
 b/lib/url.c
+@@ -930,19 +930,10 @@ socks_proxy_info_matches(const struct proxy_info *data,
+   /* the user information is case-sensitive
+  or at least it is not defined as case-insensitive
+  see https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.1 */
+-  if(!data->user != !needle->user)
+-return FALSE;
+-  /* curl_strequal does a case insentive comparison, so do not use it 

[OE-core] [oe] [meta-oe] [PATCH] tcsh: upgrade 6.24.07 -> 6.24.10

[wangmy]

From: Wang Mingyu 

Changelog:
   - Avoid non-default settings in system-wide init files.

Signed-off-by: Wang Mingyu 
---
 .../recipes-shells/tcsh/{tcsh_6.24.07.bb => tcsh_6.24.10.bb}| 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta-oe/recipes-shells/tcsh/{tcsh_6.24.07.bb => tcsh_6.24.10.bb} (94%)

diff --git a/meta-oe/recipes-shells/tcsh/tcsh_6.24.07.bb 
b/meta-oe/recipes-shells/tcsh/tcsh_6.24.10.bb
similarity index 94%
rename from meta-oe/recipes-shells/tcsh/tcsh_6.24.07.bb
rename to meta-oe/recipes-shells/tcsh/tcsh_6.24.10.bb
index f136c06b7..abeb6e803 100644
--- a/meta-oe/recipes-shells/tcsh/tcsh_6.24.07.bb
+++ b/meta-oe/recipes-shells/tcsh/tcsh_6.24.10.bb
@@ -13,7 +13,7 @@ SRC_URI = " \
 file://0001-Enable-system-malloc-on-all-linux.patch \
 file://0002-Add-debian-csh-scripts.patch \
 "
-SRC_URI[sha256sum] = 
"74e4e9805cbd9413ed34b4ffa1d72fc8d0ef81a5b79476854091416ce9336995"
+SRC_URI[sha256sum] = 
"13475c0fbeb74139d33ed793bf00ffbbb2ac2dc9fb1d44467a410760aba36664"
 
 EXTRA_OEMAKE += "CC_FOR_GETHOST='${BUILD_CC}'"
 inherit autotools
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#180142): 
https://lists.openembedded.org/g/openembedded-core/message/180142
Mute This Topic: https://lists.openembedded.org/mt/98314144/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [oe] [meta-networking] [PATCH] tcpdump: upgrade 4.99.3 -> 4.99.4

[wangmy]

From: Wang Mingyu 

Changelog:
==
Source code:

  Fix spaces before tabs in indentation.
Updated printers:
-
  LSP ping: Fix "Unused value" warnings from Coverity.
  CVE-2023-1801: Fix an out-of-bounds write in the SMB printer.
  DNS: sync resource types with IANA.
  ICMPv6: Update the output to show a RPL DAO field name.
  Geneve: Fix the Geneve UDP port test.
Building and testing:
--
  Require at least autoconf 2.69.
  Don't check for strftime(), as it's in C90 and beyond.
  Update config.{guess,sub}, timestamps 2023-01-01,2023-01-21.
Documentation:
-
  man: Document TCP flag names better.

Signed-off-by: Wang Mingyu 
---
 .../tcpdump/{tcpdump_4.99.3.bb => tcpdump_4.99.4.bb}| 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta-networking/recipes-support/tcpdump/{tcpdump_4.99.3.bb => 
tcpdump_4.99.4.bb} (93%)

diff --git a/meta-networking/recipes-support/tcpdump/tcpdump_4.99.3.bb 
b/meta-networking/recipes-support/tcpdump/tcpdump_4.99.4.bb
similarity index 93%
rename from meta-networking/recipes-support/tcpdump/tcpdump_4.99.3.bb
rename to meta-networking/recipes-support/tcpdump/tcpdump_4.99.4.bb
index 03f1b76f9..803a9bb5f 100644
--- a/meta-networking/recipes-support/tcpdump/tcpdump_4.99.3.bb
+++ b/meta-networking/recipes-support/tcpdump/tcpdump_4.99.4.bb
@@ -26,7 +26,7 @@ SRC_URI = " \
 file://run-ptest \
 "
 
-SRC_URI[sha256sum] = 
"ad75a6ed3dc0d9732945b2e5483cb41dc8b4b528a169315e499c6861952e73b3"
+SRC_URI[sha256sum] = 
"0232231bb2f29d6bf2426e70a08a7e0c63a0d59a9b44863b7f5e2357a6e49fea"
 
 UPSTREAM_CHECK_REGEX = "tcpdump-(?P\d+(\.\d+)+)\.tar"
 
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#180141): 
https://lists.openembedded.org/g/openembedded-core/message/180141
Mute This Topic: https://lists.openembedded.org/mt/98314143/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [[oe] [meta-oe] [PATCH] tbb: upgrade 2021.8.0 -> 2021.9.0

[wangmy]

From: Wang Mingyu 

Signed-off-by: Wang Mingyu 
---
 .../recipes-support/tbb/{tbb_2021.8.0.bb => tbb_2021.9.0.bb}| 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta-oe/recipes-support/tbb/{tbb_2021.8.0.bb => tbb_2021.9.0.bb} (98%)

diff --git a/meta-oe/recipes-support/tbb/tbb_2021.8.0.bb 
b/meta-oe/recipes-support/tbb/tbb_2021.9.0.bb
similarity index 98%
rename from meta-oe/recipes-support/tbb/tbb_2021.8.0.bb
rename to meta-oe/recipes-support/tbb/tbb_2021.9.0.bb
index 5606d38da..028291c96 100644
--- a/meta-oe/recipes-support/tbb/tbb_2021.8.0.bb
+++ b/meta-oe/recipes-support/tbb/tbb_2021.9.0.bb
@@ -12,7 +12,7 @@ DEPENDS:append:libc-musl = " libucontext"
 PE = "1"
 
 BRANCH = "onetbb_2021"
-SRCREV = "c9497714821c3d443ee44c732609eb6850195ffb"
+SRCREV = "a00cc3b8b5fb4d8115e9de56bf713157073ed68c"
 SRC_URI = 
"git://github.com/oneapi-src/oneTBB.git;protocol=https;branch=${BRANCH} \
 file://0001-CMakeLists.txt-exclude-riscv64-riscv32.patch \
 "
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#180140): 
https://lists.openembedded.org/g/openembedded-core/message/180140
Mute This Topic: https://lists.openembedded.org/mt/98314039/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [oe] [meta-oe] [PATCH] sip: upgrade 6.7.7 -> 6.7.8

[wangmy]

From: Wang Mingyu 

Changelog:
==
  - The latest version of ABI v13 is v13.5.0.
  - The latest version of ABI v12 is v12.12.0.
  - The 'wheel-includes' value of the 'tool.sip.project' section of
pyproject.toml now supports the use of absolute file patterns.
  - Replaced the use of the 'toml' package with the standard library 'tomllib'
package for Python v3.11 and later, and the 'tomli' package for earlier
versions of Python.
  - Bug fixes.

Signed-off-by: Wang Mingyu 
---
 meta-oe/recipes-devtools/sip/{sip_6.7.7.bb => sip_6.7.8.bb} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta-oe/recipes-devtools/sip/{sip_6.7.7.bb => sip_6.7.8.bb} (83%)

diff --git a/meta-oe/recipes-devtools/sip/sip_6.7.7.bb 
b/meta-oe/recipes-devtools/sip/sip_6.7.8.bb
similarity index 83%
rename from meta-oe/recipes-devtools/sip/sip_6.7.7.bb
rename to meta-oe/recipes-devtools/sip/sip_6.7.8.bb
index 5e361d972..01000f59c 100644
--- a/meta-oe/recipes-devtools/sip/sip_6.7.7.bb
+++ b/meta-oe/recipes-devtools/sip/sip_6.7.8.bb
@@ -11,6 +11,6 @@ LIC_FILES_CHKSUM = 
"file://LICENSE-GPL2;md5=e91355d8a6f8bd8f7c699d62863c7303"
 inherit pypi setuptools3 python3native
 
 PYPI_PACKAGE = "sip"
-SRC_URI[sha256sum] = 
"dee9c06fa8ae6d441a401f922867fc6196edda274eebd9fbfec54f0769c2a9e2"
+SRC_URI[sha256sum] = 
"7e7186a36818c9d325c82e59ac5b049d9022c2d5783942c38d49497ac8a94c8f"
 
 BBCLASSEXTEND = "native"
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#180139): 
https://lists.openembedded.org/g/openembedded-core/message/180139
Mute This Topic: https://lists.openembedded.org/mt/98314038/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [oe] [meta-oe] [PATCH] remmina: upgrade 1.4.29 -> 1.4.30

[wangmy]

From: Wang Mingyu 

Changelog:
==
Update snap build to use freerdp 2.9.0
Add text mime type formats to RDP clibpoard
Ensure timer is null after destruction
Ability to view passwords in the clear using a toggle in the password field
Made icons viewable in lower resulution.
Improve mime file
[REM-2809] Appearance preferences now refresh in the main window when the 
user...
This should be a message instead of a info print. So that the user can see 
it by default.
remmina_rdp_monitor_get(): fix maxw, maxh and monitorids calculation
Fix undefined symbol error when importing gi in a python extension
make it build on macOS
Fix autostart file flatpak exec command
[REM-1987] allow for dynamic resolution updates for vnc connections
Fix overlapping text in preferences menu, terminal tab
Allow could not authenticate banner to go away after successful 
reauthentication
Add environments for easy manual testing

Signed-off-by: Wang Mingyu 
---
 .../remmina/{remmina_1.4.29.bb => remmina_1.4.30.bb}| 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta-oe/recipes-support/remmina/{remmina_1.4.29.bb => 
remmina_1.4.30.bb} (96%)

diff --git a/meta-oe/recipes-support/remmina/remmina_1.4.29.bb 
b/meta-oe/recipes-support/remmina/remmina_1.4.30.bb
similarity index 96%
rename from meta-oe/recipes-support/remmina/remmina_1.4.29.bb
rename to meta-oe/recipes-support/remmina/remmina_1.4.30.bb
index a92a3b278..c22eaf1d3 100644
--- a/meta-oe/recipes-support/remmina/remmina_1.4.29.bb
+++ b/meta-oe/recipes-support/remmina/remmina_1.4.30.bb
@@ -25,7 +25,7 @@ DEPENDS = " \
 DEPENDS:append:libc-musl = " libexecinfo"
 LDFLAGS:append:libc-musl = " -lexecinfo"
 
-SRCREV = "fb19eb5f11f206ffb442a9e0c519cb0f2cb3fd8b"
+SRCREV = "61ea9b6681104cadf0a3f8c25bd3e5685ee6691a"
 SRC_URI = "git://gitlab.com/Remmina/Remmina;protocol=https;branch=master"
 S = "${WORKDIR}/git"
 
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#180138): 
https://lists.openembedded.org/g/openembedded-core/message/180138
Mute This Topic: https://lists.openembedded.org/mt/98314037/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [oe] [meta-python] [PATCH] python3-zeroconf: upgrade 0.55.0 -> 0.56.0

[wangmy]

From: Wang Mingyu 

Feature
==
Reduce denial of service protection overhead

Signed-off-by: Wang Mingyu 
---
 .../{python3-zeroconf_0.55.0.bb => python3-zeroconf_0.56.0.bb}  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta-python/recipes-devtools/python/{python3-zeroconf_0.55.0.bb => 
python3-zeroconf_0.56.0.bb} (82%)

diff --git a/meta-python/recipes-devtools/python/python3-zeroconf_0.55.0.bb 
b/meta-python/recipes-devtools/python/python3-zeroconf_0.56.0.bb
similarity index 82%
rename from meta-python/recipes-devtools/python/python3-zeroconf_0.55.0.bb
rename to meta-python/recipes-devtools/python/python3-zeroconf_0.56.0.bb
index 83027e5fb..20dc96219 100644
--- a/meta-python/recipes-devtools/python/python3-zeroconf_0.55.0.bb
+++ b/meta-python/recipes-devtools/python/python3-zeroconf_0.56.0.bb
@@ -3,7 +3,7 @@ HOMEPAGE = "https://github.com/jstasiak/python-zeroconf;
 LICENSE = "LGPL-2.1-only"
 LIC_FILES_CHKSUM = 
"file://PKG-INFO;beginline=6;endline=6;md5=6517bdc8f2416f27ab725d4702f7aac3"
 
-SRC_URI[sha256sum] = 
"f919c0a1989af87c1c4a8786a3bcd8e78243856237cef27dcb762a7e69e4b32a"
+SRC_URI[sha256sum] = 
"d21916e98de8d4cb822134b25746dcf321531b8662757a7da402798ba627062e"
 
 inherit pypi setuptools3
 
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#180137): 
https://lists.openembedded.org/g/openembedded-core/message/180137
Mute This Topic: https://lists.openembedded.org/mt/98314036/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [oe] [meta-python] [PATCH] python3-xlsxwriter: upgrade 3.0.9 -> 3.1.0

[wangmy]

From: Wang Mingyu 

Changelog:
 Minor fix for cell color issue.

Signed-off-by: Wang Mingyu 
---
 ...{python3-xlsxwriter_3.0.9.bb => python3-xlsxwriter_3.1.0.bb} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta-python/recipes-devtools/python/{python3-xlsxwriter_3.0.9.bb => 
python3-xlsxwriter_3.1.0.bb} (82%)

diff --git a/meta-python/recipes-devtools/python/python3-xlsxwriter_3.0.9.bb 
b/meta-python/recipes-devtools/python/python3-xlsxwriter_3.1.0.bb
similarity index 82%
rename from meta-python/recipes-devtools/python/python3-xlsxwriter_3.0.9.bb
rename to meta-python/recipes-devtools/python/python3-xlsxwriter_3.1.0.bb
index e4acf4159..d556e8b6d 100644
--- a/meta-python/recipes-devtools/python/python3-xlsxwriter_3.0.9.bb
+++ b/meta-python/recipes-devtools/python/python3-xlsxwriter_3.1.0.bb
@@ -16,6 +16,6 @@ RDEPENDS:${PN} += " \
python3-io \
 "
 
-SRC_URI[sha256sum] = 
"7216d39a2075afac7a28cad81f6ac31b0b16d8976bf1b775577d157346f891dd"
+SRC_URI[sha256sum] = 
"02913b50b74c00f165933d5da3e3a02cab4204cb4932722a1b342c5c71034122"
 
 BBCLASSEXTEND = "native nativesdk"
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#180136): 
https://lists.openembedded.org/g/openembedded-core/message/180136
Mute This Topic: https://lists.openembedded.org/mt/98314034/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [oe] [meta-python] [PATCH] python3-web3: upgrade 6.1.0 -> 6.2.0

[wangmy]

From: Wang Mingyu 

Signed-off-by: Wang Mingyu 
---
 .../python/{python3-web3_6.1.0.bb => python3-web3_6.2.0.bb} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta-python/recipes-devtools/python/{python3-web3_6.1.0.bb => 
python3-web3_6.2.0.bb} (84%)

diff --git a/meta-python/recipes-devtools/python/python3-web3_6.1.0.bb 
b/meta-python/recipes-devtools/python/python3-web3_6.2.0.bb
similarity index 84%
rename from meta-python/recipes-devtools/python/python3-web3_6.1.0.bb
rename to meta-python/recipes-devtools/python/python3-web3_6.2.0.bb
index b813e632b..8e09cabbb 100644
--- a/meta-python/recipes-devtools/python/python3-web3_6.1.0.bb
+++ b/meta-python/recipes-devtools/python/python3-web3_6.2.0.bb
@@ -4,7 +4,7 @@ SECTION = "devel/python"
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=1dc2732bdc5e50382737979791cbb3b7"
 
-SRC_URI[sha256sum] = 
"55e58f2b8705f0911db5a395343b158d5e4edae9973f5dcb349512ae5a349af5"
+SRC_URI[sha256sum] = 
"7695ee81162c644de0dfd0f5372f96a73be557b46365d218f581ca10197c6389"
 
 inherit pypi setuptools3
 
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#180135): 
https://lists.openembedded.org/g/openembedded-core/message/180135
Mute This Topic: https://lists.openembedded.org/mt/98314007/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [oe] [meta-python] [PATCH] python3-rich: upgrade 13.3.3 -> 13.3.4

[wangmy]

From: Wang Mingyu 

Changelog:
 Fixed for is_terminal ignoring FORCE_COLOR

Signed-off-by: Wang Mingyu 
---
 .../{python3-rich_13.3.3.bb => python3-rich_13.3.4.bb}  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta-python/recipes-extended/python-rich/{python3-rich_13.3.3.bb => 
python3-rich_13.3.4.bb} (85%)

diff --git a/meta-python/recipes-extended/python-rich/python3-rich_13.3.3.bb 
b/meta-python/recipes-extended/python-rich/python3-rich_13.3.4.bb
similarity index 85%
rename from meta-python/recipes-extended/python-rich/python3-rich_13.3.3.bb
rename to meta-python/recipes-extended/python-rich/python3-rich_13.3.4.bb
index 5621214b1..2a832f171 100644
--- a/meta-python/recipes-extended/python-rich/python3-rich_13.3.3.bb
+++ b/meta-python/recipes-extended/python-rich/python3-rich_13.3.4.bb
@@ -8,7 +8,7 @@ LICENSE = "MIT"
 
 LIC_FILES_CHKSUM = "file://LICENSE;md5=b5f0b94fbc94f5ad9ae4efcf8a778303"
 
-SRC_URI[sha256sum] = 
"dc84400a9d842b3a9c5ff74addd8eb798d155f36c1c91303888e0a66850d2a15"
+SRC_URI[sha256sum] = 
"b5d573e13605423ec80bdd0cd5f8541f7844a0e71a13f74cf454ccb2f490708b"
 
 inherit pypi python_poetry_core
 
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#180134): 
https://lists.openembedded.org/g/openembedded-core/message/180134
Mute This Topic: https://lists.openembedded.org/mt/98314006/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [oe] [meta-python] [PATCH] python3-pymisp: upgrade 2.4.169.3 -> 2.4.170

[wangmy]

From: Wang Mingyu 

Changelog:
==
- Add: support breakOnDuplicate option for attributes:add()
- Update reportlab_generator.py.

Signed-off-by: Wang Mingyu 
---
 .../{python3-pymisp_2.4.169.3.bb => python3-pymisp_2.4.170.bb}  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta-python/recipes-devtools/python/{python3-pymisp_2.4.169.3.bb => 
python3-pymisp_2.4.170.bb} (92%)

diff --git a/meta-python/recipes-devtools/python/python3-pymisp_2.4.169.3.bb 
b/meta-python/recipes-devtools/python/python3-pymisp_2.4.170.bb
similarity index 92%
rename from meta-python/recipes-devtools/python/python3-pymisp_2.4.169.3.bb
rename to meta-python/recipes-devtools/python/python3-pymisp_2.4.170.bb
index 4f8a13051..dbfcebe5d 100644
--- a/meta-python/recipes-devtools/python/python3-pymisp_2.4.169.3.bb
+++ b/meta-python/recipes-devtools/python/python3-pymisp_2.4.170.bb
@@ -4,7 +4,7 @@ LICENSE = "BSD-2-Clause"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=a3639cf5780f71b125d3e9d1dc127c20"
 
 SRC_URI = "git://github.com/MISP/PyMISP.git;protocol=https;branch=main"
-SRCREV = "39f5acf1f618cde6cb14dd815cbff5297a8af25a"
+SRCREV = "6b28d8e606747cade1638f651ea531850027ddf4"
 S = "${WORKDIR}/git"
 
 inherit python_poetry_core
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#180133): 
https://lists.openembedded.org/g/openembedded-core/message/180133
Mute This Topic: https://lists.openembedded.org/mt/98314003/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [oe] [meta-python] [PATCH] python3-protobuf: upgrade 4.22.1 -> 4.22.3

[wangmy]

From: Wang Mingyu 

Signed-off-by: Wang Mingyu 
---
 .../{python3-protobuf_4.22.1.bb => python3-protobuf_4.22.3.bb}  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta-python/recipes-devtools/python/{python3-protobuf_4.22.1.bb => 
python3-protobuf_4.22.3.bb} (92%)

diff --git a/meta-python/recipes-devtools/python/python3-protobuf_4.22.1.bb 
b/meta-python/recipes-devtools/python/python3-protobuf_4.22.3.bb
similarity index 92%
rename from meta-python/recipes-devtools/python/python3-protobuf_4.22.1.bb
rename to meta-python/recipes-devtools/python/python3-protobuf_4.22.3.bb
index add20c0e4..5b2ff302c 100644
--- a/meta-python/recipes-devtools/python/python3-protobuf_4.22.1.bb
+++ b/meta-python/recipes-devtools/python/python3-protobuf_4.22.3.bb
@@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = 
"file://PKG-INFO;beginline=8;endline=8;md5=53dbfa56f61b90215a
 
 inherit pypi setuptools3
 
-SRC_URI[sha256sum] = 
"dce7a55d501c31ecf688adb2f6c3f763cf11bc0be815d1946a84d74772ab07a7"
+SRC_URI[sha256sum] = 
"23452f2fdea754a8251d0fc88c0317735ae47217e0d27bf330a30eec2848811a"
 
 # http://errors.yoctoproject.org/Errors/Details/184715/
 # Can't find required file: ../src/google/protobuf/descriptor.proto
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#180132): 
https://lists.openembedded.org/g/openembedded-core/message/180132
Mute This Topic: https://lists.openembedded.org/mt/98314001/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [oe] [meta-python] [PATCH] python3-google-auth: upgrade 2.17.2 -> 2.17.3

[wangmy]

From: Wang Mingyu 

Bug Fixes
=
Add useEmailAzp claim for id token iam flow

Signed-off-by: Wang Mingyu 
---
 ...hon3-google-auth_2.17.2.bb => python3-google-auth_2.17.3.bb} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta-python/recipes-devtools/python/{python3-google-auth_2.17.2.bb => 
python3-google-auth_2.17.3.bb} (87%)

diff --git a/meta-python/recipes-devtools/python/python3-google-auth_2.17.2.bb 
b/meta-python/recipes-devtools/python/python3-google-auth_2.17.3.bb
similarity index 87%
rename from meta-python/recipes-devtools/python/python3-google-auth_2.17.2.bb
rename to meta-python/recipes-devtools/python/python3-google-auth_2.17.3.bb
index 42f84087a..a767710ea 100644
--- a/meta-python/recipes-devtools/python/python3-google-auth_2.17.2.bb
+++ b/meta-python/recipes-devtools/python/python3-google-auth_2.17.3.bb
@@ -6,7 +6,7 @@ LIC_FILES_CHKSUM = 
"file://LICENSE;md5=86d3f3a95c324c9479bd8986968f4327"
 
 inherit pypi setuptools3
 
-SRC_URI[sha256sum] = 
"295c80ebb95eac74003c07a696cf3ef6b414e9230ae8894f3843f8215fd2aa56"
+SRC_URI[sha256sum] = 
"ce311e2bc58b130fddf316df57c9b3943c2a7b4f6ec31de9663a9333e4064efc"
 
 RDEPENDS:${PN} += "\
 ${PYTHON_PN}-asyncio \
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#180131): 
https://lists.openembedded.org/g/openembedded-core/message/180131
Mute This Topic: https://lists.openembedded.org/mt/98314000/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [oe] [meta-python] [PATCH] python3-google-api-python-client: upgrade 2.84.0 -> 2.85.0

[wangmy]

From: Wang Mingyu 

Changelog:
https://github.com/googleapis/google-api-python-client/blob/main/CHANGELOG.md

Signed-off-by: Wang Mingyu 
---
 ...ent_2.84.0.bb => python3-google-api-python-client_2.85.0.bb} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename 
meta-python/recipes-devtools/python/{python3-google-api-python-client_2.84.0.bb 
=> python3-google-api-python-client_2.85.0.bb} (86%)

diff --git 
a/meta-python/recipes-devtools/python/python3-google-api-python-client_2.84.0.bb
 
b/meta-python/recipes-devtools/python/python3-google-api-python-client_2.85.0.bb
similarity index 86%
rename from 
meta-python/recipes-devtools/python/python3-google-api-python-client_2.84.0.bb
rename to 
meta-python/recipes-devtools/python/python3-google-api-python-client_2.85.0.bb
index f22c52702..6acac0647 100644
--- 
a/meta-python/recipes-devtools/python/python3-google-api-python-client_2.84.0.bb
+++ 
b/meta-python/recipes-devtools/python/python3-google-api-python-client_2.85.0.bb
@@ -4,7 +4,7 @@ HOMEPAGE = 
"https://github.com/googleapis/google-api-python-client;
 LICENSE = "Apache-2.0"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=86d3f3a95c324c9479bd8986968f4327"
 
-SRC_URI[sha256sum] = 
"c398fd6f9ead0be23aade3b2704c72c5146df0e3352d8ff9101286077e1b010a"
+SRC_URI[sha256sum] = 
"07b21ef21a542dd69cd7c09817a6079b2769cc2a791981402e8f0fcdb2d47f90"
 
 inherit pypi setuptools3
 
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#180130): 
https://lists.openembedded.org/g/openembedded-core/message/180130
Mute This Topic: https://lists.openembedded.org/mt/98313941/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [oe] [meta-python] [PATCH] python3-elementpath: upgrade 4.1.0 -> 4.1.1

[wangmy]

From: Wang Mingyu 

Changelog:
=
 Simplify type annotations for XSD datatypes
 Full test coverage of sequence type functions with bugfixes

Signed-off-by: Wang Mingyu 
---
 ...ython3-elementpath_4.1.0.bb => python3-elementpath_4.1.1.bb} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta-python/recipes-devtools/python/{python3-elementpath_4.1.0.bb => 
python3-elementpath_4.1.1.bb} (86%)

diff --git a/meta-python/recipes-devtools/python/python3-elementpath_4.1.0.bb 
b/meta-python/recipes-devtools/python/python3-elementpath_4.1.1.bb
similarity index 86%
rename from meta-python/recipes-devtools/python/python3-elementpath_4.1.0.bb
rename to meta-python/recipes-devtools/python/python3-elementpath_4.1.1.bb
index 5b8560782..c5f96f2de 100644
--- a/meta-python/recipes-devtools/python/python3-elementpath_4.1.0.bb
+++ b/meta-python/recipes-devtools/python/python3-elementpath_4.1.1.bb
@@ -3,7 +3,7 @@ HOMEPAGE = "https://github.com/sissaschool/elementpath;
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=5dbb7fb7d72da3921202dd7b995d3ecf"
 
-SRC_URI[sha256sum] = 
"dbd7eba3cf0b3b4934f627ba24851a3e0798ef2bc9104555a4cd831f2e6e8e14"
+SRC_URI[sha256sum] = 
"cd2bff3de8cddf8a480f728e648c6cae47d8ab66696c7d830a7a84536d8cae58"
 
 PYPI_PACKAGE = "elementpath"
 inherit pypi setuptools3
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#180129): 
https://lists.openembedded.org/g/openembedded-core/message/180129
Mute This Topic: https://lists.openembedded.org/mt/98313940/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [oe] [meta-python] [PATCH] python3-diskcache: upgrade 5.4.0 -> 5.5.1

[wangmy]

From: Wang Mingyu 

Signed-off-by: Wang Mingyu 
---
 .../{python3-diskcache_5.4.0.bb => python3-diskcache_5.5.1.bb}  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta-python/recipes-devtools/python/{python3-diskcache_5.4.0.bb => 
python3-diskcache_5.5.1.bb} (85%)

diff --git a/meta-python/recipes-devtools/python/python3-diskcache_5.4.0.bb 
b/meta-python/recipes-devtools/python/python3-diskcache_5.5.1.bb
similarity index 85%
rename from meta-python/recipes-devtools/python/python3-diskcache_5.4.0.bb
rename to meta-python/recipes-devtools/python/python3-diskcache_5.5.1.bb
index 84d42e572..50e3c12d8 100644
--- a/meta-python/recipes-devtools/python/python3-diskcache_5.4.0.bb
+++ b/meta-python/recipes-devtools/python/python3-diskcache_5.5.1.bb
@@ -3,7 +3,7 @@ HOMEPAGE = "http://www.grantjenks.com/docs/diskcache/;
 LICENSE = "Apache-2.0"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=c60ef82f0f40155453f6d5f2c94b6e8e"
 
-SRC_URI[sha256sum] = 
"8879eb8c9b4a2509a5e633d2008634fb2b0b35c2b36192d89655dbde02419644"
+SRC_URI[sha256sum] = 
"8685515584cc110a463d0728d98beaba56c7e2803b60a19cb8983a4c9e341d91"
 
 PYPI_PACKAGE = "diskcache"
 
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#180128): 
https://lists.openembedded.org/g/openembedded-core/message/180128
Mute This Topic: https://lists.openembedded.org/mt/98313932/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [oe] [meta-python] [PATCH] python3-croniter: upgrade 1.3.8 -> 1.3.14

[wangmy]

From: Wang Mingyu 

Changelog:
==
Add check for range begin/end
restore py2 compat
Do not expose i into global namespace
Fix DOW hash parsing
better error handling on py3

Signed-off-by: Wang Mingyu 
---
 .../{python3-croniter_1.3.8.bb => python3-croniter_1.3.14.bb}   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta-python/recipes-devtools/python/{python3-croniter_1.3.8.bb => 
python3-croniter_1.3.14.bb} (77%)

diff --git a/meta-python/recipes-devtools/python/python3-croniter_1.3.8.bb 
b/meta-python/recipes-devtools/python/python3-croniter_1.3.14.bb
similarity index 77%
rename from meta-python/recipes-devtools/python/python3-croniter_1.3.8.bb
rename to meta-python/recipes-devtools/python/python3-croniter_1.3.14.bb
index 691c25017..af8892eb7 100644
--- a/meta-python/recipes-devtools/python/python3-croniter_1.3.8.bb
+++ b/meta-python/recipes-devtools/python/python3-croniter_1.3.14.bb
@@ -5,7 +5,7 @@ LIC_FILES_CHKSUM = 
"file://LICENSE;md5=b8ee59850b882cbf623188489ea748e2"
 
 PYPI_PACKAGE = "croniter"
 
-SRC_URI[sha256sum] = 
"32a5ec04e97ec0837bcdf013767abd2e71cceeefd3c2e14c804098ce51ad6cd9"
+SRC_URI[sha256sum] = 
"d067b1f95b553c6e82d95a983c465695913dcd12f47a8b9aa938a0450d94dd5e"
 
 inherit pypi setuptools3
 
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#180127): 
https://lists.openembedded.org/g/openembedded-core/message/180127
Mute This Topic: https://lists.openembedded.org/mt/98313929/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [oe] [meta-python] [PATCH] python3-cmake: upgrade 3.26.1 -> 3.26.3

[wangmy]

From: Wang Mingyu 

Changelog:
==
 update pre-commit hooks (#350, #353) 
 bump pypa/gh-action-pypi-publish from 1.8.3 to 1.8.5

Signed-off-by: Wang Mingyu 
---
 .../python/{python3-cmake_3.26.1.bb => python3-cmake_3.26.3.bb} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta-python/recipes-devtools/python/{python3-cmake_3.26.1.bb => 
python3-cmake_3.26.3.bb} (90%)

diff --git a/meta-python/recipes-devtools/python/python3-cmake_3.26.1.bb 
b/meta-python/recipes-devtools/python/python3-cmake_3.26.3.bb
similarity index 90%
rename from meta-python/recipes-devtools/python/python3-cmake_3.26.1.bb
rename to meta-python/recipes-devtools/python/python3-cmake_3.26.3.bb
index f95e2eab0..8e924acd3 100644
--- a/meta-python/recipes-devtools/python/python3-cmake_3.26.1.bb
+++ b/meta-python/recipes-devtools/python/python3-cmake_3.26.3.bb
@@ -11,7 +11,7 @@ PYPI_PACKAGE = "cmake"
 PYPI_ARCHIVE_NAME_PREFIX = "pypi-"
 
 inherit pypi python_setuptools_build_meta
-SRC_URI[sha256sum] = 
"4e0eb3c03dcf2d459f78d96cc85f7482476aeb1ae5ada65150b1db35c0f70cc7"
+SRC_URI[sha256sum] = 
"b54cde1f1c0573321b22382bd2ffaf5d08f65188572d128cd4867fb9669723c5"
 
 SRC_URI += " \
file://CMakeLists.txt \
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#180126): 
https://lists.openembedded.org/g/openembedded-core/message/180126
Mute This Topic: https://lists.openembedded.org/mt/98313928/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [oe] [meta-oe] [PATCH] php: upgrade 8.2.4 -> 8.2.5

[wangmy]

From: Wang Mingyu 

Changelog:
==
Added optional support for max_execution_time in ZTS/Linux builds
Fixed use-after-free in recursive AST evaluation.
Fixed bug GH-8646 (Memory leak PHP FPM 8.1).
Re-add some CTE functions that were removed from being CTE by a mistake.
Remove CTE flag from array_diff_ukey(), which was added by mistake.
Fixed bug GH-10801 (Named arguments in CTE functions cause a segfault).
Fixed bug GH-8789 (PHP 8.0.20 (ZTS) zend_signal_handler_defer crashes on 
apache).
Fixed bug GH-10015 (zend_signal_handler_defer crashes on apache shutdown).
Fixed bug GH-10810 (Fix NUL byte terminating Exception::__toString()).
Fix potential memory corruption when mixing __callStatic() and FFI.

Signed-off-by: Wang Mingyu 
---
 meta-oe/recipes-devtools/php/{php_8.2.4.bb => php_8.2.5.bb} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta-oe/recipes-devtools/php/{php_8.2.4.bb => php_8.2.5.bb} (99%)

diff --git a/meta-oe/recipes-devtools/php/php_8.2.4.bb 
b/meta-oe/recipes-devtools/php/php_8.2.5.bb
similarity index 99%
rename from meta-oe/recipes-devtools/php/php_8.2.4.bb
rename to meta-oe/recipes-devtools/php/php_8.2.5.bb
index d5954d976..ff432f3ad 100644
--- a/meta-oe/recipes-devtools/php/php_8.2.4.bb
+++ b/meta-oe/recipes-devtools/php/php_8.2.5.bb
@@ -34,7 +34,7 @@ SRC_URI:append:class-target = " \
   "
 
 S = "${WORKDIR}/php-${PV}"
-SRC_URI[sha256sum] = 
"79186f94bd510db86e31e535dd448277a1eb92a87878303a1ead44602d8b1197"
+SRC_URI[sha256sum] = 
"e5a80663cca4f6044ad86a489798147c7af037eca96f6cd357ab36d28cb63757"
 
 CVE_CHECK_IGNORE += "\
 CVE-2007-2728 \
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#180125): 
https://lists.openembedded.org/g/openembedded-core/message/180125
Mute This Topic: https://lists.openembedded.org/mt/98313779/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [oe] [meta-networking] [PATCH] openvpn: upgrade 2.6.2 -> 2.6.3

[wangmy]

From: Wang Mingyu 

Changelog:
==
  GHA: remove Ubuntu 18.04 builds
  vcpkg: request "tools" feature of openssl for MSVC build
  doc: run rst2* with --strict to catch warnings
  Support of DNS domain for DHCP-less drivers
  Bug-fix: segfault in dco_get_peer_stats()

Signed-off-by: Wang Mingyu 
---
 .../openvpn/{openvpn_2.6.2.bb => openvpn_2.6.3.bb}  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta-networking/recipes-support/openvpn/{openvpn_2.6.2.bb => 
openvpn_2.6.3.bb} (97%)

diff --git a/meta-networking/recipes-support/openvpn/openvpn_2.6.2.bb 
b/meta-networking/recipes-support/openvpn/openvpn_2.6.3.bb
similarity index 97%
rename from meta-networking/recipes-support/openvpn/openvpn_2.6.2.bb
rename to meta-networking/recipes-support/openvpn/openvpn_2.6.3.bb
index 36ae8c96f..76bce7db5 100644
--- a/meta-networking/recipes-support/openvpn/openvpn_2.6.2.bb
+++ b/meta-networking/recipes-support/openvpn/openvpn_2.6.3.bb
@@ -14,7 +14,7 @@ SRC_URI = 
"http://swupdate.openvpn.org/community/releases/${BP}.tar.gz \
 
 UPSTREAM_CHECK_URI = "https://openvpn.net/community-downloads;
 
-SRC_URI[sha256sum] = 
"42d561a9af150b21bc914e3b7aa09f88013d2ffa6d5ce75a025a3b34caa948d4"
+SRC_URI[sha256sum] = 
"13b207a376d8880507c74ff78aabc3778a9da47c89f1e247dcee3c7237138ff6"
 
 # CVE-2020-7224 and CVE-2020-27569 are for Aviatrix OpenVPN client, not for 
openvpn.
 CVE_CHECK_IGNORE += "CVE-2020-7224 CVE-2020-27569"
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#180124): 
https://lists.openembedded.org/g/openembedded-core/message/180124
Mute This Topic: https://lists.openembedded.org/mt/98313778/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [oe] [meta-networking] [PATCH] mctp: upgrade 1.0 -> 1.1

[wangmy]

From: Wang Mingyu 

Signed-off-by: Wang Mingyu 
---
 .../recipes-support/mctp/{mctp_git.bb => mctp_1.1.bb} | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)
 rename meta-networking/recipes-support/mctp/{mctp_git.bb => mctp_1.1.bb} (94%)

diff --git a/meta-networking/recipes-support/mctp/mctp_git.bb 
b/meta-networking/recipes-support/mctp/mctp_1.1.bb
similarity index 94%
rename from meta-networking/recipes-support/mctp/mctp_git.bb
rename to meta-networking/recipes-support/mctp/mctp_1.1.bb
index edc614d34..bf3961be4 100644
--- a/meta-networking/recipes-support/mctp/mctp_git.bb
+++ b/meta-networking/recipes-support/mctp/mctp_1.1.bb
@@ -5,9 +5,7 @@ LICENSE = "GPL-2.0-only"
 
 LIC_FILES_CHKSUM = "file://LICENSE;md5=4cc91856b08b094b4f406a29dc61db21"
 
-PV = "1.0+git${SRCPV}"
-
-SRCREV = "ae3a9162d6c5df0fa50abc34fc951dfd0e3d23c5"
+SRCREV = "a591ad885aa28f113cb45870b2fd5bce48378d6f"
 
 SRC_URI = "git://github.com/CodeConstruct/mctp;branch=main;protocol=https"
 
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#180123): 
https://lists.openembedded.org/g/openembedded-core/message/180123
Mute This Topic: https://lists.openembedded.org/mt/98313773/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [oe] [meta-oe] [PATCH] capnproto: upgrade 0.10.3 -> 0.10.4

[wangmy]

From: Wang Mingyu 

Signed-off-by: Wang Mingyu 
---
 .../capnproto/{capnproto_0.10.3.bb => capnproto_0.10.4.bb}| 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename meta-oe/recipes-devtools/capnproto/{capnproto_0.10.3.bb => 
capnproto_0.10.4.bb} (90%)

diff --git a/meta-oe/recipes-devtools/capnproto/capnproto_0.10.3.bb 
b/meta-oe/recipes-devtools/capnproto/capnproto_0.10.4.bb
similarity index 90%
rename from meta-oe/recipes-devtools/capnproto/capnproto_0.10.3.bb
rename to meta-oe/recipes-devtools/capnproto/capnproto_0.10.4.bb
index bf98d561e..bbdc3b597 100644
--- a/meta-oe/recipes-devtools/capnproto/capnproto_0.10.3.bb
+++ b/meta-oe/recipes-devtools/capnproto/capnproto_0.10.4.bb
@@ -5,8 +5,8 @@ SECTION = "console/tools"
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://../LICENSE;md5=a05663ae6cca874123bf667a60dca8c9"
 
-SRC_URI = 
"git://github.com/sandstorm-io/capnproto.git;branch=release-0.10.3;protocol=https"
-SRCREV = "a16468f296a9584f4068072efecdee8a9eb9c2ed"
+SRC_URI = 
"git://github.com/sandstorm-io/capnproto.git;branch=release-0.10.4;protocol=https"
+SRCREV = "a91ec65323c2577732224d0cf6f5bf1e79d3a724"
 
 S = "${WORKDIR}/git/c++"
 
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#180121): 
https://lists.openembedded.org/g/openembedded-core/message/180121
Mute This Topic: https://lists.openembedded.org/mt/98313768/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [oe] [meta-oe] [PATCH] ctags: upgrade 6.0.20230402.0 -> 6.0.20230416.0

[wangmy]

From: Wang Mingyu 

Signed-off-by: Wang Mingyu 
---
 .../ctags/{ctags_6.0.20230402.0.bb => ctags_6.0.20230416.0.bb}  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta-oe/recipes-devtools/ctags/{ctags_6.0.20230402.0.bb => 
ctags_6.0.20230416.0.bb} (95%)

diff --git a/meta-oe/recipes-devtools/ctags/ctags_6.0.20230402.0.bb 
b/meta-oe/recipes-devtools/ctags/ctags_6.0.20230416.0.bb
similarity index 95%
rename from meta-oe/recipes-devtools/ctags/ctags_6.0.20230402.0.bb
rename to meta-oe/recipes-devtools/ctags/ctags_6.0.20230416.0.bb
index b7cf45950..cc82d9953 100644
--- a/meta-oe/recipes-devtools/ctags/ctags_6.0.20230402.0.bb
+++ b/meta-oe/recipes-devtools/ctags/ctags_6.0.20230416.0.bb
@@ -14,7 +14,7 @@ LIC_FILES_CHKSUM = 
"file://COPYING;md5=0636e73ff0215e8d672dc4c32c317bb3"
 
 inherit autotools-brokensep pkgconfig manpages
 
-SRCREV = "1231ebe5b4ac1cc095b4480a0bb2b016c135d6fb"
+SRCREV = "5ba7dfcc55471e599375281f52ad2bebdc527c62"
 SRC_URI = "git://github.com/universal-ctags/ctags;branch=master;protocol=https"
 
 S = "${WORKDIR}/git"
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#180122): 
https://lists.openembedded.org/g/openembedded-core/message/180122
Mute This Topic: https://lists.openembedded.org/mt/98313770/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [kirkstone][PATCH] curl: Fix CVE-2023-27536

[Yu, Mingli]

From: Mingli Yu 

Backport patch [1] to fix CVE-2023-27536.

[1] https://github.com/curl/curl/commit/cb49e67303dba

Signed-off-by: Mingli Yu 
---
 .../curl/curl/CVE-2023-27536.patch| 57 +++
 meta/recipes-support/curl/curl_7.82.0.bb  |  1 +
 2 files changed, 58 insertions(+)
 create mode 100644 meta/recipes-support/curl/curl/CVE-2023-27536.patch

diff --git a/meta/recipes-support/curl/curl/CVE-2023-27536.patch 
b/meta/recipes-support/curl/curl/CVE-2023-27536.patch
new file mode 100644
index 00..842c70785a
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2023-27536.patch
@@ -0,0 +1,57 @@
+From 6b1ef6d5ebbfd5e68dea1eea2dc0c6cc4dc2e394 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg 
+Date: Mon, 17 Apr 2023 05:36:18 +
+Subject: [PATCH] url: only reuse connections with same GSS delegation
+
+Reported-by: Harry Sintonen
+Closes #10731
+
+CVE: CVE-2023-27536
+
+Upstream-Status: Backport [https://github.com/curl/curl/commit/cb49e67303dba]
+
+Signed-off-by: Mingli Yu 
+---
+ lib/url.c | 6 ++
+ lib/urldata.h | 1 +
+ 2 files changed, 7 insertions(+)
+
+diff --git a/lib/url.c b/lib/url.c
+index df4377d..8c43c3b 100644
+--- a/lib/url.c
 b/lib/url.c
+@@ -1350,6 +1350,11 @@ ConnectionExists(struct Curl_easy *data,
+ }
+   }
+ 
++  /* GSS delegation differences do not actually affect every connection
++ and auth method, but this check takes precaution before efficiency */
++  if(needle->gssapi_delegation != check->gssapi_delegation)
++continue;
++
+   /* If multiplexing isn't enabled on the h2 connection and h1 is
+  explicitly requested, handle it: */
+   if((needle->handler->protocol & PROTO_FAMILY_HTTP) &&
+@@ -1807,6 +1812,7 @@ static struct connectdata *allocate_conn(struct 
Curl_easy *data)
+   conn->fclosesocket = data->set.fclosesocket;
+   conn->closesocket_client = data->set.closesocket_client;
+   conn->lastused = Curl_now(); /* used now */
++  conn->gssapi_delegation = data->set.gssapi_delegation;
+ 
+   return conn;
+   error:
+diff --git a/lib/urldata.h b/lib/urldata.h
+index 69eb2ee..c2a7e6c 100644
+--- a/lib/urldata.h
 b/lib/urldata.h
+@@ -1131,6 +1131,7 @@ struct connectdata {
+   int socks5_gssapi_enctype;
+ #endif
+   unsigned short localport;
++  unsigned char gssapi_delegation; /* inherited from set.gssapi_delegation */
+ };
+ 
+ /* The end of connectdata. */
+-- 
+2.23.0
+
diff --git a/meta/recipes-support/curl/curl_7.82.0.bb 
b/meta/recipes-support/curl/curl_7.82.0.bb
index 945745cdde..888527857a 100644
--- a/meta/recipes-support/curl/curl_7.82.0.bb
+++ b/meta/recipes-support/curl/curl_7.82.0.bb
@@ -40,6 +40,7 @@ SRC_URI = "https://curl.se/download/${BP}.tar.xz \
file://CVE-2023-23914_5-4.patch \
file://CVE-2023-23914_5-5.patch \
file://CVE-2023-23916.patch \
+   file://CVE-2023-27536.patch \
"
 SRC_URI[sha256sum] = 
"0aaa12d7bd04b0966254f2703ce80dd5c38dbbd76af0297d3d690cdce58a583c"
 
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#180120): 
https://lists.openembedded.org/g/openembedded-core/message/180120
Mute This Topic: https://lists.openembedded.org/mt/98313621/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] libxml2: Disable icu tests on musl

[Khem Raj]

these tests do not work with musl's iconv implementation and would need
enabling icu support using --with-icu which we do not enable by default

Additionally enable locale with musl too.

Signed-off-by: Khem Raj 
---
 meta/recipes-core/libxml/libxml2_2.10.3.bb | 9 +++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-core/libxml/libxml2_2.10.3.bb 
b/meta/recipes-core/libxml/libxml2_2.10.3.bb
index 6b3dd3ec42..0ccd48964f 100644
--- a/meta/recipes-core/libxml/libxml2_2.10.3.bb
+++ b/meta/recipes-core/libxml/libxml2_2.10.3.bb
@@ -40,15 +40,15 @@ inherit autotools pkgconfig binconfig-disabled ptest
 
 inherit ${@bb.utils.contains('PACKAGECONFIG', 'python', 'python3targetconfig', 
'', d)}
 
-RDEPENDS:${PN}-ptest += "bash make ${@bb.utils.contains('PACKAGECONFIG', 
'python', 'libgcc python3-core python3-logging python3-shell python3-stringold 
python3-threading python3-unittest ${PN}-python', '', d)}"
+RDEPENDS:${PN}-ptest += "bash make locale-base-en-us 
${@bb.utils.contains('PACKAGECONFIG', 'python', 'libgcc python3-core 
python3-logging python3-shell python3-stringold python3-threading 
python3-unittest ${PN}-python', '', d)}"
 
 RDEPENDS:${PN}-python += "${@bb.utils.contains('PACKAGECONFIG', 'python', 
'python3-core', '', d)}"
 
+RDEPENDS:${PN}-ptest:append:libc-musl = " musl-locales"
 RDEPENDS:${PN}-ptest:append:libc-glibc = " glibc-gconv-ebcdic-us \
glibc-gconv-ibm1141 \
glibc-gconv-iso8859-5 \
glibc-gconv-euc-jp \
-   locale-base-en-us \
  "
 
 # WARNING: zlib is required for RPM use
@@ -85,6 +85,11 @@ do_install_ptest () {
 fi
 }
 
+# with musl we need to enable icu support explicitly for these tests
+do_install_ptest:append:libc-musl () {
+   rm -rf ${D}/${PTEST_PATH}/test/icu_parse_test.xml
+}
+
 do_install:append:class-native () {
# Docs are not needed in the native case
rm ${D}${datadir}/gtk-doc -rf
-- 
2.40.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#180119): 
https://lists.openembedded.org/g/openembedded-core/message/180119
Mute This Topic: https://lists.openembedded.org/mt/98313431/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-