Re: [OE-core] [qa-build-notification] QA notification for completed autobuilder build (yocto-4.3_M3.rc1)

[Jing Hui Tham]

Hi All,
 
QA for yocto-4.3_M3.rc1 is completed. This is the full report for this release: 
 
https://git.yoctoproject.org/cgit/cgit.cgi/yocto-testresults-contrib/tree/?h=intel-yocto-testresults
 
=== Summary 
No high milestone defects.
 
No new issue found. 
 
Thanks,
Jing Hui


> -Original Message-
> From: qa-build-notificat...@lists.yoctoproject.org  notificat...@lists.yoctoproject.org> On Behalf Of Pokybuild User
> Sent: Sunday, September 10, 2023 8:55 PM
> To: yo...@lists.yoctoproject.org
> Cc: qa-build-notificat...@lists.yoctoproject.org
> Subject: [qa-build-notification] QA notification for completed autobuilder
> build (yocto-4.3_M3.rc1)
> 
> 
> A build flagged for QA (yocto-4.3_M3.rc1) was completed on the
> autobuilder and is available at:
> 
> 
> https://autobuilder.yocto.io/pub/releases/yocto-4.3_M3.rc1
> 
> 
> Build hash information:
> 
> bitbake: 033896da8daaff69df3c2adb4ad5fee29121e831
> meta-agl: e654a050a3a2f2e780b35f90e6be7a453bb0c305
> meta-arm: a262d308e78b9ad5c0f92c77714c7a354c5ddcfb
> meta-aws: 3095240fb84be8fc78facdd2cdb91f77abf4e62d
> meta-intel: 0ccbd5e710b827a1cc73acf0ac75c395edc57b59
> meta-mingw: 65ef95a74f6ae815f63f636ed53e140a26a014ce
> meta-openembedded: 7554afa9b38c12a066b5970e18c1a7d60584f47e
> meta-virtualization: 113af45b75d2a19726d3e084e9ba05826128097b
> oecore: 03d37854b1dacbecd2c522821c59ef01d9bd305c
> poky: 61531cd3956c56644fc1c4cc77f130e60db1a771
> 
> 
> 
> This is an automated message from the Yocto Project Autobuilder
> Git: git://git.yoctoproject.org/yocto-autobuilder2
> Email: richard.pur...@linuxfoundation.org
> 
> 
> 
> 
> 
> 
> 


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187623): 
https://lists.openembedded.org/g/openembedded-core/message/187623
Mute This Topic: https://lists.openembedded.org/mt/101285641/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [PATCH] [OE-core] [PATCH] font-util: upgrade 1.4.0 -> 1.4.1

[wangmy]

The original LICENSE of bb file :
LICENSE = "MIT & MIT & BSD-4-Clause & BSD-2-Clause"

Using the license check tool to confirm the COPYING, the conclusion is as 
following:
 MIT-open-group
 Unicode-TOU
 BSD-1-Clause
 BSD-3-Clause
 MIT

Do I need to modify the LICENSE in the bb file based on the check results?
  --
Best Regards
---
Wang Mingyu
Development Dept.I
Nanjing Fujitsu Nanda Software Tech. Co., Ltd.(FNST) No. 6 Wenzhu Road, 
Nanjing, 210012, China
TEL: +86+25-86630566-8568
COINS: 79988548
FAX: +86+25-83317685
MAIL: wan...@fujitsu.com
http://www.fujitsu.com/cn/fnst/

> -Original Message-
> From: Richard Purdie 
> Sent: Wednesday, September 13, 2023 6:26 PM
> To: Wang, Mingyu/王 鸣瑜 ;
> openembedded-core@lists.openembedded.org
> Subject: Re: [PATCH] [OE-core] [PATCH] font-util: upgrade 1.4.0 -> 1.4.1
> 
> On Wed, 2023-09-13 at 17:36 +0800, wangmy wrote:
> > From: Wang Mingyu 
> >
> > License-Update:
> > - Replace unicode files with ones that provide better terms of use
> >   Identical files but these have the unicode terms-of-use (SPDX:
> >   Unicode-TOU) instead of some old license format.
> >
> >https://www.unicode.org/Public/MAPPINGS/ISO8859/8859-1.TXT
> >
> https://www.unicode.org/Public/MAPPINGS/OBSOLETE/EASTASIA/JIS/JIS0201.T
> XT
> >https://www.unicode.org/Public/MAPPINGS/VENDORS/MISC/KOI8-R.TXT
> >
> > - Remove "All rights reserved" from Oracle copyright notices
> >   Oracle no longer includes this term in our copyright & license notices.
> >
> > Signed-off-by: Wang Mingyu 
> > ---
> >  .../xorg-font/{font-util_1.4.0.bb => font-util_1.4.1.bb}   | 7 ---
> >  1 file changed, 4 insertions(+), 3 deletions(-)  rename
> > meta/recipes-graphics/xorg-font/{font-util_1.4.0.bb =>
> > font-util_1.4.1.bb} (74%)
> >
> 
> Does that mean that LICENSE should have Unicode-TOU in it?
> 
> Cheers,
> 
> Richard

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187622): 
https://lists.openembedded.org/g/openembedded-core/message/187622
Mute This Topic: https://lists.openembedded.org/mt/101333495/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH] iproute2: upgrade 6.4.0 -> 6.5.0

[Richard Purdie]

On Wed, 2023-09-13 at 17:31 +0800, wangmy wrote:
> From: Wang Mingyu 
> 
> 0001-bridge-mdb.c-include-limits.h.patch
> removed since it's included in 6.5.0
> 
> Signed-off-by: Wang Mingyu 
> ---
>  .../0001-bridge-mdb.c-include-limits.h.patch  | 41 ---
>  .../{iproute2_6.4.0.bb => iproute2_6.5.0.bb}  |  3 +-
>  2 files changed, 1 insertion(+), 43 deletions(-)
>  delete mode 100644 
> meta/recipes-connectivity/iproute2/iproute2/0001-bridge-mdb.c-include-limits.h.patch
>  rename meta/recipes-connectivity/iproute2/{iproute2_6.4.0.bb => 
> iproute2_6.5.0.bb} (95%)
> 
> diff --git 
> a/meta/recipes-connectivity/iproute2/iproute2/0001-bridge-mdb.c-include-limits.h.patch
>  
> b/meta/recipes-connectivity/iproute2/iproute2/0001-bridge-mdb.c-include-limits.h.patch
> deleted file mode 100644
> index f9a0e35d83..00
> --- 
> a/meta/recipes-connectivity/iproute2/iproute2/0001-bridge-mdb.c-include-limits.h.patch
> +++ /dev/null
> @@ -1,41 +0,0 @@
> -From b13f04c0c685b6d2474aa7d97e191531f327bc45 Mon Sep 17 00:00:00 2001
> -From: Trevor Gamblin 
> -Date: Thu, 20 Jul 2023 14:32:23 -0400
> -Subject: [PATCH] bridge/mdb.c: include limits.h
> -
> -Upstream-Status: Submitted
> -(https://lore.kernel.org/netdev/20230720203726.2316251-1-tgamb...@baylibre.com/)
> -
> -While building iproute2 6.4.0 with musl using Yocto Project, errors such
> -as the following were encountered:
> -
> -| mdb.c: In function 'mdb_parse_vni':
> -| mdb.c:666:47: error: 'ULONG_MAX' undeclared (first use in this function)
> -|   666 | if ((endptr && *endptr) || vni_num == ULONG_MAX)
> -|   |   ^
> -| mdb.c:666:47: note: 'ULONG_MAX' is defined in header ''; did you 
> forget to '#include '?
> -
> -Include limits.h in bridge/mdb.c to fix this issue. This change is based
> -on one in Alpine Linux, but the author there had no plans to submit:
> -https://git.alpinelinux.org/aports/commit/main/iproute2/include.patch?id=bd46efb8a8da54948639cebcfa5b37bd608f1069
> -
> -Signed-off-by: Trevor Gamblin 
> 
> - bridge/mdb.c | 1 +
> - 1 file changed, 1 insertion(+)
> -
> -diff --git a/bridge/mdb.c b/bridge/mdb.c
> -index fbb4f704..18793458 100644
>  a/bridge/mdb.c
> -+++ b/bridge/mdb.c
> -@@ -15,6 +15,7 @@
> - #include 
> - #include 
> - #include 
> -+#include 
> - 
> - #include "libnetlink.h"
> - #include "utils.h"
> --- 
> -2.41.0
> -
> diff --git a/meta/recipes-connectivity/iproute2/iproute2_6.4.0.bb 
> b/meta/recipes-connectivity/iproute2/iproute2_6.5.0.bb
> similarity index 95%
> rename from meta/recipes-connectivity/iproute2/iproute2_6.4.0.bb
> rename to meta/recipes-connectivity/iproute2/iproute2_6.5.0.bb
> index 32e2f8176b..db46c8317a 100644
> --- a/meta/recipes-connectivity/iproute2/iproute2_6.4.0.bb
> +++ b/meta/recipes-connectivity/iproute2/iproute2_6.5.0.bb
> @@ -13,10 +13,9 @@ DEPENDS = "flex-native bison-native iptables libcap"
>  
>  SRC_URI = "${KERNELORG_MIRROR}/linux/utils/net/${BPN}/${BP}.tar.xz \
> file://0001-libc-compat.h-add-musl-workaround.patch \
> -   file://0001-bridge-mdb.c-include-limits.h.patch \
> "
>  
> -SRC_URI[sha256sum] = 
> "4c51b8decbc7e4da159ffb066f590cfb93dbf9af7ff86b1647ce42b7c179a272"
> +SRC_URI[sha256sum] = 
> "a70179085fa1b96d3c33b040c809b75e2b57563adc505a4ad05e2609df373463"
>  
>  inherit update-alternatives bash-completion pkgconfig

https://autobuilder.yoctoproject.org/typhoon/#/builders/52/builds/7663/steps/11/logs/stdio
https://autobuilder.yoctoproject.org/typhoon/#/builders/108/builds/5055/steps/11/logs/stdio
https://autobuilder.yoctoproject.org/typhoon/#/builders/44/builds/7811/steps/17/logs/stdio
https://autobuilder.yoctoproject.org/typhoon/#/builders/44/builds/7811/steps/23/logs/stdio
https://autobuilder.yoctoproject.org/typhoon/#/builders/44/builds/7811/steps/26/logs/stdio

Cheers,

Richard

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187621): 
https://lists.openembedded.org/g/openembedded-core/message/187621
Mute This Topic: https://lists.openembedded.org/mt/101333445/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [kirkstone][PATCH] glibc: stable 2.35 branch updates

[Khem Raj]

Thanks LGTM

On Wed, Sep 13, 2023 at 4:19 AM Sanjana V  wrote:
>
> Below commits on glibc-2.35 stable branch are updated.
>
> 561e9dadc0 x86: Fix incorrect scope of setting `shared_per_thread`
> 1c3ecf5858 x86: Use `3/4*sizeof(per-thread-L3)` as low bound for NT threshold.
> 47c7d2eb03 x86: Fix slight bug in `shared_per_thread` cache size calculation.
> d1b1da26ea x86: Increase `non_temporal_threshold` to roughly `sizeof_L3 / 4`
> e19af583b4 elf: _dl_find_object may return 1 during early startup.
>
> Signed-off-by: Sanjana 
> ---
>  meta/recipes-core/glibc/glibc-version.inc | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/meta/recipes-core/glibc/glibc-version.inc 
> b/meta/recipes-core/glibc/glibc-version.inc
> index 01b1abef7d..f23ceb5a25 100644
> --- a/meta/recipes-core/glibc/glibc-version.inc
> +++ b/meta/recipes-core/glibc/glibc-version.inc
> @@ -1,6 +1,6 @@
>  SRCBRANCH ?= "release/2.35/master"
>  PV = "2.35"
> -SRCREV_glibc ?= "cbceb903c4d770acc7e4ba5641036516830ed69b"
> +SRCREV_glibc ?= "561e9dadc02f46a7ba2190c0a04259583479f6c9"
>  SRCREV_localedef ?= "794da69788cbf9bf57b59a852f9f11307663fa87"
>
>  GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git"
> --
> 2.34.1
>
>
> 
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187620): 
https://lists.openembedded.org/g/openembedded-core/message/187620
Mute This Topic: https://lists.openembedded.org/mt/101334533/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [kirkstone][PATCH] binutils: stable 2.38 branch updates

[Khem Raj]

On Wed, Sep 13, 2023 at 4:41 AM Sanjana V  wrote:
>
> Regression testing with binutils testing is performed and no regressions 
> found.

Thanks. LGTM

> 
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187619): 
https://lists.openembedded.org/g/openembedded-core/message/187619
Mute This Topic: https://lists.openembedded.org/mt/101334703/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] testimage: respect target/server IPs when using slirp

[Ross Burton]

From: Ross Burton 

We can't hardcode these IPs when using slirp.

The target IP will need a port to be specified as this controls what port
the SSH connection uses, and when slirp is used it can't bind to port
22. The qemu runner (OEQemuTarget) assumes that the first port forward
is the SSH forward, but this may be wrong or a different target may be
used.

The server IP depends on how the virtual networking is configured.
runqemu defaults to 10.0.2.x for the guests so that is a wise default,
but that may be configured differently.

Signed-off-by: Ross Burton 
---
 meta/classes-recipe/testimage.bbclass | 9 ++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/meta/classes-recipe/testimage.bbclass 
b/meta/classes-recipe/testimage.bbclass
index 73409967887..8a944f58098 100644
--- a/meta/classes-recipe/testimage.bbclass
+++ b/meta/classes-recipe/testimage.bbclass
@@ -370,9 +370,12 @@ def testimage_main(d):
 export_proxies(d)
 
 if slirp:
-target_ip = "127.0.0.1"
-# from qemu target to host with default DHCP server
-server_ip = "10.0.2.2"
+# Default to 127.0.0.1 and let the runner identify the port forwarding
+# (as OEQemuTarget does), but allow overriding.
+target_ip = d.getVar("TEST_TARGET_IP") or "127.0.0.1"
+# Default to 10.0.2.2 as this is the IP that the guest has with the
+# default qemu slirp networking configuration, but allow overriding.
+server_ip = d.getVar("TEST_SERVER_IP") or "10.0.2.2"
 else:
 target_ip = d.getVar("TEST_TARGET_IP")
 server_ip = d.getVar("TEST_SERVER_IP")
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187618): 
https://lists.openembedded.org/g/openembedded-core/message/187618
Mute This Topic: https://lists.openembedded.org/mt/101342138/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH v2 1/4] patchtest: Add tests from patchtest oe repo

[Trevor Gamblin]

Copy the core components of the patchtest-oe repo into
meta/lib/patchtest in oe-core.

Signed-off-by: Trevor Gamblin 
---
v2 incorporates the new syntax for invoking patchtest in the selftest
script.

 ...-selftest-remove-configurable-target.patch |  64 +
 .../files/Author.test_author_valid.1.fail |  32 +++
 .../files/Author.test_author_valid.1.pass |  31 +++
 .../files/Author.test_author_valid.2.fail |  31 +++
 .../files/Author.test_author_valid.2.pass |  31 +++
 .../Bugzilla.test_bugzilla_entry_format.fail  |  25 ++
 .../Bugzilla.test_bugzilla_entry_format.pass  |  25 ++
 ...E.test_cve_presence_in_commit_message.fail |  72 ++
 ...E.test_cve_presence_in_commit_message.pass |  74 ++
 .../files/CVE.test_cve_tag_format.fail|  73 ++
 .../files/CVE.test_cve_tag_format.pass|  73 ++
 ...tMessage.test_commit_message_presence.fail |  22 ++
 ...tMessage.test_commit_message_presence.pass |  24 ++
 ...c_files_chksum_modified_not_mentioned.fail |  37 +++
 ...c_files_chksum_modified_not_mentioned.pass |  39 +++
 ...ChkSum.test_lic_files_chksum_presence.fail |  53 
 ...ChkSum.test_lic_files_chksum_presence.pass |  54 
 .../files/MboxFormat.test_mbox_format.1.fail  |  36 +++
 .../files/MboxFormat.test_mbox_format.2.fail  |  35 +++
 .../files/MboxFormat.test_mbox_format.pass|  33 +++
 .../Merge.test_series_merge_on_head.fail  |  41 +++
 .../Merge.test_series_merge_on_head.pass  |  35 +++
 ...gnedOffBy.test_signed_off_by_presence.fail |  71 ++
 ...gnedOffBy.test_signed_off_by_presence.pass |  72 ++
 .../files/Shortlog.test_shortlog_format.fail  |  73 ++
 .../files/Shortlog.test_shortlog_format.pass  |  73 ++
 .../files/Shortlog.test_shortlog_length.fail  |  73 ++
 .../files/Shortlog.test_shortlog_length.pass  |  73 ++
 ...edOffBy.test_signed_off_by_presence.1.fail |  71 ++
 ...edOffBy.test_signed_off_by_presence.2.fail |  72 ++
 ...gnedOffBy.test_signed_off_by_presence.pass |  72 ++
 .../files/SrcUri.test_src_uri_left_files.fail |  35 +++
 .../files/SrcUri.test_src_uri_left_files.pass |  51 
 .../files/Summary.test_summary_presence.fail  |  46 
 .../files/Summary.test_summary_presence.pass  |  49 
 meta/lib/patchtest/selftest/selftest  |  91 +++
 meta/lib/patchtest/tests/__init__.py  |   0
 meta/lib/patchtest/tests/base.py  | 239 ++
 meta/lib/patchtest/tests/pyparsing/common.py  |  26 ++
 .../tests/pyparsing/parse_cve_tags.py |  18 ++
 .../tests/pyparsing/parse_shortlog.py |  14 +
 .../tests/pyparsing/parse_signed_off_by.py|  22 ++
 .../tests/pyparsing/parse_upstream_status.py  |  24 ++
 meta/lib/patchtest/tests/test_mbox_author.py  |  29 +++
 .../lib/patchtest/tests/test_mbox_bugzilla.py |  22 ++
 meta/lib/patchtest/tests/test_mbox_cve.py |  49 
 .../patchtest/tests/test_mbox_description.py  |  17 ++
 meta/lib/patchtest/tests/test_mbox_format.py  |  16 ++
 .../patchtest/tests/test_mbox_mailinglist.py  |  64 +
 meta/lib/patchtest/tests/test_mbox_merge.py   |  25 ++
 .../lib/patchtest/tests/test_mbox_shortlog.py |  41 +++
 .../tests/test_mbox_signed_off_by.py  |  28 ++
 .../tests/test_metadata_lic_files_chksum.py   |  82 ++
 .../patchtest/tests/test_metadata_license.py  |  55 
 .../tests/test_metadata_max_length.py |  26 ++
 .../patchtest/tests/test_metadata_src_uri.py  |  75 ++
 .../patchtest/tests/test_metadata_summary.py  |  32 +++
 meta/lib/patchtest/tests/test_patch_cve.py|  51 
 .../tests/test_patch_signed_off_by.py |  43 
 .../tests/test_patch_upstream_status.py   |  64 +
 .../lib/patchtest/tests/test_python_pylint.py |  61 +
 61 files changed, 2985 insertions(+)
 create mode 100644 
meta/lib/patchtest/selftest/0001-selftest-remove-configurable-target.patch
 create mode 100644 
meta/lib/patchtest/selftest/files/Author.test_author_valid.1.fail
 create mode 100644 
meta/lib/patchtest/selftest/files/Author.test_author_valid.1.pass
 create mode 100644 
meta/lib/patchtest/selftest/files/Author.test_author_valid.2.fail
 create mode 100644 
meta/lib/patchtest/selftest/files/Author.test_author_valid.2.pass
 create mode 100644 
meta/lib/patchtest/selftest/files/Bugzilla.test_bugzilla_entry_format.fail
 create mode 100644 
meta/lib/patchtest/selftest/files/Bugzilla.test_bugzilla_entry_format.pass
 create mode 100644 
meta/lib/patchtest/selftest/files/CVE.test_cve_presence_in_commit_message.fail
 create mode 100644 
meta/lib/patchtest/selftest/files/CVE.test_cve_presence_in_commit_message.pass
 create mode 100644 
meta/lib/patchtest/selftest/files/CVE.test_cve_tag_format.fail
 create mode 100644 
meta/lib/patchtest/selftest/files/CVE.test_cve_tag_format.pass
 create mode 100644 
meta/lib/patchtest/selftest/files/CommitMessage.test_commit_message_presence.fail
 create mode 100644 
meta/lib/patchtest/selftest/files/CommitMessage.test_commit_message_presence.pass
 create 

[OE-core] [PATCH v2 4/4] patchtest: Add README.md for selftests

[Trevor Gamblin]

Add a short README describing how to setup patchtest's selftests for
oe-core.

Signed-off-by: Trevor Gamblin 
---
 meta/lib/patchtest/README.md | 20 
 1 file changed, 20 insertions(+)
 create mode 100644 meta/lib/patchtest/README.md

diff --git a/meta/lib/patchtest/README.md b/meta/lib/patchtest/README.md
new file mode 100644
index 00..f66613c0c1
--- /dev/null
+++ b/meta/lib/patchtest/README.md
@@ -0,0 +1,20 @@
+# patchtest selftests for openembedded-core
+
+This directory provides a test suite and selftest script for use with the
+patchtest repository: https://git.yoctoproject.org/patchtest/
+
+To setup for use:
+
+1. Clone https://git.openembedded.org/openembedded-core (this repo) and 
https://git.openembedded.org/bitbake/
+2. Clone https://git.yoctoproject.org/patchtest
+3. Install the necessary Python modules: in meta/lib/patchtest or the patchtest
+   repo, do `pip install -r requirements.txt`
+4. Add patchtest to PATH: `export PATH=/path/to/patchtest/repo:$PATH`
+5. Initialize the environment: `source oe-init-build-env`
+6. Add meta-selftest to bblayers.conf: `bitbake-layers add-layer
+   /path/to/meta-selftest/` (the selftests use this layer's recipes as test
+   targets)
+7. Finally, run the selftest script: `./meta/lib/patchtest/selftest/selftest`
+
+For more information on using patchtest, see the patchtest repo at
+https://git.yoctoproject.org/patchtest/.
-- 
2.41.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187616): 
https://lists.openembedded.org/g/openembedded-core/message/187616
Mute This Topic: https://lists.openembedded.org/mt/101341527/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 3/4] patchtest: add requirements.txt

[Trevor Gamblin]

Add a requirements.txt file with the Python modules needed for Patchtest
to run.

Signed-off-by: Trevor Gamblin 
---
 meta/lib/patchtest/requirements.txt | 4 
 1 file changed, 4 insertions(+)
 create mode 100644 meta/lib/patchtest/requirements.txt

diff --git a/meta/lib/patchtest/requirements.txt 
b/meta/lib/patchtest/requirements.txt
new file mode 100644
index 00..785aa469f6
--- /dev/null
+++ b/meta/lib/patchtest/requirements.txt
@@ -0,0 +1,4 @@
+jinja2
+pylint
+pyparsing>=3.0.9
+unidiff
-- 
2.41.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187615): 
https://lists.openembedded.org/g/openembedded-core/message/187615
Mute This Topic: https://lists.openembedded.org/mt/101341526/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][PATCH v2 0/4] patchtest: Add test suite for oe-core

[Trevor Gamblin]

v2 is a resend after a refactor to the patchtest CLI. Patch 3 is
unchanged, while patch 4 only fixes a typo. Patchtest change:
https://git.yoctoproject.org/patchtest/commit/?id=28fa31f48de960ccba9e6d410dc41dbed3355b29

As part of the patchtest revitalization project, the patchtest-oe
repository (https://git.yoctoproject.org/patchtest-oe/) has been updated
with fixes to tests, patch files used for testing, and the selftest
script. Since it is designed specifically as a test suite for
openembedded-core, it makes sense to include it in that repository to
reduce overall setup complexity and simplify further development of
patchtest itself. Additionally, it can be used as a baseline for tests
in other layers and/or new requirements for patch submissions.

This effort does not include migration of the actual patchtest tool or
related scripts, which remain in their own repository at
https://git.yoctoproject.org/patchtest/. What this series includes:

- Tests for validating patch format and metadata
- Sample patch files that target meta-selftest recipes 
- A selftest script for testing the sample patches against oe-core
- A requirements.txt file listing the modules that patchtest needs to
  run correctly
- A README describing how to properly setup the selftest run

Example output from selftest:

[tgamblin@megalith patchtest]$ ./selftest/selftest
XPASS: PatchSignedOffBy.test_signed_off_by_presence (file: 
PatchSignedOffBy.test_signed_off_by_presence.pass)
XFAIL: Shortlog.test_shortlog_format (file: Shortlog.test_shortlog_format.fail)
XFAIL: MboxFormat.test_mbox_format (file: MboxFormat.test_mbox_format.1.fail)
XPASS: Shortlog.test_shortlog_length (file: Shortlog.test_shortlog_length.pass)
XFAIL: CommitMessage.test_commit_message_presence (file: 
CommitMessage.test_commit_message_presence.fail)
XFAIL: SrcUri.test_src_uri_left_files (file: 
SrcUri.test_src_uri_left_files.fail)
XPASS: Author.test_author_valid (file: Author.test_author_valid.1.pass)
XFAIL: LicFilesChkSum.test_lic_files_chksum_modified_not_mentioned (file: 
LicFilesChkSum.test_lic_files_chksum_modified_not_mentioned.fail)
XPASS: CVE.test_cve_tag_format (file: CVE.test_cve_tag_format.pass)
XPASS: CVE.test_cve_presence_in_commit_message (file: 
CVE.test_cve_presence_in_commit_message.pass)
XFAIL: CVE.test_cve_tag_format (file: CVE.test_cve_tag_format.fail)
XFAIL: Author.test_author_valid (file: Author.test_author_valid.1.fail)
XFAIL: LicFilesChkSum.test_lic_files_chksum_presence (file: 
LicFilesChkSum.test_lic_files_chksum_presence.fail)
XPASS: MboxFormat.test_mbox_format (file: MboxFormat.test_mbox_format.pass)
XFAIL: SignedOffBy.test_signed_off_by_presence (file: 
SignedOffBy.test_signed_off_by_presence.1.fail)
XPASS: Shortlog.test_shortlog_format (file: Shortlog.test_shortlog_format.pass)
XFAIL: SignedOffBy.test_signed_off_by_presence (file: 
SignedOffBy.test_signed_off_by_presence.2.fail)
XFAIL: MboxFormat.test_mbox_format (file: MboxFormat.test_mbox_format.2.fail)
XFAIL: Summary.test_summary_presence (file: Summary.test_summary_presence.fail)
XPASS: Author.test_author_valid (file: Author.test_author_valid.2.pass)
XPASS: Bugzilla.test_bugzilla_entry_format (file: 
Bugzilla.test_bugzilla_entry_format.pass)
XFAIL: CVE.test_cve_presence_in_commit_message (file: 
CVE.test_cve_presence_in_commit_message.fail)
XPASS: SignedOffBy.test_signed_off_by_presence (file: 
SignedOffBy.test_signed_off_by_presence.pass)
XPASS: LicFilesChkSum.test_lic_files_chksum_presence (file: 
LicFilesChkSum.test_lic_files_chksum_presence.pass)
XPASS: Merge.test_series_merge_on_head (file: 
Merge.test_series_merge_on_head.pass)
XPASS: CommitMessage.test_commit_message_presence (file: 
CommitMessage.test_commit_message_presence.pass)
XFAIL: Merge.test_series_merge_on_head (file: 
Merge.test_series_merge_on_head.fail)
XPASS: Summary.test_summary_presence (file: Summary.test_summary_presence.pass)
XPASS: LicFilesChkSum.test_lic_files_chksum_modified_not_mentioned (file: 
LicFilesChkSum.test_lic_files_chksum_modified_not_mentioned.pass)
XFAIL: Shortlog.test_shortlog_length (file: Shortlog.test_shortlog_length.fail)
XFAIL: PatchSignedOffBy.test_signed_off_by_presence (file: 
PatchSignedOffBy.test_signed_off_by_presence.fail)
XFAIL: Bugzilla.test_bugzilla_entry_format (file: 
Bugzilla.test_bugzilla_entry_format.fail)
XPASS: SrcUri.test_src_uri_left_files (file: 
SrcUri.test_src_uri_left_files.pass)
XFAIL: Author.test_author_valid (file: Author.test_author_valid.2.fail)

Testsuite summary for patchtest

# TOTAL: 34
# XPASS: 16
# XFAIL: 18
# PASS: 0
# FAIL: 0
# SKIP: 0
# ERROR: 0


Trevor Gamblin (4):
  patchtest: Add tests from patchtest-oe repo
  selftest: remove configurable target
  patchtest: add requirements.txt
  patchtest: Add README.md for selftests

 

[OE-core] [PATCH v2 2/4] patchtest/selftest: remove configurable target

[Trevor Gamblin]

The ability to pass the target (i.e. oe-core) as an argument was a
testing mechanism and isn't needed when the tests are part of the repo,
so remove it and use os.path.dirname to get it instead.

Signed-off-by: Trevor Gamblin 
---
v2 is a simple update to the patch diff reflecting the other changes to
the selftest script.

 meta/lib/patchtest/selftest/selftest | 14 ++
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/meta/lib/patchtest/selftest/selftest 
b/meta/lib/patchtest/selftest/selftest
index c2e6b4863d..ba8e1623ee 100755
--- a/meta/lib/patchtest/selftest/selftest
+++ b/meta/lib/patchtest/selftest/selftest
@@ -15,6 +15,9 @@ patchesdir = os.path.join(currentdir, 'files')
 topdir = os.path.dirname(currentdir)
 parentdir  = os.path.dirname(topdir)
 
+# path to the repo root
+repodir = os.path.dirname(os.path.dirname(parentdir))
+
 def print_results(passcount, skipcount, failcount, xpasscount, xfailcount, 
errorcount):
 total = passcount + skipcount + failcount + xpasscount + xfailcount + 
errorcount
 
print("")
@@ -30,21 +33,16 @@ def print_results(passcount, skipcount, failcount, 
xpasscount, xfailcount, error
 
print("")
 
 # Once the tests are in oe-core, we can remove the testdir param and use 
os.path.dirname to get relative paths
-def test(root, patch, testdir):
+def test(root, patch):
 res = True
 patchpath = os.path.abspath(os.path.join(root, patch))
-
 
-cmd = 'patchtest %s %s/tests --patch %s' % (testdir, topdir, patchpath)
+cmd = 'patchtest %s %s/tests --patch %s' % (repodir, topdir, patchpath)
 results = subprocess.check_output(cmd, stderr=subprocess.STDOUT, 
universal_newlines=True, shell=True)
 
 return results
 
 if __name__ == '__main__':
-# sys.argv[1] should be the repo to target for selftest, i.e. oe-core
-if len(sys.argv) == 1:
-sys.exit("Error: Must provide the path to openembedded-core, e.g. 
\"selftest /workspace/yocto/openembedded-core\"")
-
 passcount = 0
 failcount = 0
 skipcount = 0
@@ -56,7 +54,7 @@ if __name__ == '__main__':
 
 for root, dirs, patches in os.walk(patchesdir):
 for patch in patches:
-results = test(root, patch, sys.argv[1])
+results = test(root, patch)
 
 a = patch.split('.')
 klass, testname = a[0], a[1]
-- 
2.41.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187614): 
https://lists.openembedded.org/g/openembedded-core/message/187614
Mute This Topic: https://lists.openembedded.org/mt/101341525/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [openembedded/openembedded-core] openssh: Move sshdgenkeys.service to sshd.socket (af38a39)

[Alex Kiernan]

Pretty much what they commit says - you avoid the delay in initial connect
at the expense of more CPU up front.


On Wed, 13 Sept 2023, 08:21 pawanbadganchi, 
wrote:

> @akiernan  What problem is this commit
> supposed to solve
>
> —
> Reply to this email directly, view it on GitHub
> ,
> or unsubscribe
> 
> .
> You are receiving this because you were mentioned.Message ID:
>  @github.com>
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187612): 
https://lists.openembedded.org/g/openembedded-core/message/187612
Mute This Topic: https://lists.openembedded.org/mt/101341184/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [Openembedded-architecture] Security processes: YP needs

[Mark Hatle]

On 9/13/23 11:00 AM, Alex Stewart wrote:

Thanks for driving this Marta. Internally and externally, it feels like
we're just on the cusp of everyone *suddenly caring* about our security
response strategy. So it's good to see that we're making moves in that
direction.

In general, this list looks complete to me. I'm primarily interested in
the response coordination, triage, and tracking usecases. Those are the
biggest pain points for my team, at the moment. And that is primarily
driven by a lack of tooling.

More responses inline.

On 9/13/23 07:52, Marta Rybczynska via lists.openembedded.org wrote:

[You don't often get email from rybczynska=gmail@lists.openembedded.org. 
Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ]

Hello,
I've been working recently on collecting what works and what doesn't
in YP security processes. The goal is to go forward and define an
actionable strategy!

Today, I'd like to share with you the summary of what I have heard as
needs from several people (those in Cc:).

I want the community to comment and tell us what you find important
and what you'd like to see added or changed from this list.

* CVEs: Visibility if YP is vulnerable or not

People want to be able to check/look up a specific CVE; it might be a
CVE unrelated to YP
(eg. package not included, Windows issue). The cve-checker result is a
part of the solution, but people also want to know which CVEs do not
apply.


I'm not sure I understand this usecase. Is there a reason those people
can't/won't just lookup the CVE on the NIST site?


Management goes to an engineer and says "Customer XYZ says we need a statement 
if CVE-2024-12345 affects us.  Can you please comment?"


Engineer goes to the Yocto Project "list", and looks the number up and doesn't 
find it.  Does this mean we're affects?  We're not affected?  We were affected, 
but it's been fixed (if so when?), etc?


So then they have to go to NIST, look at the CVE, find the information and do 
the evaluation if Yocto Project is affected.


Instead what (I have observed) is that people who like to go to a single list 
(for Yocto Project) information, look up a CVE and get a clear statement of: 
This affects us, this does not affect us, we did not evaluate it or it was fixed 
by commit XYZ in branch


Then if the item is "not evaluated", they can THEN got to NIST for their own 
evaluation.  This saves a huge amount of time for people who are regularly 
requested to respond to these messages.



* CVEs: synchronization of the work on fixes

Currently, there is no synchronization; multiple parties might be
working on the same fix while nobody is working on another. There
might be duplication of work.
Ross has https://wiki.yoctoproject.org/wiki/CVE_Status


Has there been any discussion of adopting the OpenVEX document standard
that the Chainguard guys are putting together? [1] It seems like the VEX
use-cases align well with our needs around tracking and coordinating CVE
response between YP member and individual developers.

I've been considering it for my internal use for a while. And also
considering replacing the existing cve_check output JSON with OpenVEX,
once it has stabilized.

[1] https://github.com/openvex/spec


* Triaging of security issues

Related to CVE fixes and includes issues reported directly to the YP.
Some issues are more likely to be serious for embedded products
(attack by network), so not all has the same priority.


I'll note here that some of us are sinners and do actually support
network-attached (and internet-attached) embedded devices. :)

But the greater point of OS vendors being able to triage and assign
vendor-specific severities to incoming issues is absolutely important to
my use-cases.


* Private security communication

A way to send a notification of a non-public security issue. For
researchers, other projects etc.
The security alias exists, but only some people know about its existence.

* Visibility of the security work of the YP

There is much work on security in the YP, but it lacks visibility.


Is there a common nexus for this work? eg. do most of the folks who are
doing security work tend to congregate on the security sublist?


Security means different things to different people.  I.e.

1) Secure design
   - Is the system designed to have security services, if so are the defaults 
setup to both be appropriate and also functional?


2) Additional security software
   - i.e. meta-security, what additional software can be available to enhance 
security design/implementation of the system


3) Security (bug) response
   - This is where I see a lack of common nexus for work.  We don't have a good 
place to discuss CVE specific information.  Now the question really is, should 
we have a separate space.  CVEs are just bugs.  Bugs are usually worked on via 
the main mailing list.  So that argument says no, we shouldn't have a special 
list.  BUT the perception is CVEs are "special", so maybe a 

Re: [OE-core] [Openembedded-architecture] Security processes: YP needs

[Alex Stewart]

Thanks for driving this Marta. Internally and externally, it feels like 
we're just on the cusp of everyone *suddenly caring* about our security 
response strategy. So it's good to see that we're making moves in that 
direction.


In general, this list looks complete to me. I'm primarily interested in 
the response coordination, triage, and tracking usecases. Those are the 
biggest pain points for my team, at the moment. And that is primarily 
driven by a lack of tooling.


More responses inline.

On 9/13/23 07:52, Marta Rybczynska via lists.openembedded.org wrote:

[You don't often get email from rybczynska=gmail@lists.openembedded.org. 
Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ]

Hello,
I've been working recently on collecting what works and what doesn't
in YP security processes. The goal is to go forward and define an
actionable strategy!

Today, I'd like to share with you the summary of what I have heard as
needs from several people (those in Cc:).

I want the community to comment and tell us what you find important
and what you'd like to see added or changed from this list.

* CVEs: Visibility if YP is vulnerable or not

People want to be able to check/look up a specific CVE; it might be a
CVE unrelated to YP
(eg. package not included, Windows issue). The cve-checker result is a
part of the solution, but people also want to know which CVEs do not
apply.


I'm not sure I understand this usecase. Is there a reason those people 
can't/won't just lookup the CVE on the NIST site?



* CVEs: synchronization of the work on fixes

Currently, there is no synchronization; multiple parties might be
working on the same fix while nobody is working on another. There
might be duplication of work.
Ross has https://wiki.yoctoproject.org/wiki/CVE_Status


Has there been any discussion of adopting the OpenVEX document standard 
that the Chainguard guys are putting together? [1] It seems like the VEX 
use-cases align well with our needs around tracking and coordinating CVE 
response between YP member and individual developers.


I've been considering it for my internal use for a while. And also 
considering replacing the existing cve_check output JSON with OpenVEX, 
once it has stabilized.


[1] https://github.com/openvex/spec


* Triaging of security issues

Related to CVE fixes and includes issues reported directly to the YP.
Some issues are more likely to be serious for embedded products
(attack by network), so not all has the same priority.


I'll note here that some of us are sinners and do actually support 
network-attached (and internet-attached) embedded devices. :)


But the greater point of OS vendors being able to triage and assign 
vendor-specific severities to incoming issues is absolutely important to 
my use-cases.



* Private security communication

A way to send a notification of a non-public security issue. For
researchers, other projects etc.
The security alias exists, but only some people know about its existence.

* Visibility of the security work of the YP

There is much work on security in the YP, but it lacks visibility.


Is there a common nexus for this work? eg. do most of the folks who are 
doing security work tend to congregate on the security sublist?



* Documentation

Related to visibility. We need easy-to-find documentation of subjects
like submitting a CVE fix,
reporting a private issue, and how our processes work... This
documentation should address people who are not regular contributors.


Very important.


* Additional tooling

We could add additional tooling: a template on how to add cve-check to
the CI (possibly
a different one than the autobuilder), analyze the result, and extend
our tooling to their layers...
It is also related to the "Architecture" topic below.


Can you expand on what you mean here? Is this usecase about extending 
the existing tooling into the generic CI processes that YP members are 
using, or about expanding the tooling in the YP's indigenous CI?



* Architecture work

Security if more than CVE fixes. We also have what is happening in
meta-security: hardening, compiler option,
secure package configuration, use of code coverage tools, and so on

* SRTool

We might decide to use it again. It allows one to do much but requires
constant commitment.


I think I passed over the wiki pages and presentations for SRTool once, 
a while ago. But I didn't pay much attention at the time because it 
wasn't clear *what it did*.


After reviewing it again, I think it might be the kind of tooling I've 
been searching for to help my team coordinate our CVE response work. 
I'll test it out and see if it is something I can use/contribute towards.



* Presence on pre-notification lists and receiving information before
the vulnerability gets public

YP currently depends on public data. Principal distributions receive
the information before
a vulnerability becomes public. It requires (in short) private
reporting, a security team, and a 

Re: [OE-core][PATCH] fetch2: git: Use samestat() instead of path for repo check

[Joshua Watt]

Oops sorry I sent this to the wrong mailing list. Should be
bitbake-devel not openembedded-core

Anyway, this should fix your problem Mikko and Martin

On Wed, Sep 13, 2023 at 9:46 AM Joshua Watt  wrote:
>
> Using path prefixes to check if the git directory is a descendant of the
> clone directory can be easily confused with symlinkes and bind mounts,
> causing directories to be deleted unnecessarily. Instead, use
> os.path.samestat() which is immune to the these sorts of problems. The
> code needs manually check all parent directories until it has recursed
> up to the root to make sure, but in the common case where the
> directories do actually contain the correct git repository, this will
> only run a single iteration.
>
> Signed-off-by: Joshua Watt 
> ---
>  bitbake/lib/bb/fetch2/git.py | 24 +++-
>  1 file changed, 15 insertions(+), 9 deletions(-)
>
> diff --git a/bitbake/lib/bb/fetch2/git.py b/bitbake/lib/bb/fetch2/git.py
> index e11271b757a..5703ba335e0 100644
> --- a/bitbake/lib/bb/fetch2/git.py
> +++ b/bitbake/lib/bb/fetch2/git.py
> @@ -374,19 +374,25 @@ class Git(FetchMethod):
>  # Since clones can be bare, use --absolute-git-dir instead 
> of --show-toplevel
>  output = runfetchcmd("LANG=C %s rev-parse 
> --absolute-git-dir" % ud.basecmd, d, workdir=ud.clonedir)
>
> -toplevel = os.path.abspath(output.rstrip())
> -abs_clonedir = os.path.abspath(ud.clonedir).rstrip('/')
> -# The top level Git directory must either be the clone 
> directory
> -# or a child of the clone directory. Any ancestor directory 
> of
> -# the clone directory is not valid as the Git directory (and
> -# probably belongs to some other unrelated repository), so a
> -# clone is required
> -if os.path.commonprefix([abs_clonedir, toplevel]) != 
> abs_clonedir:
> -logger.warning("Top level directory '%s' doesn't match 
> expected '%s'. Re-cloning", toplevel, ud.clonedir)
> +clonedir_stat = os.stat(ud.clonedir)
> +toplevel = os.path.abspath(output.rstrip()).rstrip("/")
> +check_dir = toplevel
> +
> +while check_dir:
> +check_stat = os.stat(check_dir)
> +if os.path.samestat(check_stat, clonedir_stat):
> +break
> +check_dir = os.path.dirname(check_dir).rstrip("/")
> +
> +if not check_dir:
> +logger.warning("Top level directory '%s' is not a 
> descendant of '%s'. Re-cloning", toplevel, ud.clonedir)
>  needs_clone = True
>  except bb.fetch2.FetchError as e:
>  logger.warning("Unable to get top level for %s (not a git 
> directory?): %s", ud.clonedir, e)
>  needs_clone = True
> +except FileNotFoundError as e:
> +logger.warning("%s", e)
> +needs_clone = True
>
>  if needs_clone:
>  shutil.rmtree(ud.clonedir)
> --
> 2.34.1
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187609): 
https://lists.openembedded.org/g/openembedded-core/message/187609
Mute This Topic: https://lists.openembedded.org/mt/101339809/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][PATCH] fetch2: git: Use samestat() instead of path for repo check

[Joshua Watt]

Using path prefixes to check if the git directory is a descendant of the
clone directory can be easily confused with symlinkes and bind mounts,
causing directories to be deleted unnecessarily. Instead, use
os.path.samestat() which is immune to the these sorts of problems. The
code needs manually check all parent directories until it has recursed
up to the root to make sure, but in the common case where the
directories do actually contain the correct git repository, this will
only run a single iteration.

Signed-off-by: Joshua Watt 
---
 bitbake/lib/bb/fetch2/git.py | 24 +++-
 1 file changed, 15 insertions(+), 9 deletions(-)

diff --git a/bitbake/lib/bb/fetch2/git.py b/bitbake/lib/bb/fetch2/git.py
index e11271b757a..5703ba335e0 100644
--- a/bitbake/lib/bb/fetch2/git.py
+++ b/bitbake/lib/bb/fetch2/git.py
@@ -374,19 +374,25 @@ class Git(FetchMethod):
 # Since clones can be bare, use --absolute-git-dir instead of 
--show-toplevel
 output = runfetchcmd("LANG=C %s rev-parse --absolute-git-dir" 
% ud.basecmd, d, workdir=ud.clonedir)
 
-toplevel = os.path.abspath(output.rstrip())
-abs_clonedir = os.path.abspath(ud.clonedir).rstrip('/')
-# The top level Git directory must either be the clone 
directory
-# or a child of the clone directory. Any ancestor directory of
-# the clone directory is not valid as the Git directory (and
-# probably belongs to some other unrelated repository), so a
-# clone is required
-if os.path.commonprefix([abs_clonedir, toplevel]) != 
abs_clonedir:
-logger.warning("Top level directory '%s' doesn't match 
expected '%s'. Re-cloning", toplevel, ud.clonedir)
+clonedir_stat = os.stat(ud.clonedir)
+toplevel = os.path.abspath(output.rstrip()).rstrip("/")
+check_dir = toplevel
+
+while check_dir:
+check_stat = os.stat(check_dir)
+if os.path.samestat(check_stat, clonedir_stat):
+break
+check_dir = os.path.dirname(check_dir).rstrip("/")
+
+if not check_dir:
+logger.warning("Top level directory '%s' is not a 
descendant of '%s'. Re-cloning", toplevel, ud.clonedir)
 needs_clone = True
 except bb.fetch2.FetchError as e:
 logger.warning("Unable to get top level for %s (not a git 
directory?): %s", ud.clonedir, e)
 needs_clone = True
+except FileNotFoundError as e:
+logger.warning("%s", e)
+needs_clone = True
 
 if needs_clone:
 shutil.rmtree(ud.clonedir)
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187608): 
https://lists.openembedded.org/g/openembedded-core/message/187608
Mute This Topic: https://lists.openembedded.org/mt/101339809/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] The YPS 2023.11 CFP is waiting for you!

[Josef Holzmayr]

Summer vacation is over, so what is the next thing to focus on? Sharing
your The Yocto Project, A Linux Foundation Project Kung-Fu, war stories,
use cases...

And the best place to do so is the Yocto Project Summit 2023.11 - the CFP
is already open. We are eager to read your submissions!

https://summit.yoctoproject.org/yocto-project-summit-2023-11/cfp

Deadline is by Monday, October 2nd 2023

Josef
on behalf of the YPS organization committee

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187607): 
https://lists.openembedded.org/g/openembedded-core/message/187607
Mute This Topic: https://lists.openembedded.org/mt/101339467/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell][PATCH] libxml2: Fix CVE-2023-39615

[Siddharth via lists.openembedded.org]

From: Siddharth Doshi 

Upstream-Status: Backport from 
[https://gitlab.gnome.org/GNOME/libxml2/-/commit/d0c3f01e110d54415611c5fa0040cdf4a56053f9,
 
https://gitlab.gnome.org/GNOME/libxml2/-/commit/235b15a590eecf97b09e87bdb7e4f8333e9de129]
CVE: CVE-2023-39615
Signed-off-by: Siddharth Doshi 
---
 .../libxml/libxml2/CVE-2023-39615-0001.patch  | 36 ++
 .../libxml/libxml2/CVE-2023-39615-0002.patch  | 71 +++
 .../libxml/libxml2/CVE-2023-39615-pre.patch   | 44 
 meta/recipes-core/libxml/libxml2_2.9.10.bb|  3 +
 4 files changed, 154 insertions(+)
 create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2023-39615-0001.patch
 create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2023-39615-0002.patch
 create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2023-39615-pre.patch

diff --git a/meta/recipes-core/libxml/libxml2/CVE-2023-39615-0001.patch 
b/meta/recipes-core/libxml/libxml2/CVE-2023-39615-0001.patch
new file mode 100644
index 00..9689cec67d
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2023-39615-0001.patch
@@ -0,0 +1,36 @@
+From d0c3f01e110d54415611c5fa0040cdf4a56053f9 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer 
+Date: Sat, 6 May 2023 17:47:37 +0200
+Subject: [PATCH] parser: Fix old SAX1 parser with custom callbacks
+
+For some reason, xmlCtxtUseOptionsInternal set the start and end element
+SAX handlers to the internal DOM builder functions when XML_PARSE_SAX1
+was specified. This means that custom SAX handlers could never work with
+that flag because these functions would receive the wrong user data
+argument and crash immediately.
+
+Fixes #535.
+
+Upstream-Status: Backport from 
[https://gitlab.gnome.org/GNOME/libxml2/-/commit/d0c3f01e110d54415611c5fa0040cdf4a56053f9]
+CVE: CVE-2023-39615
+Signed-off-by: Siddharth Doshi 
+---
+ parser.c | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/parser.c b/parser.c
+index 6e09208..7814e6e 100644
+--- a/parser.c
 b/parser.c
+@@ -15156,8 +15156,6 @@ xmlCtxtUseOptionsInternal(xmlParserCtxtPtr ctxt, int 
options, const char *encodi
+ }
+ #ifdef LIBXML_SAX1_ENABLED
+ if (options & XML_PARSE_SAX1) {
+-ctxt->sax->startElement = xmlSAX2StartElement;
+-ctxt->sax->endElement = xmlSAX2EndElement;
+ ctxt->sax->startElementNs = NULL;
+ ctxt->sax->endElementNs = NULL;
+ ctxt->sax->initialized = 1;
+-- 
+2.24.4
+
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2023-39615-0002.patch 
b/meta/recipes-core/libxml/libxml2/CVE-2023-39615-0002.patch
new file mode 100644
index 00..ebd9868fac
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2023-39615-0002.patch
@@ -0,0 +1,71 @@
+From 235b15a590eecf97b09e87bdb7e4f8333e9de129 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer 
+Date: Mon, 8 May 2023 17:58:02 +0200
+Subject: [PATCH] SAX: Always initialize SAX1 element handlers
+
+Follow-up to commit d0c3f01e. A parser context will be initialized to
+SAX version 2, but this can be overridden with XML_PARSE_SAX1 later,
+so we must initialize the SAX1 element handlers as well.
+
+Change the check in xmlDetectSAX2 to only look for XML_SAX2_MAGIC, so
+we don't switch to SAX1 if the SAX2 element handlers are NULL.
+
+Upstream-Status: Backport from 
[https://gitlab.gnome.org/GNOME/libxml2/-/commit/235b15a590eecf97b09e87bdb7e4f8333e9de129]
+CVE: CVE-2023-39615
+Signed-off-by: Siddharth Doshi 
+---
+ SAX2.c   | 11 +++
+ parser.c |  5 +
+ 2 files changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/SAX2.c b/SAX2.c
+index 5f141f9..902d34d 100644
+--- a/SAX2.c
 b/SAX2.c
+@@ -2869,20 +2869,23 @@ xmlSAXVersion(xmlSAXHandler *hdlr, int version)
+ {
+ if (hdlr == NULL) return(-1);
+ if (version == 2) {
+-  hdlr->startElement = NULL;
+-  hdlr->endElement = NULL;
+   hdlr->startElementNs = xmlSAX2StartElementNs;
+   hdlr->endElementNs = xmlSAX2EndElementNs;
+   hdlr->serror = NULL;
+   hdlr->initialized = XML_SAX2_MAGIC;
+ #ifdef LIBXML_SAX1_ENABLED
+ } else if (version == 1) {
+-  hdlr->startElement = xmlSAX2StartElement;
+-  hdlr->endElement = xmlSAX2EndElement;
+   hdlr->initialized = 1;
+ #endif /* LIBXML_SAX1_ENABLED */
+ } else
+ return(-1);
++#ifdef LIBXML_SAX1_ENABLED
++hdlr->startElement = xmlSAX2StartElement;
++hdlr->endElement = xmlSAX2EndElement;
++#else
++hdlr->startElement = NULL;
++hdlr->endElement = NULL;
++#endif /* LIBXML_SAX1_ENABLED */
+ hdlr->internalSubset = xmlSAX2InternalSubset;
+ hdlr->externalSubset = xmlSAX2ExternalSubset;
+ hdlr->isStandalone = xmlSAX2IsStandalone;
+diff --git a/parser.c b/parser.c
+index 7814e6e..cf0fb38 100644
+--- a/parser.c
 b/parser.c
+@@ -1102,10 +1102,7 @@ xmlDetectSAX2(xmlParserCtxtPtr ctxt) {
+ if (ctxt == NULL) return;
+ sax = ctxt->sax;
+ #ifdef LIBXML_SAX1_ENABLED
+-if ((sax) &&  (sax->initialized == XML_SAX2_MAGIC) &&
+-((sax->startElementNs != NULL) ||
+- 

Re: [OE-core][mickledore][PATCH 2/2] qemu: fix CVE-2023-0330

[Steve Sakoman]

Unfortunately this change breaks the qemux86 and qemux86-64 tests on
the autobuilder:

https://errors.yoctoproject.org/Errors/Details/736394/
https://errors.yoctoproject.org/Errors/Details/736395/

In both cases:

Failed: qemux86-64 does not shutdown within timeout(120)

There was recently an issue fixed in the master branch where x86 was
broken after a version upgrade:

https://git.openembedded.org/openembedded-core/commit/?id=3d3fa94ee6d7ea58e3ec64d28bd6414437806cfd

Not sure if it is related, since the commit message indicates "won't
boot" as the symptom and this appears to be a shutdown issue. Perhaps
Richard can comment.

Steve

On Tue, Sep 12, 2023 at 10:02 PM Urade, Yogita via
lists.openembedded.org
 wrote:
>
> From: Yogita Urade 
>
> A DMA-MMIO reentrancy problem may lead to memory corruption bugs
> like stack overflow or use-after-free.
>
> Summary of the problem from Peter Maydell:
> https://lore.kernel.org/qemu-devel/cafeaca_23vc7he3iam-jva6w38lk4hjowae5kcknhprd5fp...@mail.gmail.com
>
> Reference:
> https://gitlab.com/qemu-project/qemu/-/issues/556
>
> qemu.git$ git log --no-merges --oneline   --grep CVE-2023-0330
> b987718bbb hw/scsi/lsi53c895a: Fix reentrancy issues in the LSI controller 
> (CVE-2023-0330)
> a2e1753b80 memory: prevent dma-reentracy issues
>
> Included second commit as well as commit log of a2e1753b80 says it
> resolves CVE-2023-0330
>
> Signed-off-by: Yogita Urade 
> ---
>  meta/recipes-devtools/qemu/qemu.inc   |   3 +-
>  ...23-0330.patch => CVE-2023-0330-0001.patch} |   0
>  .../qemu/qemu/CVE-2023-0330-0002.patch| 136 ++
>  3 files changed, 138 insertions(+), 1 deletion(-)
>  rename meta/recipes-devtools/qemu/qemu/{CVE-2023-0330.patch => 
> CVE-2023-0330-0001.patch} (100%)
>  create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2023-0330-0002.patch
>
> diff --git a/meta/recipes-devtools/qemu/qemu.inc 
> b/meta/recipes-devtools/qemu/qemu.inc
> index 2efe63cdc0..1a50e4d524 100644
> --- a/meta/recipes-devtools/qemu/qemu.inc
> +++ b/meta/recipes-devtools/qemu/qemu.inc
> @@ -36,7 +36,8 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
> file://qemu-guest-agent.init \
> file://qemu-guest-agent.udev \
> file://ppc.patch \
> -  file://CVE-2023-0330.patch \
> +  file://CVE-2023-0330-0001.patch \
> +  file://CVE-2023-0330-0002.patch \
>file://CVE-2023-3301.patch \
>file://CVE-2023-3255.patch \
>file://CVE-2023-2861.patch \
> diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2023-0330.patch 
> b/meta/recipes-devtools/qemu/qemu/CVE-2023-0330-0001.patch
> similarity index 100%
> rename from meta/recipes-devtools/qemu/qemu/CVE-2023-0330.patch
> rename to meta/recipes-devtools/qemu/qemu/CVE-2023-0330-0001.patch
> diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2023-0330-0002.patch 
> b/meta/recipes-devtools/qemu/qemu/CVE-2023-0330-0002.patch
> new file mode 100644
> index 00..a21b01bd25
> --- /dev/null
> +++ b/meta/recipes-devtools/qemu/qemu/CVE-2023-0330-0002.patch
> @@ -0,0 +1,136 @@
> +From a2e1753b8054344f32cf94f31c6399a58794a380 Mon Sep 17 00:00:00 2001
> +From: Alexander Bulekov 
> +Date: Tue, 12 Sep 2023 10:49:46 +
> +Subject: [PATCH] memory: prevent dma-reentracy issues
> +
> +Add a flag to the DeviceState, when a device is engaged in PIO/MMIO/DMA.
> +This flag is set/checked prior to calling a device's MemoryRegion
> +handlers, and set when device code initiates DMA.  The purpose of this
> +flag is to prevent two types of DMA-based reentrancy issues:
> +
> +1.) mmio -> dma -> mmio case
> +2.) bh -> dma write -> mmio case
> +
> +These issues have led to problems such as stack-exhaustion and
> +use-after-frees.
> +
> +Summary of the problem from Peter Maydell:
> +https://lore.kernel.org/qemu-devel/cafeaca_23vc7he3iam-jva6w38lk4hjowae5kcknhprd5fp...@mail.gmail.com
> +
> +Resolves: https://gitlab.com/qemu-project/qemu/-/issues/62
> +Resolves: https://gitlab.com/qemu-project/qemu/-/issues/540
> +Resolves: https://gitlab.com/qemu-project/qemu/-/issues/541
> +Resolves: https://gitlab.com/qemu-project/qemu/-/issues/556
> +Resolves: https://gitlab.com/qemu-project/qemu/-/issues/557
> +Resolves: https://gitlab.com/qemu-project/qemu/-/issues/827
> +Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1282
> +Resolves: CVE-2023-0330
> +
> +Signed-off-by: Alexander Bulekov 
> +Reviewed-by: Thomas Huth 
> +Message-Id: <20230427211013.2994127-2-alx...@bu.edu>
> +[thuth: Replace warn_report() with warn_report_once()]
> +Signed-off-by: Thomas Huth 
> +
> +CVE: CVE-2023-0330
> +
> +Upstream-Status: Backport 
> [https://gitlab.com/qemu-project/qemu/-/commit/a2e1753b8054344f32cf94f31c6399a58794a380]
> +
> +Signed-off-by: Yogita Urade 
> +---
> + include/exec/memory.h  |  5 +
> + include/hw/qdev-core.h |  7 +++
> + softmmu/memory.c   | 16 
> + 3 files changed, 28 insertions(+)
> +
> +diff --git a/include/exec/memory.h 

[OE-core] [kirkstone][PATCH] tcl: prevent installing another copy of tzdata

[Martin Jansa]

From: Martin Jansa 

It checks build host filesystem and if it doesn't find UTC or GMT
files it installs another copy of tzdata files in:
/usr/lib/tcl8.6/tzdata

Buildhistory shows the difference:
-PKGSIZE = 2227075
+PKGSIZE = 3433088

See the autodetection in configure.in:
  #
  #   Check whether the timezone data is supplied by the OS or has
  #   to be installed by Tcl. The default is autodetection, but can
  #   be overridden on the configure command line either way.
  #

  AC_MSG_CHECKING([for timezone data])
  AC_ARG_WITH(tzdata,
  AC_HELP_STRING([--with-tzdata],
  [install timezone data (default: autodetect)]),
  [tcl_ok=$withval], [tcl_ok=auto])

  #
  # Any directories that get added here must also be added to the
  # search path in ::tcl::clock::Initialize (library/clock.tcl).
  #
  case $tcl_ok in
  no)
  AC_MSG_RESULT([supplied by OS vendor])
  ;;
  yes)
  # nothing to do here
  ;;
  auto*)
  AC_CACHE_VAL([tcl_cv_dir_zoneinfo], [
  for dir in /usr/share/zoneinfo \
  /usr/share/lib/zoneinfo \
  /usr/lib/zoneinfo
  do
  if test -f $dir/UTC -o -f $dir/GMT
  then
  tcl_cv_dir_zoneinfo="$dir"
  break
  fi
  done])
  if test -n "$tcl_cv_dir_zoneinfo"; then
  tcl_ok=no
  AC_MSG_RESULT([$dir])
  else
  tcl_ok=yes
  fi
  ;;
  *)
  AC_MSG_ERROR([invalid argument: $tcl_ok])
  ;;
  esac
  if test $tcl_ok = yes
  then
  AC_MSG_RESULT([supplied by Tcl])
  INSTALL_TZDATA=install-tzdata
  fi

Signed-off-by: Martin Jansa 
Signed-off-by: Alexandre Belloni 
Signed-off-by: Richard Purdie 
(cherry picked from commit 3ace9fbfeb42ebf920812e3dd6d665b8b20a1ca0)
Signed-off-by: Steve Sakoman 
---
 meta/recipes-devtools/tcltk/tcl_8.6.11.bb | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/meta/recipes-devtools/tcltk/tcl_8.6.11.bb 
b/meta/recipes-devtools/tcltk/tcl_8.6.11.bb
index 9f6b003ffb..b591671868 100644
--- a/meta/recipes-devtools/tcltk/tcl_8.6.11.bb
+++ b/meta/recipes-devtools/tcltk/tcl_8.6.11.bb
@@ -44,6 +44,12 @@ inherit autotools ptest binconfig
 AUTOTOOLS_SCRIPT_PATH = "${S}/unix"
 EXTRA_OECONF = "--enable-threads --disable-rpath --enable-man-suffix"
 
+# Prevent installing copy of tzdata based on tzdata installation on the build 
host
+# It doesn't install tzdata if one of the following files exist on the host:
+# /usr/share/zoneinfo/UTC /usr/share/zoneinfo/GMT /usr/share/lib/zoneinfo/UTC 
/usr/share/lib/zoneinfo/GMT /usr/lib/zoneinfo/UTC /usr/lib/zoneinfo/GMT
+# otherwise "/usr/lib/tcl8.6/tzdata" is included in tcl package
+EXTRA_OECONF += "--with-tzdata=no"
+
 do_install() {
autotools_do_install
oe_runmake 'DESTDIR=${D}' install-private-headers
-- 
2.42.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187604): 
https://lists.openembedded.org/g/openembedded-core/message/187604
Mute This Topic: https://lists.openembedded.org/mt/101338317/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone 8/8] yocto-uninative: Update to 4.3

[Steve Sakoman]

From: Michael Halstead 

Add in stable updates to glibc 2.38 to fix malloc bugs

Signed-off-by: Michael Halstead 
Signed-off-by: Richard Purdie 
(cherry picked from commit 39f987fcb20ad7c0e45425b9f508d463c50ce0c1)
Signed-off-by: Steve Sakoman 
---
 meta/conf/distro/include/yocto-uninative.inc | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/meta/conf/distro/include/yocto-uninative.inc 
b/meta/conf/distro/include/yocto-uninative.inc
index 6596c0f4a2..eaa3e9b31c 100644
--- a/meta/conf/distro/include/yocto-uninative.inc
+++ b/meta/conf/distro/include/yocto-uninative.inc
@@ -7,9 +7,9 @@
 #
 
 UNINATIVE_MAXGLIBCVERSION = "2.38"
-UNINATIVE_VERSION = "4.2"
+UNINATIVE_VERSION = "4.3"
 
 UNINATIVE_URL ?= 
"http://downloads.yoctoproject.org/releases/uninative/${UNINATIVE_VERSION}/;
-UNINATIVE_CHECKSUM[aarch64] ?= 
"cff40e7bdde50aeda06707af8c001796a71b4cf33c5ae1616e5c47943ff6b94e"
-UNINATIVE_CHECKSUM[i686] ?= 
"a70516447e9a9f1465ffaf1c7f89e79d1692d2356d86fd2a5a63acd908db1ff2"
-UNINATIVE_CHECKSUM[x86_64] ?= 
"6a86d71eeafba4fefec600c9bf8cf4a01324d1eb52788b6e398d3f23c10d19fb"
+UNINATIVE_CHECKSUM[aarch64] ?= 
"8df05f4a41455018b4303b2e0ea4eac5c960b5a13713f6dbb33dfdb3e32753ec"
+UNINATIVE_CHECKSUM[i686] ?= 
"bea76b4a97c9ba0077c0dd1295f519cd599dbf71f0ca1c964471c4cdb043addd"
+UNINATIVE_CHECKSUM[x86_64] ?= 
"1c35f09a75c4096749bbe1e009df4e3968cde151424062cf4aa3ed89db22b030"
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187603): 
https://lists.openembedded.org/g/openembedded-core/message/187603
Mute This Topic: https://lists.openembedded.org/mt/101338063/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone 7/8] gdb: Fix CVE-2023-39128

[Steve Sakoman]

From: Siddharth Doshi 

Note: The Fix needs to be pushed in gdb rather than bintuils-gdb as we are
disabling gdb in binutils configure.

Upstream-Status: Backport from 
[https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=033bc52bb6190393c8eed80925fa78cc35b40c6d]
CVE: CVE-2023-39128
Signed-off-by: Siddharth Doshi 
Signed-off-by: Steve Sakoman 
---
 meta/recipes-devtools/gdb/gdb.inc |  1 +
 .../gdb/gdb/0011-CVE-2023-39128.patch | 75 +++
 2 files changed, 76 insertions(+)
 create mode 100644 meta/recipes-devtools/gdb/gdb/0011-CVE-2023-39128.patch

diff --git a/meta/recipes-devtools/gdb/gdb.inc 
b/meta/recipes-devtools/gdb/gdb.inc
index 649ee28727..099bd2d8f5 100644
--- a/meta/recipes-devtools/gdb/gdb.inc
+++ b/meta/recipes-devtools/gdb/gdb.inc
@@ -14,5 +14,6 @@ SRC_URI = "${GNU_MIRROR}/gdb/gdb-${PV}.tar.xz \
file://0008-resolve-restrict-keyword-conflict.patch \
file://0009-Fix-invalid-sigprocmask-call.patch \
file://0010-gdbserver-ctrl-c-handling.patch \
+   file://0011-CVE-2023-39128.patch \
"
 SRC_URI[sha256sum] = 
"1497c36a71881b8671a9a84a0ee40faab788ca30d7ba19d8463c3cc787152e32"
diff --git a/meta/recipes-devtools/gdb/gdb/0011-CVE-2023-39128.patch 
b/meta/recipes-devtools/gdb/gdb/0011-CVE-2023-39128.patch
new file mode 100644
index 00..53b49cb21d
--- /dev/null
+++ b/meta/recipes-devtools/gdb/gdb/0011-CVE-2023-39128.patch
@@ -0,0 +1,75 @@
+From 033bc52bb6190393c8eed80925fa78cc35b40c6d Mon Sep 17 00:00:00 2001
+From: Tom Tromey 
+Date: Wed, 16 Aug 2023 11:29:19 -0600
+Subject: [PATCH] Avoid buffer overflow in ada_decode
+
+A bug report pointed out a buffer overflow in ada_decode, which Keith
+helpfully analyzed.  ada_decode had a logic error when the input was
+all digits.  While this isn't valid -- and would probably only appear
+in fuzzer tests -- it still should be handled properly.
+
+This patch adds a missing bounds check.  Tested with the self-tests in
+an asan build.
+
+Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=30639
+Reviewed-by: Keith Seitz 
+
+Upstream-Status: Backport from 
[https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=033bc52bb6190393c8eed80925fa78cc35b40c6d]
   
+CVE: CVE-2023-39128
+Signed-off-by: Siddharth Doshi 
+---
+ gdb/ada-lang.c | 19 ++-
+ 1 file changed, 18 insertions(+), 1 deletion(-)
+
+diff --git a/gdb/ada-lang.c b/gdb/ada-lang.c
+index 70a2b44..f682302 100644
+--- a/gdb/ada-lang.c
 b/gdb/ada-lang.c
+@@ -57,6 +57,7 @@
+ #include "cli/cli-utils.h"
+ #include "gdbsupport/function-view.h"
+ #include "gdbsupport/byte-vector.h"
++#include "gdbsupport/selftest.h"
+ #include 
+ #include "ada-exp.h"
+ 
+@@ -1057,7 +1058,7 @@ ada_decode (const char *encoded, bool wrap)
+   i -= 1;
+   if (i > 1 && encoded[i] == '_' && encoded[i - 1] == '_')
+   len0 = i - 1;
+-  else if (encoded[i] == '$')
++  else if (i >= 0 && encoded[i] == '$')
+   len0 = i;
+ }
+ 
+@@ -1225,6 +1226,18 @@ ada_decode (const char *encoded, bool wrap)
+   return decoded;
+ }
+ 
++#ifdef GDB_SELF_TEST
++
++static void
++ada_decode_tests ()
++{
++  /* This isn't valid, but used to cause a crash.  PR gdb/30639.  The
++ result does not really matter very much.  */
++  SELF_CHECK (ada_decode ("44") == "44");
++}
++
++#endif
++
+ /* Table for keeping permanent unique copies of decoded names.  Once
+allocated, names in this table are never released.  While this is a
+storage leak, it should not be significant unless there are massive
+@@ -13497,4 +13510,8 @@ DWARF attribute."),
+   gdb::observers::new_objfile.attach (ada_new_objfile_observer, "ada-lang");
+   gdb::observers::free_objfile.attach (ada_free_objfile_observer, "ada-lang");
+   gdb::observers::inferior_exit.attach (ada_inferior_exit, "ada-lang");
++
++#ifdef GDB_SELF_TEST
++  selftests::register_test ("ada-decode", ada_decode_tests);
++#endif
+ }
+-- 
+2.35.7
+
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187602): 
https://lists.openembedded.org/g/openembedded-core/message/187602
Mute This Topic: https://lists.openembedded.org/mt/101338061/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone 6/8] webkitgtk: fix CVE-2022-48503

[Steve Sakoman]

From: Yogita Urade 

The issue was addressed with improved bounds checks. This issue
is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6,
macOS Monterey 12.5, Safari 15.6. Processing web content may
lead to arbitrary code execution.

References:
https://nvd.nist.gov/vuln/detail/CVE-2022-48503
https://support.apple.com/en-us/HT213340
https://bugs.webkit.org/show_bug.cgi?id=241931

Signed-off-by: Yogita Urade 
Signed-off-by: Steve Sakoman 
---
 .../webkit/webkitgtk/CVE-2022-48503.patch | 225 ++
 meta/recipes-sato/webkit/webkitgtk_2.36.8.bb  |   1 +
 2 files changed, 226 insertions(+)
 create mode 100644 meta/recipes-sato/webkit/webkitgtk/CVE-2022-48503.patch

diff --git a/meta/recipes-sato/webkit/webkitgtk/CVE-2022-48503.patch 
b/meta/recipes-sato/webkit/webkitgtk/CVE-2022-48503.patch
new file mode 100644
index 00..b67751736d
--- /dev/null
+++ b/meta/recipes-sato/webkit/webkitgtk/CVE-2022-48503.patch
@@ -0,0 +1,225 @@
+From 612c245823a515c8c70c2ad486957bd8a850f0f9 Mon Sep 17 00:00:00 2001
+From: Yusuke Suzuki 
+Date: Tue, 5 Sep 2023 08:40:19 +
+Subject: [PATCH] [JSC] Refactor wasm section ordering code
+ https://bugs.webkit.org/show_bug.cgi?id=241931 rdar://83326477
+
+Reviewed by Keith Miller.
+
+This patch refactors existing validateOrder code since it is too adhoc right 
now.
+
+* Source/JavaScriptCore/wasm/WasmModuleInformation.h:
+(JSC::Wasm::ModuleInformation::dataSegmentsCount const):
+* Source/JavaScriptCore/wasm/WasmSectionParser.cpp:
+(JSC::Wasm::SectionParser::parseData):
+(JSC::Wasm::SectionParser::parseDataCount):
+* Source/JavaScriptCore/wasm/WasmSectionParser.h:
+* Source/JavaScriptCore/wasm/WasmSections.h:
+(JSC::Wasm::orderingNumber):
+(JSC::Wasm::isKnownSection):
+(JSC::Wasm::validateOrder):
+(JSC::Wasm::makeString):
+* Source/JavaScriptCore/wasm/WasmStreamingParser.cpp:
+(JSC::Wasm::StreamingParser::parseSectionPayload):
+(JSC::Wasm::StreamingParser::finalize):
+
+Canonical link: https://commits.webkit.org/251800@main
+
+CVE: CVE-2022-48503
+
+Upstream-Status: Backport 
[https://github.com/WebKit/WebKit/commit/612c245823a515c8c70c2ad486957bd8a850f0f9]
+
+Signed-off-by: Yogita Urade 
+---
+ .../wasm/WasmModuleInformation.h  |  4 +-
+ .../JavaScriptCore/wasm/WasmSectionParser.cpp |  3 ++
+ .../JavaScriptCore/wasm/WasmSectionParser.h   |  2 +-
+ Source/JavaScriptCore/wasm/WasmSections.h | 52 +++
+ .../wasm/WasmStreamingParser.cpp  | 11 +++-
+ 5 files changed, 45 insertions(+), 27 deletions(-)
+
+diff --git a/Source/JavaScriptCore/wasm/WasmModuleInformation.h 
b/Source/JavaScriptCore/wasm/WasmModuleInformation.h
+index ae6bbeed..f9f1baf7 100644
+--- a/Source/JavaScriptCore/wasm/WasmModuleInformation.h
 b/Source/JavaScriptCore/wasm/WasmModuleInformation.h
+@@ -86,7 +86,7 @@ struct ModuleInformation : public 
ThreadSafeRefCounted {
+ uint32_t memoryCount() const { return memory ? 1 : 0; }
+ uint32_t tableCount() const { return tables.size(); }
+ uint32_t elementCount() const { return elements.size(); }
+-uint32_t dataSegmentsCount() const { return numberOfDataSegments; }
++uint32_t dataSegmentsCount() const { return 
numberOfDataSegments.value_or(0); }
+
+ const TableInformation& table(unsigned index) const { return 
tables[index]; }
+
+@@ -131,7 +131,7 @@ struct ModuleInformation : public 
ThreadSafeRefCounted {
+ Vector customSections;
+ Ref nameSection;
+ BranchHints branchHints;
+-uint32_t numberOfDataSegments { 0 };
++std::optional numberOfDataSegments;
+
+ BitVector m_declaredFunctions;
+ BitVector m_declaredExceptions;
+diff --git a/Source/JavaScriptCore/wasm/WasmSectionParser.cpp 
b/Source/JavaScriptCore/wasm/WasmSectionParser.cpp
+index 5b511811..c55ee3c0 100644
+--- a/Source/JavaScriptCore/wasm/WasmSectionParser.cpp
 b/Source/JavaScriptCore/wasm/WasmSectionParser.cpp
+@@ -768,6 +768,8 @@ auto SectionParser::parseData() -> PartialResult
+ uint32_t segmentCount;
+ WASM_PARSER_FAIL_IF(!parseVarUInt32(segmentCount), "can't get Data 
section's count");
+ WASM_PARSER_FAIL_IF(segmentCount > maxDataSegments, "Data section's count 
is too big ", segmentCount, " maximum ", maxDataSegments);
++if (m_info->numberOfDataSegments)
++WASM_PARSER_FAIL_IF(segmentCount != 
m_info->numberOfDataSegments.value(), "Data section's count ", segmentCount, " 
is different from Data Count section's count ", 
m_info->numberOfDataSegments.value());
+ WASM_PARSER_FAIL_IF(!m_info->data.tryReserveCapacity(segmentCount), 
"can't allocate enough memory for Data section's ", segmentCount, " segments");
+
+ for (uint32_t segmentNumber = 0; segmentNumber < segmentCount; 
++segmentNumber) {
+@@ -847,6 +849,7 @@ auto SectionParser::parseDataCount() -> PartialResult
+ {
+ uint32_t numberOfDataSegments;
+ WASM_PARSER_FAIL_IF(!parseVarUInt32(numberOfDataSegments), "can't get 
Data Count section's count");
++

[OE-core][kirkstone 5/8] flac: fix CVE-2020-22219

[Steve Sakoman]

From: Meenali Gupta 

Buffer Overflow vulnerability in function bitwriter_grow_ in flac before
1.4.0 allows remote attackers to run arbitrary code via crafted input to
the encoder.

Signed-off-by: Meenali Gupta 
Signed-off-by: Steve Sakoman 
---
 .../flac/files/CVE-2020-22219.patch   | 197 ++
 meta/recipes-multimedia/flac/flac_1.3.4.bb|   1 +
 2 files changed, 198 insertions(+)
 create mode 100644 meta/recipes-multimedia/flac/files/CVE-2020-22219.patch

diff --git a/meta/recipes-multimedia/flac/files/CVE-2020-22219.patch 
b/meta/recipes-multimedia/flac/files/CVE-2020-22219.patch
new file mode 100644
index 00..e042872dc0
--- /dev/null
+++ b/meta/recipes-multimedia/flac/files/CVE-2020-22219.patch
@@ -0,0 +1,197 @@
+From 579ff6922089cbbbd179619e40e622e279bd719f Mon Sep 17 00:00:00 2001
+From: Martijn van Beurden 
+Date: Wed, 3 Aug 2022 13:52:19 +0200
+Subject: [PATCH] flac: Add and use _nofree variants of safe_realloc functions
+
+Parts of the code use realloc like
+
+x = safe_realloc(x, somesize);
+
+when this is the case, the safe_realloc variant used must free the
+old memory block in case it fails, otherwise it will leak. However,
+there are also instances in the code where handling is different:
+
+if (0 == (x = safe_realloc(y, somesize)))
+return false
+
+in this case, y should not be freed, as y is not set to NULL we
+could encounter double frees. Here the safe_realloc_nofree
+functions are used.
+
+Upstream-Status: Backport 
[https://github.com/xiph/flac/commit/21fe95ee828b0b9b944f6aa0bb02d24fbb981815]
+CVE: CVE-2020-22219
+
+Signed-off-by: Meenali Gupta 
+---
+ include/share/alloc.h | 41 +++
+ src/flac/encode.c |  4 ++--
+ src/flac/foreign_metadata.c   |  2 +-
+ src/libFLAC/bitwriter.c   |  2 +-
+ src/libFLAC/metadata_object.c |  2 +-
+ src/plugin_common/tags.c  |  2 +-
+ src/share/utf8/iconvert.c |  2 +-
+ 7 files changed, 44 insertions(+), 11 deletions(-)
+
+diff --git a/include/share/alloc.h b/include/share/alloc.h
+index 914de9b..55bdd1d 100644
+--- a/include/share/alloc.h
 b/include/share/alloc.h
+@@ -161,17 +161,30 @@ static inline void *safe_realloc_(void *ptr, size_t size)
+   free(oldptr);
+   return newptr;
+ }
+-static inline void *safe_realloc_add_2op_(void *ptr, size_t size1, size_t 
size2)
++static inline void *safe_realloc_nofree_add_2op_(void *ptr, size_t size1, 
size_t size2)
++{
++  size2 += size1;
++  if(size2 < size1)
++  return 0;
++  return realloc(ptr, size2);
++}
++
++static inline void *safe_realloc_add_3op_(void *ptr, size_t size1, size_t 
size2, size_t size3)
+ {
+   size2 += size1;
+   if(size2 < size1) {
+   free(ptr);
+   return 0;
+   }
+-  return realloc(ptr, size2);
++  size3 += size2;
++  if(size3 < size2) {
++  free(ptr);
++  return 0;
++  }
++  return safe_realloc_(ptr, size3);
+ }
+
+-static inline void *safe_realloc_add_3op_(void *ptr, size_t size1, size_t 
size2, size_t size3)
++static inline void *safe_realloc_nofree_add_3op_(void *ptr, size_t size1, 
size_t size2, size_t size3)
+ {
+   size2 += size1;
+   if(size2 < size1)
+@@ -182,7 +195,7 @@ static inline void *safe_realloc_add_3op_(void *ptr, 
size_t size1, size_t size2,
+   return realloc(ptr, size3);
+ }
+
+-static inline void *safe_realloc_add_4op_(void *ptr, size_t size1, size_t 
size2, size_t size3, size_t size4)
++static inline void *safe_realloc_nofree_add_4op_(void *ptr, size_t size1, 
size_t size2, size_t size3, size_t size4)
+ {
+   size2 += size1;
+   if(size2 < size1)
+@@ -205,6 +218,15 @@ static inline void *safe_realloc_mul_2op_(void *ptr, 
size_t size1, size_t size2)
+   return safe_realloc_(ptr, size1*size2);
+ }
+
++static inline void *safe_realloc_nofree_mul_2op_(void *ptr, size_t size1, 
size_t size2)
++{
++  if(!size1 || !size2)
++  return realloc(ptr, 0); /* preserve POSIX realloc(ptr, 0) 
semantics */
++  if(size1 > SIZE_MAX / size2)
++  return 0;
++  return realloc(ptr, size1*size2);
++}
++
+ /* size1 * (size2 + size3) */
+ static inline void *safe_realloc_muladd2_(void *ptr, size_t size1, size_t 
size2, size_t size3)
+ {
+@@ -216,4 +238,15 @@ static inline void *safe_realloc_muladd2_(void *ptr, 
size_t size1, size_t size2,
+   return safe_realloc_mul_2op_(ptr, size1, size2);
+ }
+
++/* size1 * (size2 + size3) */
++static inline void *safe_realloc_nofree_muladd2_(void *ptr, size_t size1, 
size_t size2, size_t size3)
++{
++  if(!size1 || (!size2 && !size3))
++  return realloc(ptr, 0); /* preserve POSIX realloc(ptr, 0) 
semantics */
++  size2 += size3;
++  if(size2 < size3)
++  return 0;
++  return safe_realloc_nofree_mul_2op_(ptr, size1, size2);
++}
++
+ #endif
+diff --git a/src/flac/encode.c b/src/flac/encode.c
+index a9b907f..f87250c 100644
+--- 

[OE-core][kirkstone 3/8] qemu: fix CVE-2021-3638

[Steve Sakoman]

From: Yogita Urade 

QEMU: ati-vga: inconsistent check in ati_2d_blt() may lead to
out-of-bounds write.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2021-3638
https://lists.nongnu.org/archive/html/qemu-devel/2021-09/msg01682.html

Signed-off-by: Yogita Urade 
Signed-off-by: Steve Sakoman 
---
 meta/recipes-devtools/qemu/qemu.inc   |  1 +
 .../qemu/qemu/CVE-2021-3638.patch | 88 +++
 2 files changed, 89 insertions(+)
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-3638.patch

diff --git a/meta/recipes-devtools/qemu/qemu.inc 
b/meta/recipes-devtools/qemu/qemu.inc
index d77c376bb6..5526eacb96 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -100,6 +100,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
   file://CVE-2020-14394.patch \
   file://CVE-2023-3354.patch \
   file://CVE-2023-3180.patch \
+  file://CVE-2021-3638.patch \
"
 UPSTREAM_CHECK_REGEX = "qemu-(?P\d+(\.\d+)+)\.tar"
 
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2021-3638.patch 
b/meta/recipes-devtools/qemu/qemu/CVE-2021-3638.patch
new file mode 100644
index 00..3cbb34c54c
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2021-3638.patch
@@ -0,0 +1,88 @@
+From 205ccfd7a5ec86bd9a5678b8bd157562fc9a1643 Mon Sep 17 00:00:00 2001
+From: Philippe Mathieu-Daudé 
+Date: Thu, 10 Aug 2023 07:30:54 +
+Subject: [PATCH] hw/display/ati_2d: Fix buffer overflow in ati_2d_blt
+ (CVE-2021-3638) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8
+ Content-Transfer-Encoding: 8bit
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+When building QEMU with DEBUG_ATI defined then running with
+'-device ati-vga,romfile="" -d unimp,guest_errors -trace ati\*'
+we get:
+
+  ati_mm_write 4 0x16c0 DP_CNTL <- 0x1
+  ati_mm_write 4 0x146c DP_GUI_MASTER_CNTL <- 0x2
+  ati_mm_write 4 0x16c8 DP_MIX <- 0xff
+  ati_mm_write 4 0x16c4 DP_DATATYPE <- 0x2
+  ati_mm_write 4 0x224 CRTC_OFFSET <- 0x0
+  ati_mm_write 4 0x142c DST_PITCH_OFFSET <- 0xfe0
+  ati_mm_write 4 0x1420 DST_Y <- 0x3fff
+  ati_mm_write 4 0x1410 DST_HEIGHT <- 0x3fff
+  ati_mm_write 4 0x1588 DST_WIDTH_X <- 0x3fff3fff
+  ati_2d_blt: vram:0x7fff5fa0 addr:0 ds:0x7fff61273800 stride:2560 bpp:32 
rop:0xff
+  ati_2d_blt: 0 0 0, 0 127 0, (0,0) -> (16383,16383) 16383x16383 > ^
+  ati_2d_blt: pixman_fill(dst:0x7fff5fa0, stride:254, bpp:8, x:16383, 
y:16383, w:16383, h:16383, xor:0xff00)
+  Thread 3 "qemu-system-i38" received signal SIGSEGV, Segmentation fault.
+  (gdb) bt
+  #0  0x77f62ce0 in sse2_fill.lto_priv () at /lib64/libpixman-1.so.0
+  #1  0x77f09278 in pixman_fill () at /lib64/libpixman-1.so.0
+  #2  0x57b5a9af in ati_2d_blt (s=0x63128800) at 
hw/display/ati_2d.c:196
+  #3  0x57b4b5a2 in ati_mm_write (opaque=0x63128800, addr=5512, 
data=1073692671, size=4) at hw/display/ati.c:843
+  #4  0x58b90ec4 in memory_region_write_accessor (mr=0x63139cc0, 
addr=5512, ..., size=4, ...) at softmmu/memory.c:492
+
+Commit 584acf34cb0 ("ati-vga: Fix reverse bit blts") introduced
+the local dst_x and dst_y which adjust the (x, y) coordinates
+depending on the direction in the SRCCOPY ROP3 operation, but
+forgot to address the same issue for the PATCOPY, BLACKNESS and
+WHITENESS operations, which also call pixman_fill().
+
+Fix that now by using the adjusted coordinates in the pixman_fill
+call, and update the related debug printf().
+
+Reported-by: Qiang Liu 
+Fixes: 584acf34cb0 ("ati-vga: Fix reverse bit blts")
+Signed-off-by: Philippe Mathieu-Daudé 
+Tested-by: Mauro Matteo Cascella 
+Message-Id: <20210906153103.1661195-1-phi...@redhat.com>
+Signed-off-by: Gerd Hoffmann 
+
+CVE: CVE-2021-3638
+
+Upstream-Status: Backport 
[https://github.com/qemu/qemu/commit/205ccfd7a5ec86bd9a5678b8bd157562fc9a1643]
+
+Signed-off-by: Yogita Urade 
+---
+ hw/display/ati_2d.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/hw/display/ati_2d.c b/hw/display/ati_2d.c
+index 4dc10ea79..692bec91d 100644
+--- a/hw/display/ati_2d.c
 b/hw/display/ati_2d.c
+@@ -84,7 +84,7 @@ void ati_2d_blt(ATIVGAState *s)
+ DPRINTF("%d %d %d, %d %d %d, (%d,%d) -> (%d,%d) %dx%d %c %c\n",
+ s->regs.src_offset, s->regs.dst_offset, s->regs.default_offset,
+ s->regs.src_pitch, s->regs.dst_pitch, s->regs.default_pitch,
+-s->regs.src_x, s->regs.src_y, s->regs.dst_x, s->regs.dst_y,
++s->regs.src_x, s->regs.src_y, dst_x, dst_y,
+ s->regs.dst_width, s->regs.dst_height,
+ (s->regs.dp_cntl & DST_X_LEFT_TO_RIGHT ? '>' : '<'),
+ (s->regs.dp_cntl & DST_Y_TOP_TO_BOTTOM ? 'v' : '^'));
+@@ -180,11 +180,11 @@ void ati_2d_blt(ATIVGAState *s)
+ dst_stride /= sizeof(uint32_t);
+ DPRINTF("pixman_fill(%p, %d, %d, %d, %d, %d, %d, %x)\n",
+ dst_bits, 

[OE-core][kirkstone 4/8] libxml2: Fix CVE-2023-39615

[Steve Sakoman]

From: Soumya Sambu 

Xmlsoft Libxml2 v2.11.0 was discovered to contain a global buffer overflow via
the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability
allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML
file.

References:
https://nvd.nist.gov/vuln/detail/CVE-2023-39615

Signed-off-by: Soumya Sambu 
Signed-off-by: Steve Sakoman 
---
 .../libxml/libxml2/CVE-2023-39615-0001.patch  | 37 ++
 .../libxml/libxml2/CVE-2023-39615-0002.patch  | 72 +++
 meta/recipes-core/libxml/libxml2_2.9.14.bb|  2 +
 3 files changed, 111 insertions(+)
 create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2023-39615-0001.patch
 create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2023-39615-0002.patch

diff --git a/meta/recipes-core/libxml/libxml2/CVE-2023-39615-0001.patch 
b/meta/recipes-core/libxml/libxml2/CVE-2023-39615-0001.patch
new file mode 100644
index 00..3506779c4c
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2023-39615-0001.patch
@@ -0,0 +1,37 @@
+From d0c3f01e110d54415611c5fa0040cdf4a56053f9 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer 
+Date: Sat May 6 17:47:37 2023 +0200
+Subject: [PATCH 1/2] parser: Fix old SAX1 parser with custom callbacks
+
+For some reason, xmlCtxtUseOptionsInternal set the start and end element
+SAX handlers to the internal DOM builder functions when XML_PARSE_SAX1
+was specified. This means that custom SAX handlers could never work with
+that flag because these functions would receive the wrong user data
+argument and crash immediately.
+
+Fixes #535.
+
+CVE: CVE-2023-39615
+
+Upstream-Status: Backport 
[https://gitlab.gnome.org/GNOME/libxml2/-/commit/d0c3f01e110d54415611c5fa0040cdf4a56053f9]
+
+Signed-off-by: Soumya Sambu 
+---
+ parser.c | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/parser.c b/parser.c
+index 0f76577..b781c80 100644
+--- a/parser.c
 b/parser.c
+@@ -15069,8 +15069,6 @@ xmlCtxtUseOptionsInternal(xmlParserCtxtPtr ctxt, int 
options, const char *encodi
+ }
+ #ifdef LIBXML_SAX1_ENABLED
+ if (options & XML_PARSE_SAX1) {
+-ctxt->sax->startElement = xmlSAX2StartElement;
+-ctxt->sax->endElement = xmlSAX2EndElement;
+ ctxt->sax->startElementNs = NULL;
+ ctxt->sax->endElementNs = NULL;
+ ctxt->sax->initialized = 1;
+--
+2.40.0
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2023-39615-0002.patch 
b/meta/recipes-core/libxml/libxml2/CVE-2023-39615-0002.patch
new file mode 100644
index 00..d922ddc730
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2023-39615-0002.patch
@@ -0,0 +1,72 @@
+From 235b15a590eecf97b09e87bdb7e4f8333e9de129 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer 
+Date: Mon May 8 17:58:02 2023 +0200
+Subject: [PATCH 2/2] SAX: Always initialize SAX1 element handlers
+
+Follow-up to commit d0c3f01e. A parser context will be initialized to
+SAX version 2, but this can be overridden with XML_PARSE_SAX1 later,
+so we must initialize the SAX1 element handlers as well.
+
+Change the check in xmlDetectSAX2 to only look for XML_SAX2_MAGIC, so
+we don't switch to SAX1 if the SAX2 element handlers are NULL.
+
+CVE: CVE-2023-39615
+
+Upstream-Status: Backport 
[https://gitlab.gnome.org/GNOME/libxml2/-/commit/235b15a590eecf97b09e87bdb7e4f8333e9de129]
+
+Signed-off-by: Soumya Sambu 
+---
+ SAX2.c   | 11 +++
+ parser.c |  5 +
+ 2 files changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/SAX2.c b/SAX2.c
+index 0319246..f7c77c2 100644
+--- a/SAX2.c
 b/SAX2.c
+@@ -2842,20 +2842,23 @@ xmlSAXVersion(xmlSAXHandler *hdlr, int version)
+ {
+ if (hdlr == NULL) return(-1);
+ if (version == 2) {
+-  hdlr->startElement = NULL;
+-  hdlr->endElement = NULL;
+   hdlr->startElementNs = xmlSAX2StartElementNs;
+   hdlr->endElementNs = xmlSAX2EndElementNs;
+   hdlr->serror = NULL;
+   hdlr->initialized = XML_SAX2_MAGIC;
+ #ifdef LIBXML_SAX1_ENABLED
+ } else if (version == 1) {
+-  hdlr->startElement = xmlSAX2StartElement;
+-  hdlr->endElement = xmlSAX2EndElement;
+   hdlr->initialized = 1;
+ #endif /* LIBXML_SAX1_ENABLED */
+ } else
+ return(-1);
++#ifdef LIBXML_SAX1_ENABLED
++hdlr->startElement = xmlSAX2StartElement;
++hdlr->endElement = xmlSAX2EndElement;
++#else
++hdlr->startElement = NULL;
++hdlr->endElement = NULL;
++#endif /* LIBXML_SAX1_ENABLED */
+ hdlr->internalSubset = xmlSAX2InternalSubset;
+ hdlr->externalSubset = xmlSAX2ExternalSubset;
+ hdlr->isStandalone = xmlSAX2IsStandalone;
+diff --git a/parser.c b/parser.c
+index b781c80..738dbee 100644
+--- a/parser.c
 b/parser.c
+@@ -1109,10 +1109,7 @@ xmlDetectSAX2(xmlParserCtxtPtr ctxt) {
+ if (ctxt == NULL) return;
+ sax = ctxt->sax;
+ #ifdef LIBXML_SAX1_ENABLED
+-if ((sax) &&  (sax->initialized == XML_SAX2_MAGIC) &&
+-((sax->startElementNs != NULL) ||
+- (sax->endElementNs != NULL) ||
+- ((sax->startElement == NULL) && 

[OE-core][kirkstone 2/8] dropbear: fix CVE-2023-36328

[Steve Sakoman]

From: Yogita Urade 

Integer Overflow vulnerability in mp_grow in libtom libtommath before
commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9, allows attackers to
execute arbitrary code and cause a denial of service (DoS).

References:
https://nvd.nist.gov/vuln/detail/CVE-2023-36328
https://github.com/libtom/libtommath/pull/546

Signed-off-by: Yogita Urade 
Signed-off-by: Steve Sakoman 
---
 meta/recipes-core/dropbear/dropbear.inc   |   1 +
 .../dropbear/dropbear/CVE-2023-36328.patch| 144 ++
 2 files changed, 145 insertions(+)
 create mode 100644 meta/recipes-core/dropbear/dropbear/CVE-2023-36328.patch

diff --git a/meta/recipes-core/dropbear/dropbear.inc 
b/meta/recipes-core/dropbear/dropbear.inc
index f3f085b616..e61930f7db 100644
--- a/meta/recipes-core/dropbear/dropbear.inc
+++ b/meta/recipes-core/dropbear/dropbear.inc
@@ -29,6 +29,7 @@ SRC_URI = 
"http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.bz2 \
${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', 
'', d)} \
${@bb.utils.contains('PACKAGECONFIG', 'disable-weak-ciphers', 
'file://dropbear-disable-weak-ciphers.patch', '', d)} \
   file://CVE-2021-36369.patch \
+  file://CVE-2023-36328.patch \
   "
 
 PAM_SRC_URI = "file://0005-dropbear-enable-pam.patch \
diff --git a/meta/recipes-core/dropbear/dropbear/CVE-2023-36328.patch 
b/meta/recipes-core/dropbear/dropbear/CVE-2023-36328.patch
new file mode 100644
index 00..4d8c40f70b
--- /dev/null
+++ b/meta/recipes-core/dropbear/dropbear/CVE-2023-36328.patch
@@ -0,0 +1,144 @@
+From beba892bc0d4e4ded4d667ab1d2a94f4d75109a9 Mon Sep 17 00:00:00 2001
+From: czurnieden 
+Date: Wed, 6 Sep 2023 10:48:58 +
+Subject: [PATCH] Fix possible integer overflow
+
+CVE: CVE-2023-36328
+
+Upstream-Status: Backport 
[https://github.com/libtom/libtommath/commit/beba892bc0d4e4ded4d667ab1d2a94f4d75109a9]
+
+Signed-off-by: Yogita Urade 
+---
+ libtommath/bn_mp_2expt.c| 4 
+ libtommath/bn_mp_grow.c | 4 
+ libtommath/bn_mp_init_size.c| 5 +
+ libtommath/bn_mp_mul_2d.c   | 4 
+ libtommath/bn_s_mp_mul_digs.c   | 4 
+ libtommath/bn_s_mp_mul_digs_fast.c  | 4 
+ libtommath/bn_s_mp_mul_high_digs.c  | 4 
+ libtommath/bn_s_mp_mul_high_digs_fast.c | 4 
+ 8 files changed, 33 insertions(+)
+
+diff --git a/libtommath/bn_mp_2expt.c b/libtommath/bn_mp_2expt.c
+index 0ae3df1..7d4d884 100644
+--- a/libtommath/bn_mp_2expt.c
 b/libtommath/bn_mp_2expt.c
+@@ -12,6 +12,10 @@ mp_err mp_2expt(mp_int *a, int b)
+ {
+mp_errerr;
+
++   if (b < 0) {
++  return MP_VAL;
++   }
++
+/* zero a as per default */
+mp_zero(a);
+
+diff --git a/libtommath/bn_mp_grow.c b/libtommath/bn_mp_grow.c
+index 9e904c5..e7b186c 100644
+--- a/libtommath/bn_mp_grow.c
 b/libtommath/bn_mp_grow.c
+@@ -9,6 +9,10 @@ mp_err mp_grow(mp_int *a, int size)
+int i;
+mp_digit *tmp;
+
++   if (size < 0) {
++  return MP_VAL;
++   }
++
+/* if the alloc size is smaller alloc more ram */
+if (a->alloc < size) {
+   /* reallocate the array a->dp
+diff --git a/libtommath/bn_mp_init_size.c b/libtommath/bn_mp_init_size.c
+index d622687..5fefa96 100644
+--- a/libtommath/bn_mp_init_size.c
 b/libtommath/bn_mp_init_size.c
+@@ -6,6 +6,11 @@
+ /* init an mp_init for a given size */
+ mp_err mp_init_size(mp_int *a, int size)
+ {
++
++   if (size < 0) {
++  return MP_VAL;
++   }
++
+size = MP_MAX(MP_MIN_PREC, size);
+
+/* alloc mem */
+diff --git a/libtommath/bn_mp_mul_2d.c b/libtommath/bn_mp_mul_2d.c
+index 87354de..2744163 100644
+--- a/libtommath/bn_mp_mul_2d.c
 b/libtommath/bn_mp_mul_2d.c
+@@ -9,6 +9,10 @@ mp_err mp_mul_2d(const mp_int *a, int b, mp_int *c)
+mp_digit d;
+mp_err   err;
+
++   if (b < 0) {
++  return MP_VAL;
++   }
++
+/* copy */
+if (a != c) {
+   if ((err = mp_copy(a, c)) != MP_OKAY) {
+diff --git a/libtommath/bn_s_mp_mul_digs.c b/libtommath/bn_s_mp_mul_digs.c
+index 64509d4..2d2f5b0 100644
+--- a/libtommath/bn_s_mp_mul_digs.c
 b/libtommath/bn_s_mp_mul_digs.c
+@@ -16,6 +16,10 @@ mp_err s_mp_mul_digs(const mp_int *a, const mp_int *b, 
mp_int *c, int digs)
+mp_word r;
+mp_digit tmpx, *tmpt, *tmpy;
+
++   if (digs < 0) {
++  return MP_VAL;
++   }
++
+/* can we use the fast multiplier? */
+if ((digs < MP_WARRAY) &&
+(MP_MIN(a->used, b->used) < MP_MAXFAST)) {
+diff --git a/libtommath/bn_s_mp_mul_digs_fast.c 
b/libtommath/bn_s_mp_mul_digs_fast.c
+index b2a287b..d6dd3cc 100644
+--- a/libtommath/bn_s_mp_mul_digs_fast.c
 b/libtommath/bn_s_mp_mul_digs_fast.c
+@@ -26,6 +26,10 @@ mp_err s_mp_mul_digs_fast(const mp_int *a, const mp_int *b, 
mp_int *c, int digs)
+mp_digit W[MP_WARRAY];
+mp_word  _W;
+
++   if (digs < 0) {
++  return MP_VAL;
++   }
++
+/* grow the destination as required */
+if (c->alloc < digs) {
+   if ((err = mp_grow(c, 

[OE-core][kirkstone 1/8] python3-pygments: Fix CVE-2022-40896

[Steve Sakoman]

From: Narpat Mali 

CVE-2022-40896:
A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments
through 2.15.0 via SmithyLexer.

The CVE issue is fixed by 3 different commits between the releases 2.14.0
(for Smithy lexer), 2.15.0 (for SQL+Jinja lexers) and 2.15.1 (for Java
properties) as per: 
https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2/

1. Smithy lexer commit from 2.14.0 release applies successfully on 2.11.2 
version.
Commit: 
https://github.com/pygments/pygments/commit/dd52102c38ebe78cd57748e09f38929fd283ad04
Hence, backported the patch as CVE-2022-40896.patch.

2. SQL+Jinja lexers commit from 2.15.0 release doesn't apply on 2.11.2 version.
Commit: 
https://github.com/pygments/pygments/commit/97eb3d5ec7c1b3ea4fcf9dee30a2309cf92bd194
Actually, this code doesn't exist in 2.11.2 version and it has been introduce by
python3-pygments 2.13.0 version. Hence, this is not vulnerable for 2.11.2 
version.
SQL+Jinja lexers is introduced by: 
https://github.com/pygments/pygments/commit/0bdbd5992baca32d18e01f0ec65337e06abf9456

3. Java properties commit from 2.15.1 release also doesn't apply on 2.11.2 
version.
Commit: 
https://github.com/pygments/pygments/commit/fdf182a7af85b1deeeb637ca970d31935e7c9d52
Actually, this code also doesn't exist in 2.11.2 version as the code has been 
modified
in python3-pygments 2.14.0 by: 
https://github.com/pygments/pygments/commit/a38cb38e93c9635240b3ae89d78d38cf182745da
Hence, this is also not vulnerable for 2.11.2 version.

Signed-off-by: Narpat Mali 
Signed-off-by: Steve Sakoman 
---
 .../python3-pygments/CVE-2022-40896.patch | 124 ++
 .../python/python3-pygments_2.11.2.bb |   2 +
 2 files changed, 126 insertions(+)
 create mode 100644 
meta/recipes-devtools/python/python3-pygments/CVE-2022-40896.patch

diff --git a/meta/recipes-devtools/python/python3-pygments/CVE-2022-40896.patch 
b/meta/recipes-devtools/python/python3-pygments/CVE-2022-40896.patch
new file mode 100644
index 00..9848072a94
--- /dev/null
+++ b/meta/recipes-devtools/python/python3-pygments/CVE-2022-40896.patch
@@ -0,0 +1,124 @@
+From ed61747f328ff6aa343881b269600308ab8eac93 Mon Sep 17 00:00:00 2001
+From: Narpat Mali 
+Date: Wed, 6 Sep 2023 10:32:38 +
+Subject: [PATCH] Improve the Smithy metadata matcher.
+
+Previously, metadata foo bar baz = 23 was accepted, but according to
+the definition 
https://smithy.io/2.0/spec/idl.html#grammar-token-smithy-MetadataSection
+it should be "metadata"Identifier/String.
+
+CVE: CVE-2022-40896
+
+Upstream-Status: Backport 
[https://github.com/pygments/pygments/commit/dd52102c38ebe78cd57748e09f38929fd283ad04]
+
+Signed-off-by: Narpat Mali 
+---
+ pygments/lexers/smithy.py|  5 +-
+ tests/examplefiles/smithy/test.smithy| 12 +
+ tests/examplefiles/smithy/test.smithy.output | 52 
+ 3 files changed, 67 insertions(+), 2 deletions(-)
+
+diff --git a/pygments/lexers/smithy.py b/pygments/lexers/smithy.py
+index 0f0a912..c5e25cd 100644
+--- a/pygments/lexers/smithy.py
 b/pygments/lexers/smithy.py
+@@ -58,8 +58,9 @@ class SmithyLexer(RegexLexer):
+ (words(aggregate_shapes,
+prefix=r'^', suffix=r'(\s+' + identifier + r')'),
+ bygroups(Keyword.Declaration, Name.Class)),
+-(r'^(metadata)(\s+.+)(\s*)(=)',
+-bygroups(Keyword.Declaration, Name.Class, Whitespace, 
Name.Decorator)),
++(r'^(metadata)(\s+)((?:\S+)|(?:\"[^"]+\"))(\s*)(=)',
++bygroups(Keyword.Declaration, Whitespace, Name.Class,
++ Whitespace, Name.Decorator)),
+ (r"(true|false|null)", Keyword.Constant),
+ (r"(-?(?:0|[1-9]\d*)(?:\.\d+)?(?:[eE][+-]?\d+)?)", Number),
+ (identifier + ":", Name.Label),
+diff --git a/tests/examplefiles/smithy/test.smithy 
b/tests/examplefiles/smithy/test.smithy
+index 3d20f06..9317fee 100644
+--- a/tests/examplefiles/smithy/test.smithy
 b/tests/examplefiles/smithy/test.smithy
+@@ -2,6 +2,18 @@ $version: "1.0"
+
+ namespace test
+
++metadata "foo" = ["bar", "baz"]
++metadata validators = [
++{
++name: "ValidatorName"
++id: "ValidatorId"
++message: "Some string"
++configuration: {
++selector: "operation"
++}
++}
++]
++
+ /// Define how an HTTP request is serialized given a specific protocol,
+ /// authentication scheme, and set of input parameters.
+ @trait(selector: "operation")
+diff --git a/tests/examplefiles/smithy/test.smithy.output 
b/tests/examplefiles/smithy/test.smithy.output
+index 1f22489..db44a38 100644
+--- a/tests/examplefiles/smithy/test.smithy.output
 b/tests/examplefiles/smithy/test.smithy.output
+@@ -7,6 +7,58 @@
+ ' test'   Name.Class
+ '\n\n'Text.Whitespace
+
++'metadata'Keyword.Declaration
++' '   Text.Whitespace
++'"foo"'   Name.Class
++' '   Text.Whitespace
++'='   

[OE-core][kirkstone 0/8] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Friday, September 15.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5876

The following changes since commit 47a1dd7f389e3cf4ac2dc5fc21dccc870aafab4a:

  sysklogd: fix integration with systemd-journald (2023-09-05 13:34:12 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Meenali Gupta (1):
  flac: fix CVE-2020-22219

Michael Halstead (1):
  yocto-uninative: Update to 4.3

Narpat Mali (1):
  python3-pygments: Fix CVE-2022-40896

Siddharth Doshi (1):
  gdb: Fix CVE-2023-39128

Soumya Sambu (1):
  libxml2: Fix CVE-2023-39615

Yogita Urade (3):
  dropbear: fix CVE-2023-36328
  qemu: fix CVE-2021-3638
  webkitgtk: fix CVE-2022-48503

 meta/conf/distro/include/yocto-uninative.inc  |   8 +-
 meta/recipes-core/dropbear/dropbear.inc   |   1 +
 .../dropbear/dropbear/CVE-2023-36328.patch| 144 +++
 .../libxml/libxml2/CVE-2023-39615-0001.patch  |  37 +++
 .../libxml/libxml2/CVE-2023-39615-0002.patch  |  72 ++
 meta/recipes-core/libxml/libxml2_2.9.14.bb|   2 +
 meta/recipes-devtools/gdb/gdb.inc |   1 +
 .../gdb/gdb/0011-CVE-2023-39128.patch |  75 ++
 .../python3-pygments/CVE-2022-40896.patch | 124 ++
 .../python/python3-pygments_2.11.2.bb |   2 +
 meta/recipes-devtools/qemu/qemu.inc   |   1 +
 .../qemu/qemu/CVE-2021-3638.patch |  88 +++
 .../flac/files/CVE-2020-22219.patch   | 197 +++
 meta/recipes-multimedia/flac/flac_1.3.4.bb|   1 +
 .../webkit/webkitgtk/CVE-2022-48503.patch | 225 ++
 meta/recipes-sato/webkit/webkitgtk_2.36.8.bb  |   1 +
 16 files changed, 975 insertions(+), 4 deletions(-)
 create mode 100644 meta/recipes-core/dropbear/dropbear/CVE-2023-36328.patch
 create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2023-39615-0001.patch
 create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2023-39615-0002.patch
 create mode 100644 meta/recipes-devtools/gdb/gdb/0011-CVE-2023-39128.patch
 create mode 100644 
meta/recipes-devtools/python/python3-pygments/CVE-2022-40896.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-3638.patch
 create mode 100644 meta/recipes-multimedia/flac/files/CVE-2020-22219.patch
 create mode 100644 meta/recipes-sato/webkit/webkitgtk/CVE-2022-48503.patch

-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187595): 
https://lists.openembedded.org/g/openembedded-core/message/187595
Mute This Topic: https://lists.openembedded.org/mt/101338047/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH 16/17] build-sysroots.bb: run tasks one after the other

[Richard Purdie]

On Wed, 2023-09-13 at 15:00 +0100, Richard Purdie via
lists.openembedded.org wrote:
> On Mon, 2023-09-11 at 17:19 +0200, Alexander Kanavin wrote:
> > On Thu, 7 Sept 2023 at 14:04, Richard Purdie
> >  wrote:
> > > See meta/conf/distro/include/no-static-libs.inc which does things like:
> > > 
> > > meta/conf/distro/include/no-static-libs.inc:DISABLE_STATIC:pn-openssl-native
> > >  = ""
> > > meta/conf/distro/include/no-static-libs.inc:DISABLE_STATIC:pn-nativesdk-openssl
> > >  = ""
> > > 
> > > I wasn't sure how easy the shadow patch would be, that is hopefully the
> > > main tricky part. sqlite-native used to be built allowing static for
> > > pseudo iirc but I don't think we need to do that there any more.
> > 
> > I poked around at passing options from the shadow recipe, but couldn't
> > arrive at a working combination. libtool and automake insert too many
> > abstraction layers on the way to the linker invocation.
> > 
> > So there has to be a custom, most likely non-upstreamable patch for
> > Makefile.am files all over the place, which I think is worse than
> > manually unrolling setscene dependencies.
> 
> I was curious to see if I could make anything work, the best I could
> come up with was this:
> 
> diff --git a/meta/conf/distro/include/no-static-libs.inc 
> b/meta/conf/distro/include/no-static-libs.inc
> index 75359928a14..312629f394c 100644
> --- a/meta/conf/distro/include/no-static-libs.inc
> +++ b/meta/conf/distro/include/no-static-libs.inc
> @@ -30,3 +30,8 @@ EXTRA_OECMAKE:append:pn-libjpeg-turbo-native = " 
> -DENABLE_STATIC=False"
>  EXCONFIG_ARGS:append:pn-ncurses = " --without-normal"
>  EXCONFIG_ARGS:append:pn-ncurses-native = " --without-normal"
>  EXCONFIG_ARGS:append:pn-nativesdk-ncurses = " --without-normal"
> +
> +# Needed so we can statically link shadow-native tools
> +DISABLE_STATIC:pn-attr-native = ""
> +DISABLE_STATIC:pn-libbsd-native = ""
> +DISABLE_STATIC:pn-libmd-native = ""
> diff --git a/meta/recipes-extended/shadow/shadow_4.14.0.bb 
> b/meta/recipes-extended/shadow/shadow_4.14.0.bb
> index 4e554463125..8cd916d01bd 100644
> --- a/meta/recipes-extended/shadow/shadow_4.14.0.bb
> +++ b/meta/recipes-extended/shadow/shadow_4.14.0.bb
> @@ -4,6 +4,14 @@ require shadow.inc
>  # libcrypt. This breaks chsh.
>  BUILD_LDFLAGS:append:class-target = " 
> ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '-lcrypt', '', d)}"
>  
> +# Force static linking of utilities so we can use from the sysroot/sstate 
> for useradd
> +# without worrying about the dependency libraries being available
> +do_compile:prepend:class-native () {
> + sed -i -e 's#\(mode=link.*CCLD.\s*\)#\1-all-static #g' \
> +-e 's#\(LIBS.*-lbsd\)#\1 -lmd#g' \
> +-e 's#\(LIBBSD.*-lbsd\)#\1 -lmd#g' ${B}/*/Makefile
> +}
> +
>  BBCLASSEXTEND = "native nativesdk"
>  
>  # https://bugzilla.redhat.com/show_bug.cgi?id=884658
> 
> which isn't nice but probably isn't too bad to maintain and does give
> us the static tools.

Of course since this removes libc, pseudo no longer works and the
chroot calls inside shadow then fail. Which then brings us to:

+   sed -i -e 's#\(LIBS.*\)-lbsd#\1 ${STAGING_LIBDIR}/libbsd.a 
${STAGING_LIBDIR}/libmd.a#g' \
+  -e 's#\(LIBBSD.*\)-lbsd#\1 ${STAGING_LIBDIR}/libbsd.a 
${STAGING_LIBDIR}/libmd.a#g' ${B}/*/Makefile

instead...

Cheers,

Richard

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187594): 
https://lists.openembedded.org/g/openembedded-core/message/187594
Mute This Topic: https://lists.openembedded.org/mt/101197363/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 2/2] python3-jsonschema: Fix rfc3339 validation dependencies

[Stephan Wurm via lists.openembedded.org]

The project changed its dependency for rfc3339 validation from package
"python3-strict-rfc3339" to package "python3-rfc3339-validation" after
v3.2.0.
But the v4.4.0 recipe in does not reflect this change and still depends
on package "python3-strict-rfc3339" when "format" is set in
PACKAGECONFIG.

Signed-off-by: Stephan Wurm 
---
 meta/recipes-devtools/python/python3-jsonschema_4.4.0.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-devtools/python/python3-jsonschema_4.4.0.bb 
b/meta/recipes-devtools/python/python3-jsonschema_4.4.0.bb
index 92f4a56792..12773ee2cc 100644
--- a/meta/recipes-devtools/python/python3-jsonschema_4.4.0.bb
+++ b/meta/recipes-devtools/python/python3-jsonschema_4.4.0.bb
@@ -16,7 +16,7 @@ PACKAGECONFIG[format] = ",,,\
 ${PYTHON_PN}-jsonpointer \
 ${PYTHON_PN}-webcolors \
 ${PYTHON_PN}-rfc3987 \
-${PYTHON_PN}-strict-rfc3339 \
+${PYTHON_PN}-rfc3339-validator \
 "
 PACKAGECONFIG[nongpl] = ",,,\
 ${PYTHON_PN}-idna \
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187593): 
https://lists.openembedded.org/g/openembedded-core/message/187593
Mute This Topic: https://lists.openembedded.org/mt/101337545/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 1/2] python3-jsonschema: Update homepage URL

[Stephan Wurm via lists.openembedded.org]

Although being redirected from the old URL, adapted HOMEPAGE to reflect
new official URL instead.

Signed-off-by: Stephan Wurm 
---
 meta/recipes-devtools/python/python3-jsonschema_4.4.0.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-devtools/python/python3-jsonschema_4.4.0.bb 
b/meta/recipes-devtools/python/python3-jsonschema_4.4.0.bb
index 10b39e76b2..92f4a56792 100644
--- a/meta/recipes-devtools/python/python3-jsonschema_4.4.0.bb
+++ b/meta/recipes-devtools/python/python3-jsonschema_4.4.0.bb
@@ -1,5 +1,5 @@
 SUMMARY = "An implementation of JSON Schema validation for Python"
-HOMEPAGE = "https://github.com/Julian/jsonschema;
+HOMEPAGE = "https://github.com/python-jsonschema/jsonschema;
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://COPYING;md5=7a60a81c146ec25599a3e1dabb8610a8 \
 file://json/LICENSE;md5=9d4de43111d33570c8fe49b4cb0e01af"
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187592): 
https://lists.openembedded.org/g/openembedded-core/message/187592
Mute This Topic: https://lists.openembedded.org/mt/101337543/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 0/2] python3-jsonschema: Fix rfc3339 validation dependencies in #kirkstone

[Stephan Wurm via lists.openembedded.org]

The project changed its dependency for rfc3339 validation from package
"python3-strict-rfc3339" to package "python3-rfc3339-validation" after
v3.2.0.
But the v4.4.0 recipe in #kirkstone does not reflect this change and
still depends on package "python3-strict-rfc3339" when "format" is set
in PACKAGECONFIG.

Newer branches are not affected; "python3-strict-rfc3339" was even
removed completely.

Stephan Wurm (2):
  python3-jsonschema: Update homepage URL
  python3-jsonschema: Fix rfc3339 validation dependencies

 meta/recipes-devtools/python/python3-jsonschema_4.4.0.bb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187591): 
https://lists.openembedded.org/g/openembedded-core/message/187591
Mute This Topic: https://lists.openembedded.org/mt/101337542/21656
Mute 
#kirkstone:https://lists.openembedded.org/g/openembedded-core/mutehashtag/kirkstone
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH 16/17] build-sysroots.bb: run tasks one after the other

[Richard Purdie]

On Mon, 2023-09-11 at 17:19 +0200, Alexander Kanavin wrote:
> On Thu, 7 Sept 2023 at 14:04, Richard Purdie
>  wrote:
> > See meta/conf/distro/include/no-static-libs.inc which does things like:
> > 
> > meta/conf/distro/include/no-static-libs.inc:DISABLE_STATIC:pn-openssl-native
> >  = ""
> > meta/conf/distro/include/no-static-libs.inc:DISABLE_STATIC:pn-nativesdk-openssl
> >  = ""
> > 
> > I wasn't sure how easy the shadow patch would be, that is hopefully the
> > main tricky part. sqlite-native used to be built allowing static for
> > pseudo iirc but I don't think we need to do that there any more.
> 
> I poked around at passing options from the shadow recipe, but couldn't
> arrive at a working combination. libtool and automake insert too many
> abstraction layers on the way to the linker invocation.
> 
> So there has to be a custom, most likely non-upstreamable patch for
> Makefile.am files all over the place, which I think is worse than
> manually unrolling setscene dependencies.

I was curious to see if I could make anything work, the best I could
come up with was this:

diff --git a/meta/conf/distro/include/no-static-libs.inc 
b/meta/conf/distro/include/no-static-libs.inc
index 75359928a14..312629f394c 100644
--- a/meta/conf/distro/include/no-static-libs.inc
+++ b/meta/conf/distro/include/no-static-libs.inc
@@ -30,3 +30,8 @@ EXTRA_OECMAKE:append:pn-libjpeg-turbo-native = " 
-DENABLE_STATIC=False"
 EXCONFIG_ARGS:append:pn-ncurses = " --without-normal"
 EXCONFIG_ARGS:append:pn-ncurses-native = " --without-normal"
 EXCONFIG_ARGS:append:pn-nativesdk-ncurses = " --without-normal"
+
+# Needed so we can statically link shadow-native tools
+DISABLE_STATIC:pn-attr-native = ""
+DISABLE_STATIC:pn-libbsd-native = ""
+DISABLE_STATIC:pn-libmd-native = ""
diff --git a/meta/recipes-extended/shadow/shadow_4.14.0.bb 
b/meta/recipes-extended/shadow/shadow_4.14.0.bb
index 4e554463125..8cd916d01bd 100644
--- a/meta/recipes-extended/shadow/shadow_4.14.0.bb
+++ b/meta/recipes-extended/shadow/shadow_4.14.0.bb
@@ -4,6 +4,14 @@ require shadow.inc
 # libcrypt. This breaks chsh.
 BUILD_LDFLAGS:append:class-target = " ${@bb.utils.contains('DISTRO_FEATURES', 
'pam', '-lcrypt', '', d)}"
 
+# Force static linking of utilities so we can use from the sysroot/sstate for 
useradd
+# without worrying about the dependency libraries being available
+do_compile:prepend:class-native () {
+   sed -i -e 's#\(mode=link.*CCLD.\s*\)#\1-all-static #g' \
+  -e 's#\(LIBS.*-lbsd\)#\1 -lmd#g' \
+  -e 's#\(LIBBSD.*-lbsd\)#\1 -lmd#g' ${B}/*/Makefile
+}
+
 BBCLASSEXTEND = "native nativesdk"
 
 # https://bugzilla.redhat.com/show_bug.cgi?id=884658

which isn't nice but probably isn't too bad to maintain and does give
us the static tools.

Cheers,

Richard


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187590): 
https://lists.openembedded.org/g/openembedded-core/message/187590
Mute This Topic: https://lists.openembedded.org/mt/101197363/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] mickledore - adding rust tooling to sdk seems to create problematic rustc/cargo executable configurations

[Alexander Kanavin]

Can you try this in a plain poky checkout (to the same revision as in
your setup) with no other layers? Machine qemuarm, image
core-image-minimal. If it works, you have a reference point to compare
with and untangle where the breaking difference is. If it doesn't
work, then I or someone else have a way to reproduce the issue.

Alex

On Tue, 12 Sept 2023 at 23:42, Danny  wrote:
>
> Hi Alex! Thanks for the quick response. I tried removing my 
> `TOOLCHAIN_HOST_TASK` assignment and adding the `SDK_TOOLCHAIN_LANGS` entry 
> but I'm still seeing the error.
>
> fwiw the output from `cargo build --verbose` shows me the `rustc` calls:
>
> ```
> rustc --crate-name omg --edition=2021 src/main.rs --error-format=json 
> --json=diagnostic-rendered-ansi,artifacts,future-incompat 
> --diagnostic-width=157 --crate-type bin --emit=dep-info,link -C 
> embed-bitcode=no -C debuginfo=2 -C metadata=62f339e5c64d61ff -C 
> extra-filename=-62f339e5c64d61ff --out-dir 
> /target/armv7-unknown-linux-gnueabihf/debug/deps --target 
> armv7-unknown-linux-gnueabihf -C linker=target-rust-ccld -C 
> incremental=/target/armv7-unknown-linux-gnueabihf/debug/incremental 
> -L dependency=/target/armv7-unknown-linux-gnueabihf/debug/deps -L 
> dependency=/target/debug/deps 
> --sysroot=/sysroots/cortexa7t2hf-neon-vfpv4-linux-gnueabi/usr -C 
> link-arg=--sysroot=/sysroots/cortexa7t2hf-neon-vfpv4-linux-gnueabi
> ```
> should I be double checking something is available to me in those sysroot 
> paths?
>
>
> On Tue, Sep 12, 2023 at 1:48 PM Alexander Kanavin  
> wrote:
>>
>> On Tue, 12 Sept 2023 at 19:26, Danny Hadley  wrote:
>>
>> > I can provide as much additional information as needed!
>>
>> I think you need to set
>> SDK_TOOLCHAIN_LANGS = "rust"
>> and then things should just work.
>>
>> Alex

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187589): 
https://lists.openembedded.org/g/openembedded-core/message/187589
Mute This Topic: https://lists.openembedded.org/mt/101320020/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [Openembedded-architecture] Security processes: YP needs

[Mikko Rapeli]

Hi,

On Wed, Sep 13, 2023 at 01:52:19PM +0200, Marta Rybczynska wrote:
> Hello,
> I've been working recently on collecting what works and what doesn't
> in YP security processes. The goal is to go forward and define an
> actionable strategy!
> 
> Today, I'd like to share with you the summary of what I have heard as
> needs from several people (those in Cc:).
> 
> I want the community to comment and tell us what you find important
> and what you'd like to see added or changed from this list.

Since most users take poky reference distro and combine it with a number
of open source and closed source BSP and other meta layers and build
systems to produce SW for products, they also need documentation and tooling
so that they can replicate the Yocto Project security processes and use the
available tools.

In the best case downstream users are on poky master branch or one of the 
maintained
LTS branches, but they can also be stuck on a non-LTS branch due to BSP
or other technical, contractual or even purely political reasons. Having a
description of the processes and tools and best practices helps, and if needed
they can for example backport the needed tooling changes to their version to
help or kick off in the maintenance effort, just like how upstream LTS branches 
are
managed.

I think most of the documentation around the tools and processes is in place 
already.
Having maintained and shipped from a non-maintained poky branch, I can just say
thank you to all who participated in the upstream work to get security 
vulnerability
detection and fixing possible!

poky seems well maintained and serves as an example to everyone wether open 
source or not.

That being said, extending the CVE scanning and status tracking work to include 
more
open source layers would be nice both for the maintainers and for the users of 
those
layers. Using some random old branch of meta-foo may not be so safe. Maybe add
this data to layer-index?

Cheers,

-Mikko

> * CVEs: Visibility if YP is vulnerable or not
> 
> People want to be able to check/look up a specific CVE; it might be a
> CVE unrelated to YP
> (eg. package not included, Windows issue). The cve-checker result is a
> part of the solution, but people also want to know which CVEs do not
> apply.
> 
> * CVEs: synchronization of the work on fixes
> 
> Currently, there is no synchronization; multiple parties might be
> working on the same fix while nobody is working on another. There
> might be duplication of work.
> Ross has https://wiki.yoctoproject.org/wiki/CVE_Status
> 
> * Triaging of security issues
> 
> Related to CVE fixes and includes issues reported directly to the YP.
> Some issues are more likely to be serious for embedded products
> (attack by network), so not all has the same priority.
> 
> * Private security communication
> 
> A way to send a notification of a non-public security issue. For
> researchers, other projects etc.
> The security alias exists, but only some people know about its existence.
> 
> * Visibility of the security work of the YP
> 
> There is much work on security in the YP, but it lacks visibility.
> 
> * Documentation
> 
> Related to visibility. We need easy-to-find documentation of subjects
> like submitting a CVE fix,
> reporting a private issue, and how our processes work... This
> documentation should address people who are not regular contributors.
> 
> * Additional tooling
> 
> We could add additional tooling: a template on how to add cve-check to
> the CI (possibly
> a different one than the autobuilder), analyze the result, and extend
> our tooling to their layers...
> It is also related to the "Architecture" topic below.
> 
> * Architecture work
> 
> Security if more than CVE fixes. We also have what is happening in
> meta-security: hardening, compiler option,
> secure package configuration, use of code coverage tools, and so on
> 
> * SRTool
> 
> We might decide to use it again. It allows one to do much but requires
> constant commitment.
> 
> * Presence on pre-notification lists and receiving information before
> the vulnerability gets public
> 
> YP currently depends on public data. Principal distributions receive
> the information before
> a vulnerability becomes public. It requires (in short) private
> reporting, a security team, and a track
> of excellent security record.
> 
> * Becoming a CNA (be able to assign CVEs)
> 
> Needed if we want to assign CVEs to the software of the YP, like
> autobuilder, Toaster etc.
> 
> Kind regards,
> Marta

> 
> 
> 


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187588): 
https://lists.openembedded.org/g/openembedded-core/message/187588
Mute This Topic: https://lists.openembedded.org/mt/101335537/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] Security processes: YP needs

[Marta Rybczynska]

Hello,
I've been working recently on collecting what works and what doesn't
in YP security processes. The goal is to go forward and define an
actionable strategy!

Today, I'd like to share with you the summary of what I have heard as
needs from several people (those in Cc:).

I want the community to comment and tell us what you find important
and what you'd like to see added or changed from this list.

* CVEs: Visibility if YP is vulnerable or not

People want to be able to check/look up a specific CVE; it might be a
CVE unrelated to YP
(eg. package not included, Windows issue). The cve-checker result is a
part of the solution, but people also want to know which CVEs do not
apply.

* CVEs: synchronization of the work on fixes

Currently, there is no synchronization; multiple parties might be
working on the same fix while nobody is working on another. There
might be duplication of work.
Ross has https://wiki.yoctoproject.org/wiki/CVE_Status

* Triaging of security issues

Related to CVE fixes and includes issues reported directly to the YP.
Some issues are more likely to be serious for embedded products
(attack by network), so not all has the same priority.

* Private security communication

A way to send a notification of a non-public security issue. For
researchers, other projects etc.
The security alias exists, but only some people know about its existence.

* Visibility of the security work of the YP

There is much work on security in the YP, but it lacks visibility.

* Documentation

Related to visibility. We need easy-to-find documentation of subjects
like submitting a CVE fix,
reporting a private issue, and how our processes work... This
documentation should address people who are not regular contributors.

* Additional tooling

We could add additional tooling: a template on how to add cve-check to
the CI (possibly
a different one than the autobuilder), analyze the result, and extend
our tooling to their layers...
It is also related to the "Architecture" topic below.

* Architecture work

Security if more than CVE fixes. We also have what is happening in
meta-security: hardening, compiler option,
secure package configuration, use of code coverage tools, and so on

* SRTool

We might decide to use it again. It allows one to do much but requires
constant commitment.

* Presence on pre-notification lists and receiving information before
the vulnerability gets public

YP currently depends on public data. Principal distributions receive
the information before
a vulnerability becomes public. It requires (in short) private
reporting, a security team, and a track
of excellent security record.

* Becoming a CNA (be able to assign CVEs)

Needed if we want to assign CVEs to the software of the YP, like
autobuilder, Toaster etc.

Kind regards,
Marta

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187587): 
https://lists.openembedded.org/g/openembedded-core/message/187587
Mute This Topic: https://lists.openembedded.org/mt/101334932/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [kirkstone][PATCH] binutils: stable 2.38 branch updates

[Sanjana V]

Regression testing with binutils testing is performed and no regressions found.

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187586): 
https://lists.openembedded.org/g/openembedded-core/message/187586
Mute This Topic: https://lists.openembedded.org/mt/101334703/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [kirkstone][PATCH] binutils: stable 2.38 branch updates

[Sanjana V]

Below commits on binutils-2.38 stable branch are updated.

ea5fe5d01e5 PR30697, ppc32 mix of local-dynamic and global-dynamic TLS

Signed-off-by: Sanjana 
---
 meta/recipes-devtools/binutils/binutils-2.38.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-devtools/binutils/binutils-2.38.inc 
b/meta/recipes-devtools/binutils/binutils-2.38.inc
index 5c3ff3d93a..b0e3864378 100644
--- a/meta/recipes-devtools/binutils/binutils-2.38.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.38.inc
@@ -18,7 +18,7 @@ SRCBRANCH ?= "binutils-2_38-branch"
 
 UPSTREAM_CHECK_GITTAGREGEX = "binutils-(?P\d+_(\d_?)*)"
 
-SRCREV ?= "dc2474e7d204c124ab5a21b4490aa46eb7e1d4c3"
+SRCREV ?= "ea5fe5d01e5a182ee7a0eddb54a702109a9f5931"
 BINUTILS_GIT_URI ?= 
"git://sourceware.org/git/binutils-gdb.git;branch=${SRCBRANCH};protocol=git"
 SRC_URI = "\
  ${BINUTILS_GIT_URI} \
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187585): 
https://lists.openembedded.org/g/openembedded-core/message/187585
Mute This Topic: https://lists.openembedded.org/mt/101334703/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [kirkstone][PATCH] glibc: stable 2.35 branch updates

[Sanjana V]

Regression tests are performed and below is test summary.
Test summary after glibc updates:
PASS : 4773
FAIL   : 139
XPASS : 6
XFAIL   : 16
UNSUPPORTED : 235

Test summary before glibc updates:
PASS : 4770
FAIL   : 142
XPASS : 6
XFAIL   : 16
UNSUPPORTED : 235

Diff:
+3 PASS
0 FAIL
0 XPASS
0 XFAIL
0 UNSUPPORTED

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187584): 
https://lists.openembedded.org/g/openembedded-core/message/187584
Mute This Topic: https://lists.openembedded.org/mt/101334533/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [kirkstone][PATCH] glibc: stable 2.35 branch updates

[Sanjana V]

Below commits on glibc-2.35 stable branch are updated.

561e9dadc0 x86: Fix incorrect scope of setting `shared_per_thread`
1c3ecf5858 x86: Use `3/4*sizeof(per-thread-L3)` as low bound for NT threshold.
47c7d2eb03 x86: Fix slight bug in `shared_per_thread` cache size calculation.
d1b1da26ea x86: Increase `non_temporal_threshold` to roughly `sizeof_L3 / 4`
e19af583b4 elf: _dl_find_object may return 1 during early startup.

Signed-off-by: Sanjana 
---
 meta/recipes-core/glibc/glibc-version.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-core/glibc/glibc-version.inc 
b/meta/recipes-core/glibc/glibc-version.inc
index 01b1abef7d..f23ceb5a25 100644
--- a/meta/recipes-core/glibc/glibc-version.inc
+++ b/meta/recipes-core/glibc/glibc-version.inc
@@ -1,6 +1,6 @@
 SRCBRANCH ?= "release/2.35/master"
 PV = "2.35"
-SRCREV_glibc ?= "cbceb903c4d770acc7e4ba5641036516830ed69b"
+SRCREV_glibc ?= "561e9dadc02f46a7ba2190c0a04259583479f6c9"
 SRCREV_localedef ?= "794da69788cbf9bf57b59a852f9f11307663fa87"
 
 GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git"
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187583): 
https://lists.openembedded.org/g/openembedded-core/message/187583
Mute This Topic: https://lists.openembedded.org/mt/101334533/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [PATCH] [OE-core] [PATCH] font-util: upgrade 1.4.0 -> 1.4.1

[Richard Purdie]

On Wed, 2023-09-13 at 17:36 +0800, wangmy wrote:
> From: Wang Mingyu 
> 
> License-Update:
> - Replace unicode files with ones that provide better terms of use
>   Identical files but these have the unicode terms-of-use (SPDX:
>   Unicode-TOU) instead of some old license format.
> 
>https://www.unicode.org/Public/MAPPINGS/ISO8859/8859-1.TXT
>https://www.unicode.org/Public/MAPPINGS/OBSOLETE/EASTASIA/JIS/JIS0201.TXT
>https://www.unicode.org/Public/MAPPINGS/VENDORS/MISC/KOI8-R.TXT
> 
> - Remove "All rights reserved" from Oracle copyright notices
>   Oracle no longer includes this term in our copyright & license notices.
> 
> Signed-off-by: Wang Mingyu 
> ---
>  .../xorg-font/{font-util_1.4.0.bb => font-util_1.4.1.bb}   | 7 ---
>  1 file changed, 4 insertions(+), 3 deletions(-)
>  rename meta/recipes-graphics/xorg-font/{font-util_1.4.0.bb => 
> font-util_1.4.1.bb} (74%)
> 

Does that mean that LICENSE should have Unicode-TOU in it?

Cheers,

Richard

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187582): 
https://lists.openembedded.org/g/openembedded-core/message/187582
Mute This Topic: https://lists.openembedded.org/mt/101333495/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH] btrfs-tools: upgrade 6.3.3 -> 6.5

[Richard Purdie]

On Wed, 2023-09-13 at 17:28 +0800, wangmy wrote:
> From: Wang Mingyu 
> 
> Changelog:
> 
> * crc32c implementation speedup (3x)
> * btrfstune:
>* be more strict about option combinations and refuse changing
>  features from incompatible groups
>* metadata_uuid changes fixes
> * libbtrfs: fix ABI breakage introduced in 6.3.1, revert struct subvol_info
>   and subvol_uuid_search changes
> * CI updates
>* pull request build tests enabled
>* published static binaries built with backward compatibility 
> (-march=x86-64)
> * other
>* documentation updates
>* new and updated tests
>* experimental feature updates (json, list-chunks, checksum switch)
>* code refactoring
>* remove btrfs-fragments
> 
> Signed-off-by: Wang Mingyu 
> ---
>  .../btrfs-tools/{btrfs-tools_6.3.3.bb => btrfs-tools_6.5.bb}| 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>  rename meta/recipes-devtools/btrfs-tools/{btrfs-tools_6.3.3.bb => 
> btrfs-tools_6.5.bb} (98%)
> 
> diff --git a/meta/recipes-devtools/btrfs-tools/btrfs-tools_6.3.3.bb 
> b/meta/recipes-devtools/btrfs-tools/btrfs-tools_6.5.bb
> similarity index 98%
> rename from meta/recipes-devtools/btrfs-tools/btrfs-tools_6.3.3.bb
> rename to meta/recipes-devtools/btrfs-tools/btrfs-tools_6.5.bb
> index e7a64e8363..984966bbd4 100644
> --- a/meta/recipes-devtools/btrfs-tools/btrfs-tools_6.3.3.bb
> +++ b/meta/recipes-devtools/btrfs-tools/btrfs-tools_6.5.bb
> @@ -18,7 +18,7 @@ DEPENDS = "util-linux zlib"
>  SRC_URI = 
> "git://git.kernel.org/pub/scm/linux/kernel/git/kdave/btrfs-progs.git;branch=master;protocol=https
>  \
> 
> file://0001-Add-a-possibility-to-specify-where-python-modules-ar.patch \
> "
> -SRCREV = "bb0ca35245858f17a6ced97aade1dd8d70f9c9d7"
> +SRCREV = "f7ecc34555b4793573c9e3fc5f77cc8aab63fcc1"
>  S = "${WORKDIR}/git"
>  
>  PACKAGECONFIG ??= " \

https://autobuilder.yoctoproject.org/typhoon/#/builders/104/builds/6671/steps/11/logs/warnings
https://autobuilder.yoctoproject.org/typhoon/#/builders/57/builds/7641/steps/11/logs/warnings

Cheers,

Richard



-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187581): 
https://lists.openembedded.org/g/openembedded-core/message/187581
Mute This Topic: https://lists.openembedded.org/mt/101333402/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] wireless-regdb: upgrade 2023.05.03 -> 2023.09.01

[wangmy]

From: Wang Mingyu 

Changelog:
==
wireless-regdb: update regulatory database based on preceding changes
wireless-regdb: Update regulatory rules for Australia (AU) for June 2023
wireless-regdb: Update regulatory info for Türkiye (TR)
wireless-regdb: Update regulatory rules for Egypt (EG) from March 2022 guidel...
wireless-regdb: Update regulatory rules for Philippines (PH)

Signed-off-by: Wang Mingyu 
---
 ...ireless-regdb_2023.05.03.bb => wireless-regdb_2023.09.01.bb} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-kernel/wireless-regdb/{wireless-regdb_2023.05.03.bb => 
wireless-regdb_2023.09.01.bb} (94%)

diff --git a/meta/recipes-kernel/wireless-regdb/wireless-regdb_2023.05.03.bb 
b/meta/recipes-kernel/wireless-regdb/wireless-regdb_2023.09.01.bb
similarity index 94%
rename from meta/recipes-kernel/wireless-regdb/wireless-regdb_2023.05.03.bb
rename to meta/recipes-kernel/wireless-regdb/wireless-regdb_2023.09.01.bb
index cd3f52fc76..c09600ecbe 100644
--- a/meta/recipes-kernel/wireless-regdb/wireless-regdb_2023.05.03.bb
+++ b/meta/recipes-kernel/wireless-regdb/wireless-regdb_2023.09.01.bb
@@ -5,7 +5,7 @@ LICENSE = "ISC"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=07c4f6dea3845b02a18dc00c8c87699c"
 
 SRC_URI = "https://www.kernel.org/pub/software/network/${BPN}/${BP}.tar.xz;
-SRC_URI[sha256sum] = 
"f254d08ab3765aeae2b856222e11a95d44aef519a6663877c71ef68fae4c8c12"
+SRC_URI[sha256sum] = 
"26d4c2a727cc59239b84735aad856b7c7d0b04e30aa5c235c4f7f47f5f053491"
 
 inherit bin_package allarch
 
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187580): 
https://lists.openembedded.org/g/openembedded-core/message/187580
Mute This Topic: https://lists.openembedded.org/mt/101333569/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] wayland-utils: upgrade 1.1.0 -> 1.2.0

[wangmy]

From: Wang Mingyu 

0001-wayland-info-Fix-build-without-libdrm.patch
removed since it's included in 1.2.0

Changelog:
===
-wayland-info: Fix spurious tab/space
-wayland-info: add drm-lease-v1 support 
-meson: improve protocol generation
-wayland-info: Destroy zwp_linux_dmabuf_feedback_v1 proxy on exit 
-wayland-info: Readd support for linux_dmabuf versions < 3 
-wayland-info: Add a cmdline option for interface 
-wayland-info: print DRM device paths 
-build: turn on -Wundef
-wayland-info: move libdrm version constraint to dependency()
-wayland-info: include system headers with angle brackets 
-wayland-info: Fix build without libdrm
-1build: reopen main for regular development 

Signed-off-by: Wang Mingyu 
---
 ...ayland-info-Fix-build-without-libdrm.patch | 42 ---
 ...-utils_1.1.0.bb => wayland-utils_1.2.0.bb} |  6 +--
 2 files changed, 2 insertions(+), 46 deletions(-)
 delete mode 100644 
meta/recipes-graphics/wayland/files/0001-wayland-info-Fix-build-without-libdrm.patch
 rename meta/recipes-graphics/wayland/{wayland-utils_1.1.0.bb => 
wayland-utils_1.2.0.bb} (77%)

diff --git 
a/meta/recipes-graphics/wayland/files/0001-wayland-info-Fix-build-without-libdrm.patch
 
b/meta/recipes-graphics/wayland/files/0001-wayland-info-Fix-build-without-libdrm.patch
deleted file mode 100644
index 86c44d4480..00
--- 
a/meta/recipes-graphics/wayland/files/0001-wayland-info-Fix-build-without-libdrm.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From c79a3fb51718c4286b74edf0f758df9219994844 Mon Sep 17 00:00:00 2001
-From: Olivier Fourdan 
-Date: Wed, 14 Sep 2022 09:07:10 +0200
-Subject: [PATCH] wayland-info: Fix build without libdrm
-
-wayland-info can optionally use libdrm to provide a description of the
-dmabuf format modifiers.
-
-When not using libdrm however, the build fails because "dev_t" is not
-defined.
-
-The definition of "dev_t" comes from  which is included
-from , which is not included without libdrm support, hence the
-build failure.
-
-Simply include  unconditionally to make sure "dev_t" is
-defined regardless of libdrm support, to fix the build failure.
-
-Closes: https://gitlab.freedesktop.org/wayland/wayland-utils/-/issues/6
-Signed-off-by: Olivier Fourdan 
-Fixes: 240cb739 - "Add support for linux_dmabuf version 4"
-Reviewed-by: Simon Ser 
-Reviewed-by: Pekka Paalanen 
-
-Upstream-Status: Backport 
[https://gitlab.freedesktop.org/wayland/wayland-utils/-/commit/baa65ba9f62e6a05c32b9202b524158a21f24245]
-Signed-off-by: Alexander Kanavin 

- wayland-info/wayland-info.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/wayland-info/wayland-info.c b/wayland-info/wayland-info.c
-index 53cd04b..98ff205 100644
 a/wayland-info/wayland-info.c
-+++ b/wayland-info/wayland-info.c
-@@ -34,6 +34,7 @@
- #include 
- #include 
- #include 
-+#include 
- 
- #include 
- #if HAVE_HUMAN_FORMAT_MODIFIER
diff --git a/meta/recipes-graphics/wayland/wayland-utils_1.1.0.bb 
b/meta/recipes-graphics/wayland/wayland-utils_1.2.0.bb
similarity index 77%
rename from meta/recipes-graphics/wayland/wayland-utils_1.1.0.bb
rename to meta/recipes-graphics/wayland/wayland-utils_1.2.0.bb
index 48e1409be8..657f67fb09 100644
--- a/meta/recipes-graphics/wayland/wayland-utils_1.1.0.bb
+++ b/meta/recipes-graphics/wayland/wayland-utils_1.2.0.bb
@@ -9,10 +9,8 @@ LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://COPYING;md5=548a66038a77415e1df51118625e832f \
"
 
-SRC_URI = 
"https://gitlab.freedesktop.org/wayland/wayland-utils/-/releases/${PV}/downloads/${BPN}-${PV}.tar.xz
 \
-   file://0001-wayland-info-Fix-build-without-libdrm.patch \
-   "
-SRC_URI[sha256sum] = 
"9e685863025b4feade36d53bbc8e31b43e26498be743dea84c7a84912959410a"
+SRC_URI = 
"https://gitlab.freedesktop.org/wayland/wayland-utils/-/releases/${PV}/downloads/${BPN}-${PV}.tar.xz;
+SRC_URI[sha256sum] = 
"d9278c22554586881802540751bcc42569262bf80cd9ac9b0fd12ff4bd09a9e4"
 
 UPSTREAM_CHECK_URI = "https://wayland.freedesktop.org/releases.html;
 
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187579): 
https://lists.openembedded.org/g/openembedded-core/message/187579
Mute This Topic: https://lists.openembedded.org/mt/101333563/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] stress-ng: upgrade 0.16.04 -> 0.16.05

[wangmy]

From: Wang Mingyu 

Changelog:
===
-stress-vnni: verify if selected method supports intrinsic in intrisinc mode
-Manual: Indent stressors to ease man page reading
-stress-ng: Fix text of license in stress-sleep.c
-stress-pty: don't treat EINTR as failure when tcdrain is interrupted
-core-asm-generic: reintroduce HAVE_ASM_NOP check
-Makefile: bump version
-Makefile: add missing core-time.h from headers
-Makefile: remove snap from make dist rule
-stress-touch: fix missing help args for --touch-method and --touch-opts
-stress-ng: fix missing arg for --timer-slack help
-stress-stream: fix --stream-index help, missing arg
-stress-ring-pipe: fix help, missing args for --ring-pipe-num and
---ring-pipe-size
-stress-mremap: fix type in mremap-mlock help
-stress-module: use settings names and variable names that match
-boolean args
-core-opts: module-no-modver and module-no-vermag are argless, fix these
-stress-ng: fix --max-fd help, needs arg N
-stress-dirmany: fix --dirmany-bytes option in help
-stress-cache: fix help for cacheline writeback should be --cache-clwb
-stress-affinity: add missing numeric arg in --affinity-sleep option
-help
-stress-llc-affinity: Fix spelling mistake "memiry" -> "memory"
-Makefile: restore verify-test-all to 5 secs per stressor
-stress-misaligned: double the timeout time for very heavily loaded
-systems
-stress-cpu-online: fix nixos build error, missing semicolon
-stress-kvm: skip stressor if /dev/kvm is already in use
-Makefile: ignore warning return values in regression tests
-stress-syscall: Add BSD rfork() system call
-README.md: add another kernel reference
-stress-mlock: only show munlock metrics if they are available
-core-opts: fix disabled --perf option
-Add map_shadow_stack to TODO list
-stress-enosys: add map_shadow_stack
-stress-dev: only use stress_dev_hid_linux if HAVE_LINUX_HIDRAW_H is
-defined
-stress-ng.h: define _RENTRANT for sun builds for threading
-test/test-builtin-bitreverse: don't use random() to remove OpenBSD warnings
-tests: don't use random() to remove OpenBSD warnings
-core-cpu-cache: cast uint32 values to uint64_t before multiply
-stress-sigbus: unconstify ptr8, clean up pedantic warnings:
-core-helper: stress_write_buffer: use void * for ptr rather than char *
-core-setting: fix const warning with pedantic builds
-core-sort: fix const warning with pedantic builds
-stress-icache: make function stress_icache_func static
-stress-zero.c: only declare mmap_counter and mmap_index for linux builds
-stress-softlockup: reduce scope of variables t and d
-stress-icache: reduce scope of variable val
-stress-fma: fix return type of stress_fma_rnd_float to float
-core-builtin: ensure shim_sqrtl returns long double
-stress-bad-ioctl: constify pointers
-stress-bad-ioctl: reduce scope of variables type, nr and ret
-stress-aiol: cast result of multiply to same type as offset
-core-cpu-cache: make cache_size match the same type as
-cpu->caches[i].size
-stress-af-alg: constify pointer ptr
-core-shim: shim_posix_fallocate: reduce scope of variable ret
-core-numa: stress_parse_node: constify pointer str
-core-affinity: stress_parse_cpu: constify pointer str
-core-setting: remove unused field uintptr_t from struct
-core-interrupts: change scope of pointer ptr
-stress-watchdog: re-work code to remove need for watchdog_close label
-Makefile: force vnni to be built with at least -O2
-stress-vnni: move scope of variable to inside loop
-stress-far-branch: clean false positive gcc warning by initializing ptr
-stress-bad-altstack: make variable rnd non-clobberable
-Add --interrupts option to enable interrupt accounting
-core-interrupts: parse /proc/interrupts once for all types
-README.md: add another paper citation
-README.md: add two more kernel issues found with stress-ng
-stress-enosys: add fchmodat2
-stress-syscall: add fchmodat2
-test-chmod: add fchmodat2 Linux 6.6 call and shim, add fchmodat shim
-core-opts.h: move PR_OPT option macros to core-opts.h
-core-opts: move gnu long options into core-opts.c
-stress-prctl: add build check for new prctl macros
-stress-prctl: exercise PR_RISCV_V_{GET|SET}_CONTROL
-stress-prctl: add PR_GET_AUXV
-README.md: add another kernel issue found using stress-ng
-stess-schedmix: reduce scope of variable policy and remove initialisation
-test/test-vfork.c: replace exit with _exit
-stress-jpeg: stress_rgb_compress_to_jpeg: ensure duration is
-initialized to zero
-stress-dev: add lseek + read on /dev/nvram, voidify some args to /dev/hid
-stress-dev: exercise linux /dev/hid ioctls
-stress-dev: exercise linux /dev/acpi_thermal_rel ioctls
-stress-ng.h: rename PR_* macros to OPT_FLAGS_PR_*
-core-thermal-zone.h: move perf related structs and defines to 
core-thermal-zone.h
-core-perf.h: move perf related structs and defines to core-perf.h
-stress-ng.h: remove unused typedef stress_func_t
-README.md: add Anisse Astier to contributors list
-Manual: rename AF_ALG stressor title
-stress-netdev: exercise invalid lengths in ifr_ifindex and ifc_len

[OE-core] [PATCH] strace: upgrade 6.4 -> 6.5

[wangmy]

From: Wang Mingyu 

Changelog:
===
* Implemented decoding of cachestat and fchmodat2 syscalls.
* Implemented decoding of SO_PASSPIDFD and SO_PEERPIDFD socket options.
* Implemented decoding of SCM_PIDFD control messages.
* Implemented decoding of BPF_ENABLE_STATS, BPF_ITER_CREATE, BPF_LINK_DETACH,
  and BPF_PROG_BIND_MAP bpf syscall commands.
* Updated decoding of BPF_OBJ_PIN and BPF_OBJ_GET bpf syscall commands.
* Updated lists of AT_*, BPF_*, IORING_*, KVM_*, MOVE_MOUNT_*, NFT_*, NT_*,
  PR_*, and V4L2_* constants.
* Updated lists of ioctl commands from Linux 6.5.

Signed-off-by: Wang Mingyu 
---
 meta/recipes-devtools/strace/{strace_6.4.bb => strace_6.5.bb} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-devtools/strace/{strace_6.4.bb => strace_6.5.bb} (96%)

diff --git a/meta/recipes-devtools/strace/strace_6.4.bb 
b/meta/recipes-devtools/strace/strace_6.5.bb
similarity index 96%
rename from meta/recipes-devtools/strace/strace_6.4.bb
rename to meta/recipes-devtools/strace/strace_6.5.bb
index 2174790fbe..8f90c35925 100644
--- a/meta/recipes-devtools/strace/strace_6.4.bb
+++ b/meta/recipes-devtools/strace/strace_6.5.bb
@@ -15,7 +15,7 @@ SRC_URI = "https://strace.io/files/${PV}/strace-${PV}.tar.xz \

file://0001-configure-Use-autoconf-macro-to-detect-largefile-sup.patch \
file://0002-tests-Replace-off64_t-with-off_t.patch \
"
-SRC_URI[sha256sum] = 
"27987dbac57fdfd260c6db4dc8328df35c95c6867c8a3d4371d59cdcf4eb9238"
+SRC_URI[sha256sum] = 
"dfb051702389e1979a151892b5901afc9e93bbc1c70d84c906ade3224ca91980"
 
 inherit autotools ptest
 
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187577): 
https://lists.openembedded.org/g/openembedded-core/message/187577
Mute This Topic: https://lists.openembedded.org/mt/101333551/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] python3-setuptools: upgrade 68.1.2 -> 68.2.1

[wangmy]

From: Wang Mingyu 

Changelog:
===
Features
--
-Rework how setuptools internally handles dependencies/install_requires and
 optional-dependencies/extras_require. (#3903)
-Improve the generated PKG-INFO files, by adding Requires-Dist fields.
-Improve atomicity when writing PKG-INFO files to avoid race conditions with
 importlib.metadata. (#3904)

Bugfixes
--
-Fix the name given to the *-nspkg.pth files in editable installs, ensuring
 they are unique per distribution. (#4041)
-Workaround some limitations on pkg_resources-style legacy namespaces in the
 meta path finder for editable installations. (#4041)
-Avoid using caching attributes in Distribution.metadata for requirements.

Signed-off-by: Wang Mingyu 
---
 .../0001-conditionally-do-not-fetch-code-by-easy_install.patch  | 2 +-
 ...ython3-setuptools_68.1.2.bb => python3-setuptools_68.2.1.bb} | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)
 rename meta/recipes-devtools/python/{python3-setuptools_68.1.2.bb => 
python3-setuptools_68.2.1.bb} (95%)

diff --git 
a/meta/recipes-devtools/python/python3-setuptools/0001-conditionally-do-not-fetch-code-by-easy_install.patch
 
b/meta/recipes-devtools/python/python3-setuptools/0001-conditionally-do-not-fetch-code-by-easy_install.patch
index 84a9492caf..6b467184d7 100644
--- 
a/meta/recipes-devtools/python/python3-setuptools/0001-conditionally-do-not-fetch-code-by-easy_install.patch
+++ 
b/meta/recipes-devtools/python/python3-setuptools/0001-conditionally-do-not-fetch-code-by-easy_install.patch
@@ -1,4 +1,4 @@
-From c90cc4a07ce6d2b7128e37d811d0c6bbc4b905a6 Mon Sep 17 00:00:00 2001
+From c4a48e6a75a5865a7c8d61a0f060aca9ba92477b Mon Sep 17 00:00:00 2001
 From: Hongxu Jia 
 Date: Tue, 17 Jul 2018 10:13:38 +0800
 Subject: [PATCH] conditionally do not fetch code by easy_install
diff --git a/meta/recipes-devtools/python/python3-setuptools_68.1.2.bb 
b/meta/recipes-devtools/python/python3-setuptools_68.2.1.bb
similarity index 95%
rename from meta/recipes-devtools/python/python3-setuptools_68.1.2.bb
rename to meta/recipes-devtools/python/python3-setuptools_68.2.1.bb
index a1e84b635c..e4aaa914a3 100644
--- a/meta/recipes-devtools/python/python3-setuptools_68.1.2.bb
+++ b/meta/recipes-devtools/python/python3-setuptools_68.2.1.bb
@@ -11,7 +11,7 @@ SRC_URI:append:class-native = " 
file://0001-conditionally-do-not-fetch-code-by-e
 SRC_URI += " \
 
file://0001-_distutils-sysconfig.py-make-it-possible-to-substite.patch"
 
-SRC_URI[sha256sum] = 
"3d4dfa6d95f1b101d695a6160a7626e15583af71a5f52176efa5d39a054d475d"
+SRC_URI[sha256sum] = 
"56ee14884fd8d0cd015411f4a13f40b4356775a0aefd9ebc1d3bfb9a1acb32f1"
 
 DEPENDS += "${PYTHON_PN}"
 
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187576): 
https://lists.openembedded.org/g/openembedded-core/message/187576
Mute This Topic: https://lists.openembedded.org/mt/101333549/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] python3-pytest: upgrade 7.4.1 -> 7.4.2

[wangmy]

From: Wang Mingyu 

Changelog:
==

Bug Fixes
--
-Fix doctest collection of functools.cached_property objects.
-Fixed bug using --importmode=importlib which would cause package __init__.py
 files to be imported more than once in some cases.
-Fixed bug where user_properties where not being saved in the JUnit XML file
 if a fixture failed during teardown.
-Fixed crash when parsing long command line arguments that might be interpreted
 as files.

Improved Documentation
--
-Improved disclaimer on pytest plugin reference page to better indicate this is
 an automated, non-curated listing.

Signed-off-by: Wang Mingyu 
---
 .../python/{python3-pytest_7.4.1.bb => python3-pytest_7.4.2.bb} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-devtools/python/{python3-pytest_7.4.1.bb => 
python3-pytest_7.4.2.bb} (93%)

diff --git a/meta/recipes-devtools/python/python3-pytest_7.4.1.bb 
b/meta/recipes-devtools/python/python3-pytest_7.4.2.bb
similarity index 93%
rename from meta/recipes-devtools/python/python3-pytest_7.4.1.bb
rename to meta/recipes-devtools/python/python3-pytest_7.4.2.bb
index e9ded985cb..710aa51716 100644
--- a/meta/recipes-devtools/python/python3-pytest_7.4.1.bb
+++ b/meta/recipes-devtools/python/python3-pytest_7.4.2.bb
@@ -5,7 +5,7 @@ DESCRIPTION = "The pytest framework makes it easy to write 
small tests, yet scal
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=bd27e41b6550fe0fc45356d1d81ee37c"
 
-SRC_URI[sha256sum] = 
"2f2301e797521b23e4d2585a0a3d7b5e50fdddaaf7e7d6773ea26ddb17c213ab"
+SRC_URI[sha256sum] = 
"a766259cfab564a2ad52cb1aae1b881a75c3eb7e34ca3779697c23ed47c47069"
 
 DEPENDS += "python3-setuptools-scm-native"
 
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187575): 
https://lists.openembedded.org/g/openembedded-core/message/187575
Mute This Topic: https://lists.openembedded.org/mt/101333543/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] python3-pyelftools: upgrade 0.29 -> 0.30

[wangmy]

From: Wang Mingyu 

Changelog:
===
- Optimization: cache instantiation of DWARF structs (#435)
- DWARFv5 CU headers (#442)
- Bug fix in attribute reporting for DWA_FORM_indirect (#475)
- Support for RISC-V attributes (#459)
- Readelf used for testing upgraded to 2.41 (#489)
- Support for MIPS64 object files (#495)
- LoongArch support (#470, #483)

Signed-off-by: Wang Mingyu 
---
 .../{python3-pyelftools_0.29.bb => python3-pyelftools_0.30.bb}  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-devtools/python/{python3-pyelftools_0.29.bb => 
python3-pyelftools_0.30.bb} (82%)

diff --git a/meta/recipes-devtools/python/python3-pyelftools_0.29.bb 
b/meta/recipes-devtools/python/python3-pyelftools_0.30.bb
similarity index 82%
rename from meta/recipes-devtools/python/python3-pyelftools_0.29.bb
rename to meta/recipes-devtools/python/python3-pyelftools_0.30.bb
index c55682e2ea..e976d6cae8 100644
--- a/meta/recipes-devtools/python/python3-pyelftools_0.29.bb
+++ b/meta/recipes-devtools/python/python3-pyelftools_0.30.bb
@@ -4,7 +4,7 @@ SECTION = "devel/python"
 LICENSE = "PD"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=5ce2a2b07fca326bc7c146d10105ccfc"
 
-SRC_URI[sha256sum] = 
"ec761596aafa16e282a31de188737e5485552469ac63b60cfcccf22263fd24ff"
+SRC_URI[sha256sum] = 
"2fc92b0d534f8b081f58c7c370967379123d8e00984deb53c209364efd575b40"
 
 PYPI_PACKAGE = "pyelftools"
 
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187574): 
https://lists.openembedded.org/g/openembedded-core/message/187574
Mute This Topic: https://lists.openembedded.org/mt/101333532/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] python3-hypothesis: upgrade 6.84.0 -> 6.84.3

[wangmy]

From: Wang Mingyu 

Changelog:
===
-This patch automatically disables the differing_executors health check for
 methods which are also pytest parametrized tests, because those were mostly
 false alarms (issue #3733).
-Building on recent releases, characters() now accepts _any_ codec=, not just
 "utf-8" and "ascii".
-This includes standard codecs from the codecs module and their aliases,
 platform specific and user-registered codecs if they are available, and
 python-specific text encodings (but not text transforms or binary transforms).
-This patch by Reagan Lee makes st.text(...).filter(str.isidentifier) return
 an efficient custom strategy (issue #3480).

Signed-off-by: Wang Mingyu 
---
 ...ython3-hypothesis_6.84.0.bb => python3-hypothesis_6.84.3.bb} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-devtools/python/{python3-hypothesis_6.84.0.bb => 
python3-hypothesis_6.84.3.bb} (91%)

diff --git a/meta/recipes-devtools/python/python3-hypothesis_6.84.0.bb 
b/meta/recipes-devtools/python/python3-hypothesis_6.84.3.bb
similarity index 91%
rename from meta/recipes-devtools/python/python3-hypothesis_6.84.0.bb
rename to meta/recipes-devtools/python/python3-hypothesis_6.84.3.bb
index 8e3f6c0bf4..21b0f65a8e 100644
--- a/meta/recipes-devtools/python/python3-hypothesis_6.84.0.bb
+++ b/meta/recipes-devtools/python/python3-hypothesis_6.84.3.bb
@@ -13,7 +13,7 @@ SRC_URI += " \
 file://test_rle.py \
 "
 
-SRC_URI[sha256sum] = 
"446ecc9665a23fc67a6d32bafbe4233d77fef10eb90d4ede8ab1e76474a63215"
+SRC_URI[sha256sum] = 
"b4117f4138e81986cf62ad4e1410a021adeaa52e4b0326419da626cd7d3b6250"
 
 RDEPENDS:${PN} += " \
 python3-attrs \
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187573): 
https://lists.openembedded.org/g/openembedded-core/message/187573
Mute This Topic: https://lists.openembedded.org/mt/101333527/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] python3-git: upgrade 3.1.34 -> 3.1.35

[wangmy]

From: Wang Mingyu 

Changelog:

-Fix Windows environment variable upcasing bug
-Added test for PR #1645 submodule path
-Tests fail due to security vulnerability fix in git 2.38.1 acknowledged
-3.1.30 & 3.1.31: failing tests acknowledged help wanted
-Only make config more permissive in tests that need it
-Fix CVE-2023-41040
-Fix 'Tree' object has no attribute '_name' when submodule path is normal path

Signed-off-by: Wang Mingyu 
---
 .../python/{python3-git_3.1.34.bb => python3-git_3.1.35.bb} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-devtools/python/{python3-git_3.1.34.bb => 
python3-git_3.1.35.bb} (92%)

diff --git a/meta/recipes-devtools/python/python3-git_3.1.34.bb 
b/meta/recipes-devtools/python/python3-git_3.1.35.bb
similarity index 92%
rename from meta/recipes-devtools/python/python3-git_3.1.34.bb
rename to meta/recipes-devtools/python/python3-git_3.1.35.bb
index 308c787c2d..9b2e36d5af 100644
--- a/meta/recipes-devtools/python/python3-git_3.1.34.bb
+++ b/meta/recipes-devtools/python/python3-git_3.1.35.bb
@@ -12,7 +12,7 @@ PYPI_PACKAGE = "GitPython"
 
 inherit pypi python_setuptools_build_meta
 
-SRC_URI[sha256sum] = 
"85f7d365d1f6bf677ae51039c1ef67ca59091c7ebd5a3509aa399d4eda02d6dd"
+SRC_URI[sha256sum] = 
"9cbefbd1789a5fe9bcf621bb34d3f441f3a90c8461d377f84eda73e721d9b06b"
 
 DEPENDS += " ${PYTHON_PN}-gitdb"
 
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187572): 
https://lists.openembedded.org/g/openembedded-core/message/187572
Mute This Topic: https://lists.openembedded.org/mt/101333519/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] pkgconf: upgrade 2.0.2 -> 2.0.3

[wangmy]

From: Wang Mingyu 

Changelog:
==
* Fix some edge-cases with the new `--modversion` implementation
  and add additional regression tests.
* Fix some format specifiers to use PRIu64 in debug tracing.

Signed-off-by: Wang Mingyu 
---
 .../pkgconf/{pkgconf_2.0.2.bb => pkgconf_2.0.3.bb}  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-devtools/pkgconf/{pkgconf_2.0.2.bb => pkgconf_2.0.3.bb} 
(96%)

diff --git a/meta/recipes-devtools/pkgconf/pkgconf_2.0.2.bb 
b/meta/recipes-devtools/pkgconf/pkgconf_2.0.3.bb
similarity index 96%
rename from meta/recipes-devtools/pkgconf/pkgconf_2.0.2.bb
rename to meta/recipes-devtools/pkgconf/pkgconf_2.0.3.bb
index c6badb123e..5aa5a191f2 100644
--- a/meta/recipes-devtools/pkgconf/pkgconf_2.0.2.bb
+++ b/meta/recipes-devtools/pkgconf/pkgconf_2.0.3.bb
@@ -20,7 +20,7 @@ SRC_URI = "\
 file://pkg-config-native.in \
 file://pkg-config-esdk.in \
 "
-SRC_URI[sha256sum] = 
"ea5a25ef8f251eb5377ec0e21c75fb61894433cfbdbf0b2559ba33e4c2664401"
+SRC_URI[sha256sum] = 
"cabdf3c474529854f7ccce8573c5ac68ad34a7e621037535cbc3981f6b23836c"
 
 inherit autotools
 
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187571): 
https://lists.openembedded.org/g/openembedded-core/message/187571
Mute This Topic: https://lists.openembedded.org/mt/101333509/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[PATCH] [OE-core] [PATCH] font-util: upgrade 1.4.0 -> 1.4.1

[wangmy]

From: Wang Mingyu 

License-Update:
- Replace unicode files with ones that provide better terms of use
  Identical files but these have the unicode terms-of-use (SPDX:
  Unicode-TOU) instead of some old license format.

   https://www.unicode.org/Public/MAPPINGS/ISO8859/8859-1.TXT
   https://www.unicode.org/Public/MAPPINGS/OBSOLETE/EASTASIA/JIS/JIS0201.TXT
   https://www.unicode.org/Public/MAPPINGS/VENDORS/MISC/KOI8-R.TXT

- Remove "All rights reserved" from Oracle copyright notices
  Oracle no longer includes this term in our copyright & license notices.

Signed-off-by: Wang Mingyu 
---
 .../xorg-font/{font-util_1.4.0.bb => font-util_1.4.1.bb}   | 7 ---
 1 file changed, 4 insertions(+), 3 deletions(-)
 rename meta/recipes-graphics/xorg-font/{font-util_1.4.0.bb => 
font-util_1.4.1.bb} (74%)

diff --git a/meta/recipes-graphics/xorg-font/font-util_1.4.0.bb 
b/meta/recipes-graphics/xorg-font/font-util_1.4.1.bb
similarity index 74%
rename from meta/recipes-graphics/xorg-font/font-util_1.4.0.bb
rename to meta/recipes-graphics/xorg-font/font-util_1.4.1.bb
index db82104afe..c422482f08 100644
--- a/meta/recipes-graphics/xorg-font/font-util_1.4.0.bb
+++ b/meta/recipes-graphics/xorg-font/font-util_1.4.1.bb
@@ -4,10 +4,11 @@ require xorg-font-common.inc
 
 #Unicode is MIT
 LICENSE = "MIT & MIT & BSD-4-Clause & BSD-2-Clause"
-LIC_FILES_CHKSUM = "file://COPYING;md5=5df208ec65eb84ce5bb8d82d8f3b9675 \
+LIC_FILES_CHKSUM = "file://COPYING;md5=2a9e705c00e463c8d294f90486852e06 \
 
file://ucs2any.c;endline=28;md5=8357dc567fc628bd12696f15b2a33bcb \
 
file://bdftruncate.c;endline=26;md5=4f82ffc101a1b165eae9c6998abff937 \
-
file://map-ISO8859-1;beginline=9;endline=23;md5=1cecb984063248f29ffe5c46f5c04f34"
+
file://map-ISO8859-1;beginline=9;endline=23;md5=f66cea01f9377a2a5ebbf0dcd2126124
 \
+"
 
 DEPENDS = "encodings util-macros"
 DEPENDS:class-native = "util-macros-native"
@@ -16,7 +17,7 @@ RDEPENDS:${PN}:class-native = ""
 
 BBCLASSEXTEND = "native"
 
-SRC_URI[sha256sum] = 
"9f724bf940128c7e39f7252bd961cd38cfac2359de2100a8bed696bf40d40f7d"
+SRC_URI[sha256sum] = 
"5c9f64123c194b150fee89049991687386e6ff36ef2af7b80ba53efaf368cc95"
 
 SYSROOT_DIRS_IGNORE:remove = "${datadir}/fonts"
 
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187570): 
https://lists.openembedded.org/g/openembedded-core/message/187570
Mute This Topic: https://lists.openembedded.org/mt/101333495/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] ccache: upgrade 4.8.2 -> 4.8.3

[wangmy]

From: Wang Mingyu 

License-Update: Copyright year updated to 2021

Changelog:
===
-Fixed various problems with parsing of MSVC response file (.rsp).
-Fixed handling of NVCC -Xcompiler and --Werror options.
-Fixed bookkeeping of files when hard linking or file cloning is enabled.
-Made a workaround for GCC 12.3 bug 109241 where GCC fails to compile ccache.
-Upgraded to xxHash 0.8.2, which fixes compilation of ccache with GCC 12 and 
-Og.

Signed-off-by: Wang Mingyu 
---
 .../ccache/{ccache_4.8.2.bb => ccache_4.8.3.bb}   | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename meta/recipes-devtools/ccache/{ccache_4.8.2.bb => ccache_4.8.3.bb} (82%)

diff --git a/meta/recipes-devtools/ccache/ccache_4.8.2.bb 
b/meta/recipes-devtools/ccache/ccache_4.8.3.bb
similarity index 82%
rename from meta/recipes-devtools/ccache/ccache_4.8.2.bb
rename to meta/recipes-devtools/ccache/ccache_4.8.3.bb
index 22a6b385b0..03372aa685 100644
--- a/meta/recipes-devtools/ccache/ccache_4.8.2.bb
+++ b/meta/recipes-devtools/ccache/ccache_4.8.3.bb
@@ -7,14 +7,14 @@ HOMEPAGE = "http://ccache.samba.org;
 SECTION = "devel"
 
 LICENSE = "GPL-3.0-or-later"
-LIC_FILES_CHKSUM = "file://LICENSE.adoc;md5=cd54b7abfc462470b0f505273c38f0ff"
+LIC_FILES_CHKSUM = "file://LICENSE.adoc;md5=6a6fe0ae4e57592b187ab72fa6d420ec"
 
 DEPENDS = "zstd"
 
 SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/${BP}.tar.gz \
file://0001-xxhash.h-Fix-build-with-gcc-12.patch \
"
-SRC_URI[sha256sum] = 
"75eef15b8b9da48db9c91e1d0ff58b3645fc70c0e4ca2ef1b6825a12f21f217d"
+SRC_URI[sha256sum] = 
"d59dd569ad2bbc826c0bc335c8ebd73e78ed0f2f40ba6b30069347e63585d9ef"
 
 inherit cmake github-releases
 
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187569): 
https://lists.openembedded.org/g/openembedded-core/message/187569
Mute This Topic: https://lists.openembedded.org/mt/101333481/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] nghttp2: upgrade 1.55.1 -> 1.56.0

[wangmy]

From: Wang Mingyu 

Signed-off-by: Wang Mingyu 
---
 .../nghttp2/{nghttp2_1.55.1.bb => nghttp2_1.56.0.bb}| 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-support/nghttp2/{nghttp2_1.55.1.bb => nghttp2_1.56.0.bb} 
(91%)

diff --git a/meta/recipes-support/nghttp2/nghttp2_1.55.1.bb 
b/meta/recipes-support/nghttp2/nghttp2_1.56.0.bb
similarity index 91%
rename from meta/recipes-support/nghttp2/nghttp2_1.55.1.bb
rename to meta/recipes-support/nghttp2/nghttp2_1.56.0.bb
index 1be9a348ae..a011bd4536 100644
--- a/meta/recipes-support/nghttp2/nghttp2_1.55.1.bb
+++ b/meta/recipes-support/nghttp2/nghttp2_1.56.0.bb
@@ -8,7 +8,7 @@ SRC_URI = "\
 ${GITHUB_BASE_URI}/download/v${PV}/nghttp2-${PV}.tar.xz \
 file://0001-fetch-ocsp-response-use-python3.patch \
 "
-SRC_URI[sha256sum] = 
"19490b7c8c2ded1cf7c3e3a54ef4304e3a7876ae2d950d60a81d0dc6053be419"
+SRC_URI[sha256sum] = 
"65eee8021e9d3620589a4a4e91ce9983d802b5229f78f3313770e13f4d2720e9"
 
 inherit cmake manpages python3native github-releases
 PACKAGECONFIG[manpages] = ""
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187568): 
https://lists.openembedded.org/g/openembedded-core/message/187568
Mute This Topic: https://lists.openembedded.org/mt/101333469/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] libnl: upgrade 3.7.0 -> 3.8.0

[wangmy]

From: Wang Mingyu 

Signed-off-by: Wang Mingyu 
---
 meta/recipes-support/libnl/{libnl_3.7.0.bb => libnl_3.8.0.bb} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-support/libnl/{libnl_3.7.0.bb => libnl_3.8.0.bb} (96%)

diff --git a/meta/recipes-support/libnl/libnl_3.7.0.bb 
b/meta/recipes-support/libnl/libnl_3.8.0.bb
similarity index 96%
rename from meta/recipes-support/libnl/libnl_3.7.0.bb
rename to meta/recipes-support/libnl/libnl_3.8.0.bb
index 38d21ffe9c..28b2e5733e 100644
--- a/meta/recipes-support/libnl/libnl_3.7.0.bb
+++ b/meta/recipes-support/libnl/libnl_3.8.0.bb
@@ -18,7 +18,7 @@ SRC_URI = 
"${GITHUB_BASE_URI}/download/${BPN}${@d.getVar('PV').replace('.','_')}
file://run-ptest \
"
 
-SRC_URI[sha256sum] = 
"9fe43ccbeeea72c653bdcf8c93332583135cda46a79507bfd0a483bb57f65939"
+SRC_URI[sha256sum] = 
"bb726c6d7a08b121978d73ff98425bf313fa26a27a331d465e4f1d7ec5b838c6"
 
 GITHUB_BASE_URI = "https://github.com/thom311/${BPN}/releases;
 UPSTREAM_CHECK_REGEX = "releases/tag/libnl(?P.+)"
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187567): 
https://lists.openembedded.org/g/openembedded-core/message/187567
Mute This Topic: https://lists.openembedded.org/mt/101333464/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][PATCH] libinput: upgrade 1.23.0 -> 1.24.0

[wangmy]

From: Wang Mingyu 

Signed-off-by: Wang Mingyu 
---
 .../wayland/{libinput_1.23.0.bb => libinput_1.24.0.bb}  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-graphics/wayland/{libinput_1.23.0.bb => 
libinput_1.24.0.bb} (97%)

diff --git a/meta/recipes-graphics/wayland/libinput_1.23.0.bb 
b/meta/recipes-graphics/wayland/libinput_1.24.0.bb
similarity index 97%
rename from meta/recipes-graphics/wayland/libinput_1.23.0.bb
rename to meta/recipes-graphics/wayland/libinput_1.24.0.bb
index b83d5fdb43..49a1da2b22 100644
--- a/meta/recipes-graphics/wayland/libinput_1.23.0.bb
+++ b/meta/recipes-graphics/wayland/libinput_1.24.0.bb
@@ -15,7 +15,7 @@ DEPENDS = "libevdev udev mtdev libcheck"
 SRC_URI = 
"git://gitlab.freedesktop.org/libinput/libinput.git;protocol=https;branch=main \
file://run-ptest \
"
-SRCREV = "0b005eb64b12603e65a620a77c67ec62fd03f413"
+SRCREV = "1680f2fbaa63a91739012c6b57988ab1918ea0b7"
 S = "${WORKDIR}/git"
 
 UPSTREAM_CHECK_REGEX = "libinput-(?P\d+\.\d+\.(?!9\d+)\d+)"
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187566): 
https://lists.openembedded.org/g/openembedded-core/message/187566
Mute This Topic: https://lists.openembedded.org/mt/101333460/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] kexec-tools: upgrade 2.0.26 -> 2.0.27

[wangmy]

From: Wang Mingyu 

Changelog:

arm64: Hook up the ZBOOT support as vmlinuz
arm64: Add ZBOOT PE containing compressed image support
kexec/zboot: Add arch independent zboot support
kexec: Introduce a member kernel_fd in kexec_info
kexec/arm64: Simplify the code for zImage
LoongArch: kdump: Set up kernel image segment
kexec: __NR_kexec_file_load is set to undefined on LoongArch
ppc64: Add elf-ppc64 file types/options and an arch specific flag to man page
x86: add devicetree support
kexec: make -a the default
ppc64: add --reuse-cmdline parameter support

Signed-off-by: Wang Mingyu 
---
 .../kexec/{kexec-tools_2.0.26.bb => kexec-tools_2.0.27.bb}  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-kernel/kexec/{kexec-tools_2.0.26.bb => 
kexec-tools_2.0.27.bb} (97%)

diff --git a/meta/recipes-kernel/kexec/kexec-tools_2.0.26.bb 
b/meta/recipes-kernel/kexec/kexec-tools_2.0.27.bb
similarity index 97%
rename from meta/recipes-kernel/kexec/kexec-tools_2.0.26.bb
rename to meta/recipes-kernel/kexec/kexec-tools_2.0.27.bb
index 11a3c4f47e..9b9864da9a 100644
--- a/meta/recipes-kernel/kexec/kexec-tools_2.0.26.bb
+++ b/meta/recipes-kernel/kexec/kexec-tools_2.0.27.bb
@@ -19,7 +19,7 @@ SRC_URI = 
"${KERNELORG_MIRROR}/linux/utils/kernel/kexec/kexec-tools-${PV}.tar.gz

file://0001-arm64-kexec-disabled-check-if-kaslr-seed-dtb-propert.patch \
"
 
-SRC_URI[sha256sum] = 
"89bdd941542c64fec16311858df304ed3a3908c1a60874d69df5d9bf1611e062"
+SRC_URI[sha256sum] = 
"410f89057d1f4cd2b0477b6c2035ec2c52e21c185e90742bbae8b4f78a7077a5"
 
 inherit autotools update-rc.d systemd
 
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187565): 
https://lists.openembedded.org/g/openembedded-core/message/187565
Mute This Topic: https://lists.openembedded.org/mt/101333448/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] iproute2: upgrade 6.4.0 -> 6.5.0

[wangmy]

From: Wang Mingyu 

0001-bridge-mdb.c-include-limits.h.patch
removed since it's included in 6.5.0

Signed-off-by: Wang Mingyu 
---
 .../0001-bridge-mdb.c-include-limits.h.patch  | 41 ---
 .../{iproute2_6.4.0.bb => iproute2_6.5.0.bb}  |  3 +-
 2 files changed, 1 insertion(+), 43 deletions(-)
 delete mode 100644 
meta/recipes-connectivity/iproute2/iproute2/0001-bridge-mdb.c-include-limits.h.patch
 rename meta/recipes-connectivity/iproute2/{iproute2_6.4.0.bb => 
iproute2_6.5.0.bb} (95%)

diff --git 
a/meta/recipes-connectivity/iproute2/iproute2/0001-bridge-mdb.c-include-limits.h.patch
 
b/meta/recipes-connectivity/iproute2/iproute2/0001-bridge-mdb.c-include-limits.h.patch
deleted file mode 100644
index f9a0e35d83..00
--- 
a/meta/recipes-connectivity/iproute2/iproute2/0001-bridge-mdb.c-include-limits.h.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From b13f04c0c685b6d2474aa7d97e191531f327bc45 Mon Sep 17 00:00:00 2001
-From: Trevor Gamblin 
-Date: Thu, 20 Jul 2023 14:32:23 -0400
-Subject: [PATCH] bridge/mdb.c: include limits.h
-
-Upstream-Status: Submitted
-(https://lore.kernel.org/netdev/20230720203726.2316251-1-tgamb...@baylibre.com/)
-
-While building iproute2 6.4.0 with musl using Yocto Project, errors such
-as the following were encountered:
-
-| mdb.c: In function 'mdb_parse_vni':
-| mdb.c:666:47: error: 'ULONG_MAX' undeclared (first use in this function)
-|   666 | if ((endptr && *endptr) || vni_num == ULONG_MAX)
-|   |   ^
-| mdb.c:666:47: note: 'ULONG_MAX' is defined in header ''; did you 
forget to '#include '?
-
-Include limits.h in bridge/mdb.c to fix this issue. This change is based
-on one in Alpine Linux, but the author there had no plans to submit:
-https://git.alpinelinux.org/aports/commit/main/iproute2/include.patch?id=bd46efb8a8da54948639cebcfa5b37bd608f1069
-
-Signed-off-by: Trevor Gamblin 

- bridge/mdb.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/bridge/mdb.c b/bridge/mdb.c
-index fbb4f704..18793458 100644
 a/bridge/mdb.c
-+++ b/bridge/mdb.c
-@@ -15,6 +15,7 @@
- #include 
- #include 
- #include 
-+#include 
- 
- #include "libnetlink.h"
- #include "utils.h"
--- 
-2.41.0
-
diff --git a/meta/recipes-connectivity/iproute2/iproute2_6.4.0.bb 
b/meta/recipes-connectivity/iproute2/iproute2_6.5.0.bb
similarity index 95%
rename from meta/recipes-connectivity/iproute2/iproute2_6.4.0.bb
rename to meta/recipes-connectivity/iproute2/iproute2_6.5.0.bb
index 32e2f8176b..db46c8317a 100644
--- a/meta/recipes-connectivity/iproute2/iproute2_6.4.0.bb
+++ b/meta/recipes-connectivity/iproute2/iproute2_6.5.0.bb
@@ -13,10 +13,9 @@ DEPENDS = "flex-native bison-native iptables libcap"
 
 SRC_URI = "${KERNELORG_MIRROR}/linux/utils/net/${BPN}/${BP}.tar.xz \
file://0001-libc-compat.h-add-musl-workaround.patch \
-   file://0001-bridge-mdb.c-include-limits.h.patch \
"
 
-SRC_URI[sha256sum] = 
"4c51b8decbc7e4da159ffb066f590cfb93dbf9af7ff86b1647ce42b7c179a272"
+SRC_URI[sha256sum] = 
"a70179085fa1b96d3c33b040c809b75e2b57563adc505a4ad05e2609df373463"
 
 inherit update-alternatives bash-completion pkgconfig
 
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187564): 
https://lists.openembedded.org/g/openembedded-core/message/187564
Mute This Topic: https://lists.openembedded.org/mt/101333445/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] harfbuzz: upgrade 8.1.1 -> 8.2.0

[wangmy]

From: Wang Mingyu 

Changelog:
==
- Various build and fuzzing fixes
- Improvements to COLRv1 painting.

- New API:
+hb_paint_color_glyph_func_t
+hb_paint_funcs_set_color_glyph_func
+hb_paint_color_glyph

Signed-off-by: Wang Mingyu 
---
 .../harfbuzz/{harfbuzz_8.1.1.bb => harfbuzz_8.2.0.bb}   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-graphics/harfbuzz/{harfbuzz_8.1.1.bb => harfbuzz_8.2.0.bb} 
(95%)

diff --git a/meta/recipes-graphics/harfbuzz/harfbuzz_8.1.1.bb 
b/meta/recipes-graphics/harfbuzz/harfbuzz_8.2.0.bb
similarity index 95%
rename from meta/recipes-graphics/harfbuzz/harfbuzz_8.1.1.bb
rename to meta/recipes-graphics/harfbuzz/harfbuzz_8.2.0.bb
index 9422db2005..1e60844204 100644
--- a/meta/recipes-graphics/harfbuzz/harfbuzz_8.1.1.bb
+++ b/meta/recipes-graphics/harfbuzz/harfbuzz_8.2.0.bb
@@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = 
"file://COPYING;md5=b98429b8e8e3c2a67cfef01e99e4893d \
 "
 
 SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/${BPN}-${PV}.tar.xz"
-SRC_URI[sha256sum] = 
"0305ad702e11906a5fc0c1ba11c270b7f64a8f5390d676aacfd71db129d6565f"
+SRC_URI[sha256sum] = 
"8cb7117a62f42d5ad25d4a697e1bbfc65933b3eed2ee7f247203c79c9f1b514c"
 
 DEPENDS += "glib-2.0-native"
 
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187563): 
https://lists.openembedded.org/g/openembedded-core/message/187563
Mute This Topic: https://lists.openembedded.org/mt/101333433/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] dnf: upgrade 4.16.1 -> 4.17.0

[wangmy]

From: Wang Mingyu 

0001-dnf-write-the-log-lock-to-root.patch
refreshed for 4.17.0

Changelog:
===
-crypto: Use libdnf crypto API instead of using GnuPG/GpgME
-Reprotect dnf, unprotect python3-dnf
-Block signals during RPM transaction processing
-Fix bash completion due to sqlite changes
-automatic: allow use of STARTTLS/TLS
-automatic: use email_port specified in config
-Document symbols in dnf history list output
-dnf-data: depend on /etc/dnf/dnf.conf, not libdnf5
-Update repo metadata cache pattern to include zstd
-typo in doc/command_ref.rst
-Add provide exception handling
-Support lists of KVP in kwargs when calling add_new_repo
-python3-dnf: Provide /usr/bin/dnf4 symlink to /usr/bin/dnf-3

Signed-off-by: Wang Mingyu 
---
 .../dnf/dnf/0001-dnf-write-the-log-lock-to-root.patch  | 7 ---
 meta/recipes-devtools/dnf/{dnf_4.16.1.bb => dnf_4.17.0.bb} | 2 +-
 2 files changed, 5 insertions(+), 4 deletions(-)
 rename meta/recipes-devtools/dnf/{dnf_4.16.1.bb => dnf_4.17.0.bb} (98%)

diff --git 
a/meta/recipes-devtools/dnf/dnf/0001-dnf-write-the-log-lock-to-root.patch 
b/meta/recipes-devtools/dnf/dnf/0001-dnf-write-the-log-lock-to-root.patch
index 21b50dee01..eb0309d81a 100644
--- a/meta/recipes-devtools/dnf/dnf/0001-dnf-write-the-log-lock-to-root.patch
+++ b/meta/recipes-devtools/dnf/dnf/0001-dnf-write-the-log-lock-to-root.patch
@@ -1,4 +1,4 @@
-From 5e07c16a506b19cbb107d5e99fca41d679b23b9a Mon Sep 17 00:00:00 2001
+From 3bd0faf58cc9ad531e6b63d5660c4b8316e8daed Mon Sep 17 00:00:00 2001
 From: Alexander Kanavin 
 Date: Tue, 28 Apr 2020 15:55:00 +0200
 Subject: [PATCH] dnf: write the log lock to root
@@ -10,15 +10,16 @@ already existing, and base-files creating it as a symlink).
 
 Upstream-Status: Inappropriate [oe-core specific]
 Signed-off-by: Alexander Kanavin 
+
 ---
  dnf/logging.py | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/dnf/logging.py b/dnf/logging.py
-index bd660470..a9d808b1 100644
+index ef0b25f3..94610af6 100644
 --- a/dnf/logging.py
 +++ b/dnf/logging.py
-@@ -94,7 +94,7 @@ class 
MultiprocessRotatingFileHandler(logging.handlers.RotatingFileHandler):
+@@ -118,7 +118,7 @@ class 
MultiprocessRotatingFileHandler(logging.handlers.RotatingFileHandler):
  def __init__(self, filename, mode='a', maxBytes=0, backupCount=0, 
encoding=None, delay=False):
  super(MultiprocessRotatingFileHandler, self).__init__(
  filename, mode, maxBytes, backupCount, encoding, delay)
diff --git a/meta/recipes-devtools/dnf/dnf_4.16.1.bb 
b/meta/recipes-devtools/dnf/dnf_4.17.0.bb
similarity index 98%
rename from meta/recipes-devtools/dnf/dnf_4.16.1.bb
rename to meta/recipes-devtools/dnf/dnf_4.17.0.bb
index 9134411fa9..ec4e48d68b 100644
--- a/meta/recipes-devtools/dnf/dnf_4.16.1.bb
+++ b/meta/recipes-devtools/dnf/dnf_4.17.0.bb
@@ -19,7 +19,7 @@ SRC_URI = 
"git://github.com/rpm-software-management/dnf.git;branch=master;protoc
 
 SRC_URI:append:class-native = 
"file://0001-dnf-write-the-log-lock-to-root.patch"
 
-SRCREV = "94b7cc7956580405b219329541d6b40db6499cf1"
+SRCREV = "a31687c169095de1acb5c0a3762bf78993661776"
 UPSTREAM_CHECK_GITTAGREGEX = "(?P\d+(\.\d+)+)"
 
 S = "${WORKDIR}/git"
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187562): 
https://lists.openembedded.org/g/openembedded-core/message/187562
Mute This Topic: https://lists.openembedded.org/mt/101333422/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] debianutils: upgrade 5.8 -> 5.12

[wangmy]

From: Wang Mingyu 

Changelog:
===
  * d/control:
- Add myself as maintainer and Niels Thykier as uploader
- Bump standards version from 4.6.0 to 4.6.2.
  * d/prerm: Make script executable.
  * d/postinst: Use 'set -e' in the body of the script.
  * d/tests/smoke: Use 'set -e' in the body of the script.
  * d/source/lintian-overrides: Ignore upstream metadata warning for Debian
native package.
  * ischroot.c: Add missing newline in version output.
  * ischroot.1: Fix to say detection is possible for exit status 0.
  * postinst: Remove the bogus links that were created in 5.9 and 5.10
  * On non-usrmerged systems, correct run-parts/tmpfile links
  * ischroot: Do not claim it does not run as non-root
  * Align the cron file regex with the documentation
  * debian/postinst: add DPKG_ROOT prefix to paths in usrmerge()
  * Partial translation of which(1) into hungarian
  * Run autoreconf during the build
  * Drop obsolete dpkg-gencontrol flag -isp
  * Drop unnecessary CI config file
  * Revert the package to be format 3.0 (native)
  * Update /etc/shells micropolicy to recommend declarative use
  * Correct manpage macros
  * Update German manpage translation
  * Update Portuguese manpage translation
  * Modify post{inst,rm} in order to comply with UsrMerge

Signed-off-by: Wang Mingyu 
---
 .../debianutils/{debianutils_5.8.bb => debianutils_5.12.bb} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-support/debianutils/{debianutils_5.8.bb => 
debianutils_5.12.bb} (97%)

diff --git a/meta/recipes-support/debianutils/debianutils_5.8.bb 
b/meta/recipes-support/debianutils/debianutils_5.12.bb
similarity index 97%
rename from meta/recipes-support/debianutils/debianutils_5.8.bb
rename to meta/recipes-support/debianutils/debianutils_5.12.bb
index fb17d2d24f..4002a44cdb 100644
--- a/meta/recipes-support/debianutils/debianutils_5.8.bb
+++ b/meta/recipes-support/debianutils/debianutils_5.12.bb
@@ -11,7 +11,7 @@ LIC_FILES_CHKSUM = 
"file://debian/copyright;md5=74765f57ae5dd2b10ffbc39528d98753
 SRC_URI = 
"git://salsa.debian.org/debian/debianutils.git;protocol=https;branch=master \
"
 
-SRCREV = "69116b856177ceb270908103b5776f897d2863c3"
+SRCREV = "78bdc9165504b61ff4ea25a95d9865c45bfe7520"
 
 inherit autotools update-alternatives
 
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187561): 
https://lists.openembedded.org/g/openembedded-core/message/187561
Mute This Topic: https://lists.openembedded.org/mt/101333418/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] dbus: upgrade 1.14.8 -> 1.14.10

[wangmy]

From: Wang Mingyu 

Changelog:
===
• Avoid a dbus-daemon crash if re-creating a connection's policy fails.

• If getting the groups from a user ID fails, report the error correctly,
  instead of logging "(null)"

• Return the primary group ID in GetConnectionCredentials()' UnixGroupIDs
  field for processes with a valid-but-empty supplementary group list

Signed-off-by: Wang Mingyu 
---
 meta/recipes-core/dbus/{dbus_1.14.8.bb => dbus_1.14.10.bb} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-core/dbus/{dbus_1.14.8.bb => dbus_1.14.10.bb} (98%)

diff --git a/meta/recipes-core/dbus/dbus_1.14.8.bb 
b/meta/recipes-core/dbus/dbus_1.14.10.bb
similarity index 98%
rename from meta/recipes-core/dbus/dbus_1.14.8.bb
rename to meta/recipes-core/dbus/dbus_1.14.10.bb
index 2dcbadd50b..2a256beabf 100644
--- a/meta/recipes-core/dbus/dbus_1.14.8.bb
+++ b/meta/recipes-core/dbus/dbus_1.14.10.bb
@@ -16,7 +16,7 @@ SRC_URI = 
"https://dbus.freedesktop.org/releases/dbus/dbus-${PV}.tar.xz \
file://dbus-1.init \
"
 
-SRC_URI[sha256sum] = 
"a6bd5bac5cf19f0c3c594bdae2565a095696980a683a0ef37cb6212e093bde35"
+SRC_URI[sha256sum] = 
"ba1f21d2bd9d339da2d4aa8780c09df32fea87998b73da24f49ab9df1e36a50f"
 
 EXTRA_OECONF = "--disable-xml-docs \
 --disable-doxygen-docs \
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187560): 
https://lists.openembedded.org/g/openembedded-core/message/187560
Mute This Topic: https://lists.openembedded.org/mt/101333411/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] coreutils: upgrade 9.3 -> 9.4

[wangmy]

From: Wang Mingyu 

stdlib-mb-cur-max.patch
removed since it's included in 9.4.

Changelog:
==
** Bug fixes

  On GNU/Linux s390x and alpha, programs like 'cp' and 'ls' no longer
  fail on files with inode numbers that do not fit into 32 bits.

  'b2sum --check' will no longer read unallocated memory when
  presented with malformed checksum lines.

  'cp --parents' again succeeds when preserving mode for absolute directories.

  'cp --sparse=never' will avoid copy-on-write (reflinking) and copy offloading,
  to ensure no holes present in the destination copy.

  cksum again diagnoses read errors in its default CRC32 mode.

  'cksum --check' now ensures filenames with a leading backslash character
  are escaped appropriately in the status output.

  dd again supports more than two multipliers for numbers.
  Previously numbers of the form '1024x1024x32' gave "invalid number" errors.

  factor, numfmt, and tsort now diagnose read errors on the input.

  'install --strip' now supports installing to files with a leading hyphen.
  Previously such file names would have caused the strip process to fail.

  ls now shows symlinks specified on the command line that can't be traversed.
  Previously a "Too many levels of symbolic links" diagnostic was given.

  pinky, uptime, users, and who no longer misbehave on 32-bit GNU/Linux
  platforms like x86 and ARM where time_t was historically 32 bits.

  'pr --length=1 --double-space' no longer enters an infinite loop.

  shred again operates on Solaris when built for 64 bits.
  Previously it would have exited with a "getrandom: Invalid argument" error.

  tac now handles short reads on its input.  Previously it may have exited
  erroneously, especially with large input files with no separators.

  'uptime' no longer incorrectly prints "0 users" on OpenBSD,
  and is being built again on FreeBSD and Haiku.

  'wc -l' and 'cksum' no longer crash with an "Illegal instruction" error
  on x86 Linux kernels that disable XSAVE YMM.  This was seen on Xen VMs.

** Changes in behavior
---
  'cp -v' and 'mv -v' will no longer output a message for each file skipped
  due to -i, or -u.  Instead they only output this information with --debug.

  'cksum -b' no longer prints base64-encoded checksums.

  'mv dir x' now complains differently if x/dir is a nonempty directory.

** Improvements
---
  cp, mv, and install now avoid copy_file_range on linux kernels before 5.3
  irrespective of which kernel version coreutils is built against,
  reinstating that behavior from coreutils-9.0.

  comm, cut, join, od, and uniq will now exit immediately upon receiving a
  write error, which is significant when reading large / unbounded inputs.

  split now uses more tuned access patterns for its potentially large input.
  This was seen to improve throughput by 5% when reading from SSD.

  split now supports a configurable $TMPDIR for handling any temporary files.

  tac now falls back to '/tmp' if a configured $TMPDIR is unavailable.

  'who -a' now displays the boot time on Alpine Linux, OpenBSD,
  Cygwin, Haiku, and some Android distributions

  'uptime' now succeeds on some Android distributions, and now counts
  VM saved/sleep time on GNU (Linux, Hurd, kFreeBSD), NetBSD, OpenBSD,
  Minix, and Cygwin.

  On GNU/Linux platforms where utmp-format files have 32-bit timestamps,
  pinky, uptime, and who can now work for times after the year 2038,
  so long as systemd is installed, you configure with a new, experimental
  option --enable-systemd, and you use the programs without file arguments.
  (For example, with systemd 'who /var/log/wtmp' does not work because
  systemd does not support the equivalent of /var/log/wtmp.)

Signed-off-by: Wang Mingyu 
---
 .../coreutils/stdlib-mb-cur-max.patch | 33 ---
 .../{coreutils_9.3.bb => coreutils_9.4.bb}|  3 +-
 2 files changed, 1 insertion(+), 35 deletions(-)
 delete mode 100644 
meta/recipes-core/coreutils/coreutils/stdlib-mb-cur-max.patch
 rename meta/recipes-core/coreutils/{coreutils_9.3.bb => coreutils_9.4.bb} (98%)

diff --git a/meta/recipes-core/coreutils/coreutils/stdlib-mb-cur-max.patch 
b/meta/recipes-core/coreutils/coreutils/stdlib-mb-cur-max.patch
deleted file mode 100644
index 732fa5b6f2..00
--- a/meta/recipes-core/coreutils/coreutils/stdlib-mb-cur-max.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-Upstream-Status: Backport
-Signed-off-by: Ross Burton 
-
-From ca6c179226864bff23f2b062518cf885bb42ce56 Mon Sep 17 00:00:00 2001
-From: Bruno Haible 
-Date: Thu, 27 Apr 2023 15:26:37 +0200
-Subject: [PATCH] stdlib: Fix error when cross-compiling.
-
-Reported by Pierre Labastie  in
-.
-
-* m4/stdlib_h.m4 (gl_STDLIB_H): Provide a 4th argument to AC_RUN_IFELSE.

- ChangeLog  | 7 +++
- m4/stdlib_h.m4 | 4 ++--
- 2 files changed, 9 insertions(+), 2 deletions(-)
-
-diff --git a/m4/stdlib_h.m4 

[OE-core] [PATCH] btrfs-tools: upgrade 6.3.3 -> 6.5

[wangmy]

From: Wang Mingyu 

Changelog:

* crc32c implementation speedup (3x)
* btrfstune:
   * be more strict about option combinations and refuse changing
 features from incompatible groups
   * metadata_uuid changes fixes
* libbtrfs: fix ABI breakage introduced in 6.3.1, revert struct subvol_info
  and subvol_uuid_search changes
* CI updates
   * pull request build tests enabled
   * published static binaries built with backward compatibility (-march=x86-64)
* other
   * documentation updates
   * new and updated tests
   * experimental feature updates (json, list-chunks, checksum switch)
   * code refactoring
   * remove btrfs-fragments

Signed-off-by: Wang Mingyu 
---
 .../btrfs-tools/{btrfs-tools_6.3.3.bb => btrfs-tools_6.5.bb}| 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-devtools/btrfs-tools/{btrfs-tools_6.3.3.bb => 
btrfs-tools_6.5.bb} (98%)

diff --git a/meta/recipes-devtools/btrfs-tools/btrfs-tools_6.3.3.bb 
b/meta/recipes-devtools/btrfs-tools/btrfs-tools_6.5.bb
similarity index 98%
rename from meta/recipes-devtools/btrfs-tools/btrfs-tools_6.3.3.bb
rename to meta/recipes-devtools/btrfs-tools/btrfs-tools_6.5.bb
index e7a64e8363..984966bbd4 100644
--- a/meta/recipes-devtools/btrfs-tools/btrfs-tools_6.3.3.bb
+++ b/meta/recipes-devtools/btrfs-tools/btrfs-tools_6.5.bb
@@ -18,7 +18,7 @@ DEPENDS = "util-linux zlib"
 SRC_URI = 
"git://git.kernel.org/pub/scm/linux/kernel/git/kdave/btrfs-progs.git;branch=master;protocol=https
 \

file://0001-Add-a-possibility-to-specify-where-python-modules-ar.patch \
"
-SRCREV = "bb0ca35245858f17a6ced97aade1dd8d70f9c9d7"
+SRCREV = "f7ecc34555b4793573c9e3fc5f77cc8aab63fcc1"
 S = "${WORKDIR}/git"
 
 PACKAGECONFIG ??= " \
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187558): 
https://lists.openembedded.org/g/openembedded-core/message/187558
Mute This Topic: https://lists.openembedded.org/mt/101333402/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] at-spi2-core: upgrade 2.48.3 -> 2.48.4

[wangmy]

From: Wang Mingyu 

Changelog:
=
* Add atspi_get_version() to return the runtime version of the AT-SPI library.
* collection: Fix match testing for attributes.
* collection: Avoid locking up if an object has a very large child count
* Fix possible NULL pointer dereference when deregistering an event listener.
* Various fixes for the new key grabbing API.

Signed-off-by: Wang Mingyu 
---
 .../atk/{at-spi2-core_2.48.3.bb => at-spi2-core_2.48.4.bb}  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-support/atk/{at-spi2-core_2.48.3.bb => 
at-spi2-core_2.48.4.bb} (95%)

diff --git a/meta/recipes-support/atk/at-spi2-core_2.48.3.bb 
b/meta/recipes-support/atk/at-spi2-core_2.48.4.bb
similarity index 95%
rename from meta/recipes-support/atk/at-spi2-core_2.48.3.bb
rename to meta/recipes-support/atk/at-spi2-core_2.48.4.bb
index 17b0e39a5e..0f355d8af7 100644
--- a/meta/recipes-support/atk/at-spi2-core_2.48.3.bb
+++ b/meta/recipes-support/atk/at-spi2-core_2.48.4.bb
@@ -11,7 +11,7 @@ MAJ_VER = "${@oe.utils.trim_version("${PV}", 2)}"
 
 SRC_URI = "${GNOME_MIRROR}/${BPN}/${MAJ_VER}/${BPN}-${PV}.tar.xz"
 
-SRC_URI[sha256sum] = 
"37316df43ca9989ce539d54cf429a768c28bb38a0b34950beadd0421827edf55"
+SRC_URI[sha256sum] = 
"29ecb12992e8339675f5d755c8735ea3ea298379cfa2c93fde96bee5dc57a515"
 
 DEPENDS = " \
dbus \
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187557): 
https://lists.openembedded.org/g/openembedded-core/message/187557
Mute This Topic: https://lists.openembedded.org/mt/101333400/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] alsa-ucm-conf: upgrade 1.2.9 -> 1.2.10

[wangmy]

From: Wang Mingyu 

Changelog:
===
Fix symver build error on non-ELF platforms
doxygen: include docs for shmarea functions
doxygen: silence warning from asoundlib.h
doxygen: global: silence 'not documented' warnings
doxygen: Fix missing group end markers
configure: add AC_SYS_LARGEFILE
seq: Add UMP 1.1 features
seq: Add UMP support
ump: Add helpers to parse / set UMP packet data
control: Add UMP Endpoint and Block info query support
control: Add UMP device query support
ump: Add initial support
include: fix SND_DLSYM_BUILD_VERSION() for static build

Signed-off-by: Wang Mingyu 
---
 .../alsa/{alsa-ucm-conf_1.2.9.bb => alsa-ucm-conf_1.2.10.bb}| 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-multimedia/alsa/{alsa-ucm-conf_1.2.9.bb => 
alsa-ucm-conf_1.2.10.bb} (89%)

diff --git a/meta/recipes-multimedia/alsa/alsa-ucm-conf_1.2.9.bb 
b/meta/recipes-multimedia/alsa/alsa-ucm-conf_1.2.10.bb
similarity index 89%
rename from meta/recipes-multimedia/alsa/alsa-ucm-conf_1.2.9.bb
rename to meta/recipes-multimedia/alsa/alsa-ucm-conf_1.2.10.bb
index 073e3b0900..f4fd284db8 100644
--- a/meta/recipes-multimedia/alsa/alsa-ucm-conf_1.2.9.bb
+++ b/meta/recipes-multimedia/alsa/alsa-ucm-conf_1.2.10.bb
@@ -8,7 +8,7 @@ LICENSE = "BSD-3-Clause"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=20d74d74db9741697903372ad001d3b4"
 
 SRC_URI = "https://www.alsa-project.org/files/pub/lib/${BP}.tar.bz2;
-SRC_URI[sha256sum] = 
"374f6833bfd77d0a4675e4aa2bfb79defe850e5a46a5d4542a45962f4b9e272a"
+SRC_URI[sha256sum] = 
"9c21e3f01ff00baa758df17e867cd36e24ebb41a6bec49737e99105e16f2ae97"
 # Something went wrong at upstream tarballing
 
 inherit allarch
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187556): 
https://lists.openembedded.org/g/openembedded-core/message/187556
Mute This Topic: https://lists.openembedded.org/mt/10196/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH] bitbake: fetch2: git: revert path checks

[Mikko Rapeli]

Hi,

Sorry, wrong list.

Cheers,

-Mikko

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187555): 
https://lists.openembedded.org/g/openembedded-core/message/187555
Mute This Topic: https://lists.openembedded.org/mt/101333061/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] bitbake: fetch2: git: revert path checks

[Mikko Rapeli]

Commit 10f38157a069cb6938323cadd5e523037a29ace9
triggers re-clones of uptodate repositories when their
access path changes. This is wrong. It is enough that
needed commits are found from the git repo. For example
when same DL_DIR is accessed using two different paths
due to a symlink, then the resulting absolute paths will
differ but the content is the same. Trust the content.

Avoids extra downloads of large repositories like linux-yocto
for kernel when the local cache was already uptodate.

Signed-off-by: Mikko Rapeli 
---
 bitbake/lib/bb/fetch2/git.py | 14 +-
 1 file changed, 1 insertion(+), 13 deletions(-)

diff --git a/bitbake/lib/bb/fetch2/git.py b/bitbake/lib/bb/fetch2/git.py
index e11271b757..0c547ea303 100644
--- a/bitbake/lib/bb/fetch2/git.py
+++ b/bitbake/lib/bb/fetch2/git.py
@@ -371,19 +371,7 @@ class Git(FetchMethod):
 # The directory may exist, but not be the top level of a bare git
 # repository in which case it needs to be deleted and re-cloned.
 try:
-# Since clones can be bare, use --absolute-git-dir instead of 
--show-toplevel
-output = runfetchcmd("LANG=C %s rev-parse --absolute-git-dir" 
% ud.basecmd, d, workdir=ud.clonedir)
-
-toplevel = os.path.abspath(output.rstrip())
-abs_clonedir = os.path.abspath(ud.clonedir).rstrip('/')
-# The top level Git directory must either be the clone 
directory
-# or a child of the clone directory. Any ancestor directory of
-# the clone directory is not valid as the Git directory (and
-# probably belongs to some other unrelated repository), so a
-# clone is required
-if os.path.commonprefix([abs_clonedir, toplevel]) != 
abs_clonedir:
-logger.warning("Top level directory '%s' doesn't match 
expected '%s'. Re-cloning", toplevel, ud.clonedir)
-needs_clone = True
+runfetchcmd("LANG=C %s rev-parse --absolute-git-dir" % 
ud.basecmd, d, workdir=ud.clonedir)
 except bb.fetch2.FetchError as e:
 logger.warning("Unable to get top level for %s (not a git 
directory?): %s", ud.clonedir, e)
 needs_clone = True
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187554): 
https://lists.openembedded.org/g/openembedded-core/message/187554
Mute This Topic: https://lists.openembedded.org/mt/101333061/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][mickledore][PATCH 2/2] qemu: fix CVE-2023-0330

[Urade, Yogita via lists.openembedded.org]

From: Yogita Urade 

A DMA-MMIO reentrancy problem may lead to memory corruption bugs
like stack overflow or use-after-free.

Summary of the problem from Peter Maydell:
https://lore.kernel.org/qemu-devel/cafeaca_23vc7he3iam-jva6w38lk4hjowae5kcknhprd5fp...@mail.gmail.com

Reference:
https://gitlab.com/qemu-project/qemu/-/issues/556

qemu.git$ git log --no-merges --oneline   --grep CVE-2023-0330
b987718bbb hw/scsi/lsi53c895a: Fix reentrancy issues in the LSI controller 
(CVE-2023-0330)
a2e1753b80 memory: prevent dma-reentracy issues

Included second commit as well as commit log of a2e1753b80 says it
resolves CVE-2023-0330

Signed-off-by: Yogita Urade 
---
 meta/recipes-devtools/qemu/qemu.inc   |   3 +-
 ...23-0330.patch => CVE-2023-0330-0001.patch} |   0
 .../qemu/qemu/CVE-2023-0330-0002.patch| 136 ++
 3 files changed, 138 insertions(+), 1 deletion(-)
 rename meta/recipes-devtools/qemu/qemu/{CVE-2023-0330.patch => 
CVE-2023-0330-0001.patch} (100%)
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2023-0330-0002.patch

diff --git a/meta/recipes-devtools/qemu/qemu.inc 
b/meta/recipes-devtools/qemu/qemu.inc
index 2efe63cdc0..1a50e4d524 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -36,7 +36,8 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
file://qemu-guest-agent.init \
file://qemu-guest-agent.udev \
file://ppc.patch \
-  file://CVE-2023-0330.patch \
+  file://CVE-2023-0330-0001.patch \
+  file://CVE-2023-0330-0002.patch \
   file://CVE-2023-3301.patch \
   file://CVE-2023-3255.patch \
   file://CVE-2023-2861.patch \
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2023-0330.patch 
b/meta/recipes-devtools/qemu/qemu/CVE-2023-0330-0001.patch
similarity index 100%
rename from meta/recipes-devtools/qemu/qemu/CVE-2023-0330.patch
rename to meta/recipes-devtools/qemu/qemu/CVE-2023-0330-0001.patch
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2023-0330-0002.patch 
b/meta/recipes-devtools/qemu/qemu/CVE-2023-0330-0002.patch
new file mode 100644
index 00..a21b01bd25
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2023-0330-0002.patch
@@ -0,0 +1,136 @@
+From a2e1753b8054344f32cf94f31c6399a58794a380 Mon Sep 17 00:00:00 2001
+From: Alexander Bulekov 
+Date: Tue, 12 Sep 2023 10:49:46 +
+Subject: [PATCH] memory: prevent dma-reentracy issues
+
+Add a flag to the DeviceState, when a device is engaged in PIO/MMIO/DMA.
+This flag is set/checked prior to calling a device's MemoryRegion
+handlers, and set when device code initiates DMA.  The purpose of this
+flag is to prevent two types of DMA-based reentrancy issues:
+
+1.) mmio -> dma -> mmio case
+2.) bh -> dma write -> mmio case
+
+These issues have led to problems such as stack-exhaustion and
+use-after-frees.
+
+Summary of the problem from Peter Maydell:
+https://lore.kernel.org/qemu-devel/cafeaca_23vc7he3iam-jva6w38lk4hjowae5kcknhprd5fp...@mail.gmail.com
+
+Resolves: https://gitlab.com/qemu-project/qemu/-/issues/62
+Resolves: https://gitlab.com/qemu-project/qemu/-/issues/540
+Resolves: https://gitlab.com/qemu-project/qemu/-/issues/541
+Resolves: https://gitlab.com/qemu-project/qemu/-/issues/556
+Resolves: https://gitlab.com/qemu-project/qemu/-/issues/557
+Resolves: https://gitlab.com/qemu-project/qemu/-/issues/827
+Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1282
+Resolves: CVE-2023-0330
+
+Signed-off-by: Alexander Bulekov 
+Reviewed-by: Thomas Huth 
+Message-Id: <20230427211013.2994127-2-alx...@bu.edu>
+[thuth: Replace warn_report() with warn_report_once()]
+Signed-off-by: Thomas Huth 
+
+CVE: CVE-2023-0330
+
+Upstream-Status: Backport 
[https://gitlab.com/qemu-project/qemu/-/commit/a2e1753b8054344f32cf94f31c6399a58794a380]
+
+Signed-off-by: Yogita Urade 
+---
+ include/exec/memory.h  |  5 +
+ include/hw/qdev-core.h |  7 +++
+ softmmu/memory.c   | 16 
+ 3 files changed, 28 insertions(+)
+
+diff --git a/include/exec/memory.h b/include/exec/memory.h
+index 91f8a2395..124628ada 100644
+--- a/include/exec/memory.h
 b/include/exec/memory.h
+@@ -741,6 +741,8 @@ struct MemoryRegion {
+ bool is_iommu;
+ RAMBlock *ram_block;
+ Object *owner;
++/* owner as TYPE_DEVICE. Used for re-entrancy checks in MR access hotpath 
*/
++DeviceState *dev;
+
+ const MemoryRegionOps *ops;
+ void *opaque;
+@@ -765,6 +767,9 @@ struct MemoryRegion {
+ unsigned ioeventfd_nb;
+ MemoryRegionIoeventfd *ioeventfds;
+ RamDiscardManager *rdm; /* Only for RAM */
++
++/* For devices designed to perform re-entrant IO into their own IO MRs */
++bool disable_reentrancy_guard;
+ };
+
+ struct IOMMUMemoryRegion {
+diff --git a/include/hw/qdev-core.h b/include/hw/qdev-core.h
+index 785dd5a56..886f6bb79 100644
+--- a/include/hw/qdev-core.h
 b/include/hw/qdev-core.h
+@@ -162,6 +162,10 @@ struct NamedClockList {
+ 

[OE-core][mickledore][PATCH 1/2] qemu: fix CVE-2023-3354

[Urade, Yogita via lists.openembedded.org]

From: Yogita Urade 

A flaw was found in the QEMU built-in VNC server. When a client connects
to the VNC server, QEMU checks whether the current number of connections
crosses a certain threshold and if so, cleans up the previous connection.
If the previous connection happens to be in the handshake phase and fails,
QEMU cleans up the connection again, resulting in a NULL pointer dereference
issue. This could allow a remote unauthenticated client to cause a denial
of service.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2023-3354

Signed-off-by: Yogita Urade 
---
 meta/recipes-devtools/qemu/qemu.inc   |  1 +
 .../qemu/qemu/CVE-2023-3354.patch | 88 +++
 2 files changed, 89 insertions(+)
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2023-3354.patch

diff --git a/meta/recipes-devtools/qemu/qemu.inc 
b/meta/recipes-devtools/qemu/qemu.inc
index bc0d956e18..2efe63cdc0 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -40,6 +40,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
   file://CVE-2023-3301.patch \
   file://CVE-2023-3255.patch \
   file://CVE-2023-2861.patch \
+  file://CVE-2023-3354.patch \
"
 UPSTREAM_CHECK_REGEX = "qemu-(?P\d+(\.\d+)+)\.tar"
 
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2023-3354.patch 
b/meta/recipes-devtools/qemu/qemu/CVE-2023-3354.patch
new file mode 100644
index 00..b3958ecbf5
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2023-3354.patch
@@ -0,0 +1,88 @@
+From 10be627d2b5ec2d6b3dce045144aa739eef678b4 Mon Sep 17 00:00:00 2001
+From: Daniel P. Berrangé 
+Date: Tue, 12 Sep 2023 06:38:03 +
+Subject: [PATCH] io: remove io watch if TLS channel is closed during handshake
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The TLS handshake make take some time to complete, during which time an
+I/O watch might be registered with the main loop. If the owner of the
+I/O channel invokes qio_channel_close() while the handshake is waiting
+to continue the I/O watch must be removed. Failing to remove it will
+later trigger the completion callback which the owner is not expecting
+to receive. In the case of the VNC server, this results in a SEGV as
+vnc_disconnect_start() tries to shutdown a client connection that is
+already gone / NULL.
+
+CVE-2023-3354
+Reported-by: jiangyegen 
+Signed-off-by: Daniel P. Berrangé 
+
+CVE: CVE-2023-3354
+
+Upstream-Status: Backport 
[https://gitlab.com/qemu-project/qemu/-/commit/10be627d2b5ec2d6b3dce045144aa739eef678b4]
+
+Signed-off-by: Yogita Urade 
+---
+ include/io/channel-tls.h |  1 +
+ io/channel-tls.c | 18 --
+ 2 files changed, 13 insertions(+), 6 deletions(-)
+
+diff --git a/include/io/channel-tls.h b/include/io/channel-tls.h
+index 5672479e9..ccd510ade 100644
+--- a/include/io/channel-tls.h
 b/include/io/channel-tls.h
+@@ -48,6 +48,7 @@ struct QIOChannelTLS {
+ QIOChannel *master;
+ QCryptoTLSSession *session;
+ QIOChannelShutdown shutdown;
++guint hs_ioc_tag;
+ };
+
+ /**
+diff --git a/io/channel-tls.c b/io/channel-tls.c
+index 4ce890a53..17d73f02e 100644
+--- a/io/channel-tls.c
 b/io/channel-tls.c
+@@ -195,12 +195,13 @@ static void qio_channel_tls_handshake_task(QIOChannelTLS 
*ioc,
+ }
+
+ trace_qio_channel_tls_handshake_pending(ioc, status);
+-qio_channel_add_watch_full(ioc->master,
+-   condition,
+-   qio_channel_tls_handshake_io,
+-   data,
+-   NULL,
+-   context);
++ioc->hs_ioc_tag =
++qio_channel_add_watch_full(ioc->master,
++   condition,
++   qio_channel_tls_handshake_io,
++   data,
++   NULL,
++   context);
+ }
+ }
+
+@@ -215,6 +216,7 @@ static gboolean qio_channel_tls_handshake_io(QIOChannel 
*ioc,
+ QIOChannelTLS *tioc = QIO_CHANNEL_TLS(
+ qio_task_get_source(task));
+
++tioc->hs_ioc_tag = 0;
+ g_free(data);
+ qio_channel_tls_handshake_task(tioc, task, context);
+
+@@ -374,6 +376,10 @@ static int qio_channel_tls_close(QIOChannel *ioc,
+ {
+ QIOChannelTLS *tioc = QIO_CHANNEL_TLS(ioc);
+
++if (tioc->hs_ioc_tag) {
++g_clear_handle_id(>hs_ioc_tag, g_source_remove);
++}
++
+ return qio_channel_close(tioc->master, errp);
+ }
+
+--
+2.35.5
-- 
2.40.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187552): 
https://lists.openembedded.org/g/openembedded-core/message/187552
Mute This Topic: https://lists.openembedded.org/mt/101332758/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org

[OE-core] [PATCH 2/2] coreutils: Add config.h to ptest package

[Khem Raj]

This is needed by several tests during run on target

Fixes
grep: /usr/lib/coreutils/ptest/lib/config.h: No such file or directory
inotify-race.sh: skipped test: inotify is not supported

More tests are now passing

 
 Testsuite summary for GNU coreutils 9.4
 
 # TOTAL: 643
-# PASS:  509
-# SKIP:  131
+# PASS:  516
+# SKIP:  124

Signed-off-by: Khem Raj 
---
 meta/recipes-core/coreutils/coreutils_9.4.bb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/recipes-core/coreutils/coreutils_9.4.bb 
b/meta/recipes-core/coreutils/coreutils_9.4.bb
index 13a637baf86..e3e27e099d0 100644
--- a/meta/recipes-core/coreutils/coreutils_9.4.bb
+++ b/meta/recipes-core/coreutils/coreutils_9.4.bb
@@ -181,6 +181,7 @@ do_install_ptest () {
 sed -i 's/ginstall/install/g'  `grep -R ginstall ${D}${PTEST_PATH}/tests | 
awk -F: '{print $1}' | uniq`
 install -d ${D}${PTEST_PATH}/build-aux
 install ${S}/build-aux/test-driver ${D}${PTEST_PATH}/build-aux/
+install -Dm 0644 ${B}/lib/config.h ${D}${PTEST_PATH}/lib/config.h
 cp ${B}/Makefile ${D}${PTEST_PATH}/
 cp ${S}/init.cfg ${D}${PTEST_PATH}/
 cp -r ${B}/src ${D}${PTEST_PATH}/
-- 
2.42.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187551): 
https://lists.openembedded.org/g/openembedded-core/message/187551
Mute This Topic: https://lists.openembedded.org/mt/101332031/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 1/2] coreutils: Upgrade to 9.4

[Khem Raj]

Drop a backport which is already in 9.4

Signed-off-by: Khem Raj 
---
 .../coreutils/stdlib-mb-cur-max.patch | 33 ---
 .../{coreutils_9.3.bb => coreutils_9.4.bb}|  4 +--
 2 files changed, 1 insertion(+), 36 deletions(-)
 delete mode 100644 
meta/recipes-core/coreutils/coreutils/stdlib-mb-cur-max.patch
 rename meta/recipes-core/coreutils/{coreutils_9.3.bb => coreutils_9.4.bb} (98%)

diff --git a/meta/recipes-core/coreutils/coreutils/stdlib-mb-cur-max.patch 
b/meta/recipes-core/coreutils/coreutils/stdlib-mb-cur-max.patch
deleted file mode 100644
index 732fa5b6f23..000
--- a/meta/recipes-core/coreutils/coreutils/stdlib-mb-cur-max.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-Upstream-Status: Backport
-Signed-off-by: Ross Burton 
-
-From ca6c179226864bff23f2b062518cf885bb42ce56 Mon Sep 17 00:00:00 2001
-From: Bruno Haible 
-Date: Thu, 27 Apr 2023 15:26:37 +0200
-Subject: [PATCH] stdlib: Fix error when cross-compiling.
-
-Reported by Pierre Labastie  in
-.
-
-* m4/stdlib_h.m4 (gl_STDLIB_H): Provide a 4th argument to AC_RUN_IFELSE.

- ChangeLog  | 7 +++
- m4/stdlib_h.m4 | 4 ++--
- 2 files changed, 9 insertions(+), 2 deletions(-)
-
-diff --git a/m4/stdlib_h.m4 b/m4/stdlib_h.m4
-index 3274ea4948..f47c1eb37b 100644
 a/m4/stdlib_h.m4
-+++ b/m4/stdlib_h.m4
-@@ -66,7 +66,7 @@ int main ()
-   return result;
- }]])],
-   [gl_cv_macro_MB_CUR_MAX_good=yes],
--  [gl_cv_macro_MB_CUR_MAX_good=no]
-+  [gl_cv_macro_MB_CUR_MAX_good=no],
-   [:])
-   fi
- ])
--- 
-2.34.1
-
diff --git a/meta/recipes-core/coreutils/coreutils_9.3.bb 
b/meta/recipes-core/coreutils/coreutils_9.4.bb
similarity index 98%
rename from meta/recipes-core/coreutils/coreutils_9.3.bb
rename to meta/recipes-core/coreutils/coreutils_9.4.bb
index 83b78d075f8..13a637baf86 100644
--- a/meta/recipes-core/coreutils/coreutils_9.3.bb
+++ b/meta/recipes-core/coreutils/coreutils_9.4.bb
@@ -16,11 +16,9 @@ inherit autotools gettext texinfo
 SRC_URI = "${GNU_MIRROR}/coreutils/${BP}.tar.xz \
file://remove-usr-local-lib-from-m4.patch \
file://0001-local.mk-fix-cross-compiling-problem.patch \
-   file://stdlib-mb-cur-max.patch \
file://run-ptest \
"
-
-SRC_URI[sha256sum] = 
"adbcfcfe899235b71e8768dcf07cd532520b7f54f9a8064843f8d199a904bbaa"
+SRC_URI[sha256sum] = 
"ea613a4cf44612326e917201bbbcdfbd301de21ffc3b59b6e5c07e040b275e52"
 
 # 
http://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=v8.27-101-gf5d7c0842
 # 
-- 
2.42.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187550): 
https://lists.openembedded.org/g/openembedded-core/message/187550
Mute This Topic: https://lists.openembedded.org/mt/101332030/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-