date:20231114

Re: [OE-Core][PATCH v3 0/4] recipetool: Add handler to create go recipes

2023-11-14 Thread Vyacheslav Yurkov


On 15.11.2023 08:30, Lukas Funke wrote:

Hi Slava,

No problem. Party is still going on. The 'modules.txt' is intendet to 
be in your ${WORKDIR} as it is part of the SRC_URI, generated by
the recipetool. My guess would be, that there is some 
missconfiguration in your SRC_URI?


Yes, I noticed that it should be there in recipetool tests. But 
generated recipe didn't have It in SRC_URI. I tried to use generated 
recipe as is. I'll try to double check later.


Slava

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190558): 
https://lists.openembedded.org/g/openembedded-core/message/190558
Mute This Topic: https://lists.openembedded.org/mt/102345308/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-Core][PATCH v3 0/4] recipetool: Add handler to create go recipes

2023-11-14 Thread Lukas Funke


Hi Slava,

On 15.11.2023 06:59, Vyacheslav Yurkov wrote:

Hi Lukas,
Thanks for the v3. I know I'm late to the party, because it's already 
merged, but my testing results are below anyway.


No problem. Party is still going on. The 'modules.txt' is intendet to be 
in your ${WORKDIR} as it is part of the SRC_URI, generated by
the recipetool. My guess would be, that there is some missconfiguration 
in your SRC_URI?




The series seems to have handled my ssh URL correctly.

I've got an error in do_go_vendor though.
File: ''/meta/classes/go-vendor.bbclass', lineno: 166, function: 
do_go_vendor

  0162:
  0163:    # Copy vendor manifest
  0164:    modules_txt_src = os.path.join(d.getVar('WORKDIR'), 
"modules.txt")

  0165:    bb.debug(1, "cp %s --> %s" % (modules_txt_src, vendor_dir))
  *** 0166:    shutil.copy2(modules_txt_src, vendor_dir)
  0167:
  0168:    # Clean up vendor dir
  0169:    # We only require the modules in the modules_txt file
  0170:    fetched_paths = set([os.path.relpath(x[0], vendor_dir) 
for x in os.walk(vendor_dir)])

File: '/usr/lib64/python3.9/shutil.py', lineno: 444, function: copy2
  0440:    resembles GNU's "cp -P src dst".
  0441:    """
  0442:    if os.path.isdir(dst):
  0443:    dst = os.path.join(dst, os.path.basename(src))
  *** 0444:    copyfile(src, dst, follow_symlinks=follow_symlinks)
  0445:    copystat(src, dst, follow_symlinks=follow_symlinks)
  0446:    return dst
  0447:
  0448:def ignore_patterns(*patterns):
File: '/usr/lib64/python3.9/shutil.py', lineno: 264, function: copyfile
  0260:
  0261:    if not follow_symlinks and _islink(src):
  0262:    os.symlink(os.readlink(src), dst)
  0263:    else:
  *** 0264:    with open(src, 'rb') as fsrc:
  0265:    try:
  0266:    with open(dst, 'wb') as fdst:
  0267:    # macOS
  0268:    if _HAS_FCOPYFILE:
Exception: FileNotFoundError: [Errno 2] No such file or directory: 
'/modules.txt'


I've located "modules.txt" in my $WORKDIR/$GO_IMPORT/vendor directory 
though, which seems to be consistent with 
https://go.dev/ref/mod#go-mod-file-go . Am I missing something or I can 
send a fixup?


Slava

On 02.11.2023 16:53, lukas.funke-...@weidmueller.com wrote:

From: Lukas Funke 

This patch series adds a recipetool handler in order to create 'go' 
recipes.

Each recipe contains a list of dependencies in their SRC_URI.
Dependencies are derived from the projects `go.mod` file. For each
dependency the corresponding license file uri/hash is added.

The recipe may not work ad-hoc, but is a good starting point to create
a working recipe and have a working offline-build.

In addition to the main recipe three additional files will be generated:
   - $pn-modules.inc
   - $pn-license.inc
   - modules.txt

Changes from v2:
   - Generate separate *.inc for go dependencies and licenses
   - Adapted oe-selftest according to change above
   - Incorparate community suggestions

Lukas Funke (4):
   classes: go-vendor: Add go-vendor class
   selftest: recipetool: Add test for go recipe handler
   recipetool: Ignore *.go files while scanning for licenses
   recipetool: Add handler to create go recipes

  meta/classes/go-vendor.bbclass | 135 
  meta/lib/oeqa/selftest/cases/recipetool.py | 163 +
  scripts/lib/recipetool/create.py   |   2 +-
  scripts/lib/recipetool/create_go.py    | 730 +
  4 files changed, 1029 insertions(+), 1 deletion(-)
  create mode 100644 meta/classes/go-vendor.bbclass
  create mode 100644 scripts/lib/recipetool/create_go.py





Best regards
Lukas

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190557): 
https://lists.openembedded.org/g/openembedded-core/message/190557
Mute This Topic: https://lists.openembedded.org/mt/102345308/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell][PATCH v3] libx11: Fix for CVE-2023-43785 CVE-2023-43786 and CVE-2023-43787

2023-11-14 Thread Vijay Anusuri via lists.openembedded.org

From: Vijay Anusuri 

import patches from ubuntu to fix
 CVE-2023-43785
 CVE-2023-43786
 CVE-2023-43787

Upstream-Status: Backport [import from ubuntu 
https://git.launchpad.net/ubuntu/+source/libx11/tree/debian/patches?h=ubuntu/focal-security
Upstream commit
https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/6858d468d9ca55fb4c5fd70b223dbc78a3358a7f
&
https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/204c3393c4c90a29ed6bef64e43849536e863a86
&
https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/73a37d5f2fcadd6540159b432a70d80f442ddf4a
&
https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/b4031fc023816aca07fbd592ed97010b9b48784b
&
https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/7916869d16bdd115ac5be30a67c3749907aea6a0]

Reference: https://launchpad.net/ubuntu/+source/libx11/2:1.6.9-2ubuntu1.6

Signed-off-by: Vijay Anusuri 
---
 .../xorg-lib/libx11/CVE-2023-43785.patch  | 63 ++
 .../xorg-lib/libx11/CVE-2023-43786-1.patch| 42 
 .../xorg-lib/libx11/CVE-2023-43786-2.patch| 46 +
 .../xorg-lib/libx11/CVE-2023-43787-1.patch| 52 +++
 .../xorg-lib/libx11/CVE-2023-43787-2.patch| 64 +++
 .../recipes-graphics/xorg-lib/libx11_1.6.9.bb |  5 ++
 6 files changed, 272 insertions(+)
 create mode 100644 meta/recipes-graphics/xorg-lib/libx11/CVE-2023-43785.patch
 create mode 100644 meta/recipes-graphics/xorg-lib/libx11/CVE-2023-43786-1.patch
 create mode 100644 meta/recipes-graphics/xorg-lib/libx11/CVE-2023-43786-2.patch
 create mode 100644 meta/recipes-graphics/xorg-lib/libx11/CVE-2023-43787-1.patch
 create mode 100644 meta/recipes-graphics/xorg-lib/libx11/CVE-2023-43787-2.patch

diff --git a/meta/recipes-graphics/xorg-lib/libx11/CVE-2023-43785.patch 
b/meta/recipes-graphics/xorg-lib/libx11/CVE-2023-43785.patch
new file mode 100644
index 00..dbdf096fc8
--- /dev/null
+++ b/meta/recipes-graphics/xorg-lib/libx11/CVE-2023-43785.patch
@@ -0,0 +1,63 @@
+From 6858d468d9ca55fb4c5fd70b223dbc78a3358a7f Mon Sep 17 00:00:00 2001
+From: Alan Coopersmith 
+Date: Sun, 17 Sep 2023 14:19:40 -0700
+Subject: [PATCH libX11 1/5] CVE-2023-43785: out-of-bounds memory access in
+ _XkbReadKeySyms()
+
+Make sure we allocate enough memory in the first place, and
+also handle error returns from _XkbReadBufferCopyKeySyms() when
+it detects out-of-bounds issues.
+
+Reported-by: Gregory James DUCK 
+Signed-off-by: Alan Coopersmith 
+
+Upstream-Status: Backport [import from ubuntu 
https://git.launchpad.net/ubuntu/+source/libx11/tree/debian/patches/0001-CVE-2023-43785-out-of-bounds-memory-access-in-_XkbRe.patch?h=ubuntu/focal-security
+Upstream commit 
https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/6858d468d9ca55fb4c5fd70b223dbc78a3358a7f]
+CVE: CVE-2023-43785
+Signed-off-by: Vijay Anusuri 
+---
+ src/xkb/XKBGetMap.c | 14 +-
+ 1 file changed, 9 insertions(+), 5 deletions(-)
+
+diff --git a/src/xkb/XKBGetMap.c b/src/xkb/XKBGetMap.c
+index 2891d21e..31199e4a 100644
+--- a/src/xkb/XKBGetMap.c
 b/src/xkb/XKBGetMap.c
+@@ -182,7 +182,8 @@ _XkbReadKeySyms(XkbReadBufferPtr buf, XkbDescPtr xkb, 
xkbGetMapReply *rep)
+ if (offset + newMap->nSyms >= map->size_syms) {
+ register int sz;
+ 
+-sz = map->size_syms + 128;
++sz = offset + newMap->nSyms;
++sz = ((sz + (unsigned) 128) / 128) * 128;
+ _XkbResizeArray(map->syms, map->size_syms, sz, KeySym);
+ if (map->syms == NULL) {
+ map->size_syms = 0;
+@@ -191,8 +192,9 @@ _XkbReadKeySyms(XkbReadBufferPtr buf, XkbDescPtr xkb, 
xkbGetMapReply *rep)
+ map->size_syms = sz;
+ }
+ if (newMap->nSyms > 0) {
+-_XkbReadBufferCopyKeySyms(buf, (KeySym *) >syms[offset],
+-  newMap->nSyms);
++if (_XkbReadBufferCopyKeySyms(buf, (KeySym *) 
>syms[offset],
++  newMap->nSyms) == 0)
++return BadLength;
+ offset += newMap->nSyms;
+ }
+ else {
+@@ -222,8 +224,10 @@ _XkbReadKeySyms(XkbReadBufferPtr buf, XkbDescPtr xkb, 
xkbGetMapReply *rep)
+ newSyms = XkbResizeKeySyms(xkb, i + rep->firstKeySym, tmp);
+ if (newSyms == NULL)
+ return BadAlloc;
+-if (newMap->nSyms > 0)
+-_XkbReadBufferCopyKeySyms(buf, newSyms, newMap->nSyms);
++if (newMap->nSyms > 0) {
++if (_XkbReadBufferCopyKeySyms(buf, newSyms, newMap->nSyms) == 
0)
++return BadLength;
++}
+ else
+ newSyms[0] = NoSymbol;
+ oldMap->kt_index[0] = newMap->ktIndex[0];
+-- 
+2.39.3
+
diff --git a/meta/recipes-graphics/xorg-lib/libx11/CVE-2023-43786-1.patch 
b/meta/recipes-graphics/xorg-lib/libx11/CVE-2023-43786-1.patch
new file mode 100644
index

Re: [OE-Core][PATCH v3 0/4] recipetool: Add handler to create go recipes

2023-11-14 Thread Vyacheslav Yurkov


Hi Lukas,
Thanks for the v3. I know I'm late to the party, because it's already 
merged, but my testing results are below anyway.


The series seems to have handled my ssh URL correctly.

I've got an error in do_go_vendor though.
File: ''/meta/classes/go-vendor.bbclass', lineno: 166, function: 
do_go_vendor

 0162:
 0163:    # Copy vendor manifest
 0164:    modules_txt_src = os.path.join(d.getVar('WORKDIR'), 
"modules.txt")

 0165:    bb.debug(1, "cp %s --> %s" % (modules_txt_src, vendor_dir))
 *** 0166:    shutil.copy2(modules_txt_src, vendor_dir)
 0167:
 0168:    # Clean up vendor dir
 0169:    # We only require the modules in the modules_txt file
 0170:    fetched_paths = set([os.path.relpath(x[0], vendor_dir) 
for x in os.walk(vendor_dir)])

File: '/usr/lib64/python3.9/shutil.py', lineno: 444, function: copy2
 0440:    resembles GNU's "cp -P src dst".
 0441:    """
 0442:    if os.path.isdir(dst):
 0443:    dst = os.path.join(dst, os.path.basename(src))
 *** 0444:    copyfile(src, dst, follow_symlinks=follow_symlinks)
 0445:    copystat(src, dst, follow_symlinks=follow_symlinks)
 0446:    return dst
 0447:
 0448:def ignore_patterns(*patterns):
File: '/usr/lib64/python3.9/shutil.py', lineno: 264, function: copyfile
 0260:
 0261:    if not follow_symlinks and _islink(src):
 0262:    os.symlink(os.readlink(src), dst)
 0263:    else:
 *** 0264:    with open(src, 'rb') as fsrc:
 0265:    try:
 0266:    with open(dst, 'wb') as fdst:
 0267:    # macOS
 0268:    if _HAS_FCOPYFILE:
Exception: FileNotFoundError: [Errno 2] No such file or directory: 
'/modules.txt'


I've located "modules.txt" in my $WORKDIR/$GO_IMPORT/vendor directory 
though, which seems to be consistent with 
https://go.dev/ref/mod#go-mod-file-go . Am I missing something or I can 
send a fixup?


Slava

On 02.11.2023 16:53, lukas.funke-...@weidmueller.com wrote:

From: Lukas Funke 

This patch series adds a recipetool handler in order to create 'go' recipes.
Each recipe contains a list of dependencies in their SRC_URI.
Dependencies are derived from the projects `go.mod` file. For each
dependency the corresponding license file uri/hash is added.

The recipe may not work ad-hoc, but is a good starting point to create
a working recipe and have a working offline-build.

In addition to the main recipe three additional files will be generated:
   - $pn-modules.inc
   - $pn-license.inc
   - modules.txt

Changes from v2:
   - Generate separate *.inc for go dependencies and licenses
   - Adapted oe-selftest according to change above
   - Incorparate community suggestions

Lukas Funke (4):
   classes: go-vendor: Add go-vendor class
   selftest: recipetool: Add test for go recipe handler
   recipetool: Ignore *.go files while scanning for licenses
   recipetool: Add handler to create go recipes

  meta/classes/go-vendor.bbclass | 135 
  meta/lib/oeqa/selftest/cases/recipetool.py | 163 +
  scripts/lib/recipetool/create.py   |   2 +-
  scripts/lib/recipetool/create_go.py| 730 +
  4 files changed, 1029 insertions(+), 1 deletion(-)
  create mode 100644 meta/classes/go-vendor.bbclass
  create mode 100644 scripts/lib/recipetool/create_go.py




-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190555): 
https://lists.openembedded.org/g/openembedded-core/message/190555
Mute This Topic: https://lists.openembedded.org/mt/102345308/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-Core][PATCH] openssh: add systemd readiness notification support

2023-11-14 Thread Xiangyu Chen



On 11/14/23 01:34, Ross Burton wrote:

CAUTION: This email comes from a non Wind River email account!
Do not click links or open attachments unless you recognize the sender and know 
the content is safe.

On 11 Nov 2023, at 10:30, Xiangyu Chen via lists.openembedded.org 
 wrote:

Taken a patch from debain[1] that after sshd listening port, using a signal to 
tell systemd
it is ready now.

It’s not Upstream-Status: Inappropriate, this is perfectly acceptable for 
upstream.

In fact it’s been submitted upstream already and there’s a newer iteration than 
this patch has:

https://github.com/openssh/openssh-portable/pull/375/commits/be187435911cde6cc3cef6982a508261074f1e56

Please use that patch instead, and set the Upstream-Status to submitted.


Thanks for your info, forgetting to check the patches in openssh PR 
list, resent a v2 patch:


https://lists.openembedded.org/g/openembedded-core/message/190553




Ross

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190554): 
https://lists.openembedded.org/g/openembedded-core/message/190554
Mute This Topic: https://lists.openembedded.org/mt/102523723/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-Core][PATCH v2] openssh: add systemd readiness notification support

2023-11-14 Thread Xiangyu Chen

From: Xiangyu Chen 

The sshd keeps on terminating and restarting in servel minutes, we can observe
log from journalctl that the sshd was killed by systemd with signal 15:

systemd[1]: sshd.service start operation timed out. Terminating.
sshd[374]: Received signal 15; terminating.

When the sshd as a systemd service, it need to tell systemd with a "READY" 
status,
and when it is restarted, it need to tell systemd with a "RELOADING" status, 
otherwise,
systemd would treat it as failing service and restart it again.

Taken a patch from openssh upstream PR[1], that after using a signal to tell 
systemd
it is ready or reload now.

Ref:
[1] 
https://github.com/openssh/openssh-portable/pull/375/commits/be187435911cde6cc3cef6982a508261074f1e56

Signed-off-by: Xiangyu Chen 
---
 ...tional-support-for-systemd-sd_notify.patch | 99 +++
 .../openssh/openssh_9.5p1.bb  |  5 +-
 2 files changed, 103 insertions(+), 1 deletion(-)
 create mode 100644 
meta/recipes-connectivity/openssh/openssh/0001-systemd-Add-optional-support-for-systemd-sd_notify.patch

diff --git 
a/meta/recipes-connectivity/openssh/openssh/0001-systemd-Add-optional-support-for-systemd-sd_notify.patch
 
b/meta/recipes-connectivity/openssh/openssh/0001-systemd-Add-optional-support-for-systemd-sd_notify.patch
new file mode 100644
index 00..acda8f1ce9
--- /dev/null
+++ 
b/meta/recipes-connectivity/openssh/openssh/0001-systemd-Add-optional-support-for-systemd-sd_notify.patch
@@ -0,0 +1,99 @@
+From be187435911cde6cc3cef6982a508261074f1e56 Mon Sep 17 00:00:00 2001
+From: Matt Jolly 
+Date: Thu, 2 Feb 2023 21:05:40 +1100
+Subject: [PATCH] systemd: Add optional support for systemd `sd_notify`
+
+This is a rebase of Dennis Lamm's 
+patch based on Jakub Jelen's  original patch
+
+Upstream-Status: Submitted 
[https://github.com/openssh/openssh-portable/pull/375/commits/be187435911cde6cc3cef6982a508261074f1e56]
+
+Signed-off-by: Xiangyu Chen 
+---
+ configure.ac | 24 
+ sshd.c   | 13 +
+ 2 files changed, 37 insertions(+)
+
+diff --git a/configure.ac b/configure.ac
+index 22fee70f..486c189f 100644
+--- a/configure.ac
 b/configure.ac
+@@ -4835,6 +4835,29 @@ AC_SUBST([GSSLIBS])
+ AC_SUBST([K5LIBS])
+ AC_SUBST([CHANNELLIBS])
+ 
++# Check whether user wants systemd support
++SYSTEMD_MSG="no"
++AC_ARG_WITH(systemd,
++  [  --with-systemd  Enable systemd support],
++  [ if test "x$withval" != "xno" ; then
++  AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no])
++  if test "$PKGCONFIG" != "no"; then
++  AC_MSG_CHECKING([for libsystemd])
++  if $PKGCONFIG --exists libsystemd; then
++  SYSTEMD_CFLAGS=`$PKGCONFIG --cflags libsystemd`
++  SYSTEMD_LIBS=`$PKGCONFIG --libs libsystemd`
++  CPPFLAGS="$CPPFLAGS $SYSTEMD_CFLAGS"
++  SSHDLIBS="$SSHDLIBS $SYSTEMD_LIBS"
++  AC_MSG_RESULT([yes])
++  AC_DEFINE(HAVE_SYSTEMD, 1, [Define if you want 
systemd support.])
++  SYSTEMD_MSG="yes"
++  else
++  AC_MSG_RESULT([no])
++  fi
++  fi
++  fi ]
++)
++
+ # Looking for programs, paths and files
+ 
+ PRIVSEP_PATH=/var/empty
+@@ -5634,6 +5657,7 @@ echo "   libldns support: $LDNS_MSG"
+ echo "  Solaris process contract support: $SPC_MSG"
+ echo "   Solaris project support: $SP_MSG"
+ echo " Solaris privilege support: $SPP_MSG"
++echo "   systemd support: $SYSTEMD_MSG"
+ echo "   IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
+ echo "   Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
+ echo "  BSD Auth support: $BSD_AUTH_MSG"
+diff --git a/sshd.c b/sshd.c
+index 6321936c..859d6a0b 100644
+--- a/sshd.c
 b/sshd.c
+@@ -88,6 +88,10 @@
+ #include 
+ #endif
+ 
++#ifdef HAVE_SYSTEMD
++#include 
++#endif
++
+ #include "xmalloc.h"
+ #include "ssh.h"
+ #include "ssh2.h"
+@@ -310,6 +314,10 @@ static void
+ sighup_restart(void)
+ {
+   logit("Received SIGHUP; restarting.");
++#ifdef HAVE_SYSTEMD
++  /* Signal systemd that we are reloading */
++  sd_notify(0, "RELOADING=1");
++#endif
+   if (options.pid_file != NULL)
+   unlink(options.pid_file);
+   platform_pre_restart();
+@@ -2086,6 +2094,11 @@ main(int ac, char **av)
+   }
+   }
+ 
++#ifdef HAVE_SYSTEMD
++  /* Signal systemd that we are ready to accept connections */
++  sd_notify(0, "READY=1");
++#endif
++
+   /* Accept a connection and return in a forked child */
+   server_accept_loop(_in, _out,
+   , config_s);
+-- 
+2.25.1
+
diff --git a/meta/recipes-connectivity/openssh/openssh_9.5p1.bb

Patchtest results for [OE-core][dunfell][PATCH v2] libx11: backport Debian patches to fix CVE-2023-43785 CVE-2023-43786 and CVE-2023-43787

2023-11-14 Thread Patchtest

Thank you for your submission. Patchtest identified one
or more issues with the patch. Please see the log below for
more information:

---
Testing patch 
/home/patchtest/share/mboxes/dunfell-v2-libx11-backport-Debian-patches-to-fix-CVE-2023-43785-CVE-2023-43786-and-CVE-2023-43787.patch

FAIL: test shortlog length: Edit shortlog so that it is 90 characters or less 
(currently 107 characters) (test_mbox.TestMbox.test_shortlog_length)

PASS: test CVE tag format (test_patch.TestPatch.test_cve_tag_format)
PASS: test Signed-off-by presence 
(test_mbox.TestMbox.test_signed_off_by_presence)
PASS: test Signed-off-by presence 
(test_patch.TestPatch.test_signed_off_by_presence)
PASS: test Upstream-Status presence 
(test_patch.TestPatch.test_upstream_status_presence_format)
PASS: test author valid (test_mbox.TestMbox.test_author_valid)
PASS: test commit message presence 
(test_mbox.TestMbox.test_commit_message_presence)
PASS: test mbox format (test_mbox.TestMbox.test_mbox_format)
PASS: test non-AUH upgrade (test_mbox.TestMbox.test_non_auh_upgrade)
PASS: test shortlog format (test_mbox.TestMbox.test_shortlog_format)

SKIP: test bugzilla entry format: No bug ID found 
(test_mbox.TestMbox.test_bugzilla_entry_format)
SKIP: test pylint: No python related patches, skipping test 
(test_python_pylint.PyLint.test_pylint)
SKIP: test series merge on head: Merge test is disabled for now 
(test_mbox.TestMbox.test_series_merge_on_head)
SKIP: test target mailing list: Series merged, no reason to check other mailing 
lists (test_mbox.TestMbox.test_target_mailing_list)

---

Please address the issues identified and
submit a new revision of the patch, or alternatively, reply to this
email with an explanation of why the patch should be accepted. If you
believe these results are due to an error in patchtest, please submit a
bug at https://bugzilla.yoctoproject.org/ (use the 'Patchtest' category
under 'Yocto Project Subprojects'). For more information on specific
failures, see: https://wiki.yoctoproject.org/wiki/Patchtest. Thank
you!

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190552): 
https://lists.openembedded.org/g/openembedded-core/message/190552
Mute This Topic: https://lists.openembedded.org/mt/102599276/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Patchtest results for [OE-core][dunfell][PATCH] libx11: backport Debian patches to fix CVE-2023-43785 CVE-43786 and CVE-2023-43787

2023-11-14 Thread Patchtest

Thank you for your submission. Patchtest identified one
or more issues with the patch. Please see the log below for
more information:

---
Testing patch 
/home/patchtest/share/mboxes/dunfell-libx11-backport-Debian-patches-to-fix-CVE-2023-43785-CVE-43786-and-CVE-2023-43787.patch

FAIL: test shortlog length: Edit shortlog so that it is 90 characters or less 
(currently 99 characters) (test_mbox.TestMbox.test_shortlog_length)

PASS: test CVE tag format (test_patch.TestPatch.test_cve_tag_format)
PASS: test Signed-off-by presence 
(test_mbox.TestMbox.test_signed_off_by_presence)
PASS: test Signed-off-by presence 
(test_patch.TestPatch.test_signed_off_by_presence)
PASS: test Upstream-Status presence 
(test_patch.TestPatch.test_upstream_status_presence_format)
PASS: test author valid (test_mbox.TestMbox.test_author_valid)
PASS: test commit message presence 
(test_mbox.TestMbox.test_commit_message_presence)
PASS: test mbox format (test_mbox.TestMbox.test_mbox_format)
PASS: test non-AUH upgrade (test_mbox.TestMbox.test_non_auh_upgrade)
PASS: test shortlog format (test_mbox.TestMbox.test_shortlog_format)

SKIP: test bugzilla entry format: No bug ID found 
(test_mbox.TestMbox.test_bugzilla_entry_format)
SKIP: test pylint: No python related patches, skipping test 
(test_python_pylint.PyLint.test_pylint)
SKIP: test series merge on head: Merge test is disabled for now 
(test_mbox.TestMbox.test_series_merge_on_head)
SKIP: test target mailing list: Series merged, no reason to check other mailing 
lists (test_mbox.TestMbox.test_target_mailing_list)

---

Please address the issues identified and
submit a new revision of the patch, or alternatively, reply to this
email with an explanation of why the patch should be accepted. If you
believe these results are due to an error in patchtest, please submit a
bug at https://bugzilla.yoctoproject.org/ (use the 'Patchtest' category
under 'Yocto Project Subprojects'). For more information on specific
failures, see: https://wiki.yoctoproject.org/wiki/Patchtest. Thank
you!

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190551): 
https://lists.openembedded.org/g/openembedded-core/message/190551
Mute This Topic: https://lists.openembedded.org/mt/102599275/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell][PATCH v2] libx11: backport Debian patches to fix CVE-2023-43785 CVE-2023-43786 and CVE-2023-43787

2023-11-14 Thread Vijay Anusuri via lists.openembedded.org

From: Vijay Anusuri 

import patches from ubuntu to fix
 CVE-2023-43785
 CVE-2023-43786
 CVE-2023-43787

Upstream-Status: Backport [import from ubuntu 
https://git.launchpad.net/ubuntu/+source/libx11/tree/debian/patches?h=ubuntu/focal-security
Upstream commit
https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/6858d468d9ca55fb4c5fd70b223dbc78a3358a7f
&
https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/204c3393c4c90a29ed6bef64e43849536e863a86
&
https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/73a37d5f2fcadd6540159b432a70d80f442ddf4a
&
https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/b4031fc023816aca07fbd592ed97010b9b48784b
&
https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/7916869d16bdd115ac5be30a67c3749907aea6a0]

Reference: https://launchpad.net/ubuntu/+source/libx11/2:1.6.9-2ubuntu1.6

Signed-off-by: Vijay Anusuri 
---
 .../xorg-lib/libx11/CVE-2023-43785.patch  | 63 ++
 .../xorg-lib/libx11/CVE-2023-43786-1.patch| 42 
 .../xorg-lib/libx11/CVE-2023-43786-2.patch| 46 +
 .../xorg-lib/libx11/CVE-2023-43787-1.patch| 52 +++
 .../xorg-lib/libx11/CVE-2023-43787-2.patch| 64 +++
 .../recipes-graphics/xorg-lib/libx11_1.6.9.bb |  5 ++
 6 files changed, 272 insertions(+)
 create mode 100644 meta/recipes-graphics/xorg-lib/libx11/CVE-2023-43785.patch
 create mode 100644 meta/recipes-graphics/xorg-lib/libx11/CVE-2023-43786-1.patch
 create mode 100644 meta/recipes-graphics/xorg-lib/libx11/CVE-2023-43786-2.patch
 create mode 100644 meta/recipes-graphics/xorg-lib/libx11/CVE-2023-43787-1.patch
 create mode 100644 meta/recipes-graphics/xorg-lib/libx11/CVE-2023-43787-2.patch

diff --git a/meta/recipes-graphics/xorg-lib/libx11/CVE-2023-43785.patch 
b/meta/recipes-graphics/xorg-lib/libx11/CVE-2023-43785.patch
new file mode 100644
index 00..dbdf096fc8
--- /dev/null
+++ b/meta/recipes-graphics/xorg-lib/libx11/CVE-2023-43785.patch
@@ -0,0 +1,63 @@
+From 6858d468d9ca55fb4c5fd70b223dbc78a3358a7f Mon Sep 17 00:00:00 2001
+From: Alan Coopersmith 
+Date: Sun, 17 Sep 2023 14:19:40 -0700
+Subject: [PATCH libX11 1/5] CVE-2023-43785: out-of-bounds memory access in
+ _XkbReadKeySyms()
+
+Make sure we allocate enough memory in the first place, and
+also handle error returns from _XkbReadBufferCopyKeySyms() when
+it detects out-of-bounds issues.
+
+Reported-by: Gregory James DUCK 
+Signed-off-by: Alan Coopersmith 
+
+Upstream-Status: Backport [import from ubuntu 
https://git.launchpad.net/ubuntu/+source/libx11/tree/debian/patches/0001-CVE-2023-43785-out-of-bounds-memory-access-in-_XkbRe.patch?h=ubuntu/focal-security
+Upstream commit 
https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/6858d468d9ca55fb4c5fd70b223dbc78a3358a7f]
+CVE: CVE-2023-43785
+Signed-off-by: Vijay Anusuri 
+---
+ src/xkb/XKBGetMap.c | 14 +-
+ 1 file changed, 9 insertions(+), 5 deletions(-)
+
+diff --git a/src/xkb/XKBGetMap.c b/src/xkb/XKBGetMap.c
+index 2891d21e..31199e4a 100644
+--- a/src/xkb/XKBGetMap.c
 b/src/xkb/XKBGetMap.c
+@@ -182,7 +182,8 @@ _XkbReadKeySyms(XkbReadBufferPtr buf, XkbDescPtr xkb, 
xkbGetMapReply *rep)
+ if (offset + newMap->nSyms >= map->size_syms) {
+ register int sz;
+ 
+-sz = map->size_syms + 128;
++sz = offset + newMap->nSyms;
++sz = ((sz + (unsigned) 128) / 128) * 128;
+ _XkbResizeArray(map->syms, map->size_syms, sz, KeySym);
+ if (map->syms == NULL) {
+ map->size_syms = 0;
+@@ -191,8 +192,9 @@ _XkbReadKeySyms(XkbReadBufferPtr buf, XkbDescPtr xkb, 
xkbGetMapReply *rep)
+ map->size_syms = sz;
+ }
+ if (newMap->nSyms > 0) {
+-_XkbReadBufferCopyKeySyms(buf, (KeySym *) >syms[offset],
+-  newMap->nSyms);
++if (_XkbReadBufferCopyKeySyms(buf, (KeySym *) 
>syms[offset],
++  newMap->nSyms) == 0)
++return BadLength;
+ offset += newMap->nSyms;
+ }
+ else {
+@@ -222,8 +224,10 @@ _XkbReadKeySyms(XkbReadBufferPtr buf, XkbDescPtr xkb, 
xkbGetMapReply *rep)
+ newSyms = XkbResizeKeySyms(xkb, i + rep->firstKeySym, tmp);
+ if (newSyms == NULL)
+ return BadAlloc;
+-if (newMap->nSyms > 0)
+-_XkbReadBufferCopyKeySyms(buf, newSyms, newMap->nSyms);
++if (newMap->nSyms > 0) {
++if (_XkbReadBufferCopyKeySyms(buf, newSyms, newMap->nSyms) == 
0)
++return BadLength;
++}
+ else
+ newSyms[0] = NoSymbol;
+ oldMap->kt_index[0] = newMap->ktIndex[0];
+-- 
+2.39.3
+
diff --git a/meta/recipes-graphics/xorg-lib/libx11/CVE-2023-43786-1.patch 
b/meta/recipes-graphics/xorg-lib/libx11/CVE-2023-43786-1.patch
new file mode 100644
index

[OE-core][dunfell][PATCH] libx11: backport Debian patches to fix CVE-2023-43785 CVE-43786 and CVE-2023-43787

2023-11-14 Thread Vijay Anusuri via lists.openembedded.org

From: Vijay Anusuri 

import patches from ubuntu to fix
 CVE-2023-43785
 CVE-2023-43786
 CVE-2023-43787

Upstream-Status: Backport [import from ubuntu 
https://git.launchpad.net/ubuntu/+source/libx11/tree/debian/patches?h=ubuntu/focal-security
Upstream commit
https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/6858d468d9ca55fb4c5fd70b223dbc78a3358a7f
&
https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/204c3393c4c90a29ed6bef64e43849536e863a86
&
https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/73a37d5f2fcadd6540159b432a70d80f442ddf4a
&
https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/b4031fc023816aca07fbd592ed97010b9b48784b
&
https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/7916869d16bdd115ac5be30a67c3749907aea6a0]

Reference: https://launchpad.net/ubuntu/+source/libx11/2:1.6.9-2ubuntu1.6

Signed-off-by: Vijay Anusuri 
---
 .../xorg-lib/libx11/CVE-2023-43785.patch  | 63 ++
 .../xorg-lib/libx11/CVE-2023-43786-1.patch| 42 
 .../xorg-lib/libx11/CVE-2023-43786-2.patch| 46 +
 .../xorg-lib/libx11/CVE-2023-43787-1.patch| 52 +++
 .../xorg-lib/libx11/CVE-2023-43787-2.patch| 64 +++
 .../recipes-graphics/xorg-lib/libx11_1.6.9.bb |  5 ++
 6 files changed, 272 insertions(+)
 create mode 100644 meta/recipes-graphics/xorg-lib/libx11/CVE-2023-43785.patch
 create mode 100644 meta/recipes-graphics/xorg-lib/libx11/CVE-2023-43786-1.patch
 create mode 100644 meta/recipes-graphics/xorg-lib/libx11/CVE-2023-43786-2.patch
 create mode 100644 meta/recipes-graphics/xorg-lib/libx11/CVE-2023-43787-1.patch
 create mode 100644 meta/recipes-graphics/xorg-lib/libx11/CVE-2023-43787-2.patch

diff --git a/meta/recipes-graphics/xorg-lib/libx11/CVE-2023-43785.patch 
b/meta/recipes-graphics/xorg-lib/libx11/CVE-2023-43785.patch
new file mode 100644
index 00..dbdf096fc8
--- /dev/null
+++ b/meta/recipes-graphics/xorg-lib/libx11/CVE-2023-43785.patch
@@ -0,0 +1,63 @@
+From 6858d468d9ca55fb4c5fd70b223dbc78a3358a7f Mon Sep 17 00:00:00 2001
+From: Alan Coopersmith 
+Date: Sun, 17 Sep 2023 14:19:40 -0700
+Subject: [PATCH libX11 1/5] CVE-2023-43785: out-of-bounds memory access in
+ _XkbReadKeySyms()
+
+Make sure we allocate enough memory in the first place, and
+also handle error returns from _XkbReadBufferCopyKeySyms() when
+it detects out-of-bounds issues.
+
+Reported-by: Gregory James DUCK 
+Signed-off-by: Alan Coopersmith 
+
+Upstream-Status: Backport [import from ubuntu 
https://git.launchpad.net/ubuntu/+source/libx11/tree/debian/patches/0001-CVE-2023-43785-out-of-bounds-memory-access-in-_XkbRe.patch?h=ubuntu/focal-security
+Upstream commit 
https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/6858d468d9ca55fb4c5fd70b223dbc78a3358a7f]
+CVE: CVE-2023-43785
+Signed-off-by: Vijay Anusuri 
+---
+ src/xkb/XKBGetMap.c | 14 +-
+ 1 file changed, 9 insertions(+), 5 deletions(-)
+
+diff --git a/src/xkb/XKBGetMap.c b/src/xkb/XKBGetMap.c
+index 2891d21e..31199e4a 100644
+--- a/src/xkb/XKBGetMap.c
 b/src/xkb/XKBGetMap.c
+@@ -182,7 +182,8 @@ _XkbReadKeySyms(XkbReadBufferPtr buf, XkbDescPtr xkb, 
xkbGetMapReply *rep)
+ if (offset + newMap->nSyms >= map->size_syms) {
+ register int sz;
+ 
+-sz = map->size_syms + 128;
++sz = offset + newMap->nSyms;
++sz = ((sz + (unsigned) 128) / 128) * 128;
+ _XkbResizeArray(map->syms, map->size_syms, sz, KeySym);
+ if (map->syms == NULL) {
+ map->size_syms = 0;
+@@ -191,8 +192,9 @@ _XkbReadKeySyms(XkbReadBufferPtr buf, XkbDescPtr xkb, 
xkbGetMapReply *rep)
+ map->size_syms = sz;
+ }
+ if (newMap->nSyms > 0) {
+-_XkbReadBufferCopyKeySyms(buf, (KeySym *) >syms[offset],
+-  newMap->nSyms);
++if (_XkbReadBufferCopyKeySyms(buf, (KeySym *) 
>syms[offset],
++  newMap->nSyms) == 0)
++return BadLength;
+ offset += newMap->nSyms;
+ }
+ else {
+@@ -222,8 +224,10 @@ _XkbReadKeySyms(XkbReadBufferPtr buf, XkbDescPtr xkb, 
xkbGetMapReply *rep)
+ newSyms = XkbResizeKeySyms(xkb, i + rep->firstKeySym, tmp);
+ if (newSyms == NULL)
+ return BadAlloc;
+-if (newMap->nSyms > 0)
+-_XkbReadBufferCopyKeySyms(buf, newSyms, newMap->nSyms);
++if (newMap->nSyms > 0) {
++if (_XkbReadBufferCopyKeySyms(buf, newSyms, newMap->nSyms) == 
0)
++return BadLength;
++}
+ else
+ newSyms[0] = NoSymbol;
+ oldMap->kt_index[0] = newMap->ktIndex[0];
+-- 
+2.39.3
+
diff --git a/meta/recipes-graphics/xorg-lib/libx11/CVE-2023-43786-1.patch 
b/meta/recipes-graphics/xorg-lib/libx11/CVE-2023-43786-1.patch
new file mode 100644
index

Patchtest results for [OE-core][dunfell 11/17] cve-check: slightly more verbose warning when adding the same package twice

2023-11-14 Thread Patchtest

Thank you for your submission. Patchtest identified one
or more issues with the patch. Please see the log below for
more information:

---
Testing patch 
/home/patchtest/share/mboxes/dunfell-11-17-cve-check-slightly-more-verbose-warning-when-adding-the-same-package-twice.patch

FAIL: test shortlog length: Edit shortlog so that it is 90 characters or less 
(currently 91 characters) (test_mbox.TestMbox.test_shortlog_length)

PASS: test Signed-off-by presence 
(test_mbox.TestMbox.test_signed_off_by_presence)
PASS: test author valid (test_mbox.TestMbox.test_author_valid)
PASS: test commit message presence 
(test_mbox.TestMbox.test_commit_message_presence)
PASS: test mbox format (test_mbox.TestMbox.test_mbox_format)
PASS: test non-AUH upgrade (test_mbox.TestMbox.test_non_auh_upgrade)
PASS: test pylint (test_python_pylint.PyLint.test_pylint)
PASS: test shortlog format (test_mbox.TestMbox.test_shortlog_format)

SKIP: test CVE tag format: No new CVE patches introduced 
(test_patch.TestPatch.test_cve_tag_format)
SKIP: test Signed-off-by presence: No new CVE patches introduced 
(test_patch.TestPatch.test_signed_off_by_presence)
SKIP: test Upstream-Status presence: No new CVE patches introduced 
(test_patch.TestPatch.test_upstream_status_presence_format)
SKIP: test bugzilla entry format: No bug ID found 
(test_mbox.TestMbox.test_bugzilla_entry_format)
SKIP: test series merge on head: Merge test is disabled for now 
(test_mbox.TestMbox.test_series_merge_on_head)
SKIP: test target mailing list: Series merged, no reason to check other mailing 
lists (test_mbox.TestMbox.test_target_mailing_list)

---

Please address the issues identified and
submit a new revision of the patch, or alternatively, reply to this
email with an explanation of why the patch should be accepted. If you
believe these results are due to an error in patchtest, please submit a
bug at https://bugzilla.yoctoproject.org/ (use the 'Patchtest' category
under 'Yocto Project Subprojects'). For more information on specific
failures, see: https://wiki.yoctoproject.org/wiki/Patchtest. Thank
you!

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190548): 
https://lists.openembedded.org/g/openembedded-core/message/190548
Mute This Topic: https://lists.openembedded.org/mt/102598997/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 16/17] lz4: Update sstate/equiv versions to clean cache

2023-11-14 Thread Steve Sakoman

There are cached reproducibility issues on the autobuilder due to CFLAGS
issues, flush the bad data out the system by bumping the versions.

Signed-off-by: Steve Sakoman 
---
 meta/recipes-support/lz4/lz4_1.9.2.bb | 4 
 1 file changed, 4 insertions(+)

diff --git a/meta/recipes-support/lz4/lz4_1.9.2.bb 
b/meta/recipes-support/lz4/lz4_1.9.2.bb
index c2e24b518c..bc11a57eb5 100644
--- a/meta/recipes-support/lz4/lz4_1.9.2.bb
+++ b/meta/recipes-support/lz4/lz4_1.9.2.bb
@@ -12,6 +12,10 @@ PE = "1"
 
 SRCREV = "fdf2ef5809ca875c454510610764d9125ef2ebbd"
 
+# remove at next version upgrade or when output changes
+PR = "r1"
+HASHEQUIV_HASH_VERSION .= ".1"
+
 SRC_URI = "git://github.com/lz4/lz4.git;branch=dev;protocol=https \
file://run-ptest \
file://CVE-2021-3520.patch \
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190546): 
https://lists.openembedded.org/g/openembedded-core/message/190546
Mute This Topic: https://lists.openembedded.org/mt/102598828/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 12/17] cve-check: don't warn if a patch is remote

2023-11-14 Thread Steve Sakoman

From: Ross Burton 

We don't make do_cve_check depend on do_unpack because that would be a
waste of time 99% of the time.  The compromise here is that we can't
scan remote patches for issues, but this isn't a problem so downgrade
the warning to a note.

Also move the check for CVEs in the filename before the local file check
so that even with remote patches, we still check for CVE references in
the name.

Signed-off-by: Ross Burton 
Signed-off-by: Richard Purdie 
(cherry picked from commit 0251cad677579f5b4dcc25fa2f8552c6040ac2cf)
Signed-off-by: Steve Sakoman 
---
 meta/lib/oe/cve_check.py | 11 ++-
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/meta/lib/oe/cve_check.py b/meta/lib/oe/cve_check.py
index a91d691c30..ed4af18ced 100644
--- a/meta/lib/oe/cve_check.py
+++ b/meta/lib/oe/cve_check.py
@@ -114,11 +114,6 @@ def get_patched_cves(d):
 for url in oe.patch.src_patches(d):
 patch_file = bb.fetch.decodeurl(url)[2]
 
-# Remote compressed patches may not be unpacked, so silently ignore 
them
-if not os.path.isfile(patch_file):
-bb.warn("%s does not exist, cannot extract CVE list" % patch_file)
-continue
-
 # Check patch file name for CVE ID
 fname_match = cve_file_name_match.search(patch_file)
 if fname_match:
@@ -126,6 +121,12 @@ def get_patched_cves(d):
 patched_cves.add(cve)
 bb.debug(2, "Found CVE %s from patch file name %s" % (cve, 
patch_file))
 
+# Remote patches won't be present and compressed patches won't be
+# unpacked, so say we're not scanning them
+if not os.path.isfile(patch_file):
+bb.note("%s is remote or compressed, not scanning content" % 
patch_file)
+continue
+
 with open(patch_file, "r", encoding="utf-8") as f:
 try:
 patch_text = f.read()
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190542): 
https://lists.openembedded.org/g/openembedded-core/message/190542
Mute This Topic: https://lists.openembedded.org/mt/102598823/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 17/17] selftest: skip virgl test on all fedora

2023-11-14 Thread Steve Sakoman

This test will fail any time the host has libdrm > 2.4.107

Signed-off-by: Steve Sakoman 
---
 meta/lib/oeqa/selftest/cases/runtime_test.py | 10 ++
 1 file changed, 2 insertions(+), 8 deletions(-)

diff --git a/meta/lib/oeqa/selftest/cases/runtime_test.py 
b/meta/lib/oeqa/selftest/cases/runtime_test.py
index d80f85dba2..cc4190c1d6 100644
--- a/meta/lib/oeqa/selftest/cases/runtime_test.py
+++ b/meta/lib/oeqa/selftest/cases/runtime_test.py
@@ -185,14 +185,8 @@ class TestImage(OESelftestTestCase):
 self.skipTest('virgl isn\'t working with Centos 7')
 if distro and distro == 'centos-8':
 self.skipTest('virgl isn\'t working with Centos 8')
-if distro and distro == 'fedora-34':
-self.skipTest('virgl isn\'t working with Fedora 34')
-if distro and distro == 'fedora-35':
-self.skipTest('virgl isn\'t working with Fedora 35')
-if distro and distro == 'fedora-36':
-self.skipTest('virgl isn\'t working with Fedora 36')
-if distro and distro == 'fedora-37':
-self.skipTest('virgl isn\'t working with Fedora 37')
+if distro and distro.startswith('fedora'):
+self.skipTest('virgl isn\'t working with Fedora')
 if distro and distro == 'opensuseleap-15.0':
 self.skipTest('virgl isn\'t working with Opensuse 15.0')
 if distro and distro == 'ubuntu-22.04':
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190547): 
https://lists.openembedded.org/g/openembedded-core/message/190547
Mute This Topic: https://lists.openembedded.org/mt/102598829/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 15/17] lz4: use CFLAGS from bitbake

2023-11-14 Thread Steve Sakoman

From: Mikko Rapeli 

Currently lz4 uses it's own defaults which include O3 optimization.
Switch from O3 to bitbake default O2 reduces binary package size
from 467056 to 331888 bytes. Enables also building with Os if needed.

Signed-off-by: Mikko Rapeli 
Signed-off-by: Richard Purdie 
(cherry picked from commit abaaf8c6bcd368728d298937a9406eb2aebc7a7d)
Signed-off-by: Steve Sakoman 
---
 meta/recipes-support/lz4/lz4_1.9.2.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-support/lz4/lz4_1.9.2.bb 
b/meta/recipes-support/lz4/lz4_1.9.2.bb
index 0c4a0ac807..c2e24b518c 100644
--- a/meta/recipes-support/lz4/lz4_1.9.2.bb
+++ b/meta/recipes-support/lz4/lz4_1.9.2.bb
@@ -23,7 +23,7 @@ S = "${WORKDIR}/git"
 # Fixed in r118, which is larger than the current version.
 CVE_CHECK_WHITELIST += "CVE-2014-4715"
 
-EXTRA_OEMAKE = "PREFIX=${prefix} CC='${CC}' DESTDIR=${D} LIBDIR=${libdir} 
INCLUDEDIR=${includedir} BUILD_STATIC=no"
+EXTRA_OEMAKE = "PREFIX=${prefix} CC='${CC}' CFLAGS='${CFLAGS}' DESTDIR=${D} 
LIBDIR=${libdir} INCLUDEDIR=${includedir} BUILD_STATIC=no"
 
 do_install() {
oe_runmake install
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190545): 
https://lists.openembedded.org/g/openembedded-core/message/190545
Mute This Topic: https://lists.openembedded.org/mt/102598827/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 14/17] resolvconf: Fix fetch error

2023-11-14 Thread Steve Sakoman

From: Naveen Saini 

Branch 'master' renamed to 'unstable', which causing following failure.

Error:
Fetcher failure: Unable to find revision 
cb19bbfbe7e52174332f68bf2f295b39d119fad3 in branch master even from upstream

Switch to 'unstanble' branch.

Signed-off-by: Naveen Saini 
Signed-off-by: Steve Sakoman 
---
 meta/recipes-connectivity/resolvconf/resolvconf_1.82.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-connectivity/resolvconf/resolvconf_1.82.bb 
b/meta/recipes-connectivity/resolvconf/resolvconf_1.82.bb
index f482bd297f..5f0a5eac70 100644
--- a/meta/recipes-connectivity/resolvconf/resolvconf_1.82.bb
+++ b/meta/recipes-connectivity/resolvconf/resolvconf_1.82.bb
@@ -11,7 +11,7 @@ AUTHOR = "Thomas Hood"
 HOMEPAGE = "http://packages.debian.org/resolvconf;
 RDEPENDS_${PN} = "bash"
 
-SRC_URI = 
"git://salsa.debian.org/debian/resolvconf.git;protocol=https;branch=master \
+SRC_URI = 
"git://salsa.debian.org/debian/resolvconf.git;protocol=https;branch=unstable \
file://fix-path-for-busybox.patch \
file://99_resolvconf \
   "
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190544): 
https://lists.openembedded.org/g/openembedded-core/message/190544
Mute This Topic: https://lists.openembedded.org/mt/102598826/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 13/17] assimp: Explicitly use nobranch=1 in SRC_URI

2023-11-14 Thread Steve Sakoman

From: Naveen Saini 

Branch 'assimp_5.0_release' is not present in repo.

Error:
assimp-5.0.1-r0 do_fetch: Fetcher failure: Unable to find revision 
8f0c6b04b2257a520aaab38421b2e090204b69df in branch assimp_5.0_release even from 
upstream

Set nobranch=1, to fetch from v5.0.1 tag.

Signed-off-by: Naveen Saini 
Signed-off-by: Steve Sakoman 
---
 meta/recipes-graphics/vulkan/assimp_5.0.1.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-graphics/vulkan/assimp_5.0.1.bb 
b/meta/recipes-graphics/vulkan/assimp_5.0.1.bb
index 295ac12fc5..0774f37e31 100644
--- a/meta/recipes-graphics/vulkan/assimp_5.0.1.bb
+++ b/meta/recipes-graphics/vulkan/assimp_5.0.1.bb
@@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = 
"file://LICENSE;md5=2119edef0916b0bd511cb3c731076271"
 
 DEPENDS = "zlib"
 
-SRC_URI = 
"git://github.com/assimp/assimp.git;branch=assimp_5.0_release;protocol=https \
+SRC_URI = "git://github.com/assimp/assimp.git;nobranch=1;protocol=https \

file://0001-closes-https-github.com-assimp-assimp-issues-2733-up.patch \
file://0001-Use-ASSIMP_LIB_INSTALL_DIR-to-search-library.patch \
"
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190543): 
https://lists.openembedded.org/g/openembedded-core/message/190543
Mute This Topic: https://lists.openembedded.org/mt/102598825/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 10/17] cve-check: sort the package list in the JSON report

2023-11-14 Thread Steve Sakoman

From: Ross Burton 

The JSON report generated by the cve-check class is basically a huge
list of packages.  This list of packages is, however, unsorted.

To make things easier for people comparing the JSON, or more
specifically for git when archiving the JSON over time in a git
repository, we can sort the list by package name.

Signed-off-by: Ross Burton 
Signed-off-by: Richard Purdie 
(cherry picked from commit e9861be0e5020830c2ecc24fd091f4f5b05da036)
Signed-off-by: Steve Sakoman 
---
 meta/classes/cve-check.bbclass | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index b0ccefc84d..5e6bae1757 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -97,6 +97,8 @@ def generate_json_report(d, out_path, link_path):
 cve_check_merge_jsons(summary, data)
 filename = f.readline()
 
+summary["package"].sort(key=lambda d: d['name'])
+
 with open(out_path, "w") as f:
 json.dump(summary, f, indent=2)
 
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190540): 
https://lists.openembedded.org/g/openembedded-core/message/190540
Mute This Topic: https://lists.openembedded.org/mt/102598821/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 09/17] xserver-xorg: Fix for CVE-2023-5367 and CVE-2023-5380

2023-11-14 Thread Steve Sakoman

From: Vijay Anusuri 

Upstream-Status: Backport
[https://gitlab.freedesktop.org/xorg/xserver/-/commit/541ab2ecd41d4d8689e71855d93e492bc554719a
&
https://gitlab.freedesktop.org/xorg/xserver/-/commit/564ccf2ce9616620456102727acb8b0256b7bbd7]

Signed-off-by: Vijay Anusuri 
Signed-off-by: Steve Sakoman 
---
 .../xserver-xorg/CVE-2023-5367.patch  |  84 +++
 .../xserver-xorg/CVE-2023-5380.patch  | 102 ++
 .../xorg-xserver/xserver-xorg_1.20.14.bb  |   2 +
 3 files changed, 188 insertions(+)
 create mode 100644 
meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-5367.patch
 create mode 100644 
meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-5380.patch

diff --git 
a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-5367.patch 
b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-5367.patch
new file mode 100644
index 00..508588481e
--- /dev/null
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-5367.patch
@@ -0,0 +1,84 @@
+From 541ab2ecd41d4d8689e71855d93e492bc554719a Mon Sep 17 00:00:00 2001
+From: Peter Hutterer 
+Date: Tue, 3 Oct 2023 11:53:05 +1000
+Subject: [PATCH] Xi/randr: fix handling of PropModeAppend/Prepend
+
+The handling of appending/prepending properties was incorrect, with at
+least two bugs: the property length was set to the length of the new
+part only, i.e. appending or prepending N elements to a property with P
+existing elements always resulted in the property having N elements
+instead of N + P.
+
+Second, when pre-pending a value to a property, the offset for the old
+values was incorrect, leaving the new property with potentially
+uninitalized values and/or resulting in OOB memory writes.
+For example, prepending a 3 element value to a 5 element property would
+result in this 8 value array:
+  [N, N, N, ?, ?, P, P, P ] P, P
+^OOB write
+
+The XI2 code is a copy/paste of the RandR code, so the bug exists in
+both.
+
+CVE-2023-5367, ZDI-CAN-22153
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+
+Signed-off-by: Peter Hutterer 
+
+Upstream-Status: Backport 
[https://gitlab.freedesktop.org/xorg/xserver/-/commit/541ab2ecd41d4d8689e71855d93e492bc554719a]
+CVE: CVE-2023-5367
+Signed-off-by: Vijay Anusuri 
+---
+ Xi/xiproperty.c| 4 ++--
+ randr/rrproperty.c | 4 ++--
+ 2 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/Xi/xiproperty.c b/Xi/xiproperty.c
+index 066ba21fba..d315f04d0e 100644
+--- a/Xi/xiproperty.c
 b/Xi/xiproperty.c
+@@ -730,7 +730,7 @@ XIChangeDeviceProperty(DeviceIntPtr dev, Atom property, 
Atom type,
+ XIDestroyDeviceProperty(prop);
+ return BadAlloc;
+ }
+-new_value.size = len;
++new_value.size = total_len;
+ new_value.type = type;
+ new_value.format = format;
+ 
+@@ -747,7 +747,7 @@ XIChangeDeviceProperty(DeviceIntPtr dev, Atom property, 
Atom type,
+ case PropModePrepend:
+ new_data = new_value.data;
+ old_data = (void *) (((char *) new_value.data) +
+-  (prop_value->size * size_in_bytes));
++  (len * size_in_bytes));
+ break;
+ }
+ if (new_data)
+diff --git a/randr/rrproperty.c b/randr/rrproperty.c
+index c2fb9585c6..25469f57b2 100644
+--- a/randr/rrproperty.c
 b/randr/rrproperty.c
+@@ -209,7 +209,7 @@ RRChangeOutputProperty(RROutputPtr output, Atom property, 
Atom type,
+ RRDestroyOutputProperty(prop);
+ return BadAlloc;
+ }
+-new_value.size = len;
++new_value.size = total_len;
+ new_value.type = type;
+ new_value.format = format;
+ 
+@@ -226,7 +226,7 @@ RRChangeOutputProperty(RROutputPtr output, Atom property, 
Atom type,
+ case PropModePrepend:
+ new_data = new_value.data;
+ old_data = (void *) (((char *) new_value.data) +
+-  (prop_value->size * size_in_bytes));
++  (len * size_in_bytes));
+ break;
+ }
+ if (new_data)
+-- 
+GitLab
+
diff --git 
a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-5380.patch 
b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-5380.patch
new file mode 100644
index 00..720340d83b
--- /dev/null
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-5380.patch
@@ -0,0 +1,102 @@
+From 564ccf2ce9616620456102727acb8b0256b7bbd7 Mon Sep 17 00:00:00 2001
+From: Peter Hutterer 
+Date: Thu, 5 Oct 2023 12:19:45 +1000
+Subject: [PATCH] mi: reset the PointerWindows reference on screen switch
+
+PointerWindows[] keeps a reference to the last window our sprite
+entered - changes are usually handled by CheckMotion().
+
+If we switch between screens via XWarpPointer our
+dev->spriteInfo->sprite->win is set to the new screen's root window.
+If there's

[OE-core][dunfell 11/17] cve-check: slightly more verbose warning when adding the same package twice

2023-11-14 Thread Steve Sakoman

From: Ross Burton 

Occasionally the cve-check tool will warn that it is adding the same
package twice.  Knowing what this package is might be the first step
towards understanding where this message comes from.

Signed-off-by: Ross Burton 
Signed-off-by: Richard Purdie 
(cherry picked from commit c1179faec8583a8b7df192cf1cbf221f0e3001fc)
Signed-off-by: Steve Sakoman 
---
 meta/lib/oe/cve_check.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/lib/oe/cve_check.py b/meta/lib/oe/cve_check.py
index c508865738..a91d691c30 100644
--- a/meta/lib/oe/cve_check.py
+++ b/meta/lib/oe/cve_check.py
@@ -75,7 +75,7 @@ def cve_check_merge_jsons(output, data):
 
 for product in output["package"]:
 if product["name"] == data["package"][0]["name"]:
-bb.error("Error adding the same package twice")
+bb.error("Error adding the same package %s twice" % 
product["name"])
 return
 
 output["package"].append(data["package"][0])
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190541): 
https://lists.openembedded.org/g/openembedded-core/message/190541
Mute This Topic: https://lists.openembedded.org/mt/102598822/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 08/17] Revert "qemu: Backport fix for CVE-2023-0330"

2023-11-14 Thread Steve Sakoman

This reverts commit 45ce9885351a2344737170e6e810dc67ab3e7ea9.

Unfortunately this backport results in qemuarmv5 failing to boot with
a qemu lsi hw error.

[YOCTO #15274]

See discussion: https://bugzilla.yoctoproject.org/show_bug.cgi?id=15274

Signed-off-by: Steve Sakoman 
---
 meta/recipes-devtools/qemu/qemu.inc   |   3 +-
 ...-2023-0330_1.patch => CVE-2023-0330.patch} |   0
 .../qemu/qemu/CVE-2023-0330_2.patch   | 135 --
 3 files changed, 1 insertion(+), 137 deletions(-)
 rename meta/recipes-devtools/qemu/qemu/{CVE-2023-0330_1.patch => 
CVE-2023-0330.patch} (100%)
 delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2023-0330_2.patch

diff --git a/meta/recipes-devtools/qemu/qemu.inc 
b/meta/recipes-devtools/qemu/qemu.inc
index e6b26aba88..a24915c35c 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -137,8 +137,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
file://CVE-2021-3409-4.patch \
file://CVE-2021-3409-5.patch \
file://hw-display-qxl-Pass-requested-buffer-size-to-qxl_phy.patch \
-   file://CVE-2023-0330_1.patch \
-   file://CVE-2023-0330_2.patch \
+   file://CVE-2023-0330.patch \
file://CVE-2023-3354.patch \
   file://CVE-2023-3180.patch \
file://CVE-2020-24165.patch \
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2023-0330_1.patch 
b/meta/recipes-devtools/qemu/qemu/CVE-2023-0330.patch
similarity index 100%
rename from meta/recipes-devtools/qemu/qemu/CVE-2023-0330_1.patch
rename to meta/recipes-devtools/qemu/qemu/CVE-2023-0330.patch
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2023-0330_2.patch 
b/meta/recipes-devtools/qemu/qemu/CVE-2023-0330_2.patch
deleted file mode 100644
index 3b45bc0411..00
--- a/meta/recipes-devtools/qemu/qemu/CVE-2023-0330_2.patch
+++ /dev/null
@@ -1,135 +0,0 @@
-From a2e1753b8054344f32cf94f31c6399a58794a380 Mon Sep 17 00:00:00 2001
-From: Alexander Bulekov 
-Date: Thu, 27 Apr 2023 17:10:06 -0400
-Subject: [PATCH] memory: prevent dma-reentracy issues
-
-Add a flag to the DeviceState, when a device is engaged in PIO/MMIO/DMA.
-This flag is set/checked prior to calling a device's MemoryRegion
-handlers, and set when device code initiates DMA.  The purpose of this
-flag is to prevent two types of DMA-based reentrancy issues:
-
-1.) mmio -> dma -> mmio case
-2.) bh -> dma write -> mmio case
-
-These issues have led to problems such as stack-exhaustion and
-use-after-frees.
-
-Summary of the problem from Peter Maydell:
-https://lore.kernel.org/qemu-devel/cafeaca_23vc7he3iam-jva6w38lk4hjowae5kcknhprd5fp...@mail.gmail.com
-
-Resolves: https://gitlab.com/qemu-project/qemu/-/issues/62
-Resolves: https://gitlab.com/qemu-project/qemu/-/issues/540
-Resolves: https://gitlab.com/qemu-project/qemu/-/issues/541
-Resolves: https://gitlab.com/qemu-project/qemu/-/issues/556
-Resolves: https://gitlab.com/qemu-project/qemu/-/issues/557
-Resolves: https://gitlab.com/qemu-project/qemu/-/issues/827
-Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1282
-Resolves: CVE-2023-0330
-
-Signed-off-by: Alexander Bulekov 
-Reviewed-by: Thomas Huth 
-Message-Id: <20230427211013.2994127-2-alx...@bu.edu>
-[thuth: Replace warn_report() with warn_report_once()]
-Signed-off-by: Thomas Huth 
-
-Upstream-Status: Backport 
[https://gitlab.com/qemu-project/qemu/-/commit/a2e1753b8054344f32cf94f31c6399a58794a380]
-CVE: CVE-2023-0330
-Signed-off-by: Vijay Anusuri 

- include/exec/memory.h  |  5 +
- include/hw/qdev-core.h |  7 +++
- memory.c   | 16 
- 3 files changed, 28 insertions(+)
-
-diff --git a/include/exec/memory.h b/include/exec/memory.h
-index 2b8bccdd..0c8cdb8e 100644
 a/include/exec/memory.h
-+++ b/include/exec/memory.h
-@@ -378,6 +378,8 @@ struct MemoryRegion {
- bool is_iommu;
- RAMBlock *ram_block;
- Object *owner;
-+/* owner as TYPE_DEVICE. Used for re-entrancy checks in MR access hotpath 
*/
-+DeviceState *dev;
- 
- const MemoryRegionOps *ops;
- void *opaque;
-@@ -400,6 +402,9 @@ struct MemoryRegion {
- const char *name;
- unsigned ioeventfd_nb;
- MemoryRegionIoeventfd *ioeventfds;
-+
-+/* For devices designed to perform re-entrant IO into their own IO MRs */
-+bool disable_reentrancy_guard;
- };
- 
- struct IOMMUMemoryRegion {
-diff --git a/include/hw/qdev-core.h b/include/hw/qdev-core.h
-index 1518495b..206f0a70 100644
 a/include/hw/qdev-core.h
-+++ b/include/hw/qdev-core.h
-@@ -138,6 +138,10 @@ struct NamedGPIOList {
- QLIST_ENTRY(NamedGPIOList) node;
- };
- 
-+typedef struct {
-+bool engaged_in_io;
-+} MemReentrancyGuard;
-+
- /**
-  * DeviceState:
-  * @realized: Indicates whether the device has been fully constructed.
-@@ -163,6 +167,9 @@ struct DeviceState {
- int num_child_bus;
- int instance_id_alias;
- int alias_required_for_version;
-+
-+/* Is the device currently in

[OE-core][dunfell 06/17] libwebp: Fix CVE-2023-4863

2023-11-14 Thread Steve Sakoman

From: Soumya Sambu 

Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187
allowed a remote attacker to perform an out of bounds memory write via
a crafted HTML page.

Removed CVE-2023-5129.patch as CVE-2023-5129 is duplicate of CVE-2023-4863.

CVE: CVE-2023-4863

References:
https://nvd.nist.gov/vuln/detail/CVE-2023-4863
https://security-tracker.debian.org/tracker/CVE-2023-4863
https://bugzilla.redhat.com/show_bug.cgi?id=2238431#c12

Signed-off-by: Soumya Sambu 
Signed-off-by: Steve Sakoman 
---
 ...23-5129.patch => CVE-2023-4863-0001.patch} | 27 --
 .../webp/files/CVE-2023-4863-0002.patch   | 53 +++
 meta/recipes-multimedia/webp/libwebp_1.1.0.bb |  3 +-
 3 files changed, 66 insertions(+), 17 deletions(-)
 rename meta/recipes-multimedia/webp/files/{CVE-2023-5129.patch => 
CVE-2023-4863-0001.patch} (95%)
 create mode 100644 meta/recipes-multimedia/webp/files/CVE-2023-4863-0002.patch

diff --git a/meta/recipes-multimedia/webp/files/CVE-2023-5129.patch 
b/meta/recipes-multimedia/webp/files/CVE-2023-4863-0001.patch
similarity index 95%
rename from meta/recipes-multimedia/webp/files/CVE-2023-5129.patch
rename to meta/recipes-multimedia/webp/files/CVE-2023-4863-0001.patch
index 068c56..419b12f7d9 100644
--- a/meta/recipes-multimedia/webp/files/CVE-2023-5129.patch
+++ b/meta/recipes-multimedia/webp/files/CVE-2023-4863-0001.patch
@@ -1,7 +1,7 @@
-From 12b11893edf6c201710ebeee7c84743a8573fad6 Mon Sep 17 00:00:00 2001
+From 902bc9190331343b2017211debcec8d2ab87e17a Mon Sep 17 00:00:00 2001
 From: Vincent Rabaud 
 Date: Thu, 7 Sep 2023 21:16:03 +0200
-Subject: [PATCH 1/1] Fix OOB write in BuildHuffmanTable.
+Subject: [PATCH 1/2] Fix OOB write in BuildHuffmanTable.
 
 First, BuildHuffmanTable is called to check if the data is valid.
 If it is and the table is not big enough, more memory is allocated.
@@ -12,16 +12,11 @@ codes) streams are still decodable.
 Bug: chromium:1479274
 Change-Id: I31c36dbf3aa78d35ecf38706b50464fd3d375741
 
-Notice that it references different CVE id:
-https://nvd.nist.gov/vuln/detail/CVE-2023-5129
-which was marked as a rejected duplicate of:
-https://nvd.nist.gov/vuln/detail/CVE-2023-4863
-but it's the same issue. Hence update CVE ID CVE-2023-4863
+CVE: CVE-2023-4863
 
-CVE: CVE-2023-5129 CVE-2023-4863
-Upstream-Status: Backport 
[https://github.com/webmproject/libwebp/commit/2af26267cdfcb63a88e5c74a85927a12d6ca1d76]
-Signed-off-by: Colin McAllister 
-Signed-off-by: Pawan Badganchi 
+Upstream-Status: Backport 
[https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a]
+
+Signed-off-by: Soumya Sambu 
 ---
  src/dec/vp8l_dec.c| 46 ++-
  src/dec/vp8li_dec.h   |  2 +-
@@ -30,7 +25,7 @@ Signed-off-by: Pawan Badganchi 
  4 files changed, 129 insertions(+), 43 deletions(-)
 
 diff --git a/src/dec/vp8l_dec.c b/src/dec/vp8l_dec.c
-index 93615d4e..0d38314d 100644
+index 93615d4..0d38314 100644
 --- a/src/dec/vp8l_dec.c
 +++ b/src/dec/vp8l_dec.c
 @@ -253,11 +253,11 @@ static int ReadHuffmanCodeLengths(
@@ -178,7 +173,7 @@ index 93615d4e..0d38314d 100644
assert(dec->hdr_.num_htree_groups_ > 0);
  
 diff --git a/src/dec/vp8li_dec.h b/src/dec/vp8li_dec.h
-index 72b2e861..32540a4b 100644
+index 72b2e86..32540a4 100644
 --- a/src/dec/vp8li_dec.h
 +++ b/src/dec/vp8li_dec.h
 @@ -51,7 +51,7 @@ typedef struct {
@@ -191,7 +186,7 @@ index 72b2e861..32540a4b 100644
  
  typedef struct VP8LDecoder VP8LDecoder;
 diff --git a/src/utils/huffman_utils.c b/src/utils/huffman_utils.c
-index 0cba0fbb..9efd6283 100644
+index 0cba0fb..9efd628 100644
 --- a/src/utils/huffman_utils.c
 +++ b/src/utils/huffman_utils.c
 @@ -177,21 +177,24 @@ static int BuildHuffmanTable(HuffmanCode* const 
root_table, int root_bits,
@@ -322,7 +317,7 @@ index 0cba0fbb..9efd6283 100644
 +  }
 +}
 diff --git a/src/utils/huffman_utils.h b/src/utils/huffman_utils.h
-index 13b7ad1a..98415c53 100644
+index 13b7ad1..98415c5 100644
 --- a/src/utils/huffman_utils.h
 +++ b/src/utils/huffman_utils.h
 @@ -43,6 +43,29 @@ typedef struct {
@@ -367,5 +362,5 @@ index 13b7ad1a..98415c53 100644
  
  #ifdef __cplusplus
 -- 
-2.34.1
+2.40.0
 
diff --git a/meta/recipes-multimedia/webp/files/CVE-2023-4863-0002.patch 
b/meta/recipes-multimedia/webp/files/CVE-2023-4863-0002.patch
new file mode 100644
index 00..c1eedb6100
--- /dev/null
+++ b/meta/recipes-multimedia/webp/files/CVE-2023-4863-0002.patch
@@ -0,0 +1,53 @@
+From 95ea5226c870449522240ccff26f0b006037c520 Mon Sep 17 00:00:00 2001
+From: Vincent Rabaud 
+Date: Mon, 11 Sep 2023 16:06:08 +0200
+Subject: [PATCH 2/2] Fix invalid incremental decoding check.
+
+The first condition is only necessary if we have not read enough
+(enough being defined by src_last, not src_end which is the end
+of the image).
+The second condition now fits the comment below: "if not
+incremental, and we are past the end of buffer".
+
+BUG=oss-fuzz:62136
+
+Change-Id: I0700f67c62db8e1c02c2e429a069a71e606a5e4f
+
+CVE:

[OE-core][dunfell 07/17] zlib: Backport fix for CVE-2023-45853

2023-11-14 Thread Steve Sakoman

From: Ashish Sharma 

Upstream-Status: Backport from 
[https://github.com/madler/zlib/commit/73331a6a0481067628f065ffe87bb1d8f787d10c]

Signed-off-by: Ashish Sharma 
Signed-off-by: Steve Sakoman 
---
 .../zlib/zlib/CVE-2023-45853.patch| 40 +++
 meta/recipes-core/zlib/zlib_1.2.11.bb |  1 +
 2 files changed, 41 insertions(+)
 create mode 100644 meta/recipes-core/zlib/zlib/CVE-2023-45853.patch

diff --git a/meta/recipes-core/zlib/zlib/CVE-2023-45853.patch 
b/meta/recipes-core/zlib/zlib/CVE-2023-45853.patch
new file mode 100644
index 00..654579eb81
--- /dev/null
+++ b/meta/recipes-core/zlib/zlib/CVE-2023-45853.patch
@@ -0,0 +1,40 @@
+From 73331a6a0481067628f065ffe87bb1d8f787d10c Mon Sep 17 00:00:00 2001
+From: Hans Wennborg 
+Date: Fri, 18 Aug 2023 11:05:33 +0200
+Subject: [PATCH] Reject overflows of zip header fields in minizip.
+
+This checks the lengths of the file name, extra field, and comment
+that would be put in the zip headers, and rejects them if they are
+too long. They are each limited to 65535 bytes in length by the zip
+format. This also avoids possible buffer overflows if the provided
+fields are too long.
+
+Upstream-Status: Backport from 
[https://github.com/madler/zlib/commit/73331a6a0481067628f065ffe87bb1d8f787d10c]
+CVE: CVE-2023-45853
+Signed-off-by: Ashish Sharma 
+---
+ contrib/minizip/zip.c | 11 +++
+ 1 file changed, 11 insertions(+)
+
+diff --git a/contrib/minizip/zip.c b/contrib/minizip/zip.c
+index 3d3d4cadd..0446109b2 100644
+--- a/contrib/minizip/zip.c
 b/contrib/minizip/zip.c
+@@ -1043,6 +1043,17 @@ extern int ZEXPORT zipOpenNewFileInZip4_64(zipFile 
file, const char* filename, c
+   return ZIP_PARAMERROR;
+ #endif
+ 
++// The filename and comment length must fit in 16 bits.
++if ((filename!=NULL) && (strlen(filename)>0x))
++return ZIP_PARAMERROR;
++if ((comment!=NULL) && (strlen(comment)>0x))
++return ZIP_PARAMERROR;
++// The extra field length must fit in 16 bits. If the member also requires
++// a Zip64 extra block, that will also need to fit within that 16-bit
++// length, but that will be checked for later.
++if ((size_extrafield_local>0x) || (size_extrafield_global>0x))
++return ZIP_PARAMERROR;
++
+ zi = (zip64_internal*)file;
+ 
+ if (zi->in_opened_file_inzip == 1)
diff --git a/meta/recipes-core/zlib/zlib_1.2.11.bb 
b/meta/recipes-core/zlib/zlib_1.2.11.bb
index e2fbc12bd8..910fc2ec17 100644
--- a/meta/recipes-core/zlib/zlib_1.2.11.bb
+++ b/meta/recipes-core/zlib/zlib_1.2.11.bb
@@ -11,6 +11,7 @@ SRC_URI = 
"${SOURCEFORGE_MIRROR}/libpng/${BPN}/${PV}/${BPN}-${PV}.tar.xz \
file://CVE-2018-25032.patch \
file://run-ptest \
file://CVE-2022-37434.patch \
+   file://CVE-2023-45853.patch \
"
 UPSTREAM_CHECK_URI = "http://zlib.net/;
 
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190537): 
https://lists.openembedded.org/g/openembedded-core/message/190537
Mute This Topic: https://lists.openembedded.org/mt/102598817/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 05/17] glibc: ignore CVE-2023-4527

2023-11-14 Thread Steve Sakoman

From: Peter Marko 

This vulnerability was introduced in 2.36, so 2.31 is not vulnerable.

Signed-off-by: Peter Marko 
Signed-off-by: Steve Sakoman 
---
 meta/recipes-core/glibc/glibc_2.31.bb | 7 +++
 1 file changed, 7 insertions(+)

diff --git a/meta/recipes-core/glibc/glibc_2.31.bb 
b/meta/recipes-core/glibc/glibc_2.31.bb
index 1862586749..8298088323 100644
--- a/meta/recipes-core/glibc/glibc_2.31.bb
+++ b/meta/recipes-core/glibc/glibc_2.31.bb
@@ -29,6 +29,13 @@ CVE_CHECK_WHITELIST += "CVE-2019-1010025"
 # 
https://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?h=dunfell=e1e89ff7d75c3d2223f9e3bd875b9b0c5e15836b
 CVE_CHECK_WHITELIST += "CVE-2021-35942"
 
+# glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4527
+# This vulnerability was introduced in 2.36 by commit
+# f282cdbe7f436c75864e5640a409a10485e9abb2 resolv: Implement no- stub 
resolver option
+# so our version is not yet vulnerable
+# See https://sourceware.org/bugzilla/show_bug.cgi?id=30842
+CVE_CHECK_WHITELIST += "CVE-2023-4527"
+
 DEPENDS += "gperf-native bison-native make-native"
 
 NATIVESDKFIXES ?= ""
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190535): 
https://lists.openembedded.org/g/openembedded-core/message/190535
Mute This Topic: https://lists.openembedded.org/mt/102598815/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 00/17] Patch review

2023-11-14 Thread Steve Sakoman

Please review this set of changes for dunfell and have comments back by
end of day Thursday, November 16

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6194

The following changes since commit 0dbf3a15321b8033ff8ed86c6aa261fdb9c3d5bb:

  build-appliance-image: Update to dunfell head revision (2023-10-27 04:22:17 
-1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Ashish Sharma (1):
  zlib: Backport fix for CVE-2023-45853

Hitendra Prajapati (1):
  tiff: Security fix for CVE-2023-40745

Lee Chee Yang (1):
  kexec-tools: Ignore Fedora/RedHat specific CVE-2021-20269

Mikko Rapeli (1):
  lz4: use CFLAGS from bitbake

Naveen Saini (2):
  assimp: Explicitly use nobranch=1 in SRC_URI
  resolvconf: Fix fetch error

Peter Marko (1):
  glibc: ignore CVE-2023-4527

Ross Burton (3):
  cve-check: sort the package list in the JSON report
  cve-check: slightly more verbose warning when adding the same package
twice
  cve-check: don't warn if a patch is remote

Soumya Sambu (1):
  libwebp: Fix CVE-2023-4863

Steve Sakoman (3):
  Revert "qemu: Backport fix for CVE-2023-0330"
  lz4: Update sstate/equiv versions to clean cache
  selftest: skip virgl test on all fedora

Vijay Anusuri (3):
  tiff: CVE patch correction for CVE-2023-3576
  tiff: backport Debian patch to fix CVE-2023-41175
  xserver-xorg: Fix for CVE-2023-5367 and CVE-2023-5380

 meta/classes/cve-check.bbclass|   2 +
 meta/lib/oe/cve_check.py  |  13 +-
 meta/lib/oeqa/selftest/cases/runtime_test.py  |  10 +-
 .../resolvconf/resolvconf_1.82.bb |   2 +-
 meta/recipes-core/glibc/glibc_2.31.bb |   7 +
 .../zlib/zlib/CVE-2023-45853.patch|  40 ++
 meta/recipes-core/zlib/zlib_1.2.11.bb |   1 +
 meta/recipes-devtools/qemu/qemu.inc   |   3 +-
 ...-2023-0330_1.patch => CVE-2023-0330.patch} |   0
 .../qemu/qemu/CVE-2023-0330_2.patch   | 135 --
 meta/recipes-graphics/vulkan/assimp_5.0.1.bb  |   2 +-
 .../xserver-xorg/CVE-2023-5367.patch  |  84 +++
 .../xserver-xorg/CVE-2023-5380.patch  | 102 +
 .../xorg-xserver/xserver-xorg_1.20.14.bb  |   2 +
 .../kexec/kexec-tools_2.0.20.bb   |   3 +
 ...-2023-3618-1.patch => CVE-2023-3576.patch} |   3 +-
 ...-2023-3618-2.patch => CVE-2023-3618.patch} |   0
 .../libtiff/files/CVE-2023-40745.patch|  34 +
 .../libtiff/files/CVE-2023-41175.patch|  67 +
 meta/recipes-multimedia/libtiff/tiff_4.1.0.bb |   6 +-
 ...23-5129.patch => CVE-2023-4863-0001.patch} |  27 ++--
 .../webp/files/CVE-2023-4863-0002.patch   |  53 +++
 meta/recipes-multimedia/webp/libwebp_1.1.0.bb |   3 +-
 meta/recipes-support/lz4/lz4_1.9.2.bb |   6 +-
 24 files changed, 431 insertions(+), 174 deletions(-)
 create mode 100644 meta/recipes-core/zlib/zlib/CVE-2023-45853.patch
 rename meta/recipes-devtools/qemu/qemu/{CVE-2023-0330_1.patch => 
CVE-2023-0330.patch} (100%)
 delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2023-0330_2.patch
 create mode 100644 
meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-5367.patch
 create mode 100644 
meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-5380.patch
 rename meta/recipes-multimedia/libtiff/files/{CVE-2023-3618-1.patch => 
CVE-2023-3576.patch} (93%)
 rename meta/recipes-multimedia/libtiff/files/{CVE-2023-3618-2.patch => 
CVE-2023-3618.patch} (100%)
 create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-40745.patch
 create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-41175.patch
 rename meta/recipes-multimedia/webp/files/{CVE-2023-5129.patch => 
CVE-2023-4863-0001.patch} (95%)
 create mode 100644 meta/recipes-multimedia/webp/files/CVE-2023-4863-0002.patch

-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190530): 
https://lists.openembedded.org/g/openembedded-core/message/190530
Mute This Topic: https://lists.openembedded.org/mt/102598808/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 04/17] tiff: backport Debian patch to fix CVE-2023-41175

2023-11-14 Thread Steve Sakoman

From: Vijay Anusuri 

Upstream-Status: Backport [import from debian 
security.debian.org/debian-security/pool/updates/main/t/tiff/tiff_4.1.0+git191117-2~deb10u8.debian.tar.xz
Upstream commit 
https://gitlab.com/libtiff/libtiff/-/commit/6e2dac5f904496d127c92ddc4e56eccfca25c2ee]

Reference: https://security-tracker.debian.org/tracker/CVE-2023-41175

Signed-off-by: Vijay Anusuri 
Signed-off-by: Steve Sakoman 
---
 .../libtiff/files/CVE-2023-41175.patch| 67 +++
 meta/recipes-multimedia/libtiff/tiff_4.1.0.bb |  1 +
 2 files changed, 68 insertions(+)
 create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-41175.patch

diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2023-41175.patch 
b/meta/recipes-multimedia/libtiff/files/CVE-2023-41175.patch
new file mode 100644
index 00..3f44a42012
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/files/CVE-2023-41175.patch
@@ -0,0 +1,67 @@
+From 4cc97e3dfa6559f4d17af0d0687bcae07ca4b73d Mon Sep 17 00:00:00 2001
+From: Arie Haenel 
+Date: Wed, 19 Jul 2023 19:40:01 +
+Subject: raw2tiff: fix integer overflow and bypass of the check (fixes #592)
+
+Upstream-Status: Backport [import from debian 
security.debian.org/debian-security/pool/updates/main/t/tiff/tiff_4.1.0+git191117-2~deb10u8.debian.tar.xz
+Upstream commit 
https://gitlab.com/libtiff/libtiff/-/commit/6e2dac5f904496d127c92ddc4e56eccfca25c2ee]
+CVE: CVE-2023-41175
+Signed-off-by: Vijay Anusuri 
+---
+ tools/raw2tiff.c | 26 ++
+ 1 file changed, 26 insertions(+)
+
+diff --git a/tools/raw2tiff.c b/tools/raw2tiff.c
+index ab36ff4e..a905da52 100644
+--- a/tools/raw2tiff.c
 b/tools/raw2tiff.c
+@@ -35,6 +35,7 @@
+ #include 
+ #include 
+ #include 
++#include 
+ 
+ #ifdef HAVE_UNISTD_H
+ # include 
+@@ -101,6 +102,7 @@ main(int argc, char* argv[])
+   int fd;
+   char*outfilename = NULL;
+   TIFF*out;
++  uint32  temp_limit_check = 0;
+ 
+   uint32 row, col, band;
+   int c;
+@@ -212,6 +214,30 @@ main(int argc, char* argv[])
+   if (guessSize(fd, dtype, hdr_size, nbands, swab, , ) < 0)
+   return 1;
+ 
++  if ((width == 0) || (length == 0) ){
++  fprintf(stderr, "Too large nbands value specified.\n");
++  return (EXIT_FAILURE);
++  }
++
++  temp_limit_check = nbands * depth;
++
++  if ( !temp_limit_check || length > ( UINT_MAX / temp_limit_check ) )  {
++  fprintf(stderr, "Too large length size specified.\n");
++  return (EXIT_FAILURE);
++  }
++  temp_limit_check = temp_limit_check * length;
++
++  if ( !temp_limit_check || width > ( UINT_MAX / temp_limit_check ) )  {
++  fprintf(stderr, "Too large width size specified.\n");
++  return (EXIT_FAILURE);
++  }
++  temp_limit_check = temp_limit_check * width;
++
++  if ( !temp_limit_check || hdr_size > ( UINT_MAX - temp_limit_check ) )  
{
++  fprintf(stderr, "Too large header size specified.\n");
++  return (EXIT_FAILURE);
++  }
++
+   if (outfilename == NULL)
+   outfilename = argv[optind+1];
+   out = TIFFOpen(outfilename, "w");
+-- 
+2.30.2
+
diff --git a/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb 
b/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb
index 31e7db19aa..2697a28463 100644
--- a/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb
+++ b/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb
@@ -46,6 +46,7 @@ SRC_URI = 
"http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
file://CVE-2023-3576.patch \
file://CVE-2023-3618.patch \
file://CVE-2023-40745.patch \
+   file://CVE-2023-41175.patch \
   "
 SRC_URI[md5sum] = "2165e7aba557463acc0664e71a3ed424"
 SRC_URI[sha256sum] = 
"5d29f32517dadb6dbcd1255ea5bbc93a2b54b94fbf83653b4d65c7d6775b8634"
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190534): 
https://lists.openembedded.org/g/openembedded-core/message/190534
Mute This Topic: https://lists.openembedded.org/mt/102598813/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 03/17] tiff: Security fix for CVE-2023-40745

2023-11-14 Thread Steve Sakoman

From: Hitendra Prajapati 

Upstream-Status: Backport from 
https://gitlab.com/libtiff/libtiff/-/commit/4fc16f649fa2875d5c388cf2edc295510a247ee5

Signed-off-by: Hitendra Prajapati 
Signed-off-by: Steve Sakoman 
---
 .../libtiff/files/CVE-2023-40745.patch| 34 +++
 meta/recipes-multimedia/libtiff/tiff_4.1.0.bb |  1 +
 2 files changed, 35 insertions(+)
 create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-40745.patch

diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2023-40745.patch 
b/meta/recipes-multimedia/libtiff/files/CVE-2023-40745.patch
new file mode 100644
index 00..6eb286039f
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/files/CVE-2023-40745.patch
@@ -0,0 +1,34 @@
+From 4fc16f649fa2875d5c388cf2edc295510a247ee5 Mon Sep 17 00:00:00 2001
+From: Arie Haenel 
+Date: Wed, 19 Jul 2023 19:34:25 +
+Subject: [PATCH] tiffcp: fix memory corruption (overflow) on hostile images
+ (fixes #591)
+
+Upstream-Status: Backport from 
[https://gitlab.com/libtiff/libtiff/-/commit/4fc16f649fa2875d5c388cf2edc295510a247ee5]
+CVE: CVE-2023-40745
+Signed-off-by: Hitendra Prajapati 
+---
+ tools/tiffcp.c | 7 +++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/tools/tiffcp.c b/tools/tiffcp.c
+index 83b3910..007bd05 100644
+--- a/tools/tiffcp.c
 b/tools/tiffcp.c
+@@ -1437,6 +1437,13 @@ DECLAREreadFunc(readSeparateTilesIntoBuffer)
+   TIFFError(TIFFFileName(in), "Error, cannot handle that much 
samples per tile row (Tile Width * Samples/Pixel)");
+   return 0;
+   }
++
++  if ( (imagew - tilew * spp) > INT_MAX ){
++TIFFError(TIFFFileName(in),
++  "Error, image raster scan line size is too large");
++return 0;
++  }
++
+   iskew = imagew - tilew*spp;
+   tilebuf = _TIFFmalloc(tilesize);
+   if (tilebuf == 0)
+-- 
+2.25.1
+
diff --git a/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb 
b/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb
index d27381b4cd..31e7db19aa 100644
--- a/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb
+++ b/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb
@@ -45,6 +45,7 @@ SRC_URI = 
"http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
file://CVE-2023-3316.patch \
file://CVE-2023-3576.patch \
file://CVE-2023-3618.patch \
+   file://CVE-2023-40745.patch \
   "
 SRC_URI[md5sum] = "2165e7aba557463acc0664e71a3ed424"
 SRC_URI[sha256sum] = 
"5d29f32517dadb6dbcd1255ea5bbc93a2b54b94fbf83653b4d65c7d6775b8634"
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190533): 
https://lists.openembedded.org/g/openembedded-core/message/190533
Mute This Topic: https://lists.openembedded.org/mt/102598812/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 02/17] tiff: CVE patch correction for CVE-2023-3576

2023-11-14 Thread Steve Sakoman

From: Vijay Anusuri 

- The commit 
[https://gitlab.com/libtiff/libtiff/-/commit/881a070194783561fd209b7c789a4e75566f7f37]
fixes CVE-2023-3576
- Hence, renamed the CVE-2023-3618-1.patch to CVE-2023-3576.patch
- Reference: https://security-tracker.debian.org/tracker/CVE-2023-3576
 https://security-tracker.debian.org/tracker/CVE-2023-3618

Signed-off-by: Vijay Anusuri 
Signed-off-by: Steve Sakoman 
---
 .../files/{CVE-2023-3618-1.patch => CVE-2023-3576.patch}  | 3 ++-
 .../files/{CVE-2023-3618-2.patch => CVE-2023-3618.patch}  | 0
 meta/recipes-multimedia/libtiff/tiff_4.1.0.bb | 4 ++--
 3 files changed, 4 insertions(+), 3 deletions(-)
 rename meta/recipes-multimedia/libtiff/files/{CVE-2023-3618-1.patch => 
CVE-2023-3576.patch} (93%)
 rename meta/recipes-multimedia/libtiff/files/{CVE-2023-3618-2.patch => 
CVE-2023-3618.patch} (100%)

diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2023-3618-1.patch 
b/meta/recipes-multimedia/libtiff/files/CVE-2023-3576.patch
similarity index 93%
rename from meta/recipes-multimedia/libtiff/files/CVE-2023-3618-1.patch
rename to meta/recipes-multimedia/libtiff/files/CVE-2023-3576.patch
index 35ed852519..67837fe142 100644
--- a/meta/recipes-multimedia/libtiff/files/CVE-2023-3618-1.patch
+++ b/meta/recipes-multimedia/libtiff/files/CVE-2023-3576.patch
@@ -4,8 +4,9 @@ Date: Tue, 7 Mar 2023 15:02:08 +0800
 Subject: [PATCH] Fix memory leak in tiffcrop.c
 
 Upstream-Status: Backport 
[https://gitlab.com/libtiff/libtiff/-/commit/881a070194783561fd209b7c789a4e75566f7f37]
-CVE: CVE-2023-3618
+CVE: CVE-2023-3576
 Signed-off-by: Hitendra Prajapati 
+Signed-off-by: Vijay Anusuri 
 ---
  tools/tiffcrop.c | 7 ++-
  1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2023-3618-2.patch 
b/meta/recipes-multimedia/libtiff/files/CVE-2023-3618.patch
similarity index 100%
rename from meta/recipes-multimedia/libtiff/files/CVE-2023-3618-2.patch
rename to meta/recipes-multimedia/libtiff/files/CVE-2023-3618.patch
diff --git a/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb 
b/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb
index 6df4244697..d27381b4cd 100644
--- a/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb
+++ b/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb
@@ -43,8 +43,8 @@ SRC_URI = 
"http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
file://CVE-2023-26966.patch \
file://CVE-2023-2908.patch \
file://CVE-2023-3316.patch \
-   file://CVE-2023-3618-1.patch \
-   file://CVE-2023-3618-2.patch \
+   file://CVE-2023-3576.patch \
+   file://CVE-2023-3618.patch \
   "
 SRC_URI[md5sum] = "2165e7aba557463acc0664e71a3ed424"
 SRC_URI[sha256sum] = 
"5d29f32517dadb6dbcd1255ea5bbc93a2b54b94fbf83653b4d65c7d6775b8634"
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190532): 
https://lists.openembedded.org/g/openembedded-core/message/190532
Mute This Topic: https://lists.openembedded.org/mt/102598811/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 01/17] kexec-tools: Ignore Fedora/RedHat specific CVE-2021-20269

2023-11-14 Thread Steve Sakoman

From: Lee Chee Yang 

Signed-off-by: Lee Chee Yang 
Signed-off-by: Steve Sakoman 
---
 meta/recipes-kernel/kexec/kexec-tools_2.0.20.bb | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/meta/recipes-kernel/kexec/kexec-tools_2.0.20.bb 
b/meta/recipes-kernel/kexec/kexec-tools_2.0.20.bb
index 871b36440f..206c6ccae7 100644
--- a/meta/recipes-kernel/kexec/kexec-tools_2.0.20.bb
+++ b/meta/recipes-kernel/kexec/kexec-tools_2.0.20.bb
@@ -30,6 +30,9 @@ inherit autotools update-rc.d systemd
 export LDFLAGS = "-L${STAGING_LIBDIR}"
 EXTRA_OECONF = " --with-zlib=yes"
 
+# affects kexec-tools shipped by Fedora versions prior to 2.0.21-8 and RHEL 
versions prior to 2.0.20-47.
+CVE_CHECK_WHITELIST += "CVE-2021-20269"
+
 do_compile_prepend() {
 # Remove the prepackaged config.h from the source tree as it overrides
 # the same file generated by configure and placed in the build tree
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190531): 
https://lists.openembedded.org/g/openembedded-core/message/190531
Mute This Topic: https://lists.openembedded.org/mt/102598809/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] Patchtest results for [PATCH] selftest/reproducible: Allow packages exclusion via config

2023-11-14 Thread Patchtest

Thank you for your submission. Patchtest identified one
or more issues with the patch. Please see the log below for
more information:

---
Testing patch 
/home/patchtest/share/mboxes/selftest-reproducible-Allow-packages-exclusion-via-config.patch

FAIL: test max line length: Patch line too long (current length 233, maximum is 
200) (test_metadata.TestMetadata.test_max_line_length)

PASS: pretest pylint (test_python_pylint.PyLint.pretest_pylint)
PASS: test Signed-off-by presence 
(test_mbox.TestMbox.test_signed_off_by_presence)
PASS: test author valid (test_mbox.TestMbox.test_author_valid)
PASS: test commit message presence 
(test_mbox.TestMbox.test_commit_message_presence)
PASS: test mbox format (test_mbox.TestMbox.test_mbox_format)
PASS: test non-AUH upgrade (test_mbox.TestMbox.test_non_auh_upgrade)
PASS: test pylint (test_python_pylint.PyLint.test_pylint)
PASS: test shortlog format (test_mbox.TestMbox.test_shortlog_format)
PASS: test shortlog length (test_mbox.TestMbox.test_shortlog_length)

SKIP: pretest src uri left files: No modified recipes, skipping pretest 
(test_metadata.TestMetadata.pretest_src_uri_left_files)
SKIP: test CVE tag format: No new CVE patches introduced 
(test_patch.TestPatch.test_cve_tag_format)
SKIP: test Signed-off-by presence: No new CVE patches introduced 
(test_patch.TestPatch.test_signed_off_by_presence)
SKIP: test Upstream-Status presence: No new CVE patches introduced 
(test_patch.TestPatch.test_upstream_status_presence_format)
SKIP: test bugzilla entry format: No bug ID found 
(test_mbox.TestMbox.test_bugzilla_entry_format)
SKIP: test lic files chksum modified not mentioned: No modified recipes, 
skipping test 
(test_metadata.TestMetadata.test_lic_files_chksum_modified_not_mentioned)
SKIP: test lic files chksum presence: No added recipes, skipping test 
(test_metadata.TestMetadata.test_lic_files_chksum_presence)
SKIP: test license presence: No added recipes, skipping test 
(test_metadata.TestMetadata.test_license_presence)
SKIP: test series merge on head: Merge test is disabled for now 
(test_mbox.TestMbox.test_series_merge_on_head)
SKIP: test src uri left files: No modified recipes, skipping pretest 
(test_metadata.TestMetadata.test_src_uri_left_files)
SKIP: test summary presence: No added recipes, skipping test 
(test_metadata.TestMetadata.test_summary_presence)
SKIP: test target mailing list: Series merged, no reason to check other mailing 
lists (test_mbox.TestMbox.test_target_mailing_list)

---

Please address the issues identified and
submit a new revision of the patch, or alternatively, reply to this
email with an explanation of why the patch should be accepted. If you
believe these results are due to an error in patchtest, please submit a
bug at https://bugzilla.yoctoproject.org/ (use the 'Patchtest' category
under 'Yocto Project Subprojects'). For more information on specific
failures, see: https://wiki.yoctoproject.org/wiki/Patchtest. Thank
you!

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190529): 
https://lists.openembedded.org/g/openembedded-core/message/190529
Mute This Topic: https://lists.openembedded.org/mt/102595787/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH] selftest/reproducible: Allow packages exclusion via config

2023-11-14 Thread Yoann Congal

Le mer. 15 nov. 2023 à 00:53, Yoann Congal  a écrit :
>
> From: Richard Purdie 
>
> OEQA_REPRODUCIBLE_EXCLUDED_PACKAGES can be used to prevent known
> not-reproducible packages to make the reproducible test fail.
>
> For example, in local.conf:
>   OEQA_REPRODUCIBLE_EXCLUDED_PACKAGES = "example-not-reproducible"
>
> To quote the original exclusion commit 
> (4864764667097b32a3ee1935e2c52df732d55632)
> > selftest/reproducible: add an exclusion list for items that are not yet 
> > reproducible
> > [...]
> > Non-reproducible excluded packages are not given to diffoscope and do not 
> > cause a
> > failure, but still saved side-by-side with non-reproducible failing ones to 
> > make
> > investigation easier.
>
> NB: Patch was written by Richard with small fixes and a commit message
> from Yoann.
> Signed-off-by: Yoann Congal 
> ---
>  meta/lib/oeqa/selftest/cases/reproducible.py | 7 ---
>  1 file changed, 4 insertions(+), 3 deletions(-)

NB: This does clash with Richard's patch :
[PATCH 1/2] oeqa/selftest/reproducible: Add
OEQA_REPRODUCIBLE_EXCLUDED_PACKAGES support
https://lists.openembedded.org/g/openembedded-core/message/190523

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190528): 
https://lists.openembedded.org/g/openembedded-core/message/190528
Mute This Topic: https://lists.openembedded.org/mt/102595640/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH 1/2] oeqa/selftest/reproducible: Add OEQA_REPRODUCIBLE_EXCLUDED_PACKAGES support

2023-11-14 Thread Yoann Congal

Hi Richard,

Le mer. 15 nov. 2023 à 00:32, Richard Purdie
 a écrit :
>
> Add a new variable to the reproducible test so the list of excluded
> packages can be extended from the metadata. This might be useful for
> meta-openembedded for example so known issues can be excluded and
> therefore new regressions become more visible.
>
> Signed-off-by: Richard Purdie 
> ---
>  meta/lib/oeqa/selftest/cases/reproducible.py | 7 ---
>  1 file changed, 4 insertions(+), 3 deletions(-)


FYI, this does clash with the patch I've sent from your work on this :
[PATCH] selftest/reproducible: Allow packages exclusion via config
https://lists.openembedded.org/g/openembedded-core/message/190526
-- 
Yoann Congal
Smile ECS - Tech expert

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190527): 
https://lists.openembedded.org/g/openembedded-core/message/190527
Mute This Topic: https://lists.openembedded.org/mt/102595253/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] selftest/reproducible: Allow packages exclusion via config

2023-11-14 Thread Yoann Congal

From: Richard Purdie 

OEQA_REPRODUCIBLE_EXCLUDED_PACKAGES can be used to prevent known
not-reproducible packages to make the reproducible test fail.

For example, in local.conf:
  OEQA_REPRODUCIBLE_EXCLUDED_PACKAGES = "example-not-reproducible"

To quote the original exclusion commit 
(4864764667097b32a3ee1935e2c52df732d55632)
> selftest/reproducible: add an exclusion list for items that are not yet 
> reproducible
> [...]
> Non-reproducible excluded packages are not given to diffoscope and do not 
> cause a
> failure, but still saved side-by-side with non-reproducible failing ones to 
> make
> investigation easier.

NB: Patch was written by Richard with small fixes and a commit message
from Yoann.
Signed-off-by: Yoann Congal 
---
 meta/lib/oeqa/selftest/cases/reproducible.py | 7 ---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/meta/lib/oeqa/selftest/cases/reproducible.py 
b/meta/lib/oeqa/selftest/cases/reproducible.py
index 84c6c3a05f..dac0dce346 100644
--- a/meta/lib/oeqa/selftest/cases/reproducible.py
+++ b/meta/lib/oeqa/selftest/cases/reproducible.py
@@ -45,13 +45,14 @@ class CompareResult(object):
 return (self.status, self.test) < (other.status, other.test)
 
 class PackageCompareResults(object):
-def __init__(self):
+def __init__(self, exclusions):
 self.total = []
 self.missing = []
 self.different = []
 self.different_excluded = []
 self.same = []
 self.active_exclusions = set()
+exclude_packages.extend((exclusions or "").split())
 
 def add_result(self, r):
 self.total.append(r)
@@ -153,7 +154,7 @@ class ReproducibleTests(OESelftestTestCase):
 
 def setUpLocal(self):
 super().setUpLocal()
-needed_vars = ['TOPDIR', 'TARGET_PREFIX', 'BB_NUMBER_THREADS', 
'BB_HASHSERVE', 'OEQA_REPRODUCIBLE_TEST_PACKAGE', 
'OEQA_REPRODUCIBLE_TEST_TARGET', 'OEQA_REPRODUCIBLE_TEST_SSTATE_TARGETS']
+needed_vars = ['TOPDIR', 'TARGET_PREFIX', 'BB_NUMBER_THREADS', 
'BB_HASHSERVE', 'OEQA_REPRODUCIBLE_TEST_PACKAGE', 
'OEQA_REPRODUCIBLE_TEST_TARGET', 'OEQA_REPRODUCIBLE_TEST_SSTATE_TARGETS', 
'OEQA_REPRODUCIBLE_EXCLUDED_PACKAGES']
 bb_vars = get_bb_vars(needed_vars)
 for v in needed_vars:
 setattr(self, v.lower(), bb_vars[v])
@@ -175,7 +176,7 @@ class ReproducibleTests(OESelftestTestCase):
 self.extraresults['reproducible.rawlogs']['log'] += msg
 
 def compare_packages(self, reference_dir, test_dir, diffutils_sysroot):
-result = PackageCompareResults()
+result = 
PackageCompareResults(self.oeqa_reproducible_excluded_packages)
 
 old_cwd = os.getcwd()
 try:
-- 
2.30.2


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190526): 
https://lists.openembedded.org/g/openembedded-core/message/190526
Mute This Topic: https://lists.openembedded.org/mt/102595640/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] Patchtest results for [PATCH 1/2] oeqa/selftest/reproducible: Add OEQA_REPRODUCIBLE_EXCLUDED_PACKAGES support

2023-11-14 Thread Patchtest

Thank you for your submission. Patchtest identified one
or more issues with the patch. Please see the log below for
more information:

---
Testing patch 
/home/patchtest/share/mboxes/1-2-oeqa-selftest-reproducible-Add-OEQA_REPRODUCIBLE_EXCLUDED_PACKAGES-support.patch

FAIL: test max line length: Patch line too long (current length 233, maximum is 
200) (test_metadata.TestMetadata.test_max_line_length)

PASS: pretest pylint (test_python_pylint.PyLint.pretest_pylint)
PASS: test Signed-off-by presence 
(test_mbox.TestMbox.test_signed_off_by_presence)
PASS: test author valid (test_mbox.TestMbox.test_author_valid)
PASS: test commit message presence 
(test_mbox.TestMbox.test_commit_message_presence)
PASS: test mbox format (test_mbox.TestMbox.test_mbox_format)
PASS: test non-AUH upgrade (test_mbox.TestMbox.test_non_auh_upgrade)
PASS: test pylint (test_python_pylint.PyLint.test_pylint)
PASS: test shortlog format (test_mbox.TestMbox.test_shortlog_format)
PASS: test shortlog length (test_mbox.TestMbox.test_shortlog_length)

SKIP: pretest src uri left files: No modified recipes, skipping pretest 
(test_metadata.TestMetadata.pretest_src_uri_left_files)
SKIP: test CVE tag format: No new CVE patches introduced 
(test_patch.TestPatch.test_cve_tag_format)
SKIP: test Signed-off-by presence: No new CVE patches introduced 
(test_patch.TestPatch.test_signed_off_by_presence)
SKIP: test Upstream-Status presence: No new CVE patches introduced 
(test_patch.TestPatch.test_upstream_status_presence_format)
SKIP: test bugzilla entry format: No bug ID found 
(test_mbox.TestMbox.test_bugzilla_entry_format)
SKIP: test lic files chksum modified not mentioned: No modified recipes, 
skipping test 
(test_metadata.TestMetadata.test_lic_files_chksum_modified_not_mentioned)
SKIP: test lic files chksum presence: No added recipes, skipping test 
(test_metadata.TestMetadata.test_lic_files_chksum_presence)
SKIP: test license presence: No added recipes, skipping test 
(test_metadata.TestMetadata.test_license_presence)
SKIP: test series merge on head: Merge test is disabled for now 
(test_mbox.TestMbox.test_series_merge_on_head)
SKIP: test src uri left files: No modified recipes, skipping pretest 
(test_metadata.TestMetadata.test_src_uri_left_files)
SKIP: test summary presence: No added recipes, skipping test 
(test_metadata.TestMetadata.test_summary_presence)
SKIP: test target mailing list: Series merged, no reason to check other mailing 
lists (test_mbox.TestMbox.test_target_mailing_list)

---

Please address the issues identified and
submit a new revision of the patch, or alternatively, reply to this
email with an explanation of why the patch should be accepted. If you
believe these results are due to an error in patchtest, please submit a
bug at https://bugzilla.yoctoproject.org/ (use the 'Patchtest' category
under 'Yocto Project Subprojects'). For more information on specific
failures, see: https://wiki.yoctoproject.org/wiki/Patchtest. Thank
you!

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190525): 
https://lists.openembedded.org/g/openembedded-core/message/190525
Mute This Topic: https://lists.openembedded.org/mt/102595586/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 1/2] oeqa/selftest/reproducible: Add OEQA_REPRODUCIBLE_EXCLUDED_PACKAGES support

2023-11-14 Thread Richard Purdie

Add a new variable to the reproducible test so the list of excluded
packages can be extended from the metadata. This might be useful for
meta-openembedded for example so known issues can be excluded and
therefore new regressions become more visible.

Signed-off-by: Richard Purdie 
---
 meta/lib/oeqa/selftest/cases/reproducible.py | 7 ---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/meta/lib/oeqa/selftest/cases/reproducible.py 
b/meta/lib/oeqa/selftest/cases/reproducible.py
index 84c6c3a05ff..dac0dce3467 100644
--- a/meta/lib/oeqa/selftest/cases/reproducible.py
+++ b/meta/lib/oeqa/selftest/cases/reproducible.py
@@ -45,13 +45,14 @@ class CompareResult(object):
 return (self.status, self.test) < (other.status, other.test)
 
 class PackageCompareResults(object):
-def __init__(self):
+def __init__(self, exclusions):
 self.total = []
 self.missing = []
 self.different = []
 self.different_excluded = []
 self.same = []
 self.active_exclusions = set()
+exclude_packages.extend((exclusions or "").split())
 
 def add_result(self, r):
 self.total.append(r)
@@ -153,7 +154,7 @@ class ReproducibleTests(OESelftestTestCase):
 
 def setUpLocal(self):
 super().setUpLocal()
-needed_vars = ['TOPDIR', 'TARGET_PREFIX', 'BB_NUMBER_THREADS', 
'BB_HASHSERVE', 'OEQA_REPRODUCIBLE_TEST_PACKAGE', 
'OEQA_REPRODUCIBLE_TEST_TARGET', 'OEQA_REPRODUCIBLE_TEST_SSTATE_TARGETS']
+needed_vars = ['TOPDIR', 'TARGET_PREFIX', 'BB_NUMBER_THREADS', 
'BB_HASHSERVE', 'OEQA_REPRODUCIBLE_TEST_PACKAGE', 
'OEQA_REPRODUCIBLE_TEST_TARGET', 'OEQA_REPRODUCIBLE_TEST_SSTATE_TARGETS', 
'OEQA_REPRODUCIBLE_EXCLUDED_PACKAGES']
 bb_vars = get_bb_vars(needed_vars)
 for v in needed_vars:
 setattr(self, v.lower(), bb_vars[v])
@@ -175,7 +176,7 @@ class ReproducibleTests(OESelftestTestCase):
 self.extraresults['reproducible.rawlogs']['log'] += msg
 
 def compare_packages(self, reference_dir, test_dir, diffutils_sysroot):
-result = PackageCompareResults()
+result = 
PackageCompareResults(self.oeqa_reproducible_excluded_packages)
 
 old_cwd = os.getcwd()
 try:
-- 
2.39.2


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190523): 
https://lists.openembedded.org/g/openembedded-core/message/190523
Mute This Topic: https://lists.openembedded.org/mt/102595253/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 2/2] vim: Improve locale handling

2023-11-14 Thread Richard Purdie

When making checkouts from git, the timestamps can vary and occasionally two 
files
can end up with the same stamp. This triggers make to regenerate ru.cp1251.po 
from
ru.po for example. If it isn't regenerated, the output isn't quite the same 
leading
to reproducibility issues (CP1251 vs cp1251).

Since we added all locales to buildtools tarball now, we can drop the locale
restrictions too. We need to generate a native binary for the sjis conversion
tool so also tweak that.

Signed-off-by: Richard Purdie 
---
 meta/recipes-support/vim/vim.inc | 14 --
 1 file changed, 4 insertions(+), 10 deletions(-)

diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc
index 58025828f2b..38212a1fa60 100644
--- a/meta/recipes-support/vim/vim.inc
+++ b/meta/recipes-support/vim/vim.inc
@@ -40,22 +40,16 @@ do_configure () {
 cd src
 rm -f auto/*
 touch auto/config.mk
+# git timestamps aren't reliable and we want to consistently regenerate 
these generated files
+rm -f po/cs.cp1250.po po/ja.euc-jp.po po/ja.sjis.po po/ko.po 
po/pl.UTF-8.po po/pl.cp1250.po po/ru.cp1251.po po/sk.cp1250.po po/uk.cp1251.po 
po/zh_CN.po po/zh_CN.cp936.po po/zh_TW.po
 aclocal
 autoconf
 cd ..
 oe_runconf
 touch src/auto/configure
 touch src/auto/config.mk src/auto/config.h
-}
-
-do_compile() {
-# We do not support fully / correctly the following locales.  Attempting
-# to use these with msgfmt in order to update the ".desktop" files exposes
-# this problem and leads to the compile failing.
-for LOCALE in cs fr ko pl sk zh_CN zh_TW;do
-echo -n > src/po/${LOCALE}.po
-done
-autotools_do_compile
+# need a native tool, not a target one
+${BUILD_CC} src/po/sjiscorr.c -o src/po/sjiscorr
 }
 
 PACKAGECONFIG ??= "\
-- 
2.39.2


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190524): 
https://lists.openembedded.org/g/openembedded-core/message/190524
Mute This Topic: https://lists.openembedded.org/mt/102595254/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] vte: Upgrade to 0.74.1

2023-11-14 Thread Khem Raj

* Enable systemd knob for distros with systemd in them.
* Add dependency on gtk4 which is needed
* Package systemd unit files
* Add packageconfig for fribidi defaulted to disabled

Signed-off-by: Khem Raj 
---
 ...01-Add-W_EXITCODE-macro-for-non-glibc-systems.patch |  4 ++--
 .../vte/{vte_0.72.2.bb => vte_0.74.1.bb}   | 10 ++
 2 files changed, 8 insertions(+), 6 deletions(-)
 rename meta/recipes-support/vte/{vte_0.72.2.bb => vte_0.74.1.bb} (80%)

diff --git 
a/meta/recipes-support/vte/vte/0001-Add-W_EXITCODE-macro-for-non-glibc-systems.patch
 
b/meta/recipes-support/vte/vte/0001-Add-W_EXITCODE-macro-for-non-glibc-systems.patch
index b4100fc381e..daf07bfd3c9 100644
--- 
a/meta/recipes-support/vte/vte/0001-Add-W_EXITCODE-macro-for-non-glibc-systems.patch
+++ 
b/meta/recipes-support/vte/vte/0001-Add-W_EXITCODE-macro-for-non-glibc-systems.patch
@@ -19,7 +19,7 @@ Signed-off-by: Andreas Müller 
 
 --- a/src/missing.hh
 +++ b/src/missing.hh
-@@ -24,6 +24,10 @@
+@@ -43,6 +43,10 @@
  #define NSIG (8 * sizeof(sigset_t))
  #endif
  
@@ -27,7 +27,7 @@ Signed-off-by: Andreas Müller 
 +#define W_EXITCODE(ret, sig) ((ret) << 8 | (sig))
 +#endif
 +
- #ifndef HAVE_FDWALK
+ #if !HAVE_FDWALK
  int fdwalk(int (*cb)(void* data, int fd),
 void* data);
 --- a/src/widget.cc
diff --git a/meta/recipes-support/vte/vte_0.72.2.bb 
b/meta/recipes-support/vte/vte_0.74.1.bb
similarity index 80%
rename from meta/recipes-support/vte/vte_0.72.2.bb
rename to meta/recipes-support/vte/vte_0.74.1.bb
index 44e71491f62..2f0448edb3c 100644
--- a/meta/recipes-support/vte/vte_0.72.2.bb
+++ b/meta/recipes-support/vte/vte_0.74.1.bb
@@ -11,16 +11,16 @@ LIC_FILES_CHKSUM = " \
 file://COPYING.XTERM;md5=d7fc3a23c16c039afafe2e042030f057 \
 "
 
-DEPENDS = "glib-2.0 glib-2.0-native gtk+3 libpcre2 libxml2-native gperf-native 
icu"
+DEPENDS = "glib-2.0 glib-2.0-native gtk+3 gtk4 libpcre2 libxml2-native 
gperf-native icu"
 
 GIR_MESON_OPTION = 'gir'
 GIDOCGEN_MESON_OPTION = "docs"
 
-inherit gnomebase gi-docgen features_check upstream-version-is-even 
gobject-introspection
+inherit gnomebase gi-docgen features_check upstream-version-is-even 
gobject-introspection systemd
 
 # vapigen.m4 is required when vala is not present (but the one from vala 
should be used normally)
 SRC_URI += "file://0001-Add-W_EXITCODE-macro-for-non-glibc-systems.patch"
-SRC_URI[archive.sha256sum] = 
"f7966fd185a6981f53964162b71cfef7e606495155d6f5827b72aa0dd6741c9e"
+SRC_URI[archive.sha256sum] = 
"2328c3f1c998350a18e0e513348e9fc581d57ea4e7b89aedf11e0e3c65042b4f"
 
 ANY_OF_DISTRO_FEATURES = "${GTK3DISTROFEATURES}"
 
@@ -32,8 +32,9 @@ do_compile:prepend() {
 # Package additional files
 FILES:${PN}-dev += "${datadir}/vala/vapi/*"
 
-PACKAGECONFIG ??= "gnutls"
+PACKAGECONFIG ??= "gnutls ${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}"
 PACKAGECONFIG[vala] = "-Dvapi=true,-Dvapi=false,vala-native vala"
+PACKAGECONFIG[fribidi] = "-Dfribidi=true,-Dfribidi=false,fribidi"
 PACKAGECONFIG[gnutls] = "-Dgnutls=true,-Dgnutls=false,gnutls"
 PACKAGECONFIG[systemd] = "-D_systemd=true,-D_systemd=false,systemd"
 # vala requires gir
@@ -42,6 +43,7 @@ PACKAGECONFIG:remove:class-native = "vala"
 CFLAGS += "-D_GNU_SOURCE"
 
 PACKAGES =+ "libvte ${PN}-prompt"
+FILES:${PN} += "${systemd_user_unitdir}"
 FILES:libvte = "${libdir}/*.so.* ${libdir}/girepository-1.0/*"
 FILES:${PN}-prompt = " \
 ${sysconfdir}/profile.d \
-- 
2.42.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190522): 
https://lists.openembedded.org/g/openembedded-core/message/190522
Mute This Topic: https://lists.openembedded.org/mt/102593386/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH v2 2/2] image_types.bbclass: add support for sparse images

2023-11-14 Thread Dmitry Baryshkov

Android-targeted devices support so called sparse image format. This is
the raw filesystem image with dropped zero blocks. This way the image
takes less space and the bootloaders and/or filesystem manipulation
tools can flash it quicker (as they do not have to write useless
sequences of zeroes).

Add new image conversion type called 'sparse'to be able to generate
filesystem images in the sparse format.

Signed-off-by: Dmitry Baryshkov 
---
 meta/classes-recipe/image_types.bbclass | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/meta/classes-recipe/image_types.bbclass 
b/meta/classes-recipe/image_types.bbclass
index d615b41ed1ed..d0c9514b36a3 100644
--- a/meta/classes-recipe/image_types.bbclass
+++ b/meta/classes-recipe/image_types.bbclass
@@ -328,7 +328,7 @@ IMAGE_TYPES:append:x86-64 = " hddimg iso"
 # CONVERSION_CMD/DEPENDS.
 COMPRESSIONTYPES ?= ""
 
-CONVERSIONTYPES = "gz bz2 lzma xz lz4 lzo zip 7zip zst sum md5sum sha1sum 
sha224sum sha256sum sha384sum sha512sum bmap u-boot vmdk vhd vhdx vdi qcow2 
base64 gzsync zsync ${COMPRESSIONTYPES}"
+CONVERSIONTYPES = "gz bz2 lzma xz lz4 lzo zip 7zip zst sum md5sum sha1sum 
sha224sum sha256sum sha384sum sha512sum bmap u-boot vmdk vhd vhdx vdi qcow2 
base64 gzsync zsync sparse ${COMPRESSIONTYPES}"
 CONVERSION_CMD:lzma = "lzma -k -f -7 ${IMAGE_NAME}.${type}"
 CONVERSION_CMD:gz = "gzip -f -9 -n -c --rsyncable ${IMAGE_NAME}.${type} > 
${IMAGE_NAME}.${type}.gz"
 CONVERSION_CMD:bz2 = "pbzip2 -f -k ${IMAGE_NAME}.${type}"
@@ -355,6 +355,7 @@ CONVERSION_CMD:qcow2 = "qemu-img convert -O qcow2 
${IMAGE_NAME}.${type} ${IMAGE_
 CONVERSION_CMD:base64 = "base64 ${IMAGE_NAME}.${type} > 
${IMAGE_NAME}.${type}.base64"
 CONVERSION_CMD:zsync = "zsyncmake_curl ${IMAGE_NAME}.${type}"
 CONVERSION_CMD:gzsync = "zsyncmake_curl -z ${IMAGE_NAME}.${type}"
+CONVERSION_CMD:sparse = "img2simg -c ${IMAGE_NAME}.${type} 
${IMAGE_NAME}.${type}.sparse"
 CONVERSION_DEPENDS_lzma = "xz-native"
 CONVERSION_DEPENDS_gz = "pigz-native"
 CONVERSION_DEPENDS_bz2 = "pbzip2-native"
@@ -375,6 +376,7 @@ CONVERSION_DEPENDS_vhdx = "qemu-system-native"
 CONVERSION_DEPENDS_vhd = "qemu-system-native"
 CONVERSION_DEPENDS_zsync = "zsync-curl-native"
 CONVERSION_DEPENDS_gzsync = "zsync-curl-native"
+CONVERSION_DEPENDS_sparse = "rust-android-sparse-native"
 
 RUNNABLE_IMAGE_TYPES ?= "ext2 ext3 ext4"
 RUNNABLE_MACHINE_PATTERNS ?= "qemu"
-- 
2.39.2


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190521): 
https://lists.openembedded.org/g/openembedded-core/message/190521
Mute This Topic: https://lists.openembedded.org/mt/102592509/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH v2 0/2] add sparse image format support

2023-11-14 Thread Dmitry Baryshkov

Typically the generated filesystem image contains a lot of free space,
which is filled with zeroes. Android ecosystem has come up with the
'sparse' image formwat, which basically drops all irrelevant data blocks
instead of storing them. This way the generated image consumes less
space when stored and takes less time to be flashed (as there is no need
to transfer sequences of zeroes). For example, bootloaders implementing
fastboot protocol natively support writing such images.

The meta-oe repository already supports sparse format. However keeping
it in meta-oe means that it can not be used for BSP layers. Moving it
directly to OE-Core is not possible, since meta-oe uses android-tools, a
huge beast, to support this kind of conversion. Instead of that, use the
simple Rust crate to implement sparse <-> raw image conversion.

Changes since v1:
- Epanded patch description and added cover letter to describe sparse
  images and the reasons for bringing their support into OE-Core.

Dmitry Baryshkov (2):
  rust-android-sparse: add lightweight simg2img/img2simg implementation
  image_types.bbclass: add support for sparse images

 meta/classes-recipe/image_types.bbclass   |  4 +-
 .../rust-android-sparse-crates.inc| 98 +++
 .../rust-android-sparse_0.6.0.bb  | 20 
 3 files changed, 121 insertions(+), 1 deletion(-)
 create mode 100644 
meta/recipes-extended/rust-android-sparse/rust-android-sparse-crates.inc
 create mode 100644 
meta/recipes-extended/rust-android-sparse/rust-android-sparse_0.6.0.bb

-- 
2.39.2


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190519): 
https://lists.openembedded.org/g/openembedded-core/message/190519
Mute This Topic: https://lists.openembedded.org/mt/102592507/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH v2 1/2] rust-android-sparse: add lightweight simg2img/img2simg implementation

2023-11-14 Thread Dmitry Baryshkov

The Android's simg2img/img2simg comes from android-tools, which is a
huge package with lots of dependencies on its own. It resides inside
meta-oe rather than OE-Core. Add lightweight tool to handle sparse
images, which is small enough to be pushed into OE-Core.

Signed-off-by: Dmitry Baryshkov 
---
 .../rust-android-sparse-crates.inc| 98 +++
 .../rust-android-sparse_0.6.0.bb  | 20 
 2 files changed, 118 insertions(+)
 create mode 100644 
meta/recipes-extended/rust-android-sparse/rust-android-sparse-crates.inc
 create mode 100644 
meta/recipes-extended/rust-android-sparse/rust-android-sparse_0.6.0.bb

diff --git 
a/meta/recipes-extended/rust-android-sparse/rust-android-sparse-crates.inc 
b/meta/recipes-extended/rust-android-sparse/rust-android-sparse-crates.inc
new file mode 100644
index ..5f3e1c5657ff
--- /dev/null
+++ b/meta/recipes-extended/rust-android-sparse/rust-android-sparse-crates.inc
@@ -0,0 +1,98 @@
+# Autogenerated with 'bitbake -c update_crates rust-android-sparse'
+
+# from Cargo.lock
+SRC_URI += " \
+crate://crates.io/aho-corasick/0.7.18 \
+crate://crates.io/assert_cmd/0.9.1 \
+crate://crates.io/autocfg/1.0.1 \
+crate://crates.io/bitflags/1.3.2 \
+crate://crates.io/build_const/0.2.2 \
+crate://crates.io/byteorder/1.4.3 \
+crate://crates.io/cfg-if/1.0.0 \
+crate://crates.io/clap/2.34.0 \
+crate://crates.io/crc/1.8.1 \
+crate://crates.io/difference/2.0.0 \
+crate://crates.io/escargot/0.3.1 \
+crate://crates.io/float-cmp/0.4.0 \
+crate://crates.io/getrandom/0.2.3 \
+crate://crates.io/itoa/0.4.8 \
+crate://crates.io/libc/0.2.109 \
+crate://crates.io/memchr/2.4.1 \
+crate://crates.io/normalize-line-endings/0.2.2 \
+crate://crates.io/num-traits/0.2.14 \
+crate://crates.io/ppv-lite86/0.2.15 \
+crate://crates.io/predicates/0.9.1 \
+crate://crates.io/predicates-core/0.9.0 \
+crate://crates.io/predicates-tree/0.9.0 \
+crate://crates.io/proc-macro2/1.0.33 \
+crate://crates.io/quote/1.0.10 \
+crate://crates.io/rand/0.8.4 \
+crate://crates.io/rand_chacha/0.3.1 \
+crate://crates.io/rand_core/0.6.3 \
+crate://crates.io/rand_hc/0.3.1 \
+crate://crates.io/redox_syscall/0.2.10 \
+crate://crates.io/regex/1.5.4 \
+crate://crates.io/regex-syntax/0.6.25 \
+crate://crates.io/remove_dir_all/0.5.3 \
+crate://crates.io/ryu/1.0.6 \
+crate://crates.io/serde/1.0.130 \
+crate://crates.io/serde_derive/1.0.130 \
+crate://crates.io/serde_json/1.0.72 \
+crate://crates.io/syn/1.0.82 \
+crate://crates.io/tempfile/3.2.0 \
+crate://crates.io/textwrap/0.11.0 \
+crate://crates.io/treeline/0.1.0 \
+crate://crates.io/unicode-width/0.1.9 \
+crate://crates.io/unicode-xid/0.2.2 \
+crate://crates.io/wasi/0.10.2+wasi-snapshot-preview1 \
+crate://crates.io/winapi/0.3.9 \
+crate://crates.io/winapi-i686-pc-windows-gnu/0.4.0 \
+crate://crates.io/winapi-x86_64-pc-windows-gnu/0.4.0 \
+"
+
+SRC_URI[aho-corasick-0.7.18.sha256sum] = 
"1e37cfd5e7657ada45f742d6e99ca5788580b5c529dc78faf11ece6dc702656f"
+SRC_URI[assert_cmd-0.9.1.sha256sum] = 
"c5b60c276f334145cf2cec09c5bb6f63523f078c0c850909f66bca8f933cf809"
+SRC_URI[autocfg-1.0.1.sha256sum] = 
"cdb031dd78e28731d87d56cc8ffef4a8f36ca26c38fe2de700543e627f8a464a"
+SRC_URI[bitflags-1.3.2.sha256sum] = 
"bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a"
+SRC_URI[build_const-0.2.2.sha256sum] = 
"b4ae4235e6dac0694637c763029ecea1a2ec9e4e06ec2729bd21ba4d9c863eb7"
+SRC_URI[byteorder-1.4.3.sha256sum] = 
"14c189c53d098945499cdfa7ecc63567cf3886b3332b312a5b4585d8d3a6a610"
+SRC_URI[cfg-if-1.0.0.sha256sum] = 
"baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
+SRC_URI[clap-2.34.0.sha256sum] = 
"a0610544180c38b88101fecf2dd634b174a62eef6946f84dfc6a7127512b381c"
+SRC_URI[crc-1.8.1.sha256sum] = 
"d663548de7f5cca343f1e0a48d14dcfb0e9eb4e079ec58883b7251539fa10aeb"
+SRC_URI[difference-2.0.0.sha256sum] = 
"524cbf6897b527295dff137cec09ecf3a05f4fddffd7dfcd1585403449e74198"
+SRC_URI[escargot-0.3.1.sha256sum] = 
"19db1f7e74438642a5018cdf263bb1325b2e792f02dd0a3ca6d6c0f0d7b1d5a5"
+SRC_URI[float-cmp-0.4.0.sha256sum] = 
"134a8fa843d80a51a5b77d36d42bc2def9edcb0262c914861d08129fd1926600"
+SRC_URI[getrandom-0.2.3.sha256sum] = 
"7fcd999463524c52659517fe2cea98493cfe485d10565e7b0fb07dbba7ad2753"
+SRC_URI[itoa-0.4.8.sha256sum] = 
"b71991ff56294aa922b450139ee08b3bfc70982c6b2c7562771375cf73542dd4"
+SRC_URI[libc-0.2.109.sha256sum] = 
"f98a04dce437184842841303488f70d0188c5f51437d2a834dc097eafa909a01"
+SRC_URI[memchr-2.4.1.sha256sum] = 
"308cc39be01b73d0d18f82a0e7b2a3df85245f84af96fdddc5d202d27e47b86a"
+SRC_URI[normalize-line-endings-0.2.2.sha256sum] = 
"2e0a1a39eab95caf4f5556da9289b9e68f0aafac901b2ce80daaf020d3b733a8"
+SRC_URI[num-traits-0.2.14.sha256sum] = 
"9a64b1ec5cda2586e284722486d802acf1f7dbdc623e2bfc57e65ca1cd099290"
+SRC_URI[ppv-lite86-0.2.15.sha256sum] =

[OE-core] [PATCH 2/3] shadow: Add PW_SUBDIR

2023-11-14 Thread Joakim Tjernlund via lists.openembedded.org

Add support for creating passwd files in a /etc subdir
Set PW_SUBIR to pwdb to get passwd files in /etc/pwdb

Signed-off-by: Joakim Tjernlund 
---
 .../0001-Define-SUBUID_FILE-SUBGID_FILE.patch | 92 +++
 meta/recipes-extended/shadow/shadow.inc   | 30 +-
 2 files changed, 118 insertions(+), 4 deletions(-)
 create mode 100644 
meta/recipes-extended/shadow/files/0001-Define-SUBUID_FILE-SUBGID_FILE.patch

diff --git 
a/meta/recipes-extended/shadow/files/0001-Define-SUBUID_FILE-SUBGID_FILE.patch 
b/meta/recipes-extended/shadow/files/0001-Define-SUBUID_FILE-SUBGID_FILE.patch
new file mode 100644
index 00..b02a61e3c2
--- /dev/null
+++ 
b/meta/recipes-extended/shadow/files/0001-Define-SUBUID_FILE-SUBGID_FILE.patch
@@ -0,0 +1,92 @@
+From f605fb315faef7ddcad70d638f3b3aa16ea98fc0 Mon Sep 17 00:00:00 2001
+From: Joakim Tjernlund 
+Date: Thu, 2 Nov 2023 00:27:10 +0100
+Subject: [PATCH] Define SUBUID_FILE/SUBGID_FILE
+
+Upstream-Status: Pending
+
+These where hard coded, make them definable like SHADOW_FILE
+
+Signed-off-by: Joakim Tjernlund 
+---
+ lib/defines.h | 8 
+ lib/subordinateio.c   | 6 +++---
+ libmisc/prefix_flag.c | 8 
+ 3 files changed, 15 insertions(+), 7 deletions(-)
+
+diff --git a/lib/defines.h b/lib/defines.h
+index fc1521c..27b220f 100644
+--- a/lib/defines.h
 b/lib/defines.h
+@@ -312,6 +312,14 @@ char *strchr (), *strrchr (), *strtok ();
+ #define SHADOW_FILE "/etc/shadow"
+ #endif
+ 
++#ifndef SUBUID_FILE
++#define SUBUID_FILE "/etc/subuid"
++#endif
++
++#ifndef SUBGID_FILE
++#define SUBGID_FILE "/etc/subgid"
++#endif
++
+ #ifdef SHADOWGRP
+ #ifndef SGROUP_FILE
+ #define SGROUP_FILE "/etc/gshadow"
+diff --git a/lib/subordinateio.c b/lib/subordinateio.c
+index 9ca70b8..9ddc5e1 100644
+--- a/lib/subordinateio.c
 b/lib/subordinateio.c
+@@ -206,7 +206,7 @@ static const struct subordinate_range *find_range(struct 
commonio_db *db,
+ /*
+  * We only do special handling for these two files
+  */
+-if ((0 != strcmp(db->filename, "/etc/subuid")) && (0 != 
strcmp(db->filename, "/etc/subgid")))
++if ((0 != strcmp(db->filename, SUBUID_FILE)) && (0 != 
strcmp(db->filename, SUBGID_FILE)))
+ return NULL;
+ 
+ /*
+@@ -554,7 +554,7 @@ static int remove_range (struct commonio_db *db,
+ }
+ 
+ static struct commonio_db subordinate_uid_db = {
+-  "/etc/subuid",  /* filename */
++  SUBUID_FILE,/* filename */
+   _ops,   /* ops */
+   NULL,   /* fp */
+ #ifdef WITH_SELINUX
+@@ -650,7 +650,7 @@ uid_t sub_uid_find_free_range(uid_t min, uid_t max, 
unsigned long count)
+ }
+ 
+ static struct commonio_db subordinate_gid_db = {
+-  "/etc/subgid",  /* filename */
++  SUBGID_FILE,/* filename */
+   _ops,   /* ops */
+   NULL,   /* fp */
+ #ifdef WITH_SELINUX
+diff --git a/libmisc/prefix_flag.c b/libmisc/prefix_flag.c
+index d4dfbc2..0e7dfa7 100644
+--- a/libmisc/prefix_flag.c
 b/libmisc/prefix_flag.c
+@@ -120,14 +120,14 @@ extern const char* process_prefix_flag (const char* 
short_opt, int argc, char **
+   spw_setdbname(spw_db_file);
+ 
+ #ifdef ENABLE_SUBIDS
+-  len = strlen(prefix) + strlen("/etc/subuid") + 2;
++  len = strlen(prefix) + strlen(SUBUID_FILE) + 2;
+   suid_db_file = xmalloc(len);
+-  snprintf(suid_db_file, len, "%s/%s", prefix, "/etc/subuid");
++  snprintf(suid_db_file, len, "%s/%s", prefix, SUBUID_FILE);
+   sub_uid_setdbname(suid_db_file);
+ 
+-  len = strlen(prefix) + strlen("/etc/subgid") + 2;
++  len = strlen(prefix) + strlen(SUBGID_FILE) + 2;
+   sgid_db_file = xmalloc(len);
+-  snprintf(sgid_db_file, len, "%s/%s", prefix, "/etc/subgid");
++  snprintf(sgid_db_file, len, "%s/%s", prefix, SUBGID_FILE);
+   sub_gid_setdbname(sgid_db_file);
+ #endif
+ 
+-- 
+2.41.0
+
diff --git a/meta/recipes-extended/shadow/shadow.inc 
b/meta/recipes-extended/shadow/shadow.inc
index 3c1dd2f98e..bcb9b09a49 100644
--- a/meta/recipes-extended/shadow/shadow.inc
+++ b/meta/recipes-extended/shadow/shadow.inc
@@ -18,6 +18,7 @@ SRC_URI = 
"https://github.com/shadow-maint/shadow/releases/download/v${PV}/${BP}
file://useradd \
file://CVE-2023-29383.patch \
file://0001-Overhaul-valid_field.patch \
+   file://0001-Define-SUBUID_FILE-SUBGID_FILE.patch \
"
 
 SRC_URI:append:class-target = " \
@@ -46,6 +47,21 @@ PAM_SRC_URI = "file://pam.d/chfn \
file://pam.d/passwd \
file://pam.d/su"
 
+#Set PW_SUBDIR to pwdb to get passwd files in /etc/pwdb
+PW_SUBDIR ?= ""
+PWPRE = "/etc/${PW_SUBDIR}"
+CFLAGS:append = ' -DPASSWD_FILE=\\"${PWPRE}/passwd\\"'
+CFLAGS:append = ' -DSHADOW_FILE=\\"${PWPRE}/shadow\\"'
+CFLAGS:append = ' -DGROUP_FILE=\\"${PWPRE}/group\\"'

[OE-core] [PATCH 1/3] base-passwd: Add PW_SUBDIR

2023-11-14 Thread Joakim Tjernlund via lists.openembedded.org

Add support for creating passwd files in a /etc subdir
Set PW_SUBIR to pwdb to get passwd  files in /etc/pwdb

Signed-off-by: Joakim Tjernlund 
---
 .../base-passwd/base-passwd_3.5.29.bb | 24 ---
 1 file changed, 16 insertions(+), 8 deletions(-)

diff --git a/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb 
b/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb
index ef7792ae49..e453be0763 100644
--- a/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb
+++ b/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb
@@ -20,6 +20,9 @@ SRC_URI = 
"https://launchpad.net/debian/+archive/primary/+files/${BPN}_${PV}.tar
 SRC_URI[md5sum] = "6beccac48083fe8ae5048acd062e5421"
 SRC_URI[sha256sum] = 
"f0b66388b2c8e49c15692439d2bee63bcdd4bbbf7a782c7f64accc55986b6a36"
 
+#Set PW_SUBDIR to pwdb to get passwd  files in /etc/pwdb
+PW_SUBDIR ?= ""
+
 # the package is taken from launchpad; that source is static and goes stale
 # so we check the latest upstream from a directory that does get updated
 UPSTREAM_CHECK_URI = "${DEBIAN_MIRROR}/main/b/base-passwd/"
@@ -50,10 +53,11 @@ basepasswd_sysroot_postinst() {
 #!/bin/sh
 
 # Install passwd.master and group.master to sysconfdir
-install -d -m 755 ${STAGING_DIR_TARGET}${sysconfdir}
+install -d -m 755 ${STAGING_DIR_TARGET}${sysconfdir}/${PW_SUBDIR}
 for i in passwd group; do
install -p -m 644 
${STAGING_DIR_TARGET}${datadir}/base-passwd/\$i.master \
-   ${STAGING_DIR_TARGET}${sysconfdir}/\$i
+   ${STAGING_DIR_TARGET}${sysconfdir}/${PW_SUBDIR}/\$i
+   [ -n "${PW_SUBDIR}" ] && ln -fs ${PW_SUBDIR}/\$i 
${STAGING_DIR_TARGET}${sysconfdir}/\$i
 done
 
 # Run any useradd postinsts
@@ -89,15 +93,19 @@ python populate_packages:prepend() {
 f.close()
 
 preinst = """#!/bin/sh
-mkdir -p $D${sysconfdir}
-if [ ! -e $D${sysconfdir}/passwd ]; then
-\tcat << 'EOF' > $D${sysconfdir}/passwd
+mkdir -p $D${sysconfdir}/${PW_SUBDIR}
+if [ ! -e $D${sysconfdir}/${PW_SUBDIR}/passwd ]; then
+\tcat << 'EOF' > $D${sysconfdir}/${PW_SUBDIR}/passwd
 """ + passwd + """EOF
 fi
-if [ ! -e $D${sysconfdir}/group ]; then
-\tcat << 'EOF' > $D${sysconfdir}/group
+if [ ! -e $D${sysconfdir}/${PW_SUBDIR}/group ]; then
+\tcat << 'EOF' > $D${sysconfdir}/${PW_SUBDIR}/group
 """ + group + """EOF
 fi
+if [ -n "${PW_SUBDIR}" ]; then
+ln -fs ${PW_SUBDIR}/passwd $D${sysconfdir}/passwd
+ln -fs ${PW_SUBDIR}/group $D${sysconfdir}/group
+fi
 """
 d.setVar(d.expand('pkg_preinst:${PN}'), preinst)
 }
@@ -114,5 +122,5 @@ pkg_postinst:${PN}-update () {
 if [ -n "$D" ]; then
exit 0
 fi
-${sbindir}/update-passwd
+${sbindir}/update-passwd -P /etc/${PW_SUBDIR}/passwd -S 
/etc/${PW_SUBDIR}/shadow -G /etc/${PW_SUBDIR}/group
 }
-- 
2.41.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190517): 
https://lists.openembedded.org/g/openembedded-core/message/190517
Mute This Topic: https://lists.openembedded.org/mt/102591946/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 3/3] pseudo: Add PW_SUBDIR

2023-11-14 Thread Joakim Tjernlund via lists.openembedded.org

Add support for creating passwd files in a /etc subdir
Set PW_SUBIR to pwdb to get passwd files in /etc/pwdb

Signed-off-by: Joakim Tjernlund 
---
 meta/recipes-devtools/pseudo/pseudo.inc | 11 ---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/meta/recipes-devtools/pseudo/pseudo.inc 
b/meta/recipes-devtools/pseudo/pseudo.inc
index 7e09b6d58c..7ba2e2261c 100644
--- a/meta/recipes-devtools/pseudo/pseudo.inc
+++ b/meta/recipes-devtools/pseudo/pseudo.inc
@@ -10,6 +10,9 @@ SECTION = "base"
 LICENSE = "LGPL-2.1-only"
 DEPENDS = "sqlite3 attr"
 
+#Set PW_SUBDIR to pwdb to get passwd files in /etc/pwdb
+PW_SUBDIR ?= ""
+
 FILES:${PN} = "${prefix}/lib/pseudo/lib*/libpseudo.so ${bindir}/* 
${localstatedir}/pseudo ${prefix}/var/pseudo"
 INSANE_SKIP:${PN} += "libdir"
 INSANE_SKIP:${PN}-dbg += "libdir"
@@ -131,10 +134,12 @@ do_install () {
 
 do_install:append:class-native () {
chrpath ${D}${bindir}/pseudo -r `chrpath ${D}${bindir}/pseudo | cut -d 
= -f 2 | sed s/XORIGIN/\\$ORIGIN/`
-   install -d ${D}${sysconfdir}
+   install -d ${D}${sysconfdir}/${PW_SUBDIR}
# The fallback files should never be modified
-   install -m 444 ${WORKDIR}/fallback-passwd ${D}${sysconfdir}/passwd
-   install -m 444 ${WORKDIR}/fallback-group ${D}${sysconfdir}/group
+   install -m 444 ${WORKDIR}/fallback-passwd 
${D}${sysconfdir}/${PW_SUBDIR}/passwd
+[ -n "${PW_SUBDIR}" ] && ln -fs ${PW_SUBDIR}/passwd 
${D}${sysconfdir}/passwd
+   install -m 444 ${WORKDIR}/fallback-group 
${D}${sysconfdir}/${PW_SUBDIR}/group
+[ -n "${PW_SUBDIR}" ] && ln -fs ${PW_SUBDIR}/group 
${D}${sysconfdir}/group
 
# Two native/nativesdk entries below are the same
# If necessary install for the alternative machine arch.  This is only
-- 
2.41.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190516): 
https://lists.openembedded.org/g/openembedded-core/message/190516
Mute This Topic: https://lists.openembedded.org/mt/102591945/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 0/3] Add sub dir for passwd files

2023-11-14 Thread Joakim Tjernlund via lists.openembedded.org

These patches adds the possibility to store passwd/shadow files
in a sub dir, like /etc/pwdb
In a RO Root FS one can bind mount a writeable dir on /etc/pwdb
to support password changes etc.

This patchset is to probe wether OE would be interested in such feature


Joakim Tjernlund (3):
  base-passwd: Add PW_SUBDIR
  shadow: Add PW_SUBDIR
  pseudo: Add PW_SUBDIR

 .../base-passwd/base-passwd_3.5.29.bb | 24 +++--
 meta/recipes-devtools/pseudo/pseudo.inc   | 11 ++-
 .../0001-Define-SUBUID_FILE-SUBGID_FILE.patch | 92 +++
 meta/recipes-extended/shadow/shadow.inc   | 30 +-
 4 files changed, 142 insertions(+), 15 deletions(-)
 create mode 100644 
meta/recipes-extended/shadow/files/0001-Define-SUBUID_FILE-SUBGID_FILE.patch

-- 
2.41.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190515): 
https://lists.openembedded.org/g/openembedded-core/message/190515
Mute This Topic: https://lists.openembedded.org/mt/102591944/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [nanbield][PATCH] Revert "bin_package.bbclass: Inhibit the default dependencies"

2023-11-14 Thread Peter Kjellerstedt

From: Max Krummenacher 

This reverts commit d1d09bd4d7be88f0e341d5fccbfbefeb98d4b727.

The commit not only removes the dependencies on the cross compiler
but also does not depend on e.g. virtual/${TARGET_PREFIX}compilerlibs
and virtual/libc which in turn makes the file-rdeps qa check fail
if installing binaries linked against e.g. libc or libstdc++.

Signed-off-by: Max Krummenacher 
Signed-off-by: Richard Purdie 
Signed-off-by: Peter Kjellerstedt 
---
 meta/classes-recipe/bin_package.bbclass | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/meta/classes-recipe/bin_package.bbclass 
b/meta/classes-recipe/bin_package.bbclass
index 9dd2489725..3a1befc29c 100644
--- a/meta/classes-recipe/bin_package.bbclass
+++ b/meta/classes-recipe/bin_package.bbclass
@@ -20,9 +20,6 @@
 # they would be in ${WORKDIR}.
 #
 
-# Nothing is being built so there is no need for the cross-compiler.
-INHIBIT_DEFAULT_DEPS = "1"
-
 # Skip the unwanted steps
 do_configure[noexec] = "1"
 do_compile[noexec] = "1"

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190514): 
https://lists.openembedded.org/g/openembedded-core/message/190514
Mute This Topic: https://lists.openembedded.org/mt/102590676/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] llvm: Upgrade to 17.0.5

2023-11-14 Thread Khem Raj

Brings following changes

* 98bfdac5ce82 [BranchFolding] Remove dubious assert from operator< (#71639)
* 12c6ee8fd204 [GlobalOpt] Cache whether CC is changeable (#71381)
* 0a1274224ef8 [libc++] Fix UB in  related to "has value" flag 
(#68552) (#68733)
* 42f8800b720f [clang] fix test PR69717.cpp (#72134)
* e666be92b44b [clang] Run test on x86 only
* aebee698ef16 [clang] Do not clear FP pragma stack when instantiating 
functions (#70646)
* 529aa6eadb27 [SLP]Fix PR70004: Do not change insert point for reduction 
gather nodes.
* 69b3baf9b87e [DAG] WidenVectorOperand - add basic handling for 
*_EXTEND_VECTOR_INREG nodes
* e7dc53b94212 [Mips] In LowerShift*Parts, xor with bits-1 instead of -1. 
(#71149)
* a6cbdae98272 [clang-format] Correctly annotate keyword operator function name 
(#66904)
* 094cfd14c813 Bump version to 17.0.5
* 05422e1dcf94 [Driver] Fix linking with -lm on Solaris (#65632)
* 910748f4ec5a [clang-repl] Fix BUILD_SHARED_LIBS symbols from 
libclangInterpreter on MinGW (#71393)
* 582f0469dae1 [CGExprConstant] stop calling into ConstExprEmitter for 
Reference type destinations (#70366)

Signed-off-by: Khem Raj 
---
 meta/recipes-devtools/llvm/llvm_git.bb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-devtools/llvm/llvm_git.bb 
b/meta/recipes-devtools/llvm/llvm_git.bb
index 0f811624a46..de8d4116868 100644
--- a/meta/recipes-devtools/llvm/llvm_git.bb
+++ b/meta/recipes-devtools/llvm/llvm_git.bb
@@ -14,14 +14,14 @@ RDEPENDS:${PN}:append:class-target = " ncurses-terminfo"
 
 inherit cmake pkgconfig
 
-PV = "17.0.4"
+PV = "17.0.5"
 
 MAJOR_VERSION = "${@oe.utils.trim_version("${PV}", 1)}"
 
 LLVM_RELEASE = "${PV}"
 
 BRANCH = "release/${MAJOR_VERSION}.x"
-SRCREV = "309d55140c46384b6de7a7573206cbeba3f7077f"
+SRCREV = "98bfdac5ce82d1679f8af9a57501471812ab68d7"
 SRC_URI = 
"git://github.com/llvm/llvm-project.git;branch=${BRANCH};protocol=https \
file://0007-llvm-allow-env-override-of-exe-path.patch;striplevel=2 \

file://0001-AsmMatcherEmitter-sort-ClassInfo-lists-by-name-as-we.patch;striplevel=2
 \
-- 
2.42.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190513): 
https://lists.openembedded.org/g/openembedded-core/message/190513
Mute This Topic: https://lists.openembedded.org/mt/102590599/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH] rust: Avoid removing origin from llvm-config binary with chrpath

2023-11-14 Thread Richard Purdie

On Tue, 2023-11-14 at 07:29 -0800, Khem Raj wrote:
> If these directories are removed from binary, it does not find the
> needed libraries it may need from recipe-sysroot-native, e.g. when
> building with clang+llvm-runtime, it also builds rust-native with
> clang-native and links to libc++.so.1 which will be part of
> native sysroot but may not be available on build host system install
> and it loses that ability to find it in native sysroot and we see errors
> like
> llvm-config: libc++.so.1 not found.
> 
> during rust bootstrap execution.
> 
> This patch stops editing the binary, so it can find the dependencies in
> native sysroot it
> needs for running itself when placed in target directory ( target sysroot )
> yet when llvm-config is invoked the reported paths are relative to
> taregt sysroot which is what we expect, so functionality remains as it is.
> 
> Signed-off-by: Khem Raj 
> ---
> When using libc++ instead of libstdc++, llvm-config is unable to find
> libc++.so.1 from native sysroot due to llvm-config copying dance we do.
> ---
>  meta/recipes-devtools/rust/rust_1.70.0.bb | 1 -
>  1 file changed, 1 deletion(-)
> 
> diff --git a/meta/recipes-devtools/rust/rust_1.70.0.bb 
> b/meta/recipes-devtools/rust/rust_1.70.0.bb
> index 16d433910f8..98cc56c0c91 100644
> --- a/meta/recipes-devtools/rust/rust_1.70.0.bb
> +++ b/meta/recipes-devtools/rust/rust_1.70.0.bb
> @@ -205,7 +205,6 @@ rust_runx () {
>  if [ ${RUST_ALTERNATE_EXE_PATH_NATIVE} != ${RUST_ALTERNATE_EXE_PATH} -a 
> ! -f ${RUST_ALTERNATE_EXE_PATH} ]; then
>  mkdir -p `dirname ${RUST_ALTERNATE_EXE_PATH}`
>  cp ${RUST_ALTERNATE_EXE_PATH_NATIVE} ${RUST_ALTERNATE_EXE_PATH}
> -chrpath -d ${RUST_ALTERNATE_EXE_PATH}
>  fi
>  
>  oe_cargo_fix_env
> 

We had to do that since we're moving the binary and the relative paths
no longer work? It depends on your layout iirc so some will work, some
won't and it sounds like you're just getting lucky :(.

Put another way, that was put there for a reason so we can't just
remove it.

Cheers,

Richard

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190512): 
https://lists.openembedded.org/g/openembedded-core/message/190512
Mute This Topic: https://lists.openembedded.org/mt/102585532/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] rust: Avoid removing origin from llvm-config binary with chrpath

2023-11-14 Thread Khem Raj

If these directories are removed from binary, it does not find the
needed libraries it may need from recipe-sysroot-native, e.g. when
building with clang+llvm-runtime, it also builds rust-native with
clang-native and links to libc++.so.1 which will be part of
native sysroot but may not be available on build host system install
and it loses that ability to find it in native sysroot and we see errors
like
llvm-config: libc++.so.1 not found.

during rust bootstrap execution.

This patch stops editing the binary, so it can find the dependencies in
native sysroot it
needs for running itself when placed in target directory ( target sysroot )
yet when llvm-config is invoked the reported paths are relative to
taregt sysroot which is what we expect, so functionality remains as it is.

Signed-off-by: Khem Raj 
---
When using libc++ instead of libstdc++, llvm-config is unable to find
libc++.so.1 from native sysroot due to llvm-config copying dance we do.
---
 meta/recipes-devtools/rust/rust_1.70.0.bb | 1 -
 1 file changed, 1 deletion(-)

diff --git a/meta/recipes-devtools/rust/rust_1.70.0.bb 
b/meta/recipes-devtools/rust/rust_1.70.0.bb
index 16d433910f8..98cc56c0c91 100644
--- a/meta/recipes-devtools/rust/rust_1.70.0.bb
+++ b/meta/recipes-devtools/rust/rust_1.70.0.bb
@@ -205,7 +205,6 @@ rust_runx () {
 if [ ${RUST_ALTERNATE_EXE_PATH_NATIVE} != ${RUST_ALTERNATE_EXE_PATH} -a ! 
-f ${RUST_ALTERNATE_EXE_PATH} ]; then
 mkdir -p `dirname ${RUST_ALTERNATE_EXE_PATH}`
 cp ${RUST_ALTERNATE_EXE_PATH_NATIVE} ${RUST_ALTERNATE_EXE_PATH}
-chrpath -d ${RUST_ALTERNATE_EXE_PATH}
 fi
 
 oe_cargo_fix_env

---
base-commit: abf3e54d118139e1fcd952a691b77a0c53db6a30
change-id: 20231114-rust-with-clang-21ace8ddf286

Best regards,
-- 
Khem Raj 


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190511): 
https://lists.openembedded.org/g/openembedded-core/message/190511
Mute This Topic: https://lists.openembedded.org/mt/102585532/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCHv2] bitbake.conf: drop ${PE} and ${PR} from -f{file,macro,debug}-prefix-map

2023-11-14 Thread Alexandre Belloni via lists.openembedded.org

Hello Martin,

The perf change uncovers:
https://autobuilder.yoctoproject.org/typhoon/#/builders/42/builds/8098/steps/12/logs/warnings
https://autobuilder.yoctoproject.org/typhoon/#/builders/59/builds/8056/steps/12/logs/warnings

And many more

On 13/11/2023 08:25:24+0100, Martin Jansa wrote:
> * ${EXTENDPE} and ${PR} was already dropped from ${WORKDIR} in:
>   https://lists.openembedded.org/g/openembedded-core/message/185818
>   adjust -fmacro-prefix-map and -fdebug-prefix-map similarly.
>   As we don't depend on PR in WORKDIR maybe we don't need it in
>   /usr/src/debug paths as well anymore.
> 
> * The interesting side-effect of this is that for DISTROs which still
>   use PR (e.g. webOS OSE), the difference in -fdebug-prefix-map causes
>   all binaries to be slightly different when rebuilt with different PR
>   (due to this path, even when otherwise they are binary reproducible)
>   and when the number of digits in PR changes (e.g. from r9 to r10) it
>   also results in slightly bigger binaries (and more unnecessary changes
>   in buildhistory diffs).
> 
>   For example this foo binary, the difference between "new" and "old" is
>   extra patch applied in SRC_URI (which doesn't affect the foo binary,
>   but was the reason for PR bump).
> 
>   And the binary is bigger with r10, identical with r6 and slightly
>   different due to debug-prefix-map between r6 and r7:
> 
>   $ ls -la 1.0.0-175-*/image/usr/sbin/foo
>   -rwxr-xr-x 1 bitbake bitbake 30182460 Nov  8 08:29 
> 1.0.0-175-new-r10/image/usr/sbin/foo
>   -rwxr-xr-x 1 bitbake bitbake 30182224 Nov  8 08:02 
> 1.0.0-175-new-r6/image/usr/sbin/foo
>   -rwxr-xr-x 1 bitbake bitbake 30182224 Nov  8 07:49 
> 1.0.0-175-new-r7/image/usr/sbin/foo
>   -rwxr-xr-x 1 bitbake bitbake 30182224 Nov  8 07:39 
> 1.0.0-175-old-r6/image/usr/sbin/foo
> 
>   $ md5sum 1.0.0-175-*/image/usr/sbin/foo
>   8e3ab67d596f8cc2f9c6320dab10af01  1.0.0-175-new-r10/image/usr/sbin/foo
>   f6ff1e64fe6affb9ba0d8f278cf7ed79  1.0.0-175-new-r6/image/usr/sbin/foo
>   6469a0b10aac233911e63c5ea97b03c0  1.0.0-175-new-r7/image/usr/sbin/foo
>   f6ff1e64fe6affb9ba0d8f278cf7ed79  1.0.0-175-old-r6/image/usr/sbin/foo
> 
> Signed-off-by: Martin Jansa 
> ---
> v2: shorten to summary to fix:
> FAIL: test shortlog length: Edit shortlog so that it is 90 characters or less 
> (currently 140 characters) (test_mbox.TestMbox.test_shortlog_length)
> 
>  meta/conf/bitbake.conf| 8 
>  meta/recipes-core/ovmf/ovmf_git.bb| 2 +-
>  meta/recipes-devtools/go/go-cross-canadian.inc| 2 +-
>  meta/recipes-devtools/rust/cargo_1.70.0.bb| 2 +-
>  meta/recipes-extended/acpica/acpica_20230628.bb   | 2 +-
>  meta/recipes-graphics/jpeg/libjpeg-turbo_3.0.1.bb | 2 +-
>  meta/recipes-kernel/perf/perf.bb  | 2 +-
>  meta/recipes-multimedia/ffmpeg/ffmpeg_6.0.bb  | 2 +-
>  8 files changed, 11 insertions(+), 11 deletions(-)
> 
> diff --git a/meta/conf/bitbake.conf b/meta/conf/bitbake.conf
> index 67ff769046..3836a389b8 100644
> --- a/meta/conf/bitbake.conf
> +++ b/meta/conf/bitbake.conf
> @@ -648,10 +648,10 @@ EXTRA_OEMAKE:prepend:task-install = 
> "${PARALLEL_MAKEINST} "
>  ##
>  # Beware: applied last to first
>  DEBUG_PREFIX_MAP ?= "-fcanon-prefix-map \
> - -fmacro-prefix-map=${S}=/usr/src/debug/${PN}/${EXTENDPE}${PV}-${PR} \
> - -fdebug-prefix-map=${S}=/usr/src/debug/${PN}/${EXTENDPE}${PV}-${PR} \
> - -fmacro-prefix-map=${B}=/usr/src/debug/${PN}/${EXTENDPE}${PV}-${PR} \
> - -fdebug-prefix-map=${B}=/usr/src/debug/${PN}/${EXTENDPE}${PV}-${PR} \
> + -fmacro-prefix-map=${S}=/usr/src/debug/${PN}/${PV} \
> + -fdebug-prefix-map=${S}=/usr/src/debug/${PN}/${PV} \
> + -fmacro-prefix-map=${B}=/usr/src/debug/${PN}/${PV} \
> + -fdebug-prefix-map=${B}=/usr/src/debug/${PN}/${PV} \
>   -fdebug-prefix-map=${STAGING_DIR_HOST}= \
>   -fmacro-prefix-map=${STAGING_DIR_HOST}= \
>   -fdebug-prefix-map=${STAGING_DIR_NATIVE}= \
> diff --git a/meta/recipes-core/ovmf/ovmf_git.bb 
> b/meta/recipes-core/ovmf/ovmf_git.bb
> index 6bbe21ac5c..bf67a2a4a8 100644
> --- a/meta/recipes-core/ovmf/ovmf_git.bb
> +++ b/meta/recipes-core/ovmf/ovmf_git.bb
> @@ -122,7 +122,7 @@ fix_toolchain:append:class-native() {
>  # --debug-prefix-map to nasm (we carry a patch to nasm for this). The
>  # tools definitions are built by ovmf-native so we need to pass this in
>  # at target build time when we know the right values.
> -export NASM_PREFIX_MAP = 
> "--debug-prefix-map=${WORKDIR}=/usr/src/debug/ovmf/${EXTENDPE}${PV}-${PR}"
> +export NASM_PREFIX_MAP = 
> "--debug-prefix-map=${WORKDIR}=/usr/src/debug/ovmf/${PV}"
>  export GCC_PREFIX_MAP = "${DEBUG_PREFIX_MAP} -Wno-stringop-overflow 
> -Wno-maybe-uninitialized"
>  
>  GCC_VER="$(${CC} -v 2>&1 | tail -n1 | awk '{print $3}')"
> diff --git a/meta/recipes-devtools/go/go-cross-canadian.inc 
> b/meta/recipes-devtools/go/go-cross-canadian.inc
> index 45758f3361..0a72e89bbd 100644
> ---

Re: [OE-core] [RFC 6/7] bitbake-layers: Add default remote to layers-setup.json

2023-11-14 Thread Jermain Horsman

-Original Message-
From: Alexander Kanavin  
Sent: Tuesday, November 14, 2023 2:28 PM

> I'm fine with that. Can you tweak the tools?

Yeah I will, just need some time to work on this,
so it might take a bit of time.

Sincerely,

Jermain Horsman

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190509): 
https://lists.openembedded.org/g/openembedded-core/message/190509
Mute This Topic: https://lists.openembedded.org/mt/102444611/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] Patchtest results for [PATCHv2] [meta classes] sed -i destroys symlinks

2023-11-14 Thread Patchtest

Thank you for your submission. Patchtest identified one
or more issues with the patch. Please see the log below for
more information:

---
Testing patch 
/home/patchtest/share/mboxes/PATCHv2-meta-classes-sed--i-destroys-symlinks.patch

FAIL: test shortlog format: Commit shortlog (first line of commit message) 
should follow the format ": " 
(test_mbox.TestMbox.test_shortlog_format)

PASS: test Signed-off-by presence 
(test_mbox.TestMbox.test_signed_off_by_presence)
PASS: test author valid (test_mbox.TestMbox.test_author_valid)
PASS: test commit message presence 
(test_mbox.TestMbox.test_commit_message_presence)
PASS: test max line length (test_metadata.TestMetadata.test_max_line_length)
PASS: test mbox format (test_mbox.TestMbox.test_mbox_format)
PASS: test non-AUH upgrade (test_mbox.TestMbox.test_non_auh_upgrade)
PASS: test shortlog length (test_mbox.TestMbox.test_shortlog_length)
PASS: test target mailing list (test_mbox.TestMbox.test_target_mailing_list)

SKIP: pretest pylint: No python related patches, skipping test 
(test_python_pylint.PyLint.pretest_pylint)
SKIP: pretest src uri left files: Patch cannot be merged 
(test_metadata.TestMetadata.pretest_src_uri_left_files)
SKIP: test CVE tag format: No new CVE patches introduced 
(test_patch.TestPatch.test_cve_tag_format)
SKIP: test Signed-off-by presence: No new CVE patches introduced 
(test_patch.TestPatch.test_signed_off_by_presence)
SKIP: test Upstream-Status presence: No new CVE patches introduced 
(test_patch.TestPatch.test_upstream_status_presence_format)
SKIP: test bugzilla entry format: No bug ID found 
(test_mbox.TestMbox.test_bugzilla_entry_format)
SKIP: test lic files chksum modified not mentioned: No modified recipes, 
skipping test 
(test_metadata.TestMetadata.test_lic_files_chksum_modified_not_mentioned)
SKIP: test lic files chksum presence: No added recipes, skipping test 
(test_metadata.TestMetadata.test_lic_files_chksum_presence)
SKIP: test license presence: No added recipes, skipping test 
(test_metadata.TestMetadata.test_license_presence)
SKIP: test pylint: No python related patches, skipping test 
(test_python_pylint.PyLint.test_pylint)
SKIP: test series merge on head: Merge test is disabled for now 
(test_mbox.TestMbox.test_series_merge_on_head)
SKIP: test src uri left files: Patch cannot be merged 
(test_metadata.TestMetadata.test_src_uri_left_files)
SKIP: test summary presence: No added recipes, skipping test 
(test_metadata.TestMetadata.test_summary_presence)

---

Please address the issues identified and
submit a new revision of the patch, or alternatively, reply to this
email with an explanation of why the patch should be accepted. If you
believe these results are due to an error in patchtest, please submit a
bug at https://bugzilla.yoctoproject.org/ (use the 'Patchtest' category
under 'Yocto Project Subprojects'). For more information on specific
failures, see: https://wiki.yoctoproject.org/wiki/Patchtest. Thank
you!

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190508): 
https://lists.openembedded.org/g/openembedded-core/message/190508
Mute This Topic: https://lists.openembedded.org/mt/102583388/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [RFC 3/7] bitbake-layers: Add ability to update layer repository configuration

2023-11-14 Thread Alexander Kanavin

On Wed, 8 Nov 2023 at 16:22, Jermain Horsman  wrote:
> I was working with the assumption that not validating would not be
> acceptable.
> I guess it comes down to whether we (want to) trust the users to validate
> their input, or if we think it is more important to make sure that it is.

I'm not even sure we can do useful validation, as what you have in a
local checkout may not match what (sometimes much later) will be
available in a remote repo. Branches get pruned. People forget to
push. Tags get moved around or deleted. People force push by mistake
and sometimes on purpose without thinking further. And so on. The only
rock solid reference is the full hash of the commit id.

Alex

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190507): 
https://lists.openembedded.org/g/openembedded-core/message/190507
Mute This Topic: https://lists.openembedded.org/mt/102444605/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCHv2] [meta classes] sed -i destroys symlinks

2023-11-14 Thread Joakim Tjernlund via lists.openembedded.org

If /etc/passwd is a symlink, sed -i on same file will replace the
symlink with a new file. Prevent that by adding --follow-symlinks
option to sed

Signed-off-by: Joakim Tjernlund 
---
 - v2: Use --follow-symlinks rather than realpath

 meta/classes/rootfs-postcommands.bbclass | 4 ++--
 meta/classes/useradd_base.bbclass| 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/meta/classes/rootfs-postcommands.bbclass 
b/meta/classes/rootfs-postcommands.bbclass
index 5c0b3ec37c..993262dd0c 100644
--- a/meta/classes/rootfs-postcommands.bbclass
+++ b/meta/classes/rootfs-postcommands.bbclass
@@ -148,10 +148,10 @@ read_only_rootfs_hook () {
 #
 zap_empty_root_password () {
if [ -e ${IMAGE_ROOTFS}/etc/shadow ]; then
-   sed -i 's%^root::%root:*:%' ${IMAGE_ROOTFS}/etc/shadow
+   sed --follow-symlinks -i 's%^root::%root:*:%' 
${IMAGE_ROOTFS}/etc/shadow
 fi
if [ -e ${IMAGE_ROOTFS}/etc/passwd ]; then
-   sed -i 's%^root::%root:*:%' ${IMAGE_ROOTFS}/etc/passwd
+   sed --follow-symlinks -i 's%^root::%root:*:%' 
${IMAGE_ROOTFS}/etc/passwd
fi
 }
 
diff --git a/meta/classes/useradd_base.bbclass 
b/meta/classes/useradd_base.bbclass
index 7f5b9b7219..5c34dcaa9a 100644
--- a/meta/classes/useradd_base.bbclass
+++ b/meta/classes/useradd_base.bbclass
@@ -154,7 +154,7 @@ perform_passwd_expire () {
local username=`echo "$opts" | awk '{ print $NF }'`
local user_exists="`grep "^$username:" $rootdir/etc/passwd || true`"
if test "x$user_exists" != "x"; then
-   eval flock -x $rootdir${sysconfdir} -c \"$PSEUDO sed -i 
\''s/^\('$username':[^:]*\):[^:]*:/\1:0:/'\' $rootdir/etc/shadow \" || true
+   eval flock -x $rootdir${sysconfdir} -c \"$PSEUDO sed 
-follow-symlinks -i \''s/^\('$username':[^:]*\):[^:]*:/\1:0:/'\' 
$rootdir/etc/shadow \" || true
local passwd_lastchanged="`grep "^$username:" 
$rootdir/etc/shadow | cut -d: -f3`"
if test "x$passwd_lastchanged" != "x0"; then
bbfatal "${PN}: passwd --expire operation did not 
succeed."
-- 
2.41.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190506): 
https://lists.openembedded.org/g/openembedded-core/message/190506
Mute This Topic: https://lists.openembedded.org/mt/102583082/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [RFC 6/7] bitbake-layers: Add default remote to layers-setup.json

2023-11-14 Thread Alexander Kanavin

On Wed, 8 Nov 2023 at 16:03, Jermain Horsman  wrote:
> This is certainly a possibility, there isn't really any issue with this,
> however, it will checkout using a detached head which can be a
> bit of an annoyance if you do a subsequent create-layers-setup
> as all the branches will have changed to 'HEAD' instead of their
> previous  value.
>
> One could argue that the branch field could be dropped as well,
> it isn't really used currently, nor would it be used if we decide to
> use remote/branch.

I'm fine with that. Can you tweak the tools?

Alex

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190505): 
https://lists.openembedded.org/g/openembedded-core/message/190505
Mute This Topic: https://lists.openembedded.org/mt/102444611/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH v2] oeqa,ssh: Handle SSHCall timeout error code

2023-11-14 Thread luca fancellu



> On 14 Nov 2023, at 12:29, Ross Burton  wrote:
> 
> On 13 Nov 2023, at 09:18, luca fancellu via lists.openembedded.org 
>  wrote:
>> I see this one has been merged in master:
>> https://git.yoctoproject.org/poky/commit/?id=0f25c8aa775001166a03b8b215b7b9ab80ef4f9e
>> 
>> Is it possible to backport this fix also to mickledore? Or should I send a 
>> patch with [mickledore] tag?
> 
> Doing the backport and posting the patch is the usual process, to reduce the 
> amount of work and testing needed to be done by the release maintainer.
> 
> It’s also usual to backport to any intermediate releases so that changes 
> don’t revert if someone upgrades.
> 
> (I see you’ve both sent the backports and included nanbield, so this mail is 
> just confirming the process for the list really)

Thank you for confirming that Ross.

Cheers,
Luca


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190504): 
https://lists.openembedded.org/g/openembedded-core/message/190504
Mute This Topic: https://lists.openembedded.org/mt/102486415/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [qa-build-notification] QA notification for completed autobuilder build (yocto-4.2.4.rc3)

2023-11-14 Thread Jing Hui Tham

Hi all,
 
Intel and WR YP QA is planning for QA execution for YP build yocto-4.2.4.rc3. 
We are planning to execute following tests for this cycle:
 
OEQA-manual tests for following module:
1. OE-Core
2. BSP-hw
 
Runtime auto test for following platforms:
1. MinnowBoard Turbot - 32bit
2. Kaby Lake (7th Generation Intel(r) Core(tm) Processors)
3. Tiger Lake (11th Generation Intel(r) Core(tm) Processors)
4. Alder Lake-S (12th Generation Intel(r) Core(tm) Processors)
5. Raptor Lake-P (13th Generation Intel(r) Core(tm) Processors)
6. Edgerouter
7. Beaglebone

 
ETA for completion next Monday, 20 November 2023.
 
Best regards,
Jing Hui


> -Original Message-
> From: qa-build-notificat...@lists.yoctoproject.org  notificat...@lists.yoctoproject.org> On Behalf Of Pokybuild User
> Sent: Tuesday, November 14, 2023 3:04 PM
> To: yo...@lists.yoctoproject.org
> Cc: qa-build-notificat...@lists.yoctoproject.org
> Subject: [qa-build-notification] QA notification for completed autobuilder
> build (yocto-4.2.4.rc3)
> 
> 
> A build flagged for QA (yocto-4.2.4.rc3) was completed on the autobuilder
> and is available at:
> 
> 
> https://autobuilder.yocto.io/pub/releases/yocto-4.2.4.rc3
> 
> 
> Build URL:
> https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6188
> 
> Build hash information:
> 
> bitbake: c7e094ec3beccef0bbbf67c100147c449d9c6836
> meta-agl: bf791cba6a3bc53864bf719dc913cea352146f75
> meta-arm: 9bcc166bd5bb717aa86bb0464621a36abc51fa19
> meta-aws: b288fb9d29f67af79de07f039429fcf921e2abd3
> meta-intel: 0ed9b8ed17878274b80dbf713f50aa253dcd
> meta-mingw: d87d4f00b9c6068fff03929a4b0f231a942d3873
> meta-openembedded: 39968837196cb48209b71e8852dd04a2f8ccdca8
> meta-virtualization: b8db7002764712f2902fe9dea098c171b1128076
> oecore: 23b5141400b2c676c806df3308f023f7c04e34e0
> poky: 7235399a86b134e57d5eb783d7f1f57ca0439ae5
> 
> 
> 
> This is an automated message from the Yocto Project Autobuilder
> Git: git://git.yoctoproject.org/yocto-autobuilder2
> Email: richard.pur...@linuxfoundation.org
> 
> 
> 
> 
> 
> 
> 


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190503): 
https://lists.openembedded.org/g/openembedded-core/message/190503
Mute This Topic: https://lists.openembedded.org/mt/102582355/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] Yocto Project Status 14 November 2023 (WW46)

2023-11-14 Thread Neal Caidin

Current Dev Position: YP 5.0 M1

Next Deadline: 4th December 2023 YP 5.0 M1 build

Next Team Meetings:

   -

   Bug Triage meeting Thursday November 16, 7:30 am PDT (
   https://zoom.us/j/454367603?pwd=ZGxoa2ZXL3FkM3Y0bFd5aVpHVVZ6dz09)
   -

   Weekly Project Engineering Sync Tuesday November 14th at 8 am PDT (
   https://zoom.us/j/990892712?pwd=cHU1MjhoM2x6ck81bkcrYjRrcmJsUT09)
   
   -

   Twitch -  See https://www.twitch.tv/theyoctojester


Key Status/Updates:

   -

   YP 4.3 was released, thanks to everyone who contributed!
   -

   YP 4.0.14 is out of QA and due for release
   -

   YP 3.1.29 is out of QA and due for release after investigation of vim
   reproducibility issues
   -

  YP 4.2.4 is currently being built
  -

   bitbake’s hash equivalence server has undergoing a lot of development
   (thanks Joshua!) including:
   -

  websockets support
  -

  user authentication/permissions support
  -

  entry removal API addition
  -

  support for multiple database backends
  -

   master saw various upgrades for the kernel and other components
   -

   the length of time rebuilds are taking on the autobuilder is a concern,
   world can take 16 hours as can oe-selftest with a cold sstate cache


Ways to contribute:

   -

   As people are likely aware, the project has a number of components which
   are either unmaintained, or have people with little to no time trying to
   keep them alive. These components include: patchtest, layerindex, devtool,
   toaster, wic, oeqa, autobuilder, CROPs containers, pseudo and more. Many
   have open bugs. Help is welcome in trying to better look after these
   components!
   -

   There are bugs identified as possible for newcomers to the project:
   https://wiki.yoctoproject.org/wiki/Newcomers
   -

   There are bugs that are currently unassigned for YP 4.3. See:
   
https://wiki.yoctoproject.org/wiki/Bug_Triage#Medium.2B_4.3_Unassigned_Enhancements.2FBugs
   -

   We’d welcome new maintainers for recipes in OE-Core. Please see the list
   at:
   
http://git.yoctoproject.org/cgit.cgi/poky/tree/meta/conf/distro/include/maintainers.inc
   and discuss with the existing maintainer, or ask on the OE-Core mailing
   list. We will likely move a chunk of these to “Unassigned” soon to help
   facilitate this.
   -

   Help is very much welcome in trying to resolve our autobuilder
   intermittent issues. You can see the list of failures we’re continuing to
   see by searching for the “AB-INT” tag in bugzilla:
   https://bugzilla.yoctoproject.org/buglist.cgi?quicksearch=AB-INT.
   -

   Help us resolve CVE issues: CVE metrics
   
   -

   We have a growing number of bugs in bugzilla, any help with them is
   appreciated.


YP 5.0 Milestone Dates:

   -

   YP 5.0 M1 build date 2023/12/04
   -

   YP 5.0 M1 Release date 2023/12/15
   -

   YP 5.0 M2 build date  2024/01/15
   -

   YP 5.0 M2 Release date 2024/01/24
   -

   YP 5.0 M3 build date  2024/02/19
   -

   YP 5.0 M3 Release date 2024/03/01
   -

   YP 5.0 M4 build date  2024/04/01
   -

   YP 5.0 M4 Release date 2024/04/30


Upcoming dot releases:

   -

   YP 3.1.29 build date 2023/10/30
   -

   YP 3.1.29 Release date 2023/11/10
   -

   YP 4.0.14 build date 2023/11/06
   -

   YP 4.0.14 Release date 2023/11/17
   -

   YP 4.2.4 build date 2023/11/13
   -

   YP 4.2.4 Release date 2023/11/24
   -

   YP 4.3.1 build date 2023/11/27
   -

   YP 4.3.1 Release date 2023/12/08
   -

   YP 3.1.30 build date 2023/12/11
   -

   YP 3.1.30 Release date 2023/12/22
   -

   YP 4.0.15 build date 2023/12/18
   -

   YP 4.0.15 Release date 2023/12/29
   -

   YP 4.3.2 build date 2024/01/08
   -

   YP 4.3.2 Release date 2024/01/19
   -

   YP 3.1.31 build date 2024/01/22
   -

   YP 3.1.31 Release date 2024/02/02
   -

   YP 4.0.16 build date 2024/01/29
   -

   YP 4.0.16 Release date 2024/02/09
   -

   YP 4.3.3 build date 2024/02/12
   -

   YP 4.3.3 Release date 2024/02/23
   -

   YP 3.1.32 build date 2024/03/04
   -

   YP 3.1.32 Release date 2024/03/15
   -

   YP 4.0.17 build date 2024/03/11
   -

   YP 4.0.17 Release date 2024/03/22
   -

   YP 4.3.4 build date 2024/03/25
   -

   YP 4.3.4 Release date 2024/04/05
   -

   YP 3.1.33 build date 2024/04/15
   -

   YP 3.1.33 Release date 2024/04/26
   -

   YP 4.0.18 build date 2024/04/22
   -

   YP 4.0.18 Release date 2024/05/03
   -

   YP 4.0.19 build date 2024/06/03
   -

   YP 4.0.19 Release date 2024/06/14


Tracking Metrics:

   -

   WDD 2533 (last week 2540) (
   https://wiki.yoctoproject.org/charts/combo.html)
   -

   OE-Core/Poky Patch Metrics
   -

  Total patches found: 1177 (last week 1173)
  -

  Patches in the Pending State: 253 (21%) [last week 253 (22%)]
  -

   https://autobuilder.yocto.io/pub/non-release/patchmetrics/


The Yocto Project’s technical governance is through its Technical Steering
Committee,

Re: [OE-core] [PATCH v2] oeqa,ssh: Handle SSHCall timeout error code

2023-11-14 Thread Ross Burton

On 13 Nov 2023, at 09:18, luca fancellu via lists.openembedded.org 
 wrote:
> I see this one has been merged in master:
> https://git.yoctoproject.org/poky/commit/?id=0f25c8aa775001166a03b8b215b7b9ab80ef4f9e
> 
> Is it possible to backport this fix also to mickledore? Or should I send a 
> patch with [mickledore] tag?

Doing the backport and posting the patch is the usual process, to reduce the 
amount of work and testing needed to be done by the release maintainer.

It’s also usual to backport to any intermediate releases so that changes don’t 
revert if someone upgrades.

(I see you’ve both sent the backports and included nanbield, so this mail is 
just confirming the process for the list really)

Ross
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190501): 
https://lists.openembedded.org/g/openembedded-core/message/190501
Mute This Topic: https://lists.openembedded.org/mt/102486415/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-Core][PATCH 1/4] systemd: use nonarch libdir for tmpfiles.d

2023-11-14 Thread Jose Quaresma

Lukas Funke  escreveu no dia terça,
14/11/2023 à(s) 11:00:

> From: Malte Schmidt 
>
> The documentation of systemd states that /etc/tmpfiles.d should be
> reserved for the local administrator and packages should put their files
> in /usr/lib/tmpfiles.d [1].
>
> [1] https://www.freedesktop.org/software/systemd/man/tmpfiles.d.html
>
> Signed-off-by: Malte Schmidt 
> Signed-off-by: Stefan Herbrechtsmeier <
> stefan.herbrechtsme...@weidmueller.com>
> ---
>  meta/recipes-core/systemd/systemd_254.4.bb | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/meta/recipes-core/systemd/systemd_254.4.bb
> b/meta/recipes-core/systemd/systemd_254.4.bb
> index cc0e29fdd2..48d467dfdd 100644
> --- a/meta/recipes-core/systemd/systemd_254.4.bb
> +++ b/meta/recipes-core/systemd/systemd_254.4.bb
> @@ -282,12 +282,12 @@ do_install() {
> [ ! -e ${D}/${base_sbindir}/udevd ] && ln -s
> ${rootlibexecdir}/systemd/systemd-udevd ${D}/${base_sbindir}/udevd
>
> install -d ${D}${sysconfdir}/udev/rules.d/
> -   install -d ${D}${sysconfdir}/tmpfiles.d
> +   install -d ${D}${exec_prefix}/lib/tmpfiles.d

for rule in $(find ${WORKDIR} -maxdepth 1 -type f -name "*.rules");
> do
> install -m 0644 $rule ${D}${sysconfdir}/udev/rules.d/
> done
>
> -   install -m 0644 ${WORKDIR}/00-create-volatile.conf
> ${D}${sysconfdir}/tmpfiles.d/
> +   install -m 0644 ${WORKDIR}/00-create-volatile.conf
> ${D}${exec_prefix}/lib/tmpfiles.d/
>
> if
> ${@bb.utils.contains('DISTRO_FEATURES','sysvinit','true','false',d)}; then
> install -d ${D}${sysconfdir}/init.d
> --
> 2.30.2
>
>
Hi Lukas,

Why not ${nonarch_libdir} instead of ${exec_prefix}/lib as in all the other
patches in this series?

Jose


>
> 
>
>

-- 
Best regards,

José Quaresma

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190500): 
https://lists.openembedded.org/g/openembedded-core/message/190500
Mute This Topic: https://lists.openembedded.org/mt/102581153/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-Core][PATCH 1/2] patch: extract patches without diffstats

2023-11-14 Thread Alexandre Belloni via lists.openembedded.org

On 13/11/2023 14:57:45+0100, Lukas Funke wrote:
> From: Stefan Herbrechtsmeier 
> 
> Extract patches without diffstats to reduce changes during patch
> refresh.
> 
> Signed-off-by: Stefan Herbrechtsmeier 

This also need your SoB
> ---
>  meta/lib/oe/patch.py | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/meta/lib/oe/patch.py b/meta/lib/oe/patch.py
> index 4ec9caed45..71cd193afb 100644
> --- a/meta/lib/oe/patch.py
> +++ b/meta/lib/oe/patch.py
> @@ -464,7 +464,8 @@ class GitApplyTree(PatchTree):
>  import shutil
>  tempdir = tempfile.mkdtemp(prefix='oepatch')
>  try:
> -shellcmd = ["git", "format-patch", "--no-signature", 
> "--no-numbered", startcommit, "-o", tempdir]
> +shellcmd = ["git", "format-patch", "--no-signature", 
> "--no-numbered",
> +"--no-stat", startcommit, "-o", tempdir]
>  if paths:
>  shellcmd.append('--')
>  shellcmd.extend(paths)
> -- 
> 2.30.2
> 

> 
> 
> 


-- 
Alexandre Belloni, co-owner and COO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190499): 
https://lists.openembedded.org/g/openembedded-core/message/190499
Mute This Topic: https://lists.openembedded.org/mt/102561450/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-Core][PATCH v3] wic: rawcopy: add support for zsdt decompression

2023-11-14 Thread Alexandre Belloni via lists.openembedded.org

On 13/11/2023 15:01:54+0100, Lukas Funke wrote:
> From: Malte Schmidt 
> 

Please include a commit message and don't forget SoB's

> ---
>  scripts/lib/wic/plugins/source/rawcopy.py | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/scripts/lib/wic/plugins/source/rawcopy.py 
> b/scripts/lib/wic/plugins/source/rawcopy.py
> index 7c90cd3cf8..82d38fbb84 100644
> --- a/scripts/lib/wic/plugins/source/rawcopy.py
> +++ b/scripts/lib/wic/plugins/source/rawcopy.py
> @@ -52,7 +52,8 @@ class RawCopyPlugin(SourcePlugin):
>  decompressor = {
>  ".bz2": "bzip2",
>  ".gz": "gzip",
> -".xz": "xz"
> +".xz": "xz",
> +".zst": "zstd -f",
>  }.get(extension)
>  if not decompressor:
>  raise WicError("Not supported compressor filename extension: %s" 
> % extension)
> -- 
> 2.30.2
> 

> 
> 
> 


-- 
Alexandre Belloni, co-owner and COO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190498): 
https://lists.openembedded.org/g/openembedded-core/message/190498
Mute This Topic: https://lists.openembedded.org/mt/102561555/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-Core][PATCH 1/1] wic: extend empty plugin with options to write zeros to partiton

2023-11-14 Thread Alexandre Belloni via lists.openembedded.org

Hello Lukas,

On 14/11/2023 09:13:32+0100, Lukas Funke wrote:
> From: Malte Schmidt 
> 
> Adds features to explicitly write zeros to the start of the
> partition. This is useful to overwrite old content like
> filesystem signatures which may be re-recognized otherwise.
> 
> The new features can be enabled with
> '--soucreparams="[fill|size=[S|s|K|k|M|G]][,][bs=[S|s|K|k|M|G]]"'
> Conflicting or missing options throw errors.
> 
> The features are:
> - fill
>   Fill the entire partition with zeros. Requires '--fixed-size' option
>   to be set.
> - size=[S|s|K|k|M|G]
>   Set the first N bytes of the partition to zero. Default unit is 'K'.
> - bs=[S|s|K|k|M|G]
>   Write at most N bytes at a time during source file creation.
>   Defaults to '1M'. Default unit is 'K'.
> 
> Signed-off-by: Malte Schmidt 

We need your SoB here

> ---
>  scripts/lib/wic/plugins/source/empty.py | 57 -
>  1 file changed, 56 insertions(+), 1 deletion(-)
> 
> diff --git a/scripts/lib/wic/plugins/source/empty.py 
> b/scripts/lib/wic/plugins/source/empty.py
> index 041617d648..f7581a0298 100644
> --- a/scripts/lib/wic/plugins/source/empty.py
> +++ b/scripts/lib/wic/plugins/source/empty.py
> @@ -7,9 +7,19 @@
>  # To use it you must pass "empty" as argument for the "--source" parameter in
>  # the wks file. For example:
>  # part foo --source empty --ondisk sda --size="1024" --align 1024
> +#
> +# The plugin supports writing zeros to the start of the
> +# partition. This is useful to overwrite old content like
> +# filesystem signatures which may be re-recognized otherwise.
> +# This feature can be enabled with
> +# '--soucreparams="[fill|size=[S|s|K|k|M|G]][,][bs=[S|s|K|k|M|G]]"'
> +# Conflicting or missing options throw errors.
>  
>  import logging
> +import os
>  
> +from wic import WicError
> +from wic.ksparser import sizetype
>  from wic.pluginbase import SourcePlugin
>  
>  logger = logging.getLogger('wic')
> @@ -17,6 +27,16 @@ logger = logging.getLogger('wic')
>  class EmptyPartitionPlugin(SourcePlugin):
>  """
>  Populate unformatted empty partition.
> +
> +The following sourceparams are supported:
> +- fill
> +  Fill the entire partition with zeros. Requires '--fixed-size' option
> +  to be set.
> +- size=[S|s|K|k|M|G]
> +  Set the first N bytes of the partition to zero. Default unit is 'K'.
> +- bs=[S|s|K|k|M|G]
> +  Write at most N bytes at a time during source file creation.
> +  Defaults to '1M'. Default unit is 'K'.
>  """
>  
>  name = 'empty'
> @@ -29,4 +49,39 @@ class EmptyPartitionPlugin(SourcePlugin):
>  Called to do the actual content population for a partition i.e. it
>  'prepares' the partition to be incorporated into the image.
>  """
> -return
> +get_byte_count = sizetype('K', True)
> +size = 0
> +
> +if 'fill' in source_params and 'size' in source_params:
> +raise WicError("Conflicting source parameters 'fill' and 'size' 
> specified, exiting.")
> +
> +# Set the size of the zeros to be written to the partition
> +if 'fill' in source_params:
> +if part.fixed_size == 0:
> +raise WicError("Source parameter 'fill' only works with the 
> '--fixed-size' option, exiting.")
> +size = part.fixed_size
> +elif 'size' in source_params:
> +size = get_byte_count(source_params['size'])
> +
> +if size == 0:
> +# Nothing to do, create empty partition
> +return
> +
> +if 'bs' in source_params:
> +bs = get_byte_count(source_params['bs'])
> +else:
> +bs = get_byte_count('1M')
> +
> +# Create a binary file of the requested size filled with zeros
> +source_file = os.path.join(cr_workdir, 'empty-plugin-zeros%s.bin' % 
> part.lineno)
> +if not os.path.exists(os.path.dirname(source_file)):
> +os.makedirs(os.path.dirname(source_file))
> +
> +quotient, remainder = divmod(size, bs)
> +with open(source_file, 'wb') as file:
> +for _ in range(quotient):
> +file.write(bytearray(bs))
> +file.write(bytearray(remainder))
> +
> +part.size = (size + 1024 - 1) // 1024  # size in KB rounded up
> +part.source_file = source_file
> -- 
> 2.30.2
> 

> 
> 
> 


-- 
Alexandre Belloni, co-owner and COO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190497): 
https://lists.openembedded.org/g/openembedded-core/message/190497
Mute This Topic: https://lists.openembedded.org/mt/102579765/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-Core][PATCH 1/4] systemd: use nonarch libdir for tmpfiles.d

2023-11-14 Thread Lukas Funke

From: Malte Schmidt 

The documentation of systemd states that /etc/tmpfiles.d should be
reserved for the local administrator and packages should put their files
in /usr/lib/tmpfiles.d [1].

[1] https://www.freedesktop.org/software/systemd/man/tmpfiles.d.html

Signed-off-by: Malte Schmidt 
Signed-off-by: Stefan Herbrechtsmeier 
---
 meta/recipes-core/systemd/systemd_254.4.bb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-core/systemd/systemd_254.4.bb 
b/meta/recipes-core/systemd/systemd_254.4.bb
index cc0e29fdd2..48d467dfdd 100644
--- a/meta/recipes-core/systemd/systemd_254.4.bb
+++ b/meta/recipes-core/systemd/systemd_254.4.bb
@@ -282,12 +282,12 @@ do_install() {
[ ! -e ${D}/${base_sbindir}/udevd ] && ln -s 
${rootlibexecdir}/systemd/systemd-udevd ${D}/${base_sbindir}/udevd
 
install -d ${D}${sysconfdir}/udev/rules.d/
-   install -d ${D}${sysconfdir}/tmpfiles.d
+   install -d ${D}${exec_prefix}/lib/tmpfiles.d
for rule in $(find ${WORKDIR} -maxdepth 1 -type f -name "*.rules"); do
install -m 0644 $rule ${D}${sysconfdir}/udev/rules.d/
done
 
-   install -m 0644 ${WORKDIR}/00-create-volatile.conf 
${D}${sysconfdir}/tmpfiles.d/
+   install -m 0644 ${WORKDIR}/00-create-volatile.conf 
${D}${exec_prefix}/lib/tmpfiles.d/
 
if 
${@bb.utils.contains('DISTRO_FEATURES','sysvinit','true','false',d)}; then
install -d ${D}${sysconfdir}/init.d
-- 
2.30.2


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190493): 
https://lists.openembedded.org/g/openembedded-core/message/190493
Mute This Topic: https://lists.openembedded.org/mt/102581153/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-Core][PATCH 4/4] glibc: use nonarch libdir for tmpfiles.d

2023-11-14 Thread Lukas Funke

From: Stefan Herbrechtsmeier 

The documentation of systemd states that /etc/tmpfiles.d should be
reserved for the local administrator and packages should put their files
in /usr/lib/tmpfiles.d [1].

[1] https://www.freedesktop.org/software/systemd/man/tmpfiles.d.html

Signed-off-by: Stefan Herbrechtsmeier 
---
 meta/recipes-core/glibc/glibc-package.inc | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/meta/recipes-core/glibc/glibc-package.inc 
b/meta/recipes-core/glibc/glibc-package.inc
index 1d4e4c5274..1ef987be0a 100644
--- a/meta/recipes-core/glibc/glibc-package.inc
+++ b/meta/recipes-core/glibc/glibc-package.inc
@@ -42,7 +42,7 @@ FILES_SOLIBSDEV = "${libdir}/lib*${SOLIBSDEV}"
 FILES:${PN}-dev += "${libdir}/libpthread.a ${libdir}/libdl.a 
${libdir}/libutil.a ${libdir}/libanl.a ${libdir}/*_nonshared.a 
${base_libdir}/*_nonshared.a ${base_libdir}/*.o ${datadir}/aclocal"
 RDEPENDS:${PN}-dev = "linux-libc-headers-dev"
 FILES:${PN}-staticdev += "${libdir}/*.a ${base_libdir}/*.a"
-FILES:nscd = "${sbindir}/nscd* ${sysconfdir}/init.d/nscd 
${systemd_system_unitdir}/nscd* ${sysconfdir}/tmpfiles.d/nscd.conf \
+FILES:nscd = "${sbindir}/nscd* ${sysconfdir}/init.d/nscd 
${systemd_system_unitdir}/nscd* ${nonarch_libdir}/tmpfiles.d/nscd.conf \
   ${sysconfdir}/nscd.conf ${sysconfdir}/default/volatiles/98_nscd 
${localstatedir}/db/nscd"
 FILES:${PN}-mtrace = "${bindir}/mtrace"
 FILES:tzcode = "${bindir}/tzselect ${sbindir}/zic ${bindir}/zdump"
@@ -132,9 +132,9 @@ def get_libc_fpu_setting(bb, d):
 
 do_install:append:class-target() {
if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', 
d)}; then
-   install -d ${D}${sysconfdir}/tmpfiles.d
+   install -d ${D}${nonarch_libdir}/tmpfiles.d
echo "d /run/nscd 755 root root -" \
-   > ${D}${sysconfdir}/tmpfiles.d/nscd.conf
+   > ${D}${nonarch_libdir}/tmpfiles.d/nscd.conf
fi
 
if ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'true', 'false', 
d)}; then
@@ -280,7 +280,7 @@ python populate_packages:prepend () {
 pkg_postinst:nscd () {
if [ -z "$D" ]; then
if command -v systemd-tmpfiles >/dev/null; then
-   systemd-tmpfiles --create 
${sysconfdir}/tmpfiles.d/nscd.conf
+   systemd-tmpfiles --create 
${nonarch_libdir}/tmpfiles.d/nscd.conf
elif [ -e ${sysconfdir}/init.d/populate-volatile.sh ]; then
${sysconfdir}/init.d/populate-volatile.sh update
fi
-- 
2.30.2


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190496): 
https://lists.openembedded.org/g/openembedded-core/message/190496
Mute This Topic: https://lists.openembedded.org/mt/102581156/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-Core][PATCH 2/4] pam: use nonarch libdir for tmpfiles.d

2023-11-14 Thread Lukas Funke

From: Malte Schmidt 

The documentation of systemd states that /etc/tmpfiles.d should be
reserved for the local administrator and packages should put their files
in /usr/lib/tmpfiles.d [1].

[1] https://www.freedesktop.org/software/systemd/man/tmpfiles.d.html

Signed-off-by: Malte Schmidt 
Signed-off-by: Stefan Herbrechtsmeier 
---
 meta/recipes-extended/pam/libpam_1.5.3.bb | 9 ++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/meta/recipes-extended/pam/libpam_1.5.3.bb 
b/meta/recipes-extended/pam/libpam_1.5.3.bb
index 1aa307af4d..7af3ea99d1 100644
--- a/meta/recipes-extended/pam/libpam_1.5.3.bb
+++ b/meta/recipes-extended/pam/libpam_1.5.3.bb
@@ -49,7 +49,10 @@ PACKAGECONFIG[audit] = 
"--enable-audit,--disable-audit,audit,"
 PACKAGECONFIG[userdb] = "--enable-db=db,--enable-db=no,db,"
 
 PACKAGES += "${PN}-runtime ${PN}-xtests"
-FILES:${PN} = "${base_libdir}/lib*${SOLIBS}"
+FILES:${PN} = " \
+${base_libdir}/lib*${SOLIBS} \
+${nonarch_libdir}/tmpfiles.d/*.conf \
+"
 FILES:${PN}-dev += "${base_libdir}/security/*.la ${base_libdir}/*.la 
${base_libdir}/lib*${SOLIBSDEV}"
 FILES:${PN}-runtime = "${sysconfdir} ${sbindir} ${systemd_system_unitdir}"
 FILES:${PN}-xtests = "${datadir}/Linux-PAM/xtests"
@@ -130,9 +133,9 @@ do_install() {
 if 
${@bb.utils.contains('DISTRO_FEATURES','sysvinit','false','true',d)}; then
 rm -rf ${D}${sysconfdir}/init.d/
 rm -rf ${D}${sysconfdir}/rc*
-install -d ${D}${sysconfdir}/tmpfiles.d
+install -d ${D}${nonarch_libdir}/tmpfiles.d
 install -m 0644 ${WORKDIR}/pam-volatiles.conf \
-${D}${sysconfdir}/tmpfiles.d/pam.conf
+${D}${nonarch_libdir}/tmpfiles.d/pam.conf
 else
 install -d ${D}${sysconfdir}/default/volatiles
 install -m 0644 ${WORKDIR}/99_pam \
-- 
2.30.2


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190494): 
https://lists.openembedded.org/g/openembedded-core/message/190494
Mute This Topic: https://lists.openembedded.org/mt/102581154/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-Core][PATCH 0/4] tmpfiles.d: use nonarch libdir

2023-11-14 Thread Lukas Funke

From: Lukas Funke 

The series intents to move tmpfiles.d configurations from /etc to /usr/lib.

The documentation of systemd states that /etc/tmpfiles.d should be
reserved for the local administrator and packages should put their files
in /usr/lib/tmpfiles.d [1].

[1] https://www.freedesktop.org/software/systemd/man/tmpfiles.d.html

Malte Schmidt (3):
  systemd: use nonarch libdir for tmpfiles.d
  pam: use nonarch libdir for tmpfiles.d
  sysstat: use nonarch libdir for tmpfiles.d

Stefan Herbrechtsmeier (1):
  glibc: use nonarch libdir for tmpfiles.d

 meta/recipes-core/glibc/glibc-package.inc   |  8 
 meta/recipes-core/systemd/systemd_254.4.bb  |  4 ++--
 meta/recipes-extended/pam/libpam_1.5.3.bb   |  9 ++---
 meta/recipes-extended/sysstat/sysstat_12.7.4.bb | 10 +++---
 4 files changed, 19 insertions(+), 12 deletions(-)

-- 
2.30.2


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190492): 
https://lists.openembedded.org/g/openembedded-core/message/190492
Mute This Topic: https://lists.openembedded.org/mt/102581150/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-Core][PATCH 3/4] sysstat: use nonarch libdir for tmpfiles.d

2023-11-14 Thread Lukas Funke

From: Malte Schmidt 

The documentation of systemd states that /etc/tmpfiles.d should be
reserved for the local administrator and packages should put their files
in /usr/lib/tmpfiles.d [1].

[1] https://www.freedesktop.org/software/systemd/man/tmpfiles.d.html

Signed-off-by: Malte Schmidt 
Signed-off-by: Stefan Herbrechtsmeier 
---
 meta/recipes-extended/sysstat/sysstat_12.7.4.bb | 10 +++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/meta/recipes-extended/sysstat/sysstat_12.7.4.bb 
b/meta/recipes-extended/sysstat/sysstat_12.7.4.bb
index 134fd5cf96..660bc634a0 100644
--- a/meta/recipes-extended/sysstat/sysstat_12.7.4.bb
+++ b/meta/recipes-extended/sysstat/sysstat_12.7.4.bb
@@ -48,9 +48,9 @@ do_install() {
install -m 0644 ${WORKDIR}/99_sysstat ${D}/etc/default/volatiles
fi
if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', 
d)}; then
-   install -d ${D}${sysconfdir}/tmpfiles.d
+   install -d ${D}${nonarch_libdir}/tmpfiles.d
echo "d ${localstatedir}/log/sa - - - -" \
-> ${D}${sysconfdir}/tmpfiles.d/sysstat.conf
+> ${D}${nonarch_libdir}/tmpfiles.d/sysstat.conf
 
# Unless both cron and systemd are enabled, install our own
# systemd unit file. Otherwise the package will install one.
@@ -70,7 +70,11 @@ pkg_postinst:${PN} () {
fi
 }
 
-FILES:${PN} += "${systemd_system_unitdir} ${nonarch_base_libdir}/systemd"
+FILES:${PN} += " \
+   ${systemd_system_unitdir} \
+   ${nonarch_base_libdir}/systemd  \
+   ${nonarch_libdir}/tmpfiles.d \
+"
 
 TARGET_CC_ARCH += "${LDFLAGS}"
 
-- 
2.30.2


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190495): 
https://lists.openembedded.org/g/openembedded-core/message/190495
Mute This Topic: https://lists.openembedded.org/mt/102581155/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[oe-core][dunfell][PATCH 1/1] go: ignore CVE-2023-45283 & CVE-2023-45284

2023-11-14 Thread Polampalli, Archana via lists.openembedded.org

From: Archana Polampalli 

Only affects code running on Windows

References:
https://nvd.nist.gov/vuln/detail/CVE-2023-45284
https://nvd.nist.gov/vuln/detail/CVE-2023-45283
https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY

Signed-off-by: Archana Polampalli 
---
 meta/recipes-devtools/go/go-1.14.inc | 4 
 1 file changed, 4 insertions(+)

diff --git a/meta/recipes-devtools/go/go-1.14.inc 
b/meta/recipes-devtools/go/go-1.14.inc
index 091b778de8..b8b7fd0c46 100644
--- a/meta/recipes-devtools/go/go-1.14.inc
+++ b/meta/recipes-devtools/go/go-1.14.inc
@@ -115,3 +115,7 @@ CVE_CHECK_WHITELIST += "CVE-2022-41716"
 
 # Issue introduced in go1.15beta1, does not exist in 1.14
 CVE_CHECK_WHITELIST += "CVE-2022-1705"
+
+# Only affects code running on Windows
+CVE_CHECK_WHITELIST += "CVE-2023-45283"
+CVE_CHECK_WHITELIST += "CVE-2023-45284"
-- 
2.40.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190491): 
https://lists.openembedded.org/g/openembedded-core/message/190491
Mute This Topic: https://lists.openembedded.org/mt/102580081/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH v6 03/12] devtool: new ide plugin

2023-11-14 Thread Enguerrand de Ribaucourt

On Thu, Oct 12, 2023 at 02:53 PM, Ross Burton wrote:

>
> I’d not noticed image-combined-dbg existed and do wonder if that shoud be
> the behaviour of the debug rootfs. Is there actually a use-case for a tarball
> which is _just_ the symbols?
>

The use for a rootfs containing just the debug tarballs is explicited in the 
documentation here: 
https://docs.yoctoproject.org/4.0.4/singleindex.html#using-the-gdbserver-method

$ tar xvfj build-dir/tmp-glibc/deploy/images/machine/image.rootfs.tar.bz2
$ tar xvfj build-dir/tmp-glibc/deploy/images/machine/image-dbg.rootfs.tar.bz2

This debug-rootfs is "combined" with the rootfs image which already contains 
the binaries. It could also be done at runtime on a live target (through tar, 
overlayfs, ...).

The later patch-set makes image-combined-dbg the default which makes the 
debug-rootfs already containing the image rootfs. This would not produce an 
error with those tar commands because they silently overwrite existing files. 
However, it would break some users setups with these conditions:
 a. The user has another way for combining the rootfs and dbg rootfs which 
produces an error if files exist in both archives
 b. The user has storage limitations for the dbg rootfs which would be exceeded 
when adding the binaries to it
 c. The user customizes the original rootfs output. These customizations would 
be lost when combining.
 d. The user is extracting the debug rootfs on a runtime rootfs with runtime 
modifications

An example for C is wic fstab customization, or any modifications which happen 
at the do_rootfs step:

 do_rootfs_postprocess() {
 echo "Customized issue" >> ${IMAGE_ROOTFS}/etc/issue
 }

 addtask do_rootfs_postprocess after do_rootfs before do_image

When extracting the debug-rootfs with image-combined-dbg, this customization 
gets lost because the debug-rootfs contains the original files from the package.

That's why I suggest keeping the debug-rootfs as it is and keep 
image-combined-debug as a separate option.

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190490): 
https://lists.openembedded.org/g/openembedded-core/message/190490
Mute This Topic: https://lists.openembedded.org/mt/101275530/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-Core][PATCH 0/1] wic: extend empty plugin with options to write zeros to partiton

2023-11-14 Thread Lukas Funke

From: Lukas Funke 

Adds features to explicitly write zeros to the start of the
partition. This is useful to overwrite old content like
filesystem signatures which may be re-recognized otherwise.

The new features can be enabled with
'--soucreparams="[fill|size=[S|s|K|k|M|G]][,][bs=[S|s|K|k|M|G]]"'
Conflicting or missing options throw errors.

The features are:
- fill
  Fill the entire partition with zeros. Requires '--fixed-size' option
  to be set.
- size=[S|s|K|k|M|G]
  Set the first N bytes of the partition to zero. Default unit is 'K'.
- bs=[S|s|K|k|M|G]
  Write at most N bytes at a time during source file creation.
  Defaults to '1M'. Default unit is 'K'.

Malte Schmidt (1):
  wic: extend empty plugin with options to write zeros to partiton

 scripts/lib/wic/plugins/source/empty.py | 57 -
 1 file changed, 56 insertions(+), 1 deletion(-)

-- 
2.30.2


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190488): 
https://lists.openembedded.org/g/openembedded-core/message/190488
Mute This Topic: https://lists.openembedded.org/mt/102579764/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-Core][PATCH 1/1] wic: extend empty plugin with options to write zeros to partiton

2023-11-14 Thread Lukas Funke

From: Malte Schmidt 

Adds features to explicitly write zeros to the start of the
partition. This is useful to overwrite old content like
filesystem signatures which may be re-recognized otherwise.

The new features can be enabled with
'--soucreparams="[fill|size=[S|s|K|k|M|G]][,][bs=[S|s|K|k|M|G]]"'
Conflicting or missing options throw errors.

The features are:
- fill
  Fill the entire partition with zeros. Requires '--fixed-size' option
  to be set.
- size=[S|s|K|k|M|G]
  Set the first N bytes of the partition to zero. Default unit is 'K'.
- bs=[S|s|K|k|M|G]
  Write at most N bytes at a time during source file creation.
  Defaults to '1M'. Default unit is 'K'.

Signed-off-by: Malte Schmidt 
---
 scripts/lib/wic/plugins/source/empty.py | 57 -
 1 file changed, 56 insertions(+), 1 deletion(-)

diff --git a/scripts/lib/wic/plugins/source/empty.py 
b/scripts/lib/wic/plugins/source/empty.py
index 041617d648..f7581a0298 100644
--- a/scripts/lib/wic/plugins/source/empty.py
+++ b/scripts/lib/wic/plugins/source/empty.py
@@ -7,9 +7,19 @@
 # To use it you must pass "empty" as argument for the "--source" parameter in
 # the wks file. For example:
 # part foo --source empty --ondisk sda --size="1024" --align 1024
+#
+# The plugin supports writing zeros to the start of the
+# partition. This is useful to overwrite old content like
+# filesystem signatures which may be re-recognized otherwise.
+# This feature can be enabled with
+# '--soucreparams="[fill|size=[S|s|K|k|M|G]][,][bs=[S|s|K|k|M|G]]"'
+# Conflicting or missing options throw errors.
 
 import logging
+import os
 
+from wic import WicError
+from wic.ksparser import sizetype
 from wic.pluginbase import SourcePlugin
 
 logger = logging.getLogger('wic')
@@ -17,6 +27,16 @@ logger = logging.getLogger('wic')
 class EmptyPartitionPlugin(SourcePlugin):
 """
 Populate unformatted empty partition.
+
+The following sourceparams are supported:
+- fill
+  Fill the entire partition with zeros. Requires '--fixed-size' option
+  to be set.
+- size=[S|s|K|k|M|G]
+  Set the first N bytes of the partition to zero. Default unit is 'K'.
+- bs=[S|s|K|k|M|G]
+  Write at most N bytes at a time during source file creation.
+  Defaults to '1M'. Default unit is 'K'.
 """
 
 name = 'empty'
@@ -29,4 +49,39 @@ class EmptyPartitionPlugin(SourcePlugin):
 Called to do the actual content population for a partition i.e. it
 'prepares' the partition to be incorporated into the image.
 """
-return
+get_byte_count = sizetype('K', True)
+size = 0
+
+if 'fill' in source_params and 'size' in source_params:
+raise WicError("Conflicting source parameters 'fill' and 'size' 
specified, exiting.")
+
+# Set the size of the zeros to be written to the partition
+if 'fill' in source_params:
+if part.fixed_size == 0:
+raise WicError("Source parameter 'fill' only works with the 
'--fixed-size' option, exiting.")
+size = part.fixed_size
+elif 'size' in source_params:
+size = get_byte_count(source_params['size'])
+
+if size == 0:
+# Nothing to do, create empty partition
+return
+
+if 'bs' in source_params:
+bs = get_byte_count(source_params['bs'])
+else:
+bs = get_byte_count('1M')
+
+# Create a binary file of the requested size filled with zeros
+source_file = os.path.join(cr_workdir, 'empty-plugin-zeros%s.bin' % 
part.lineno)
+if not os.path.exists(os.path.dirname(source_file)):
+os.makedirs(os.path.dirname(source_file))
+
+quotient, remainder = divmod(size, bs)
+with open(source_file, 'wb') as file:
+for _ in range(quotient):
+file.write(bytearray(bs))
+file.write(bytearray(remainder))
+
+part.size = (size + 1024 - 1) // 1024  # size in KB rounded up
+part.source_file = source_file
-- 
2.30.2


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190489): 
https://lists.openembedded.org/g/openembedded-core/message/190489
Mute This Topic: https://lists.openembedded.org/mt/102579765/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

71 matches

Mail list logo