[OE-core] [PATCH v2 1/1] cmake-qemu.bbclass: support qemu for cmake
Define the CMAKE_CROSSCOMPILING_EMULATOR variable similar to what the
meson bbclass does. This allows for example to execute cross compilied
unit tests on the build machine when using an SDK.
CMAKE_CROSSCOMPILING_EMULATOR is a semi colon separated list of
paramters which could directly handle the -L and the -E parameters.
Creating a wrapper script is not absolutely mandatory. But anyway lets
do it similar to what the meson.bbclass does and also disable pseudo.
Further information can be found in the camke documentation in the
CMAKE_CROSSCOMPILING_EMULATOR section.
Keep the code optional, as the core does not need this function and does
not intend to use it in the future.
[YOCTO #15214]
Signed-off-by: Adrian Freihofer
---
meta/classes-recipe/cmake-qemu.bbclass | 32 ++
1 file changed, 32 insertions(+)
create mode 100644 meta/classes-recipe/cmake-qemu.bbclass
diff --git a/meta/classes-recipe/cmake-qemu.bbclass
b/meta/classes-recipe/cmake-qemu.bbclass
new file mode 100644
index 00..482ad91895
--- /dev/null
+++ b/meta/classes-recipe/cmake-qemu.bbclass
@@ -0,0 +1,32 @@
+#
+# Copyright OpenEmbedded Contributors
+#
+# SPDX-License-Identifier: MIT
+#
+# Not all platforms are supported by Qemu. Using qemu-user therefore
+# involves a certain risk, which is also the reason why this feature
+# is not part of the main cmake class by default.
+#
+# One use case is the execution of cross-compiled unit tests with CTest
+# on the build machine. If CMAKE_EXEWRAPPER_ENABLED is configured,
+# cmake --build --target test
+# works transparently with qemu-user. If the cmake project is developed
+# with this use case in mind this works very nicely also out of an IDE
+# configured to use cmake-native for cross compiling.
+
+inherit qemu cmake
+
+DEPENDS:append:class-target = "${@' qemu-native' if
bb.utils.contains('MACHINE_FEATURES', 'qemu-usermode', True, False, d) else ''}"
+
+cmake_do_generate_toolchain_file:append:class-target() {
+if [ "${@bb.utils.contains('MACHINE_FEATURES', 'qemu-usermode', 'True',
'False', d)}" ]; then
+# Write out a qemu wrapper that will be used as exe_wrapper so that
camake
+# can run target helper binaries through that. This also allows to
execute ctest.
+qemu_binary="${@qemu_wrapper_cmdline(d, '${STAGING_DIR_HOST}',
['${STAGING_DIR_HOST}/${libdir}','${STAGING_DIR_HOST}/${base_libdir}'])}"
+echo "#!/bin/sh" > "${WORKDIR}/cmake-qemuwrapper"
+echo "$qemu_binary \"\$@\"" >> "${WORKDIR}/cmake-qemuwrapper"
+chmod +x "${WORKDIR}/cmake-qemuwrapper"
+echo "set( CMAKE_CROSSCOMPILING_EMULATOR
${WORKDIR}/cmake-qemuwrapper)" \
+ >> ${WORKDIR}/toolchain.cmake
+fi
+}
--
2.41.0
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#191261):
https://lists.openembedded.org/g/openembedded-core/message/191261
Mute This Topic: https://lists.openembedded.org/mt/102825114/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH v2 0/1] cmake.bbclass: optionally support qemu
Changes in comparison to v1: Improve the implementation according to Richard's suggestions. José's comments have also been taken into account. https://lists.openembedded.org/g/openembedded-core/topic/89289917 - The idea is now to inherit the cmake-qemu.bbclass only where it really makes sense. This differs from the Meson implementation. But the limitations of this approach can be taken into account for each recipe individually. - Drop the CMAKE_EXEWRAPPER_ENABLED variable again. - Improve the comment Adrian Freihofer (1): cmake-qemu.bbclass: support qemu for cmake meta/classes-recipe/cmake-qemu.bbclass | 32 ++ 1 file changed, 32 insertions(+) create mode 100644 meta/classes-recipe/cmake-qemu.bbclass -- 2.41.0 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#191262): https://lists.openembedded.org/g/openembedded-core/message/191262 Mute This Topic: https://lists.openembedded.org/mt/102825115/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe-core][PATCHv3] pciutils: add packageconfigs for options
My motivation for this is to get zlib support selectable, because
libosinfo requires the pci.ids file uncompressed. Add packageconfigs for
the other options as well to avoid autoselect.
Configuration stays the same besides zlib is deselected by default.
Signed-off-by: Markus Volk
---
meta/recipes-bsp/pciutils/pciutils_3.10.0.bb | 13 +++--
1 file changed, 7 insertions(+), 6 deletions(-)
diff --git a/meta/recipes-bsp/pciutils/pciutils_3.10.0.bb
b/meta/recipes-bsp/pciutils/pciutils_3.10.0.bb
index e27cfd4ced..351dd94778 100644
--- a/meta/recipes-bsp/pciutils/pciutils_3.10.0.bb
+++ b/meta/recipes-bsp/pciutils/pciutils_3.10.0.bb
@@ -9,7 +9,7 @@ LIC_FILES_CHKSUM =
"file://COPYING;md5=751419260aa954499f7abaabaa882bbe"
# Can drop make-native when all systems have make 4.3
#
https://git.savannah.gnu.org/cgit/make.git/commit/?id=b90fabc8d6f34fb37d428dc0fb1b8b1951a9fbed
# causes space issues in lib/libpci.pc
-DEPENDS = "zlib kmod make-native"
+DEPENDS = "make-native"
SRC_URI = "${KERNELORG_MIRROR}/software/utils/pciutils/pciutils-${PV}.tar.xz \
file://configure.patch"
@@ -18,10 +18,11 @@ SRC_URI[sha256sum] =
"238a2e27166730e53a17fe07bfad229e07fa39b618117e5944b6d7eda9
inherit multilib_header pkgconfig update-alternatives
-PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'hwdb',
'', d)}"
+PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'hwdb',
'', d)} dns kmod"
PACKAGECONFIG[hwdb] = "HWDB=yes,HWDB=no,udev"
-
-PCI_CONF_FLAG = "ZLIB=yes DNS=yes SHARED=yes STRIP= LIBDIR=${libdir}"
+PACKAGECONFIG[zlib] = "ZLIB=yes,ZLIB=no,zlib"
+PACKAGECONFIG[kmod] = "LIBKMOD=yes,LIBKMOD=no,kmod"
+PACKAGECONFIG[dns] = "DNS=yes,DNS=no"
# see configure.patch
do_configure () {
@@ -29,7 +30,7 @@ do_configure () {
cd lib && \
# PACKAGECONFIG_CONFARGS for this recipe could only possibly contain
'HWDB=yes/no',
# so we put it before ./configure
- ${PCI_CONF_FLAG} ${PACKAGECONFIG_CONFARGS} ./configure ${PV}
${datadir} ${TARGET_OS} ${TARGET_ARCH}
+ ${PACKAGECONFIG_CONFARGS} ./configure ${PV} ${datadir} ${TARGET_OS}
${TARGET_ARCH}
)
}
@@ -38,7 +39,7 @@ export SBINDIR = "${sbindir}"
export SHAREDIR = "${datadir}"
export MANDIR = "${mandir}"
-EXTRA_OEMAKE = "-e MAKEFLAGS= ${PCI_CONF_FLAG}"
+EXTRA_OEMAKE = "-e MAKEFLAGS='SHARED=yes STRIP= LIBDIR=${libdir}'"
ASNEEDED = ""
--
2.42.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#191260):
https://lists.openembedded.org/g/openembedded-core/message/191260
Mute This Topic: https://lists.openembedded.org/mt/102824927/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [oe-core][PATCH] pciutils: add packageconfigs for options
On Sun, Nov 26 2023 at 05:18:16 PM -08:00:00, Khem Raj wrote: I am seeing configure failures -e MAKEFLAGS= needs to be last in EXTRA_OEMAKE Sorry, not sure why I didn't catch this -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#191259): https://lists.openembedded.org/g/openembedded-core/message/191259 Mute This Topic: https://lists.openembedded.org/mt/102765276/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe-core][PATCHv2] pciutils: add packageconfigs for options
My motivation for this is to get zlib support selectable, because
libosinfo requires the pci.ids file uncompressed. Add packageconfigs for
the other options as well to avoid autoselect.
Configuration stays the same besides zlib is deselected by default.
Signed-off-by: Markus Volk
---
meta/recipes-bsp/pciutils/pciutils_3.10.0.bb | 13 +++--
1 file changed, 7 insertions(+), 6 deletions(-)
diff --git a/meta/recipes-bsp/pciutils/pciutils_3.10.0.bb
b/meta/recipes-bsp/pciutils/pciutils_3.10.0.bb
index e27cfd4ced..0f2288b818 100644
--- a/meta/recipes-bsp/pciutils/pciutils_3.10.0.bb
+++ b/meta/recipes-bsp/pciutils/pciutils_3.10.0.bb
@@ -9,7 +9,7 @@ LIC_FILES_CHKSUM =
"file://COPYING;md5=751419260aa954499f7abaabaa882bbe"
# Can drop make-native when all systems have make 4.3
#
https://git.savannah.gnu.org/cgit/make.git/commit/?id=b90fabc8d6f34fb37d428dc0fb1b8b1951a9fbed
# causes space issues in lib/libpci.pc
-DEPENDS = "zlib kmod make-native"
+DEPENDS = "make-native"
SRC_URI = "${KERNELORG_MIRROR}/software/utils/pciutils/pciutils-${PV}.tar.xz \
file://configure.patch"
@@ -18,10 +18,11 @@ SRC_URI[sha256sum] =
"238a2e27166730e53a17fe07bfad229e07fa39b618117e5944b6d7eda9
inherit multilib_header pkgconfig update-alternatives
-PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'hwdb',
'', d)}"
+PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'hwdb',
'', d)} dns kmod"
PACKAGECONFIG[hwdb] = "HWDB=yes,HWDB=no,udev"
-
-PCI_CONF_FLAG = "ZLIB=yes DNS=yes SHARED=yes STRIP= LIBDIR=${libdir}"
+PACKAGECONFIG[zlib] = "ZLIB=yes,ZLIB=no,zlib"
+PACKAGECONFIG[kmod] = "LIBKMOD=yes,LIBKMOD=no,kmod"
+PACKAGECONFIG[dns] = "DNS=yes,DNS=no"
# see configure.patch
do_configure () {
@@ -29,7 +30,7 @@ do_configure () {
cd lib && \
# PACKAGECONFIG_CONFARGS for this recipe could only possibly contain
'HWDB=yes/no',
# so we put it before ./configure
- ${PCI_CONF_FLAG} ${PACKAGECONFIG_CONFARGS} ./configure ${PV}
${datadir} ${TARGET_OS} ${TARGET_ARCH}
+ ${PACKAGECONFIG_CONFARGS} ./configure ${PV} ${datadir} ${TARGET_OS}
${TARGET_ARCH}
)
}
@@ -38,7 +39,7 @@ export SBINDIR = "${sbindir}"
export SHAREDIR = "${datadir}"
export MANDIR = "${mandir}"
-EXTRA_OEMAKE = "-e MAKEFLAGS= ${PCI_CONF_FLAG}"
+EXTRA_OEMAKE = "SHARED=yes STRIP= LIBDIR=${libdir} -e MAKEFLAGS="
ASNEEDED = ""
--
2.42.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#191258):
https://lists.openembedded.org/g/openembedded-core/message/191258
Mute This Topic: https://lists.openembedded.org/mt/102824877/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[oe-core][Kirkstone][PATCH] systemtap_git: fix used uninitialized error
bpf-translate.cxx: error: 'this_column_size' may be used uninitialized in this
function [-Werror=maybe-uninitialized]
bpf-translate.cxx: error: 'num' may be used uninitialized in this function
[-Werror=maybe-uninitialized]
Signed-off-by: Li Wang
---
...x-Prevent-Werror-maybe-uninitialized.patch | 53 +++
.../recipes-kernel/systemtap/systemtap_git.bb | 1 +
2 files changed, 54 insertions(+)
create mode 100644
meta/recipes-kernel/systemtap/systemtap/0001-bpf-translate.cxx-Prevent-Werror-maybe-uninitialized.patch
diff --git
a/meta/recipes-kernel/systemtap/systemtap/0001-bpf-translate.cxx-Prevent-Werror-maybe-uninitialized.patch
b/meta/recipes-kernel/systemtap/systemtap/0001-bpf-translate.cxx-Prevent-Werror-maybe-uninitialized.patch
new file mode 100644
index 00..130eefab5d
--- /dev/null
+++
b/meta/recipes-kernel/systemtap/systemtap/0001-bpf-translate.cxx-Prevent-Werror-maybe-uninitialized.patch
@@ -0,0 +1,53 @@
+From df3425f51a512f65522522daf1f78c7fab0a63fd Mon Sep 17 00:00:00 2001
+From: Aaron Merey
+Date: Fri, 25 Feb 2022 19:18:29 -0500
+Subject: [PATCH] bpf-translate.cxx: Prevent -Werror=maybe-uninitialized
+
+Two variables in bpf-translate.cxx can trigger -Werror=maybe-uninitialized.
+The code is designed so that uninitialized uses are not actually possible,
+but to convince gcc of this we move a throw statement and initialize one
+of the variables with a value.
+
+Upstream-Status: Backport
[https://sourceware.org/git/?p=systemtap.git;a=commit;h=df3425f51a512f65522522daf1f78c7fab0a63fd]
+
+Signed-off-by: Li Wang
+---
+ bpf-translate.cxx | 8 +---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/bpf-translate.cxx b/bpf-translate.cxx
+index 3f45c721f..1b63d6078 100644
+--- a/bpf-translate.cxx
b/bpf-translate.cxx
+@@ -1203,7 +1203,7 @@ bpf_unparser::emit_asm_arg (const asm_stmt , const
std::string ,
+ {
+ /* arg is a register number */
+ std::string reg = arg[0] == 'r' ? arg.substr(1) : arg;
+- unsigned long num;
++ unsigned long num = ULONG_MAX;
+ bool parsed = false;
+ try {
+ num = stoul(reg, 0, 0);
+@@ -1941,8 +1941,6 @@ bpf_unparser::visit_foreach_loop(foreach_loop* s)
+ for (unsigned k = 0; k < arraydecl->index_types.size(); k++)
+ {
+ auto type = arraydecl->index_types[k];
+- if (type != pe_long && type != pe_string)
+-throw SEMANTIC_ERROR(_("unhandled foreach index type"), s->tok);
+ int this_column_size;
+ // PR23875: foreach should handle string keys
+ if (type == pe_long)
+@@ -1953,6 +1951,10 @@ bpf_unparser::visit_foreach_loop(foreach_loop* s)
+ {
+ this_column_size = BPF_MAXSTRINGLEN;
+ }
++ else
++{
++ throw SEMANTIC_ERROR(_("unhandled foreach index type"), s->tok);
++}
+ if (info.sort_column == k + 1) // record sort column
+ {
+ info.sort_column_size = this_column_size;
+--
+2.25.1
+
diff --git a/meta/recipes-kernel/systemtap/systemtap_git.bb
b/meta/recipes-kernel/systemtap/systemtap_git.bb
index ce86d5274d..c84fc27001 100644
--- a/meta/recipes-kernel/systemtap/systemtap_git.bb
+++ b/meta/recipes-kernel/systemtap/systemtap_git.bb
@@ -9,6 +9,7 @@ require systemtap_git.inc
SRC_URI += "file://0001-improve-reproducibility-for-c-compiling.patch \
file://0001-staprun-address-ncurses-6.3-failures.patch \
file://0001-gcc12-c-compatibility-re-tweak-for-rhel6-use-functio.patch \
+
file://0001-bpf-translate.cxx-Prevent-Werror-maybe-uninitialized.patch \
"
DEPENDS = "elfutils"
--
2.31.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#191257):
https://lists.openembedded.org/g/openembedded-core/message/191257
Mute This Topic: https://lists.openembedded.org/mt/102824845/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [meta][kirkstone][PATCH 1/2] rsync: Add missing prototypes to function declarations
Hi, Could you please take this change -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#191256): https://lists.openembedded.org/g/openembedded-core/message/191256 Mute This Topic: https://lists.openembedded.org/mt/97945090/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [meta][kirkstone][PATCH 2/2] rsync: Turn on -pedantic-errors at the end of 'configure'
Hi, Could you please take this change. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#191255): https://lists.openembedded.org/g/openembedded-core/message/191255 Mute This Topic: https://lists.openembedded.org/mt/97945091/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [meta][kirkstone][PATCH] json-c: Add ptest
Hi, Could you please take this change -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#191254): https://lists.openembedded.org/g/openembedded-core/message/191254 Mute This Topic: https://lists.openembedded.org/mt/98039591/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [yocto] QA notification for completed autobuilder build (yocto-4.3.1.rc1)
Hi all, Intel and WR YP QA is planning for QA execution for YP build yocto-4.3.1.rc1. We are planning to execute following tests for this cycle: OEQA-manual tests for following module: 1. OE-Core 2. BSP-hw Runtime auto test for following platforms: 1. MinnowBoard Turbot - 32bit 2. Kaby Lake (7th Generation Intel(r) Core(tm) Processors) 3. Tiger Lake (11th Generation Intel(r) Core(tm) Processors) 4. Alder Lake-S (12th Generation Intel(r) Core(tm) Processors) 5. Raptor Lake-P (13th Generation Intel(r) Core(tm) Processors) 6. Beaglebone ETA for completion Thursday, 30 November 2023 . Best regards, Jing Hui > -Original Message- > From: yo...@lists.yoctoproject.org On Behalf > Of Pokybuild User > Sent: Saturday, November 25, 2023 8:59 AM > To: yo...@lists.yoctoproject.org > Cc: qa-build-notificat...@lists.yoctoproject.org > Subject: [yocto] QA notification for completed autobuilder build (yocto- > 4.3.1.rc1) > > > A build flagged for QA (yocto-4.3.1.rc1) was completed on the autobuilder > and is available at: > > > https://autobuilder.yocto.io/pub/releases/yocto-4.3.1.rc1 > > > Build URL: > https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6242 > > Build hash information: > > bitbake: 936fcec41efacc4ce988c81882a9ae6403702bea > meta-agl: 22ea97e52898c7ee3e32e0c683166c9071e37adf > meta-arm: db658a77af7e15cdb8e4d9231bef8c48c5d327fb > meta-aws: ac6f26f5707c51091ead00b26bffd3fa899dab71 > meta-intel: 52ce86a7f5f1ed751d80bc5e1d6b76db1c5b84c8 > meta-mingw: 49617a253e09baabbf0355bc736122e9549c8ab2 > meta-openembedded: 991e6852a53e0fcd40af8f0386d7f46bb318015e > meta-virtualization: a215d8320edee0a317a6511e7e2efa5bba867486 > oecore: cce77e8e79c860f4ef0ac4a86b9375bf87507360 > poky: bf9f2f6f60387b3a7cd570919cef6c4570edcb82 > > > > This is an automated message from the Yocto Project Autobuilder > Git: git://git.yoctoproject.org/yocto-autobuilder2 > Email: richard.pur...@linuxfoundation.org > > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#191253): https://lists.openembedded.org/g/openembedded-core/message/191253 Mute This Topic: https://lists.openembedded.org/mt/102823970/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [kirkstone][PATCH] grub: fix CVE-2023-4693
Upstream-Status: Backport from
https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=0ed2458cc4eff6d9a9199527e2a0b6d445802f94
Signed-off-by: Hitendra Prajapati
---
.../grub/files/CVE-2023-4693.patch| 62 +++
meta/recipes-bsp/grub/grub2.inc | 1 +
2 files changed, 63 insertions(+)
create mode 100644 meta/recipes-bsp/grub/files/CVE-2023-4693.patch
diff --git a/meta/recipes-bsp/grub/files/CVE-2023-4693.patch
b/meta/recipes-bsp/grub/files/CVE-2023-4693.patch
new file mode 100644
index 00..1b6013d86d
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/CVE-2023-4693.patch
@@ -0,0 +1,62 @@
+From 0ed2458cc4eff6d9a9199527e2a0b6d445802f94 Mon Sep 17 00:00:00 2001
+From: Maxim Suhanov
+Date: Mon, 28 Aug 2023 16:32:33 +0300
+Subject: [PATCH] fs/ntfs: Fix an OOB read when reading data from the resident
+ $DATA attribute
+
+When reading a file containing resident data, i.e., the file data is stored in
+the $DATA attribute within the NTFS file record, not in external clusters,
+there are no checks that this resident data actually fits the corresponding
+file record segment.
+
+When parsing a specially-crafted file system image, the current NTFS code will
+read the file data from an arbitrary, attacker-chosen memory offset and of
+arbitrary, attacker-chosen length.
+
+This allows an attacker to display arbitrary chunks of memory, which could
+contain sensitive information like password hashes or even plain-text,
+obfuscated passwords from BS EFI variables.
+
+This fix implements a check to ensure that resident data is read from the
+corresponding file record segment only.
+
+Fixes: CVE-2023-4693
+
+Reported-by: Maxim Suhanov
+Signed-off-by: Maxim Suhanov
+Reviewed-by: Daniel Kiper
+
+Upstream-Status: Backport
[https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=0ed2458cc4eff6d9a9199527e2a0b6d445802f94]
+CVE: CVE-2023-4693
+Signed-off-by: Hitendra Prajapati
+---
+ grub-core/fs/ntfs.c | 13 -
+ 1 file changed, 12 insertions(+), 1 deletion(-)
+
+diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c
+index 7e43fd6..8f63c83 100644
+--- a/grub-core/fs/ntfs.c
b/grub-core/fs/ntfs.c
+@@ -401,7 +401,18 @@ read_data (struct grub_ntfs_attr *at, grub_uint8_t *pa,
grub_uint8_t *dest,
+ {
+ if (ofs + len > u32at (pa, 0x10))
+ return grub_error (GRUB_ERR_BAD_FS, "read out of range");
+- grub_memcpy (dest, pa + u32at (pa, 0x14) + ofs, len);
++
++ if (u32at (pa, 0x10) > (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR))
++ return grub_error (GRUB_ERR_BAD_FS, "resident attribute too large");
++
++ if (pa >= at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR))
++ return grub_error (GRUB_ERR_BAD_FS, "resident attribute out of range");
++
++ if (u16at (pa, 0x14) + u32at (pa, 0x10) >
++(grub_addr_t) at->mft->buf + (at->mft->data->mft_size <<
GRUB_NTFS_BLK_SHR) - (grub_addr_t) pa)
++ return grub_error (GRUB_ERR_BAD_FS, "resident attribute out of range");
++
++ grub_memcpy (dest, pa + u16at (pa, 0x14) + ofs, len);
+ return 0;
+ }
+
+--
+2.25.1
+
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index aaee8a1e03..e6c6cd98b4 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -39,6 +39,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
file://commands-boot-Add-API-to-pass-context-to-loader.patch \
file://CVE-2022-28736-loader-efi-chainloader-Use-grub_loader_set_ex.patch \
file://CVE-2023-4692.patch \
+ file://CVE-2023-4693.patch \
"
SRC_URI[sha256sum] =
"23b64b4c741569f9426ed2e3d0e6780796fca081bee4c99f62aa3f53ae803f5f"
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#191252):
https://lists.openembedded.org/g/openembedded-core/message/191252
Mute This Topic: https://lists.openembedded.org/mt/102823896/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH] glibc: stable 2.38 branch updates
lgtm On Sun, Nov 26, 2023 at 8:01 PM Sundeep KOKKONDA via lists.openembedded.org wrote: > > Below commits on glibc-2.38 stable branch are updated. > 1e04dcec49 Revert "elf: Move l_init_called_next to old place of l_text_end in > link map" > 719866ab2f Revert "elf: Always call destructors in reverse constructor order > (bug 30785)" > e0b6c9706c Revert "elf: Remove unused l_text_end field from struct link_map" > > Signed-off-by: Sundeep KOKKONDA > --- > meta/recipes-core/glibc/glibc-version.inc | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/meta/recipes-core/glibc/glibc-version.inc > b/meta/recipes-core/glibc/glibc-version.inc > index 19b98bc11a..ccf9d505c5 100644 > --- a/meta/recipes-core/glibc/glibc-version.inc > +++ b/meta/recipes-core/glibc/glibc-version.inc > @@ -1,6 +1,6 @@ > SRCBRANCH ?= "release/2.38/master" > PV = "2.38+git" > -SRCREV_glibc ?= "750a45a783906a19591fb8ff6b7841470f1f5701" > +SRCREV_glibc ?= "1e04dcec491bd8f48b5b74ce3e8414132578a645" > SRCREV_localedef ?= "e0eca29583b9e0f62645c4316ced93cf4e4e26e1" > > GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git;protocol=https" > -- > 2.42.0 > > > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#191250): https://lists.openembedded.org/g/openembedded-core/message/191250 Mute This Topic: https://lists.openembedded.org/mt/102823529/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell][PATCH] bind: Backport fix for CVE-2023-3341
From: Vijay Anusuri
Upstream-Status: Backport
[https://gitlab.isc.org/isc-projects/bind9/-/commit/c4fac5ca98efd02fbaef43601627c7a3a09f5a71]
Signed-off-by: Vijay Anusuri
---
.../bind/bind/CVE-2023-3341.patch | 175 ++
.../recipes-connectivity/bind/bind_9.11.37.bb | 1 +
2 files changed, 176 insertions(+)
create mode 100644 meta/recipes-connectivity/bind/bind/CVE-2023-3341.patch
diff --git a/meta/recipes-connectivity/bind/bind/CVE-2023-3341.patch
b/meta/recipes-connectivity/bind/bind/CVE-2023-3341.patch
new file mode 100644
index 00..be479cb00e
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/CVE-2023-3341.patch
@@ -0,0 +1,175 @@
+From c4fac5ca98efd02fbaef43601627c7a3a09f5a71 Mon Sep 17 00:00:00 2001
+From: Mark Andrews
+Date: Tue, 20 Jun 2023 15:21:36 +1000
+Subject: [PATCH] Limit isccc_cc_fromwire recursion depth
+
+Named and rndc do not need a lot of recursion so the depth is
+set to 10.
+
+Taken from BIND 9.16.44 change.
+
+Upstream-Status: Backport
[https://gitlab.isc.org/isc-projects/bind9/-/commit/c4fac5ca98efd02fbaef43601627c7a3a09f5a71]
+CVE: CVE-2023-3341
+Signed-off-by: Vijay Anusuri
+---
+ lib/isccc/cc.c | 38 +++-
+ lib/isccc/include/isccc/result.h | 4 +++-
+ lib/isccc/result.c | 4 +++-
+ 3 files changed, 34 insertions(+), 12 deletions(-)
+
+diff --git a/lib/isccc/cc.c b/lib/isccc/cc.c
+index e012685..8eac3d6 100644
+--- a/lib/isccc/cc.c
b/lib/isccc/cc.c
+@@ -53,6 +53,10 @@
+
+ #define MAX_TAGS 256
+ #define DUP_LIFETIME 900
++#ifndef ISCCC_MAXDEPTH
++#define ISCCC_MAXDEPTH \
++ 10 /* Big enough for rndc which just sends a string each way. */
++#endif
+
+ typedef isccc_sexpr_t *sexpr_ptr;
+
+@@ -561,19 +565,25 @@ verify(isccc_sexpr_t *alist, unsigned char *data,
unsigned int length,
+
+ static isc_result_t
+ table_fromwire(isccc_region_t *source, isccc_region_t *secret,
+- uint32_t algorithm, isccc_sexpr_t **alistp);
++ uint32_t algorithm, unsigned int depth, isccc_sexpr_t **alistp);
+
+ static isc_result_t
+-list_fromwire(isccc_region_t *source, isccc_sexpr_t **listp);
++list_fromwire(isccc_region_t *source, unsigned int depth,
++isccc_sexpr_t **listp);
+
+ static isc_result_t
+-value_fromwire(isccc_region_t *source, isccc_sexpr_t **valuep) {
++value_fromwire(isccc_region_t *source, unsigned int depth,
++ isccc_sexpr_t **valuep) {
+ unsigned int msgtype;
+ uint32_t len;
+ isccc_sexpr_t *value;
+ isccc_region_t active;
+ isc_result_t result;
+
++ if (depth > ISCCC_MAXDEPTH) {
++ return (ISCCC_R_MAXDEPTH);
++ }
++
+ if (REGION_SIZE(*source) < 1 + 4)
+ return (ISC_R_UNEXPECTEDEND);
+ GET8(msgtype, source->rstart);
+@@ -591,9 +601,9 @@ value_fromwire(isccc_region_t *source, isccc_sexpr_t
**valuep) {
+ } else
+ result = ISC_R_NOMEMORY;
+ } else if (msgtype == ISCCC_CCMSGTYPE_TABLE)
+- result = table_fromwire(, NULL, 0, valuep);
++ result = table_fromwire(, NULL, 0, depth + 1, valuep);
+ else if (msgtype == ISCCC_CCMSGTYPE_LIST)
+- result = list_fromwire(, valuep);
++ result = list_fromwire(, depth + 1, valuep);
+ else
+ result = ISCCC_R_SYNTAX;
+
+@@ -602,7 +612,7 @@ value_fromwire(isccc_region_t *source, isccc_sexpr_t
**valuep) {
+
+ static isc_result_t
+ table_fromwire(isccc_region_t *source, isccc_region_t *secret,
+- uint32_t algorithm, isccc_sexpr_t **alistp)
++ uint32_t algorithm, unsigned int depth, isccc_sexpr_t **alistp)
+ {
+ char key[256];
+ uint32_t len;
+@@ -613,6 +623,10 @@ table_fromwire(isccc_region_t *source, isccc_region_t
*secret,
+
+ REQUIRE(alistp != NULL && *alistp == NULL);
+
++ if (depth > ISCCC_MAXDEPTH) {
++ return (ISCCC_R_MAXDEPTH);
++ }
++
+ checksum_rstart = NULL;
+ first_tag = true;
+ alist = isccc_alist_create();
+@@ -628,7 +642,7 @@ table_fromwire(isccc_region_t *source, isccc_region_t
*secret,
+ GET_MEM(key, len, source->rstart);
+ key[len] = '\0';/* Ensure NUL termination. */
+ value = NULL;
+- result = value_fromwire(source, );
++ result = value_fromwire(source, depth + 1, );
+ if (result != ISC_R_SUCCESS)
+ goto bad;
+ if (isccc_alist_define(alist, key, value) == NULL) {
+@@ -661,14 +675,18 @@ table_fromwire(isccc_region_t *source, isccc_region_t
*secret,
+ }
+
+ static isc_result_t
+-list_fromwire(isccc_region_t *source, isccc_sexpr_t **listp) {
++list_fromwire(isccc_region_t *source, unsigned int depth, isccc_sexpr_t
**listp) {
+ isccc_sexpr_t *list, *value;
+ isc_result_t result;
+
++ if (depth > ISCCC_MAXDEPTH) {
++
Re: [OE-core] [PATCH] binutils: stable 2.41 branch updates
lgtm.
On Sun, Nov 26, 2023 at 7:56 PM Sundeep KOKKONDA
wrote:
>
> Below commits on binutils-2.41 stable branch are updated.
> eb49941e7e1 Gold/MIPS: Add targ_extra_size=64 for mips32 triples
> c27eff41737 Gold/MIPS: Use EM_MIPS instead of EM_MIPS_RS3_LE for little endian
> 7fe76f02413 x86-64: fix suffix-less PUSH of symbol address
>
> Signed-off-by: Sundeep KOKKONDA
> ---
> meta/recipes-devtools/binutils/binutils-2.41.inc | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/meta/recipes-devtools/binutils/binutils-2.41.inc
> b/meta/recipes-devtools/binutils/binutils-2.41.inc
> index b4934c02a8..804f092965 100644
> --- a/meta/recipes-devtools/binutils/binutils-2.41.inc
> +++ b/meta/recipes-devtools/binutils/binutils-2.41.inc
> @@ -18,7 +18,7 @@ SRCBRANCH ?= "binutils-2_41-branch"
>
> UPSTREAM_CHECK_GITTAGREGEX = "binutils-(?P\d+_(\d_?)*)"
>
> -SRCREV ?= "cb4c3555ac4cf8aaf0935cb6e4b09e6882436d21"
> +SRCREV ?= "c1321df4eb0a136304205085cd4913dd4eb01054"
> BINUTILS_GIT_URI ?=
> "git://sourceware.org/git/binutils-gdb.git;branch=${SRCBRANCH};protocol=https"
> SRC_URI = "\
> ${BINUTILS_GIT_URI} \
> --
> 2.42.0
>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#191249):
https://lists.openembedded.org/g/openembedded-core/message/191249
Mute This Topic: https://lists.openembedded.org/mt/102823484/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH V2] cairo: upgrade 1.16.0 -> 1.18.0
From: qiutt
Changelog for 1.18.0 [1]:
The cairo-sphinx tool has been removed
Cairo now implements Type 3 color fonts for PDF
The XML surface has been removed
The Tee surface is now automatically enabled
The Quartz surface is improved
Cairo now hides all private symbols by default on every platform
Fixed multiple issues
As a part of 1.18.0, the following patches should be dropped.
CVE-2018-19876.patch :
https://gitlab.freedesktop.org/cairo/cairo/-/commit/90e85c2493fdfa3551f202ff10282463f1e36645
CVE-2019-6461.patch :
https://gitlab.freedesktop.org/cairo/cairo/-/commit/09643ee1abdd5daacebfcb564448f29be9a79bac
CVE-2019-6462.patch :
https://gitlab.freedesktop.org/cairo/cairo/-/commit/bbeaf08190d3006a80b80a77724801cd477a37b8
CVE-2020-35492.patch :
https://gitlab.freedesktop.org/cairo/cairo/-/commit/c986a7310bb06582b7d8a566d5f007ba4e5e75bf
These options are all gone [2]: directfb, valgrind, egl, glesv2, opengl, trace
Build tool is changed : autotools -> meson
[1] https://www.cairographics.org/news/cairo-1.18.0/
[2] https://gitlab.freedesktop.org/cairo/cairo/-/blob/master/meson_options.txt
Signed-off-by: qiutt
---
.../cairo/cairo/CVE-2018-19876.patch | 34 --
.../cairo/cairo/CVE-2019-6461.patch | 20 --
.../cairo/cairo/CVE-2019-6462.patch | 40
.../cairo/cairo/CVE-2020-35492.patch | 60 --
.../{cairo_1.16.0.bb => cairo_1.18.0.bb} | 63 +--
5 files changed, 16 insertions(+), 201 deletions(-)
delete mode 100644 meta/recipes-graphics/cairo/cairo/CVE-2018-19876.patch
delete mode 100644 meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch
delete mode 100644 meta/recipes-graphics/cairo/cairo/CVE-2019-6462.patch
delete mode 100644 meta/recipes-graphics/cairo/cairo/CVE-2020-35492.patch
rename meta/recipes-graphics/cairo/{cairo_1.16.0.bb => cairo_1.18.0.bb} (51%)
diff --git a/meta/recipes-graphics/cairo/cairo/CVE-2018-19876.patch
b/meta/recipes-graphics/cairo/cairo/CVE-2018-19876.patch
deleted file mode 100644
index 4252a5663b..00
--- a/meta/recipes-graphics/cairo/cairo/CVE-2018-19876.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-CVE: CVE-2018-19876
-Upstream-Status: Backport
-Signed-off-by: Ross Burton
-
-From 90e85c2493fdfa3551f202ff10282463f1e36645 Mon Sep 17 00:00:00 2001
-From: Carlos Garcia Campos
-Date: Mon, 19 Nov 2018 12:33:07 +0100
-Subject: [PATCH] ft: Use FT_Done_MM_Var instead of free when available in
- cairo_ft_apply_variations
-
-Fixes a crash when using freetype >= 2.9
- src/cairo-ft-font.c | 4
- 1 file changed, 4 insertions(+)
-
-diff --git a/src/cairo-ft-font.c b/src/cairo-ft-font.c
-index 325dd61b4..981973f78 100644
a/src/cairo-ft-font.c
-+++ b/src/cairo-ft-font.c
-@@ -2393,7 +2393,11 @@ skip:
- done:
- free (coords);
- free (current_coords);
-+#if HAVE_FT_DONE_MM_VAR
-+FT_Done_MM_Var (face->glyph->library, ft_mm_var);
-+#else
- free (ft_mm_var);
-+#endif
- }
- }
-
---
-2.11.0
-
diff --git a/meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch
b/meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch
deleted file mode 100644
index a2dba6cb20..00
--- a/meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch
+++ /dev/null
@@ -1,20 +0,0 @@
-There is an assertion in function _cairo_arc_in_direction().
-
-CVE: CVE-2019-6461
-Upstream-Status: Pending
-Signed-off-by: Ross Burton
-
-diff --git a/src/cairo-arc.c b/src/cairo-arc.c
-index 390397bae..1bde774a4 100644
a/src/cairo-arc.c
-+++ b/src/cairo-arc.c
-@@ -186,7 +186,8 @@ _cairo_arc_in_direction (cairo_t *cr,
- if (cairo_status (cr))
- return;
-
--assert (angle_max >= angle_min);
-+if (angle_max < angle_min)
-+ return;
-
- if (angle_max - angle_min > 2 * M_PI * MAX_FULL_CIRCLES) {
- angle_max = fmod (angle_max - angle_min, 2 * M_PI);
diff --git a/meta/recipes-graphics/cairo/cairo/CVE-2019-6462.patch
b/meta/recipes-graphics/cairo/cairo/CVE-2019-6462.patch
deleted file mode 100644
index 7c3209291b..00
--- a/meta/recipes-graphics/cairo/cairo/CVE-2019-6462.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-CVE: CVE-2019-6462
-Upstream-Status: Backport
-Signed-off-by: Quentin Schulz
-
-From ab2c5ee21e5f3d3ee4b3f67cfcd5811a4f99c3a0 Mon Sep 17 00:00:00 2001
-From: Heiko Lewin
-Date: Sun, 1 Aug 2021 11:16:03 +
-Subject: [PATCH] _arc_max_angle_for_tolerance_normalized: fix infinite loop
-
- src/cairo-arc.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/src/cairo-arc.c b/src/cairo-arc.c
-index 390397bae..1c891d1a0 100644
a/src/cairo-arc.c
-+++ b/src/cairo-arc.c
-@@ -90,16 +90,18 @@ _arc_max_angle_for_tolerance_normalized (double tolerance)
- { M_PI / 11.0, 9.81410988043554039085e-09 },
- };
- int table_size = ARRAY_LENGTH (table);
-+const int max_segments = 1000; /* this value is chosen arbitrarily. this
gives an error of about 1.74909e-20 */
-
- for (i =
Re: [OE-core] [PATCH] glibc: stable 2.38 branch updates
Testing is done and no regressions found. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#191247): https://lists.openembedded.org/g/openembedded-core/message/191247 Mute This Topic: https://lists.openembedded.org/mt/102823529/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] glibc: stable 2.38 branch updates
Below commits on glibc-2.38 stable branch are updated. 1e04dcec49 Revert "elf: Move l_init_called_next to old place of l_text_end in link map" 719866ab2f Revert "elf: Always call destructors in reverse constructor order (bug 30785)" e0b6c9706c Revert "elf: Remove unused l_text_end field from struct link_map" Signed-off-by: Sundeep KOKKONDA --- meta/recipes-core/glibc/glibc-version.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-core/glibc/glibc-version.inc b/meta/recipes-core/glibc/glibc-version.inc index 19b98bc11a..ccf9d505c5 100644 --- a/meta/recipes-core/glibc/glibc-version.inc +++ b/meta/recipes-core/glibc/glibc-version.inc @@ -1,6 +1,6 @@ SRCBRANCH ?= "release/2.38/master" PV = "2.38+git" -SRCREV_glibc ?= "750a45a783906a19591fb8ff6b7841470f1f5701" +SRCREV_glibc ?= "1e04dcec491bd8f48b5b74ce3e8414132578a645" SRCREV_localedef ?= "e0eca29583b9e0f62645c4316ced93cf4e4e26e1" GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git;protocol=https" -- 2.42.0 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#191246): https://lists.openembedded.org/g/openembedded-core/message/191246 Mute This Topic: https://lists.openembedded.org/mt/102823529/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH] binutils: stable 2.41 branch updates
Testing is done and no regressions found. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#191245): https://lists.openembedded.org/g/openembedded-core/message/191245 Mute This Topic: https://lists.openembedded.org/mt/102823484/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] binutils: stable 2.41 branch updates
Below commits on binutils-2.41 stable branch are updated.
eb49941e7e1 Gold/MIPS: Add targ_extra_size=64 for mips32 triples
c27eff41737 Gold/MIPS: Use EM_MIPS instead of EM_MIPS_RS3_LE for little endian
7fe76f02413 x86-64: fix suffix-less PUSH of symbol address
Signed-off-by: Sundeep KOKKONDA
---
meta/recipes-devtools/binutils/binutils-2.41.inc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-devtools/binutils/binutils-2.41.inc
b/meta/recipes-devtools/binutils/binutils-2.41.inc
index b4934c02a8..804f092965 100644
--- a/meta/recipes-devtools/binutils/binutils-2.41.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.41.inc
@@ -18,7 +18,7 @@ SRCBRANCH ?= "binutils-2_41-branch"
UPSTREAM_CHECK_GITTAGREGEX = "binutils-(?P\d+_(\d_?)*)"
-SRCREV ?= "cb4c3555ac4cf8aaf0935cb6e4b09e6882436d21"
+SRCREV ?= "c1321df4eb0a136304205085cd4913dd4eb01054"
BINUTILS_GIT_URI ?=
"git://sourceware.org/git/binutils-gdb.git;branch=${SRCBRANCH};protocol=https"
SRC_URI = "\
${BINUTILS_GIT_URI} \
--
2.42.0
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#191244):
https://lists.openembedded.org/g/openembedded-core/message/191244
Mute This Topic: https://lists.openembedded.org/mt/102823484/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [oe-core][PATCH] pciutils: add packageconfigs for options
I am seeing configure failures
8923 |
/mnt/b/yoe/master/build/tmp/work/cortexa72-cortexa53-crypto-yoe-linux/pciutils/3.10.0/temp/run.do_configure.1786381:
line 149: DNS=yes: command not found
On Thu, Nov 23, 2023 at 3:34 AM Markus Volk wrote:
>
> My motivation for this is to get zlib support selectable, because
> libosinfo requires the pci.ids file uncompressed. Add packageconfigs for
> the other options as well to avoid autoselect.
>
> Configuration stays the same besides zlib is deselected by default.
>
> Signed-off-by: Markus Volk
> ---
> meta/recipes-bsp/pciutils/pciutils_3.10.0.bb | 11 ++-
> 1 file changed, 6 insertions(+), 5 deletions(-)
>
> diff --git a/meta/recipes-bsp/pciutils/pciutils_3.10.0.bb
> b/meta/recipes-bsp/pciutils/pciutils_3.10.0.bb
> index e27cfd4ced..4bde090169 100644
> --- a/meta/recipes-bsp/pciutils/pciutils_3.10.0.bb
> +++ b/meta/recipes-bsp/pciutils/pciutils_3.10.0.bb
> @@ -9,7 +9,7 @@ LIC_FILES_CHKSUM =
> "file://COPYING;md5=751419260aa954499f7abaabaa882bbe"
> # Can drop make-native when all systems have make 4.3
> #
> https://git.savannah.gnu.org/cgit/make.git/commit/?id=b90fabc8d6f34fb37d428dc0fb1b8b1951a9fbed
> # causes space issues in lib/libpci.pc
> -DEPENDS = "zlib kmod make-native"
> +DEPENDS = "make-native"
>
> SRC_URI = "${KERNELORG_MIRROR}/software/utils/pciutils/pciutils-${PV}.tar.xz
> \
> file://configure.patch"
> @@ -18,10 +18,11 @@ SRC_URI[sha256sum] =
> "238a2e27166730e53a17fe07bfad229e07fa39b618117e5944b6d7eda9
>
> inherit multilib_header pkgconfig update-alternatives
>
> -PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'systemd',
> 'hwdb', '', d)}"
> +PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'systemd',
> 'hwdb', '', d)} dns kmod"
> PACKAGECONFIG[hwdb] = "HWDB=yes,HWDB=no,udev"
> -
> -PCI_CONF_FLAG = "ZLIB=yes DNS=yes SHARED=yes STRIP= LIBDIR=${libdir}"
> +PACKAGECONFIG[zlib] = "ZLIB=yes,ZLIB=no,zlib"
> +PACKAGECONFIG[kmod] = "LIBKMOD=yes,LIBKMOD=no,kmod"
> +PACKAGECONFIG[dns] = "DNS=yes,DNS=no"
>
> # see configure.patch
> do_configure () {
> @@ -38,7 +39,7 @@ export SBINDIR = "${sbindir}"
> export SHAREDIR = "${datadir}"
> export MANDIR = "${mandir}"
>
> -EXTRA_OEMAKE = "-e MAKEFLAGS= ${PCI_CONF_FLAG}"
> +EXTRA_OEMAKE = "-e MAKEFLAGS= SHARED=yes STRIP= LIBDIR=${libdir}"
>
> ASNEEDED = ""
>
> --
> 2.42.0
>
>
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#191243):
https://lists.openembedded.org/g/openembedded-core/message/191243
Mute This Topic: https://lists.openembedded.org/mt/102765276/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] OE-core CVE metrics for master on Sun 26 Nov 2023 11:29:53 AM HST
Branch: master New this week: 8 CVEs CVE-2023-48231 (CVSS3: 4.3 MEDIUM): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-48231 * CVE-2023-48232 (CVSS3: 4.3 MEDIUM): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-48232 * CVE-2023-48233 (CVSS3: 4.3 MEDIUM): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-48233 * CVE-2023-48234 (CVSS3: 4.3 MEDIUM): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-48234 * CVE-2023-48235 (CVSS3: 4.3 MEDIUM): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-48235 * CVE-2023-48236 (CVSS3: 4.3 MEDIUM): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-48236 * CVE-2023-48237 (CVSS3: 4.3 MEDIUM): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-48237 * CVE-2023-6176 (CVSS3: 7.8 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6176 * Removed this week: 6 CVEs CVE-2023-38469 (CVSS3: 5.5 MEDIUM): avahi https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38469 * CVE-2023-38470 (CVSS3: 5.5 MEDIUM): avahi https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38470 * CVE-2023-38471 (CVSS3: 5.5 MEDIUM): avahi https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38471 * CVE-2023-38472 (CVSS3: 5.5 MEDIUM): avahi https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38472 * CVE-2023-38473 (CVSS3: 5.5 MEDIUM): avahi https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38473 * CVE-2023-46246 (CVSS3: 5.5 MEDIUM): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46246 * Full list: Found 36 unpatched CVEs CVE-2019-14899 (CVSS3: 7.4 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14899 * CVE-2021-3714 (CVSS3: 7.5 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3714 * CVE-2021-3864 (CVSS3: 7.0 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3864 * CVE-2022-0400 (CVSS3: 7.5 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0400 * CVE-2022-1247 (CVSS3: 7.0 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1247 * CVE-2022-3219 (CVSS3: 3.3 LOW): gnupg:gnupg-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3219 * CVE-2022-36402 (CVSS3: 5.5 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36402 * CVE-2022-38096 (CVSS3: 5.5 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-38096 * CVE-2022-4543 (CVSS3: 5.5 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4543 * CVE-2022-46456 (CVSS3: 6.1 MEDIUM): nasm:nasm-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46456 * CVE-2023-0687 (CVSS3: 9.8 CRITICAL): glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0687 * CVE-2023-1386 (CVSS3: 7.8 HIGH): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1386 * CVE-2023-25584 (CVSS3: 7.1 HIGH): binutils:binutils-cross-testsuite:binutils-cross-x86_64:binutils-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25584 * CVE-2023-3019 (CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3019 * CVE-2023-3397 (CVSS3: 6.3 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3397 * CVE-2023-3640 (CVSS3: 7.8 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3640 * CVE-2023-38559 (CVSS3: 5.5 MEDIUM): ghostscript https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38559 * CVE-2023-39928 (CVSS3: 8.8 HIGH): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39928 * CVE-2023-40030 (CVSS3: 6.1 MEDIUM): rust:rust-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40030 * CVE-2023-4010 (CVSS3: 4.6 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4010 * CVE-2023-4039 (CVSS3: 4.8 MEDIUM): gcc:gcc-cross-x86_64:gcc-runtime:gcc-sanitizers:libgcc:libgcc-initial https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4039 * CVE-2023-45283 (CVSS3: 7.5 HIGH): go:go-binary-native:go-cross-core2-64:go-runtime https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45283 * CVE-2023-45284 (CVSS3: 5.3 MEDIUM): go:go-binary-native:go-cross-core2-64:go-runtime https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45284 * CVE-2023-46407 (CVSS3: 5.5 MEDIUM): ffmpeg https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46407 * CVE-2023-47233 (CVSS3: 4.3 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47233 * CVE-2023-48231 (CVSS3: 4.3 MEDIUM): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-48231 * CVE-2023-48232 (CVSS3: 4.3 MEDIUM): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-48232 * CVE-2023-48233 (CVSS3: 4.3 MEDIUM): vim
Re: [OE-core] [PATCH] libpam: split /etc/environment into pam-plugin-env package
> -Original Message-
> From: openembedded-core@lists.openembedded.org
> On Behalf Of Martin Hundeb?ll
> Sent: den 24 november 2023 15:12
> To: openembedded-core@lists.openembedded.org
> Cc: Martin Hundebøll
> Subject: [OE-core] [PATCH] libpam: split /etc/environment into pam-plugin-env
> package
>
> Since systemd-v255, pam-plugin-umask is pulled in by by the logind
> package config for systemd. This causes /etc/environment to by installed
Change "by" to "be".
> as part of libpam-runtime. In our case, this broke do_rootfs for our
> image, because /etc/environment is already provided another (custom)
Change "another" to "by another".
> recipe.
>
> Fix this by making the /etc/environment file part of the pam-plugin-env
> package, which isn't automatically pulled in by systemd-logind. It also
> happens to be the where it should be, as the file is installed as by the
> pam_env plugin.
>
> Signed-off-by: Martin Hundebøll
> ---
> meta/recipes-extended/pam/libpam_1.5.3.bb | 7 ++-
> 1 file changed, 6 insertions(+), 1 deletion(-)
>
> diff --git a/meta/recipes-extended/pam/libpam_1.5.3.bb
> b/meta/recipes-extended/pam/libpam_1.5.3.bb
> index 1aa307af4d..c2ba1e6899 100644
> --- a/meta/recipes-extended/pam/libpam_1.5.3.bb
> +++ b/meta/recipes-extended/pam/libpam_1.5.3.bb
> @@ -51,9 +51,14 @@ PACKAGECONFIG[userdb] = "--enable-db=db,--enable-db=no,db,"
> PACKAGES += "${PN}-runtime ${PN}-xtests"
> FILES:${PN} = "${base_libdir}/lib*${SOLIBS}"
> FILES:${PN}-dev += "${base_libdir}/security/*.la ${base_libdir}/*.la
> ${base_libdir}/lib*${SOLIBSDEV}"
> -FILES:${PN}-runtime = "${sysconfdir} ${sbindir} ${systemd_system_unitdir}"
> +FILES:${PN}-runtime = "${sysconfdir}/pam.d ${sysconfdir}/security
> ${sysconfdir}/tmpfiles.d ${sbindir} ${systemd_system_unitdir}"
This is prone to errors if libpam adds anything else to /etc in the future.
If you instead add `prepend=True` as argument to the do_split_packages()
call that creates the pam-plugin packages, this should not be needed.
> FILES:${PN}-xtests = "${datadir}/Linux-PAM/xtests"
>
> +# libpam installs /etc/environment for use with the pam_env plugin. Make
> sure it is
> +# packaged with the pam-plugin-env package to avoid breaking installations
> which
> +# install that file via other packages
> +FILES:pam-plugin-env = "/etc/environment"
Change /etc to ${sysconfir}.
> +
> PACKAGES_DYNAMIC += "^${MLPREFIX}pam-plugin-.*"
>
> def get_multilib_bit(d):
> --
> 2.42.0
//Peter
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#191241):
https://lists.openembedded.org/g/openembedded-core/message/191241
Mute This Topic: https://lists.openembedded.org/mt/102780994/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [kirkstone][PATCH 4/4] shadow: Add PW_SUBDIR
> -Original Message-
> From: openembedded-core@lists.openembedded.org
> On Behalf Of Joakim Tjernlund via
> lists.openembedded.org
> Sent: den 24 november 2023 15:11
> To: openembedded-core@lists.openembedded.org
> Cc: Joakim Tjernlund
> Subject: [OE-core] [kirkstone][PATCH 4/4] shadow: Add PW_SUBDIR
>
> Add support for creating passwd files in a /etc subdir
> Set PW_SUBIR to pwdb to get passwd files in /etc/pwdb
>
> Signed-off-by: Joakim Tjernlund
> ---
> .../0001-Define-SUBUID_FILE-SUBGID_FILE.patch | 92 +++
> meta/recipes-extended/shadow/shadow.inc | 30 +-
> 2 files changed, 118 insertions(+), 4 deletions(-)
> create mode 100644
> meta/recipes-extended/shadow/files/0001-Define-SUBUID_FILE-SUBGID_FILE.patch
>
> diff --git
> a/meta/recipes-extended/shadow/files/0001-Define-SUBUID_FILE-SUBGID_FILE.patch
>
> b/meta/recipes-extended/shadow/files/0001-Define-SUBUID_FILE-SUBGID_FILE.patch
> new file mode 100644
> index 00..9f85159e97
> --- /dev/null
> +++
> b/meta/recipes-extended/shadow/files/0001-Define-SUBUID_FILE-SUBGID_FILE.patch
> @@ -0,0 +1,92 @@
> +From f605fb315faef7ddcad70d638f3b3aa16ea98fc0 Mon Sep 17 00:00:00 2001
> +From: Joakim Tjernlund
> +Date: Thu, 2 Nov 2023 00:27:10 +0100
> +Subject: [PATCH] Define SUBUID_FILE/SUBGID_FILE
> +
> +Upstream-Status: Backport,
> https://github.com/shadow-maint/shadow/commit/ee3a79c6952f8ca649c286c7f76639d9d1dedaad
Follow the recommended syntax:
Upstream-Status: Backport
[https://github.com/shadow-maint/shadow/commit/ee3a79c6952f8ca649c286c7f76639d9d1dedaad]
> +
> +These where hard coded, make them definable like SHADOW_FILE
> +
> +Signed-off-by: Joakim Tjernlund
> +---
[cut]
> diff --git a/meta/recipes-extended/shadow/shadow.inc
> b/meta/recipes-extended/shadow/shadow.inc
> index 3c1dd2f98e..bcb9b09a49 100644
> --- a/meta/recipes-extended/shadow/shadow.inc
> +++ b/meta/recipes-extended/shadow/shadow.inc
> @@ -18,6 +18,7 @@ SRC_URI =
> "https://github.com/shadow-maint/shadow/releases/download/v${PV}/${BP}
> file://useradd \
> file://CVE-2023-29383.patch \
> file://0001-Overhaul-valid_field.patch \
> + file://0001-Define-SUBUID_FILE-SUBGID_FILE.patch \
> "
>
> SRC_URI:append:class-target = " \
> @@ -46,6 +47,21 @@ PAM_SRC_URI = "file://pam.d/chfn \
> file://pam.d/passwd \
> file://pam.d/su"
>
> +#Set PW_SUBDIR to pwdb to get passwd files in /etc/pwdb
> +PW_SUBDIR ?= ""
> +PWPRE = "/etc/${PW_SUBDIR}"
Use ${sysconfdir} instead of /etc.
> +CFLAGS:append = ' -DPASSWD_FILE=\\"${PWPRE}/passwd\\"'
> +CFLAGS:append = ' -DSHADOW_FILE=\\"${PWPRE}/shadow\\"'
> +CFLAGS:append = ' -DGROUP_FILE=\\"${PWPRE}/group\\"'
> +CFLAGS:append = ' -DSGROUP_FILE=\\"${PWPRE}/gshadow\\"'
> +CFLAGS:append = ' -DSUBUID_FILE=\\"${PWPRE}/subuid\\"'
> +CFLAGS:append = ' -DSUBGID_FILE=\\"${PWPRE}/subgid\\"'
Use `CFLAGS += ...` instead of `CFLAGS:append = ...`:
CFLAGS += ' \
-DPASSWD_FILE=\\"${PWPRE}/passwd\\" \
-DSHADOW_FILE=\\"${PWPRE}/shadow\\" \
-DGROUP_FILE=\\"${PWPRE}/group\\" \
-DSGROUP_FILE=\\"${PWPRE}/gshadow\\" \
-DSUBUID_FILE=\\"${PWPRE}/subuid\\" \
-DSUBGID_FILE=\\"${PWPRE}/subgid\\" \
'
> +
> +#shadow has it own impl. that uses whatever dir passwd files are in
> +do_configure:prepend () {
> +sed -i -e 's/lckpwdf//' ${S}/configure.ac
Use tabs to indent shell code. However, this should really be a patch...
> +}
> +
> inherit autotools gettext
>
> export CONFIG_SHELL="/bin/sh"
> @@ -157,9 +173,9 @@ do_install:append() {
> # usermod requires the subuid/subgid files to be in place before being
> # able to use the -v/-V flags otherwise it fails:
> # usermod: /etc/subuid does not exist, you cannot use the flags -v or -V
> - install -d ${D}${sysconfdir}
> - touch ${D}${sysconfdir}/subuid
> - touch ${D}${sysconfdir}/subgid
> + install -d ${D}${sysconfdir}/${PW_SUBDIR}
> + touch ${D}${sysconfdir}/${PW_SUBDIR}/subuid
> + touch ${D}${sysconfdir}/${PW_SUBDIR}/subgid
> }
>
> PACKAGES =+ "${PN}-base"
> @@ -193,12 +209,18 @@ ALTERNATIVE_LINK_NAME[su] = "${base_bindir}/su"
>
> PACKAGE_WRITE_DEPS += "shadow-native"
> pkg_postinst:${PN}:class-target () {
> + install -d $D${sysconfdir}/${PW_SUBDIR}
> if [ "x$D" != "x" ]; then
> rootarg="--root $D"
> else
> rootarg=""
> fi
> -
> + if [ -n "${PW_SUBDIR}" ]; then
> + ln -fs ${PW_SUBDIR}/subuid $D${sysconfdir}/subuid
> + ln -fs ${PW_SUBDIR}/subgid $D${sysconfdir}/subgid
> + ln -fs ${PW_SUBDIR}/shadow $D${sysconfdir}/shadow
> + ln -fs ${PW_SUBDIR}/gshadow $D${sysconfdir}/gshadow
Inconsistent indentation (mix of tabs and spaces). This also applies to
the old code above, but with a different number of spaces...
> + fi
> pwconv $rootarg || exit 1
> grpconv $rootarg || exit 1
> }
> --
> 2.41.0
//Peter
-=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [kirkstone][PATCH 3/4] pseudo: Add PW_SUBDIR
> -Original Message-
> From: openembedded-core@lists.openembedded.org
> On Behalf Of Joakim Tjernlund via
> lists.openembedded.org
> Sent: den 24 november 2023 15:11
> To: openembedded-core@lists.openembedded.org
> Cc: Joakim Tjernlund
> Subject: [OE-core] [kirkstone][PATCH 3/4] pseudo: Add PW_SUBDIR
>
> Add support for creating passwd files in a /etc subdir
> Set PW_SUBIR to pwdb to get passwd files in /etc/pwdb
>
> Signed-off-by: Joakim Tjernlund
> ---
> meta/recipes-devtools/pseudo/pseudo.inc | 11 ---
> 1 file changed, 8 insertions(+), 3 deletions(-)
>
> diff --git a/meta/recipes-devtools/pseudo/pseudo.inc
> b/meta/recipes-devtools/pseudo/pseudo.inc
> index 7e09b6d58c..7ba2e2261c 100644
> --- a/meta/recipes-devtools/pseudo/pseudo.inc
> +++ b/meta/recipes-devtools/pseudo/pseudo.inc
> @@ -10,6 +10,9 @@ SECTION = "base"
> LICENSE = "LGPL-2.1-only"
> DEPENDS = "sqlite3 attr"
>
> +#Set PW_SUBDIR to pwdb to get passwd files in /etc/pwdb
> +PW_SUBDIR ?= ""
> +
> FILES:${PN} = "${prefix}/lib/pseudo/lib*/libpseudo.so ${bindir}/*
> ${localstatedir}/pseudo ${prefix}/var/pseudo"
> INSANE_SKIP:${PN} += "libdir"
> INSANE_SKIP:${PN}-dbg += "libdir"
> @@ -131,10 +134,12 @@ do_install () {
>
> do_install:append:class-native () {
> chrpath ${D}${bindir}/pseudo -r `chrpath ${D}${bindir}/pseudo | cut -d
> = -f 2 | sed s/XORIGIN/\\$ORIGIN/`
> - install -d ${D}${sysconfdir}
> + install -d ${D}${sysconfdir}/${PW_SUBDIR}
> # The fallback files should never be modified
> - install -m 444 ${WORKDIR}/fallback-passwd ${D}${sysconfdir}/passwd
> - install -m 444 ${WORKDIR}/fallback-group ${D}${sysconfdir}/group
> + install -m 444 ${WORKDIR}/fallback-passwd
> ${D}${sysconfdir}/${PW_SUBDIR}/passwd
> +[ -n "${PW_SUBDIR}" ] && ln -fs ${PW_SUBDIR}/passwd
> ${D}${sysconfdir}/passwd
Inconsistent indentation (spaces instead of tab). And here too I
recommend to use || instead of &&.
> + install -m 444 ${WORKDIR}/fallback-group
> ${D}${sysconfdir}/${PW_SUBDIR}/group
> +[ -n "${PW_SUBDIR}" ] && ln -fs ${PW_SUBDIR}/group
> ${D}${sysconfdir}/group
Inconsistent indentation (spaces instead of tab).
>
> # Two native/nativesdk entries below are the same
> # If necessary install for the alternative machine arch. This is only
> --
> 2.41.0
//Peter
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#191239):
https://lists.openembedded.org/g/openembedded-core/message/191239
Mute This Topic: https://lists.openembedded.org/mt/102780968/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [kirkstone][PATCH 2/4] base-passwd: Add PW_SUBDIR
> -Original Message-
> From: openembedded-core@lists.openembedded.org
> On Behalf Of Joakim Tjernlund via
> lists.openembedded.org
> Sent: den 24 november 2023 15:11
> To: openembedded-core@lists.openembedded.org
> Cc: Joakim Tjernlund
> Subject: [OE-core] [kirkstone][PATCH 2/4] base-passwd: Add PW_SUBDIR
>
> Add support for creating passwd files in a /etc subdir
> Set PW_SUBIR to pwdb to get passwd files in /etc/pwdb
>
> Signed-off-by: Joakim Tjernlund
> ---
> .../base-passwd/base-passwd_3.5.29.bb | 24 ---
> 1 file changed, 16 insertions(+), 8 deletions(-)
>
> diff --git a/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb
> b/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb
> index ef7792ae49..e453be0763 100644
> --- a/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb
> +++ b/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb
> @@ -20,6 +20,9 @@ SRC_URI =
> "https://launchpad.net/debian/+archive/primary/+files/${BPN}_${PV}.tar
> SRC_URI[md5sum] = "6beccac48083fe8ae5048acd062e5421"
> SRC_URI[sha256sum] =
> "f0b66388b2c8e49c15692439d2bee63bcdd4bbbf7a782c7f64accc55986b6a36"
>
> +#Set PW_SUBDIR to pwdb to get passwd files in /etc/pwdb
> +PW_SUBDIR ?= ""
> +
Rather than defining a subdirectory, I would recommend defining the full
path, e.g.:
PW_DIR ?= "${sysconfdir}"
This avoids generating a lot of "//" in the middle of paths for the majority
of us who do not use a subdirectory for the password files.
> # the package is taken from launchpad; that source is static and goes stale
> # so we check the latest upstream from a directory that does get updated
> UPSTREAM_CHECK_URI = "${DEBIAN_MIRROR}/main/b/base-passwd/"
> @@ -50,10 +53,11 @@ basepasswd_sysroot_postinst() {
> #!/bin/sh
>
> # Install passwd.master and group.master to sysconfdir
> -install -d -m 755 ${STAGING_DIR_TARGET}${sysconfdir}
> +install -d -m 755 ${STAGING_DIR_TARGET}${sysconfdir}/${PW_SUBDIR}
> for i in passwd group; do
> install -p -m 644
> ${STAGING_DIR_TARGET}${datadir}/base-passwd/\$i.master \
> - ${STAGING_DIR_TARGET}${sysconfdir}/\$i
> + ${STAGING_DIR_TARGET}${sysconfdir}/${PW_SUBDIR}/\$i
> + [ -n "${PW_SUBDIR}" ] && ln -fs ${PW_SUBDIR}/\$i
> ${STAGING_DIR_TARGET}${sysconfdir}/\$i
I generally recommended to use `[ ! ... ] || ...` instead of `[ ... ] && ...`:
[ -z "${PW_SUBDIR}" ] || ln -fs ${PW_SUBDIR}/\$i
${STAGING_DIR_TARGET}${sysconfdir}/\$i
Or, assuming my recommendation above is followed:
[ "${PW_DIR}" = "${sysconfdir}" ] ||
ln -fsr ${STAGING_DIR_TARGET}${PW_DIR}/\$i
${STAGING_DIR_TARGET}${sysconfdir}/\$i
The reason is that the return status ($?) of `[ ... ] && ...` is 1 if the
test fails, while it is 0 for `[ ! ... ] || ...` when the test succeeds.
> done
>
> # Run any useradd postinsts
> @@ -89,15 +93,19 @@ python populate_packages:prepend() {
> f.close()
>
> preinst = """#!/bin/sh
> -mkdir -p $D${sysconfdir}
> -if [ ! -e $D${sysconfdir}/passwd ]; then
> -\tcat << 'EOF' > $D${sysconfdir}/passwd
> +mkdir -p $D${sysconfdir}/${PW_SUBDIR}
> +if [ ! -e $D${sysconfdir}/${PW_SUBDIR}/passwd ]; then
> +\tcat << 'EOF' > $D${sysconfdir}/${PW_SUBDIR}/passwd
> """ + passwd + """EOF
> fi
> -if [ ! -e $D${sysconfdir}/group ]; then
> -\tcat << 'EOF' > $D${sysconfdir}/group
> +if [ ! -e $D${sysconfdir}/${PW_SUBDIR}/group ]; then
> +\tcat << 'EOF' > $D${sysconfdir}/${PW_SUBDIR}/group
> """ + group + """EOF
> fi
> +if [ -n "${PW_SUBDIR}" ]; then
> +ln -fs ${PW_SUBDIR}/passwd $D${sysconfdir}/passwd
> +ln -fs ${PW_SUBDIR}/group $D${sysconfdir}/group
Use \t to indent the above two lines like the code before.
> +fi
> """
> d.setVar(d.expand('pkg_preinst:${PN}'), preinst)
> }
> @@ -114,5 +122,5 @@ pkg_postinst:${PN}-update () {
> if [ -n "$D" ]; then
> exit 0
> fi
> -${sbindir}/update-passwd
> +${sbindir}/update-passwd -P /etc/${PW_SUBDIR}/passwd -S
> /etc/${PW_SUBDIR}/shadow -G /etc/${PW_SUBDIR}/group
Replace /etc with ${sysconfdir}.
> }
> --
> 2.41.0
//Peter
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#191238):
https://lists.openembedded.org/g/openembedded-core/message/191238
Mute This Topic: https://lists.openembedded.org/mt/102780967/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] OE-core CVE metrics for nanbield on Sun 26 Nov 2023 05:00:01 AM HST
Branch: nanbield New this week: 8 CVEs CVE-2023-48231 (CVSS3: 4.3 MEDIUM): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-48231 * CVE-2023-48232 (CVSS3: 4.3 MEDIUM): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-48232 * CVE-2023-48233 (CVSS3: 4.3 MEDIUM): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-48233 * CVE-2023-48234 (CVSS3: 4.3 MEDIUM): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-48234 * CVE-2023-48235 (CVSS3: 4.3 MEDIUM): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-48235 * CVE-2023-48236 (CVSS3: 4.3 MEDIUM): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-48236 * CVE-2023-48237 (CVSS3: 4.3 MEDIUM): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-48237 * CVE-2023-6176 (CVSS3: 7.8 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6176 * Removed this week: 3 CVEs CVE-2022-33065 (CVSS3: 7.8 HIGH): libsndfile1 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-33065 * CVE-2023-46246 (CVSS3: 5.5 MEDIUM): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46246 * CVE-2023-5363 (CVSS3: 7.5 HIGH): openssl:openssl-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5363 * Full list: Found 63 unpatched CVEs CVE-2019-14899 (CVSS3: 7.4 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14899 * CVE-2021-3714 (CVSS3: 7.5 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3714 * CVE-2021-3864 (CVSS3: 7.0 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3864 * CVE-2022-0400 (CVSS3: 7.5 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0400 * CVE-2022-1247 (CVSS3: 7.0 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1247 * CVE-2022-3219 (CVSS3: 3.3 LOW): gnupg:gnupg-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3219 * CVE-2022-36402 (CVSS3: 5.5 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36402 * CVE-2022-38096 (CVSS3: 5.5 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-38096 * CVE-2022-4543 (CVSS3: 5.5 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4543 * CVE-2022-46456 (CVSS3: 6.1 MEDIUM): nasm:nasm-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46456 * CVE-2023-0687 (CVSS3: 9.8 CRITICAL): glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0687 * CVE-2023-1386 (CVSS3: 7.8 HIGH): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1386 * CVE-2023-25584 (CVSS3: 7.1 HIGH): binutils:binutils-cross-testsuite:binutils-cross-x86_64:binutils-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25584 * CVE-2023-3019 (CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3019 * CVE-2023-3397 (CVSS3: 6.3 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3397 * CVE-2023-3640 (CVSS3: 7.8 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3640 * CVE-2023-38469 (CVSS3: 5.5 MEDIUM): avahi https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38469 * CVE-2023-38470 (CVSS3: 5.5 MEDIUM): avahi https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38470 * CVE-2023-38471 (CVSS3: 5.5 MEDIUM): avahi https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38471 * CVE-2023-38472 (CVSS3: 5.5 MEDIUM): avahi https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38472 * CVE-2023-38473 (CVSS3: 5.5 MEDIUM): avahi https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38473 * CVE-2023-38559 (CVSS3: 5.5 MEDIUM): ghostscript https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38559 * CVE-2023-39189 (CVSS3: 6.0 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39189 * CVE-2023-39192 (CVSS3: 6.0 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39192 * CVE-2023-39193 (CVSS3: 6.0 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39193 * CVE-2023-39928 (CVSS3: 8.8 HIGH): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39928 * CVE-2023-40030 (CVSS3: 6.1 MEDIUM): rust:rust-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40030 * CVE-2023-4010 (CVSS3: 4.6 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4010 * CVE-2023-4039 (CVSS3: 4.8 MEDIUM): gcc:gcc-cross-x86_64:gcc-runtime:gcc-sanitizers:libgcc:libgcc-initial https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4039 * CVE-2023-42752 (CVSS3: 5.5 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42752 * CVE-2023-42753 (CVSS3: 7.8 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42753 * CVE-2023-42754 (CVSS3: 5.5
