[oe-core][PATCH 1/1] oe-debuginfod: add option for data storage
From: Joe Slater
Storing the data files under $HOME can be unreliable if debuginfod
is used for several projects, especially if $HOME is shared
between machines. We provide an option to save files under the
project directory. The default behavior is unchanged.
Signed-off-by: Joe Slater
---
scripts/oe-debuginfod | 17 -
1 file changed, 16 insertions(+), 1 deletion(-)
diff --git a/scripts/oe-debuginfod b/scripts/oe-debuginfod
index b525310225..5e70d37b8b 100755
--- a/scripts/oe-debuginfod
+++ b/scripts/oe-debuginfod
@@ -15,14 +15,29 @@ scriptpath.add_bitbake_lib_path()
import bb.tinfoil
import subprocess
+import argparse
if __name__ == "__main__":
+p = argparse.ArgumentParser()
+p.add_argument("-d", action='store_true', \
+ help="store debuginfod files in project
sub-directory")
+
+args = p.parse_args()
+
with bb.tinfoil.Tinfoil() as tinfoil:
tinfoil.prepare(config_only=True)
package_classes_var = "DEPLOY_DIR_" +
tinfoil.config_data.getVar("PACKAGE_CLASSES").split()[0].replace("package_",
"").upper()
feed_dir = tinfoil.config_data.getVar(package_classes_var, expand=True)
+opts = [ '--verbose', '-R', '-U', feed_dir ]
+
+if args.d:
+fdir = os.path.join(os.getcwd(), 'oedid-files')
+os.makedirs(fdir, exist_ok=True)
+opts += [ '-d', os.path.join(fdir, 'did.sqlite') ]
+
subprocess.call(['bitbake', '-c', 'addto_recipe_sysroot',
'elfutils-native'])
-subprocess.call(['oe-run-native', 'elfutils-native', 'debuginfod',
'--verbose', '-R', '-U', feed_dir])
+subprocess.call(['oe-run-native', 'elfutils-native', 'debuginfod'] + opts)
+# we should not get here
print("\nTo use the debuginfod server please ensure that this variable
PACKAGECONFIG:pn-elfutils-native = \"debuginfod libdebuginfod\" is set in the
local.conf")
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#198635):
https://lists.openembedded.org/g/openembedded-core/message/198635
Mute This Topic: https://lists.openembedded.org/mt/105700210/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [oe-core][PATCH 2/2] packagegroup-core-boot: recommend ifupdown
> -Original Message- > From: Alexandre Belloni > Sent: Friday, April 12, 2024 3:22 AM > To: Slater, Joseph > Cc: Ross Burton ; Richard Purdie > ; OE-core c...@lists.openembedded.org>; MacLeod, Randy > > Subject: Re: [oe-core][PATCH 2/2] packagegroup-core-boot: recommend > ifupdown > > On 11/04/2024 14:58:40+, Joe Slater via lists.openembedded.org wrote: > > > > > > > -Original Message- > > > From: Ross Burton > > > Sent: Thursday, April 11, 2024 7:21 AM > > > To: Richard Purdie ; Slater, > > > Joseph > > > Cc: OE-core ; MacLeod, > > > Randy > > > Subject: Re: [oe-core][PATCH 2/2] packagegroup-core-boot: recommend > > > ifupdown > > > > > > On 11 Apr 2024, at 10:33, Richard Purdie via lists.openembedded.org > > > wrote: > > > >> --- > > > >> a/meta/recipes-core/init-ifupdown/init-ifupdown-1.0/qemuall/inter > > > >> faces > > > >> +++ /dev/null > > > >> @@ -1,5 +0,0 @@ > > > >> -# /etc/network/interfaces -- configuration file for ifup(8), > > > >> ifdown(8) > > > >> - > > > >> -# The loopback interface > > > >> -auto lo > > > >> -iface lo inet loopback > > > > > > > > Is this patch meant to touch ifupdown as well as the packagegroup? > > > > > > I suspect not, given that runqemu manually brings up network devices > > > and the last thing we want is DHCP running again. > > > > > > Joe, please remove this chunk. > > > > This was accidental since I removed the qemuall/interfaces in order to use > > the > main one with qemu. I'm sending new patches. Maybe, though, we don't really > need the qemuall stuff. > > This broke all the tests of this build: > > https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6786 The V2 patch doesn't change the interfaces file and should not cause any issues. Joe > > > > > Joe > > > > > > Ross > > > > > > > > > > -- > Alexandre Belloni, co-owner and COO, Bootlin Embedded Linux and Kernel > engineering https://bootlin.com -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#198176): https://lists.openembedded.org/g/openembedded-core/message/198176 Mute This Topic: https://lists.openembedded.org/mt/105454861/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core][PATCH] systemd: make predictable name mac policy opt-out
> -Original Message- > From: openembedded-core@lists.openembedded.org c...@lists.openembedded.org> On Behalf Of Peter Marko via > lists.openembedded.org > Sent: Wednesday, April 10, 2024 11:05 AM > To: Ross Burton > Cc: openembedded-core@lists.openembedded.org > Subject: Re: [OE-core][PATCH] systemd: make predictable name mac policy opt- > out > > > -Original Message- > From: Ross Burton > Sent: Wednesday, April 10, 2024 18:18 > To: Marko, Peter (ADV D EU SK BFS1) > Cc: openembedded-core@lists.openembedded.org > Subject: Re: [OE-core][PATCH] systemd: make predictable name mac policy opt- > out > > > On 8 Apr 2024, at 08:04, Peter Marko via lists.openembedded.org > wrote: > > > > > > From: Peter Marko > > > > > > Even the patch says it's inappropriate for upstream, and it's also > > > inappropriate for some downstream projects, too. > > > So make it possible to opt-out on it. > > > > I’m looking at these patches because of the fallout from the use of matches > > in > the interfaces file. Presumably you want to make this opt-out for concrete > reasons, can you explain what broke? > > > > Ross > > Basically, we have networkmanager and firewalld configuration matching > interface names. > In addition, also our applications are hardcoding the interface names to be > able > to configure interfaces on demand. > Switching to dynamic names is not realistic. > > After upgrading from 5.0_M3 to 5.0_M4 our wlan0 interface gets renamed by > udev and thus networking breaks. > Unlike our ethernet ports with names defined in device tree, wifi chip uses > external vendor kernel module so I'm not sure if I'm able to configure a > stable > kernel name for it. > > Peter Commit 37bd8e8... sets the configuration in 99-default.link to include mac-based "predictable" names. I think we should decide on a default and let people who don't like it put a modified version of 99-default.link under /etc/system/network. The impetus to allow mac based names is that some bsp's don't produce anything else, but that makes the default different than the upstream version. Everyone will not want the provided 99-default.link, so we just need to decide who we cater to. Joe -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#198141): https://lists.openembedded.org/g/openembedded-core/message/198141 Mute This Topic: https://lists.openembedded.org/mt/105396950/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[v2][oe-core][PATCH 2/2] packagegroup-core-boot: recommend ifupdown
From: Joe Slater
If the distro features sysvinit and pni-names are
enabled, RRECOMMENDS ifupdown because busybox ifupdown
will not initialize the renamed interfaces.
Signed-off-by: Joe Slater
---
meta/recipes-core/packagegroups/packagegroup-core-boot.bb | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/meta/recipes-core/packagegroups/packagegroup-core-boot.bb
b/meta/recipes-core/packagegroups/packagegroup-core-boot.bb
index d96d2f5fff..fecc3334ea 100644
--- a/meta/recipes-core/packagegroups/packagegroup-core-boot.bb
+++ b/meta/recipes-core/packagegroups/packagegroup-core-boot.bb
@@ -37,4 +37,6 @@ RDEPENDS:${PN} = "\
RRECOMMENDS:${PN} = "\
${VIRTUAL-RUNTIME_base-utils-syslog} \
${MACHINE_ESSENTIAL_EXTRA_RRECOMMENDS} \
-${@bb.utils.contains("DISTRO_FEATURES", "sysvinit", "init-ifupdown", "",
d)}"
+${@bb.utils.contains("DISTRO_FEATURES", "sysvinit", "init-ifupdown", "",
d)} \
+${@bb.utils.contains("DISTRO_FEATURES", "sysvinit pni-names", "ifupdown",
"", d)} \
+"
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#198138):
https://lists.openembedded.org/g/openembedded-core/message/198138
Mute This Topic: https://lists.openembedded.org/mt/105464533/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[v2][oe-core][PATCH 1/2] init-ifupdown: modify interfaces for busybox
From: Joe Slater Busybox ifupdown does not recognize /xxx names, so we use eth0 instead of /eth0. If we want to find "predictable name" interfaces starting with en..., we will have to use the real ifupdown. Signed-off-by: Joe Slater --- meta/recipes-core/init-ifupdown/init-ifupdown-1.0/interfaces | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/meta/recipes-core/init-ifupdown/init-ifupdown-1.0/interfaces b/meta/recipes-core/init-ifupdown/init-ifupdown-1.0/interfaces index e617fcf69b..3d0f0c6768 100644 --- a/meta/recipes-core/init-ifupdown/init-ifupdown-1.0/interfaces +++ b/meta/recipes-core/init-ifupdown/init-ifupdown-1.0/interfaces @@ -14,10 +14,11 @@ iface wlan0 inet dhcp iface atml0 inet dhcp # Wired or wireless interfaces including predictable names -auto /eth0 +auto eth0 iface eth0 inet dhcp iface eth1 inet dhcp +# Busybox ifupdown won't process /en* correctly auto /en*=eth iface eth inet dhcp -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#198137): https://lists.openembedded.org/g/openembedded-core/message/198137 Mute This Topic: https://lists.openembedded.org/mt/105464532/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [oe-core][PATCH 2/2] packagegroup-core-boot: recommend ifupdown
> -Original Message- > From: Ross Burton > Sent: Thursday, April 11, 2024 7:21 AM > To: Richard Purdie ; Slater, Joseph > > Cc: OE-core ; MacLeod, Randy > > Subject: Re: [oe-core][PATCH 2/2] packagegroup-core-boot: recommend > ifupdown > > On 11 Apr 2024, at 10:33, Richard Purdie via lists.openembedded.org > wrote: > >> --- a/meta/recipes-core/init-ifupdown/init-ifupdown-1.0/qemuall/interfaces > >> +++ /dev/null > >> @@ -1,5 +0,0 @@ > >> -# /etc/network/interfaces -- configuration file for ifup(8), ifdown(8) > >> - > >> -# The loopback interface > >> -auto lo > >> -iface lo inet loopback > > > > Is this patch meant to touch ifupdown as well as the packagegroup? > > I suspect not, given that runqemu manually brings up network devices and the > last thing we want is DHCP running again. > > Joe, please remove this chunk. This was accidental since I removed the qemuall/interfaces in order to use the main one with qemu. I'm sending new patches. Maybe, though, we don't really need the qemuall stuff. Joe > > Ross -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#198136): https://lists.openembedded.org/g/openembedded-core/message/198136 Mute This Topic: https://lists.openembedded.org/mt/105454861/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe-core][PATCH 2/2] packagegroup-core-boot: recommend ifupdown
From: Joe Slater
If the distro features sysvinit and pni-names are
enabled, RRECOMMENDS ifupdown because busybox ifupdown
will not initialize the renamed interfaces.
Signed-off-by: Joe Slater
---
.../init-ifupdown/init-ifupdown-1.0/qemuall/interfaces | 5 -
meta/recipes-core/packagegroups/packagegroup-core-boot.bb| 4 +++-
2 files changed, 3 insertions(+), 6 deletions(-)
delete mode 100644
meta/recipes-core/init-ifupdown/init-ifupdown-1.0/qemuall/interfaces
diff --git
a/meta/recipes-core/init-ifupdown/init-ifupdown-1.0/qemuall/interfaces
b/meta/recipes-core/init-ifupdown/init-ifupdown-1.0/qemuall/interfaces
deleted file mode 100644
index 16967763e5..00
--- a/meta/recipes-core/init-ifupdown/init-ifupdown-1.0/qemuall/interfaces
+++ /dev/null
@@ -1,5 +0,0 @@
-# /etc/network/interfaces -- configuration file for ifup(8), ifdown(8)
-
-# The loopback interface
-auto lo
-iface lo inet loopback
diff --git a/meta/recipes-core/packagegroups/packagegroup-core-boot.bb
b/meta/recipes-core/packagegroups/packagegroup-core-boot.bb
index d96d2f5fff..fecc3334ea 100644
--- a/meta/recipes-core/packagegroups/packagegroup-core-boot.bb
+++ b/meta/recipes-core/packagegroups/packagegroup-core-boot.bb
@@ -37,4 +37,6 @@ RDEPENDS:${PN} = "\
RRECOMMENDS:${PN} = "\
${VIRTUAL-RUNTIME_base-utils-syslog} \
${MACHINE_ESSENTIAL_EXTRA_RRECOMMENDS} \
-${@bb.utils.contains("DISTRO_FEATURES", "sysvinit", "init-ifupdown", "",
d)}"
+${@bb.utils.contains("DISTRO_FEATURES", "sysvinit", "init-ifupdown", "",
d)} \
+${@bb.utils.contains("DISTRO_FEATURES", "sysvinit pni-names", "ifupdown",
"", d)} \
+"
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#198114):
https://lists.openembedded.org/g/openembedded-core/message/198114
Mute This Topic: https://lists.openembedded.org/mt/105454861/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[oe-core][PATCH 1/2] init-ifupdown: modify interfaces for busybox
From: Joe Slater Busybox ifupdown does not recognize /xxx names, so we use eth0 instead of /eth0. If we want to find "predictable name" interfaces starting with en..., we will have to use the real ifupdown. Signed-off-by: Joe Slater --- meta/recipes-core/init-ifupdown/init-ifupdown-1.0/interfaces | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/meta/recipes-core/init-ifupdown/init-ifupdown-1.0/interfaces b/meta/recipes-core/init-ifupdown/init-ifupdown-1.0/interfaces index e617fcf69b..3d0f0c6768 100644 --- a/meta/recipes-core/init-ifupdown/init-ifupdown-1.0/interfaces +++ b/meta/recipes-core/init-ifupdown/init-ifupdown-1.0/interfaces @@ -14,10 +14,11 @@ iface wlan0 inet dhcp iface atml0 inet dhcp # Wired or wireless interfaces including predictable names -auto /eth0 +auto eth0 iface eth0 inet dhcp iface eth1 inet dhcp +# Busybox ifupdown won't process /en* correctly auto /en*=eth iface eth inet dhcp -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#198113): https://lists.openembedded.org/g/openembedded-core/message/198113 Mute This Topic: https://lists.openembedded.org/mt/105454860/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [oe-core][PATCH 1/1] init-ifupdown: add predictable interface names
> -Original Message- > From: openembedded-core@lists.openembedded.org c...@lists.openembedded.org> On Behalf Of Joe Slater via > lists.openembedded.org > Sent: Wednesday, April 10, 2024 12:30 PM > To: Richard Purdie ; Ross Burton > > Cc: openembedded-core@lists.openembedded.org; MacLeod, Randy > > Subject: Re: [oe-core][PATCH 1/1] init-ifupdown: add predictable interface > names > > The easiest thing to do is to change "auto /eth0" back to "auto eth0". This > lets > bitbake's ifupdown initialize eth0 and also allows the real ifupdown to > initialize > en* interfaces if they exist. Oops, that's busybox, not bitbake. Since we would need ifupdown to process renamed interfaces, I'm preparing a patch for packagegroup-core-boot to RRECOMMENDS it into the rootfs if sysvinit and pni-names are distro features. Joe > > Joe > > > -Original Message- > > From: Richard Purdie > > Sent: Wednesday, April 10, 2024 10:29 AM > > To: Ross Burton ; Slater, Joseph > > > > Cc: openembedded-core@lists.openembedded.org; MacLeod, Randy > > > > Subject: Re: [oe-core][PATCH 1/1] init-ifupdown: add predictable > > interface names > > > > On Wed, 2024-04-10 at 13:41 +, Ross Burton wrote: > > > On 10 Jan 2024, at 21:10, Joe Slater via lists.openembedded.org > > > wrote: > > > > -# Wired or wireless interfaces > > > > -auto eth0 > > > > +# Wired or wireless interfaces including predictable names auto > > > > +/eth0 > > > > > > Obviously we’re days away from release but I think we need to revert > > > or rewrite this. > > > > > > The /name syntax is specific to “proper” ifupdown, so any system > > > which uses busybox’s ifupdown will fail to have functional > > > networking. We don’t see this on the AB because there is a separate > > > interfaces file for the qemuall override, this file is only used in > > > non-qemu situations. > > > > I'm worried about the number of other changes over the last few months > > that are related to this so a simple revert might not get us to a good > > place. > > > > I'd like to see a patch proposal on what we should do. Time is short > > as testing changes takes time and we're now a bit behind already :/. > > > > So specific proposals welcome. > > > > Cheers, > > > > Richard -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#198108): https://lists.openembedded.org/g/openembedded-core/message/198108 Mute This Topic: https://lists.openembedded.org/mt/103649977/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [oe-core][PATCH 1/1] init-ifupdown: add predictable interface names
The easiest thing to do is to change "auto /eth0" back to "auto eth0". This lets bitbake's ifupdown initialize eth0 and also allows the real ifupdown to initialize en* interfaces if they exist. Joe > -Original Message- > From: Richard Purdie > Sent: Wednesday, April 10, 2024 10:29 AM > To: Ross Burton ; Slater, Joseph > > Cc: openembedded-core@lists.openembedded.org; MacLeod, Randy > > Subject: Re: [oe-core][PATCH 1/1] init-ifupdown: add predictable interface > names > > On Wed, 2024-04-10 at 13:41 +0000, Ross Burton wrote: > > On 10 Jan 2024, at 21:10, Joe Slater via lists.openembedded.org > > wrote: > > > -# Wired or wireless interfaces > > > -auto eth0 > > > +# Wired or wireless interfaces including predictable names auto > > > +/eth0 > > > > Obviously we’re days away from release but I think we need to revert > > or rewrite this. > > > > The /name syntax is specific to “proper” ifupdown, so any system which > > uses busybox’s ifupdown will fail to have functional networking. We > > don’t see this on the AB because there is a separate interfaces file > > for the qemuall override, this file is only used in non-qemu > > situations. > > I'm worried about the number of other changes over the last few months that > are > related to this so a simple revert might not get us to a good place. > > I'd like to see a patch proposal on what we should do. Time is short as > testing > changes takes time and we're now a bit behind already :/. > > So specific proposals welcome. > > Cheers, > > Richard -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#198107): https://lists.openembedded.org/g/openembedded-core/message/198107 Mute This Topic: https://lists.openembedded.org/mt/103649977/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe-core][PATCH 1/1] systemd: enable mac based names in NamePolicy
From: Joe Slater Some BSPs only provide information to construct a predictable network interface named based on a mac address, so we enable that NamePolicy option. This policy has been adopted for sysvinit as of commit 4a7b42fcf6981d3120c08091a7ed3d4d7bcd41f0. Signed-off-by: Joe Slater --- .../systemd/systemd/0001-NamePolicy.patch | 33 +++ meta/recipes-core/systemd/systemd_255.4.bb| 1 + 2 files changed, 34 insertions(+) create mode 100644 meta/recipes-core/systemd/systemd/0001-NamePolicy.patch diff --git a/meta/recipes-core/systemd/systemd/0001-NamePolicy.patch b/meta/recipes-core/systemd/systemd/0001-NamePolicy.patch new file mode 100644 index 00..46955cbcbb --- /dev/null +++ b/meta/recipes-core/systemd/systemd/0001-NamePolicy.patch @@ -0,0 +1,33 @@ +From 9bb09886320eb286108fb370b2634a66b3e3b9ff Mon Sep 17 00:00:00 2001 +From: Joe Slater +Date: Thu, 21 Mar 2024 16:28:31 + +Subject: [PATCH] systemd: enable mac based names in NamePolicy + +The default NamePolicy for network interface names does not +include names based on mac addresses. Some BSPs, though, do +not provide information to compute other names, so we enable +mac names as a last resort. + +Upstream-Status: Inappropriate [enable feature] + +Signed-off-by: Joe Slater +--- + network/99-default.link | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/network/99-default.link b/network/99-default.link +index 429ac31e80..543ce54661 100644 +--- a/network/99-default.link b/network/99-default.link +@@ -15,6 +15,6 @@ + OriginalName=* + + [Link] +-NamePolicy=keep kernel database onboard slot path +-AlternativeNamesPolicy=database onboard slot path ++NamePolicy=keep kernel database onboard slot path mac ++AlternativeNamesPolicy=database onboard slot path mac + MACAddressPolicy=persistent +-- +2.35.5 + diff --git a/meta/recipes-core/systemd/systemd_255.4.bb b/meta/recipes-core/systemd/systemd_255.4.bb index bcef3e6b7a..b02e44d9c0 100644 --- a/meta/recipes-core/systemd/systemd_255.4.bb +++ b/meta/recipes-core/systemd/systemd_255.4.bb @@ -28,6 +28,7 @@ SRC_URI += " \ file://systemd-pager.sh \ file://0002-binfmt-Don-t-install-dependency-links-at-install-tim.patch \ file://0008-implment-systemd-sysv-install-for-OE.patch \ + file://0001-NamePolicy.patch \ " # patches needed by musl -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#197429): https://lists.openembedded.org/g/openembedded-core/message/197429 Mute This Topic: https://lists.openembedded.org/mt/105073330/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[v2][oe-core][PATCH 1/1] qemuboot: predictable network interface names
From: Joe Slater
Allow interface renaming if 'pni-names' is a distro
feature.
We do not add QB_NO_PNI to QB_CMDLINE_IP_SLIRP because
renaming was never suppressed for slirp.
Signed-off-by: Joe Slater
---
meta/classes-recipe/qemuboot.bbclass | 7 ++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/meta/classes-recipe/qemuboot.bbclass
b/meta/classes-recipe/qemuboot.bbclass
index ff32aac902..4a563b8ccc 100644
--- a/meta/classes-recipe/qemuboot.bbclass
+++ b/meta/classes-recipe/qemuboot.bbclass
@@ -101,8 +101,13 @@ QB_DEFAULT_FSTYPE ?= "ext4"
QB_RNG ?= "-object rng-random,filename=/dev/urandom,id=rng0 -device
virtio-rng-pci,rng=rng0"
QB_OPT_APPEND ?= ""
QB_NETWORK_DEVICE ?= "-device virtio-net-pci,netdev=net0,mac=@MAC@"
+
+# qemurunner needs ip information first, so append QB_NO_PNI
+#
+QB_NO_PNI ?= "${@bb.utils.contains('DISTRO_FEATURES', 'pni-names', '',
'net.ifnames=0', d)}"
QB_CMDLINE_IP_SLIRP ?= "ip=dhcp"
-QB_CMDLINE_IP_TAP ?=
"ip=192.168.7.@CLIENT@::192.168.7.@GATEWAY@:255.255.255.0::eth0:off:8.8.8.8
net.ifnames=0"
+QB_CMDLINE_IP_TAP ?=
"ip=192.168.7.@CLIENT@::192.168.7.@GATEWAY@:255.255.255.0::eth0:off:8.8.8.8
${QB_NO_PNI}"
+
QB_ROOTFS_EXTRA_OPT ?= ""
QB_GRAPHICS ?= ""
QB_NFSROOTFS_EXTRA_OPT ?= ""
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#195931):
https://lists.openembedded.org/g/openembedded-core/message/195931
Mute This Topic: https://lists.openembedded.org/mt/104479434/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [oe-core][PATCH 1/1] qemuboot: predictable network interface names
Looking at qemurunner.py, it seems it will not find the ip info if net.ifnames
precedes it. I will submit a V2 of the patch.
Joe
> -Original Message-
> From: Alexandre Belloni
> Sent: Tuesday, February 6, 2024 11:12 AM
> To: Slater, Joseph
> Cc: openembedded-core@lists.openembedded.org; MacLeod, Randy
>
> Subject: Re: [oe-core][PATCH 1/1] qemuboot: predictable network interface
> names
>
> I'm pretty sure this is the cause of those failures:
> https://autobuilder.yoctoproject.org/typhoon/#/builders/87/builds/6396/steps/1
> 4/logs/stdio
>
> On 05/02/2024 10:56:08-0800, Joe Slater via lists.openembedded.org wrote:
> > From: Joe Slater
> >
> > Allow interface renaming if 'pni-names' is a distro feature.
> >
> > We do not add QB_NO_PNI to QB_CMDLINE_IP_SLIRP because renaming was
> > never suppressed for slirp.
> >
> > Signed-off-by: Joe Slater
> > ---
> > meta/classes-recipe/qemuboot.bbclass | 5 -
> > 1 file changed, 4 insertions(+), 1 deletion(-)
> >
> > diff --git a/meta/classes-recipe/qemuboot.bbclass
> > b/meta/classes-recipe/qemuboot.bbclass
> > index ff32aac902..4a2a6f1ef5 100644
> > --- a/meta/classes-recipe/qemuboot.bbclass
> > +++ b/meta/classes-recipe/qemuboot.bbclass
> > @@ -101,8 +101,11 @@ QB_DEFAULT_FSTYPE ?= "ext4"
> > QB_RNG ?= "-object rng-random,filename=/dev/urandom,id=rng0 -device
> virtio-rng-pci,rng=rng0"
> > QB_OPT_APPEND ?= ""
> > QB_NETWORK_DEVICE ?= "-device virtio-net-pci,netdev=net0,mac=@MAC@"
> > +
> > +QB_NO_PNI ?= "${@bb.utils.contains('DISTRO_FEATURES', 'pni-names', '',
> 'net.ifnames=0', d)}"
> > QB_CMDLINE_IP_SLIRP ?= "ip=dhcp"
> > -QB_CMDLINE_IP_TAP ?=
> "ip=192.168.7.@CLIENT@::192.168.7.@GATEWAY@:255.255.255.0::eth0:off:8.
> 8.8.8 net.ifnames=0"
> > +QB_CMDLINE_IP_TAP ?= "${QB_NO_PNI}
> ip=192.168.7.@CLIENT@::192.168.7.@GATEWAY@:255.255.255.0::eth0:off:8.8.
> 8.8"
> > +
> > QB_ROOTFS_EXTRA_OPT ?= ""
> > QB_GRAPHICS ?= ""
> > QB_NFSROOTFS_EXTRA_OPT ?= ""
> > --
> > 2.25.1
> >
>
> >
> >
> >
>
>
> --
> Alexandre Belloni, co-owner and COO, Bootlin
> Embedded Linux and Kernel engineering
> https://bootlin.com
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#195930):
https://lists.openembedded.org/g/openembedded-core/message/195930
Mute This Topic: https://lists.openembedded.org/mt/104182965/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[v3][oe-core][PATCH 1/1] eudev: modify predictable network if name search
From: Joe Slater
Consider a name based on mac address in addition to
those based on slot or path.
Note that as of this commit predictable naming is
suppressed by eudev, but can be enabled by removing
/etc/udev/rules.d/80-net-name-slot.rules from the
root filesystem.
Signed-off-by: Joe Slater
---
meta/recipes-core/udev/eudev/netifnames.patch | 17 +
meta/recipes-core/udev/eudev_3.2.14.bb| 2 ++
2 files changed, 19 insertions(+)
create mode 100644 meta/recipes-core/udev/eudev/netifnames.patch
diff --git a/meta/recipes-core/udev/eudev/netifnames.patch
b/meta/recipes-core/udev/eudev/netifnames.patch
new file mode 100644
index 00..8f6e9a1538
--- /dev/null
+++ b/meta/recipes-core/udev/eudev/netifnames.patch
@@ -0,0 +1,17 @@
+eudev: consider ID_NET_NAME_MAC as an interface name
+
+eudev might not create names based on slot or path.
+
+Upstream-Status: Submitted [github.com/eudev-project/eudev/pull/274]
+
+Signed-off-by: Joe Slater
+
+--- a/rules/80-net-name-slot.rules
b/rules/80-net-name-slot.rules
+@@ -10,5 +10,6 @@ ENV{net.ifnames}=="0", GOTO="net_name_sl
+ NAME=="", ENV{ID_NET_NAME_ONBOARD}!="", NAME="$env{ID_NET_NAME_ONBOARD}"
+ NAME=="", ENV{ID_NET_NAME_SLOT}!="", NAME="$env{ID_NET_NAME_SLOT}"
+ NAME=="", ENV{ID_NET_NAME_PATH}!="", NAME="$env{ID_NET_NAME_PATH}"
++NAME=="", ENV{ID_NET_NAME_MAC}!="", NAME="$env{ID_NET_NAME_MAC}"
+
+ LABEL="net_name_slot_end"
diff --git a/meta/recipes-core/udev/eudev_3.2.14.bb
b/meta/recipes-core/udev/eudev_3.2.14.bb
index d0758691bd..ddb3c3340f 100644
--- a/meta/recipes-core/udev/eudev_3.2.14.bb
+++ b/meta/recipes-core/udev/eudev_3.2.14.bb
@@ -10,6 +10,7 @@ DEPENDS = "gperf-native"
PROVIDES = "udev"
SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/${BP}.tar.gz \
+ file://netifnames.patch \
file://init \
file://local.rules \
"
@@ -50,6 +51,7 @@ do_install:append() {
# Use classic network interface naming scheme
touch ${D}${sysconfdir}/udev/rules.d/80-net-name-slot.rules
+
}
do_install:prepend:class-target () {
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#193997):
https://lists.openembedded.org/g/openembedded-core/message/193997
Mute This Topic: https://lists.openembedded.org/mt/103813827/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[v2][oe-core][PATCH 1/1] eudev: modify predictable network if name search
From: Joe Slater
Consider a name based on mac address in addition to
those based on slot or path.
Note that as of this commit predictable naming is
suppressed by eudev, but can be enabled by removing
/etc/udev/rules.d/80-net-name-slot.rules from the
root filesystem.
Signed-off-by: Joe Slater
---
meta/recipes-core/udev/eudev/netifnames.patch | 17 +
meta/recipes-core/udev/eudev_3.2.14.bb| 2 ++
2 files changed, 19 insertions(+)
create mode 100644 meta/recipes-core/udev/eudev/netifnames.patch
diff --git a/meta/recipes-core/udev/eudev/netifnames.patch
b/meta/recipes-core/udev/eudev/netifnames.patch
new file mode 100644
index 00..11c4d92a32
--- /dev/null
+++ b/meta/recipes-core/udev/eudev/netifnames.patch
@@ -0,0 +1,17 @@
+eudev: consider ID_NET_NAME_MAC as an interface name
+
+eudev might not create names based on slot or path.
+
+Upstream-Status: Submitted - github.com/eudev-project/eudev/pull/274
+
+Signed-off-by: Joe Slater
+
+--- a/rules/80-net-name-slot.rules
b/rules/80-net-name-slot.rules
+@@ -10,5 +10,6 @@ ENV{net.ifnames}=="0", GOTO="net_name_sl
+ NAME=="", ENV{ID_NET_NAME_ONBOARD}!="", NAME="$env{ID_NET_NAME_ONBOARD}"
+ NAME=="", ENV{ID_NET_NAME_SLOT}!="", NAME="$env{ID_NET_NAME_SLOT}"
+ NAME=="", ENV{ID_NET_NAME_PATH}!="", NAME="$env{ID_NET_NAME_PATH}"
++NAME=="", ENV{ID_NET_NAME_MAC}!="", NAME="$env{ID_NET_NAME_MAC}"
+
+ LABEL="net_name_slot_end"
diff --git a/meta/recipes-core/udev/eudev_3.2.14.bb
b/meta/recipes-core/udev/eudev_3.2.14.bb
index d0758691bd..ddb3c3340f 100644
--- a/meta/recipes-core/udev/eudev_3.2.14.bb
+++ b/meta/recipes-core/udev/eudev_3.2.14.bb
@@ -10,6 +10,7 @@ DEPENDS = "gperf-native"
PROVIDES = "udev"
SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/${BP}.tar.gz \
+ file://netifnames.patch \
file://init \
file://local.rules \
"
@@ -50,6 +51,7 @@ do_install:append() {
# Use classic network interface naming scheme
touch ${D}${sysconfdir}/udev/rules.d/80-net-name-slot.rules
+
}
do_install:prepend:class-target () {
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#193943):
https://lists.openembedded.org/g/openembedded-core/message/193943
Mute This Topic: https://lists.openembedded.org/mt/103792325/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[oe-core][PATCH 1/1] eudev: modify predictable network if name search
From: Joe Slater
Consider a name based on mac address in addition to
those based on slot or path.
Note that as of this commit predictable naming is
suppressed by eudev, but can be enabled by removing
/etc/udev/rules.d/80-net-name-slot.rules from the
root filesystem.
Signed-off-by: Joe Slater
---
meta/recipes-core/udev/eudev/netifnames.patch | 17 +
meta/recipes-core/udev/eudev_3.2.14.bb| 2 ++
2 files changed, 19 insertions(+)
create mode 100644 meta/recipes-core/udev/eudev/netifnames.patch
diff --git a/meta/recipes-core/udev/eudev/netifnames.patch
b/meta/recipes-core/udev/eudev/netifnames.patch
new file mode 100644
index 00..a45b80118f
--- /dev/null
+++ b/meta/recipes-core/udev/eudev/netifnames.patch
@@ -0,0 +1,17 @@
+eudev: consider ID_NET_NAME_MAC as an interface name
+
+eudev might not create names based on slot or path.
+
+Upstream-Status: Pending
+
+Signed-off-by: Joe Slater
+
+--- a/rules/80-net-name-slot.rules
b/rules/80-net-name-slot.rules
+@@ -10,5 +10,6 @@ ENV{net.ifnames}=="0", GOTO="net_name_sl
+ NAME=="", ENV{ID_NET_NAME_ONBOARD}!="", NAME="$env{ID_NET_NAME_ONBOARD}"
+ NAME=="", ENV{ID_NET_NAME_SLOT}!="", NAME="$env{ID_NET_NAME_SLOT}"
+ NAME=="", ENV{ID_NET_NAME_PATH}!="", NAME="$env{ID_NET_NAME_PATH}"
++NAME=="", ENV{ID_NET_NAME_MAC}!="", NAME="$env{ID_NET_NAME_MAC}"
+
+ LABEL="net_name_slot_end"
diff --git a/meta/recipes-core/udev/eudev_3.2.14.bb
b/meta/recipes-core/udev/eudev_3.2.14.bb
index d0758691bd..ddb3c3340f 100644
--- a/meta/recipes-core/udev/eudev_3.2.14.bb
+++ b/meta/recipes-core/udev/eudev_3.2.14.bb
@@ -10,6 +10,7 @@ DEPENDS = "gperf-native"
PROVIDES = "udev"
SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/${BP}.tar.gz \
+ file://netifnames.patch \
file://init \
file://local.rules \
"
@@ -50,6 +51,7 @@ do_install:append() {
# Use classic network interface naming scheme
touch ${D}${sysconfdir}/udev/rules.d/80-net-name-slot.rules
+
}
do_install:prepend:class-target () {
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#193528):
https://lists.openembedded.org/g/openembedded-core/message/193528
Mute This Topic: https://lists.openembedded.org/mt/103650019/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[oe-core][PATCH 1/1] init-ifupdown: add predictable interface names
From: Joe Slater Use a pattern to initialize interfaces which start with 'en'. Also, make 'eth0' a pattern so that we do not see an initialization error if it has been renamed. Signed-off-by: Joe Slater --- .../init-ifupdown/init-ifupdown-1.0/interfaces | 7 +-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/meta/recipes-core/init-ifupdown/init-ifupdown-1.0/interfaces b/meta/recipes-core/init-ifupdown/init-ifupdown-1.0/interfaces index 0acf4cf441..e617fcf69b 100644 --- a/meta/recipes-core/init-ifupdown/init-ifupdown-1.0/interfaces +++ b/meta/recipes-core/init-ifupdown/init-ifupdown-1.0/interfaces @@ -13,11 +13,14 @@ iface wlan0 inet dhcp iface atml0 inet dhcp -# Wired or wireless interfaces -auto eth0 +# Wired or wireless interfaces including predictable names +auto /eth0 iface eth0 inet dhcp iface eth1 inet dhcp +auto /en*=eth +iface eth inet dhcp + # Ethernet/RNDIS gadget (g_ether) # ... or on host side, usbnet and random hwaddr iface usb0 inet static -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193527): https://lists.openembedded.org/g/openembedded-core/message/193527 Mute This Topic: https://lists.openembedded.org/mt/103649977/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[mickledore][oe-core][PATCH 1/1] gnutls: update to version 3.8.2
From: Joe Slater
De-fuzz existing patches.
Do not update PACKAGECONFIG to match master.
Signed-off-by: Joe Slater
---
...ile-should-be-excuted-in-target-envi.patch | 2 --
.../gnutls/gnutls/Add-ptest-support.patch | 10 ++-
.../gnutls/gnutls/arm_eabi.patch | 6 ++--
.../{gnutls_3.8.0.bb => gnutls_3.8.2.bb} | 30 +++
4 files changed, 22 insertions(+), 26 deletions(-)
rename meta/recipes-support/gnutls/{gnutls_3.8.0.bb => gnutls_3.8.2.bb} (79%)
diff --git
a/meta/recipes-support/gnutls/gnutls/0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch
b/meta/recipes-support/gnutls/gnutls/0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch
index 4bdc40d932..da89d7faa1 100644
---
a/meta/recipes-support/gnutls/gnutls/0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch
+++
b/meta/recipes-support/gnutls/gnutls/0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch
@@ -11,8 +11,6 @@ Signed-off-by: Lei Maohui
lib/Makefile.am | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
-diff --git a/lib/Makefile.am b/lib/Makefile.am
-index 6d4e8d2..24ef108 100644
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -206,8 +206,7 @@ hmac_file = .libs/.$(gnutls_so).hmac
diff --git a/meta/recipes-support/gnutls/gnutls/Add-ptest-support.patch
b/meta/recipes-support/gnutls/gnutls/Add-ptest-support.patch
index f87cf536fa..b9b75888ff 100644
--- a/meta/recipes-support/gnutls/gnutls/Add-ptest-support.patch
+++ b/meta/recipes-support/gnutls/gnutls/Add-ptest-support.patch
@@ -12,8 +12,6 @@ Signed-off-by: Ravineet Singh
tests/Makefile.am | 6 ++
3 files changed, 11 insertions(+)
-diff --git a/Makefile.am b/Makefile.am
-index 843193f..816b09f 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -191,6 +191,9 @@ dist-hook:
@@ -26,11 +24,9 @@ index 843193f..816b09f 100644
.PHONY: abi-check abi-dump-versioned abi-dump-latest pic-check symbol-check
local-code-coverage-output files-update AUTHORS
include $(top_srcdir)/cligen/cligen.mk
-diff --git a/configure.ac b/configure.ac
-index b25ba14..860ddef 100644
--- a/configure.ac
+++ b/configure.ac
-@@ -1150,6 +1150,8 @@ AC_SUBST(LIBGNUTLS_CFLAGS)
+@@ -1194,6 +1194,8 @@ AC_SUBST(LIBGNUTLS_CFLAGS)
AM_CONDITIONAL(NEEDS_LIBRT, test "$gnutls_needs_librt" = "yes")
@@ -39,11 +35,9 @@ index b25ba14..860ddef 100644
AC_DEFINE([GNUTLS_INTERNAL_BUILD], 1, [We allow temporarily usage of
deprecated functions - until they are removed.])
hw_features=
-diff --git a/tests/Makefile.am b/tests/Makefile.am
-index d530ad0..71c592f 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
-@@ -648,6 +648,12 @@ SH_LOG_COMPILER = $(SHELL)
+@@ -657,6 +657,12 @@ SH_LOG_COMPILER = $(SHELL)
AM_VALGRINDFLAGS = --suppressions=$(srcdir)/suppressions.valgrind
LOG_COMPILER = $(LOG_VALGRIND)
diff --git a/meta/recipes-support/gnutls/gnutls/arm_eabi.patch
b/meta/recipes-support/gnutls/gnutls/arm_eabi.patch
index 2b61a703cb..2de9258a8a 100644
--- a/meta/recipes-support/gnutls/gnutls/arm_eabi.patch
+++ b/meta/recipes-support/gnutls/gnutls/arm_eabi.patch
@@ -14,11 +14,9 @@ Signed-off-by: Joe Slater
tests/seccomp.c | 2 ++
1 file changed, 2 insertions(+)
-diff --git a/tests/seccomp.c b/tests/seccomp.c
-index a3148fe..443bc5f 100644
--- a/tests/seccomp.c
+++ b/tests/seccomp.c
-@@ -52,7 +52,9 @@ int disable_system_calls(void)
+@@ -55,7 +55,9 @@ int disable_system_calls(void)
ADD_SYSCALL(nanosleep, 0);
ADD_SYSCALL(clock_nanosleep, 0);
@@ -27,4 +25,4 @@ index a3148fe..443bc5f 100644
+#endif
ADD_SYSCALL(getpid, 0);
ADD_SYSCALL(gettimeofday, 0);
- # if defined(HAVE_CLOCK_GETTIME)
+ #if defined(HAVE_CLOCK_GETTIME)
diff --git a/meta/recipes-support/gnutls/gnutls_3.8.0.bb
b/meta/recipes-support/gnutls/gnutls_3.8.2.bb
similarity index 79%
rename from meta/recipes-support/gnutls/gnutls_3.8.0.bb
rename to meta/recipes-support/gnutls/gnutls_3.8.2.bb
index 7ddd2420bd..dc975317c8 100644
--- a/meta/recipes-support/gnutls/gnutls_3.8.0.bb
+++ b/meta/recipes-support/gnutls/gnutls_3.8.2.bb
@@ -15,7 +15,6 @@ LIC_FILES_CHKSUM =
"file://LICENSE;md5=71391c8e0c1cfe68077e7fce3b586283 \
file://doc/COPYING.LESSER;md5=4fbd65380cdd255951079008b364516c"
DEPENDS = "nettle gmp virtual/libiconv libunistring"
-DEPENDS:append:libc-musl = " argp-standalone"
SHRT_VER = "${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}"
@@ -26,24 +25,31 @@ SRC_URI =
"https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar
file://Add-ptest-support.patch \
"
-SRC_URI[sha256sum] =
"0ea0d11a1660a1e63f960f157b197abe6d0c8cb3255be24e1fb3815930b9bdc5"
+SRC_URI[sha256sum] =
"e765e5016ffa9b9dd243e363a0460d57707ee2491267db2e96c9c2adef77"
inherit autotools texinfo pkgconfig gettext lib_package gtk-doc ptest
-PACKAGECONFIG ??= &
[mickledore][oe-core][PATCH 1/1] ghostscript: fix CVE-2023-43115
From: Joe Slater
The patch is copied from kirkstone. master has advanced
to ghostscript 10.02.0 which includes the fix.
Signed-off-by: Joe Slater
---
.../ghostscript/CVE-2023-43115.patch | 62 +++
.../ghostscript/ghostscript_10.0.0.bb | 1 +
2 files changed, 63 insertions(+)
create mode 100644
meta/recipes-extended/ghostscript/ghostscript/CVE-2023-43115.patch
diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2023-43115.patch
b/meta/recipes-extended/ghostscript/ghostscript/CVE-2023-43115.patch
new file mode 100644
index 00..979f354ed5
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2023-43115.patch
@@ -0,0 +1,62 @@
+From 8b0f20002536867bd73ff4552408a72597190cbe Mon Sep 17 00:00:00 2001
+From: Ken Sharp
+Date: Thu, 24 Aug 2023 15:24:35 +0100
+Subject: [PATCH] IJS device - try and secure the IJS server startup
+
+Bug #707051 ""ijs" device can execute arbitrary commands"
+
+The problem is that the 'IJS' device needs to start the IJS server, and
+that is indeed an arbitrary command line. There is (apparently) no way
+to validate it. Indeed, this is covered quite clearly in the comments
+at the start of the source:
+
+ * WARNING: The ijs server can be selected on the gs command line
+ * which is a security risk, since any program can be run.
+
+Previously this used the awful LockSafetyParams hackery, which we
+abandoned some time ago because it simply couldn't be made secure (it
+was implemented in PostScript and was therefore vulnerable to PostScript
+programs).
+
+This commit prevents PostScript programs switching to the IJS device
+after SAFER has been activated, and prevents changes to the IjsServer
+parameter after SAFER has been activated.
+
+SAFER is activated, unless explicitly disabled, before any user
+PostScript is executed which means that the device and the server
+invocation can only be configured on the command line. This does at
+least provide minimal security against malicious PostScript programs.
+
+Upstream-Status: Backport
[https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=8b0f20002536867bd73ff4552408a72597190cbe]
+
+CVE: CVE-2023-43115
+
+Signed-off-by: Archana Polampalli
+---
+ devices/gdevijs.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/devices/gdevijs.c b/devices/gdevijs.c
+index 8cbd84b97..16f5a1752 100644
+--- a/devices/gdevijs.c
b/devices/gdevijs.c
+@@ -888,6 +888,8 @@ gsijs_initialize_device(gx_device *dev)
+ static const char rgb[] = "DeviceRGB";
+ gx_device_ijs *ijsdev = (gx_device_ijs *)dev;
+
++if (ijsdev->memory->gs_lib_ctx->core->path_control_active)
++return_error(gs_error_invalidaccess);
+ if (!ijsdev->ColorSpace) {
+ ijsdev->ColorSpace = gs_malloc(ijsdev->memory, sizeof(rgb), 1,
+"gsijs_initialize");
+@@ -1326,7 +1328,7 @@ gsijs_put_params(gx_device *dev, gs_param_list *plist)
+ if (code >= 0)
+ code = gsijs_read_string(plist, "IjsServer",
+ ijsdev->IjsServer, sizeof(ijsdev->IjsServer),
+-dev->LockSafetyParams, is_open);
++ijsdev->memory->gs_lib_ctx->core->path_control_active, is_open);
+
+ if (code >= 0)
+ code = gsijs_read_string_malloc(plist, "DeviceManufacturer",
+--
+2.40.0
diff --git a/meta/recipes-extended/ghostscript/ghostscript_10.0.0.bb
b/meta/recipes-extended/ghostscript/ghostscript_10.0.0.bb
index 9e2cd01ff4..5c6be991d9 100644
--- a/meta/recipes-extended/ghostscript/ghostscript_10.0.0.bb
+++ b/meta/recipes-extended/ghostscript/ghostscript_10.0.0.bb
@@ -37,6 +37,7 @@ SRC_URI_BASE =
"https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/d
file://cve-2023-28879.patch \
file://cve-2023-36664.patch \
file://CVE-2023-38559.patch \
+file://CVE-2023-43115.patch \
"
SRC_URI = "${SRC_URI_BASE} \
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#188974):
https://lists.openembedded.org/g/openembedded-core/message/188974
Mute This Topic: https://lists.openembedded.org/mt/101908072/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[v2][oe-core][PATCH 1/1] file: fix call to localtime_r()
From: Joe Slater
Depending on the version of glibc, localtime_r() must
be preceded by a call to tzset() or it will ignore any
value of TZ in the environment. This problem will only
be seen when building file-native on outdated hosts.
Signed-off-by: Joe Slater
---
meta/recipes-devtools/file/file_5.45.bb | 4 ++-
.../recipes-devtools/file/files/print_c.patch | 27 +++
2 files changed, 30 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-devtools/file/files/print_c.patch
diff --git a/meta/recipes-devtools/file/file_5.45.bb
b/meta/recipes-devtools/file/file_5.45.bb
index a7127023cb..8477668658 100644
--- a/meta/recipes-devtools/file/file_5.45.bb
+++ b/meta/recipes-devtools/file/file_5.45.bb
@@ -11,7 +11,9 @@ LIC_FILES_CHKSUM =
"file://COPYING;beginline=2;md5=0251eaec1188b20d9a72c502ecfdd
DEPENDS = "file-replacement-native"
DEPENDS:class-native = "bzip2-replacement-native"
-SRC_URI = "git://github.com/file/file.git;branch=master;protocol=https"
+SRC_URI = "git://github.com/file/file.git;branch=master;protocol=https \
+ file://print_c.patch \
+ "
SRCREV = "4cbd5c8f0851201d203755b76cb66ba991ffd8be"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/file/files/print_c.patch
b/meta/recipes-devtools/file/files/print_c.patch
new file mode 100644
index 00..760813f9c2
--- /dev/null
+++ b/meta/recipes-devtools/file/files/print_c.patch
@@ -0,0 +1,27 @@
+From e329257b8e22362b62e6c930447ef6feadd63f32 Mon Sep 17 00:00:00 2001
+From: Joe Slater
+Date: Mon, 7 Aug 2023 22:37:19 +
+Subject: [PATCH] print.c: initialize timezone data for localtime_r()
+
+The man page for localtime() points out that while it acts
+like tzset() has been called, localtime_r() might not. We
+have a local version of localtime_r() that avoids this, but
+we do not compile it.
+
+Upstream-Status: Submitted [f...@astron.com]
+
+Signed-off-by: Joe Slater
+---
+ src/print.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- git.orig/src/print.c
git/src/print.c
+@@ -289,6 +289,7 @@ file_fmtdatetime(char *buf, size_t bsize
+ goto out;
+
+ if (flags & FILE_T_LOCAL) {
++ tzset();
+ tm = localtime_r(, );
+ } else {
+ tm = gmtime_r(, );
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#186541):
https://lists.openembedded.org/g/openembedded-core/message/186541
Mute This Topic: https://lists.openembedded.org/mt/100904294/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[oe-core][PATCH 1/1] file: fix call to localtime_r()
From: Joe Slater
Depending on the version of glibc, localtime_r() must
be preceded by a call to tzset() or it will ignore any
value of TZ in the environment. This problem will only
be seen when building file-native on outdated hosts.
Signed-off-by: Joe Slater
---
meta/recipes-devtools/file/file_5.45.bb | 4 ++-
.../recipes-devtools/file/files/print_c.patch | 32 +++
2 files changed, 35 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-devtools/file/files/print_c.patch
diff --git a/meta/recipes-devtools/file/file_5.45.bb
b/meta/recipes-devtools/file/file_5.45.bb
index a7127023cb..8477668658 100644
--- a/meta/recipes-devtools/file/file_5.45.bb
+++ b/meta/recipes-devtools/file/file_5.45.bb
@@ -11,7 +11,9 @@ LIC_FILES_CHKSUM =
"file://COPYING;beginline=2;md5=0251eaec1188b20d9a72c502ecfdd
DEPENDS = "file-replacement-native"
DEPENDS:class-native = "bzip2-replacement-native"
-SRC_URI = "git://github.com/file/file.git;branch=master;protocol=https"
+SRC_URI = "git://github.com/file/file.git;branch=master;protocol=https \
+ file://print_c.patch \
+ "
SRCREV = "4cbd5c8f0851201d203755b76cb66ba991ffd8be"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/file/files/print_c.patch
b/meta/recipes-devtools/file/files/print_c.patch
new file mode 100644
index 00..4526655d22
--- /dev/null
+++ b/meta/recipes-devtools/file/files/print_c.patch
@@ -0,0 +1,32 @@
+From e329257b8e22362b62e6c930447ef6feadd63f32 Mon Sep 17 00:00:00 2001
+From: Joe Slater
+Date: Mon, 7 Aug 2023 22:37:19 +
+Subject: [PATCH] print.c: initialize timezone data for localtime_r()
+
+The man page for localtime() points out that while it acts
+like tzset() has been called, localtime_r() might not. We
+have a local version of localtime_r() that avoids this, but
+we do not compile it.
+
+Upstream-Status: Submitted [f...@astron.com]
+
+Signed-off-by: Joe Slater
+---
+ src/print.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/print.c b/src/print.c
+index 18f42a05..b1de4908 100644
+--- a/src/print.c
b/src/print.c
+@@ -286,6 +286,7 @@ file_fmtdatetime(char *buf, size_t bsize, uint64_t v, int
flags)
+ }
+
+ if (flags & FILE_T_LOCAL) {
++ tzset();
+ tm = localtime_r(, );
+ } else {
+ tm = gmtime_r(, );
+--
+2.35.5
+
--
2.39.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#186141):
https://lists.openembedded.org/g/openembedded-core/message/186141
Mute This Topic: https://lists.openembedded.org/mt/100786945/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[oe-core][PATCH 1/1] runqemu: add some logging control
From: Joe Slater
Use QB_LOG_FILE to log to a file, and QB_LOG_LEVEL
to set the base log level. Example values -
QB_LOG_FILE="runq.log"
QB_LOG_LEVEL=DEBUG
Signed-off-by: Joe Slater
---
scripts/runqemu | 16
1 file changed, 12 insertions(+), 4 deletions(-)
diff --git a/scripts/runqemu b/scripts/runqemu
index 5e6793d44e..bea164d041 100755
--- a/scripts/runqemu
+++ b/scripts/runqemu
@@ -36,12 +36,20 @@ runqemu, i.e. `runqemu
/path/to/my-image-name.qemuboot.conf`\n\n %s" % message)
def create_logger():
logger = logging.getLogger('runqemu')
-logger.setLevel(logging.INFO)
+try:
+logger.setLevel(os.getenv("QB_LOG_LEVEL"))
+except:
+logger.setLevel(logging.INFO)
-# create console handler and set level to debug
-ch = logging.StreamHandler()
-ch.setLevel(logging.DEBUG)
+# create a handler and set level to debug
+try:
+ch = logging.FileHandler(os.getenv("QB_LOG_FILE"))
+except:
+ch = logging.StreamHandler()
+
+ch.setLevel(logging.DEBUG)
+
# create formatter
formatter = logging.Formatter('%(name)s - %(levelname)s - %(message)s')
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#185444):
https://lists.openembedded.org/g/openembedded-core/message/185444
Mute This Topic: https://lists.openembedded.org/mt/100516758/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [oe-core][PATCH 1/1] libgpiod: modify RDEPENDS for ptest
Wrong list -- ignore Joe
> -Original Message-
> From: openembedded-core@lists.openembedded.org c...@lists.openembedded.org> On Behalf Of Joe Slater via
> lists.openembedded.org
> Sent: Wednesday, July 12, 2023 2:33 PM
> To: openembedded-core@lists.openembedded.org
> Cc: Slater, Joseph ; MacLeod, Randy
>
> Subject: [oe-core][PATCH 1/1] libgpiod: modify RDEPENDS for ptest
>
> From: Joe Slater
>
> The current use of RDEPENDS to add a dependency on bats results in the QA
> warning/error
>
> lib32-libgpiod package lib32-libgpiod-ptest-dev - suspicious values
> 'bats-dev' in RRECOMMENDS [multilib]
>
> when building lib32-libgpiod with ptest not enabled. We add the dependency
> only if ptest is enabled.
>
> Signed-off-by: Joe Slater
> ---
> meta-oe/recipes-support/libgpiod/libgpiod.inc | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/meta-oe/recipes-support/libgpiod/libgpiod.inc b/meta-oe/recipes-
> support/libgpiod/libgpiod.inc
> index a2d1f57a8b..cb19bc5fb8 100644
> --- a/meta-oe/recipes-support/libgpiod/libgpiod.inc
> +++ b/meta-oe/recipes-support/libgpiod/libgpiod.inc
> @@ -34,7 +34,7 @@ FILES:${PN}-tools += " \ FILES:libgpiodcxx =
> "${libdir}/libgpiodcxx.so.*"
>
> RRECOMMENDS:${PN}-ptest += "coreutils"
> -RDEPENDS:${PN}-ptest += "bats"
> +RDEPENDS:${PN}-ptest += "${@bb.utils.contains('PTEST_ENABLED', '1', 'bats',
> '', d)}"
>
> do_install:append() {
> rm -f ${D}${bindir}/gpiod-test
> --
> 2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#184226):
https://lists.openembedded.org/g/openembedded-core/message/184226
Mute This Topic: https://lists.openembedded.org/mt/100108764/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[oe-core][PATCH 1/1] libgpiod: modify RDEPENDS for ptest
From: Joe Slater
The current use of RDEPENDS to add a dependency on bats results
in the QA warning/error
lib32-libgpiod package lib32-libgpiod-ptest-dev - suspicious values
'bats-dev' in RRECOMMENDS [multilib]
when building lib32-libgpiod with ptest not enabled. We add the
dependency only if ptest is enabled.
Signed-off-by: Joe Slater
---
meta-oe/recipes-support/libgpiod/libgpiod.inc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta-oe/recipes-support/libgpiod/libgpiod.inc
b/meta-oe/recipes-support/libgpiod/libgpiod.inc
index a2d1f57a8b..cb19bc5fb8 100644
--- a/meta-oe/recipes-support/libgpiod/libgpiod.inc
+++ b/meta-oe/recipes-support/libgpiod/libgpiod.inc
@@ -34,7 +34,7 @@ FILES:${PN}-tools += " \
FILES:libgpiodcxx = "${libdir}/libgpiodcxx.so.*"
RRECOMMENDS:${PN}-ptest += "coreutils"
-RDEPENDS:${PN}-ptest += "bats"
+RDEPENDS:${PN}-ptest += "${@bb.utils.contains('PTEST_ENABLED', '1', 'bats',
'', d)}"
do_install:append() {
rm -f ${D}${bindir}/gpiod-test
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#184224):
https://lists.openembedded.org/g/openembedded-core/message/184224
Mute This Topic: https://lists.openembedded.org/mt/100108764/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[v2][oe-core][PATCH 1/1] ghostscript: advance to version 10.01.2
From: Joe Slater
Fix CVE-2023-28879 and CVE-2023-36664.
Signed-off-by: Joe Slater
---
.../{ghostscript_10.01.1.bb => ghostscript_10.01.2.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-extended/ghostscript/{ghostscript_10.01.1.bb =>
ghostscript_10.01.2.bb} (96%)
diff --git a/meta/recipes-extended/ghostscript/ghostscript_10.01.1.bb
b/meta/recipes-extended/ghostscript/ghostscript_10.01.2.bb
similarity index 96%
rename from meta/recipes-extended/ghostscript/ghostscript_10.01.1.bb
rename to meta/recipes-extended/ghostscript/ghostscript_10.01.2.bb
index 0d41242bc2..fdbdfb6502 100644
--- a/meta/recipes-extended/ghostscript/ghostscript_10.01.1.bb
+++ b/meta/recipes-extended/ghostscript/ghostscript_10.01.2.bb
@@ -27,7 +27,7 @@ SRC_URI =
"https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/downlo
file://avoid-host-contamination.patch \
"
-SRC_URI[sha256sum] =
"4df18a808cd4369f25e02dbcec2f133cb6d674627b2c6b1502020e58d43e32ce"
+SRC_URI[sha256sum] =
"a4cd61a07fec161bee35da0211a5e5cde8ff8a0aaf942fc0176715e499d21661"
PACKAGECONFIG ??= ""
PACKAGECONFIG[gtk] = "--enable-gtk,--disable-gtk,gtk+3"
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#184144):
https://lists.openembedded.org/g/openembedded-core/message/184144
Mute This Topic: https://lists.openembedded.org/mt/100081359/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[mickledore][oe-core][PATCH 1/1] ghostscript: fix CVE-2023-36664
From: Joe Slater
Combine two commits from git.ghostscript.com/ghostpdl.
The first incompletely addresses the CVE. The second
addresses defects in the first.
Signed-off-by: Joe Slater
---
.../ghostscript/cve-2023-36664.patch | 163 ++
.../ghostscript/ghostscript_10.0.0.bb | 1 +
2 files changed, 164 insertions(+)
create mode 100644
meta/recipes-extended/ghostscript/ghostscript/cve-2023-36664.patch
diff --git a/meta/recipes-extended/ghostscript/ghostscript/cve-2023-36664.patch
b/meta/recipes-extended/ghostscript/ghostscript/cve-2023-36664.patch
new file mode 100644
index 00..772dce2d09
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/cve-2023-36664.patch
@@ -0,0 +1,163 @@
+From 6f244ecef4a740b3b2dde15303b13a93a83706c1 Mon Sep 17 00:00:00 2001
+From: Chris Liddell
+Date: Wed, 7 Jun 2023 10:23:06 +0100
+Subject: [PATCH] Bug 706761: Don't "reduce" %pipe% file names for permission
+ validation
+
+For regular file names, we try to simplfy relative paths before we use them.
+
+Because the %pipe% device can, effectively, accept command line calls, we
+shouldn't be simplifying that string, because the command line syntax can end
+up confusing the path simplifying code. That can result in permitting a pipe
+command which does not match what was originally permitted.
+
+Special case "%pipe" in the validation code so we always deal with the entire
+string.
+
+Bug 706778: 706761 revisit
+
+Two problems with the original commit. The first a silly typo inverting the
+logic of a test.
+
+The second was forgetting that we actually actually validate two candidate
+strings for pipe devices. One with the expected "%pipe%" prefix, the other
+using the pipe character prefix: "|".
+
+This addresses both those.
+---
+CVE: CVE-2023-36664
+
+Upstream-Status: Backport [see text]
+
+From git://git.ghostscript.com/ghostpdl
+ commit 5e65eeae225c7d02d447de5abaf4a8e6d234fcea
+ commit fb342fdb60391073a69147cb71af1ac416a81099
+
+The second commit fixes errors in the first one, so we combine them.
+---
+ base/gpmisc.c | 31 +++
+ base/gslibctx.c | 56 -
+ 2 files changed, 64 insertions(+), 23 deletions(-)
+
+diff --git a/base/gpmisc.c b/base/gpmisc.c
+index 3d878ac..f9a9230 100644
+--- a/base/gpmisc.c
b/base/gpmisc.c
+@@ -1076,16 +1076,29 @@ gp_validate_path_len(const gs_memory_t *mem,
+ && !memcmp(path + cdirstrl, dirsepstr, dirsepstrl)) {
+ prefix_len = 0;
+ }
+-rlen = len+1;
+-bufferfull = (char *)gs_alloc_bytes(mem->thread_safe_memory, rlen +
prefix_len, "gp_validate_path");
+-if (bufferfull == NULL)
+-return gs_error_VMerror;
+-
+-buffer = bufferfull + prefix_len;
+-if (gp_file_name_reduce(path, (uint)len, buffer, ) !=
gp_combine_success)
+-return gs_error_invalidfileaccess;
+-buffer[rlen] = 0;
+
++/* "%pipe%" do not follow the normal rules for path definitions, so we
++ don't "reduce" them to avoid unexpected results
++ */
++if (path[0] == '|' || (len > 5 && memcmp(path, "%pipe", 5) == 0)) {
++bufferfull = buffer = (char *)gs_alloc_bytes(mem->thread_safe_memory,
len + 1, "gp_validate_path");
++if (buffer == NULL)
++return gs_error_VMerror;
++memcpy(buffer, path, len);
++buffer[len] = 0;
++rlen = len;
++}
++else {
++rlen = len+1;
++bufferfull = (char *)gs_alloc_bytes(mem->thread_safe_memory, rlen +
prefix_len, "gp_validate_path");
++if (bufferfull == NULL)
++return gs_error_VMerror;
++
++buffer = bufferfull + prefix_len;
++if (gp_file_name_reduce(path, (uint)len, buffer, ) !=
gp_combine_success)
++return gs_error_invalidfileaccess;
++buffer[rlen] = 0;
++}
+ while (1) {
+ switch (mode[0])
+ {
+diff --git a/base/gslibctx.c b/base/gslibctx.c
+index 1862482..8bfe4bb 100644
+--- a/base/gslibctx.c
b/base/gslibctx.c
+@@ -740,14 +740,28 @@ gs_add_control_path_len_flags(const gs_memory_t *mem,
gs_path_control_t type, co
+ return gs_error_rangecheck;
+ }
+
+-rlen = len+1;
+-buffer = (char *)gs_alloc_bytes(core->memory, rlen, "gp_validate_path");
+-if (buffer == NULL)
+-return gs_error_VMerror;
++/* "%pipe%" do not follow the normal rules for path definitions, so we
++ don't "reduce" them to avoid unexpected results
++ */
++if (path[0] == '|' || (len > 5 && memcmp(path, "%pipe", 5) == 0)) {
++buffer = (char *)gs_alloc_bytes(core->memory, len + 1,
"gs_add_control_path_len");
++if (buffer == NULL)
++return gs_error_VMerror;
++memcpy(buffer, path, len);
+
[oe-core][PATCH 1/1] ghostscript: advance to version 10.01.2
From: Joe Slater
Fix CVE-2023-28879 and CVE-2023-36664.
Signed-off-by: Joe Slater
---
.../{ghostscript_10.01.1.bb => ghostscript_10.01.2.bb} | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
rename meta/recipes-extended/ghostscript/{ghostscript_10.01.1.bb =>
ghostscript_10.01.2.bb} (93%)
diff --git a/meta/recipes-extended/ghostscript/ghostscript_10.01.1.bb
b/meta/recipes-extended/ghostscript/ghostscript_10.01.2.bb
similarity index 93%
rename from meta/recipes-extended/ghostscript/ghostscript_10.01.1.bb
rename to meta/recipes-extended/ghostscript/ghostscript_10.01.2.bb
index 0d41242bc2..7461dbc7f7 100644
--- a/meta/recipes-extended/ghostscript/ghostscript_10.01.1.bb
+++ b/meta/recipes-extended/ghostscript/ghostscript_10.01.2.bb
@@ -27,7 +27,8 @@ SRC_URI =
"https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/downlo
file://avoid-host-contamination.patch \
"
-SRC_URI[sha256sum] =
"4df18a808cd4369f25e02dbcec2f133cb6d674627b2c6b1502020e58d43e32ce"
+# SRC_URI[sha256sum] =
"4df18a808cd4369f25e02dbcec2f133cb6d674627b2c6b1502020e58d43e32ce"
+SRC_URI[sha256sum] =
"a4cd61a07fec161bee35da0211a5e5cde8ff8a0aaf942fc0176715e499d21661"
PACKAGECONFIG ??= ""
PACKAGECONFIG[gtk] = "--enable-gtk,--disable-gtk,gtk+3"
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#184099):
https://lists.openembedded.org/g/openembedded-core/message/184099
Mute This Topic: https://lists.openembedded.org/mt/100066762/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[mickledore][oe-core][PATCH 1/1] libxml2: upgrade 2.10.3 -> 2.10.4
From: Wang Mingyu
Changelog:
==
### Security
- [CVE-2023-29469] Hashing of empty dict strings isn't deterministic
- [CVE-2023-28484] Fix null deref in xmlSchemaFixupComplexType
- schemas: Fix null-pointer-deref in xmlSchemaCheckCOSSTDerivedOK
### Regressions
- SAX2: Ignore namespaces in HTML documents
- io: Fix "buffer full" error with certain buffer sizes
Signed-off-by: Wang Mingyu
Signed-off-by: Luca Ceresoli
(cherry picked from commit 9ddbbf2f86f046784c3baa58de5606a73e9e24f4)
---
.../libxml/{libxml2_2.10.3.bb => libxml2_2.10.4.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-core/libxml/{libxml2_2.10.3.bb => libxml2_2.10.4.bb} (97%)
diff --git a/meta/recipes-core/libxml/libxml2_2.10.3.bb
b/meta/recipes-core/libxml/libxml2_2.10.4.bb
similarity index 97%
rename from meta/recipes-core/libxml/libxml2_2.10.3.bb
rename to meta/recipes-core/libxml/libxml2_2.10.4.bb
index 0ccd48964f..288631504c 100644
--- a/meta/recipes-core/libxml/libxml2_2.10.3.bb
+++ b/meta/recipes-core/libxml/libxml2_2.10.4.bb
@@ -21,7 +21,7 @@ SRC_URI +=
"http://www.w3.org/XML/Test/xmlts20130923.tar;subdir=${BP};name=testt
file://libxml-m4-use-pkgconfig.patch \
"
-SRC_URI[archive.sha256sum] =
"5d2cc3d78bec3dbe212a9d7fa629ada25a7da928af432c93060ff5c17ee28a9c"
+SRC_URI[archive.sha256sum] =
"ed0c91c5845008f1936739e4eee2035531c1c94742c6541f44ee66d885948d45"
SRC_URI[testtar.sha256sum] =
"c6b2d42ee50b8b236e711a97d68e6c4b5c8d83e69a2be4722379f08702ea7273"
BINCONFIG = "${bindir}/xml2-config"
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#183508):
https://lists.openembedded.org/g/openembedded-core/message/183508
Mute This Topic: https://lists.openembedded.org/mt/99820380/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[oe-core][PATCH 1/1] icu: increase command buffer size
From: Joe Slater
Make cmd in pkg_installLibrary() LARGE_BUFFER_SIZE to avoid
pathname truncation if the install path is longer than about
150 characters. For default compilation, the U_ASSERT does
not detect buffer overflow but this is not addressed here.
Signed-off-by: Joe Slater
---
...pkgdata-increase-command-buffer-size.patch | 43 +++
meta/recipes-support/icu/icu_72-1.bb | 1 +
2 files changed, 44 insertions(+)
create mode 100644
meta/recipes-support/icu/icu/0001-pkgdata-increase-command-buffer-size.patch
diff --git
a/meta/recipes-support/icu/icu/0001-pkgdata-increase-command-buffer-size.patch
b/meta/recipes-support/icu/icu/0001-pkgdata-increase-command-buffer-size.patch
new file mode 100644
index 00..ea68e4be9f
--- /dev/null
+++
b/meta/recipes-support/icu/icu/0001-pkgdata-increase-command-buffer-size.patch
@@ -0,0 +1,43 @@
+From ab6b1acdeed76899f8227c38ab7e7675c7673ff1 Mon Sep 17 00:00:00 2001
+From: Joe Slater
+Date: Thu, 5 Aug 2021 09:23:48 -0700
+Subject: [PATCH 1/1] pkgdata: increase command buffer size
+
+Make cmd LARGE_BUFFER_SIZE to avoid pathname truncation
+when install paths are longer than about 150 characters.
+
+Upstream-Status: Pending
+
+Signed-off-by: Joe Slater
+---
+ source/tools/pkgdata/pkgdata.cpp | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/source/tools/pkgdata/pkgdata.cpp
b/source/tools/pkgdata/pkgdata.cpp
+index 5ab682e..d4b70ef 100644
+--- a/tools/pkgdata/pkgdata.cpp
b/tools/pkgdata/pkgdata.cpp
+@@ -1131,17 +1131,17 @@ normal_symlink_mode:
+
+ static int32_t pkg_installLibrary(const char *installDir, const char
*targetDir, UBool noVersion) {
+ int32_t result = 0;
+-char cmd[SMALL_BUFFER_MAX_SIZE];
++char cmd[LARGE_BUFFER_MAX_SIZE];
+
+ auto ret = snprintf(cmd,
+-SMALL_BUFFER_MAX_SIZE,
++LARGE_BUFFER_MAX_SIZE,
+ "cd %s && %s %s %s%s%s",
+ targetDir,
+ pkgDataFlags[INSTALL_CMD],
+ libFileNames[LIB_FILE_VERSION],
+ installDir, PKGDATA_FILE_SEP_STRING,
libFileNames[LIB_FILE_VERSION]);
+ (void)ret;
+-U_ASSERT(0 <= ret && ret < SMALL_BUFFER_MAX_SIZE);
++U_ASSERT(0 <= ret && ret < LARGE_BUFFER_MAX_SIZE);
+
+ result = runCommand(cmd);
+
+--
+2.29.2
+
diff --git a/meta/recipes-support/icu/icu_72-1.bb
b/meta/recipes-support/icu/icu_72-1.bb
index c2eae5298f..af8f5da08c 100644
--- a/meta/recipes-support/icu/icu_72-1.bb
+++ b/meta/recipes-support/icu/icu_72-1.bb
@@ -106,6 +106,7 @@ SRC_URI = "${BASE_SRC_URI};name=code \
file://filter.json \
file://fix-install-manx.patch \
file://0001-icu-Added-armeb-support.patch \
+ file://0001-pkgdata-increase-command-buffer-size.patch \
"
SRC_URI:append:class-target = "\
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#182517):
https://lists.openembedded.org/g/openembedded-core/message/182517
Mute This Topic: https://lists.openembedded.org/mt/99411776/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[mickledore][oe-core][PATCH 1/1] ghostscript: fix CVE-2023-28879
From: Joe Slater
Backport from tag ghostpdl-10.01.1-gse-10174 which is
after 10.01.1.
Signed-off-by: Joe Slater
Signed-off-by: Luca Ceresoli
Signed-off-by: Richard Purdie
(cherry picked from commit 8a70d6935afa38173dbf012b8e1c3d59228504df)
---
.../ghostscript/cve-2023-28879.patch | 60 +++
.../ghostscript/ghostscript_10.0.0.bb | 1 +
2 files changed, 61 insertions(+)
create mode 100644
meta/recipes-extended/ghostscript/ghostscript/cve-2023-28879.patch
diff --git a/meta/recipes-extended/ghostscript/ghostscript/cve-2023-28879.patch
b/meta/recipes-extended/ghostscript/ghostscript/cve-2023-28879.patch
new file mode 100644
index 00..604b927521
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/cve-2023-28879.patch
@@ -0,0 +1,60 @@
+From 37ed5022cecd584de868933b5b60da2e995b3179 Mon Sep 17 00:00:00 2001
+From: Ken Sharp
+Date: Fri, 24 Mar 2023 13:19:57 +
+Subject: [PATCH] Graphics library - prevent buffer overrun in (T)BCP encoding
+
+Bug #706494 "Buffer Overflow in s_xBCPE_process"
+
+As described in detail in the bug report, if the write buffer is filled
+to one byte less than full, and we then try to write an escaped
+character, we overrun the buffer because we don't check before
+writing two bytes to it.
+
+This just checks if we have two bytes before starting to write an
+escaped character and exits if we don't (replacing the consumed byte
+of the input).
+
+Up for further discussion; why do we even permit a BCP encoding filter
+anyway ? I think we should remove this, at least when SAFER is true.
+---
+CVE: CVE-2023-28879
+
+Upstream-Status: Backport [see text]
+
+git://git.ghostscript.com/ghostpdl
+cherry-pick
+
+Signed-off-by: Joe Slater limit - q < 2) {
++p--;
++break;
++}
+ if (p == rlimit) {
+ p--;
+ break;
+--
+2.25.1
+
diff --git a/meta/recipes-extended/ghostscript/ghostscript_10.0.0.bb
b/meta/recipes-extended/ghostscript/ghostscript_10.0.0.bb
index 56a93632e2..86ecdbe24a 100644
--- a/meta/recipes-extended/ghostscript/ghostscript_10.0.0.bb
+++ b/meta/recipes-extended/ghostscript/ghostscript_10.0.0.bb
@@ -34,6 +34,7 @@ SRC_URI_BASE =
"https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/d
file://avoid-host-contamination.patch \
file://mkdir-p.patch \
file://cross-compile.patch \
+file://cve-2023-28879.patch \
"
SRC_URI = "${SRC_URI_BASE} \
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#180978):
https://lists.openembedded.org/g/openembedded-core/message/180978
Mute This Topic: https://lists.openembedded.org/mt/98714349/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[kirkstone][oe-core][PATCH 1/1] ghostscript: fix CVE-2023-29979
From: Joe Slater
Backport from 10.02.0 (unreleased).
Signed-off-by: Joe Slater
---
.../ghostscript/cve-2023-28879.patch | 60 +++
.../ghostscript/ghostscript_9.55.0.bb | 1 +
2 files changed, 61 insertions(+)
create mode 100644
meta/recipes-extended/ghostscript/ghostscript/cve-2023-28879.patch
diff --git a/meta/recipes-extended/ghostscript/ghostscript/cve-2023-28879.patch
b/meta/recipes-extended/ghostscript/ghostscript/cve-2023-28879.patch
new file mode 100644
index 00..9b057d609a
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/cve-2023-28879.patch
@@ -0,0 +1,60 @@
+From 37ed5022cecd584de868933b5b60da2e995b3179 Mon Sep 17 00:00:00 2001
+From: Ken Sharp
+Date: Fri, 24 Mar 2023 13:19:57 +
+Subject: [PATCH] Graphics library - prevent buffer overrun in (T)BCP encoding
+
+Bug #706494 "Buffer Overflow in s_xBCPE_process"
+
+As described in detail in the bug report, if the write buffer is filled
+to one byte less than full, and we then try to write an escaped
+character, we overrun the buffer because we don't check before
+writing two bytes to it.
+
+This just checks if we have two bytes before starting to write an
+escaped character and exits if we don't (replacing the consumed byte
+of the input).
+
+Up for further discussion; why do we even permit a BCP encoding filter
+anyway ? I think we should remove this, at least when SAFER is true.
+---
+CVE: CVE-2023-28879
+
+Upstream-Status: Backport [see text]
+
+git://git.ghostscript.com/ghostpdl
+cherry-pick
+
+Signed-off-by: Joe Slater
+
+---
+ base/sbcp.c | 10 +-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/base/sbcp.c b/base/sbcp.c
+index 979ae0992..47fc233ec 100644
+--- a/base/sbcp.c
b/base/sbcp.c
+@@ -1,4 +1,4 @@
+-/* Copyright (C) 2001-2021 Artifex Software, Inc.
++/* Copyright (C) 2001-2023 Artifex Software, Inc.
+All Rights Reserved.
+
+This software is provided AS-IS with no warranty, either express or
+@@ -50,6 +50,14 @@ s_xBCPE_process(stream_state * st, stream_cursor_read * pr,
+ byte ch = *++p;
+
+ if (ch <= 31 && escaped[ch]) {
++/* Make sure we have space to store two characters in the write
buffer,
++ * if we don't then exit without consuming the input character,
we'll process
++ * that on the next time round.
++ */
++if (pw->limit - q < 2) {
++p--;
++break;
++}
+ if (p == rlimit) {
+ p--;
+ break;
+--
+2.25.1
+
diff --git a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
index 365420fb64..f29c57beea 100644
--- a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
+++ b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
@@ -34,6 +34,7 @@ SRC_URI_BASE =
"https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/d
file://avoid-host-contamination.patch \
file://mkdir-p.patch \
file://CVE-2022-2085.patch \
+file://cve-2023-28879.patch \
"
SRC_URI = "${SRC_URI_BASE} \
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#180369):
https://lists.openembedded.org/g/openembedded-core/message/180369
Mute This Topic: https://lists.openembedded.org/mt/98480756/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [v2][oe-core][PATCH 1/1] ghostscript: fix CVE-2023-28879
Thanks for fixing the sender address. I modified my git config, but this has never happened before and I think might be because the Signed-off-by in the original patch is malformed -- it's missing the terminating ">". Joe > -Original Message- > From: Luca Ceresoli > Sent: Monday, April 24, 2023 11:36 AM > To: Joe Slater via lists.openembedded.org > > Cc: Slater, Joseph ; openembedded- > c...@lists.openembedded.org; MacLeod, Randy > > Subject: Re: [v2][oe-core][PATCH 1/1] ghostscript: fix CVE-2023-28879 > > On Mon, 24 Apr 2023 10:34:32 -0700 > "Joe Slater via lists.openembedded.org" > wrote: > ^^^ > > As you can see your sender address has been mangled, and as a result the patch > is rejected by the the openembedded git server. This is not your fault, but we > need you to modify your git configuration to prevent this from happening in > the > future. Have a look at the wiki for more info and how to solve that: > > https://www.openembedded.org/wiki/How_to_submit_a_patch_to_OpenEmbe > dded#Fixing_your_From_identity > > I'm taking your patch for testing on the autobuilders, fixing it manually so > you > don't need to resend your patch this time. > > Best regards, > Luca > > -- > Luca Ceresoli, Bootlin > Embedded Linux and Kernel engineering > https://bootlin.com -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#180368): https://lists.openembedded.org/g/openembedded-core/message/180368 Mute This Topic: https://lists.openembedded.org/mt/98476248/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[v2][oe-core][PATCH 1/1] ghostscript: fix CVE-2023-28879
Backport from tag ghostpdl-10.01.1-gse-10174 which is
after 10.01.1.
Signed-off-by: Joe Slater
---
.../ghostscript/cve-2023-28879.patch | 60 +++
.../ghostscript/ghostscript_10.0.0.bb | 1 +
2 files changed, 61 insertions(+)
create mode 100644
meta/recipes-extended/ghostscript/ghostscript/cve-2023-28879.patch
diff --git a/meta/recipes-extended/ghostscript/ghostscript/cve-2023-28879.patch
b/meta/recipes-extended/ghostscript/ghostscript/cve-2023-28879.patch
new file mode 100644
index 00..604b927521
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/cve-2023-28879.patch
@@ -0,0 +1,60 @@
+From 37ed5022cecd584de868933b5b60da2e995b3179 Mon Sep 17 00:00:00 2001
+From: Ken Sharp
+Date: Fri, 24 Mar 2023 13:19:57 +
+Subject: [PATCH] Graphics library - prevent buffer overrun in (T)BCP encoding
+
+Bug #706494 "Buffer Overflow in s_xBCPE_process"
+
+As described in detail in the bug report, if the write buffer is filled
+to one byte less than full, and we then try to write an escaped
+character, we overrun the buffer because we don't check before
+writing two bytes to it.
+
+This just checks if we have two bytes before starting to write an
+escaped character and exits if we don't (replacing the consumed byte
+of the input).
+
+Up for further discussion; why do we even permit a BCP encoding filter
+anyway ? I think we should remove this, at least when SAFER is true.
+---
+CVE: CVE-2023-28879
+
+Upstream-Status: Backport [see text]
+
+git://git.ghostscript.com/ghostpdl
+cherry-pick
+
+Signed-off-by: Joe Slater limit - q < 2) {
++p--;
++break;
++}
+ if (p == rlimit) {
+ p--;
+ break;
+--
+2.25.1
+
diff --git a/meta/recipes-extended/ghostscript/ghostscript_10.0.0.bb
b/meta/recipes-extended/ghostscript/ghostscript_10.0.0.bb
index 56a93632e2..86ecdbe24a 100644
--- a/meta/recipes-extended/ghostscript/ghostscript_10.0.0.bb
+++ b/meta/recipes-extended/ghostscript/ghostscript_10.0.0.bb
@@ -34,6 +34,7 @@ SRC_URI_BASE =
"https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/d
file://avoid-host-contamination.patch \
file://mkdir-p.patch \
file://cross-compile.patch \
+file://cve-2023-28879.patch \
"
SRC_URI = "${SRC_URI_BASE} \
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#180360):
https://lists.openembedded.org/g/openembedded-core/message/180360
Mute This Topic: https://lists.openembedded.org/mt/98476248/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[oe-core][PATCH 1/1] ghostscript: fix CVE-2023-28879
Backport from tag ghostpdl-10.01.1-gse-10174 which is
after 10.01.1.
Signed-off-by: Joe Slater
---
meta/recipes-extended/ghostscript/ghostscript_10.0.0.bb | 1 +
1 file changed, 1 insertion(+)
diff --git a/meta/recipes-extended/ghostscript/ghostscript_10.0.0.bb
b/meta/recipes-extended/ghostscript/ghostscript_10.0.0.bb
index 56a93632e2..86ecdbe24a 100644
--- a/meta/recipes-extended/ghostscript/ghostscript_10.0.0.bb
+++ b/meta/recipes-extended/ghostscript/ghostscript_10.0.0.bb
@@ -34,6 +34,7 @@ SRC_URI_BASE =
"https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/d
file://avoid-host-contamination.patch \
file://mkdir-p.patch \
file://cross-compile.patch \
+file://cve-2023-28879.patch \
"
SRC_URI = "${SRC_URI_BASE} \
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#180359):
https://lists.openembedded.org/g/openembedded-core/message/180359
Mute This Topic: https://lists.openembedded.org/mt/98476159/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [oe-core][PATCH 1/1] go: fix CVE-2022-41724, 41725
> -Original Message- > From: Luca Ceresoli > Sent: Wednesday, April 12, 2023 1:39 PM > To: Slater, Joseph > Cc: openembedded-core@lists.openembedded.org; MacLeod, Randy > > Subject: Re: [oe-core][PATCH 1/1] go: fix CVE-2022-41724, 41725 > > Hello Joe, > > On Wed, 12 Apr 2023 11:32:06 -0700 > "Joe Slater" wrote: > > > Backport from go-1.19. The godebug package is needed by the fix to > > CVE-2022-41725. > > > > Mostly a cherry-pick but exceptions are noted in comments marked > > "backport". > > > > Signed-off-by: Joe Slater > > --- > > ...01-go-fix-CVE-2022-41723-41724-41725.patch | 3373 + > > meta/recipes-devtools/go/go-1.17.13.inc |5 +- > > I understand this patch is wrong, being mased on kirkstone, so you sent a > fixed > versions with the '[kirkstone]' subject tag shortly after, and this one > should be > ignored. Is this correct? [Slater, Joseph] Yes, sorry for the noise. I forgot the kirkstone label. I think this patch also includes a bogus file I somehow committed while switching branches and generating patches for my internal use. Joe > > Best regards, > Luca > > -- > Luca Ceresoli, Bootlin > Embedded Linux and Kernel engineering > https://bootlin.com -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#179979): https://lists.openembedded.org/g/openembedded-core/message/179979 Mute This Topic: https://lists.openembedded.org/mt/98225605/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe-core][kirkstone][PATCH 1/1] go: fix CVE-2022-41724, 41725
Backport from go-1.19. The godebug package is needed by
the fix to CVE-2022-41725.
Mostly a cherry-pick but exceptions are noted in comments
marked "backport".
Signed-off-by: Joe Slater
---
meta/recipes-devtools/go/go-1.17.13.inc |5 +-
.../go/go-1.19/add_godebug.patch | 84 +
.../go/go-1.19/cve-2022-41724.patch | 2391 +
.../go/go-1.19/cve-2022-41725.patch | 652 +
4 files changed, 3131 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-devtools/go/go-1.19/add_godebug.patch
create mode 100644 meta/recipes-devtools/go/go-1.19/cve-2022-41724.patch
create mode 100644 meta/recipes-devtools/go/go-1.19/cve-2022-41725.patch
diff --git a/meta/recipes-devtools/go/go-1.17.13.inc
b/meta/recipes-devtools/go/go-1.17.13.inc
index 14d58932dc..23380f04c3 100644
--- a/meta/recipes-devtools/go/go-1.17.13.inc
+++ b/meta/recipes-devtools/go/go-1.17.13.inc
@@ -1,6 +1,6 @@
require go-common.inc
-FILESEXTRAPATHS:prepend := "${FILE_DIRNAME}/go-1.18:"
+FILESEXTRAPATHS:prepend := "${FILE_DIRNAME}/go-1.19:${FILE_DIRNAME}/go-1.18:"
LIC_FILES_CHKSUM = "file://LICENSE;md5=5d4950ecb7b26d2c5e4e7b4e0dd74707"
@@ -23,6 +23,9 @@ SRC_URI += "\
file://CVE-2022-2879.patch \
file://CVE-2022-41720.patch \
file://CVE-2022-41723.patch \
+file://cve-2022-41724.patch \
+file://add_godebug.patch \
+file://cve-2022-41725.patch \
"
SRC_URI[main.sha256sum] =
"a1a48b23afb206f95e7bbaa9b898d965f90826f6f1d1fc0c1d784ada0cd300fd"
diff --git a/meta/recipes-devtools/go/go-1.19/add_godebug.patch
b/meta/recipes-devtools/go/go-1.19/add_godebug.patch
new file mode 100644
index 00..0c3d2d2855
--- /dev/null
+++ b/meta/recipes-devtools/go/go-1.19/add_godebug.patch
@@ -0,0 +1,84 @@
+
+Upstream-Status: Backport [see text]
+
+https://github.com/golong/go.git as of commit 22c1d18a27...
+Copy src/internal/godebug from go 1.19 since it does not
+exist in 1.17.
+
+Signed-off-by: Joe Slater
+---
+
+--- /dev/null
go/src/internal/godebug/godebug.go
+@@ -0,0 +1,34 @@
++// Copyright 2021 The Go Authors. All rights reserved.
++// Use of this source code is governed by a BSD-style
++// license that can be found in the LICENSE file.
++
++// Package godebug parses the GODEBUG environment variable.
++package godebug
++
++import "os"
++
++// Get returns the value for the provided GODEBUG key.
++func Get(key string) string {
++ return get(os.Getenv("GODEBUG"), key)
++}
++
++// get returns the value part of key=value in s (a GODEBUG value).
++func get(s, key string) string {
++ for i := 0; i < len(s)-len(key)-1; i++ {
++ if i > 0 && s[i-1] != ',' {
++ continue
++ }
++ afterKey := s[i+len(key):]
++ if afterKey[0] != '=' || s[i:i+len(key)] != key {
++ continue
++ }
++ val := afterKey[1:]
++ for i, b := range val {
++ if b == ',' {
++ return val[:i]
++ }
++ }
++ return val
++ }
++ return ""
++}
+--- /dev/null
go/src/internal/godebug/godebug_test.go
+@@ -0,0 +1,34 @@
++// Copyright 2021 The Go Authors. All rights reserved.
++// Use of this source code is governed by a BSD-style
++// license that can be found in the LICENSE file.
++
++package godebug
++
++import "testing"
++
++func TestGet(t *testing.T) {
++ tests := []struct {
++ godebug string
++ key string
++ wantstring
++ }{
++ {"", "", ""},
++ {"", "foo", ""},
++ {"foo=bar", "foo", "bar"},
++ {"foo=bar,after=x", "foo", "bar"},
++ {"before=x,foo=bar,after=x", "foo", "bar"},
++ {"before=x,foo=bar", "foo", "bar"},
++ {",,,foo=bar,,,", "foo", "bar"},
++ {"foodecoy=wrong,foo=bar", "foo", "bar"},
++ {"foo=", "foo", ""},
++ {"foo", "foo", ""},
++ {",foo", "foo", ""},
++ {"foo=bar,baz", "lng", ""},
++ }
++ for _, tt := range tests {
++ got := get(tt.godebug, tt.key)
++ if got != tt.want {
++ t.Errorf("get(%q, %q) = %q; want %q", tt.godebug,
tt.key, got, tt.want)
++ }
++ }
++}
diff --git a/meta/recipes-devtools/go/go-1.19/cve-2022-41724.patch
b/meta/recipes-devtools/go/go-1.19/cve-2022-
[oe-core][kirkstone][PATCH 1/1] phpmyadmin: fix CVE-2023-25727
From: Dragos-Marian Panait
In phpMyAdmin before 4.9.11 and 5.x before 5.2.1,
an authenticated user can trigger XSS by
uploading a crafted .sql file through the drag-and-drop interface.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2023-25727
Upstream patch:
https://github.com/phpmyadmin/phpmyadmin/commit/efa2406695551667f726497750d3db91fb6f662e
Signed-off-by: Dragos-Marian Panait
Signed-off-by: Joe Slater
---
.../phpmyadmin/CVE-2023-25727.patch | 37 +++
.../phpmyadmin/phpmyadmin_5.1.3.bb| 1 +
2 files changed, 38 insertions(+)
create mode 100644
meta-webserver/recipes-php/phpmyadmin/phpmyadmin/CVE-2023-25727.patch
diff --git
a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/CVE-2023-25727.patch
b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/CVE-2023-25727.patch
new file mode 100644
index 0..707334a51
--- /dev/null
+++ b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/CVE-2023-25727.patch
@@ -0,0 +1,37 @@
+From 0842f11158699a979437125756b26eeabedab9ab Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Maur=C3=ADcio=20Meneghini=20Fauth?=
+Date: Fri, 5 Aug 2022 20:18:16 -0300
+Subject: [PATCH] Fix not escaped title when using drag and drop upload
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Maurício Meneghini Fauth
+
+Upstream-Status: Backport
+CVE: CVE-2023-25727
+
+Reference to upstream patch:
+https://github.com/phpmyadmin/phpmyadmin/commit/efa2406695551667f726497750d3db91fb6f662e
+
+Signed-off-by: Dragos-Marian Panait
+---
+ js/src/drag_drop_import.js | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/js/src/drag_drop_import.js b/js/src/drag_drop_import.js
+index 55250c2..9b8710e 100644
+--- a/js/src/drag_drop_import.js
b/js/src/drag_drop_import.js
+@@ -130,7 +130,7 @@ var DragDropImport = {
+ var filename =
$this.parent('span').attr('data-filename');
+ $('body').append('' +
+ Messages.dropImportImportResultHeader + ' - '
+
+-filename + 'x' + value.message + '');
++Functions.escapeHtml(filename) + 'x' + value.message + '');
+ $('.pma_drop_result').draggable(); // to
make this dialog draggable
+ }
+ });
+--
+2.39.1
+
diff --git a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_5.1.3.bb
b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_5.1.3.bb
index 7ccc05ec3..3f1919439 100644
--- a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_5.1.3.bb
+++ b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_5.1.3.bb
@@ -9,6 +9,7 @@ LIC_FILES_CHKSUM =
"file://LICENSE;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
SRC_URI =
"https://files.phpmyadmin.net/phpMyAdmin/${PV}/phpMyAdmin-${PV}-all-languages.tar.xz
\
file://apache.conf \
+ file://CVE-2023-25727.patch \
"
SRC_URI[sha256sum] =
"c562feddc0f8ff5e69629113f273a0d024a65fb928c48e89ce614744d478296f"
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#179010):
https://lists.openembedded.org/g/openembedded-core/message/179010
Mute This Topic: https://lists.openembedded.org/mt/97812721/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[kirkstone][oe-core][PATCH 1/1] nghttp2: never build python bindings
This has already been done for oe-core/master.
Signed-off-by: Joe Slater
---
meta/recipes-support/nghttp2/nghttp2_1.47.0.bb | 4
1 file changed, 4 insertions(+)
diff --git a/meta/recipes-support/nghttp2/nghttp2_1.47.0.bb
b/meta/recipes-support/nghttp2/nghttp2_1.47.0.bb
index 58ce08084d..becacd4502 100644
--- a/meta/recipes-support/nghttp2/nghttp2_1.47.0.bb
+++ b/meta/recipes-support/nghttp2/nghttp2_1.47.0.bb
@@ -19,6 +19,10 @@ PACKAGECONFIG[manpages] = ""
# first place
EXTRA_OECMAKE = "-DENABLE_EXAMPLES=OFF -DENABLE_APP=OFF
-DENABLE_HPACK_TOOLS=OFF"
+# Do not let configure try to decide this.
+#
+EXTRA_OECMAKE += "-DENABLE_PYTHON_BINDINGS=OFF"
+
PACKAGES =+ "lib${BPN} ${PN}-client ${PN}-proxy ${PN}-server"
RDEPENDS:${PN} = "${PN}-client (>= ${PV}) ${PN}-proxy (>= ${PV}) ${PN}-server
(>= ${PV})"
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#178709):
https://lists.openembedded.org/g/openembedded-core/message/178709
Mute This Topic: https://lists.openembedded.org/mt/97654091/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[kirkstone][oe-core][PATCH 1/1] python3: fix CVE-2023-24329
Backport fix from cpython 3.11 branch.
Signed-off-by: Joe Slater
---
.../python/python3/cve-2023-24329.patch | 50 +++
.../recipes-devtools/python/python3_3.10.9.bb | 1 +
2 files changed, 51 insertions(+)
create mode 100644 meta/recipes-devtools/python/python3/cve-2023-24329.patch
diff --git a/meta/recipes-devtools/python/python3/cve-2023-24329.patch
b/meta/recipes-devtools/python/python3/cve-2023-24329.patch
new file mode 100644
index 00..d47425d239
--- /dev/null
+++ b/meta/recipes-devtools/python/python3/cve-2023-24329.patch
@@ -0,0 +1,50 @@
+From 72d356e3584ebfb8e813a8e9f2cd3dccf233c0d9 Mon Sep 17 00:00:00 2001
+From: "Miss Islington (bot)"
+ <31488909+miss-isling...@users.noreply.github.com>
+Date: Sun, 13 Nov 2022 11:00:25 -0800
+Subject: [PATCH] gh-99418: Make urllib.parse.urlparse enforce that a scheme
+ must begin with an alphabetical ASCII character. (GH-99421)
+
+Prevent urllib.parse.urlparse from accepting schemes that don't begin with an
alphabetical ASCII character.
+
+RFC 3986 defines a scheme like this: `scheme = ALPHA *( ALPHA / DIGIT / "+" /
"-" / "." )`
+RFC 2234 defines an ALPHA like this: `ALPHA = %x41-5A / %x61-7A`
+
+The WHATWG URL spec defines a scheme like this:
+`"A URL-scheme string must be one ASCII alpha, followed by zero or more of
ASCII alphanumeric, U+002B (+), U+002D (-), and U+002E (.)."`
+(cherry picked from commit 439b9cfaf43080e91c4ad69f312f21fa098befc7)
+
+Co-authored-by: Ben Kallus <49924171+kenbal...@users.noreply.github.com>
+--- end original header ---
+
+CVE: CVE-2023-24329
+
+Upstream-Status: Backport [see below]
+
+Taken from https://github.com/python/cpython.git
+commit 72d356e3584ebfb8e813a8e9f2cd3dccf233c0d9
+
+CVE fix extracted; test case and update to NEWS abandoned.
+Defuzzed.
+
+Signed-off-by: Joe Slater
+---
+ Lib/urllib/parse.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Lib/urllib/parse.py b/Lib/urllib/parse.py
+index 26ddf30..1c53acb 100644
+--- a/Lib/urllib/parse.py
b/Lib/urllib/parse.py
+@@ -469,7 +469,7 @@ def urlsplit(url, scheme='', allow_fragments=True):
+ clear_cache()
+ netloc = query = fragment = ''
+ i = url.find(':')
+-if i > 0:
++if i > 0 and url[0].isascii() and url[0].isalpha():
+ for c in url[:i]:
+ if c not in scheme_chars:
+ break
+--
+2.25.1
+
diff --git a/meta/recipes-devtools/python/python3_3.10.9.bb
b/meta/recipes-devtools/python/python3_3.10.9.bb
index d6b7a618c1..867958c0fb 100644
--- a/meta/recipes-devtools/python/python3_3.10.9.bb
+++ b/meta/recipes-devtools/python/python3_3.10.9.bb
@@ -35,6 +35,7 @@ SRC_URI =
"http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \
file://0001-setup.py-Do-not-detect-multiarch-paths-when-cross-co.patch \
file://deterministic_imports.patch \
file://0001-Avoid-shebang-overflow-on-python-config.py.patch \
+ file://cve-2023-24329.patch \
"
SRC_URI:append:class-native = " \
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#178707):
https://lists.openembedded.org/g/openembedded-core/message/178707
Mute This Topic: https://lists.openembedded.org/mt/97653518/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[oe-core][kirkstone][PATCH 1/1] nghttp2: never build python bindings
This has already been done for oe-core/master.
Signed-off-by: Joe Slater
---
meta/recipes-support/nghttp2/nghttp2_1.47.0.bb | 4
1 file changed, 4 insertions(+)
diff --git a/meta/recipes-support/nghttp2/nghttp2_1.47.0.bb
b/meta/recipes-support/nghttp2/nghttp2_1.47.0.bb
index 58ce08084d..becacd4502 100644
--- a/meta/recipes-support/nghttp2/nghttp2_1.47.0.bb
+++ b/meta/recipes-support/nghttp2/nghttp2_1.47.0.bb
@@ -19,6 +19,10 @@ PACKAGECONFIG[manpages] = ""
# first place
EXTRA_OECMAKE = "-DENABLE_EXAMPLES=OFF -DENABLE_APP=OFF
-DENABLE_HPACK_TOOLS=OFF"
+# Do not let configure try to decide this.
+#
+EXTRA_OECMAKE += "-DENABLE_PYTHON_BINDINGS=OFF"
+
PACKAGES =+ "lib${BPN} ${PN}-client ${PN}-proxy ${PN}-server"
RDEPENDS:${PN} = "${PN}-client (>= ${PV}) ${PN}-proxy (>= ${PV}) ${PN}-server
(>= ${PV})"
--
2.32.0
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#177633):
https://lists.openembedded.org/g/openembedded-core/message/177633
Mute This Topic: https://lists.openembedded.org/mt/97193381/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[oe-core][PATCH 1/2] Revert "tar: Fix CVE-2022-48303"
This reverts commit 4573a584397f197fbc9170abec3c590ea36667f7.
A fix is available from gnu.
Signed-off-by: Joe Slater
---
.../tar/files/CVE-2022-48303.patch| 36 ---
meta/recipes-extended/tar/tar_1.34.bb | 4 +--
2 files changed, 1 insertion(+), 39 deletions(-)
delete mode 100644 meta/recipes-extended/tar/files/CVE-2022-48303.patch
diff --git a/meta/recipes-extended/tar/files/CVE-2022-48303.patch
b/meta/recipes-extended/tar/files/CVE-2022-48303.patch
deleted file mode 100644
index a8e9f4ac7d..00
--- a/meta/recipes-extended/tar/files/CVE-2022-48303.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From 1d530107a24d71e798727d7f0afa0833473d1074 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Matej=20Mu=C5=BEila?=
-Date: Wed, 11 Jan 2023 08:55:58 +0100
-Subject: [PATCH] Fix savannah bug #62387
-
-* src/list.c (from_header): Check for the end of field after leading byte
- (0x80 or 0xff) of base-256 encoded header value
-
-Upstream-Status: Backport
-[https://savannah.gnu.org/patch/download.php?file_id=54212]
-CVE: CVE-2022-48303
-Signed-off-by: Chee Yang Lee
- src/list.c | 6 ++
- 1 file changed, 6 insertions(+)
-
-diff --git a/src/list.c b/src/list.c
-index 9fafc425..bf41b581 100644
a/src/list.c
-+++ b/src/list.c
-@@ -895,6 +895,12 @@ from_header (char const *where0, size_t digs, char const
*type,
- << (CHAR_BIT * sizeof (uintmax_t)
- - LG_256 - (LG_256 - 2)));
- value = (*where++ & ((1 << (LG_256 - 2)) - 1)) - signbit;
-+ if (where == lim)
-+{
-+ if (type && !silent)
-+ERROR ((0, 0, _("Archive base-256 value is invalid")));
-+ return -1;
-+}
- for (;;)
- {
- value = (value << LG_256) + (unsigned char) *where++;
---
-2.38.1
-
diff --git a/meta/recipes-extended/tar/tar_1.34.bb
b/meta/recipes-extended/tar/tar_1.34.bb
index 22c04ba70a..7307cd57a2 100644
--- a/meta/recipes-extended/tar/tar_1.34.bb
+++ b/meta/recipes-extended/tar/tar_1.34.bb
@@ -6,9 +6,7 @@ SECTION = "base"
LICENSE = "GPL-3.0-only"
LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
-SRC_URI = "${GNU_MIRROR}/tar/tar-${PV}.tar.bz2 \
- file://CVE-2022-48303.patch \
- "
+SRC_URI = "${GNU_MIRROR}/tar/tar-${PV}.tar.bz2"
SRC_URI[sha256sum] =
"b44cc67f8a1f6b0250b7c860e952b37e8ed932a90bd9b1862a511079255646ff"
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#177314):
https://lists.openembedded.org/g/openembedded-core/message/177314
Mute This Topic: https://lists.openembedded.org/mt/97040412/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[oe-core][PATCH 2/2] tar: CVE-2022-48303
From: Rodolfo Quesada Zumbado
Fixes CVE-2022-48303 by checking Base-256 encoding is at least
2 bytes long. GNU Tar through 1.34 has a one-byte out-of-bounds
read that results in use of uninitialized memory for a conditional
jump. Exploitation to change the flow of control has not been
demonstrated. The issue occurs in from_header in list.c via a
V7 archive in which mtime has approximately 11 whitespace characters.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2022-48303
Upstream patch:
https://savannah.gnu.org/bugs/?62387
https://git.savannah.gnu.org/cgit/tar.git/patch/src/list.c?id=3da78400eafcccb97e2f2fd4b227ea40d794ede8
Signed-off-by: Rodolfo Quesada Zumbado
Signed-off-by: Joe Slater
---
.../tar/tar/CVE-2022-48303.patch | 43 +++
meta/recipes-extended/tar/tar_1.34.bb | 4 +-
2 files changed, 46 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-extended/tar/tar/CVE-2022-48303.patch
diff --git a/meta/recipes-extended/tar/tar/CVE-2022-48303.patch
b/meta/recipes-extended/tar/tar/CVE-2022-48303.patch
new file mode 100644
index 00..b2f40f3e64
--- /dev/null
+++ b/meta/recipes-extended/tar/tar/CVE-2022-48303.patch
@@ -0,0 +1,43 @@
+From 3da78400eafcccb97e2f2fd4b227ea40d794ede8 Mon Sep 17 00:00:00 2001
+From: Sergey Poznyakoff
+Date: Sat, 11 Feb 2023 11:57:39 +0200
+Subject: Fix boundary checking in base-256 decoder
+
+* src/list.c (from_header): Base-256 encoding is at least 2 bytes
+long.
+
+Upstream-Status: Backport [see reference below]
+CVE: CVE-2022-48303
+
+Reference to upstream patch:
+https://savannah.gnu.org/bugs/?62387
+https://git.savannah.gnu.org/cgit/tar.git/patch/src/list.c?id=3da78400eafcccb97e2f2fd4b227ea40d794ede8
+
+Signed-off-by: Rodolfo Quesada Zumbado
+Signed-off-by: Joe Slater
+---
+ src/list.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)Signed-off-by: Rodolfo Quesada
Zumbado
+
+
+(limited to 'src/list.c')
+
+diff --git a/src/list.c b/src/list.c
+index 9fafc42..86bcfdd 100644
+--- a/src/list.c
b/src/list.c
+@@ -881,8 +881,9 @@ from_header (char const *where0, size_t digs, char const
*type,
+ where++;
+ }
+ }
+- else if (*where == '\200' /* positive base-256 */
+- || *where == '\377' /* negative base-256 */)
++ else if (where <= lim - 2
++ && (*where == '\200' /* positive base-256 */
++ || *where == '\377' /* negative base-256 */))
+ {
+ /* Parse base-256 output. A nonnegative number N is
+represented as (256**DIGS)/2 + N; a negative number -N is
+--
+cgit v1.1
+
diff --git a/meta/recipes-extended/tar/tar_1.34.bb
b/meta/recipes-extended/tar/tar_1.34.bb
index 7307cd57a2..1ef5fe221e 100644
--- a/meta/recipes-extended/tar/tar_1.34.bb
+++ b/meta/recipes-extended/tar/tar_1.34.bb
@@ -6,7 +6,9 @@ SECTION = "base"
LICENSE = "GPL-3.0-only"
LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
-SRC_URI = "${GNU_MIRROR}/tar/tar-${PV}.tar.bz2"
+SRC_URI = "${GNU_MIRROR}/tar/tar-${PV}.tar.bz2 \
+ file://CVE-2022-48303.patch \
+"
SRC_URI[sha256sum] =
"b44cc67f8a1f6b0250b7c860e952b37e8ed932a90bd9b1862a511079255646ff"
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#177315):
https://lists.openembedded.org/g/openembedded-core/message/177315
Mute This Topic: https://lists.openembedded.org/mt/97040413/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[v2][oe-core][kirkstone][PATCH 1/1] python3: advance to version 3.10.8
Fixes CVE-2022-37460. Also add patch to fix CVE-2022-37454.
Signed-off-by: Joe Slater
---
.../python/python3/cve-2022-37454.patch | 108 ++
.../{python3_3.10.7.bb => python3_3.10.8.bb} | 4 +-
2 files changed, 110 insertions(+), 2 deletions(-)
create mode 100644 meta/recipes-devtools/python/python3/cve-2022-37454.patch
rename meta/recipes-devtools/python/{python3_3.10.7.bb => python3_3.10.8.bb}
(99%)
diff --git a/meta/recipes-devtools/python/python3/cve-2022-37454.patch
b/meta/recipes-devtools/python/python3/cve-2022-37454.patch
new file mode 100644
index 00..c019151a64
--- /dev/null
+++ b/meta/recipes-devtools/python/python3/cve-2022-37454.patch
@@ -0,0 +1,108 @@
+From 1f66b714c5f2fef80ec5389456ac31756dbfff0e Mon Sep 17 00:00:00 2001
+From: Theo Buehler
+Date: Fri, 21 Oct 2022 21:26:01 +0200
+Subject: [PATCH] gh-98517: Fix buffer overflows in _sha3 module (#98519)
+
+This is a port of the applicable part of XKCP's fix [1] for
+CVE-2022-37454 and avoids the segmentation fault and the infinite
+loop in the test cases published in [2].
+
+[1]:
https://github.com/XKCP/XKCP/commit/fdc6fef075f4e81d6b1bc38364248975e08e340a
+[2]: https://mouha.be/sha-3-buffer-overflow/
+
+Regression test added by: Gregory P. Smith [Google LLC]
+---
+
+Patch applied without modification.
+
+CVE: CVE-2022-37454
+
+Upstream-Status: Backport [github.com/cpython/cpython.git 0e4e058602d...]
+
+Signed-off-by: Joe Slater
+---
+ Lib/test/test_hashlib.py | 9 +
+ .../2022-10-21-13-31-47.gh-issue-98517.SXXGfV.rst | 1 +
+ Modules/_sha3/kcp/KeccakSponge.inc| 15 ---
+ 3 files changed, 18 insertions(+), 7 deletions(-)
+ create mode 100644
Misc/NEWS.d/next/Security/2022-10-21-13-31-47.gh-issue-98517.SXXGfV.rst
+
+diff --git a/Lib/test/test_hashlib.py b/Lib/test/test_hashlib.py
+index ea31f8b..65330e1 100644
+--- a/Lib/test/test_hashlib.py
b/Lib/test/test_hashlib.py
+@@ -491,6 +491,15 @@ class HashLibTestCase(unittest.TestCase):
+ def test_case_md5_uintmax(self, size):
+ self.check('md5', b'A'*size, '28138d306ff1b8281f1a9067e1a1a2b3')
+
++@unittest.skipIf(sys.maxsize < _4G - 1, 'test cannot run on 32-bit
systems')
++@bigmemtest(size=_4G - 1, memuse=1, dry_run=False)
++def test_sha3_update_overflow(self, size):
++"""Regression test for gh-98517 CVE-2022-37454."""
++h = hashlib.sha3_224()
++h.update(b'\x01')
++h.update(b'\x01'*0x_)
++self.assertEqual(h.hexdigest(),
'80762e8ce6700f114fec0f621fd97c4b9c00147fa052215294cceeed')
++
+ # use the three examples from Federal Information Processing Standards
+ # Publication 180-1, Secure Hash Standard, 1995 April 17
+ # http://www.itl.nist.gov/div897/pubs/fip180-1.htm
+diff --git
a/Misc/NEWS.d/next/Security/2022-10-21-13-31-47.gh-issue-98517.SXXGfV.rst
b/Misc/NEWS.d/next/Security/2022-10-21-13-31-47.gh-issue-98517.SXXGfV.rst
+new file mode 100644
+index 000..2d23a6a
+--- /dev/null
b/Misc/NEWS.d/next/Security/2022-10-21-13-31-47.gh-issue-98517.SXXGfV.rst
+@@ -0,0 +1 @@
++Port XKCP's fix for the buffer overflows in SHA-3 (CVE-2022-37454).
+diff --git a/Modules/_sha3/kcp/KeccakSponge.inc
b/Modules/_sha3/kcp/KeccakSponge.inc
+index e10739d..cf92e4d 100644
+--- a/Modules/_sha3/kcp/KeccakSponge.inc
b/Modules/_sha3/kcp/KeccakSponge.inc
+@@ -171,7 +171,7 @@ int SpongeAbsorb(SpongeInstance *instance, const unsigned
char *data, size_t dat
+ i = 0;
+ curData = data;
+ while(i < dataByteLen) {
+-if ((instance->byteIOIndex == 0) && (dataByteLen >= (i +
rateInBytes))) {
++if ((instance->byteIOIndex == 0) && (dataByteLen-i >= rateInBytes)) {
+ #ifdef SnP_FastLoop_Absorb
+ /* processing full blocks first */
+
+@@ -199,10 +199,10 @@ int SpongeAbsorb(SpongeInstance *instance, const
unsigned char *data, size_t dat
+ }
+ else {
+ /* normal lane: using the message queue */
+-
+-partialBlock = (unsigned int)(dataByteLen - i);
+-if (partialBlock+instance->byteIOIndex > rateInBytes)
++if (dataByteLen-i > rateInBytes-instance->byteIOIndex)
+ partialBlock = rateInBytes-instance->byteIOIndex;
++else
++partialBlock = (unsigned int)(dataByteLen - i);
+ #ifdef KeccakReference
+ displayBytes(1, "Block to be absorbed (part)", curData,
partialBlock);
+ #endif
+@@ -281,7 +281,7 @@ int SpongeSqueeze(SpongeInstance *instance, unsigned char
*data, size_t dataByte
+ i = 0;
+ curData = data;
+ while(i < dataByteLen) {
+-if ((instance->byteIOIndex == rateInBytes) && (dataByteLen >= (i +
rateInBytes))) {
++if ((instance->byteIOIndex == rateInBytes) && (dataByteLen-i >=
rate
[kirkstone][oe-core][PATCH 1/1] libarchive: fix CVE-2022-36227
Import a patch from libarchive applied after release 3.6.1.
Signed-off-by: Joe Slater
---
.../libarchive/cve-2022-36227.patch | 48 +++
.../libarchive/libarchive_3.6.1.bb| 4 +-
2 files changed, 51 insertions(+), 1 deletion(-)
create mode 100644
meta/recipes-extended/libarchive/libarchive/cve-2022-36227.patch
diff --git a/meta/recipes-extended/libarchive/libarchive/cve-2022-36227.patch
b/meta/recipes-extended/libarchive/libarchive/cve-2022-36227.patch
new file mode 100644
index 00..4d13bf6492
--- /dev/null
+++ b/meta/recipes-extended/libarchive/libarchive/cve-2022-36227.patch
@@ -0,0 +1,48 @@
+From bff38efe8c110469c5080d387bec62a6ca15b1a5 Mon Sep 17 00:00:00 2001
+From: obiwac
+Date: Fri, 22 Jul 2022 22:41:10 +0200
+Subject: [PATCH] libarchive: Handle a `calloc` returning NULL (fixes #1754)
+
+---
+ libarchive/archive_write.c | 8
+ 1 file changed, 8 insertions(+)
+
+---
+CVE: CVE-2022-36227
+
+Source-Repo: https://github.com/libarchive/libarchive.git
+
+Upstream-Status: Backport [bff38efe8c... unmodified]
+
+Signed-off-by: Joe Slater
+
+---
+diff --git a/libarchive/archive_write.c b/libarchive/archive_write.c
+index 66592e82..27626b54 100644
+--- a/libarchive/archive_write.c
b/libarchive/archive_write.c
+@@ -201,6 +201,10 @@ __archive_write_allocate_filter(struct archive *_a)
+ struct archive_write_filter *f;
+
+ f = calloc(1, sizeof(*f));
++
++ if (f == NULL)
++ return (NULL);
++
+ f->archive = _a;
+ f->state = ARCHIVE_WRITE_FILTER_STATE_NEW;
+ if (a->filter_first == NULL)
+@@ -548,6 +552,10 @@ archive_write_open2(struct archive *_a, void *client_data,
+ a->client_data = client_data;
+
+ client_filter = __archive_write_allocate_filter(_a);
++
++ if (client_filter == NULL)
++ return (ARCHIVE_FATAL);
++
+ client_filter->open = archive_write_client_open;
+ client_filter->write = archive_write_client_write;
+ client_filter->close = archive_write_client_close;
+--
+2.38.1
+
diff --git a/meta/recipes-extended/libarchive/libarchive_3.6.1.bb
b/meta/recipes-extended/libarchive/libarchive_3.6.1.bb
index c795b41628..8213940ad3 100644
--- a/meta/recipes-extended/libarchive/libarchive_3.6.1.bb
+++ b/meta/recipes-extended/libarchive/libarchive_3.6.1.bb
@@ -32,7 +32,9 @@ PACKAGECONFIG[zstd] = "--with-zstd,--without-zstd,zstd,"
EXTRA_OECONF += "--enable-largefile"
-SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz;
+SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz \
+ file://cve-2022-36227.patch"
+
UPSTREAM_CHECK_URI = "http://libarchive.org/;
SRC_URI[sha256sum] =
"c676146577d989189940f1959d9e3980d28513d74eedfbc6b7f15ea45fe54ee2"
--
2.38.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#174333):
https://lists.openembedded.org/g/openembedded-core/message/174333
Mute This Topic: https://lists.openembedded.org/mt/95504330/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[oe-core][PATCH 1/1] libarchive: fix CVE-2022-36227
Import patch applied to libarchive after the 3.6.1 release.
Signed-off-by: Joe Slater
---
.../libarchive/cve-2022-36227.patch | 48 +++
.../libarchive/libarchive_3.6.1.bb| 1 +
2 files changed, 49 insertions(+)
create mode 100644
meta/recipes-extended/libarchive/libarchive/cve-2022-36227.patch
diff --git a/meta/recipes-extended/libarchive/libarchive/cve-2022-36227.patch
b/meta/recipes-extended/libarchive/libarchive/cve-2022-36227.patch
new file mode 100644
index 00..4d13bf6492
--- /dev/null
+++ b/meta/recipes-extended/libarchive/libarchive/cve-2022-36227.patch
@@ -0,0 +1,48 @@
+From bff38efe8c110469c5080d387bec62a6ca15b1a5 Mon Sep 17 00:00:00 2001
+From: obiwac
+Date: Fri, 22 Jul 2022 22:41:10 +0200
+Subject: [PATCH] libarchive: Handle a `calloc` returning NULL (fixes #1754)
+
+---
+ libarchive/archive_write.c | 8
+ 1 file changed, 8 insertions(+)
+
+---
+CVE: CVE-2022-36227
+
+Source-Repo: https://github.com/libarchive/libarchive.git
+
+Upstream-Status: Backport [bff38efe8c... unmodified]
+
+Signed-off-by: Joe Slater
+
+---
+diff --git a/libarchive/archive_write.c b/libarchive/archive_write.c
+index 66592e82..27626b54 100644
+--- a/libarchive/archive_write.c
b/libarchive/archive_write.c
+@@ -201,6 +201,10 @@ __archive_write_allocate_filter(struct archive *_a)
+ struct archive_write_filter *f;
+
+ f = calloc(1, sizeof(*f));
++
++ if (f == NULL)
++ return (NULL);
++
+ f->archive = _a;
+ f->state = ARCHIVE_WRITE_FILTER_STATE_NEW;
+ if (a->filter_first == NULL)
+@@ -548,6 +552,10 @@ archive_write_open2(struct archive *_a, void *client_data,
+ a->client_data = client_data;
+
+ client_filter = __archive_write_allocate_filter(_a);
++
++ if (client_filter == NULL)
++ return (ARCHIVE_FATAL);
++
+ client_filter->open = archive_write_client_open;
+ client_filter->write = archive_write_client_write;
+ client_filter->close = archive_write_client_close;
+--
+2.38.1
+
diff --git a/meta/recipes-extended/libarchive/libarchive_3.6.1.bb
b/meta/recipes-extended/libarchive/libarchive_3.6.1.bb
index 24d7918bf9..c812038352 100644
--- a/meta/recipes-extended/libarchive/libarchive_3.6.1.bb
+++ b/meta/recipes-extended/libarchive/libarchive_3.6.1.bb
@@ -34,6 +34,7 @@ EXTRA_OECONF += "--enable-largefile"
SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz \
file://0001-libarchive-Do-not-include-sys-mount.h-when-linux-fs..patch \
+ file://cve-2022-36227.patch \
"
UPSTREAM_CHECK_URI = "http://libarchive.org/;
--
2.38.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#174330):
https://lists.openembedded.org/g/openembedded-core/message/174330
Mute This Topic: https://lists.openembedded.org/mt/95501319/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[v2][oe-core][kirkstone][PATCH 1/1] python3: advance to version 3.10.8
Fixes CVE-2022-37460. Also add patch to fix CVE-2022-37454.
Signed-off-by: Joe Slater
---
.../python/python3/cve-2022-37454.patch | 108 ++
.../{python3_3.10.7.bb => python3_3.10.8.bb} | 4 +-
2 files changed, 110 insertions(+), 2 deletions(-)
create mode 100644 meta/recipes-devtools/python/python3/cve-2022-37454.patch
rename meta/recipes-devtools/python/{python3_3.10.7.bb => python3_3.10.8.bb}
(99%)
diff --git a/meta/recipes-devtools/python/python3/cve-2022-37454.patch
b/meta/recipes-devtools/python/python3/cve-2022-37454.patch
new file mode 100644
index 00..c019151a64
--- /dev/null
+++ b/meta/recipes-devtools/python/python3/cve-2022-37454.patch
@@ -0,0 +1,108 @@
+From 1f66b714c5f2fef80ec5389456ac31756dbfff0e Mon Sep 17 00:00:00 2001
+From: Theo Buehler
+Date: Fri, 21 Oct 2022 21:26:01 +0200
+Subject: [PATCH] gh-98517: Fix buffer overflows in _sha3 module (#98519)
+
+This is a port of the applicable part of XKCP's fix [1] for
+CVE-2022-37454 and avoids the segmentation fault and the infinite
+loop in the test cases published in [2].
+
+[1]:
https://github.com/XKCP/XKCP/commit/fdc6fef075f4e81d6b1bc38364248975e08e340a
+[2]: https://mouha.be/sha-3-buffer-overflow/
+
+Regression test added by: Gregory P. Smith [Google LLC]
+---
+
+Patch applied without modification.
+
+CVE: CVE-2022-37454
+
+Upstream-Status: Backport [github.com/cpython/cpython.git 0e4e058602d...]
+
+Signed-off-by: Joe Slater
+---
+ Lib/test/test_hashlib.py | 9 +
+ .../2022-10-21-13-31-47.gh-issue-98517.SXXGfV.rst | 1 +
+ Modules/_sha3/kcp/KeccakSponge.inc| 15 ---
+ 3 files changed, 18 insertions(+), 7 deletions(-)
+ create mode 100644
Misc/NEWS.d/next/Security/2022-10-21-13-31-47.gh-issue-98517.SXXGfV.rst
+
+diff --git a/Lib/test/test_hashlib.py b/Lib/test/test_hashlib.py
+index ea31f8b..65330e1 100644
+--- a/Lib/test/test_hashlib.py
b/Lib/test/test_hashlib.py
+@@ -491,6 +491,15 @@ class HashLibTestCase(unittest.TestCase):
+ def test_case_md5_uintmax(self, size):
+ self.check('md5', b'A'*size, '28138d306ff1b8281f1a9067e1a1a2b3')
+
++@unittest.skipIf(sys.maxsize < _4G - 1, 'test cannot run on 32-bit
systems')
++@bigmemtest(size=_4G - 1, memuse=1, dry_run=False)
++def test_sha3_update_overflow(self, size):
++"""Regression test for gh-98517 CVE-2022-37454."""
++h = hashlib.sha3_224()
++h.update(b'\x01')
++h.update(b'\x01'*0x_)
++self.assertEqual(h.hexdigest(),
'80762e8ce6700f114fec0f621fd97c4b9c00147fa052215294cceeed')
++
+ # use the three examples from Federal Information Processing Standards
+ # Publication 180-1, Secure Hash Standard, 1995 April 17
+ # http://www.itl.nist.gov/div897/pubs/fip180-1.htm
+diff --git
a/Misc/NEWS.d/next/Security/2022-10-21-13-31-47.gh-issue-98517.SXXGfV.rst
b/Misc/NEWS.d/next/Security/2022-10-21-13-31-47.gh-issue-98517.SXXGfV.rst
+new file mode 100644
+index 000..2d23a6a
+--- /dev/null
b/Misc/NEWS.d/next/Security/2022-10-21-13-31-47.gh-issue-98517.SXXGfV.rst
+@@ -0,0 +1 @@
++Port XKCP's fix for the buffer overflows in SHA-3 (CVE-2022-37454).
+diff --git a/Modules/_sha3/kcp/KeccakSponge.inc
b/Modules/_sha3/kcp/KeccakSponge.inc
+index e10739d..cf92e4d 100644
+--- a/Modules/_sha3/kcp/KeccakSponge.inc
b/Modules/_sha3/kcp/KeccakSponge.inc
+@@ -171,7 +171,7 @@ int SpongeAbsorb(SpongeInstance *instance, const unsigned
char *data, size_t dat
+ i = 0;
+ curData = data;
+ while(i < dataByteLen) {
+-if ((instance->byteIOIndex == 0) && (dataByteLen >= (i +
rateInBytes))) {
++if ((instance->byteIOIndex == 0) && (dataByteLen-i >= rateInBytes)) {
+ #ifdef SnP_FastLoop_Absorb
+ /* processing full blocks first */
+
+@@ -199,10 +199,10 @@ int SpongeAbsorb(SpongeInstance *instance, const
unsigned char *data, size_t dat
+ }
+ else {
+ /* normal lane: using the message queue */
+-
+-partialBlock = (unsigned int)(dataByteLen - i);
+-if (partialBlock+instance->byteIOIndex > rateInBytes)
++if (dataByteLen-i > rateInBytes-instance->byteIOIndex)
+ partialBlock = rateInBytes-instance->byteIOIndex;
++else
++partialBlock = (unsigned int)(dataByteLen - i);
+ #ifdef KeccakReference
+ displayBytes(1, "Block to be absorbed (part)", curData,
partialBlock);
+ #endif
+@@ -281,7 +281,7 @@ int SpongeSqueeze(SpongeInstance *instance, unsigned char
*data, size_t dataByte
+ i = 0;
+ curData = data;
+ while(i < dataByteLen) {
+-if ((instance->byteIOIndex == rateInBytes) && (dataByteLen >= (i +
rateInBytes))) {
++if ((instance->byteIOIndex == rateInBytes) && (dataByteLen-i >=
rate
[oe-core][PATCH 1/1] python3: Fix CVE-2022-37460
Apply patch created after the release of 3.11.0.
Signed-off-by: Joe Slater
---
.../python/python3/cve-2022-37460.patch | 95 +++
.../recipes-devtools/python/python3_3.11.0.bb | 1 +
2 files changed, 96 insertions(+)
create mode 100644 meta/recipes-devtools/python/python3/cve-2022-37460.patch
diff --git a/meta/recipes-devtools/python/python3/cve-2022-37460.patch
b/meta/recipes-devtools/python/python3/cve-2022-37460.patch
new file mode 100644
index 00..12177684fd
--- /dev/null
+++ b/meta/recipes-devtools/python/python3/cve-2022-37460.patch
@@ -0,0 +1,95 @@
+From 94582bb643f98bc58b1ff206d1d2a56f97c3a7e5 Mon Sep 17 00:00:00 2001
+From: "Miss Islington (bot)"
+ <31488909+miss-isling...@users.noreply.github.com>
+Date: Wed, 28 Sep 2022 16:46:11 -0700
+Subject: [PATCH] gh-97612: Fix shell injection in get-remote-certificate.py
+ (GH-97613)
+
+Fix a shell code injection vulnerability in the
+get-remote-certificate.py example script. The script no longer uses a
+shell to run "openssl" commands. Issue reported and initial fix by
+Caleb Shortt.
+
+Remove the Windows code path to send "quit" on stdin to the "openssl
+s_client" command: use DEVNULL on all platforms instead.
+
+Co-authored-by: Caleb Shortt
+(cherry picked from commit 83a0f44ffd8b398673ae56c310cf5768d359c341)
+
+Co-authored-by: Victor Stinner
+---
+CVE: CVE-2022-37460
+
+Upstream-Status: Backport [https://github.com/python/cpython.git]
+ [commit 94582bb643... unmodified]
+
+Signed-off-by: Joe Slater
+
+---
+ ...2-09-28-12-10-57.gh-issue-97612.y6NvOQ.rst | 3 +++
+ Tools/scripts/get-remote-certificate.py | 25 ++-
+ 2 files changed, 10 insertions(+), 18 deletions(-)
+ create mode 100644
Misc/NEWS.d/next/Security/2022-09-28-12-10-57.gh-issue-97612.y6NvOQ.rst
+
+diff --git
a/Misc/NEWS.d/next/Security/2022-09-28-12-10-57.gh-issue-97612.y6NvOQ.rst
b/Misc/NEWS.d/next/Security/2022-09-28-12-10-57.gh-issue-97612.y6NvOQ.rst
+new file mode 100644
+index 00..2f113492d4
+--- /dev/null
b/Misc/NEWS.d/next/Security/2022-09-28-12-10-57.gh-issue-97612.y6NvOQ.rst
+@@ -0,0 +1,3 @@
++Fix a shell code injection vulnerability in the ``get-remote-certificate.py``
++example script. The script no longer uses a shell to run ``openssl`` commands.
++Issue reported and initial fix by Caleb Shortt. Patch by Victor Stinner.
+diff --git a/Tools/scripts/get-remote-certificate.py
b/Tools/scripts/get-remote-certificate.py
+index 38901286e1..68272fca83 100755
+--- a/Tools/scripts/get-remote-certificate.py
b/Tools/scripts/get-remote-certificate.py
+@@ -15,8 +15,8 @@
+ def fetch_server_certificate (host, port):
+
+ def subproc(cmd):
+-from subprocess import Popen, PIPE, STDOUT
+-proc = Popen(cmd, stdout=PIPE, stderr=STDOUT, shell=True)
++from subprocess import Popen, PIPE, STDOUT, DEVNULL
++proc = Popen(cmd, stdout=PIPE, stderr=STDOUT, stdin=DEVNULL)
+ status = proc.wait()
+ output = proc.stdout.read()
+ return status, output
+@@ -33,8 +33,8 @@ def strip_to_x509_cert(certfile_contents, outfile=None):
+ fp.write(m.group(1) + b"\n")
+ try:
+ tn2 = (outfile or tempfile.mktemp())
+-status, output = subproc(r'openssl x509 -in "%s" -out "%s"' %
+- (tn, tn2))
++cmd = ['openssl', 'x509', '-in', tn, '-out', tn2]
++status, output = subproc(cmd)
+ if status != 0:
+ raise RuntimeError('OpenSSL x509 failed with status %s
and '
+'output: %r' % (status, output))
+@@ -45,20 +45,9 @@ def strip_to_x509_cert(certfile_contents, outfile=None):
+ finally:
+ os.unlink(tn)
+
+-if sys.platform.startswith("win"):
+-tfile = tempfile.mktemp()
+-with open(tfile, "w") as fp:
+-fp.write("quit\n")
+-try:
+-status, output = subproc(
+-'openssl s_client -connect "%s:%s" -showcerts < "%s"' %
+-(host, port, tfile))
+-finally:
+-os.unlink(tfile)
+-else:
+-status, output = subproc(
+-'openssl s_client -connect "%s:%s" -showcerts < /dev/null' %
+-(host, port))
++cmd = ['openssl', 's_client', '-connect', '%s:%s' % (host, port),
'-showcerts']
++status, output = subproc(cmd)
++
+ if status != 0:
+ raise RuntimeError('OpenSSL connect failed with status %s and '
+'output: %r' % (status, output))
+--
+2.38.1
+
diff --git a/meta/recipes-devtools/python/python3_3.11.0.bb
b/meta/recipes-devtools/python/python3_3.11.0.bb
index 92a1f69320..93628c76ff 100644
--- a/meta/recipes-devtools/python/python3_3.11.0.bb
[oe-core][kirkstone][PATCH 1/1] python3: advance to version 5.10.8
Fixes CVE-2022-37460. Also add patch to fix CVE-2022-37454.
Signed-off-by: Joe Slater
---
.../python/python3/cve-2022-37454.patch | 108 ++
.../{python3_3.10.7.bb => python3_3.10.8.bb} | 4 +-
2 files changed, 110 insertions(+), 2 deletions(-)
create mode 100644 meta/recipes-devtools/python/python3/cve-2022-37454.patch
rename meta/recipes-devtools/python/{python3_3.10.7.bb => python3_3.10.8.bb}
(99%)
diff --git a/meta/recipes-devtools/python/python3/cve-2022-37454.patch
b/meta/recipes-devtools/python/python3/cve-2022-37454.patch
new file mode 100644
index 00..c019151a64
--- /dev/null
+++ b/meta/recipes-devtools/python/python3/cve-2022-37454.patch
@@ -0,0 +1,108 @@
+From 1f66b714c5f2fef80ec5389456ac31756dbfff0e Mon Sep 17 00:00:00 2001
+From: Theo Buehler
+Date: Fri, 21 Oct 2022 21:26:01 +0200
+Subject: [PATCH] gh-98517: Fix buffer overflows in _sha3 module (#98519)
+
+This is a port of the applicable part of XKCP's fix [1] for
+CVE-2022-37454 and avoids the segmentation fault and the infinite
+loop in the test cases published in [2].
+
+[1]:
https://github.com/XKCP/XKCP/commit/fdc6fef075f4e81d6b1bc38364248975e08e340a
+[2]: https://mouha.be/sha-3-buffer-overflow/
+
+Regression test added by: Gregory P. Smith [Google LLC]
+---
+
+Patch applied without modification.
+
+CVE: CVE-2022-37454
+
+Upstream-Status: Backport [github.com/cpython/cpython.git 0e4e058602d...]
+
+Signed-off-by: Joe Slater
+---
+ Lib/test/test_hashlib.py | 9 +
+ .../2022-10-21-13-31-47.gh-issue-98517.SXXGfV.rst | 1 +
+ Modules/_sha3/kcp/KeccakSponge.inc| 15 ---
+ 3 files changed, 18 insertions(+), 7 deletions(-)
+ create mode 100644
Misc/NEWS.d/next/Security/2022-10-21-13-31-47.gh-issue-98517.SXXGfV.rst
+
+diff --git a/Lib/test/test_hashlib.py b/Lib/test/test_hashlib.py
+index ea31f8b..65330e1 100644
+--- a/Lib/test/test_hashlib.py
b/Lib/test/test_hashlib.py
+@@ -491,6 +491,15 @@ class HashLibTestCase(unittest.TestCase):
+ def test_case_md5_uintmax(self, size):
+ self.check('md5', b'A'*size, '28138d306ff1b8281f1a9067e1a1a2b3')
+
++@unittest.skipIf(sys.maxsize < _4G - 1, 'test cannot run on 32-bit
systems')
++@bigmemtest(size=_4G - 1, memuse=1, dry_run=False)
++def test_sha3_update_overflow(self, size):
++"""Regression test for gh-98517 CVE-2022-37454."""
++h = hashlib.sha3_224()
++h.update(b'\x01')
++h.update(b'\x01'*0x_)
++self.assertEqual(h.hexdigest(),
'80762e8ce6700f114fec0f621fd97c4b9c00147fa052215294cceeed')
++
+ # use the three examples from Federal Information Processing Standards
+ # Publication 180-1, Secure Hash Standard, 1995 April 17
+ # http://www.itl.nist.gov/div897/pubs/fip180-1.htm
+diff --git
a/Misc/NEWS.d/next/Security/2022-10-21-13-31-47.gh-issue-98517.SXXGfV.rst
b/Misc/NEWS.d/next/Security/2022-10-21-13-31-47.gh-issue-98517.SXXGfV.rst
+new file mode 100644
+index 000..2d23a6a
+--- /dev/null
b/Misc/NEWS.d/next/Security/2022-10-21-13-31-47.gh-issue-98517.SXXGfV.rst
+@@ -0,0 +1 @@
++Port XKCP's fix for the buffer overflows in SHA-3 (CVE-2022-37454).
+diff --git a/Modules/_sha3/kcp/KeccakSponge.inc
b/Modules/_sha3/kcp/KeccakSponge.inc
+index e10739d..cf92e4d 100644
+--- a/Modules/_sha3/kcp/KeccakSponge.inc
b/Modules/_sha3/kcp/KeccakSponge.inc
+@@ -171,7 +171,7 @@ int SpongeAbsorb(SpongeInstance *instance, const unsigned
char *data, size_t dat
+ i = 0;
+ curData = data;
+ while(i < dataByteLen) {
+-if ((instance->byteIOIndex == 0) && (dataByteLen >= (i +
rateInBytes))) {
++if ((instance->byteIOIndex == 0) && (dataByteLen-i >= rateInBytes)) {
+ #ifdef SnP_FastLoop_Absorb
+ /* processing full blocks first */
+
+@@ -199,10 +199,10 @@ int SpongeAbsorb(SpongeInstance *instance, const
unsigned char *data, size_t dat
+ }
+ else {
+ /* normal lane: using the message queue */
+-
+-partialBlock = (unsigned int)(dataByteLen - i);
+-if (partialBlock+instance->byteIOIndex > rateInBytes)
++if (dataByteLen-i > rateInBytes-instance->byteIOIndex)
+ partialBlock = rateInBytes-instance->byteIOIndex;
++else
++partialBlock = (unsigned int)(dataByteLen - i);
+ #ifdef KeccakReference
+ displayBytes(1, "Block to be absorbed (part)", curData,
partialBlock);
+ #endif
+@@ -281,7 +281,7 @@ int SpongeSqueeze(SpongeInstance *instance, unsigned char
*data, size_t dataByte
+ i = 0;
+ curData = data;
+ while(i < dataByteLen) {
+-if ((instance->byteIOIndex == rateInBytes) && (dataByteLen >= (i +
rateInBytes))) {
++if ((instance->byteIOIndex == rateInBytes) && (dataByteLen-i >=
rate
[oe-core][PATCH 1/1] python: fix CVE-2022-37454
Import a patch from github.com/cpython/cpython.git
Signed-off-by: Joe Slater
---
.../python/python3/cve-2022-37454.patch | 108 ++
.../recipes-devtools/python/python3_3.10.6.bb | 1 +
2 files changed, 109 insertions(+)
create mode 100644 meta/recipes-devtools/python/python3/cve-2022-37454.patch
diff --git a/meta/recipes-devtools/python/python3/cve-2022-37454.patch
b/meta/recipes-devtools/python/python3/cve-2022-37454.patch
new file mode 100644
index 00..c019151a64
--- /dev/null
+++ b/meta/recipes-devtools/python/python3/cve-2022-37454.patch
@@ -0,0 +1,108 @@
+From 1f66b714c5f2fef80ec5389456ac31756dbfff0e Mon Sep 17 00:00:00 2001
+From: Theo Buehler
+Date: Fri, 21 Oct 2022 21:26:01 +0200
+Subject: [PATCH] gh-98517: Fix buffer overflows in _sha3 module (#98519)
+
+This is a port of the applicable part of XKCP's fix [1] for
+CVE-2022-37454 and avoids the segmentation fault and the infinite
+loop in the test cases published in [2].
+
+[1]:
https://github.com/XKCP/XKCP/commit/fdc6fef075f4e81d6b1bc38364248975e08e340a
+[2]: https://mouha.be/sha-3-buffer-overflow/
+
+Regression test added by: Gregory P. Smith [Google LLC]
+---
+
+Patch applied without modification.
+
+CVE: CVE-2022-37454
+
+Upstream-Status: Backport [github.com/cpython/cpython.git 0e4e058602d...]
+
+Signed-off-by: Joe Slater
+---
+ Lib/test/test_hashlib.py | 9 +
+ .../2022-10-21-13-31-47.gh-issue-98517.SXXGfV.rst | 1 +
+ Modules/_sha3/kcp/KeccakSponge.inc| 15 ---
+ 3 files changed, 18 insertions(+), 7 deletions(-)
+ create mode 100644
Misc/NEWS.d/next/Security/2022-10-21-13-31-47.gh-issue-98517.SXXGfV.rst
+
+diff --git a/Lib/test/test_hashlib.py b/Lib/test/test_hashlib.py
+index ea31f8b..65330e1 100644
+--- a/Lib/test/test_hashlib.py
b/Lib/test/test_hashlib.py
+@@ -491,6 +491,15 @@ class HashLibTestCase(unittest.TestCase):
+ def test_case_md5_uintmax(self, size):
+ self.check('md5', b'A'*size, '28138d306ff1b8281f1a9067e1a1a2b3')
+
++@unittest.skipIf(sys.maxsize < _4G - 1, 'test cannot run on 32-bit
systems')
++@bigmemtest(size=_4G - 1, memuse=1, dry_run=False)
++def test_sha3_update_overflow(self, size):
++"""Regression test for gh-98517 CVE-2022-37454."""
++h = hashlib.sha3_224()
++h.update(b'\x01')
++h.update(b'\x01'*0x_)
++self.assertEqual(h.hexdigest(),
'80762e8ce6700f114fec0f621fd97c4b9c00147fa052215294cceeed')
++
+ # use the three examples from Federal Information Processing Standards
+ # Publication 180-1, Secure Hash Standard, 1995 April 17
+ # http://www.itl.nist.gov/div897/pubs/fip180-1.htm
+diff --git
a/Misc/NEWS.d/next/Security/2022-10-21-13-31-47.gh-issue-98517.SXXGfV.rst
b/Misc/NEWS.d/next/Security/2022-10-21-13-31-47.gh-issue-98517.SXXGfV.rst
+new file mode 100644
+index 000..2d23a6a
+--- /dev/null
b/Misc/NEWS.d/next/Security/2022-10-21-13-31-47.gh-issue-98517.SXXGfV.rst
+@@ -0,0 +1 @@
++Port XKCP's fix for the buffer overflows in SHA-3 (CVE-2022-37454).
+diff --git a/Modules/_sha3/kcp/KeccakSponge.inc
b/Modules/_sha3/kcp/KeccakSponge.inc
+index e10739d..cf92e4d 100644
+--- a/Modules/_sha3/kcp/KeccakSponge.inc
b/Modules/_sha3/kcp/KeccakSponge.inc
+@@ -171,7 +171,7 @@ int SpongeAbsorb(SpongeInstance *instance, const unsigned
char *data, size_t dat
+ i = 0;
+ curData = data;
+ while(i < dataByteLen) {
+-if ((instance->byteIOIndex == 0) && (dataByteLen >= (i +
rateInBytes))) {
++if ((instance->byteIOIndex == 0) && (dataByteLen-i >= rateInBytes)) {
+ #ifdef SnP_FastLoop_Absorb
+ /* processing full blocks first */
+
+@@ -199,10 +199,10 @@ int SpongeAbsorb(SpongeInstance *instance, const
unsigned char *data, size_t dat
+ }
+ else {
+ /* normal lane: using the message queue */
+-
+-partialBlock = (unsigned int)(dataByteLen - i);
+-if (partialBlock+instance->byteIOIndex > rateInBytes)
++if (dataByteLen-i > rateInBytes-instance->byteIOIndex)
+ partialBlock = rateInBytes-instance->byteIOIndex;
++else
++partialBlock = (unsigned int)(dataByteLen - i);
+ #ifdef KeccakReference
+ displayBytes(1, "Block to be absorbed (part)", curData,
partialBlock);
+ #endif
+@@ -281,7 +281,7 @@ int SpongeSqueeze(SpongeInstance *instance, unsigned char
*data, size_t dataByte
+ i = 0;
+ curData = data;
+ while(i < dataByteLen) {
+-if ((instance->byteIOIndex == rateInBytes) && (dataByteLen >= (i +
rateInBytes))) {
++if ((instance->byteIOIndex == rateInBytes) && (dataByteLen-i >=
rateInBytes)) {
+ for(j=dataByteLen-i; j>=rateInBytes; j-=rateInBytes) {
+ SnP_Permute(instance->
[oe-core][kirkstone][PATCH 1/1] lua: Backport fix for CVE-2022-33099
From: Khem Raj
Fixes stack overflow while handling recurring errors in Lua-stack
Signed-off-by: Khem Raj
Signed-off-by: Richard Purdie
(cherry picked from commit caad9d5f7184f0fa60fa7770e5d3da3f533647cb)
Signed-off-by: Joe Slater
---
.../lua/lua/CVE-2022-33099.patch | 61 +++
meta/recipes-devtools/lua/lua_5.4.4.bb| 1 +
2 files changed, 62 insertions(+)
create mode 100644 meta/recipes-devtools/lua/lua/CVE-2022-33099.patch
diff --git a/meta/recipes-devtools/lua/lua/CVE-2022-33099.patch
b/meta/recipes-devtools/lua/lua/CVE-2022-33099.patch
new file mode 100644
index 00..fe7b6065c2
--- /dev/null
+++ b/meta/recipes-devtools/lua/lua/CVE-2022-33099.patch
@@ -0,0 +1,61 @@
+From 42d40581dd919fb134c07027ca1ce0844c670daf Mon Sep 17 00:00:00 2001
+From: Roberto Ierusalimschy
+Date: Fri, 20 May 2022 13:14:33 -0300
+Subject: [PATCH] Save stack space while handling errors
+
+Because error handling (luaG_errormsg) uses slots from EXTRA_STACK,
+and some errors can recur (e.g., string overflow while creating an
+error message in 'luaG_runerror', or a C-stack overflow before calling
+the message handler), the code should use stack slots with parsimony.
+
+This commit fixes the bug "Lua-stack overflow when C stack overflows
+while handling an error".
+
+CVE: CVE-2022-33099
+
+Upstream-Status: Backport
[https://github.com/lua/lua/commit/42d40581dd919fb134c07027ca1ce0844c670daf]
+
+Signed-off-by: Khem Raj
+---
+ ldebug.c | 5 -
+ lvm.c| 6 --
+ 2 files changed, 8 insertions(+), 3 deletions(-)
+
+--- a/src/ldebug.c
b/src/ldebug.c
+@@ -824,8 +824,11 @@ l_noret luaG_runerror (lua_State *L, con
+ va_start(argp, fmt);
+ msg = luaO_pushvfstring(L, fmt, argp); /* format message */
+ va_end(argp);
+- if (isLua(ci)) /* if Lua function, add source:line information */
++ if (isLua(ci)) { /* if Lua function, add source:line information */
+ luaG_addinfo(L, msg, ci_func(ci)->p->source, getcurrentline(ci));
++setobjs2s(L, L->top - 2, L->top - 1); /* remove 'msg' from the stack */
++L->top--;
++ }
+ luaG_errormsg(L);
+ }
+
+--- a/src/lvm.c
b/src/lvm.c
+@@ -656,8 +656,10 @@ void luaV_concat (lua_State *L, int tota
+ /* collect total length and number of strings */
+ for (n = 1; n < total && tostring(L, s2v(top - n - 1)); n++) {
+ size_t l = vslen(s2v(top - n - 1));
+-if (l_unlikely(l >= (MAX_SIZE/sizeof(char)) - tl))
++if (l_unlikely(l >= (MAX_SIZE/sizeof(char)) - tl)) {
++ L->top = top - total; /* pop strings to avoid wasting stack */
+ luaG_runerror(L, "string length overflow");
++}
+ tl += l;
+ }
+ if (tl <= LUAI_MAXSHORTLEN) { /* is result a short string? */
+@@ -672,7 +674,7 @@ void luaV_concat (lua_State *L, int tota
+ setsvalue2s(L, top - n, ts); /* create result */
+ }
+ total -= n-1; /* got 'n' strings to create 1 new */
+-L->top -= n-1; /* popped 'n' strings and pushed one */
++L->top = top - (n - 1); /* popped 'n' strings and pushed one */
+ } while (total > 1); /* repeat until only 1 result left */
+ }
+
diff --git a/meta/recipes-devtools/lua/lua_5.4.4.bb
b/meta/recipes-devtools/lua/lua_5.4.4.bb
index 6f2cea5314..0b2e754b31 100644
--- a/meta/recipes-devtools/lua/lua_5.4.4.bb
+++ b/meta/recipes-devtools/lua/lua_5.4.4.bb
@@ -7,6 +7,7 @@ HOMEPAGE = "http://www.lua.org/;
SRC_URI = "http://www.lua.org/ftp/lua-${PV}.tar.gz;name=tarballsrc \
file://lua.pc.in \
file://CVE-2022-28805.patch \
+ file://CVE-2022-33099.patch \
${@bb.utils.contains('DISTRO_FEATURES', 'ptest',
'http://www.lua.org/tests/lua-${PV_testsuites}-tests.tar.gz;name=tarballtest
file://run-ptest ', '', d)} \
"
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#168584):
https://lists.openembedded.org/g/openembedded-core/message/168584
Mute This Topic: https://lists.openembedded.org/mt/92654482/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[hardknott][oe-core][PATCH 1/1] util-linux: fix two CVEs
Advance to 2.38 to fix CVE-2021-3995 and CVE-2021-3996
by pulling that recipe from master. The first version
on master to fix these was 2.37.4.
Signed-off-by: Joe Slater
---
...d_2.36.2.bb => util-linux-libuuid_2.38.bb} | 2 +-
meta/recipes-core/util-linux/util-linux.inc | 18 ++-
...-tags-add-use-system-commands-option.patch | 35 -
...RA_LTLIBRARIES-instead-of-noinst_LTL.patch | 49 ---
.../util-linux/CVE-2021-37600.patch | 38 -
.../util-linux/avoid_parallel_tests.patch | 27 ++--
.../util-linux/util-linux/ptest.patch | 15 +-
.../util-linux/util-linux/run-ptest | 24 +---
...til-linux_2.36.2.bb => util-linux_2.38.bb} | 130 --
9 files changed, 98 insertions(+), 240 deletions(-)
rename meta/recipes-core/util-linux/{util-linux-libuuid_2.36.2.bb =>
util-linux-libuuid_2.38.bb} (95%)
delete mode 100644
meta/recipes-core/util-linux/util-linux/0001-tabfiles-tags-add-use-system-commands-option.patch
delete mode 100644
meta/recipes-core/util-linux/util-linux/Automake-use-EXTRA_LTLIBRARIES-instead-of-noinst_LTL.patch
delete mode 100644 meta/recipes-core/util-linux/util-linux/CVE-2021-37600.patch
rename meta/recipes-core/util-linux/{util-linux_2.36.2.bb =>
util-linux_2.38.bb} (77%)
diff --git a/meta/recipes-core/util-linux/util-linux-libuuid_2.36.2.bb
b/meta/recipes-core/util-linux/util-linux-libuuid_2.38.bb
similarity index 95%
rename from meta/recipes-core/util-linux/util-linux-libuuid_2.36.2.bb
rename to meta/recipes-core/util-linux/util-linux-libuuid_2.38.bb
index 9612c491cd..5d759aed94 100644
--- a/meta/recipes-core/util-linux/util-linux-libuuid_2.36.2.bb
+++ b/meta/recipes-core/util-linux/util-linux-libuuid_2.38.bb
@@ -9,7 +9,7 @@ S = "${WORKDIR}/util-linux-${PV}"
EXTRA_OECONF += "--disable-all-programs --enable-libuuid"
LICENSE = "BSD-3-Clause"
-do_install_append() {
+do_install:append() {
rm -rf ${D}${datadir} ${D}${bindir} ${D}${base_bindir} ${D}${sbindir}
${D}${base_sbindir} ${D}${exec_prefix}/sbin
}
diff --git a/meta/recipes-core/util-linux/util-linux.inc
b/meta/recipes-core/util-linux/util-linux.inc
index 00b8777b8b..c9bddfb7a6 100644
--- a/meta/recipes-core/util-linux/util-linux.inc
+++ b/meta/recipes-core/util-linux/util-linux.inc
@@ -6,11 +6,11 @@ disk partitioning, kernel message management, filesystem
creation, and system lo
SECTION = "base"
-LICENSE = "GPLv2+ & LGPLv2.1+ & BSD-3-Clause & BSD-4-Clause"
-LICENSE_${PN}-libblkid = "LGPLv2.1+"
-LICENSE_${PN}-libfdisk = "LGPLv2.1+"
-LICENSE_${PN}-libmount = "LGPLv2.1+"
-LICENSE_${PN}-libsmartcols = "LGPLv2.1+"
+LICENSE = "GPL-2.0-or-later & LGPL-2.1-or-later & BSD-3-Clause & BSD-4-Clause"
+LICENSE:${PN}-libblkid = "LGPL-2.1-or-later"
+LICENSE:${PN}-libfdisk = "LGPL-2.1-or-later"
+LICENSE:${PN}-libmount = "LGPL-2.1-or-later"
+LICENSE:${PN}-libsmartcols = "LGPL-2.1-or-later"
LIC_FILES_CHKSUM =
"file://README.licensing;md5=0fd5c050c6187d2bf0a4492b7f4e33da \
file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
@@ -25,7 +25,7 @@ LIC_FILES_CHKSUM =
"file://README.licensing;md5=0fd5c050c6187d2bf0a4492b7f4e33da
file://libsmartcols/COPYING;md5=693bcbbe16d3a4a4b37bc906bc01cc04 \
"
-FILESEXTRAPATHS_prepend := "${THISDIR}/util-linux:"
+FILESEXTRAPATHS:prepend := "${THISDIR}/util-linux:"
MAJOR_VERSION = "${@'.'.join(d.getVar('PV').split('.')[0:2])}"
SRC_URI =
"${KERNELORG_MIRROR}/linux/utils/util-linux/v${MAJOR_VERSION}/util-linux-${PV}.tar.xz
\
file://configure-sbindir.patch \
@@ -35,8 +35,6 @@ SRC_URI =
"${KERNELORG_MIRROR}/linux/utils/util-linux/v${MAJOR_VERSION}/util-lin
file://run-ptest \
file://display_testname_for_subtest.patch \
file://avoid_parallel_tests.patch \
- file://Automake-use-EXTRA_LTLIBRARIES-instead-of-noinst_LTL.patch \
- file://CVE-2021-37600.patch \
- file://0001-tabfiles-tags-add-use-system-commands-option.patch \
"
-SRC_URI[sha256sum] =
"f7516ba9d8689343594356f0e5e1a5f0da34adfbc89023437735872bb5024c5f"
+
+SRC_URI[sha256sum] =
"6d111cbe4d55b336db2f1fbeffbc65b89908704c01136371d32aa9bec373eb64"
diff --git
a/meta/recipes-core/util-linux/util-linux/0001-tabfiles-tags-add-use-system-commands-option.patch
b/meta/recipes-core/util-linux/util-linux/0001-tabfiles-tags-add-use-system-commands-option.patch
deleted file mode 100644
index 9f5a3c2d02..00
---
a/meta/recipes-core/util-linux/util-linux/0001-tabfiles-tags-add-use-system-commands-option.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From be3ecff8b1bc1de4d29ca6381ee9ab42e6c15947 Mon Sep 17 00:00:00 2001
-From: Mingli Yu
-Date: Fri, 12 Nov 2021 15:33:53 +0800
-Subject: [PATCH] ta
[oe-core][hardknott][PATCH 1/1] unzip: fix CVE-2021-4217
The patch is identical to the one in commit 36db85b9b1... but
we cannot cherry-pick because of different context in the
.bb file.
Signed-off-by: Joe Slater
---
.../unzip/unzip/CVE-2021-4217.patch | 67 +++
meta/recipes-extended/unzip/unzip_6.0.bb | 1 +
2 files changed, 68 insertions(+)
create mode 100644 meta/recipes-extended/unzip/unzip/CVE-2021-4217.patch
diff --git a/meta/recipes-extended/unzip/unzip/CVE-2021-4217.patch
b/meta/recipes-extended/unzip/unzip/CVE-2021-4217.patch
new file mode 100644
index 00..6ba2b879a3
--- /dev/null
+++ b/meta/recipes-extended/unzip/unzip/CVE-2021-4217.patch
@@ -0,0 +1,67 @@
+From 731d698377dbd1f5b1b90efeb8094602ed59fc40 Mon Sep 17 00:00:00 2001
+From: Nils Bars
+Date: Mon, 17 Jan 2022 16:53:16 +
+Subject: [PATCH] Fix null pointer dereference and use of uninitialized data
+
+This fixes a bug that causes use of uninitialized heap data if `readbuf` fails
+to read as many bytes as indicated by the extra field length attribute.
+Furthermore, this fixes a null pointer dereference if an archive contains an
+`EF_UNIPATH` extra field but does not have a filename set.
+---
+ fileio.c | 5 -
+ process.c | 6 +-
+ 2 files changed, 9 insertions(+), 2 deletions(-)
+---
+
+Patch from:
+https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1957077
+https://launchpadlibrarian.net/580782282/0001-Fix-null-pointer-dereference-and-use-of-uninitialized-data.patch
+Regenerated to apply without offsets.
+
+CVE: CVE-2021-4217
+
+Upstream-Status: Pending [infozip upstream inactive]
+
+Signed-off-by: Joe Slater
+
+
+diff --git a/fileio.c b/fileio.c
+index 14460f3..1dc319e 100644
+--- a/fileio.c
b/fileio.c
+@@ -2301,8 +2301,11 @@ int do_string(__G__ length, option) /* return PK-type
error code */
+ seek_zipf(__G__ G.cur_zipfile_bufstart - G.extra_bytes +
+ (G.inptr-G.inbuf) + length);
+ } else {
+-if (readbuf(__G__ (char *)G.extra_field, length) == 0)
++unsigned bytes_read = readbuf(__G__ (char *)G.extra_field,
length);
++if (bytes_read == 0)
+ return PK_EOF;
++if (bytes_read != length)
++return PK_ERR;
+ /* Looks like here is where extra fields are read */
+ if (getZip64Data(__G__ G.extra_field, length) != PK_COOL)
+ {
+diff --git a/process.c b/process.c
+index 5f8f6c6..de843a5 100644
+--- a/process.c
b/process.c
+@@ -2058,10 +2058,14 @@ int getUnicodeData(__G__ ef_buf, ef_len)
+ G.unipath_checksum = makelong(offset + ef_buf);
+ offset += 4;
+
++ if (!G.filename_full) {
++/* Check if we have a unicode extra section but no filename set */
++return PK_ERR;
++ }
++
+ /*
+* Compute 32-bit crc
+*/
+-
+ chksum = crc32(chksum, (uch *)(G.filename_full),
+ strlen(G.filename_full));
+
+--
+2.32.0
+
diff --git a/meta/recipes-extended/unzip/unzip_6.0.bb
b/meta/recipes-extended/unzip/unzip_6.0.bb
index af5530ab38..f0ee38c178 100644
--- a/meta/recipes-extended/unzip/unzip_6.0.bb
+++ b/meta/recipes-extended/unzip/unzip_6.0.bb
@@ -26,6 +26,7 @@ SRC_URI =
"${SOURCEFORGE_MIRROR}/infozip/UnZip%206.x%20%28latest%29/UnZip%206.0/
file://CVE-2019-13232_p1.patch \
file://CVE-2019-13232_p2.patch \
file://CVE-2019-13232_p3.patch \
+ file://CVE-2021-4217.patch \
"
UPSTREAM_VERSION_UNKNOWN = "1"
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#164114):
https://lists.openembedded.org/g/openembedded-core/message/164114
Mute This Topic: https://lists.openembedded.org/mt/90316830/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[oe-core][PATCH 1/1] unzip: fix CVE-2021-4217
Avoid a null pointer dereference.
Signed-off-by: Joe Slater
---
.../unzip/unzip/CVE-2021-4217.patch | 65 +++
meta/recipes-extended/unzip/unzip_6.0.bb | 1 +
2 files changed, 66 insertions(+)
create mode 100644 meta/recipes-extended/unzip/unzip/CVE-2021-4217.patch
diff --git a/meta/recipes-extended/unzip/unzip/CVE-2021-4217.patch
b/meta/recipes-extended/unzip/unzip/CVE-2021-4217.patch
new file mode 100644
index 00..7262d14df4
--- /dev/null
+++ b/meta/recipes-extended/unzip/unzip/CVE-2021-4217.patch
@@ -0,0 +1,65 @@
+From 731d698377dbd1f5b1b90efeb8094602ed59fc40 Mon Sep 17 00:00:00 2001
+From: Nils Bars
+Date: Mon, 17 Jan 2022 16:53:16 +
+Subject: [PATCH] Fix null pointer dereference and use of uninitialized data
+
+This fixes a bug that causes use of uninitialized heap data if `readbuf` fails
+to read as many bytes as indicated by the extra field length attribute.
+Furthermore, this fixes a null pointer dereference if an archive contains an
+`EF_UNIPATH` extra field but does not have a filename set.
+---
+ fileio.c | 5 -
+ process.c | 6 +-
+ 2 files changed, 9 insertions(+), 2 deletions(-)
+---
+
+https://launchpadlibrarian.net/580782282/0001-Fix-null-pointer-dereference-and-use-of-uninitialized-data.patch
+Regenerated to apply without offsets.
+
+CVE: CVE-2021-4217
+
+Upstream-Status: Inappropriate [not author]
+
+Signed-off-by: Joe Slater
+
+
+diff --git a/fileio.c b/fileio.c
+index 14460f3..1dc319e 100644
+--- a/fileio.c
b/fileio.c
+@@ -2301,8 +2301,11 @@ int do_string(__G__ length, option) /* return PK-type
error code */
+ seek_zipf(__G__ G.cur_zipfile_bufstart - G.extra_bytes +
+ (G.inptr-G.inbuf) + length);
+ } else {
+-if (readbuf(__G__ (char *)G.extra_field, length) == 0)
++unsigned bytes_read = readbuf(__G__ (char *)G.extra_field,
length);
++if (bytes_read == 0)
+ return PK_EOF;
++if (bytes_read != length)
++return PK_ERR;
+ /* Looks like here is where extra fields are read */
+ if (getZip64Data(__G__ G.extra_field, length) != PK_COOL)
+ {
+diff --git a/process.c b/process.c
+index 5f8f6c6..de843a5 100644
+--- a/process.c
b/process.c
+@@ -2058,10 +2058,14 @@ int getUnicodeData(__G__ ef_buf, ef_len)
+ G.unipath_checksum = makelong(offset + ef_buf);
+ offset += 4;
+
++ if (!G.filename_full) {
++/* Check if we have a unicode extra section but no filename set */
++return PK_ERR;
++ }
++
+ /*
+* Compute 32-bit crc
+*/
+-
+ chksum = crc32(chksum, (uch *)(G.filename_full),
+ strlen(G.filename_full));
+
+--
+2.32.0
+
diff --git a/meta/recipes-extended/unzip/unzip_6.0.bb
b/meta/recipes-extended/unzip/unzip_6.0.bb
index af94a39195..c222a684b4 100644
--- a/meta/recipes-extended/unzip/unzip_6.0.bb
+++ b/meta/recipes-extended/unzip/unzip_6.0.bb
@@ -28,6 +28,7 @@ SRC_URI =
"${SOURCEFORGE_MIRROR}/infozip/UnZip%206.x%20%28latest%29/UnZip%206.0/
file://CVE-2019-13232_p3.patch \
file://unzip_optimization.patch \
file://0001-configure-Pass-LDFLAGS-to-tests-doing-link-step.patch \
+file://CVE-2021-4217.patch \
"
UPSTREAM_VERSION_UNKNOWN = "1"
--
2.35.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#163865):
https://lists.openembedded.org/g/openembedded-core/message/163865
Mute This Topic: https://lists.openembedded.org/mt/90161682/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[oe-core][hardknott][PATCH 1/1] flac: fix CVE-2021-0561
From: Li Wang
In append_to_verify_fifo_interleaved_ of stream_encoder.c, there is
a possible out of bounds write due to a missing bounds check. This
could lead to local information disclosure with no additional
execution privileges needed. User interaction is not needed for
exploitation.Product: AndroidVersions: Android-11Android ID: A-174302683
References:
https://nvd.nist.gov/vuln/detail/CVE-2021-0561
Upstream patches:
https://github.com/xiph/flac/commit/e1575e4a7c5157cbf4e4a16dbd39b74f7174c7be
Signed-off-by: Li Wang
Signed-off-by: Joe Slater
---
.../flac/flac/CVE-2021-0561.patch | 41 +++
meta/recipes-multimedia/flac/flac_1.3.3.bb| 1 +
2 files changed, 42 insertions(+)
create mode 100644 meta/recipes-multimedia/flac/flac/CVE-2021-0561.patch
diff --git a/meta/recipes-multimedia/flac/flac/CVE-2021-0561.patch
b/meta/recipes-multimedia/flac/flac/CVE-2021-0561.patch
new file mode 100644
index 00..b48663ae42
--- /dev/null
+++ b/meta/recipes-multimedia/flac/flac/CVE-2021-0561.patch
@@ -0,0 +1,41 @@
+From e1575e4a7c5157cbf4e4a16dbd39b74f7174c7be Mon Sep 17 00:00:00 2001
+From: Neelkamal Semwal
+Date: Fri, 18 Dec 2020 22:28:36 +0530
+Subject: [PATCH] libFlac: Exit at EOS in verify mode
+
+When verify mode is enabled, once decoder flags end of stream,
+encode processing is considered complete.
+
+CVE-2021-0561
+
+Signed-off-by: Ralph Giles
+
+Upstream-Status: Backport
+CVE: CVE-2021-0561
+
+Reference to upstream patch:
+https://github.com/xiph/flac/commit/e1575e4a7c5157cbf4e4a16dbd39b74f7174c7be
+
+Signed-off-by: Li Wang
+---
+ src/libFLAC/stream_encoder.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/libFLAC/stream_encoder.c b/src/libFLAC/stream_encoder.c
+index 74387ec..8bb0ef3 100644
+--- a/src/libFLAC/stream_encoder.c
b/src/libFLAC/stream_encoder.c
+@@ -2610,7 +2610,9 @@ FLAC__bool write_bitbuffer_(FLAC__StreamEncoder
*encoder, uint32_t samples, FLAC
+ encoder->private_->verify.needs_magic_hack = true;
+ }
+ else {
+-
if(!FLAC__stream_decoder_process_single(encoder->private_->verify.decoder)) {
++
if(!FLAC__stream_decoder_process_single(encoder->private_->verify.decoder)
++ || (!is_last_block
++ &&
(FLAC__stream_encoder_get_verify_decoder_state(encoder) ==
FLAC__STREAM_DECODER_END_OF_STREAM))) {
+
FLAC__bitwriter_release_buffer(encoder->private_->frame);
+ FLAC__bitwriter_clear(encoder->private_->frame);
+ if(encoder->protected_->state !=
FLAC__STREAM_ENCODER_VERIFY_MISMATCH_IN_AUDIO_DATA)
+--
+2.23.0
+
diff --git a/meta/recipes-multimedia/flac/flac_1.3.3.bb
b/meta/recipes-multimedia/flac/flac_1.3.3.bb
index cb6692aedf..d3c352cc44 100644
--- a/meta/recipes-multimedia/flac/flac_1.3.3.bb
+++ b/meta/recipes-multimedia/flac/flac_1.3.3.bb
@@ -15,6 +15,7 @@ LIC_FILES_CHKSUM =
"file://COPYING.FDL;md5=ad1419ecc56e060eccf8184a87c4285f \
DEPENDS = "libogg"
SRC_URI = "http://downloads.xiph.org/releases/flac/${BP}.tar.xz \
+ file://CVE-2021-0561.patch \
"
SRC_URI[md5sum] = "26703ed2858c1fc9ffc05136d13daa69"
--
2.35.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#163653):
https://lists.openembedded.org/g/openembedded-core/message/163653
Mute This Topic: https://lists.openembedded.org/mt/90032321/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[oe-core][PATCH 1/1] libxml2: fix CVE-2022-23308 regression
The fix for the CVE in 2.9.13 caused a regression which
was addressed after 2.9.13. We import that patch here.
Signed-off-by: Joe Slater
---
.../CVE-2022-23308-fix-regression.patch | 99 +++
meta/recipes-core/libxml/libxml2_2.9.13.bb| 3 +
2 files changed, 102 insertions(+)
create mode 100644
meta/recipes-core/libxml/libxml2/CVE-2022-23308-fix-regression.patch
diff --git
a/meta/recipes-core/libxml/libxml2/CVE-2022-23308-fix-regression.patch
b/meta/recipes-core/libxml/libxml2/CVE-2022-23308-fix-regression.patch
new file mode 100644
index 00..e188914613
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2022-23308-fix-regression.patch
@@ -0,0 +1,99 @@
+From 646fe48d1c8a74310c409ddf81fe7df6700052af Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer
+Date: Tue, 22 Feb 2022 11:51:08 +0100
+Subject: [PATCH] Fix --without-valid build
+
+Regressed in commit 652dd12a.
+---
+ valid.c | 58 -
+ 1 file changed, 29 insertions(+), 29 deletions(-)
+---
+
+From https://github.com/GNOME/libxml2.git
+ commit 646fe48d1c8a74310c409ddf81fe7df6700052af
+
+CVE: CVE-2022-23308
+Upstream-Status: Backport
+
+Signed-off-by: Joe Slater
+
+
+diff --git a/valid.c b/valid.c
+index 8e596f1d..9684683a 100644
+--- a/valid.c
b/valid.c
+@@ -479,35 +479,6 @@ nodeVPop(xmlValidCtxtPtr ctxt)
+ return (ret);
+ }
+
+-/**
+- * xmlValidNormalizeString:
+- * @str: a string
+- *
+- * Normalize a string in-place.
+- */
+-static void
+-xmlValidNormalizeString(xmlChar *str) {
+-xmlChar *dst;
+-const xmlChar *src;
+-
+-if (str == NULL)
+-return;
+-src = str;
+-dst = str;
+-
+-while (*src == 0x20) src++;
+-while (*src != 0) {
+- if (*src == 0x20) {
+- while (*src == 0x20) src++;
+- if (*src != 0)
+- *dst++ = 0x20;
+- } else {
+- *dst++ = *src++;
+- }
+-}
+-*dst = 0;
+-}
+-
+ #ifdef DEBUG_VALID_ALGO
+ static void
+ xmlValidPrintNode(xmlNodePtr cur) {
+@@ -2636,6 +2607,35 @@ xmlDumpNotationTable(xmlBufferPtr buf,
xmlNotationTablePtr table) {
+ (xmlDictOwns(dict, (const xmlChar *)(str)) == 0))) \
+ xmlFree((char *)(str));
+
++/**
++ * xmlValidNormalizeString:
++ * @str: a string
++ *
++ * Normalize a string in-place.
++ */
++static void
++xmlValidNormalizeString(xmlChar *str) {
++xmlChar *dst;
++const xmlChar *src;
++
++if (str == NULL)
++return;
++src = str;
++dst = str;
++
++while (*src == 0x20) src++;
++while (*src != 0) {
++ if (*src == 0x20) {
++ while (*src == 0x20) src++;
++ if (*src != 0)
++ *dst++ = 0x20;
++ } else {
++ *dst++ = *src++;
++ }
++}
++*dst = 0;
++}
++
+ static int
+ xmlIsStreaming(xmlValidCtxtPtr ctxt) {
+ xmlParserCtxtPtr pctxt;
+--
+2.35.1
+
diff --git a/meta/recipes-core/libxml/libxml2_2.9.13.bb
b/meta/recipes-core/libxml/libxml2_2.9.13.bb
index be59aba84b..e361b53bfd 100644
--- a/meta/recipes-core/libxml/libxml2_2.9.13.bb
+++ b/meta/recipes-core/libxml/libxml2_2.9.13.bb
@@ -23,6 +23,9 @@ SRC_URI +=
"http://www.w3.org/XML/Test/xmlts20080827.tar.gz;subdir=${BP};name=te
file://remove-fuzz-from-ptests.patch \
file://libxml-m4-use-pkgconfig.patch \
"
+# will be in v2.9.14
+#
+SRC_URI += "file://CVE-2022-23308-fix-regression.patch"
SRC_URI[archive.sha256sum] =
"276130602d12fe484ecc03447ee5e759d0465558fbc9d6bd144e3745306ebf0e"
SRC_URI[testtar.sha256sum] =
"96151685cec997e1f9f3387e3626d61e6284d4d6e66e0e440c209286c03e9cc7"
--
2.35.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#163621):
https://lists.openembedded.org/g/openembedded-core/message/163621
Mute This Topic: https://lists.openembedded.org/mt/90007157/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[oe-core][hardknott][PATCH 1/1] libxml2: Fix CVE-2022-23308
The first patch is the fix in version 2.9.13. The second
patch was added later and fixes a regression introduced
by the first.
Signed-off-by: Joe Slater
---
.../CVE-2022-23308-fix-regression.patch | 99 +
.../libxml/libxml2/CVE-2022-23308.patch | 209 ++
meta/recipes-core/libxml/libxml2_2.9.10.bb| 2 +
3 files changed, 310 insertions(+)
create mode 100644
meta/recipes-core/libxml/libxml2/CVE-2022-23308-fix-regression.patch
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2022-23308.patch
diff --git
a/meta/recipes-core/libxml/libxml2/CVE-2022-23308-fix-regression.patch
b/meta/recipes-core/libxml/libxml2/CVE-2022-23308-fix-regression.patch
new file mode 100644
index 00..eefecb9adb
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2022-23308-fix-regression.patch
@@ -0,0 +1,99 @@
+From 646fe48d1c8a74310c409ddf81fe7df6700052af Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer
+Date: Tue, 22 Feb 2022 11:51:08 +0100
+Subject: [PATCH] Fix --without-valid build
+
+Regressed in commit 652dd12a.
+---
+ valid.c | 58 -
+ 1 file changed, 29 insertions(+), 29 deletions(-)
+---
+
+From https://github.com/GNOME/libxml2.git
+ commit 646fe48d1c8a74310c409ddf81fe7df6700052af
+
+CVE: CVE-2022-23308
+Upstream-status: Backport
+
+Signed-off-by: Joe Slater
+
+
+diff --git a/valid.c b/valid.c
+index 8e596f1d..9684683a 100644
+--- a/valid.c
b/valid.c
+@@ -479,35 +479,6 @@ nodeVPop(xmlValidCtxtPtr ctxt)
+ return (ret);
+ }
+
+-/**
+- * xmlValidNormalizeString:
+- * @str: a string
+- *
+- * Normalize a string in-place.
+- */
+-static void
+-xmlValidNormalizeString(xmlChar *str) {
+-xmlChar *dst;
+-const xmlChar *src;
+-
+-if (str == NULL)
+-return;
+-src = str;
+-dst = str;
+-
+-while (*src == 0x20) src++;
+-while (*src != 0) {
+- if (*src == 0x20) {
+- while (*src == 0x20) src++;
+- if (*src != 0)
+- *dst++ = 0x20;
+- } else {
+- *dst++ = *src++;
+- }
+-}
+-*dst = 0;
+-}
+-
+ #ifdef DEBUG_VALID_ALGO
+ static void
+ xmlValidPrintNode(xmlNodePtr cur) {
+@@ -2636,6 +2607,35 @@ xmlDumpNotationTable(xmlBufferPtr buf,
xmlNotationTablePtr table) {
+ (xmlDictOwns(dict, (const xmlChar *)(str)) == 0))) \
+ xmlFree((char *)(str));
+
++/**
++ * xmlValidNormalizeString:
++ * @str: a string
++ *
++ * Normalize a string in-place.
++ */
++static void
++xmlValidNormalizeString(xmlChar *str) {
++xmlChar *dst;
++const xmlChar *src;
++
++if (str == NULL)
++return;
++src = str;
++dst = str;
++
++while (*src == 0x20) src++;
++while (*src != 0) {
++ if (*src == 0x20) {
++ while (*src == 0x20) src++;
++ if (*src != 0)
++ *dst++ = 0x20;
++ } else {
++ *dst++ = *src++;
++ }
++}
++*dst = 0;
++}
++
+ static int
+ xmlIsStreaming(xmlValidCtxtPtr ctxt) {
+ xmlParserCtxtPtr pctxt;
+--
+2.35.1
+
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2022-23308.patch
b/meta/recipes-core/libxml/libxml2/CVE-2022-23308.patch
new file mode 100644
index 00..708a98b45a
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2022-23308.patch
@@ -0,0 +1,209 @@
+From 652dd12a858989b14eed4e84e453059cd3ba340e Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer
+Date: Tue, 8 Feb 2022 03:29:24 +0100
+Subject: [PATCH] [CVE-2022-23308] Use-after-free of ID and IDREF attributes
+
+If a document is parsed with XML_PARSE_DTDVALID and without
+XML_PARSE_NOENT, the value of ID attributes has to be normalized after
+potentially expanding entities in xmlRemoveID. Otherwise, later calls
+to xmlGetID can return a pointer to previously freed memory.
+
+ID attributes which are empty or contain only whitespace after
+entity expansion are affected in a similar way. This is fixed by
+not storing such attributes in the ID table.
+
+The test to detect streaming mode when validating against a DTD was
+broken. In connection with the defects above, this could result in a
+use-after-free when using the xmlReader interface with validation.
+Fix detection of streaming mode to avoid similar issues. (This changes
+the expected result of a test case. But as far as I can tell, using the
+XML reader with XIncludes referencing the root document never worked
+properly, anyway.)
+
+All of these issues can result in denial of service. Using xmlReader
+with validation could result in disclosure of memory via the error
+channel, typically stderr. The security impact of xmlGetID returning
+a pointer to freed memory depends on the application. The typical use
+case of calling xmlGetID on an unmodified document is not affected.
+---
+ result/XInclude/ns1.xml.rdr | 2 +-
+ valid.c | 88 +++--
+ 2 files changed, 56 insertions(+), 34 deletions(-)
+ ---
+
+From https://github.com/GNOME/libxml2.git
+ commit
[oe-core][PATCH] weston: use same distro features for weston and westion-init
We want to avoid situations (like world builds) where
weston-init will build, but weston won't. This could
cause "nothing RPROVIDES..." dependency errors. We set
required distro features in a common include file.
Signed-off-by: Joe Slater
---
.../recipes-graphics/wayland/required-distro-features.inc | 8
meta/recipes-graphics/wayland/weston-init.bb | 6 +++---
meta/recipes-graphics/wayland/weston_10.0.0.bb| 7 ---
3 files changed, 15 insertions(+), 6 deletions(-)
create mode 100644 meta/recipes-graphics/wayland/required-distro-features.inc
diff --git a/meta/recipes-graphics/wayland/required-distro-features.inc
b/meta/recipes-graphics/wayland/required-distro-features.inc
new file mode 100644
index 00..bb4a0e8ebd
--- /dev/null
+++ b/meta/recipes-graphics/wayland/required-distro-features.inc
@@ -0,0 +1,8 @@
+# distro features required by weston recipes
+
+inherit features_check
+
+# requires pam enabled if started via systemd
+#
+REQUIRED_DISTRO_FEATURES = "wayland opengl
${@oe.utils.conditional('VIRTUAL-RUNTIME_init_manager', 'systemd', 'pam', '',
d)}"
+
diff --git a/meta/recipes-graphics/wayland/weston-init.bb
b/meta/recipes-graphics/wayland/weston-init.bb
index c34582137d..79f2340ae1 100644
--- a/meta/recipes-graphics/wayland/weston-init.bb
+++ b/meta/recipes-graphics/wayland/weston-init.bb
@@ -61,13 +61,13 @@ do_install() {
INHIBIT_UPDATERCD_BBCLASS =
"${@oe.utils.conditional('VIRTUAL-RUNTIME_init_manager', 'systemd', '1', '',
d)}"
-inherit update-rc.d features_check systemd useradd
+inherit update-rc.d systemd useradd
USERADD_PACKAGES = "${PN}"
# rdepends on weston which depends on virtual/egl
-# requires pam enabled if started via systemd
-REQUIRED_DISTRO_FEATURES = "opengl
${@oe.utils.conditional('VIRTUAL-RUNTIME_init_manager', 'systemd', 'pam', '',
d)}"
+#
+require ${THISDIR}/required-distro-features.inc
RDEPENDS:${PN} = "weston kbd"
diff --git a/meta/recipes-graphics/wayland/weston_10.0.0.bb
b/meta/recipes-graphics/wayland/weston_10.0.0.bb
index bebe95f69d..8424b4d548 100644
--- a/meta/recipes-graphics/wayland/weston_10.0.0.bb
+++ b/meta/recipes-graphics/wayland/weston_10.0.0.bb
@@ -19,10 +19,11 @@ SRC_URI[sha256sum] =
"5c23964112b90238bed39e5dd1e41cd71a79398813cdc3bbb15a9fdc94
UPSTREAM_CHECK_URI = "https://wayland.freedesktop.org/releases.html;
-inherit meson pkgconfig useradd features_check
+inherit meson pkgconfig useradd
+
# depends on virtual/egl
-# weston-init requires pam enabled if started via systemd
-REQUIRED_DISTRO_FEATURES = "wayland opengl
${@oe.utils.conditional('VIRTUAL-RUNTIME_init_manager', 'systemd', 'pam', '',
d)}"
+#
+require ${THISDIR}/required-distro-features.inc
DEPENDS = "libxkbcommon gdk-pixbuf pixman cairo glib-2.0"
DEPENDS += "wayland wayland-protocols libinput virtual/egl pango
wayland-native"
--
2.35.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#163593):
https://lists.openembedded.org/g/openembedded-core/message/163593
Mute This Topic: https://lists.openembedded.org/mt/89982192/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[oe-core][hardknott][PATCH 1/1] zip: modify when match.S is built
Avoid generating non-PIC code.
The patches are taken from master 58b16da805... but we cannot
cherry-pick because zip_3.0.bb context is different.
Signed-off-by: Joe Slater
---
.../0001-configure-use-correct-CPP.patch | 47 +++
...002-configure-support-PIC-code-build.patch | 34 ++
meta/recipes-extended/zip/zip_3.0.bb | 2 +
3 files changed, 83 insertions(+)
create mode 100644
meta/recipes-extended/zip/zip-3.0/0001-configure-use-correct-CPP.patch
create mode 100644
meta/recipes-extended/zip/zip-3.0/0002-configure-support-PIC-code-build.patch
diff --git
a/meta/recipes-extended/zip/zip-3.0/0001-configure-use-correct-CPP.patch
b/meta/recipes-extended/zip/zip-3.0/0001-configure-use-correct-CPP.patch
new file mode 100644
index 00..02253f968c
--- /dev/null
+++ b/meta/recipes-extended/zip/zip-3.0/0001-configure-use-correct-CPP.patch
@@ -0,0 +1,47 @@
+From 7a2729ee7f5d9b9d4a0d9b83fe641a2ab03c4ee0 Mon Sep 17 00:00:00 2001
+From: Joe Slater
+Date: Thu, 24 Feb 2022 17:36:59 -0800
+Subject: [PATCH 1/2] configure: use correct CPP
+
+configure uses CPP to test that two assembler routines
+can be built. Unfortunately, it will use /usr/bin/cpp
+if it exists, invalidating the tests. We use the $CC
+passed to configure.
+
+Upstream-Status: Inappropriate [openembedded specific]
+
+Signed-off-by: Joe Slater
+---
+ unix/configure | 15 +--
+ 1 file changed, 9 insertions(+), 6 deletions(-)
+
+diff --git a/unix/configure b/unix/configure
+index 73ba803..7e21070 100644
+--- a/unix/configure
b/unix/configure
+@@ -220,13 +220,16 @@ fi
+ echo Check for the C preprocessor
+ # on SVR4, cc -E does not produce correct assembler files. Need /lib/cpp.
+ CPP="${CC} -E"
++
++# We should not change CPP for yocto builds.
++#
+ # solaris as(1) needs -P, maybe others as well ?
+-[ -f /usr/ccs/lib/cpp ] && CPP="/usr/ccs/lib/cpp -P"
+-[ -f /usr/lib/cpp ] && CPP=/usr/lib/cpp
+-[ -f /lib/cpp ] && CPP=/lib/cpp
+-[ -f /usr/bin/cpp ] && CPP=/usr/bin/cpp
+-[ -f /xenix ] && CPP="${CC} -E"
+-[ -f /lynx.os ] && CPP="${CC} -E"
++# [ -f /usr/ccs/lib/cpp ] && CPP="/usr/ccs/lib/cpp -P"
++# [ -f /usr/lib/cpp ] && CPP=/usr/lib/cpp
++# [ -f /lib/cpp ] && CPP=/lib/cpp
++# [ -f /usr/bin/cpp ] && CPP=/usr/bin/cpp
++# [ -f /xenix ] && CPP="${CC} -E"
++# [ -f /lynx.os ] && CPP="${CC} -E"
+
+ echo "#include " > conftest.c
+ $CPP conftest.c >/dev/null 2>/dev/null || CPP="${CC} -E"
+--
+2.24.1
+
diff --git
a/meta/recipes-extended/zip/zip-3.0/0002-configure-support-PIC-code-build.patch
b/meta/recipes-extended/zip/zip-3.0/0002-configure-support-PIC-code-build.patch
new file mode 100644
index 00..6e0879616a
--- /dev/null
+++
b/meta/recipes-extended/zip/zip-3.0/0002-configure-support-PIC-code-build.patch
@@ -0,0 +1,34 @@
+From b0492506d2c28581193906e9d260d4f0451e2c39 Mon Sep 17 00:00:00 2001
+From: Joe Slater
+Date: Thu, 24 Feb 2022 17:46:03 -0800
+Subject: [PATCH 2/2] configure: support PIC code build
+
+Disable building match.S. The code requires
+relocation in .text.
+
+Upstream-Status: Inappropriate [openembedded specific]
+
+Signed-off-by: Joe Slater
+---
+ unix/configure | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/unix/configure b/unix/configure
+index 7e21070..1bc698b 100644
+--- a/unix/configure
b/unix/configure
+@@ -242,8 +242,9 @@ if eval "$CPP match.S > _match.s 2>/dev/null"; then
+ if test ! -s _match.s || grep error < _match.s > /dev/null; then
+ :
+ elif eval "$CC -c _match.s >/dev/null 2>/dev/null" && [ -f _match.o ]; then
+-CFLAGS="${CFLAGS} -DASMV"
+-OBJA="match.o"
++# disable match.S for PIC code
++# CFLAGS="${CFLAGS} -DASMV"
++# OBJA="match.o"
+ echo "int foo() { return 0;}" > conftest.c
+ $CC -c conftest.c >/dev/null 2>/dev/null
+ echo Check if compiler generates underlines
+--
+2.24.1
+
diff --git a/meta/recipes-extended/zip/zip_3.0.bb
b/meta/recipes-extended/zip/zip_3.0.bb
index 18b5d8648e..f8e0b6e259 100644
--- a/meta/recipes-extended/zip/zip_3.0.bb
+++ b/meta/recipes-extended/zip/zip_3.0.bb
@@ -14,6 +14,8 @@ SRC_URI =
"${SOURCEFORGE_MIRROR}/infozip/Zip%203.x%20%28latest%29/3.0/zip30.tar.
file://fix-security-format.patch \
file://10-remove-build-date.patch \
file://zipnote-crashes-with-segfault.patch \
+ file://0001-configure-use-correct-CPP.patch \
+ file://0002-configure-support-PIC-code-build.patch \
"
UPSTREAM_VERSION_UNKNOWN = "1"
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#163453):
https://lists.openembedded.org/g/openembedded-core/message/163453
Mute This Topic: https://lists.openembedded.org/mt/89880694/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[oe-core][PATCH 1/1] expect: modify fixline1 script
fixline1 needs to be processed by fixline1, but we
short-circuit that. Enter the multi-line shebang which
I am a bit queasy about, but expect loves it.
Signed-off-by: Joe Slater
---
.../expect/0001-fixline1-fix-line-1.patch | 31 +++
meta/recipes-devtools/expect/expect_5.45.4.bb | 1 +
2 files changed, 32 insertions(+)
create mode 100644
meta/recipes-devtools/expect/expect/0001-fixline1-fix-line-1.patch
diff --git a/meta/recipes-devtools/expect/expect/0001-fixline1-fix-line-1.patch
b/meta/recipes-devtools/expect/expect/0001-fixline1-fix-line-1.patch
new file mode 100644
index 00..d6f5d7ff0e
--- /dev/null
+++ b/meta/recipes-devtools/expect/expect/0001-fixline1-fix-line-1.patch
@@ -0,0 +1,31 @@
+From eef7c44c10de32ba399ab162cb5799fafdce3fa5 Mon Sep 17 00:00:00 2001
+From: Joe Slater
+Date: Tue, 15 Mar 2022 22:00:04 +
+Subject: [PATCH] fixline1: fix line 1
+
+Ironically, fixline1 needs its first line modified by
+fixline1. We do that, manually.
+
+Upstream-Status: Pending
+
+Signed-off-by: Joe Slater
+---
+ fixline1 | 5 -
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/fixline1 b/fixline1
+index 113e9bb..8a38e96 100755
+--- a/fixline1
b/fixline1
+@@ -1,4 +1,7 @@
+-#!expect --
++#!/bin/sh
++# expect won't see the exec \
++exec expect -- "$0" ${1+"$@"}
++
+ # Synopsis: fixline1 newpath < input > output
+ # Author: Don Libes
+
+--
+2.32.0
+
diff --git a/meta/recipes-devtools/expect/expect_5.45.4.bb
b/meta/recipes-devtools/expect/expect_5.45.4.bb
index 4214ab0f27..e22fa140d5 100644
--- a/meta/recipes-devtools/expect/expect_5.45.4.bb
+++ b/meta/recipes-devtools/expect/expect_5.45.4.bb
@@ -25,6 +25,7 @@ SRC_URI =
"${SOURCEFORGE_MIRROR}/expect/Expect/${PV}/${BPN}${PV}.tar.gz \
file://0001-Resolve-string-formatting-issues.patch \
file://0001-expect-Fix-segfaults-if-Tcl-is-built-with-stubs-and-.patch \
file://0001-exp_main_sub.c-Use-PATH_MAX-for-path.patch \
+ file://0001-fixline1-fix-line-1.patch \
"
SRC_URI[md5sum] = "00fce8de158422f5ccd2666512329bd2"
SRC_URI[sha256sum] =
"49a7da83b0bdd9f46d04a04deec19c7767bb9a323e40c4781f89caf760b92c34"
--
2.35.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#163316):
https://lists.openembedded.org/g/openembedded-core/message/163316
Mute This Topic: https://lists.openembedded.org/mt/89810365/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[oe-core][PATCH 1/1] weston: require wayland as a distro feature
Weston will not configure successfully unless wayland
is a distro feature.
Signed-off-by: Joe Slater
---
meta/recipes-graphics/wayland/weston_10.0.0.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-graphics/wayland/weston_10.0.0.bb
b/meta/recipes-graphics/wayland/weston_10.0.0.bb
index fbb7927820..bebe95f69d 100644
--- a/meta/recipes-graphics/wayland/weston_10.0.0.bb
+++ b/meta/recipes-graphics/wayland/weston_10.0.0.bb
@@ -22,7 +22,7 @@ UPSTREAM_CHECK_URI =
"https://wayland.freedesktop.org/releases.html;
inherit meson pkgconfig useradd features_check
# depends on virtual/egl
# weston-init requires pam enabled if started via systemd
-REQUIRED_DISTRO_FEATURES = "opengl
${@oe.utils.conditional('VIRTUAL-RUNTIME_init_manager', 'systemd', 'pam', '',
d)}"
+REQUIRED_DISTRO_FEATURES = "wayland opengl
${@oe.utils.conditional('VIRTUAL-RUNTIME_init_manager', 'systemd', 'pam', '',
d)}"
DEPENDS = "libxkbcommon gdk-pixbuf pixman cairo glib-2.0"
DEPENDS += "wayland wayland-protocols libinput virtual/egl pango
wayland-native"
--
2.35.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#163041):
https://lists.openembedded.org/g/openembedded-core/message/163041
Mute This Topic: https://lists.openembedded.org/mt/89695428/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [oe-core][PATCH 1/1] libvert: modify dependencies on lxc_protocol.h
Oops, wrong list. Joe
> -Original Message-
> From: Slater, Joseph
> Sent: Wednesday, March 9, 2022 4:51 PM
> To: openembedded-core@lists.openembedded.org
> Cc: Slater, Joseph ; MacLeod, Randy
>
> Subject: [oe-core][PATCH 1/1] libvert: modify dependencies on lxc_protocol.h
>
> src/remote/meson.build does not create a dependency on the generated
> lxc_protocol.h for remote_daemon.c. Restructure how this file is generated to
> allow the dependency.
>
> Signed-off-by: Joe Slater
> ---
> .../libvirt/libvirt/lxc_protocol.patch| 104 ++
> recipes-extended/libvirt/libvirt_7.2.0.bb | 1 +
> 2 files changed, 105 insertions(+)
> create mode 100644 recipes-extended/libvirt/libvirt/lxc_protocol.patch
>
> diff --git a/recipes-extended/libvirt/libvirt/lxc_protocol.patch b/recipes-
> extended/libvirt/libvirt/lxc_protocol.patch
> new file mode 100644
> index ..595c3fe4
> --- /dev/null
> +++ b/recipes-extended/libvirt/libvirt/lxc_protocol.patch
> @@ -0,0 +1,104 @@
> +From 38af66c1a9c4cdeb256eeaf563c6807757c370ce Mon Sep 17 00:00:00
> 2001
> +From: Joe Slater
> +Date: Wed, 9 Mar 2022 23:17:33 +
> +Subject: [PATCH] working commit
> +
> +remote_daemon.c and others need the generated header lxc_protocol.h,
> +but do not have it as a dependency in meson.build. This means that
> +builds will randomly (ok, very occasionally) fail. Restructure how the
> +header is built so that remote_daemon can have it as a dependency.
> +
> +Upstream-Status: Pending
> +
> +Signed-off-by: Joe Slater
> +
> +---
> + src/remote/meson.build | 48 --
> + 1 file changed, 28 insertions(+), 20 deletions(-)
> +
> +diff --git a/src/remote/meson.build b/src/remote/meson.build index
> +0a18826..31a30ee 100644
> +--- a/src/remote/meson.build
> b/src/remote/meson.build
> +@@ -1,27 +1,11 @@
> +-remote_driver_sources = [
> +- 'remote_driver.c',
> +- 'remote_sockets.c',
> +-]
> +-
> +-remote_driver_generated = []
> ++remote_xxx_generated = []
> +
> + foreach name : [ 'remote', 'qemu', 'lxc' ]
> +- client_bodies_h = '@0@_client_bodies.h'.format(name)
> + protocol_c = '@0@_protocol.c'.format(name)
> + protocol_h = '@0@_protocol.h'.format(name)
> + protocol_x = '@0@_protocol.x'.format(name)
> +
> +- remote_driver_generated += custom_target(
> +-client_bodies_h,
> +-input: protocol_x,
> +-output: client_bodies_h,
> +-command: [
> +- gendispatch_prog, '--mode=client', name, name.to_upper(), '@INPUT@',
> +-],
> +-capture: true,
> +- )
> +-
> +- remote_driver_generated += custom_target(
> ++ remote_xxx_generated += custom_target(
> + protocol_h,
> + input: protocol_x,
> + output: protocol_h,
> +@@ -30,7 +14,7 @@ foreach name : [ 'remote', 'qemu', 'lxc' ]
> + ],
> + )
> +
> +- remote_driver_generated += custom_target(
> ++ remote_xxx_generated += custom_target(
> + protocol_c,
> + input: protocol_x,
> + output: protocol_c,
> +@@ -42,6 +26,30 @@ foreach name : [ 'remote', 'qemu', 'lxc' ]
> + rpc_probe_files += files(protocol_x) endforeach
> +
> ++
> ++remote_driver_sources = [
> ++ 'remote_driver.c',
> ++ 'remote_sockets.c',
> ++]
> ++
> ++remote_driver_generated =remote_xxx_generated
> ++
> ++foreach name : [ 'remote', 'qemu', 'lxc' ]
> ++ client_bodies_h = '@0@_client_bodies.h'.format(name)
> ++ protocol_x = '@0@_protocol.x'.format(name)
> ++
> ++ remote_driver_generated += custom_target(
> ++client_bodies_h,
> ++input: protocol_x,
> ++output: client_bodies_h,
> ++command: [
> ++ gendispatch_prog, '--mode=client', name, name.to_upper(), '@INPUT@',
> ++],
> ++capture: true,
> ++ )
> ++
> ++endforeach
> ++
> + remote_daemon_sources = files(
> + 'remote_daemon.c',
> + 'remote_daemon_config.c',
> +@@ -49,7 +57,7 @@ remote_daemon_sources = files(
> + 'remote_daemon_stream.c',
> + )
> +
> +-remote_daemon_generated = []
> ++remote_daemon_generated = remote_xxx_generated
> +
> + virt_ssh_helper_sources = files(
> + 'remote_sockets.c',
> +--
> +2.32.0
> +
> diff --git a/recipes-extended/libvirt/libvirt_7.2.0.bb b/recipes-
> extended/libvirt/libvirt_7.2.0.bb
> index 5ad7d59e..04c66eb5 100644
> --- a/recipes-extended/libvirt/libvirt_7.2.0.bb
> +++ b/recipes-extended/libvirt/libvirt_7.2.0.bb
> @@ -31,6 +31,7 @@ SRC_URI = "http://libvirt.org/sources/libvirt-
> ${PV}.tar.xz;name=libvirt \
> file://0002-meson-Fix-compatibility-with-Meson-0.58.patch \
> file://0001-security-fix-SELinux-label-generation-logic.patch \
&g
[oe-core][PATCH 1/1] libvert: modify dependencies on lxc_protocol.h
src/remote/meson.build does not create a dependency on
the generated lxc_protocol.h for remote_daemon.c. Restructure
how this file is generated to allow the dependency.
Signed-off-by: Joe Slater
---
.../libvirt/libvirt/lxc_protocol.patch| 104 ++
recipes-extended/libvirt/libvirt_7.2.0.bb | 1 +
2 files changed, 105 insertions(+)
create mode 100644 recipes-extended/libvirt/libvirt/lxc_protocol.patch
diff --git a/recipes-extended/libvirt/libvirt/lxc_protocol.patch
b/recipes-extended/libvirt/libvirt/lxc_protocol.patch
new file mode 100644
index ..595c3fe4
--- /dev/null
+++ b/recipes-extended/libvirt/libvirt/lxc_protocol.patch
@@ -0,0 +1,104 @@
+From 38af66c1a9c4cdeb256eeaf563c6807757c370ce Mon Sep 17 00:00:00 2001
+From: Joe Slater
+Date: Wed, 9 Mar 2022 23:17:33 +
+Subject: [PATCH] working commit
+
+remote_daemon.c and others need the generated header lxc_protocol.h,
+but do not have it as a dependency in meson.build. This means that
+builds will randomly (ok, very occasionally) fail. Restructure how the
+header is built so that remote_daemon can have it as a dependency.
+
+Upstream-Status: Pending
+
+Signed-off-by: Joe Slater
+
+---
+ src/remote/meson.build | 48 --
+ 1 file changed, 28 insertions(+), 20 deletions(-)
+
+diff --git a/src/remote/meson.build b/src/remote/meson.build
+index 0a18826..31a30ee 100644
+--- a/src/remote/meson.build
b/src/remote/meson.build
+@@ -1,27 +1,11 @@
+-remote_driver_sources = [
+- 'remote_driver.c',
+- 'remote_sockets.c',
+-]
+-
+-remote_driver_generated = []
++remote_xxx_generated = []
+
+ foreach name : [ 'remote', 'qemu', 'lxc' ]
+- client_bodies_h = '@0@_client_bodies.h'.format(name)
+ protocol_c = '@0@_protocol.c'.format(name)
+ protocol_h = '@0@_protocol.h'.format(name)
+ protocol_x = '@0@_protocol.x'.format(name)
+
+- remote_driver_generated += custom_target(
+-client_bodies_h,
+-input: protocol_x,
+-output: client_bodies_h,
+-command: [
+- gendispatch_prog, '--mode=client', name, name.to_upper(), '@INPUT@',
+-],
+-capture: true,
+- )
+-
+- remote_driver_generated += custom_target(
++ remote_xxx_generated += custom_target(
+ protocol_h,
+ input: protocol_x,
+ output: protocol_h,
+@@ -30,7 +14,7 @@ foreach name : [ 'remote', 'qemu', 'lxc' ]
+ ],
+ )
+
+- remote_driver_generated += custom_target(
++ remote_xxx_generated += custom_target(
+ protocol_c,
+ input: protocol_x,
+ output: protocol_c,
+@@ -42,6 +26,30 @@ foreach name : [ 'remote', 'qemu', 'lxc' ]
+ rpc_probe_files += files(protocol_x)
+ endforeach
+
++
++remote_driver_sources = [
++ 'remote_driver.c',
++ 'remote_sockets.c',
++]
++
++remote_driver_generated =remote_xxx_generated
++
++foreach name : [ 'remote', 'qemu', 'lxc' ]
++ client_bodies_h = '@0@_client_bodies.h'.format(name)
++ protocol_x = '@0@_protocol.x'.format(name)
++
++ remote_driver_generated += custom_target(
++client_bodies_h,
++input: protocol_x,
++output: client_bodies_h,
++command: [
++ gendispatch_prog, '--mode=client', name, name.to_upper(), '@INPUT@',
++],
++capture: true,
++ )
++
++endforeach
++
+ remote_daemon_sources = files(
+ 'remote_daemon.c',
+ 'remote_daemon_config.c',
+@@ -49,7 +57,7 @@ remote_daemon_sources = files(
+ 'remote_daemon_stream.c',
+ )
+
+-remote_daemon_generated = []
++remote_daemon_generated = remote_xxx_generated
+
+ virt_ssh_helper_sources = files(
+ 'remote_sockets.c',
+--
+2.32.0
+
diff --git a/recipes-extended/libvirt/libvirt_7.2.0.bb
b/recipes-extended/libvirt/libvirt_7.2.0.bb
index 5ad7d59e..04c66eb5 100644
--- a/recipes-extended/libvirt/libvirt_7.2.0.bb
+++ b/recipes-extended/libvirt/libvirt_7.2.0.bb
@@ -31,6 +31,7 @@ SRC_URI =
"http://libvirt.org/sources/libvirt-${PV}.tar.xz;name=libvirt \
file://0002-meson-Fix-compatibility-with-Meson-0.58.patch \
file://0001-security-fix-SELinux-label-generation-logic.patch \
file://0001-storage_driver-Unlock-object-on-ACL-fail-in-storageP.patch \
+ file://lxc_protocol.patch \
"
SRC_URI[libvirt.md5sum] = "92044b629216e44adce63224970a54a3"
--
2.35.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162996):
https://lists.openembedded.org/g/openembedded-core/message/162996
Mute This Topic: https://lists.openembedded.org/mt/89676990/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[v2][oe-core][PATCH 1/1] zip: modify when match.S is built
Use the correct $CPP to test if *.S are buildable,
but do not build match.S because it is not PIC code.
Signed-off-by: Joe Slater
---
.../0001-configure-use-correct-CPP.patch | 47 +++
...002-configure-support-PIC-code-build.patch | 34 ++
meta/recipes-extended/zip/zip_3.0.bb | 2 +
3 files changed, 83 insertions(+)
create mode 100644
meta/recipes-extended/zip/zip-3.0/0001-configure-use-correct-CPP.patch
create mode 100644
meta/recipes-extended/zip/zip-3.0/0002-configure-support-PIC-code-build.patch
diff --git
a/meta/recipes-extended/zip/zip-3.0/0001-configure-use-correct-CPP.patch
b/meta/recipes-extended/zip/zip-3.0/0001-configure-use-correct-CPP.patch
new file mode 100644
index 00..02253f968c
--- /dev/null
+++ b/meta/recipes-extended/zip/zip-3.0/0001-configure-use-correct-CPP.patch
@@ -0,0 +1,47 @@
+From 7a2729ee7f5d9b9d4a0d9b83fe641a2ab03c4ee0 Mon Sep 17 00:00:00 2001
+From: Joe Slater
+Date: Thu, 24 Feb 2022 17:36:59 -0800
+Subject: [PATCH 1/2] configure: use correct CPP
+
+configure uses CPP to test that two assembler routines
+can be built. Unfortunately, it will use /usr/bin/cpp
+if it exists, invalidating the tests. We use the $CC
+passed to configure.
+
+Upstream-Status: Inappropriate [openembedded specific]
+
+Signed-off-by: Joe Slater
+---
+ unix/configure | 15 +--
+ 1 file changed, 9 insertions(+), 6 deletions(-)
+
+diff --git a/unix/configure b/unix/configure
+index 73ba803..7e21070 100644
+--- a/unix/configure
b/unix/configure
+@@ -220,13 +220,16 @@ fi
+ echo Check for the C preprocessor
+ # on SVR4, cc -E does not produce correct assembler files. Need /lib/cpp.
+ CPP="${CC} -E"
++
++# We should not change CPP for yocto builds.
++#
+ # solaris as(1) needs -P, maybe others as well ?
+-[ -f /usr/ccs/lib/cpp ] && CPP="/usr/ccs/lib/cpp -P"
+-[ -f /usr/lib/cpp ] && CPP=/usr/lib/cpp
+-[ -f /lib/cpp ] && CPP=/lib/cpp
+-[ -f /usr/bin/cpp ] && CPP=/usr/bin/cpp
+-[ -f /xenix ] && CPP="${CC} -E"
+-[ -f /lynx.os ] && CPP="${CC} -E"
++# [ -f /usr/ccs/lib/cpp ] && CPP="/usr/ccs/lib/cpp -P"
++# [ -f /usr/lib/cpp ] && CPP=/usr/lib/cpp
++# [ -f /lib/cpp ] && CPP=/lib/cpp
++# [ -f /usr/bin/cpp ] && CPP=/usr/bin/cpp
++# [ -f /xenix ] && CPP="${CC} -E"
++# [ -f /lynx.os ] && CPP="${CC} -E"
+
+ echo "#include " > conftest.c
+ $CPP conftest.c >/dev/null 2>/dev/null || CPP="${CC} -E"
+--
+2.24.1
+
diff --git
a/meta/recipes-extended/zip/zip-3.0/0002-configure-support-PIC-code-build.patch
b/meta/recipes-extended/zip/zip-3.0/0002-configure-support-PIC-code-build.patch
new file mode 100644
index 00..6e0879616a
--- /dev/null
+++
b/meta/recipes-extended/zip/zip-3.0/0002-configure-support-PIC-code-build.patch
@@ -0,0 +1,34 @@
+From b0492506d2c28581193906e9d260d4f0451e2c39 Mon Sep 17 00:00:00 2001
+From: Joe Slater
+Date: Thu, 24 Feb 2022 17:46:03 -0800
+Subject: [PATCH 2/2] configure: support PIC code build
+
+Disable building match.S. The code requires
+relocation in .text.
+
+Upstream-Status: Inappropriate [openembedded specific]
+
+Signed-off-by: Joe Slater
+---
+ unix/configure | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/unix/configure b/unix/configure
+index 7e21070..1bc698b 100644
+--- a/unix/configure
b/unix/configure
+@@ -242,8 +242,9 @@ if eval "$CPP match.S > _match.s 2>/dev/null"; then
+ if test ! -s _match.s || grep error < _match.s > /dev/null; then
+ :
+ elif eval "$CC -c _match.s >/dev/null 2>/dev/null" && [ -f _match.o ]; then
+-CFLAGS="${CFLAGS} -DASMV"
+-OBJA="match.o"
++# disable match.S for PIC code
++# CFLAGS="${CFLAGS} -DASMV"
++# OBJA="match.o"
+ echo "int foo() { return 0;}" > conftest.c
+ $CC -c conftest.c >/dev/null 2>/dev/null
+ echo Check if compiler generates underlines
+--
+2.24.1
+
diff --git a/meta/recipes-extended/zip/zip_3.0.bb
b/meta/recipes-extended/zip/zip_3.0.bb
index 18b5d8648e..f8e0b6e259 100644
--- a/meta/recipes-extended/zip/zip_3.0.bb
+++ b/meta/recipes-extended/zip/zip_3.0.bb
@@ -14,6 +14,8 @@ SRC_URI =
"${SOURCEFORGE_MIRROR}/infozip/Zip%203.x%20%28latest%29/3.0/zip30.tar.
file://fix-security-format.patch \
file://10-remove-build-date.patch \
file://zipnote-crashes-with-segfault.patch \
+ file://0001-configure-use-correct-CPP.patch \
+ file://0002-configure-support-PIC-code-build.patch \
"
UPSTREAM_VERSION_UNKNOWN = "1"
--
2.24.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162405):
https://lists.openembedded.org/g/openembedded-core/message/162405
Mute This Topic: https://lists.openembedded.org/mt/89390793/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[oe-core][PATCH 1/1] zip: modify when match.S is built
Use the correct $CPP to test if match.S is buildable,
and do not build it if QA checks require PIC code.
Signed-off-by: Joe Slater
---
.../0001-configure-use-correct-CPP.patch | 47 +++
...002-configure-support-PIC-code-build.patch | 34 ++
meta/recipes-extended/zip/zip_3.0.bb | 3 ++
3 files changed, 84 insertions(+)
create mode 100644
meta/recipes-extended/zip/zip-3.0/0001-configure-use-correct-CPP.patch
create mode 100644
meta/recipes-extended/zip/zip-3.0/0002-configure-support-PIC-code-build.patch
diff --git
a/meta/recipes-extended/zip/zip-3.0/0001-configure-use-correct-CPP.patch
b/meta/recipes-extended/zip/zip-3.0/0001-configure-use-correct-CPP.patch
new file mode 100644
index 00..02253f968c
--- /dev/null
+++ b/meta/recipes-extended/zip/zip-3.0/0001-configure-use-correct-CPP.patch
@@ -0,0 +1,47 @@
+From 7a2729ee7f5d9b9d4a0d9b83fe641a2ab03c4ee0 Mon Sep 17 00:00:00 2001
+From: Joe Slater
+Date: Thu, 24 Feb 2022 17:36:59 -0800
+Subject: [PATCH 1/2] configure: use correct CPP
+
+configure uses CPP to test that two assembler routines
+can be built. Unfortunately, it will use /usr/bin/cpp
+if it exists, invalidating the tests. We use the $CC
+passed to configure.
+
+Upstream-Status: Inappropriate [openembedded specific]
+
+Signed-off-by: Joe Slater
+---
+ unix/configure | 15 +--
+ 1 file changed, 9 insertions(+), 6 deletions(-)
+
+diff --git a/unix/configure b/unix/configure
+index 73ba803..7e21070 100644
+--- a/unix/configure
b/unix/configure
+@@ -220,13 +220,16 @@ fi
+ echo Check for the C preprocessor
+ # on SVR4, cc -E does not produce correct assembler files. Need /lib/cpp.
+ CPP="${CC} -E"
++
++# We should not change CPP for yocto builds.
++#
+ # solaris as(1) needs -P, maybe others as well ?
+-[ -f /usr/ccs/lib/cpp ] && CPP="/usr/ccs/lib/cpp -P"
+-[ -f /usr/lib/cpp ] && CPP=/usr/lib/cpp
+-[ -f /lib/cpp ] && CPP=/lib/cpp
+-[ -f /usr/bin/cpp ] && CPP=/usr/bin/cpp
+-[ -f /xenix ] && CPP="${CC} -E"
+-[ -f /lynx.os ] && CPP="${CC} -E"
++# [ -f /usr/ccs/lib/cpp ] && CPP="/usr/ccs/lib/cpp -P"
++# [ -f /usr/lib/cpp ] && CPP=/usr/lib/cpp
++# [ -f /lib/cpp ] && CPP=/lib/cpp
++# [ -f /usr/bin/cpp ] && CPP=/usr/bin/cpp
++# [ -f /xenix ] && CPP="${CC} -E"
++# [ -f /lynx.os ] && CPP="${CC} -E"
+
+ echo "#include " > conftest.c
+ $CPP conftest.c >/dev/null 2>/dev/null || CPP="${CC} -E"
+--
+2.24.1
+
diff --git
a/meta/recipes-extended/zip/zip-3.0/0002-configure-support-PIC-code-build.patch
b/meta/recipes-extended/zip/zip-3.0/0002-configure-support-PIC-code-build.patch
new file mode 100644
index 00..6e0879616a
--- /dev/null
+++
b/meta/recipes-extended/zip/zip-3.0/0002-configure-support-PIC-code-build.patch
@@ -0,0 +1,34 @@
+From b0492506d2c28581193906e9d260d4f0451e2c39 Mon Sep 17 00:00:00 2001
+From: Joe Slater
+Date: Thu, 24 Feb 2022 17:46:03 -0800
+Subject: [PATCH 2/2] configure: support PIC code build
+
+Disable building match.S. The code requires
+relocation in .text.
+
+Upstream-Status: Inappropriate [openembedded specific]
+
+Signed-off-by: Joe Slater
+---
+ unix/configure | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/unix/configure b/unix/configure
+index 7e21070..1bc698b 100644
+--- a/unix/configure
b/unix/configure
+@@ -242,8 +242,9 @@ if eval "$CPP match.S > _match.s 2>/dev/null"; then
+ if test ! -s _match.s || grep error < _match.s > /dev/null; then
+ :
+ elif eval "$CC -c _match.s >/dev/null 2>/dev/null" && [ -f _match.o ]; then
+-CFLAGS="${CFLAGS} -DASMV"
+-OBJA="match.o"
++# disable match.S for PIC code
++# CFLAGS="${CFLAGS} -DASMV"
++# OBJA="match.o"
+ echo "int foo() { return 0;}" > conftest.c
+ $CC -c conftest.c >/dev/null 2>/dev/null
+ echo Check if compiler generates underlines
+--
+2.24.1
+
diff --git a/meta/recipes-extended/zip/zip_3.0.bb
b/meta/recipes-extended/zip/zip_3.0.bb
index 18b5d8648e..42a17f9450 100644
--- a/meta/recipes-extended/zip/zip_3.0.bb
+++ b/meta/recipes-extended/zip/zip_3.0.bb
@@ -14,6 +14,9 @@ SRC_URI =
"${SOURCEFORGE_MIRROR}/infozip/Zip%203.x%20%28latest%29/3.0/zip30.tar.
file://fix-security-format.patch \
file://10-remove-build-date.patch \
file://zipnote-crashes-with-segfault.patch \
+ file://0001-configure-use-correct-CPP.patch \
+ ${@bb.utils.contains('ERROR_QA', 'textrel', \
+ 'file://0002-configure-support-PIC-code-build.patch', '', d)} \
"
UPSTREAM_VERSION_UNKNOWN = "1"
--
2.24.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162333):
https://lists.openembedded.org/g/openembedded-core/message/162333
Mute This Topic: https://lists.openembedded.org/mt/89381221/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[oe-core][hardknott][PATCH 1/1] virglrenderer: fix CVE-2022-0135 and -0175
CVE-2022-0135 concerns out-of-bounds writes in read_transfer_data().
CVE-2022-0175 concerns using malloc() instead of calloc().
We cherry-pick from master.
Signed-off-by: Joe Slater
Signed-off-by: Richard Purdie
(cherry picked from commit 91f7511df79c5c1f93add9f2827a5a266453614e)
Modify -0175 patch to apply to hardknott branch.
Signed-off-by: Joe Slater
---
.../virglrenderer/cve-2022-0135.patch | 117 ++
.../virglrenderer/cve-2022-0175.patch | 112 +
.../virglrenderer/virglrenderer_0.8.2.bb | 2 +
3 files changed, 231 insertions(+)
create mode 100644
meta/recipes-graphics/virglrenderer/virglrenderer/cve-2022-0135.patch
create mode 100644
meta/recipes-graphics/virglrenderer/virglrenderer/cve-2022-0175.patch
diff --git
a/meta/recipes-graphics/virglrenderer/virglrenderer/cve-2022-0135.patch
b/meta/recipes-graphics/virglrenderer/virglrenderer/cve-2022-0135.patch
new file mode 100644
index 00..ae42dc8f6c
--- /dev/null
+++ b/meta/recipes-graphics/virglrenderer/virglrenderer/cve-2022-0135.patch
@@ -0,0 +1,117 @@
+From 63aee871365f9c9e7fa9125672302a0fb250d34d Mon Sep 17 00:00:00 2001
+From: Gert Wollny
+Date: Tue, 30 Nov 2021 09:16:24 +0100
+Subject: [PATCH 2/2] vrend: propperly check whether the shader image range is
+ correct
+
+Also add a test to check the integer underflow.
+
+Closes: #251
+Signed-off-by: Gert Wollny
+Reviewed-by: Chia-I Wu
+
+cherry-pick from anongit.freedesktop.org/virglrenderer
+commit 2aed5d4...
+
+CVE: CVE-2022-0135
+Upstream-Status: Backport
+Signed-off-by: Joe Slater
+
+---
+ src/vrend_decode.c | 3 +-
+ tests/test_fuzzer_formats.c | 57 +
+ 2 files changed, 59 insertions(+), 1 deletion(-)
+
+diff --git a/src/vrend_decode.c b/src/vrend_decode.c
+index 91f5f24..6771b10 100644
+--- a/src/vrend_decode.c
b/src/vrend_decode.c
+@@ -1249,8 +1249,9 @@ static int vrend_decode_set_shader_images(struct
vrend_context *ctx, const uint3
+if (num_images < 1) {
+ return 0;
+}
++
+if (start_slot > PIPE_MAX_SHADER_IMAGES ||
+- start_slot > PIPE_MAX_SHADER_IMAGES - num_images)
++ start_slot + num_images > PIPE_MAX_SHADER_IMAGES)
+ return EINVAL;
+
+for (uint32_t i = 0; i < num_images; i++) {
+diff --git a/tests/test_fuzzer_formats.c b/tests/test_fuzzer_formats.c
+index 154a2e5..e32caf0 100644
+--- a/tests/test_fuzzer_formats.c
b/tests/test_fuzzer_formats.c
+@@ -958,6 +958,61 @@ static void test_vrend_set_signle_abo_heap_overflow() {
+ virgl_renderer_submit_cmd((void *) cmd, ctx_id, 0xde);
+ }
+
++static void test_vrend_set_shader_images_overflow()
++{
++uint32_t num_shaders = PIPE_MAX_SHADER_IMAGES + 1;
++uint32_t size = num_shaders * VIRGL_SET_SHADER_IMAGE_ELEMENT_SIZE + 3;
++uint32_t cmd[size];
++int i = 0;
++cmd[i++] = ((size - 1)<< 16) | 0 << 8 | VIRGL_CCMD_SET_SHADER_IMAGES;
++cmd[i++] = PIPE_SHADER_FRAGMENT;
++memset([i], 0, size - i);
++
++virgl_renderer_submit_cmd((void *) cmd, ctx_id, size);
++}
++
++/* Test adapted from yaojun8558...@gmail.com:
++ * https://gitlab.freedesktop.org/virgl/virglrenderer/-/issues/250
++*/
++static void test_vrend_3d_resource_overflow() {
++
++struct virgl_renderer_resource_create_args resource;
++resource.handle = 0x4c474572;
++resource.target = PIPE_TEXTURE_2D_ARRAY;
++resource.format = VIRGL_FORMAT_Z24X8_UNORM;
++resource.nr_samples = 2;
++resource.last_level = 0;
++resource.array_size = 3;
++resource.bind = VIRGL_BIND_SAMPLER_VIEW;
++resource.depth = 1;
++resource.width = 8;
++resource.height = 4;
++resource.flags = 0;
++
++virgl_renderer_resource_create(, NULL, 0);
++virgl_renderer_ctx_attach_resource(ctx_id, resource.handle);
++
++uint32_t size = 0x400;
++uint32_t cmd[size];
++int i = 0;
++cmd[i++] = (size - 1) << 16 | 0 << 8 | VIRGL_CCMD_RESOURCE_INLINE_WRITE;
++cmd[i++] = resource.handle;
++cmd[i++] = 0; // level
++cmd[i++] = 0; // usage
++cmd[i++] = 0; // stride
++cmd[i++] = 0; // layer_stride
++cmd[i++] = 0; // x
++cmd[i++] = 0; // y
++cmd[i++] = 0; // z
++cmd[i++] = 8; // w
++cmd[i++] = 4; // h
++cmd[i++] = 3; // d
++memset([i], 0, size - i);
++
++virgl_renderer_submit_cmd((void *) cmd, ctx_id, size);
++}
++
++
+ int main()
+ {
+initialize_environment();
+@@ -980,6 +1035,8 @@ int main()
+test_cs_nullpointer_deference();
+test_vrend_set_signle_abo_heap_overflow();
+
++ test_vrend_set_shader_images_overflow();
++ test_vrend_3d_resource_overflow();
+
+virgl_renderer_context_destroy(ctx_id);
+virgl_renderer_cleanup();
+--
+2.25.1
+
diff --git
a/meta/recipes-graphics/virglrenderer/virglrenderer/cve-2022-0175.patch
b/meta/recipes-graphics/virglrenderer/virglrenderer/cve-2022-0175.patch
new file mode 100644
index 00..8bbb9eb579
--- /dev/null
++
[oe-core][PATCH 1/1] virglrenderer: fix CVE-2022-0135 and -0175
CVE-2022-0135 concerns out-of-bounds writes in read_transfer_data().
CVE-2022-0175 concerns using malloc() instead of calloc().
We "cherry-pick" from upstream. The actual cherry-picks are from
upstream master to branch-0.9.1 and are the patches entered here.
Signed-off-by: Joe Slater
---
.../virglrenderer/cve-2022-0135.patch | 117 ++
.../virglrenderer/cve-2022-0175.patch | 107
.../virglrenderer/virglrenderer_0.9.1.bb | 2 +
3 files changed, 226 insertions(+)
create mode 100644
meta/recipes-graphics/virglrenderer/virglrenderer/cve-2022-0135.patch
create mode 100644
meta/recipes-graphics/virglrenderer/virglrenderer/cve-2022-0175.patch
diff --git
a/meta/recipes-graphics/virglrenderer/virglrenderer/cve-2022-0135.patch
b/meta/recipes-graphics/virglrenderer/virglrenderer/cve-2022-0135.patch
new file mode 100644
index 00..ae42dc8f6c
--- /dev/null
+++ b/meta/recipes-graphics/virglrenderer/virglrenderer/cve-2022-0135.patch
@@ -0,0 +1,117 @@
+From 63aee871365f9c9e7fa9125672302a0fb250d34d Mon Sep 17 00:00:00 2001
+From: Gert Wollny
+Date: Tue, 30 Nov 2021 09:16:24 +0100
+Subject: [PATCH 2/2] vrend: propperly check whether the shader image range is
+ correct
+
+Also add a test to check the integer underflow.
+
+Closes: #251
+Signed-off-by: Gert Wollny
+Reviewed-by: Chia-I Wu
+
+cherry-pick from anongit.freedesktop.org/virglrenderer
+commit 2aed5d4...
+
+CVE: CVE-2022-0135
+Upstream-Status: Backport
+Signed-off-by: Joe Slater
+
+---
+ src/vrend_decode.c | 3 +-
+ tests/test_fuzzer_formats.c | 57 +
+ 2 files changed, 59 insertions(+), 1 deletion(-)
+
+diff --git a/src/vrend_decode.c b/src/vrend_decode.c
+index 91f5f24..6771b10 100644
+--- a/src/vrend_decode.c
b/src/vrend_decode.c
+@@ -1249,8 +1249,9 @@ static int vrend_decode_set_shader_images(struct
vrend_context *ctx, const uint3
+if (num_images < 1) {
+ return 0;
+}
++
+if (start_slot > PIPE_MAX_SHADER_IMAGES ||
+- start_slot > PIPE_MAX_SHADER_IMAGES - num_images)
++ start_slot + num_images > PIPE_MAX_SHADER_IMAGES)
+ return EINVAL;
+
+for (uint32_t i = 0; i < num_images; i++) {
+diff --git a/tests/test_fuzzer_formats.c b/tests/test_fuzzer_formats.c
+index 154a2e5..e32caf0 100644
+--- a/tests/test_fuzzer_formats.c
b/tests/test_fuzzer_formats.c
+@@ -958,6 +958,61 @@ static void test_vrend_set_signle_abo_heap_overflow() {
+ virgl_renderer_submit_cmd((void *) cmd, ctx_id, 0xde);
+ }
+
++static void test_vrend_set_shader_images_overflow()
++{
++uint32_t num_shaders = PIPE_MAX_SHADER_IMAGES + 1;
++uint32_t size = num_shaders * VIRGL_SET_SHADER_IMAGE_ELEMENT_SIZE + 3;
++uint32_t cmd[size];
++int i = 0;
++cmd[i++] = ((size - 1)<< 16) | 0 << 8 | VIRGL_CCMD_SET_SHADER_IMAGES;
++cmd[i++] = PIPE_SHADER_FRAGMENT;
++memset([i], 0, size - i);
++
++virgl_renderer_submit_cmd((void *) cmd, ctx_id, size);
++}
++
++/* Test adapted from yaojun8558...@gmail.com:
++ * https://gitlab.freedesktop.org/virgl/virglrenderer/-/issues/250
++*/
++static void test_vrend_3d_resource_overflow() {
++
++struct virgl_renderer_resource_create_args resource;
++resource.handle = 0x4c474572;
++resource.target = PIPE_TEXTURE_2D_ARRAY;
++resource.format = VIRGL_FORMAT_Z24X8_UNORM;
++resource.nr_samples = 2;
++resource.last_level = 0;
++resource.array_size = 3;
++resource.bind = VIRGL_BIND_SAMPLER_VIEW;
++resource.depth = 1;
++resource.width = 8;
++resource.height = 4;
++resource.flags = 0;
++
++virgl_renderer_resource_create(, NULL, 0);
++virgl_renderer_ctx_attach_resource(ctx_id, resource.handle);
++
++uint32_t size = 0x400;
++uint32_t cmd[size];
++int i = 0;
++cmd[i++] = (size - 1) << 16 | 0 << 8 | VIRGL_CCMD_RESOURCE_INLINE_WRITE;
++cmd[i++] = resource.handle;
++cmd[i++] = 0; // level
++cmd[i++] = 0; // usage
++cmd[i++] = 0; // stride
++cmd[i++] = 0; // layer_stride
++cmd[i++] = 0; // x
++cmd[i++] = 0; // y
++cmd[i++] = 0; // z
++cmd[i++] = 8; // w
++cmd[i++] = 4; // h
++cmd[i++] = 3; // d
++memset([i], 0, size - i);
++
++virgl_renderer_submit_cmd((void *) cmd, ctx_id, size);
++}
++
++
+ int main()
+ {
+initialize_environment();
+@@ -980,6 +1035,8 @@ int main()
+test_cs_nullpointer_deference();
+test_vrend_set_signle_abo_heap_overflow();
+
++ test_vrend_set_shader_images_overflow();
++ test_vrend_3d_resource_overflow();
+
+virgl_renderer_context_destroy(ctx_id);
+virgl_renderer_cleanup();
+--
+2.25.1
+
diff --git
a/meta/recipes-graphics/virglrenderer/virglrenderer/cve-2022-0175.patch
b/meta/recipes-graphics/virglrenderer/virglrenderer/cve-2022-0175.patch
new file mode 100644
index 00..7fbab75091
--- /dev/null
+++ b/meta/recipes-graphics/virglrenderer/virglren
[v2][oe-core][hardknott][PATCH 1/1] icu: increase pkgdata command buffer size
Mitigate pathname truncation when installing in a project
with a very long pathname.
Signed-off-by: Joe Slater
---
...pkgdata-increase-command-buffer-size.patch | 46 +++
meta/recipes-support/icu/icu_68.2.bb | 1 +
2 files changed, 47 insertions(+)
create mode 100644
meta/recipes-support/icu/icu/0001-pkgdata-increase-command-buffer-size.patch
diff --git
a/meta/recipes-support/icu/icu/0001-pkgdata-increase-command-buffer-size.patch
b/meta/recipes-support/icu/icu/0001-pkgdata-increase-command-buffer-size.patch
new file mode 100644
index 00..a5483568bb
--- /dev/null
+++
b/meta/recipes-support/icu/icu/0001-pkgdata-increase-command-buffer-size.patch
@@ -0,0 +1,46 @@
+From ab6b1acdeed76899f8227c38ab7e7675c7673ff1 Mon Sep 17 00:00:00 2001
+From: Joe Slater
+Date: Thu, 5 Aug 2021 09:23:48 -0700
+Subject: [PATCH 1/1] pkgdata: increase command buffer size
+
+Make cmd LARGE_BUFFER_SIZE to avoid pathname truncation
+when install paths are longer than about 150 characters.
+
+https://unicode-org.atlassian.net/browse/ICU-21702 has been
+created to address this issue and error reporting.
+
+Upstream-Status: Submitted [ICU-21702 opened]
+
+Signed-off-by: Joe Slater
+---
+ source/tools/pkgdata/pkgdata.cpp | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/source/tools/pkgdata/pkgdata.cpp
b/source/tools/pkgdata/pkgdata.cpp
+index 5ab682e..d4b70ef 100644
+--- a/tools/pkgdata/pkgdata.cpp
b/tools/pkgdata/pkgdata.cpp
+@@ -1131,17 +1131,17 @@ normal_symlink_mode:
+
+ static int32_t pkg_installLibrary(const char *installDir, const char
*targetDir, UBool noVersion) {
+ int32_t result = 0;
+-char cmd[SMALL_BUFFER_MAX_SIZE];
++char cmd[LARGE_BUFFER_MAX_SIZE];
+
+ auto ret = snprintf(cmd,
+-SMALL_BUFFER_MAX_SIZE,
++LARGE_BUFFER_MAX_SIZE,
+ "cd %s && %s %s %s%s%s",
+ targetDir,
+ pkgDataFlags[INSTALL_CMD],
+ libFileNames[LIB_FILE_VERSION],
+ installDir, PKGDATA_FILE_SEP_STRING,
libFileNames[LIB_FILE_VERSION]);
+ (void)ret;
+-U_ASSERT(0 <= ret && ret < SMALL_BUFFER_MAX_SIZE);
++U_ASSERT(0 <= ret && ret < LARGE_BUFFER_MAX_SIZE);
+
+ result = runCommand(cmd);
+
+--
+2.29.2
+
diff --git a/meta/recipes-support/icu/icu_68.2.bb
b/meta/recipes-support/icu/icu_68.2.bb
index 1ca87feee4..130212d245 100644
--- a/meta/recipes-support/icu/icu_68.2.bb
+++ b/meta/recipes-support/icu/icu_68.2.bb
@@ -107,6 +107,7 @@ SRC_URI = "${BASE_SRC_URI};name=code \
file://filter.json \
file://fix-install-manx.patch \
file://0001-icu-Added-armeb-support.patch \
+ file://0001-pkgdata-increase-command-buffer-size.patch \
"
SRC_URI_append_class-target = "\
--
2.31.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#155332):
https://lists.openembedded.org/g/openembedded-core/message/155332
Mute This Topic: https://lists.openembedded.org/mt/85148189/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [oe-core][hardknott][PATCH 1/1] icu: increase pkgdata command buffer size
https://unicode-org.atlassian.net/browse/ICU-21702 has been accepted. My patch
just mitigates the problem but does not take care of issues around lack of
error reporting.
Joe
> -Original Message-
> From: Mittal, Anuj
> Sent: Monday, August 23, 2021 9:04 PM
> To: Slater, Joseph ; openembedded-
> c...@lists.openembedded.org
> Cc: MacLeod, Randy
> Subject: Re: [oe-core][hardknott][PATCH 1/1] icu: increase pkgdata command
> buffer size
>
> Hi Joe,
>
> On Mon, 2021-08-23 at 14:29 -0700, Joe Slater wrote:
> > Mitigate pathname truncation when installing in a project with a very
> > long pathname. The patch is on the master branch, but they have moved
> > to a later version of icu so we cannot cherry-pick.
> >
> > Signed-off-by: Joe Slater
> > ---
> > ...pkgdata-increase-command-buffer-size.patch | 43
> > +++
> > meta/recipes-support/icu/icu_68.2.bb | 1 +
> > 2 files changed, 44 insertions(+)
> > create mode 100644
> > meta/recipes-support/icu/icu/0001-pkgdata-increase-
> > command-buffer-size.patch
> >
> > diff --git a/meta/recipes-support/icu/icu/0001-pkgdata-increase-
> > command-buffer-size.patch b/meta/recipes-support/icu/icu/0001-pkgdata-
> > increase-command-buffer-size.patch
> > new file mode 100644
> > index 00..ea68e4be9f
> > --- /dev/null
> > +++ b/meta/recipes-support/icu/icu/0001-pkgdata-increase-command-
> > buffer-size.patch
> > @@ -0,0 +1,43 @@
> > +From ab6b1acdeed76899f8227c38ab7e7675c7673ff1 Mon Sep 17 00:00:00
> > +2001
> > +From: Joe Slater
> > +Date: Thu, 5 Aug 2021 09:23:48 -0700
> > +Subject: [PATCH 1/1] pkgdata: increase command buffer size
> > +
> > +Make cmd LARGE_BUFFER_SIZE to avoid pathname truncation when install
> > +paths are longer than about 150 characters.
> > +
> > +Upstream-Status: Pending
>
> I think there was a comment from Alex on the original patch for master
> requesting this be sent upstream first. Can you do that please?
>
> Thanks,
>
> Anuj
>
> > +
> > +Signed-off-by: Joe Slater
> > +---
> > + source/tools/pkgdata/pkgdata.cpp | 6 +++---
> > + 1 file changed, 3 insertions(+), 3 deletions(-)
> > +
> > +diff --git a/source/tools/pkgdata/pkgdata.cpp
> > b/source/tools/pkgdata/pkgdata.cpp
> > +index 5ab682e..d4b70ef 100644
> > +--- a/tools/pkgdata/pkgdata.cpp
> > b/tools/pkgdata/pkgdata.cpp
> > +@@ -1131,17 +1131,17 @@ normal_symlink_mode:
> > +
> > + static int32_t pkg_installLibrary(const char *installDir, const char
> > *targetDir, UBool noVersion) {
> > + int32_t result = 0;
> > +- char cmd[SMALL_BUFFER_MAX_SIZE];
> > ++ char cmd[LARGE_BUFFER_MAX_SIZE];
> > +
> > + auto ret = snprintf(cmd,
> > +- SMALL_BUFFER_MAX_SIZE,
> > ++ LARGE_BUFFER_MAX_SIZE,
> > + "cd %s && %s %s %s%s%s",
> > + targetDir,
> > + pkgDataFlags[INSTALL_CMD],
> > + libFileNames[LIB_FILE_VERSION],
> > + installDir, PKGDATA_FILE_SEP_STRING,
> > libFileNames[LIB_FILE_VERSION]);
> > + (void)ret;
> > +- U_ASSERT(0 <= ret && ret < SMALL_BUFFER_MAX_SIZE);
> > ++ U_ASSERT(0 <= ret && ret < LARGE_BUFFER_MAX_SIZE);
> > +
> > + result = runCommand(cmd);
> > +
> > +--
> > +2.29.2
> > +
> > diff --git a/meta/recipes-support/icu/icu_68.2.bb b/meta/recipes-
> > support/icu/icu_68.2.bb index 1ca87feee4..130212d245 100644
> > --- a/meta/recipes-support/icu/icu_68.2.bb
> > +++ b/meta/recipes-support/icu/icu_68.2.bb
> > @@ -107,6 +107,7 @@ SRC_URI = "${BASE_SRC_URI};name=code \
> > file://filter.json \
> > file://fix-install-manx.patch \
> > file://0001-icu-Added-armeb-support.patch \
> > + file://0001-pkgdata-increase-command-buffer-size.patch \
> > "
> >
> > SRC_URI_append_class-target = "\
> >
> >
> >
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#155257):
https://lists.openembedded.org/g/openembedded-core/message/155257
Mute This Topic: https://lists.openembedded.org/mt/85096835/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[oe-core][hardknott][PATCH 1/1] icu: increase pkgdata command buffer size
Mitigate pathname truncation when installing in a project
with a very long pathname. The patch is on the master
branch, but they have moved to a later version of icu
so we cannot cherry-pick.
Signed-off-by: Joe Slater
---
...pkgdata-increase-command-buffer-size.patch | 43 +++
meta/recipes-support/icu/icu_68.2.bb | 1 +
2 files changed, 44 insertions(+)
create mode 100644
meta/recipes-support/icu/icu/0001-pkgdata-increase-command-buffer-size.patch
diff --git
a/meta/recipes-support/icu/icu/0001-pkgdata-increase-command-buffer-size.patch
b/meta/recipes-support/icu/icu/0001-pkgdata-increase-command-buffer-size.patch
new file mode 100644
index 00..ea68e4be9f
--- /dev/null
+++
b/meta/recipes-support/icu/icu/0001-pkgdata-increase-command-buffer-size.patch
@@ -0,0 +1,43 @@
+From ab6b1acdeed76899f8227c38ab7e7675c7673ff1 Mon Sep 17 00:00:00 2001
+From: Joe Slater
+Date: Thu, 5 Aug 2021 09:23:48 -0700
+Subject: [PATCH 1/1] pkgdata: increase command buffer size
+
+Make cmd LARGE_BUFFER_SIZE to avoid pathname truncation
+when install paths are longer than about 150 characters.
+
+Upstream-Status: Pending
+
+Signed-off-by: Joe Slater
+---
+ source/tools/pkgdata/pkgdata.cpp | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/source/tools/pkgdata/pkgdata.cpp
b/source/tools/pkgdata/pkgdata.cpp
+index 5ab682e..d4b70ef 100644
+--- a/tools/pkgdata/pkgdata.cpp
b/tools/pkgdata/pkgdata.cpp
+@@ -1131,17 +1131,17 @@ normal_symlink_mode:
+
+ static int32_t pkg_installLibrary(const char *installDir, const char
*targetDir, UBool noVersion) {
+ int32_t result = 0;
+-char cmd[SMALL_BUFFER_MAX_SIZE];
++char cmd[LARGE_BUFFER_MAX_SIZE];
+
+ auto ret = snprintf(cmd,
+-SMALL_BUFFER_MAX_SIZE,
++LARGE_BUFFER_MAX_SIZE,
+ "cd %s && %s %s %s%s%s",
+ targetDir,
+ pkgDataFlags[INSTALL_CMD],
+ libFileNames[LIB_FILE_VERSION],
+ installDir, PKGDATA_FILE_SEP_STRING,
libFileNames[LIB_FILE_VERSION]);
+ (void)ret;
+-U_ASSERT(0 <= ret && ret < SMALL_BUFFER_MAX_SIZE);
++U_ASSERT(0 <= ret && ret < LARGE_BUFFER_MAX_SIZE);
+
+ result = runCommand(cmd);
+
+--
+2.29.2
+
diff --git a/meta/recipes-support/icu/icu_68.2.bb
b/meta/recipes-support/icu/icu_68.2.bb
index 1ca87feee4..130212d245 100644
--- a/meta/recipes-support/icu/icu_68.2.bb
+++ b/meta/recipes-support/icu/icu_68.2.bb
@@ -107,6 +107,7 @@ SRC_URI = "${BASE_SRC_URI};name=code \
file://filter.json \
file://fix-install-manx.patch \
file://0001-icu-Added-armeb-support.patch \
+ file://0001-pkgdata-increase-command-buffer-size.patch \
"
SRC_URI_append_class-target = "\
--
2.31.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#155194):
https://lists.openembedded.org/g/openembedded-core/message/155194
Mute This Topic: https://lists.openembedded.org/mt/85096835/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [oe-core][PATCH 1/1] blktrace: change shebangs
When I previously checked upstream, they explicitly left the "python" when they converted the scripts to work with python3 because the scripts work with 2 or 3. Joe > -Original Message- > From: Richard Purdie > Sent: Monday, August 16, 2021 2:59 PM > To: Alexander Kanavin ; Slater, Joseph > > Cc: OE-core ; MacLeod, Randy > > Subject: Re: [oe-core][PATCH 1/1] blktrace: change shebangs > > On Mon, 2021-08-16 at 20:40 +0200, Alexander Kanavin wrote: > > On Mon, 16 Aug 2021 at 20:20, Joe Slater wrote: > > > +blktrace can use either python2 or python3, but we really want > > > +python3, so modify the shebangs. > > > + > > > +Upstream-Status: pending > > > + > > > +Signed-off-by: Joe Slater > > > > > > > > Please submit upstream first. Signed-off-by is incorrectly written, > > needs to be added by git preferably. 'Pending' needs to be capitalized > > (but please submit upstream first). > > I very much doubt upstream will want to change "python" -> "python3" as it is > a > distro thing. It is frustrating it isn't configurable. I think in most other > cases we > sed this into scripts but that has pros and cons too rather than a patch we > have > to carry... > > Cheers, > > Richard -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#154891): https://lists.openembedded.org/g/openembedded-core/message/154891 Mute This Topic: https://lists.openembedded.org/mt/84930362/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe-core][PATCH 1/1] blktrace: change shebangs
Change shebangs to python3 because we do not support python2.
Signed-off-by: Joe Slater
---
meta/recipes-kernel/blktrace/blktrace_git.bb | 4 ++-
.../blktrace/files/python3-shebangs.patch | 30 +++
2 files changed, 33 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-kernel/blktrace/files/python3-shebangs.patch
diff --git a/meta/recipes-kernel/blktrace/blktrace_git.bb
b/meta/recipes-kernel/blktrace/blktrace_git.bb
index d00b1bd0be..2f2695cef0 100644
--- a/meta/recipes-kernel/blktrace/blktrace_git.bb
+++ b/meta/recipes-kernel/blktrace/blktrace_git.bb
@@ -14,7 +14,9 @@ SRCREV = "366d30b9cdb20345c5d064af850d686da79b89eb"
PV = "1.3.0+git${SRCPV}"
-SRC_URI = "git://git.kernel.dk/blktrace.git"
+SRC_URI = "git://git.kernel.dk/blktrace.git \
+ file://python3-shebangs.patch \
+ "
S = "${WORKDIR}/git"
diff --git a/meta/recipes-kernel/blktrace/files/python3-shebangs.patch
b/meta/recipes-kernel/blktrace/files/python3-shebangs.patch
new file mode 100644
index 00..70a35c2c3a
--- /dev/null
+++ b/meta/recipes-kernel/blktrace/files/python3-shebangs.patch
@@ -0,0 +1,30 @@
+blktrace: Use python3 shebangs
+
+blktrace can use either python2 or python3, but we really want
+python3, so modify the shebangs.
+
+Upstream-Status: pending
+
+Signed-off-by: Joe Slater
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#154842):
https://lists.openembedded.org/g/openembedded-core/message/154842
Mute This Topic: https://lists.openembedded.org/mt/84930362/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [oe-core][PATCH 1/1] blktrace: add rdepends
I will get rid of the RDEPENDS. Joe
> -Original Message-
> From: Alexandre Belloni
> Sent: Saturday, August 14, 2021 2:39 AM
> To: Slater, Joseph
> Cc: openembedded-core@lists.openembedded.org; MacLeod, Randy
>
> Subject: Re: [oe-core][PATCH 1/1] blktrace: add rdepends
>
> Hello,
>
> On 13/08/2021 13:24:16-0700, Joe Slater wrote:
> > bno_plot.py uses gnuplot. Also change shebangs to
> > python3 because we do not support python2.
> >
> > Signed-off-by: Joe Slater
> > ---
> > meta/recipes-kernel/blktrace/blktrace_git.bb | 6 +++-
> > .../blktrace/files/python3-shebangs.patch | 30 +++
> > 2 files changed, 35 insertions(+), 1 deletion(-) create mode 100644
> > meta/recipes-kernel/blktrace/files/python3-shebangs.patch
> >
> > diff --git a/meta/recipes-kernel/blktrace/blktrace_git.bb
> > b/meta/recipes-kernel/blktrace/blktrace_git.bb
> > index d00b1bd0be..36ce282481 100644
> > --- a/meta/recipes-kernel/blktrace/blktrace_git.bb
> > +++ b/meta/recipes-kernel/blktrace/blktrace_git.bb
> > @@ -10,11 +10,15 @@ LIC_FILES_CHKSUM =
> "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
> >
> > DEPENDS = "libaio"
> >
> > +RDEPENDS:${PN} += "gnuplot"
> > +
>
> This breaks many builds on the autobuilders with:
>
> stdio: ERROR: Nothing RPROVIDES 'gnuplot' (but /home/pokybuild/yocto-
> worker/genericx86-64/build/meta/recipes-kernel/blktrace/blktrace_git.bb
> RDEPENDS on or otherwise requires it)
> stdio: ERROR: Nothing RPROVIDES 'blktrace-dev' (but /home/pokybuild/yocto-
> worker/genericx86-64/build/meta/recipes-kernel/blktrace/blktrace_git.bb
> RDEPENDS on or otherwise requires it)
>
> because gnuplot is part of meta-oe
>
> > SRCREV = "366d30b9cdb20345c5d064af850d686da79b89eb"
> >
> > PV = "1.3.0+git${SRCPV}"
> >
> > -SRC_URI = "git://git.kernel.dk/blktrace.git"
> > +SRC_URI = "git://git.kernel.dk/blktrace.git \
> > + file://python3-shebangs.patch \
> > + "
> >
> > S = "${WORKDIR}/git"
> >
> > diff --git a/meta/recipes-kernel/blktrace/files/python3-shebangs.patch
> > b/meta/recipes-kernel/blktrace/files/python3-shebangs.patch
> > new file mode 100644
> > index 00..70a35c2c3a
> > --- /dev/null
> > +++ b/meta/recipes-kernel/blktrace/files/python3-shebangs.patch
> > @@ -0,0 +1,30 @@
> > +blktrace: Use python3 shebangs
> > +
> > +blktrace can use either python2 or python3, but we really want
> > +python3, so modify the shebangs.
> > +
> > +Upstream-Status: pending
> > +
> > +Signed-off-by: Joe Slater > +
> > +
> > +diff --git a/btt/bno_plot.py b/btt/bno_plot.py index 3aa4e19..d7d7159
> > +100644
> > +--- a/btt/bno_plot.py
> > b/btt/bno_plot.py
> > +@@ -1,4 +1,4 @@
> > +-#! /usr/bin/env python
> > ++#! /usr/bin/env python3
> > + #
> > + # btt blkno plotting interface
> > + #
> > +diff --git a/btt/btt_plot.py b/btt/btt_plot.py index 40bc71f..8620d31
> > +100755
> > +--- a/btt/btt_plot.py
> > b/btt/btt_plot.py
> > +@@ -1,4 +1,4 @@
> > +-#! /usr/bin/env python
> > ++#! /usr/bin/env python3
> > + #
> > + # btt_plot.py: Generate matplotlib plots for BTT generate data files
> > + #
> > --
> > 2.25.1
> >
>
> >
> >
> >
>
>
> --
> Alexandre Belloni, co-owner and COO, Bootlin
> Embedded Linux and Kernel engineering
> https://bootlin.com
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#154841):
https://lists.openembedded.org/g/openembedded-core/message/154841
Mute This Topic: https://lists.openembedded.org/mt/84872571/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [oe-core][PATCH 1/1] blktrace: add rdepends
I wanted to make /usr/bin/python supplied by python3 but have that overridden
by a higher priority version in python2, but meta-python2 wouldn't go for it.
Without that, any alternative python3 supplies would replaced their version.
Joe
> -Original Message-
> From: Khem Raj
> Sent: Saturday, August 14, 2021 6:34 PM
> To: MacLeod, Randy ; Slater, Joseph
> ; openembedded-core@lists.openembedded.org
> Subject: Re: [oe-core][PATCH 1/1] blktrace: add rdepends
>
>
>
> On 8/13/21 4:34 PM, Randy MacLeod wrote:
> > On 2021-08-13 4:24 p.m., Joe Slater wrote:
> >> bno_plot.py uses gnuplot. Also change shebangs to
> >> python3 because we do not support python2.
> >
> > We need to get agreement about what 'python' is.
> > That's not something i follow and it's already late on Friday so I'm
> > CCing Trevor, Mr meta-python and pointing you to:
> >
> > https://www.python.org/dev/peps/pep-0394/
> >
> > which from a brief review seems to say that it's up to the
> > distribution! Fun!!
> >
> >
> > My preference without knowing what other distros have done is to have
> > the build system make a soft link:
> > python -> python3
> >
>
> Its better to be explicit, making softlink will silently try to run python
> scripts
> which assume python = python2 and do unexpected things
>
>
> >
> >>
> >> Signed-off-by: Joe Slater
> >> ---
> >> meta/recipes-kernel/blktrace/blktrace_git.bb | 6 +++-
> >> .../blktrace/files/python3-shebangs.patch | 30
> >> +++
> >> 2 files changed, 35 insertions(+), 1 deletion(-)
> >> create mode 100644
> >> meta/recipes-kernel/blktrace/files/python3-shebangs.patch
> >>
> >> diff --git a/meta/recipes-kernel/blktrace/blktrace_git.bb
> >> b/meta/recipes-kernel/blktrace/blktrace_git.bb
> >> index d00b1bd0be..36ce282481 100644
> >> --- a/meta/recipes-kernel/blktrace/blktrace_git.bb
> >> +++ b/meta/recipes-kernel/blktrace/blktrace_git.bb
> >> @@ -10,11 +10,15 @@ LIC_FILES_CHKSUM =
> >> "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
> >> DEPENDS = "libaio"
> >> +RDEPENDS:${PN} += "gnuplot"
> >
> > As the DESCRIPTION says:
> >
> > There are three major components:
> > a kernel component,
> > a utility to record the i/o trace information for
> > the kernel to user space,
> > and
> > utilities to analyse and view the trace information.
> >
> > so shouldn't we split the userspace part up so that the utilities are
> > packaged separately and people who want to collect data on target and
> > analyze it elsewhere don't pull in gnuplot and maybe more?
> >
> >
> >
> > ../Randy
> >
> >> +
> >> SRCREV = "366d30b9cdb20345c5d064af850d686da79b89eb"
> >> PV = "1.3.0+git${SRCPV}"
> >> -SRC_URI = "git://git.kernel.dk/blktrace.git"
> >> +SRC_URI = "git://git.kernel.dk/blktrace.git \
> >> + file://python3-shebangs.patch \
> >> + "
> >> S = "${WORKDIR}/git"
> >> diff --git
> >> a/meta/recipes-kernel/blktrace/files/python3-shebangs.patch
> >> b/meta/recipes-kernel/blktrace/files/python3-shebangs.patch
> >> new file mode 100644
> >> index 00..70a35c2c3a
> >> --- /dev/null
> >> +++ b/meta/recipes-kernel/blktrace/files/python3-shebangs.patch
> >> @@ -0,0 +1,30 @@
> >> +blktrace: Use python3 shebangs
> >> +
> >> +blktrace can use either python2 or python3, but we really want
> >> +python3, so modify the shebangs.
> >> +
> >> +Upstream-Status: pending
> >> +
> >> +Signed-off-by: Joe Slater >> +
> >> +
> >> +diff --git a/btt/bno_plot.py b/btt/bno_plot.py index
> >> +3aa4e19..d7d7159 100644
> >> +--- a/btt/bno_plot.py
> >> b/btt/bno_plot.py
> >> +@@ -1,4 +1,4 @@
> >> +-#! /usr/bin/env python
> >> ++#! /usr/bin/env python3
> >> + #
> >> + # btt blkno plotting interface
> >> + #
> >> +diff --git a/btt/btt_plot.py b/btt/btt_plot.py index
> >> +40bc71f..8620d31 100755
> >> +--- a/btt/btt_plot.py
> >> b/btt/btt_plot.py
> >> +@@ -1,4 +1,4 @@
> >> +-#! /usr/bin/env python
> >> ++#! /usr/bin/env python3
> >> + #
> >> + # btt_plot.py: Generate matplotlib plots for BTT generate data
> >> + files #
> >>
> >
> >
> >
> >
> >
> >
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#154840):
https://lists.openembedded.org/g/openembedded-core/message/154840
Mute This Topic: https://lists.openembedded.org/mt/84872571/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[oe-core][PATCH 1/1] blktrace: add rdepends
bno_plot.py uses gnuplot. Also change shebangs to
python3 because we do not support python2.
Signed-off-by: Joe Slater
---
meta/recipes-kernel/blktrace/blktrace_git.bb | 6 +++-
.../blktrace/files/python3-shebangs.patch | 30 +++
2 files changed, 35 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-kernel/blktrace/files/python3-shebangs.patch
diff --git a/meta/recipes-kernel/blktrace/blktrace_git.bb
b/meta/recipes-kernel/blktrace/blktrace_git.bb
index d00b1bd0be..36ce282481 100644
--- a/meta/recipes-kernel/blktrace/blktrace_git.bb
+++ b/meta/recipes-kernel/blktrace/blktrace_git.bb
@@ -10,11 +10,15 @@ LIC_FILES_CHKSUM =
"file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
DEPENDS = "libaio"
+RDEPENDS:${PN} += "gnuplot"
+
SRCREV = "366d30b9cdb20345c5d064af850d686da79b89eb"
PV = "1.3.0+git${SRCPV}"
-SRC_URI = "git://git.kernel.dk/blktrace.git"
+SRC_URI = "git://git.kernel.dk/blktrace.git \
+ file://python3-shebangs.patch \
+ "
S = "${WORKDIR}/git"
diff --git a/meta/recipes-kernel/blktrace/files/python3-shebangs.patch
b/meta/recipes-kernel/blktrace/files/python3-shebangs.patch
new file mode 100644
index 00..70a35c2c3a
--- /dev/null
+++ b/meta/recipes-kernel/blktrace/files/python3-shebangs.patch
@@ -0,0 +1,30 @@
+blktrace: Use python3 shebangs
+
+blktrace can use either python2 or python3, but we really want
+python3, so modify the shebangs.
+
+Upstream-Status: pending
+
+Signed-off-by: Joe Slater
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#154784):
https://lists.openembedded.org/g/openembedded-core/message/154784
Mute This Topic: https://lists.openembedded.org/mt/84872571/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[oe-core][PATCH 1/1] terminal.bbclass: force bash for devshell
Since shell_trap_code in build.py sets /bin/sh as the interpreter
we will die a silent death if our environment contains things like
"export -f bodilyfunction" and /bin/sh is really /bin/dash.
Fixes this for the case of devshell.
Signed-off-by: Joe Slater
---
meta/classes/terminal.bbclass | 5 -
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/meta/classes/terminal.bbclass b/meta/classes/terminal.bbclass
index 6059ae95e0..a564ee7494 100644
--- a/meta/classes/terminal.bbclass
+++ b/meta/classes/terminal.bbclass
@@ -26,6 +26,9 @@ def emit_terminal_func(command, envdata, d):
bb.utils.mkdirhier(os.path.dirname(runfile))
with open(runfile, 'w') as script:
+# Override the shell shell_trap_code specifies.
+# If our shell is bash, we might well face silent death.
+script.write("#!/bin/bash\n")
script.write(bb.build.shell_trap_code())
bb.data.emit_func(cmd_func, script, envdata)
script.write(cmd_func)
@@ -37,7 +40,7 @@ def emit_terminal_func(command, envdata, d):
def oe_terminal(command, title, d):
import oe.data
import oe.terminal
-
+
envdata = bb.data.init()
for v in os.environ:
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#154748):
https://lists.openembedded.org/g/openembedded-core/message/154748
Mute This Topic: https://lists.openembedded.org/mt/84852248/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[v2][oe-core][PATCH 1/1] icu: increase command buffer size
Make cmd in pkg_installLibrary() LARGE_BUFFER_SIZE to avoid
pathname truncation if the install path is longer than about
150 characters. For default compilation, the U_ASSERT does
not detect buffer overflow, but that issue is not addressed.
Signed-off-by: Joe Slater
---
...pkgdata-increase-command-buffer-size.patch | 43 +++
meta/recipes-support/icu/icu_69.1.bb | 1 +
2 files changed, 44 insertions(+)
create mode 100644
meta/recipes-support/icu/icu/0001-pkgdata-increase-command-buffer-size.patch
diff --git
a/meta/recipes-support/icu/icu/0001-pkgdata-increase-command-buffer-size.patch
b/meta/recipes-support/icu/icu/0001-pkgdata-increase-command-buffer-size.patch
new file mode 100644
index 00..ea68e4be9f
--- /dev/null
+++
b/meta/recipes-support/icu/icu/0001-pkgdata-increase-command-buffer-size.patch
@@ -0,0 +1,43 @@
+From ab6b1acdeed76899f8227c38ab7e7675c7673ff1 Mon Sep 17 00:00:00 2001
+From: Joe Slater
+Date: Thu, 5 Aug 2021 09:23:48 -0700
+Subject: [PATCH 1/1] pkgdata: increase command buffer size
+
+Make cmd LARGE_BUFFER_SIZE to avoid pathname truncation
+when install paths are longer than about 150 characters.
+
+Upstream-Status: Pending
+
+Signed-off-by: Joe Slater
+---
+ source/tools/pkgdata/pkgdata.cpp | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/source/tools/pkgdata/pkgdata.cpp
b/source/tools/pkgdata/pkgdata.cpp
+index 5ab682e..d4b70ef 100644
+--- a/tools/pkgdata/pkgdata.cpp
b/tools/pkgdata/pkgdata.cpp
+@@ -1131,17 +1131,17 @@ normal_symlink_mode:
+
+ static int32_t pkg_installLibrary(const char *installDir, const char
*targetDir, UBool noVersion) {
+ int32_t result = 0;
+-char cmd[SMALL_BUFFER_MAX_SIZE];
++char cmd[LARGE_BUFFER_MAX_SIZE];
+
+ auto ret = snprintf(cmd,
+-SMALL_BUFFER_MAX_SIZE,
++LARGE_BUFFER_MAX_SIZE,
+ "cd %s && %s %s %s%s%s",
+ targetDir,
+ pkgDataFlags[INSTALL_CMD],
+ libFileNames[LIB_FILE_VERSION],
+ installDir, PKGDATA_FILE_SEP_STRING,
libFileNames[LIB_FILE_VERSION]);
+ (void)ret;
+-U_ASSERT(0 <= ret && ret < SMALL_BUFFER_MAX_SIZE);
++U_ASSERT(0 <= ret && ret < LARGE_BUFFER_MAX_SIZE);
+
+ result = runCommand(cmd);
+
+--
+2.29.2
+
diff --git a/meta/recipes-support/icu/icu_69.1.bb
b/meta/recipes-support/icu/icu_69.1.bb
index bfeea8d2f0..00c22372b5 100644
--- a/meta/recipes-support/icu/icu_69.1.bb
+++ b/meta/recipes-support/icu/icu_69.1.bb
@@ -107,6 +107,7 @@ SRC_URI = "${BASE_SRC_URI};name=code \
file://filter.json \
file://fix-install-manx.patch \
file://0001-icu-Added-armeb-support.patch \
+ file://0001-pkgdata-increase-command-buffer-size.patch \
"
SRC_URI_append_class-target = "\
--
2.29.2
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#154566):
https://lists.openembedded.org/g/openembedded-core/message/154566
Mute This Topic: https://lists.openembedded.org/mt/84711017/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[oe-core][PATCH 1/1] icu: increase command buffer size
Make cmd in pkg_installLibrary() LARGE_BUFFER_SIZE to avoid
pathname truncation if the install path is longer than about
150 characters. For default compilation, the U_ASSERT does
not detect buffer overflow.
Signed-off-by: Joe Slater
---
...pkgdata-increase-command-buffer-size.patch | 41 +++
meta/recipes-support/icu/icu_69.1.bb | 1 +
2 files changed, 42 insertions(+)
create mode 100644
meta/recipes-support/icu/icu/0001-pkgdata-increase-command-buffer-size.patch
diff --git
a/meta/recipes-support/icu/icu/0001-pkgdata-increase-command-buffer-size.patch
b/meta/recipes-support/icu/icu/0001-pkgdata-increase-command-buffer-size.patch
new file mode 100644
index 00..14d17f9742
--- /dev/null
+++
b/meta/recipes-support/icu/icu/0001-pkgdata-increase-command-buffer-size.patch
@@ -0,0 +1,41 @@
+From ab6b1acdeed76899f8227c38ab7e7675c7673ff1 Mon Sep 17 00:00:00 2001
+From: Joe Slater
+Date: Thu, 5 Aug 2021 09:23:48 -0700
+Subject: [oe-core][PATCH 1/1] pkgdata: increase command buffer size
+
+Make cmd LARGE_BUFFER_SIZE to avoid pathname truncation
+when install paths are longer than about 150 characters.
+
+Signed-off-by: Joe Slater
+---
+ source/tools/pkgdata/pkgdata.cpp | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/source/tools/pkgdata/pkgdata.cpp
b/source/tools/pkgdata/pkgdata.cpp
+index 5ab682e..d4b70ef 100644
+--- a/tools/pkgdata/pkgdata.cpp
b/tools/pkgdata/pkgdata.cpp
+@@ -1131,17 +1131,17 @@ normal_symlink_mode:
+
+ static int32_t pkg_installLibrary(const char *installDir, const char
*targetDir, UBool noVersion) {
+ int32_t result = 0;
+-char cmd[SMALL_BUFFER_MAX_SIZE];
++char cmd[LARGE_BUFFER_MAX_SIZE];
+
+ auto ret = snprintf(cmd,
+-SMALL_BUFFER_MAX_SIZE,
++LARGE_BUFFER_MAX_SIZE,
+ "cd %s && %s %s %s%s%s",
+ targetDir,
+ pkgDataFlags[INSTALL_CMD],
+ libFileNames[LIB_FILE_VERSION],
+ installDir, PKGDATA_FILE_SEP_STRING,
libFileNames[LIB_FILE_VERSION]);
+ (void)ret;
+-U_ASSERT(0 <= ret && ret < SMALL_BUFFER_MAX_SIZE);
++U_ASSERT(0 <= ret && ret < LARGE_BUFFER_MAX_SIZE);
+
+ result = runCommand(cmd);
+
+--
+2.29.2
+
diff --git a/meta/recipes-support/icu/icu_69.1.bb
b/meta/recipes-support/icu/icu_69.1.bb
index bfeea8d2f0..00c22372b5 100644
--- a/meta/recipes-support/icu/icu_69.1.bb
+++ b/meta/recipes-support/icu/icu_69.1.bb
@@ -107,6 +107,7 @@ SRC_URI = "${BASE_SRC_URI};name=code \
file://filter.json \
file://fix-install-manx.patch \
file://0001-icu-Added-armeb-support.patch \
+ file://0001-pkgdata-increase-command-buffer-size.patch \
"
SRC_URI_append_class-target = "\
--
2.29.2
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#154524):
https://lists.openembedded.org/g/openembedded-core/message/154524
Mute This Topic: https://lists.openembedded.org/mt/84693849/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[oe-core][hardknott][PATCH 1/1] util-linux: fix CVE 2021-37600
Backport patch, which should be in next release (2.37.2).
Signed-off-by: Joe Slater
---
meta/recipes-core/util-linux/util-linux.inc| 1 +
.../util-linux/util-linux/CVE-2021-37600.patch | 38 ++
2 files changed, 39 insertions(+)
create mode 100644 meta/recipes-core/util-linux/util-linux/CVE-2021-37600.patch
diff --git a/meta/recipes-core/util-linux/util-linux.inc
b/meta/recipes-core/util-linux/util-linux.inc
index 6b47f41..b21d6d4 100644
--- a/meta/recipes-core/util-linux/util-linux.inc
+++ b/meta/recipes-core/util-linux/util-linux.inc
@@ -36,5 +36,6 @@ SRC_URI =
"${KERNELORG_MIRROR}/linux/utils/util-linux/v${MAJOR_VERSION}/util-lin
file://display_testname_for_subtest.patch \
file://avoid_parallel_tests.patch \
file://Automake-use-EXTRA_LTLIBRARIES-instead-of-noinst_LTL.patch \
+ file://CVE-2021-37600.patch \
"
SRC_URI[sha256sum] =
"f7516ba9d8689343594356f0e5e1a5f0da34adfbc89023437735872bb5024c5f"
diff --git a/meta/recipes-core/util-linux/util-linux/CVE-2021-37600.patch
b/meta/recipes-core/util-linux/util-linux/CVE-2021-37600.patch
new file mode 100644
index 000..11934ee
--- /dev/null
+++ b/meta/recipes-core/util-linux/util-linux/CVE-2021-37600.patch
@@ -0,0 +1,38 @@
+From 1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c Mon Sep 17 00:00:00 2001
+From: Karel Zak
+Date: Tue, 27 Jul 2021 11:58:31 +0200
+Subject: [PATCH] sys-utils/ipcutils: be careful when call calloc() for uint64
+ nmembs
+
+Fix: https://github.com/karelzak/util-linux/issues/1395
+Signed-off-by: Karel Zak
+
+CVE: CVE-2021-37600
+
+after version 2.37.1
+https://github.com/karelzak/util-linux.git 1c9143d0c1d...
+unmodified
+
+Upstream-Status: Backport
+
+Signed-off-by: Joe Slater
+---
+ sys-utils/ipcutils.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/sys-utils/ipcutils.c b/sys-utils/ipcutils.c
+index e784c4d..18868cf 100644
+--- a/sys-utils/ipcutils.c
b/sys-utils/ipcutils.c
+@@ -218,7 +218,7 @@ static void get_sem_elements(struct sem_data *p)
+ {
+ size_t i;
+
+- if (!p || !p->sem_nsems || p->sem_perm.id < 0)
++ if (!p || !p->sem_nsems || p->sem_nsems > SIZE_MAX || p->sem_perm.id <
0)
+ return;
+
+ p->elements = xcalloc(p->sem_nsems, sizeof(struct sem_elem));
+--
+2.7.4
+
--
2.7.4
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#154441):
https://lists.openembedded.org/g/openembedded-core/message/154441
Mute This Topic: https://lists.openembedded.org/mt/84666724/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH] qemu: always define unknown_lock_type
Your patch makes the error always occur at run time. We can preserve the intent of producing an error at link time with the attached patch which was NOT accepted upstream. I think they do not like the name QLNULL. In any event, it does work for all optimizations and applies to the latest master branch of qemu. Joe -Original Message- From: openembedded-core@lists.openembedded.org On Behalf Of Khem Raj Sent: Monday, September 14, 2020 8:23 AM To: Yu, Mingli Cc: Ross Burton ; OE-core Subject: Re: [OE-core] [PATCH] qemu: always define unknown_lock_type On Sun, Sep 13, 2020 at 11:29 PM Yu, Mingli wrote: > > > > On 9/14/20 2:02 PM, Khem Raj wrote: > > > > > > On 9/13/20 10:44 PM, Yu, Mingli wrote: > >> > >> > >> On 9/14/20 1:26 PM, Khem Raj wrote: > >>> > >>> > >>> On 9/13/20 6:50 PM, Yu, Mingli wrote: > > > On 9/10/20 6:41 PM, Ross Burton wrote: > > On Thu, 10 Sep 2020 at 04:03, Yu, Mingli > > > > wrote: > >> +Upstream-Status: Submitted [qemu-devel mailing list] > > > > https://lists.nongnu.org/archive/cgi-bin/namazu.cgi?query=unknow > > n_lock_type=Search%21=qemu-devel=20=no > > rmal=score > > > > > > doesn't find this patch, can you link to it please? > > > > Hi Ross, > > The link is > https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg03873 > .html, > will include the link in V2. > >>> > >>> are you compiling without __OPTIMIZE__ defined ? qemu may not work > >> > >> Hi Khem, > >> > >> I didn't especially customize something for __OPTIMIZE__, could > >> you help guide where to define it? > > > > perhaps you are not using one of -O option ? > > -Og passed to the compiler as DEBUG_BUILD = "1" defined in local.conf. Does qemu work when built with -Og 0001-lockable-use-QLNULL-for-a-null-lockable.patch Description: 0001-lockable-use-QLNULL-for-a-null-lockable.patch -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#142544): https://lists.openembedded.org/g/openembedded-core/message/142544 Mute This Topic: https://lists.openembedded.org/mt/76748224/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [oe-core][PATCH 1/1] pseudo: fix renaming to self
Since I (accidently) enabled the patch for pseudo-native as well as target, the
fact that builds still work and targets boot is a good sign. Beyond that, I
put pseudo on a target and verified the python3 rename.
For renameat(), I wrote a test I've attached to the Bugzilla case and compiled
it in a devshell for pseudo-native. Then, I used bin/pseudo in that devshell
to verify pseudo does not forget about renames to self.
Assuming there is no gotcha, testing for rename identity before accessing the
pseudo server saves many cycles. Too bad renaming something to itself never
happens.
-Original Message-
From: MacLeod, Randy
Sent: Wednesday, August 26, 2020 1:05 PM
To: Slater, Joseph ;
openembedded-core@lists.openembedded.org; Seebs
Subject: Re: [oe-core][PATCH 1/1] pseudo: fix renaming to self
Add Seebs.
Joe,
How did you test this change?
../Randy
On 2020-08-26 2:58 p.m., Joe Slater wrote:
> Pseudo tests for an item being renamed to itself only after
> information about it has been deleted. Move the test to before we
> change the database.
>
> Note that pseudo does not support renameat2(), but neither does glibc.
>
> Signed-off-by: Joe Slater
> ---
> .../pseudo/files/rename.patch | 73 +++
> meta/recipes-devtools/pseudo/pseudo_git.bb| 1 +
> 2 files changed, 74 insertions(+)
> create mode 100644 meta/recipes-devtools/pseudo/files/rename.patch
>
> diff --git a/meta/recipes-devtools/pseudo/files/rename.patch
> b/meta/recipes-devtools/pseudo/files/rename.patch
> new file mode 100644
> index 00..bc344db3b5
> --- /dev/null
> +++ b/meta/recipes-devtools/pseudo/files/rename.patch
> @@ -0,0 +1,73 @@
> +pseudo: fix renaming to self
> +
> +The pseudo rename guts test for an item being renamed to itself, only
> +after information about it has been deleted.
> +We move the test to before we play with the database.
> +
> +Note that pseudo does not support renameat2().
> +
> +Upstream-Status: Pending
> +
> +Signed-off-by: Joe Slater
> +
> +
> +--- a/ports/unix/guts/rename.c
> b/ports/unix/guts/rename.c
> +@@ -29,6 +29,14 @@
> + newrc = base_lstat(newpath, );
> + oldrc = base_lstat(oldpath, );
> +
> ++/* nothing to do for a "rename" of a link to itself */
> ++if (newrc != -1 && oldrc != -1 &&
> ++newbuf.st_dev == oldbuf.st_dev &&
> ++newbuf.st_ino == oldbuf.st_ino) {
> ++pseudo_debug(PDBGF_OP, "rename: paths are the same\n");
> ++return real_rename(oldpath, newpath);
> ++}
> ++
> + errno = save_errno;
> +
> + /* newpath must be removed. */
> +@@ -58,12 +66,6 @@
> + return rc;
> + }
> + save_errno = errno;
> +-/* nothing to do for a "rename" of a link to itself */
> +-if (newrc != -1 && oldrc != -1 &&
> +-newbuf.st_dev == oldbuf.st_dev &&
> +-newbuf.st_ino == oldbuf.st_ino) {
> +-return rc;
> +-}
> +
> + /* rename(3) is not mv(1). rename(file, dir) fails; you must provide
> + * the corrected path yourself. You can rename over a directory
> +only
> +--- a/ports/unix/guts/renameat.c
> b/ports/unix/guts/renameat.c
> +@@ -41,6 +41,14 @@
> + newrc = base_fstatat(newdirfd, newpath, ,
> +AT_SYMLINK_NOFOLLOW); #endif
> +
> ++/* nothing to do for a "rename" of a link to itself */
> ++if (newrc != -1 && oldrc != -1 &&
> ++newbuf.st_dev == oldbuf.st_dev &&
> ++newbuf.st_ino == oldbuf.st_ino) {
> ++pseudo_debug(PDBGF_OP, "renameat: paths are the same\n");
> ++return real_renameat(olddirfd, oldpath, newdirfd, newpath);
> ++}
> ++
> + errno = save_errno;
> +
> + /* newpath must be removed. */
> +@@ -71,12 +79,6 @@
> + return rc;
> + }
> + save_errno = errno;
> +-/* nothing to do for a "rename" of a link to itself */
> +-if (newrc != -1 && oldrc != -1 &&
> +-newbuf.st_dev == oldbuf.st_dev &&
> +-newbuf.st_ino == oldbuf.st_ino) {
> +-return rc;
> +-}
> +
> + /* rename(3) is not mv(1). rename(file, dir) fails; you must provide
> + * the corrected path yourself. You can rename over a directory
> + only
> diff --git a/meta/recipes-devtools/pseudo/pseudo_git.bb
> b/meta/recipes-devtools/pseudo/pseudo_git.bb
> index 9a22304bba..8d8cf8d523 100644
> --- a/meta/recipes-devtools/pseudo/pseudo_git.bb
> +++ b/meta/recipes-devtools/pseudo/pseudo_git.bb
> @@ -4,6 +4,7 @@ SRC_URI = "git://git.yoctoproject.org/pseudo;
[oe-core][PATCH 1/1] pseudo: fix renaming to self
Pseudo tests for an item being renamed to itself only after
information about it has been deleted. Move the test to before
we change the database.
Note that pseudo does not support renameat2(), but neither does
glibc.
Signed-off-by: Joe Slater
---
.../pseudo/files/rename.patch | 73 +++
meta/recipes-devtools/pseudo/pseudo_git.bb| 1 +
2 files changed, 74 insertions(+)
create mode 100644 meta/recipes-devtools/pseudo/files/rename.patch
diff --git a/meta/recipes-devtools/pseudo/files/rename.patch
b/meta/recipes-devtools/pseudo/files/rename.patch
new file mode 100644
index 00..bc344db3b5
--- /dev/null
+++ b/meta/recipes-devtools/pseudo/files/rename.patch
@@ -0,0 +1,73 @@
+pseudo: fix renaming to self
+
+The pseudo rename guts test for an item being renamed to
+itself, only after information about it has been deleted.
+We move the test to before we play with the database.
+
+Note that pseudo does not support renameat2().
+
+Upstream-Status: Pending
+
+Signed-off-by: Joe Slater
+
+
+--- a/ports/unix/guts/rename.c
b/ports/unix/guts/rename.c
+@@ -29,6 +29,14 @@
+ newrc = base_lstat(newpath, );
+ oldrc = base_lstat(oldpath, );
+
++ /* nothing to do for a "rename" of a link to itself */
++ if (newrc != -1 && oldrc != -1 &&
++ newbuf.st_dev == oldbuf.st_dev &&
++ newbuf.st_ino == oldbuf.st_ino) {
++ pseudo_debug(PDBGF_OP, "rename: paths are the same\n");
++ return real_rename(oldpath, newpath);
++}
++
+ errno = save_errno;
+
+ /* newpath must be removed. */
+@@ -58,12 +66,6 @@
+ return rc;
+ }
+ save_errno = errno;
+- /* nothing to do for a "rename" of a link to itself */
+- if (newrc != -1 && oldrc != -1 &&
+- newbuf.st_dev == oldbuf.st_dev &&
+- newbuf.st_ino == oldbuf.st_ino) {
+- return rc;
+-}
+
+ /* rename(3) is not mv(1). rename(file, dir) fails; you must provide
+* the corrected path yourself. You can rename over a directory only
+--- a/ports/unix/guts/renameat.c
b/ports/unix/guts/renameat.c
+@@ -41,6 +41,14 @@
+ newrc = base_fstatat(newdirfd, newpath, , AT_SYMLINK_NOFOLLOW);
+ #endif
+
++ /* nothing to do for a "rename" of a link to itself */
++ if (newrc != -1 && oldrc != -1 &&
++ newbuf.st_dev == oldbuf.st_dev &&
++ newbuf.st_ino == oldbuf.st_ino) {
++ pseudo_debug(PDBGF_OP, "renameat: paths are the same\n");
++ return real_renameat(olddirfd, oldpath, newdirfd, newpath);
++}
++
+ errno = save_errno;
+
+ /* newpath must be removed. */
+@@ -71,12 +79,6 @@
+ return rc;
+ }
+ save_errno = errno;
+- /* nothing to do for a "rename" of a link to itself */
+- if (newrc != -1 && oldrc != -1 &&
+- newbuf.st_dev == oldbuf.st_dev &&
+- newbuf.st_ino == oldbuf.st_ino) {
+- return rc;
+-}
+
+ /* rename(3) is not mv(1). rename(file, dir) fails; you must provide
+* the corrected path yourself. You can rename over a directory only
diff --git a/meta/recipes-devtools/pseudo/pseudo_git.bb
b/meta/recipes-devtools/pseudo/pseudo_git.bb
index 9a22304bba..8d8cf8d523 100644
--- a/meta/recipes-devtools/pseudo/pseudo_git.bb
+++ b/meta/recipes-devtools/pseudo/pseudo_git.bb
@@ -4,6 +4,7 @@ SRC_URI = "git://git.yoctoproject.org/pseudo;branch=oe-core \
file://0001-configure-Prune-PIE-flags.patch \
file://fallback-passwd \
file://fallback-group \
+ file://rename.patch \
"
SRCREV = "8efb082863ff0ceec7b7e46f9a44750e12f48039"
--
2.17.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#141872):
https://lists.openembedded.org/g/openembedded-core/message/141872
Mute This Topic: https://lists.openembedded.org/mt/76435736/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[oe-core][PATCH 0/1] pseudo - renaming to self
Bugzilla 13426 Simple test using rename() and renameat() attached to case. Joe Slater (1): pseudo: fix renaming to self .../pseudo/files/rename.patch | 73 +++ meta/recipes-devtools/pseudo/pseudo_git.bb| 1 + 2 files changed, 74 insertions(+) create mode 100644 meta/recipes-devtools/pseudo/files/rename.patch -- 2.17.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#141871): https://lists.openembedded.org/g/openembedded-core/message/141871 Mute This Topic: https://lists.openembedded.org/mt/76435734/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] cleansstate
I use it via cleanall to be sure I'm building something as if it had never been built before. I share sstate between a number of projects (I'm calling where you run bitbake from a project), and sometimes just want to be sure there's no "contamination". Joe -Original Message- From: Richard Purdie Sent: Saturday, August 22, 2020 12:28 AM To: Tom King Cc: Slater, Joseph ; openembedded-core@lists.openembedded.org Subject: Re: [OE-core] cleansstate On Fri, 2020-08-21 at 17:32 -0700, Tom King wrote: > What would be a use case for cleanstate? I never really wanted to add it at all. There is/was some case for wanting to remove sstate objects and ensure something really does rebuild from source. When sstate was new and had more issues, people really wanted it and I was pushed into having it exist. I understand why people want it although it should never really need to be used. There are some users who do use it regularly and they really need to think about why and whether they need to. Personally, I don't use it. Cheers, Richard -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#141780): https://lists.openembedded.org/g/openembedded-core/message/141780 Mute This Topic: https://lists.openembedded.org/mt/76298145/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] cleansstate
This might be specific to the distro I am typically using (take a guess) but I notice that cleansstate usually pauses at the 33% mark for a significant amount of time. I don't think this used to be quite as bad as it is now, but it is hard to remember. Just an observation that someone might be able to confirm/deny/explain. Joe -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#141650): https://lists.openembedded.org/g/openembedded-core/message/141650 Mute This Topic: https://lists.openembedded.org/mt/76298145/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe-core][V2][PATCH 1/1] gcr: make sure gcr-oids.h is generated
Backport, without modification, a patch from mainline after
gcr-3-36 branch created.
Signed-off-by: Joe Slater
---
...-meson-Make-sure-gcr-oids.h-is-built.patch | 36 +++
meta/recipes-gnome/gcr/gcr_3.36.0.bb | 2 ++
2 files changed, 38 insertions(+)
create mode 100644
meta/recipes-gnome/gcr/gcr/0001-meson-Make-sure-gcr-oids.h-is-built.patch
diff --git
a/meta/recipes-gnome/gcr/gcr/0001-meson-Make-sure-gcr-oids.h-is-built.patch
b/meta/recipes-gnome/gcr/gcr/0001-meson-Make-sure-gcr-oids.h-is-built.patch
new file mode 100644
index 00..9692ea3642
--- /dev/null
+++ b/meta/recipes-gnome/gcr/gcr/0001-meson-Make-sure-gcr-oids.h-is-built.patch
@@ -0,0 +1,36 @@
+From 9fca6ae0aa7355c27d0922c561b9fbe18dde5b3d Mon Sep 17 00:00:00 2001
+From: Niels De Graef
+Date: Fri, 19 Jun 2020 22:37:31 +0200
+Subject: [PATCH 1/1] meson: Make sure gcr-oids.h is built
+
+Fixes https://gitlab.gnome.org/GNOME/gcr/-/issues/48
+---
+ gcr/meson.build | 5 -
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+--- end of original header ---
+
+Upstream-Status: Backport [https://github.com/GNOME/gcr.git]
+
+Signed-off-by: Joe Slater
+
+---
+diff --git a/gcr/meson.build b/gcr/meson.build
+index 199452f..06c3a63 100644
+--- a/gcr/meson.build
b/gcr/meson.build
+@@ -178,7 +178,10 @@ endif
+ gcr_base_dep = declare_dependency(
+ link_with: gcr_base_lib,
+ include_directories: include_directories('..'),
+- sources: gcr_enums_gen[1], # Make sure gcr-enum-types-base.h can be included
++ sources: [
++gcr_enums_gen[1],
++gcr_oids[1],
++ ],
+ )
+
+ if get_option('introspection')
+--
+2.7.4
+
diff --git a/meta/recipes-gnome/gcr/gcr_3.36.0.bb
b/meta/recipes-gnome/gcr/gcr_3.36.0.bb
index d5a88dfb35..ff455a68ec 100644
--- a/meta/recipes-gnome/gcr/gcr_3.36.0.bb
+++ b/meta/recipes-gnome/gcr/gcr_3.36.0.bb
@@ -18,6 +18,8 @@ inherit gnomebase gtk-icon-cache gtk-doc features_check
upstream-version-is-even
REQUIRED_DISTRO_FEATURES = "x11"
SRC_URI += "
file://0001-meson.build-correctly-set-internal-vapi-dependencies.patch"
+SRC_URI += " file://0001-meson-Make-sure-gcr-oids.h-is-built.patch"
+
SRC_URI[archive.md5sum] = "adc65563b6b458507b9a578a8b68fb61"
SRC_URI[archive.sha256sum] =
"aaf9bed017a2263c6145c89a1a84178f9f40f238426463e4ae486694ef5f6601"
--
2.17.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#141374):
https://lists.openembedded.org/g/openembedded-core/message/141374
Mute This Topic: https://lists.openembedded.org/mt/76129439/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[oe-core][PATCH 1/1] gcr: make sure gcr-oids.h is generated
Backport, without modification, a patch from mainline after
gcr-3-36 branch created.
Signed-off-by: Joe Slater
---
...-meson-Make-sure-gcr-oids.h-is-built.patch | 36 +++
meta/recipes-gnome/gcr/gcr_3.36.0.bb | 2 ++
2 files changed, 38 insertions(+)
create mode 100644
meta/recipes-gnome/gcr/gcr/0001-meson-Make-sure-gcr-oids.h-is-built.patch
diff --git
a/meta/recipes-gnome/gcr/gcr/0001-meson-Make-sure-gcr-oids.h-is-built.patch
b/meta/recipes-gnome/gcr/gcr/0001-meson-Make-sure-gcr-oids.h-is-built.patch
new file mode 100644
index 00..3c8902d05e
--- /dev/null
+++ b/meta/recipes-gnome/gcr/gcr/0001-meson-Make-sure-gcr-oids.h-is-built.patch
@@ -0,0 +1,36 @@
+From 9fca6ae0aa7355c27d0922c561b9fbe18dde5b3d Mon Sep 17 00:00:00 2001
+From: Niels De Graef
+Date: Fri, 19 Jun 2020 22:37:31 +0200
+Subject: [PATCH 1/1] meson: Make sure gcr-oids.h is built
+
+Fixes https://gitlab.gnome.org/GNOME/gcr/-/issues/48
+---
+ gcr/meson.build | 5 -
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+--- end of original header ---
+
+Upstream-Status: backport [https://github.com/GNOME/gcr.git]
+
+Signed-off-by: Joe Slater
+
+---
+diff --git a/gcr/meson.build b/gcr/meson.build
+index 199452f..06c3a63 100644
+--- a/gcr/meson.build
b/gcr/meson.build
+@@ -178,7 +178,10 @@ endif
+ gcr_base_dep = declare_dependency(
+ link_with: gcr_base_lib,
+ include_directories: include_directories('..'),
+- sources: gcr_enums_gen[1], # Make sure gcr-enum-types-base.h can be included
++ sources: [
++gcr_enums_gen[1],
++gcr_oids[1],
++ ],
+ )
+
+ if get_option('introspection')
+--
+2.7.4
+
diff --git a/meta/recipes-gnome/gcr/gcr_3.36.0.bb
b/meta/recipes-gnome/gcr/gcr_3.36.0.bb
index d5a88dfb35..ff455a68ec 100644
--- a/meta/recipes-gnome/gcr/gcr_3.36.0.bb
+++ b/meta/recipes-gnome/gcr/gcr_3.36.0.bb
@@ -18,6 +18,8 @@ inherit gnomebase gtk-icon-cache gtk-doc features_check
upstream-version-is-even
REQUIRED_DISTRO_FEATURES = "x11"
SRC_URI += "
file://0001-meson.build-correctly-set-internal-vapi-dependencies.patch"
+SRC_URI += " file://0001-meson-Make-sure-gcr-oids.h-is-built.patch"
+
SRC_URI[archive.md5sum] = "adc65563b6b458507b9a578a8b68fb61"
SRC_URI[archive.sha256sum] =
"aaf9bed017a2263c6145c89a1a84178f9f40f238426463e4ae486694ef5f6601"
--
2.17.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#141358):
https://lists.openembedded.org/g/openembedded-core/message/141358
Mute This Topic: https://lists.openembedded.org/mt/76115036/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[v1 resend][oe-core][PATCH 1/1] gconf: use python3
Modify gsettings-schema-convert to use python3. Also
add RDEPEND on python3-xml.
Signed-off-by: Joe Slater
---
meta/recipes-gnome/gnome/gconf/python3.patch | 60
meta/recipes-gnome/gnome/gconf_3.2.6.bb | 3 ++
2 files changed, 63 insertions(+)
create mode 100644 meta/recipes-gnome/gnome/gconf/python3.patch
diff --git a/meta/recipes-gnome/gnome/gconf/python3.patch
b/meta/recipes-gnome/gnome/gconf/python3.patch
new file mode 100644
index 000..7c022a2
--- /dev/null
+++ b/meta/recipes-gnome/gnome/gconf/python3.patch
@@ -0,0 +1,60 @@
+gconf: use python3
+
+Convert gsettings-schema-convert to use python3.
+
+Upstream-Status: Inappropriate [gconf is deprecated]
+
+Signed-off-by: Joe Slater
+
+
+--- a/gsettings/gsettings-schema-convert
b/gsettings/gsettings-schema-convert
+@@ -1,4 +1,4 @@
+-#!/usr/bin/env python
++#!/usr/bin/env python3
+ # vim: set ts=4 sw=4 et: coding=UTF-8
+ #
+ # Copyright (c) 2010, Novell, Inc.
+@@ -603,7 +603,7 @@ class SimpleSchemaParser:
+ for line in lines:
+ current_line_nb += 1
+ self.parse_line(line)
+-except GSettingsSchemaConvertException, e:
++except GSettingsSchemaConvertException as e:
+ raise GSettingsSchemaConvertException('%s:%s: %s' %
(os.path.basename(self.file), current_line_nb, e))
+
+ return self.root
+@@ -1095,7 +1095,7 @@ def main(args):
+ try:
+ parser = GConfSchemaParser(argfile, options.gettext_domain,
options.schema_id, options.keep_underscores)
+ schema_root = parser.parse()
+-except SyntaxError, e:
++except SyntaxError as e:
+ raise GSettingsSchemaConvertException('\'%s\' does not look
like a valid gconf schema file: %s' % (argfile, e))
+ else:
+ # autodetect if file is XML or not
+@@ -1104,7 +1104,7 @@ def main(args):
+ schema_root = parser.parse()
+ if not options.simple and not options.xml:
+ options.simple = True
+-except SyntaxError, e:
++except SyntaxError as e:
+ parser = SimpleSchemaParser(argfile)
+ schema_root = parser.parse()
+ if not options.simple and not options.xml:
+@@ -1127,13 +1127,13 @@ def main(args):
+ fout = open(options.output, 'w')
+ fout.write(output)
+ fout.close()
+-except GSettingsSchemaConvertException, e:
++except GSettingsSchemaConvertException as e:
+ fout.close()
+ if os.path.exists(options.output):
+ os.unlink(options.output)
+ raise e
+
+-except GSettingsSchemaConvertException, e:
++except GSettingsSchemaConvertException as e:
+ print >> sys.stderr, '%s' % e
+ return 1
+
diff --git a/meta/recipes-gnome/gnome/gconf_3.2.6.bb
b/meta/recipes-gnome/gnome/gconf_3.2.6.bb
index b8466d4..ff36555 100644
--- a/meta/recipes-gnome/gnome/gconf_3.2.6.bb
+++ b/meta/recipes-gnome/gnome/gconf_3.2.6.bb
@@ -15,6 +15,7 @@ SRC_URI =
"${GNOME_MIRROR}/GConf/${@gnome_verdir("${PV}")}/GConf-${PV}.tar.xz;na
file://remove_plus_from_invalid_characters_list.patch \
file://unable-connect-dbus.patch \
file://create_config_directory.patch \
+ file://python3.patch \
"
SRC_URI[archive.md5sum] = "2b16996d0e4b112856ee5c59130e822c"
@@ -52,6 +53,8 @@ FILES_${PN} += "${libdir}/GConf/* \
${datadir}/dbus-1/services/*.service \
${datadir}/dbus-1/system-services/*.service \
"
+RDEPENDS_${PN} = "python3-xml"
+
FILES_${PN}-dev += "${datadir}/sgml/gconf/gconf-1.0.dtd"
BBCLASSEXTEND = "native"
--
2.7.4
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#140938):
https://lists.openembedded.org/g/openembedded-core/message/140938
Mute This Topic: https://lists.openembedded.org/mt/75776521/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [oe-core][PATCH 1/1] libdnf: allow reproducible binary builds
We never enable the tests, however the "directory" is processed, perhaps by
code that is never executed, but the code is built into the library. Since it
is already dealing with a directory that will not exist on the target, I felt
it safer just to feed it a "safe" name and let upstream deal with not building
the code in the first place.
Joe
-Original Message-
From: Richard Purdie
Sent: Wednesday, July 22, 2020 3:01 PM
To: Slater, Joseph ;
openembedded-core@lists.openembedded.org
Cc: MacLeod, Randy
Subject: Re: [oe-core][PATCH 1/1] libdnf: allow reproducible binary builds
On Wed, 2020-07-22 at 13:31 -0700, Joe Slater wrote:
> Use a static TESTDATADIR if tests are disabled. Allow override of
> TESTDATADIR if tests are enabled since the default will be wrong for
> target builds.
>
> Signed-off-by: Joe Slater
> ---
> .../libdnf/libdnf/enable_test_data_dir_set.patch | 26
> ++
> meta/recipes-devtools/libdnf/libdnf_0.48.0.bb | 1 +
> 2 files changed, 27 insertions(+)
> create mode 100644
> meta/recipes-devtools/libdnf/libdnf/enable_test_data_dir_set.patch
>
> diff --git
> a/meta/recipes-devtools/libdnf/libdnf/enable_test_data_dir_set.patch
> b/meta/recipes-devtools/libdnf/libdnf/enable_test_data_dir_set.patch
> new file mode 100644
> index 000..e3784cc
> --- /dev/null
> +++ b/meta/recipes-devtools/libdnf/libdnf/enable_test_data_dir_set.pat
> +++ ch
> @@ -0,0 +1,26 @@
> +libdnf: allow reproducible binary builds
> +
> +Use a dummy directory for test data if not built WITH_TESTS. Allow
> +for overriding TESTDATADIR, since the default is guaranteed to be wrong for
> target builds.
> +
> +Upstream-Status: Pending
> +
> +Signed-off-by: Joe Slater
> +
> +
> +--- a/CMakeLists.txt
> b/CMakeLists.txt
> +@@ -133,7 +133,12 @@ add_definitions(-DG_LOG_DOMAIN=\\"libdnf
> + add_definitions(-D_FILE_OFFSET_BITS=64)
> +
> + # tests
> +-add_definitions(-DTESTDATADIR=\\"${CMAKE_SOURCE_DIR}/data/tests\\")
> ++if(NOT WITH_TESTS)
> ++ set(TEST_DATA_DIR "/notests")
> ++elseif(NOT DEFINED TEST_DATA_DIR)
> ++ set(TEST_DATA_DIR "${CMAKE_SOURCE_DIR}/data/tests")
> ++endif()
> ++add_definitions(-DTESTDATADIR=\\"${TEST_DATA_DIR}\\")
Do we need to set a value in the build or do we never enable the tests?
Cheers,
Richard
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#140900):
https://lists.openembedded.org/g/openembedded-core/message/140900
Mute This Topic: https://lists.openembedded.org/mt/75733268/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[oe-core][PATCH 1/1] libdnf: allow reproducible binary builds
Use a static TESTDATADIR if tests are disabled. Allow
override of TESTDATADIR if tests are enabled since the
default will be wrong for target builds.
Signed-off-by: Joe Slater
---
.../libdnf/libdnf/enable_test_data_dir_set.patch | 26 ++
meta/recipes-devtools/libdnf/libdnf_0.48.0.bb | 1 +
2 files changed, 27 insertions(+)
create mode 100644
meta/recipes-devtools/libdnf/libdnf/enable_test_data_dir_set.patch
diff --git a/meta/recipes-devtools/libdnf/libdnf/enable_test_data_dir_set.patch
b/meta/recipes-devtools/libdnf/libdnf/enable_test_data_dir_set.patch
new file mode 100644
index 000..e3784cc
--- /dev/null
+++ b/meta/recipes-devtools/libdnf/libdnf/enable_test_data_dir_set.patch
@@ -0,0 +1,26 @@
+libdnf: allow reproducible binary builds
+
+Use a dummy directory for test data if not built WITH_TESTS. Allow for
overriding
+TESTDATADIR, since the default is guaranteed to be wrong for target builds.
+
+Upstream-Status: Pending
+
+Signed-off-by: Joe Slater
+
+
+--- a/CMakeLists.txt
b/CMakeLists.txt
+@@ -133,7 +133,12 @@ add_definitions(-DG_LOG_DOMAIN=\\"libdnf
+ add_definitions(-D_FILE_OFFSET_BITS=64)
+
+ # tests
+-add_definitions(-DTESTDATADIR=\\"${CMAKE_SOURCE_DIR}/data/tests\\")
++if(NOT WITH_TESTS)
++ set(TEST_DATA_DIR "/notests")
++elseif(NOT DEFINED TEST_DATA_DIR)
++ set(TEST_DATA_DIR "${CMAKE_SOURCE_DIR}/data/tests")
++endif()
++add_definitions(-DTESTDATADIR=\\"${TEST_DATA_DIR}\\")
+
+ # librhsm
+ if(ENABLE_RHSM_SUPPORT)
diff --git a/meta/recipes-devtools/libdnf/libdnf_0.48.0.bb
b/meta/recipes-devtools/libdnf/libdnf_0.48.0.bb
index 947b2f2..37991e6 100644
--- a/meta/recipes-devtools/libdnf/libdnf_0.48.0.bb
+++ b/meta/recipes-devtools/libdnf/libdnf_0.48.0.bb
@@ -8,6 +8,7 @@ SRC_URI =
"git://github.com/rpm-software-management/libdnf;branch=dnf-4-master \
file://0001-Get-parameters-for-both-libsolv-and-libsolvext-libdn.patch \
file://0001-Add-WITH_TESTS-option.patch \
file://0001-Look-fo-sphinx-only-if-documentation-is-actually-ena.patch \
+ file://enable_test_data_dir_set.patch \
"
SRCREV = "46a28d0cf09277fffc11392e5e362a2eda0d53a8"
--
2.7.4
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#140875):
https://lists.openembedded.org/g/openembedded-core/message/140875
Mute This Topic: https://lists.openembedded.org/mt/75733268/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[oe-core][PATCH 1/1] systemd-conf: unpack to $S
systemd-conf copies some files to the target but they
are in WORKDIR and not visible to the archiver. Unpack
them to S.
Signed-off-by: Joe Slater
---
.../systemd/systemd-conf_245.6.bb | 20 +--
1 file changed, 10 insertions(+), 10 deletions(-)
diff --git a/meta/recipes-core/systemd/systemd-conf_245.6.bb
b/meta/recipes-core/systemd/systemd-conf_245.6.bb
index d9ec023bfd..d205a60859 100644
--- a/meta/recipes-core/systemd/systemd-conf_245.6.bb
+++ b/meta/recipes-core/systemd/systemd-conf_245.6.bb
@@ -6,23 +6,23 @@ LICENSE = "MIT"
LIC_FILES_CHKSUM =
"file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
SRC_URI = "\
-file://journald.conf \
-file://logind.conf \
-file://system.conf \
-file://system.conf-qemuall \
-file://wired.network \
+file://journald.conf;subdir=${BP} \
+file://logind.conf;subdir=${BP} \
+file://system.conf;subdir=${BP} \
+file://system.conf-qemuall;subdir=${BP} \
+file://wired.network;subdir=${BP} \
"
do_install() {
- install -D -m0644 ${WORKDIR}/journald.conf
${D}${systemd_unitdir}/journald.conf.d/00-${PN}.conf
- install -D -m0644 ${WORKDIR}/logind.conf
${D}${systemd_unitdir}/logind.conf.d/00-${PN}.conf
- install -D -m0644 ${WORKDIR}/system.conf
${D}${systemd_unitdir}/system.conf.d/00-${PN}.conf
- install -D -m0644 ${WORKDIR}/wired.network
${D}${systemd_unitdir}/network/80-wired.network
+ install -D -m0644 ${S}/journald.conf
${D}${systemd_unitdir}/journald.conf.d/00-${PN}.conf
+ install -D -m0644 ${S}/logind.conf
${D}${systemd_unitdir}/logind.conf.d/00-${PN}.conf
+ install -D -m0644 ${S}/system.conf
${D}${systemd_unitdir}/system.conf.d/00-${PN}.conf
+ install -D -m0644 ${S}/wired.network
${D}${systemd_unitdir}/network/80-wired.network
}
# Based on change from YP bug 8141, OE commit
5196d7bacaef1076c361adaa2867be31759c1b52
do_install_append_qemuall() {
- install -D -m0644 ${WORKDIR}/system.conf-qemuall
${D}${systemd_unitdir}/system.conf.d/01-${PN}.conf
+ install -D -m0644 ${S}/system.conf-qemuall
${D}${systemd_unitdir}/system.conf.d/01-${PN}.conf
# Do not install wired.network for qemu bsps
rm -rf ${D}${systemd_unitdir}/network
--
2.17.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#140198):
https://lists.openembedded.org/g/openembedded-core/message/140198
Mute This Topic: https://lists.openembedded.org/mt/75246650/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[oe-core][PATCH 1/1] jquery: use ${S}
Currently, several files are unpacked to WORKDIR and installed.
This makes them invisible to the archiver. Unpack to S.
Signed-off-by: Joe Slater
---
meta/recipes-devtools/jquery/jquery_3.5.1.bb | 16 +---
1 file changed, 9 insertions(+), 7 deletions(-)
diff --git a/meta/recipes-devtools/jquery/jquery_3.5.1.bb
b/meta/recipes-devtools/jquery/jquery_3.5.1.bb
index b4d7e80afe..62f0dfb0c5 100644
--- a/meta/recipes-devtools/jquery/jquery_3.5.1.bb
+++ b/meta/recipes-devtools/jquery/jquery_3.5.1.bb
@@ -2,12 +2,14 @@ SUMMARY = "jQuery is a fast, small, and feature-rich
JavaScript library"
HOMEPAGE = "https://jquery.com/;
LICENSE = "MIT"
SECTION = "devel"
-LIC_FILES_CHKSUM =
"file://${WORKDIR}/${BP}.js;beginline=8;endline=10;md5=ebd7bc5d23ab165188e526a0c65d24bb"
+LIC_FILES_CHKSUM =
"file://${S}/${BP}.js;beginline=8;endline=10;md5=ebd7bc5d23ab165188e526a0c65d24bb"
+# unpack items to ${S} so the archiver can see them
+#
SRC_URI = "\
-https://code.jquery.com/${BP}.js;name=js \
-https://code.jquery.com/${BP}.min.js;name=min \
-https://code.jquery.com/${BP}.min.map;name=map \
+https://code.jquery.com/${BP}.js;name=js;subdir=${BP} \
+https://code.jquery.com/${BP}.min.js;name=min;subdir=${BP} \
+https://code.jquery.com/${BP}.min.map;name=map;subdir=${BP} \
"
SRC_URI[js.sha256sum] =
"416a3b2c3bf16d64f6b5b6d0f7b079df2267614dd6847fc2f3271b4409233c37"
@@ -20,9 +22,9 @@ inherit allarch
do_install() {
install -d ${D}${datadir}/javascript/${BPN}/
-install -m 644 ${WORKDIR}/${BP}.js
${D}${datadir}/javascript/${BPN}/${BPN}.js
-install -m 644 ${WORKDIR}/${BP}.min.js
${D}${datadir}/javascript/${BPN}/${BPN}.min.js
-install -m 644 ${WORKDIR}/${BP}.min.map
${D}${datadir}/javascript/${BPN}/${BPN}.min.map
+install -m 644 ${S}/${BP}.js ${D}${datadir}/javascript/${BPN}/${BPN}.js
+install -m 644 ${S}/${BP}.min.js
${D}${datadir}/javascript/${BPN}/${BPN}.min.js
+install -m 644 ${S}/${BP}.min.map
${D}${datadir}/javascript/${BPN}/${BPN}.min.map
}
PACKAGES = "${PN}"
--
2.17.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#140153):
https://lists.openembedded.org/g/openembedded-core/message/140153
Mute This Topic: https://lists.openembedded.org/mt/75223979/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] Patch
I have attached a patch which I could not send using git send-email which complained about lines that are too long for its taste. I generated it using format-patch, so... Joe 0001-json-c-Fix-CVE-2020-12762.patch Description: 0001-json-c-Fix-CVE-2020-12762.patch -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#139864): https://lists.openembedded.org/g/openembedded-core/message/139864 Mute This Topic: https://lists.openembedded.org/mt/75071752/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe-core][PATCH 1/1] gcr: ensure gcr-oids.h is generated before use
Add it to the list of sources needed before library building in the ui directory. It is already in the list for the gcr directory. Signed-off-by: Joe Slater --- meta/recipes-gnome/gcr/gcr/gcr-oids.patch | 28 meta/recipes-gnome/gcr/gcr_3.36.0.bb | 2 ++ 2 files changed, 30 insertions(+) create mode 100644 meta/recipes-gnome/gcr/gcr/gcr-oids.patch diff --git a/meta/recipes-gnome/gcr/gcr/gcr-oids.patch b/meta/recipes-gnome/gcr/gcr/gcr-oids.patch new file mode 100644 index 000..7c99951 --- /dev/null +++ b/meta/recipes-gnome/gcr/gcr/gcr-oids.patch @@ -0,0 +1,28 @@ +gcr: add two generated files to gcr_ui_sources + +gcr-oids.h is needed by several sources in the ui directory but is not in the +list of sources needed before compile time. In a highly parallel build environment +this can cause errors like -- + +In file included from ../gcr-3.36.0/ui/gcr-certificate-request-renderer.c:20: +./gcr/gcr-oids.h:5: error: unterminated #ifndef +5 | #ifndef GCR_OIDS_ + | + +We add gcr_oids, which generates the file, to the sources needed. + +Upstream-Status: Pending + +Signed-off-by: Joe Slater + + +--- a/ui/meson.build b/ui/meson.build +@@ -75,6 +75,7 @@ gcr_ui_sources = [ + gcr_ui_private_sources, + gcr_ui_public_sources, + gcr_ui_enums_gen, ++ gcr_oids, + ] + + gcr_ui_deps = [ diff --git a/meta/recipes-gnome/gcr/gcr_3.36.0.bb b/meta/recipes-gnome/gcr/gcr_3.36.0.bb index d5a88df..4986c5c 100644 --- a/meta/recipes-gnome/gcr/gcr_3.36.0.bb +++ b/meta/recipes-gnome/gcr/gcr_3.36.0.bb @@ -18,6 +18,8 @@ inherit gnomebase gtk-icon-cache gtk-doc features_check upstream-version-is-even REQUIRED_DISTRO_FEATURES = "x11" SRC_URI += " file://0001-meson.build-correctly-set-internal-vapi-dependencies.patch" +SRC_URI += " file://gcr-oids.patch" + SRC_URI[archive.md5sum] = "adc65563b6b458507b9a578a8b68fb61" SRC_URI[archive.sha256sum] = "aaf9bed017a2263c6145c89a1a84178f9f40f238426463e4ae486694ef5f6601" -- 2.7.4 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#139851): https://lists.openembedded.org/g/openembedded-core/message/139851 Mute This Topic: https://lists.openembedded.org/mt/75068155/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[oe-core][PATCH 1/1] gconf: use python3
Modify gsettings-schema-convert to use python3. Also
add RDEPEND on python3-xml.
Signed-off-by: Joe Slater
---
meta/recipes-gnome/gnome/gconf/python3.patch | 60
meta/recipes-gnome/gnome/gconf_3.2.6.bb | 3 ++
2 files changed, 63 insertions(+)
create mode 100644 meta/recipes-gnome/gnome/gconf/python3.patch
diff --git a/meta/recipes-gnome/gnome/gconf/python3.patch
b/meta/recipes-gnome/gnome/gconf/python3.patch
new file mode 100644
index 000..7c022a2
--- /dev/null
+++ b/meta/recipes-gnome/gnome/gconf/python3.patch
@@ -0,0 +1,60 @@
+gconf: use python3
+
+Convert gsettings-schema-convert to use python3.
+
+Upstream-Status: Inappropriate [gconf is deprecated]
+
+Signed-off-by: Joe Slater
+
+
+--- a/gsettings/gsettings-schema-convert
b/gsettings/gsettings-schema-convert
+@@ -1,4 +1,4 @@
+-#!/usr/bin/env python
++#!/usr/bin/env python3
+ # vim: set ts=4 sw=4 et: coding=UTF-8
+ #
+ # Copyright (c) 2010, Novell, Inc.
+@@ -603,7 +603,7 @@ class SimpleSchemaParser:
+ for line in lines:
+ current_line_nb += 1
+ self.parse_line(line)
+-except GSettingsSchemaConvertException, e:
++except GSettingsSchemaConvertException as e:
+ raise GSettingsSchemaConvertException('%s:%s: %s' %
(os.path.basename(self.file), current_line_nb, e))
+
+ return self.root
+@@ -1095,7 +1095,7 @@ def main(args):
+ try:
+ parser = GConfSchemaParser(argfile, options.gettext_domain,
options.schema_id, options.keep_underscores)
+ schema_root = parser.parse()
+-except SyntaxError, e:
++except SyntaxError as e:
+ raise GSettingsSchemaConvertException('\'%s\' does not look
like a valid gconf schema file: %s' % (argfile, e))
+ else:
+ # autodetect if file is XML or not
+@@ -1104,7 +1104,7 @@ def main(args):
+ schema_root = parser.parse()
+ if not options.simple and not options.xml:
+ options.simple = True
+-except SyntaxError, e:
++except SyntaxError as e:
+ parser = SimpleSchemaParser(argfile)
+ schema_root = parser.parse()
+ if not options.simple and not options.xml:
+@@ -1127,13 +1127,13 @@ def main(args):
+ fout = open(options.output, 'w')
+ fout.write(output)
+ fout.close()
+-except GSettingsSchemaConvertException, e:
++except GSettingsSchemaConvertException as e:
+ fout.close()
+ if os.path.exists(options.output):
+ os.unlink(options.output)
+ raise e
+
+-except GSettingsSchemaConvertException, e:
++except GSettingsSchemaConvertException as e:
+ print >> sys.stderr, '%s' % e
+ return 1
+
diff --git a/meta/recipes-gnome/gnome/gconf_3.2.6.bb
b/meta/recipes-gnome/gnome/gconf_3.2.6.bb
index b8466d4..ff36555 100644
--- a/meta/recipes-gnome/gnome/gconf_3.2.6.bb
+++ b/meta/recipes-gnome/gnome/gconf_3.2.6.bb
@@ -15,6 +15,7 @@ SRC_URI =
"${GNOME_MIRROR}/GConf/${@gnome_verdir("${PV}")}/GConf-${PV}.tar.xz;na
file://remove_plus_from_invalid_characters_list.patch \
file://unable-connect-dbus.patch \
file://create_config_directory.patch \
+ file://python3.patch \
"
SRC_URI[archive.md5sum] = "2b16996d0e4b112856ee5c59130e822c"
@@ -52,6 +53,8 @@ FILES_${PN} += "${libdir}/GConf/* \
${datadir}/dbus-1/services/*.service \
${datadir}/dbus-1/system-services/*.service \
"
+RDEPENDS_${PN} = "python3-xml"
+
FILES_${PN}-dev += "${datadir}/sgml/gconf/gconf-1.0.dtd"
BBCLASSEXTEND = "native"
--
2.7.4
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#139672):
https://lists.openembedded.org/g/openembedded-core/message/139672
Mute This Topic: https://lists.openembedded.org/mt/74966005/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[v2][oe-core][PATCH 1/1] systemd: fix CVE-2020-13776
Backport from systemd.git.
Signed-off-by: Joe Slater
---
.../systemd/systemd/CVE-2020-13776.patch | 96 ++
meta/recipes-core/systemd/systemd_245.6.bb | 1 +
2 files changed, 97 insertions(+)
create mode 100644 meta/recipes-core/systemd/systemd/CVE-2020-13776.patch
diff --git a/meta/recipes-core/systemd/systemd/CVE-2020-13776.patch
b/meta/recipes-core/systemd/systemd/CVE-2020-13776.patch
new file mode 100644
index 000..7b5e3e7
--- /dev/null
+++ b/meta/recipes-core/systemd/systemd/CVE-2020-13776.patch
@@ -0,0 +1,96 @@
+From 156a5fd297b61bce31630d7a52c15614bf784843 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?=
+Date: Sun, 31 May 2020 18:21:09 +0200
+Subject: [PATCH 1/1] basic/user-util: always use base 10 for user/group
+ numbers
+
+We would parse numbers with base prefixes as user identifiers. For example,
+"0x2b3bfa0" would be interpreted as UID==45334432 and "01750" would be
+interpreted as UID==1000. This parsing was used also in cases where either a
+user/group name or number may be specified. This means that names like
+0x2b3bfa0 would be ambiguous: they are a valid user name according to our
+documented relaxed rules, but they would also be parsed as numeric uids.
+
+This behaviour is definitely not expected by users, since tools generally only
+accept decimal numbers (e.g. id, getent passwd), while other tools only accept
+user names and thus will interpret such strings as user names without even
+attempting to convert them to numbers (su, ssh). So let's follow suit and only
+accept numbers in decimal notation. Effectively this means that we will reject
+such strings as a username/uid/groupname/gid where strict mode is used, and try
+to look up a user/group with such a name in relaxed mode.
+
+Since the function changed is fairly low-level and fairly widely used, this
+affects multiple tools: loginctl show-user/enable-linger/disable-linger foo',
+the third argument in sysusers.d, fourth and fifth arguments in tmpfiles.d,
+etc.
+
+Fixes #15985.
+---
+ src/basic/user-util.c | 2 +-
+ src/test/test-user-util.c | 10 ++
+ 2 files changed, 11 insertions(+), 1 deletion(-)
+
+--- end of commit 156a5fd297b61bce31630d7a52c15614bf784843 ---
+
+
+Add definition of safe_atou32_full() from commit
b934ac3d6e7dcad114776ef30ee9098693e7ab7e
+
+CVE: CVE-2020-13776
+
+Upstream-Status: Backport [https://github.com/systemd/systemd.git]
+
+Signed-off-by: Joe Slater
+
+
+
+--- git.orig/src/basic/user-util.c
git/src/basic/user-util.c
+@@ -49,7 +49,7 @@ int parse_uid(const char *s, uid_t *ret)
+ assert(s);
+
+ assert_cc(sizeof(uid_t) == sizeof(uint32_t));
+-r = safe_atou32(s, );
++r = safe_atou32_full(s, 10, );
+ if (r < 0)
+ return r;
+
+--- git.orig/src/test/test-user-util.c
git/src/test/test-user-util.c
+@@ -48,9 +48,19 @@ static void test_parse_uid(void) {
+
+ r = parse_uid("65535", );
+ assert_se(r == -ENXIO);
++assert_se(uid == 100);
++
++r = parse_uid("0x1234", );
++assert_se(r == -EINVAL);
++assert_se(uid == 100);
++
++r = parse_uid("01234", );
++assert_se(r == 0);
++assert_se(uid == 1234);
+
+ r = parse_uid("asdsdas", );
+ assert_se(r == -EINVAL);
++assert_se(uid == 1234);
+ }
+
+ static void test_uid_ptr(void) {
+--- git.orig/src/basic/parse-util.h
git/src/basic/parse-util.h
+@@ -45,9 +45,13 @@ static inline int safe_atoux16(const cha
+
+ int safe_atoi16(const char *s, int16_t *ret);
+
+-static inline int safe_atou32(const char *s, uint32_t *ret_u) {
++static inline int safe_atou32_full(const char *s, unsigned base, uint32_t
*ret_u) {
+ assert_cc(sizeof(uint32_t) == sizeof(unsigned));
+-return safe_atou(s, (unsigned*) ret_u);
++return safe_atou_full(s, base, (unsigned*) ret_u);
++}
++
++static inline int safe_atou32(const char *s, uint32_t *ret_u) {
++return safe_atou32_full(s, 0, (unsigned*) ret_u);
+ }
+
+ static inline int safe_atoi32(const char *s, int32_t *ret_i) {
diff --git a/meta/recipes-core/systemd/systemd_245.6.bb
b/meta/recipes-core/systemd/systemd_245.6.bb
index ece4220..b6681b2 100644
--- a/meta/recipes-core/systemd/systemd_245.6.bb
+++ b/meta/recipes-core/systemd/systemd_245.6.bb
@@ -20,6 +20,7 @@ SRC_URI += "file://touchscreen.rules \
file://99-default.preset \
file://0001-binfmt-Don-t-install-dependency-links-at-install-tim.patch \
file://0003-implment-systemd-sysv-install-for-OE.patch \
+ file://CVE-2020-13776.patch \
"
# patches needed by musl
--
2.7.4
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#139429):
https://lists.openembedded.org/g/openembedded-core/message/139429
Mute This Topic: https://l
[oe-core][PATCH 1/1] systemd: fix CVE-2020-13776
Backport from systemd.git.
CVE: CVE-2020-13776
Signed-off-by: Joe Slater
---
.../systemd/systemd/CVE-2020-13776.patch | 94 ++
meta/recipes-core/systemd/systemd_245.6.bb | 1 +
2 files changed, 95 insertions(+)
create mode 100644 meta/recipes-core/systemd/systemd/CVE-2020-13776.patch
diff --git a/meta/recipes-core/systemd/systemd/CVE-2020-13776.patch
b/meta/recipes-core/systemd/systemd/CVE-2020-13776.patch
new file mode 100644
index 000..f4fde26
--- /dev/null
+++ b/meta/recipes-core/systemd/systemd/CVE-2020-13776.patch
@@ -0,0 +1,94 @@
+From 156a5fd297b61bce31630d7a52c15614bf784843 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?=
+Date: Sun, 31 May 2020 18:21:09 +0200
+Subject: [PATCH 1/1] basic/user-util: always use base 10 for user/group
+ numbers
+
+We would parse numbers with base prefixes as user identifiers. For example,
+"0x2b3bfa0" would be interpreted as UID==45334432 and "01750" would be
+interpreted as UID==1000. This parsing was used also in cases where either a
+user/group name or number may be specified. This means that names like
+0x2b3bfa0 would be ambiguous: they are a valid user name according to our
+documented relaxed rules, but they would also be parsed as numeric uids.
+
+This behaviour is definitely not expected by users, since tools generally only
+accept decimal numbers (e.g. id, getent passwd), while other tools only accept
+user names and thus will interpret such strings as user names without even
+attempting to convert them to numbers (su, ssh). So let's follow suit and only
+accept numbers in decimal notation. Effectively this means that we will reject
+such strings as a username/uid/groupname/gid where strict mode is used, and try
+to look up a user/group with such a name in relaxed mode.
+
+Since the function changed is fairly low-level and fairly widely used, this
+affects multiple tools: loginctl show-user/enable-linger/disable-linger foo',
+the third argument in sysusers.d, fourth and fifth arguments in tmpfiles.d,
+etc.
+
+Fixes #15985.
+---
+ src/basic/user-util.c | 2 +-
+ src/test/test-user-util.c | 10 ++
+ 2 files changed, 11 insertions(+), 1 deletion(-)
+
+--- end of commit 156a5fd297b61bce31630d7a52c15614bf784843 ---
+
+
+Add definition of safe_atou32_full() from commit
b934ac3d6e7dcad114776ef30ee9098693e7ab7e
+
+Upstream-Status: Backport [https://github.com/systemd/systemd.git]
+
+Signed-off-by: Joe Slater
+
+
+
+--- git.orig/src/basic/user-util.c
git/src/basic/user-util.c
+@@ -49,7 +49,7 @@ int parse_uid(const char *s, uid_t *ret)
+ assert(s);
+
+ assert_cc(sizeof(uid_t) == sizeof(uint32_t));
+-r = safe_atou32(s, );
++r = safe_atou32_full(s, 10, );
+ if (r < 0)
+ return r;
+
+--- git.orig/src/test/test-user-util.c
git/src/test/test-user-util.c
+@@ -48,9 +48,19 @@ static void test_parse_uid(void) {
+
+ r = parse_uid("65535", );
+ assert_se(r == -ENXIO);
++assert_se(uid == 100);
++
++r = parse_uid("0x1234", );
++assert_se(r == -EINVAL);
++assert_se(uid == 100);
++
++r = parse_uid("01234", );
++assert_se(r == 0);
++assert_se(uid == 1234);
+
+ r = parse_uid("asdsdas", );
+ assert_se(r == -EINVAL);
++assert_se(uid == 1234);
+ }
+
+ static void test_uid_ptr(void) {
+--- git.orig/src/basic/parse-util.h
git/src/basic/parse-util.h
+@@ -45,9 +45,13 @@ static inline int safe_atoux16(const cha
+
+ int safe_atoi16(const char *s, int16_t *ret);
+
+-static inline int safe_atou32(const char *s, uint32_t *ret_u) {
++static inline int safe_atou32_full(const char *s, unsigned base, uint32_t
*ret_u) {
+ assert_cc(sizeof(uint32_t) == sizeof(unsigned));
+-return safe_atou(s, (unsigned*) ret_u);
++return safe_atou_full(s, base, (unsigned*) ret_u);
++}
++
++static inline int safe_atou32(const char *s, uint32_t *ret_u) {
++return safe_atou32_full(s, 0, (unsigned*) ret_u);
+ }
+
+ static inline int safe_atoi32(const char *s, int32_t *ret_i) {
diff --git a/meta/recipes-core/systemd/systemd_245.6.bb
b/meta/recipes-core/systemd/systemd_245.6.bb
index ece4220..b6681b2 100644
--- a/meta/recipes-core/systemd/systemd_245.6.bb
+++ b/meta/recipes-core/systemd/systemd_245.6.bb
@@ -20,6 +20,7 @@ SRC_URI += "file://touchscreen.rules \
file://99-default.preset \
file://0001-binfmt-Don-t-install-dependency-links-at-install-tim.patch \
file://0003-implment-systemd-sysv-install-for-OE.patch \
+ file://CVE-2020-13776.patch \
"
# patches needed by musl
--
2.7.4
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#139424):
https://lists.openembedded.org/g/openembedded-core/message/139424
Mute This Topic: https://l
Re: [V2][oe-core][PATCH 1/1] vim: _FORTIFY_SOURCE=2 be gone
Yes, as to lcl_maybe_fortify() being visible, but why the "?=" ? Maybe, the
security flags
Should have a pn-vim entry. I don't like that. Maybe the vim recipe should
modify lcl_maybe_fortify()
but I really don't like that either. Still, vim should be useable. What I do
not understand is why
this has not been reported. Is everybody using the vi provided by busybox?
Joe
-Original Message-
From: Andre McCurdy
Sent: Tuesday, June 9, 2020 3:59 PM
To: Slater, Joseph
Cc: OE Core mailing list ; MacLeod,
Randy
Subject: Re: [V2][oe-core][PATCH 1/1] vim: _FORTIFY_SOURCE=2 be gone
On Tue, Jun 9, 2020 at 3:46 PM Joe Slater wrote:
>
> vim will abort in many places with this setting. Replace it with the
> benign _FORTIFY_SOURCE=1.
>
> Signed-off-by: Joe Slater
> ---
> meta/recipes-support/vim/vim_8.2.bb | 5 +
> 1 file changed, 5 insertions(+)
>
> diff --git a/meta/recipes-support/vim/vim_8.2.bb
> b/meta/recipes-support/vim/vim_8.2.bb
> index 60946a181f..709b6ddb55 100644
> --- a/meta/recipes-support/vim/vim_8.2.bb
> +++ b/meta/recipes-support/vim/vim_8.2.bb
> @@ -8,3 +8,8 @@ BBCLASSEXTEND = "native"
> ALTERNATIVE_${PN}_append = " xxd"
> ALTERNATIVE_TARGET[xxd] = "${bindir}/xxd"
> ALTERNATIVE_LINK_NAME[xxd] = "${bindir}/xxd"
> +
> +# We override the default in security_flags.inc because vim (not
> +vim-tiny!) will abort # in many places for _FORTIFY_SOURCE=2. Security
> flags become part of CC.
> +#
> +lcl_maybe_fortify =
> "${@oe.utils.conditional('DEBUG_BUILD','1','','-D_FORTIFY_SOURCE=1',d)}"
"lcl_maybe_fortify" was supposed to be a private local variable in
security_flags.inc. If it's now a documented global variable which recipes are
allowed to mess with, it should be renamed (e.g.
capitalised and the lcl_ prefix removed).
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#139384):
https://lists.openembedded.org/g/openembedded-core/message/139384
Mute This Topic: https://lists.openembedded.org/mt/74785809/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[V2][oe-core][PATCH 1/1] vim: _FORTIFY_SOURCE=2 be gone
vim will abort in many places with this setting. Replace
it with the benign _FORTIFY_SOURCE=1.
Signed-off-by: Joe Slater
---
meta/recipes-support/vim/vim_8.2.bb | 5 +
1 file changed, 5 insertions(+)
diff --git a/meta/recipes-support/vim/vim_8.2.bb
b/meta/recipes-support/vim/vim_8.2.bb
index 60946a181f..709b6ddb55 100644
--- a/meta/recipes-support/vim/vim_8.2.bb
+++ b/meta/recipes-support/vim/vim_8.2.bb
@@ -8,3 +8,8 @@ BBCLASSEXTEND = "native"
ALTERNATIVE_${PN}_append = " xxd"
ALTERNATIVE_TARGET[xxd] = "${bindir}/xxd"
ALTERNATIVE_LINK_NAME[xxd] = "${bindir}/xxd"
+
+# We override the default in security_flags.inc because vim (not vim-tiny!)
will abort
+# in many places for _FORTIFY_SOURCE=2. Security flags become part of CC.
+#
+lcl_maybe_fortify =
"${@oe.utils.conditional('DEBUG_BUILD','1','','-D_FORTIFY_SOURCE=1',d)}"
--
2.17.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#139381):
https://lists.openembedded.org/g/openembedded-core/message/139381
Mute This Topic: https://lists.openembedded.org/mt/74785809/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core][PATCH] Revert "vim: do not adjust script paths building for target"
The INSANE_SKIP is intended to avoid the script dependencies. Perhaps it is of
the
wrong form or there is now some other sanity check producing the error?
Joe
-Original Message-
From: openembedded-core@lists.openembedded.org
On Behalf Of Richard Purdie
Sent: Thursday, June 4, 2020 11:40 PM
To: Chen, Qi ; openembedded-core@lists.openembedded.org
Subject: Re: [OE-core][PATCH] Revert "vim: do not adjust script paths building
for target"
On Fri, 2020-06-05 at 10:13 +0800, Chen Qi wrote:
> This reverts commit 8972fe5581b9fe8ef14d539001758bb13bca6737.
>
> The above commit causes regression when vim-tools is installed.
> The error is like below.
>
> Error:
> Problem: conflicting requests
>- nothing provides /bin/csh needed by vim-tools-8.2-r0.corei7_64
>- nothing provides /usr/bin/nawk needed by vim-tools-8.2-r0.corei7_64
>- nothing provides /usr/bin/python needed by
> vim-tools-8.2-r0.corei7_64
>
> Signed-off-by: Chen Qi
> ---
> .../vim/files/no-path-adjust.patch| 27 ---
> meta/recipes-support/vim/vim.inc | 12 -
> 2 files changed, 6 insertions(+), 33 deletions(-) delete mode 100644
> meta/recipes-support/vim/files/no-path-adjust.patch
>
> diff --git a/meta/recipes-support/vim/files/no-path-adjust.patch
> b/meta/recipes-support/vim/files/no-path-adjust.patch
> deleted file mode 100644
> index 05c2d803f6..00
> --- a/meta/recipes-support/vim/files/no-path-adjust.patch
> +++ /dev/null
> @@ -1,27 +0,0 @@
> -vim: do not adjust script pathnames
> -
> -When cross-compiling, we do not want to reference the host versions
> of -things like perl and awk.
> -
> -Upstream-Status: Pending
> -
> -Signed-off-by: Joe Slater
> -
> a/src/Makefile
> -+++ b/src/Makefile
> -@@ -2507,11 +2507,14 @@ installtools: $(TOOLS) $(DESTDIR)$(exec_
> - rm -rf $$cvs; \
> - fi
> - -chmod $(FILEMOD) $(DEST_TOOLS)/*
> --# replace the path in some tools
> -+
> -+# replace the path in some tools, but not when cross-compiling ifneq
> -+($(CROSS_COMPILING),1)
> - perlpath=`./which.sh perl` && sed -e "s+/usr/bin/perl+$$perlpath+"
> $(TOOLSSOURCE)/efm_perl.pl >$(DEST_TOOLS)/efm_perl.pl
> - awkpath=`./which.sh nawk` && sed -e "s+/usr/bin/nawk+$$awkpath+"
> $(TOOLSSOURCE)/mve.awk >$(DEST_TOOLS)/mve.awk; if test -z "$$awkpath"; then \
> - awkpath=`./which.sh gawk` && sed -e
> "s+/usr/bin/nawk+$$awkpath+" $(TOOLSSOURCE)/mve.awk >$(DEST_TOOLS)/mve.awk;
> if test -z "$$awkpath"; then \
> - awkpath=`./which.sh awk` && sed -e "s+/usr/bin/nawk+$$awkpath+"
> $(TOOLSSOURCE)/mve.awk >$(DEST_TOOLS)/mve.awk; fi; fi
> -+endif
> - -chmod $(SCRIPTMOD) `grep -l "^#!" $(DEST_TOOLS)/*`
> -
> - # install the language specific files for tools, if they were
> unpacked
If we're going to install these files which you're still doing, we want to use
target paths, not host ones?
I suspect we therefore need this and your changes rather than removing this
patch?
Cheers,
Richard
> diff --git a/meta/recipes-support/vim/vim.inc
> b/meta/recipes-support/vim/vim.inc
> index 9f3dc08027..78e3f9528d 100644
> --- a/meta/recipes-support/vim/vim.inc
> +++ b/meta/recipes-support/vim/vim.inc
> @@ -11,7 +11,6 @@ SRC_URI = "git://github.com/vim/vim.git \
> file://disable_acl_header_check.patch \
> file://vim-add-knob-whether-elf.h-are-checked.patch \
> file://0001-src-Makefile-improve-reproducibility.patch \
> - file://no-path-adjust.patch \
> "
> SRCREV = "98056533b96b6b5d8849641de93185dd7bcadc44"
>
> @@ -83,6 +82,12 @@ EXTRA_OECONF = " \
> do_install() {
> autotools_do_install
>
> +# Work around file-rdeps picking up csh, awk, perl or python as a dep
> +chmod -x ${D}${datadir}/${BPN}/${VIMDIR}/tools/vim132
> +chmod -x ${D}${datadir}/${BPN}/${VIMDIR}/tools/mve.awk
> +chmod -x ${D}${datadir}/${BPN}/${VIMDIR}/tools/*.pl
> +chmod -x ${D}${datadir}/${BPN}/${VIMDIR}/tools/*.py
> +
> # Install example vimrc from runtime files
> install -m 0644 runtime/vimrc_example.vim
> ${D}/${datadir}/${BPN}/vimrc
>
> @@ -105,12 +110,7 @@ FILES_${PN}-help = "${datadir}/${BPN}/${VIMDIR}/doc"
> FILES_${PN}-tutor = "${datadir}/${BPN}/${VIMDIR}/tutor ${bindir}/${BPN}tutor"
> FILES_${PN}-vimrc = "${datadir}/${BPN}/vimrc"
> FILES_${PN}-data = "${datadir}/${BPN}"
> -
> -# We do not want to complain if perl or gawk are not on the target.
> -#
> FILES_${PN}-tools = &quo
[V2][oe-core][PATCH 1/1] vim: _FORTIFY_SOURCE=2 be gone
vim will abort in many places with this setting. Replace
it with the benign _FORTIFY_SOURCE=1.
Signed-off-by: Joe Slater
---
meta/recipes-support/vim/vim_8.2.bb | 5 +
1 file changed, 5 insertions(+)
diff --git a/meta/recipes-support/vim/vim_8.2.bb
b/meta/recipes-support/vim/vim_8.2.bb
index 60946a181f..709b6ddb55 100644
--- a/meta/recipes-support/vim/vim_8.2.bb
+++ b/meta/recipes-support/vim/vim_8.2.bb
@@ -8,3 +8,8 @@ BBCLASSEXTEND = "native"
ALTERNATIVE_${PN}_append = " xxd"
ALTERNATIVE_TARGET[xxd] = "${bindir}/xxd"
ALTERNATIVE_LINK_NAME[xxd] = "${bindir}/xxd"
+
+# We override the default in security_flags.inc because vim (not vim-tiny!)
will abort
+# in many places for _FORTIFY_SOURCE=2. Security flags become part of CC.
+#
+lcl_maybe_fortify =
"${@oe.utils.conditional('DEBUG_BUILD','1','','-D_FORTIFY_SOURCE=1',d)}"
--
2.17.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#139278):
https://lists.openembedded.org/g/openembedded-core/message/139278
Mute This Topic: https://lists.openembedded.org/mt/74717042/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
