* [PATCH 00/21] Warrior-next patch review
@ 2019-06-03 15:06 Armin Kuster
2019-06-03 15:06 ` [PATCH 01/21] dropbear: update to 2019.78 Armin Kuster
` (20 more replies)
0 siblings, 21 replies; 24+ messages in thread
From: Armin Kuster @ 2019-06-03 15:06 UTC (permalink / raw)
To: openembedded-core
Next set for review for Warrior.
Ends Wednesday.
The following changes since commit ba36b0c5c1db632dd849f3f28f83c272530f67b6:
Revert "acpica: use update-alternatives for acpidump" (2019-06-01 14:48:32 -0700)
are available in the git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/warrior-nmut
http://cgit.openembedded.org//log/?h=stable/warrior-nmut
Alexander Kanavin (2):
linux-firmware: upgrade to latest revision
python: update to 2.7.16
Andrej Valek (1):
dropbear: update to 2019.78
Armin Kuster (1):
Tar: Security fix CVE-2019-0023
Jean-Marie LEMETAYER (3):
npm: get npm package name from npm pack
npm: fix node and npm default directory conflict
npm: remove some temporary build files
Mariano López (1):
util-linux: Add missing ptest dependencies
Martin Jansa (1):
python: add a fix for CVE-2019-9948 and CVE-2019-9636
Richard Purdie (11):
openssh: Avoid PROVIDES warning from rng-tools dependency
ptest: Add RDEPENDS frpm PN-ptest to PN package
gettext/flex/m4/bzip2/gzip/parted/slang/attr: Add make to -ptest
packages
apr/apr-util: Add ptest dependency on libgcc
perl-rdepends: Add missing module dependencies
bash: Fix bash-ptest dependencies
openssh: Add sudo dependency for ptest
libpcre: Add make dependency for ptest
perl/modules: Add various missing ptest perl module dependencies
strace: Tweak ptest disk space management
util-linux: Fix ptest dependencies
Ross Burton (1):
glib-2.0: add missing libgcc dependency to glib-2.0-ptest
meta/classes/npm.bbclass | 11 +-
meta/classes/ptest.bbclass | 1 +
meta/recipes-connectivity/openssh/openssh_7.9p1.bb | 4 +-
meta/recipes-core/dropbear/dropbear_2019.77.bb | 4 -
meta/recipes-core/dropbear/dropbear_2019.78.bb | 4 +
meta/recipes-core/glib-2.0/glib.inc | 1 +
meta/recipes-core/util-linux/util-linux.inc | 3 +-
meta/recipes-devtools/flex/flex_2.6.0.bb | 2 +-
.../perl-sanity/files/perl-rdepends.txt | 7 ++
meta/recipes-devtools/perl/liburi-perl_1.74.bb | 2 +-
.../perl/libxml-parser-perl_2.44.bb | 2 +
meta/recipes-devtools/perl/libxml-perl_0.08.bb | 1 +
...on-native_2.7.15.bb => python-native_2.7.16.bb} | 2 -
meta/recipes-devtools/python/python.inc | 11 +-
...23-Use-XML_SetHashSalt-in-_elementtree-GH.patch | 96 ----------------
...ix-test_ssl-when-a-filename-cannot-be-enc.patch | 55 ---------
...LS-1.3-ciphers-for-OpenSSL-1.1.1-GH-6976-.patch | 120 -------------------
...34540-Convert-shutil._call_external_zip-t.patch | 67 -----------
...dd-missing-closing-wrapper-in-test_tls1_3.patch | 37 ------
...ix-test_ssl.test_options-to-account-for-O.patch | 37 ------
...ix-test_default_ecdh_curve-needs-no-tlsv1.patch | 34 ------
.../python/bpo-35907-cve-2019-9948-fix.patch | 55 +++++++++
.../python/python/bpo-35907-cve-2019-9948.patch | 55 +++++++++
.../python/bpo-36216-cve-2019-9636-fix.patch | 28 +++++
.../python/python/bpo-36216-cve-2019-9636.patch | 111 ++++++++++++++++++
.../python/{python_2.7.15.bb => python_2.7.16.bb} | 58 +++++-----
.../strace/strace/ptest-spacesave.patch | 19 +++
meta/recipes-devtools/strace/strace_4.26.bb | 1 +
meta/recipes-extended/bash/bash.inc | 4 +-
meta/recipes-extended/gzip/gzip_1.10.bb | 2 +
meta/recipes-extended/parted/parted_3.2.bb | 2 +-
.../recipes-extended/perl/libtimedate-perl_2.30.bb | 1 +
.../perl/libxml-sax-base-perl_1.09.bb | 2 +
meta/recipes-extended/perl/libxml-sax-perl_1.00.bb | 2 +
meta/recipes-extended/slang/slang_2.3.2.bb | 2 +
meta/recipes-extended/tar/tar/CVE-2019-9923.patch | 38 ++++++
meta/recipes-extended/tar/tar_1.31.bb | 1 +
.../linux-firmware/linux-firmware_git.bb | 128 +++++++++++----------
meta/recipes-support/apr/apr-util_1.6.1.bb | 1 +
meta/recipes-support/apr/apr_1.6.5.bb | 2 +
meta/recipes-support/attr/attr.inc | 2 +-
meta/recipes-support/libpcre/libpcre_8.43.bb | 2 +
42 files changed, 452 insertions(+), 565 deletions(-)
delete mode 100644 meta/recipes-core/dropbear/dropbear_2019.77.bb
create mode 100644 meta/recipes-core/dropbear/dropbear_2019.78.bb
rename meta/recipes-devtools/python/{python-native_2.7.15.bb => python-native_2.7.16.bb} (96%)
delete mode 100644 meta/recipes-devtools/python/python/0001-2.7-bpo-34623-Use-XML_SetHashSalt-in-_elementtree-GH.patch
delete mode 100644 meta/recipes-devtools/python/python/0001-bpo-33354-Fix-test_ssl-when-a-filename-cannot-be-enc.patch
delete mode 100644 meta/recipes-devtools/python/python/0001-bpo-33570-TLS-1.3-ciphers-for-OpenSSL-1.1.1-GH-6976-.patch
delete mode 100644 meta/recipes-devtools/python/python/0001-closes-bpo-34540-Convert-shutil._call_external_zip-t.patch
delete mode 100644 meta/recipes-devtools/python/python/0002-bpo-34818-Add-missing-closing-wrapper-in-test_tls1_3.patch
delete mode 100644 meta/recipes-devtools/python/python/0003-bpo-34834-Fix-test_ssl.test_options-to-account-for-O.patch
delete mode 100644 meta/recipes-devtools/python/python/0004-bpo-34836-fix-test_default_ecdh_curve-needs-no-tlsv1.patch
create mode 100644 meta/recipes-devtools/python/python/bpo-35907-cve-2019-9948-fix.patch
create mode 100644 meta/recipes-devtools/python/python/bpo-35907-cve-2019-9948.patch
create mode 100644 meta/recipes-devtools/python/python/bpo-36216-cve-2019-9636-fix.patch
create mode 100644 meta/recipes-devtools/python/python/bpo-36216-cve-2019-9636.patch
rename meta/recipes-devtools/python/{python_2.7.15.bb => python_2.7.16.bb} (85%)
create mode 100644 meta/recipes-devtools/strace/strace/ptest-spacesave.patch
create mode 100644 meta/recipes-extended/tar/tar/CVE-2019-9923.patch
--
2.7.4
^ permalink raw reply [flat|nested] 24+ messages in thread
* [PATCH 01/21] dropbear: update to 2019.78
2019-06-03 15:06 [PATCH 00/21] Warrior-next patch review Armin Kuster
@ 2019-06-03 15:06 ` Armin Kuster
2019-06-03 15:06 ` [PATCH 02/21] Tar: Security fix CVE-2019-0023 Armin Kuster
` (19 subsequent siblings)
20 siblings, 0 replies; 24+ messages in thread
From: Armin Kuster @ 2019-06-03 15:06 UTC (permalink / raw)
To: openembedded-core
From: Andrej Valek <andrej.valek@siemens.com>
The only change is a regression fix:
- Fix dbclient regression in 2019.77. After exiting the terminal would be left
in a bad state. Reported by Ryan Woodsmall
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
meta/recipes-core/dropbear/dropbear_2019.77.bb | 4 ----
meta/recipes-core/dropbear/dropbear_2019.78.bb | 4 ++++
2 files changed, 4 insertions(+), 4 deletions(-)
delete mode 100644 meta/recipes-core/dropbear/dropbear_2019.77.bb
create mode 100644 meta/recipes-core/dropbear/dropbear_2019.78.bb
diff --git a/meta/recipes-core/dropbear/dropbear_2019.77.bb b/meta/recipes-core/dropbear/dropbear_2019.77.bb
deleted file mode 100644
index d2a71ba..0000000
--- a/meta/recipes-core/dropbear/dropbear_2019.77.bb
+++ /dev/null
@@ -1,4 +0,0 @@
-require dropbear.inc
-
-SRC_URI[md5sum] = "5d4f0256c5d13820b0a3eaadb1a0bc1a"
-SRC_URI[sha256sum] = "d91f78ebe633be1d071fd1b7e5535b9693794048b019e9f4bea257e1992b458d"
diff --git a/meta/recipes-core/dropbear/dropbear_2019.78.bb b/meta/recipes-core/dropbear/dropbear_2019.78.bb
new file mode 100644
index 0000000..d2cd816
--- /dev/null
+++ b/meta/recipes-core/dropbear/dropbear_2019.78.bb
@@ -0,0 +1,4 @@
+require dropbear.inc
+
+SRC_URI[md5sum] = "a972c85ed678ad0fdcb7844e1294fb54"
+SRC_URI[sha256sum] = "525965971272270995364a0eb01f35180d793182e63dd0b0c3eb0292291644a4"
--
2.7.4
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [PATCH 02/21] Tar: Security fix CVE-2019-0023
2019-06-03 15:06 [PATCH 00/21] Warrior-next patch review Armin Kuster
2019-06-03 15:06 ` [PATCH 01/21] dropbear: update to 2019.78 Armin Kuster
@ 2019-06-03 15:06 ` Armin Kuster
2019-06-03 15:06 ` [PATCH 03/21] linux-firmware: upgrade to latest revision Armin Kuster
` (18 subsequent siblings)
20 siblings, 0 replies; 24+ messages in thread
From: Armin Kuster @ 2019-06-03 15:06 UTC (permalink / raw)
To: openembedded-core
From: Armin Kuster <akuster@mvista.com>
Source: tar.git
MR: 97928
Type: Security Fix
Disposition: Backport from http://git.savannah.gnu.org/cgit/tar.git/commit/?id=cb07844454d8cc9fb21f53ace75975f91185a120
ChangeID: 7aee4c0daf8ce813242fe7b872583560a32bc4e3
Description:
Affects tar < 1.32
fixes CVE-2019-9923
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
meta/recipes-extended/tar/tar/CVE-2019-9923.patch | 38 +++++++++++++++++++++++
meta/recipes-extended/tar/tar_1.31.bb | 1 +
2 files changed, 39 insertions(+)
create mode 100644 meta/recipes-extended/tar/tar/CVE-2019-9923.patch
diff --git a/meta/recipes-extended/tar/tar/CVE-2019-9923.patch b/meta/recipes-extended/tar/tar/CVE-2019-9923.patch
new file mode 100644
index 0000000..a2704c3
--- /dev/null
+++ b/meta/recipes-extended/tar/tar/CVE-2019-9923.patch
@@ -0,0 +1,38 @@
+From cb07844454d8cc9fb21f53ace75975f91185a120 Mon Sep 17 00:00:00 2001
+From: Sergey Poznyakoff <gray@gnu.org>
+Date: Mon, 14 Jan 2019 15:22:09 +0200
+Subject: [PATCH] Fix possible NULL dereference (savannah bug #55369)
+
+* src/sparse.c (pax_decode_header): Check return from find_next_block.
+
+Upstream-Status: Backport
+CVE: CVE-2019-9923
+Affects: tar < 1.32
+Signed-off-by: Armin kuster <akuster@mvista.com>
+
+---
+ src/sparse.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+Index: tar-1.31/src/sparse.c
+===================================================================
+--- tar-1.31.orig/src/sparse.c
++++ tar-1.31/src/sparse.c
+@@ -1267,6 +1267,8 @@ pax_decode_header (struct tar_sparse_fil
+ { \
+ set_next_block_after (b); \
+ b = find_next_block (); \
++ if (!b) \
++ FATAL_ERROR ((0, 0, _("Unexpected EOF in archive"))); \
+ src = b->buffer; \
+ endp = b->buffer + BLOCKSIZE; \
+ } \
+@@ -1279,6 +1281,8 @@ pax_decode_header (struct tar_sparse_fil
+ start = current_block_ordinal ();
+ set_next_block_after (current_header);
+ blk = find_next_block ();
++ if (!blk)
++ FATAL_ERROR ((0, 0, _("Unexpected EOF in archive")));
+ p = blk->buffer;
+ COPY_BUF (blk,nbuf,p);
+ if (!decode_num (&u, nbuf, TYPE_MAXIMUM (size_t)))
diff --git a/meta/recipes-extended/tar/tar_1.31.bb b/meta/recipes-extended/tar/tar_1.31.bb
index 353617e..4a9d03c 100644
--- a/meta/recipes-extended/tar/tar_1.31.bb
+++ b/meta/recipes-extended/tar/tar_1.31.bb
@@ -9,6 +9,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
SRC_URI = "${GNU_MIRROR}/tar/tar-${PV}.tar.bz2 \
file://remove-gets.patch \
file://musl_dirent.patch \
+ file://CVE-2019-9923.patch \
"
SRC_URI[md5sum] = "77afa35b696c8d760331fa0e12c2fac9"
--
2.7.4
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [PATCH 03/21] linux-firmware: upgrade to latest revision
2019-06-03 15:06 [PATCH 00/21] Warrior-next patch review Armin Kuster
2019-06-03 15:06 ` [PATCH 01/21] dropbear: update to 2019.78 Armin Kuster
2019-06-03 15:06 ` [PATCH 02/21] Tar: Security fix CVE-2019-0023 Armin Kuster
@ 2019-06-03 15:06 ` Armin Kuster
2019-06-03 15:06 ` [PATCH 04/21] python: update to 2.7.16 Armin Kuster
` (17 subsequent siblings)
20 siblings, 0 replies; 24+ messages in thread
From: Armin Kuster @ 2019-06-03 15:06 UTC (permalink / raw)
To: openembedded-core
From: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
.../linux-firmware/linux-firmware_git.bb | 128 +++++++++++----------
1 file changed, 65 insertions(+), 63 deletions(-)
diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_git.bb b/meta/recipes-kernel/linux-firmware/linux-firmware_git.bb
index ad7babf..8b6ad96 100644
--- a/meta/recipes-kernel/linux-firmware/linux-firmware_git.bb
+++ b/meta/recipes-kernel/linux-firmware/linux-firmware_git.bb
@@ -7,6 +7,7 @@ LICENSE = "\
& Firmware-agere \
& Firmware-amdgpu \
& Firmware-amd-ucode \
+ & Firmware-amlogic_vdec \
& Firmware-atheros_firmware \
& Firmware-atmel \
& Firmware-broadcom_bcm43xx \
@@ -62,68 +63,68 @@ LICENSE = "\
& WHENCE \
"
-LIC_FILES_CHKSUM = "\
- file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \
- file://LICENCE.adsp_sst;md5=615c45b91a5a4a9fe046d6ab9a2df728 \
- file://LICENCE.agere;md5=af0133de6b4a9b2522defd5f188afd31 \
- file://LICENSE.amdgpu;md5=ab515ef6495ab5c5a3b08ab2db62df11 \
- file://LICENSE.amd-ucode;md5=3c5399dc9148d7f0e1f41e34b69cf14f \
- file://LICENCE.atheros_firmware;md5=30a14c7823beedac9fa39c64fdd01a13 \
- file://LICENSE.atmel;md5=aa74ac0c60595dee4d4e239107ea77a3 \
- file://LICENCE.broadcom_bcm43xx;md5=3160c14df7228891b868060e1951dfbc \
- file://LICENCE.ca0132;md5=209b33e66ee5be0461f13d31da392198 \
- file://LICENCE.cadence;md5=009f46816f6956cfb75ede13d3e1cee0 \
- file://LICENCE.cavium;md5=c37aaffb1ebe5939b2580d073a95daea \
- file://LICENCE.chelsio_firmware;md5=819aa8c3fa453f1b258ed8d168a9d903 \
- file://LICENCE.cw1200;md5=f0f770864e7a8444a5c5aa9d12a3a7ed \
- file://LICENCE.cypress;md5=48cd9436c763bf873961f9ed7b5c147b \
- file://LICENSE.dib0700;md5=f7411825c8a555a1a3e5eab9ca773431 \
- file://LICENCE.e100;md5=ec0f84136766df159a3ae6d02acdf5a8 \
- file://LICENCE.ene_firmware;md5=ed67f0f62f8f798130c296720b7d3921 \
- file://LICENCE.fw_sst_0f28;md5=6353931c988ad52818ae733ac61cd293 \
- file://LICENCE.go7007;md5=c0bb9f6aaaba55b0529ee9b30aa66beb \
- file://GPL-2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
- file://LICENSE.hfi1_firmware;md5=5e7b6e586ce7339d12689e49931ad444 \
- file://LICENCE.i2400m;md5=14b901969e23c41881327c0d9e4b7d36 \
- file://LICENSE.i915;md5=2b0b2e0d20984affd4490ba2cba02570 \
- file://LICENCE.ibt_firmware;md5=fdbee1ddfe0fb7ab0b2fcd6b454a366b \
- file://LICENCE.IntcSST2;md5=9e7d8bea77612d7cc7d9e9b54b623062 \
- file://LICENCE.it913x;md5=1fbf727bfb6a949810c4dbfa7e6ce4f8 \
- file://LICENCE.iwlwifi_firmware;md5=3fd842911ea93c29cd32679aa23e1c88 \
- file://LICENCE.kaweth;md5=b1d876e562f4b3b8d391ad8395dfe03f \
- file://LICENCE.Marvell;md5=9ddea1734a4baf3c78d845151f42a37a \
- file://LICENCE.mediatek;md5=7c1976b63217d76ce47d0a11d8a79cf2 \
- file://LICENCE.moxa;md5=1086614767d8ccf744a923289d3d4261 \
- file://LICENCE.myri10ge_firmware;md5=42e32fb89f6b959ca222e25ac8df8fed \
- file://LICENCE.Netronome;md5=4add08f2577086d44447996503cddf5f \
- file://LICENCE.nvidia;md5=4428a922ed3ba2ceec95f076a488ce07 \
- file://LICENCE.OLPC;md5=5b917f9d8c061991be4f6f5f108719cd \
- file://LICENCE.open-ath9k-htc-firmware;md5=1b33c9f4d17bc4d457bdb23727046837 \
- file://LICENCE.phanfw;md5=954dcec0e051f9409812b561ea743bfa \
- file://LICENCE.qat_firmware;md5=9e7d8bea77612d7cc7d9e9b54b623062 \
- file://LICENSE.qcom;md5=164e3362a538eb11d3ac51e8e134294b \
- file://LICENCE.qla1280;md5=d6895732e622d950609093223a2c4f5d \
- file://LICENCE.qla2xxx;md5=505855e921b75f1be4a437ad9b79dff0 \
- file://LICENSE.QualcommAtheros_ar3k;md5=b5fe244fb2b532311de1472a3bc06da5 \
- file://LICENSE.QualcommAtheros_ath10k;md5=cb42b686ee5f5cb890275e4321db60a8 \
- file://LICENCE.r8a779x_usb3;md5=4c1671656153025d7076105a5da7e498 \
- file://LICENSE.radeon;md5=68ec28bacb3613200bca44f404c69b16 \
- file://LICENCE.ralink_a_mediatek_company_firmware;md5=728f1a85fd53fd67fa8d7afb080bc435 \
- file://LICENCE.ralink-firmware.txt;md5=ab2c269277c45476fb449673911a2dfd \
- file://LICENCE.rtlwifi_firmware.txt;md5=00d06cfd3eddd5a2698948ead2ad54a5 \
- file://LICENSE.sdma_firmware;md5=51e8c19ecc2270f4b8ea30341ad63ce9 \
- file://LICENCE.siano;md5=4556c1bf830067f12ca151ad953ec2a5 \
- file://LICENCE.tda7706-firmware.txt;md5=835997cf5e3c131d0dddd695c7d9103e \
- file://LICENCE.ti-connectivity;md5=c5e02be633f1499c109d1652514d85ec \
- file://LICENCE.ti-keystone;md5=3a86335d32864b0bef996bee26cc0f2c \
- file://LICENCE.ueagle-atm4-firmware;md5=4ed7ea6b507ccc583b9d594417714118 \
- file://LICENCE.via_vt6656;md5=e4159694cba42d4377a912e78a6e850f \
- file://LICENCE.wl1251;md5=ad3f81922bb9e197014bb187289d3b5b \
- file://LICENCE.xc4000;md5=0ff51d2dc49fce04814c9155081092f0 \
- file://LICENCE.xc5000;md5=1e170c13175323c32c7f4d0998d53f66 \
- file://LICENCE.xc5000c;md5=12b02efa3049db65d524aeb418dd87ca \
- file://WHENCE;md5=ef36d3383becd18f36ce32d84109386f \
-"
+LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \
+ file://LICENCE.adsp_sst;md5=615c45b91a5a4a9fe046d6ab9a2df728 \
+ file://LICENCE.agere;md5=af0133de6b4a9b2522defd5f188afd31 \
+ file://LICENSE.amdgpu;md5=ab515ef6495ab5c5a3b08ab2db62df11 \
+ file://LICENSE.amd-ucode;md5=3c5399dc9148d7f0e1f41e34b69cf14f \
+ file://LICENSE.amlogic_vdec;md5=dc44f59bf64a81643e500ad3f39a468a \
+ file://LICENCE.atheros_firmware;md5=30a14c7823beedac9fa39c64fdd01a13 \
+ file://LICENSE.atmel;md5=aa74ac0c60595dee4d4e239107ea77a3 \
+ file://LICENCE.broadcom_bcm43xx;md5=3160c14df7228891b868060e1951dfbc \
+ file://LICENCE.ca0132;md5=209b33e66ee5be0461f13d31da392198 \
+ file://LICENCE.cadence;md5=009f46816f6956cfb75ede13d3e1cee0 \
+ file://LICENCE.cavium;md5=c37aaffb1ebe5939b2580d073a95daea \
+ file://LICENCE.chelsio_firmware;md5=819aa8c3fa453f1b258ed8d168a9d903 \
+ file://LICENCE.cw1200;md5=f0f770864e7a8444a5c5aa9d12a3a7ed \
+ file://LICENCE.cypress;md5=48cd9436c763bf873961f9ed7b5c147b \
+ file://LICENSE.dib0700;md5=f7411825c8a555a1a3e5eab9ca773431 \
+ file://LICENCE.e100;md5=ec0f84136766df159a3ae6d02acdf5a8 \
+ file://LICENCE.ene_firmware;md5=ed67f0f62f8f798130c296720b7d3921 \
+ file://LICENCE.fw_sst_0f28;md5=6353931c988ad52818ae733ac61cd293 \
+ file://LICENCE.go7007;md5=c0bb9f6aaaba55b0529ee9b30aa66beb \
+ file://GPL-2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
+ file://LICENSE.hfi1_firmware;md5=5e7b6e586ce7339d12689e49931ad444 \
+ file://LICENCE.i2400m;md5=14b901969e23c41881327c0d9e4b7d36 \
+ file://LICENSE.i915;md5=2b0b2e0d20984affd4490ba2cba02570 \
+ file://LICENCE.ibt_firmware;md5=fdbee1ddfe0fb7ab0b2fcd6b454a366b \
+ file://LICENCE.IntcSST2;md5=9e7d8bea77612d7cc7d9e9b54b623062 \
+ file://LICENCE.it913x;md5=1fbf727bfb6a949810c4dbfa7e6ce4f8 \
+ file://LICENCE.iwlwifi_firmware;md5=3fd842911ea93c29cd32679aa23e1c88 \
+ file://LICENCE.kaweth;md5=b1d876e562f4b3b8d391ad8395dfe03f \
+ file://LICENCE.Marvell;md5=9ddea1734a4baf3c78d845151f42a37a \
+ file://LICENCE.mediatek;md5=7c1976b63217d76ce47d0a11d8a79cf2 \
+ file://LICENCE.moxa;md5=1086614767d8ccf744a923289d3d4261 \
+ file://LICENCE.myri10ge_firmware;md5=42e32fb89f6b959ca222e25ac8df8fed \
+ file://LICENCE.Netronome;md5=4add08f2577086d44447996503cddf5f \
+ file://LICENCE.nvidia;md5=4428a922ed3ba2ceec95f076a488ce07 \
+ file://LICENCE.OLPC;md5=5b917f9d8c061991be4f6f5f108719cd \
+ file://LICENCE.open-ath9k-htc-firmware;md5=1b33c9f4d17bc4d457bdb23727046837 \
+ file://LICENCE.phanfw;md5=954dcec0e051f9409812b561ea743bfa \
+ file://LICENCE.qat_firmware;md5=9e7d8bea77612d7cc7d9e9b54b623062 \
+ file://LICENSE.qcom;md5=164e3362a538eb11d3ac51e8e134294b \
+ file://LICENCE.qla1280;md5=d6895732e622d950609093223a2c4f5d \
+ file://LICENCE.qla2xxx;md5=505855e921b75f1be4a437ad9b79dff0 \
+ file://LICENSE.QualcommAtheros_ar3k;md5=b5fe244fb2b532311de1472a3bc06da5 \
+ file://LICENSE.QualcommAtheros_ath10k;md5=cb42b686ee5f5cb890275e4321db60a8 \
+ file://LICENCE.r8a779x_usb3;md5=4c1671656153025d7076105a5da7e498 \
+ file://LICENSE.radeon;md5=68ec28bacb3613200bca44f404c69b16 \
+ file://LICENCE.ralink_a_mediatek_company_firmware;md5=728f1a85fd53fd67fa8d7afb080bc435 \
+ file://LICENCE.ralink-firmware.txt;md5=ab2c269277c45476fb449673911a2dfd \
+ file://LICENCE.rtlwifi_firmware.txt;md5=00d06cfd3eddd5a2698948ead2ad54a5 \
+ file://LICENSE.sdma_firmware;md5=51e8c19ecc2270f4b8ea30341ad63ce9 \
+ file://LICENCE.siano;md5=4556c1bf830067f12ca151ad953ec2a5 \
+ file://LICENCE.tda7706-firmware.txt;md5=835997cf5e3c131d0dddd695c7d9103e \
+ file://LICENCE.ti-connectivity;md5=c5e02be633f1499c109d1652514d85ec \
+ file://LICENCE.ti-keystone;md5=3a86335d32864b0bef996bee26cc0f2c \
+ file://LICENCE.ueagle-atm4-firmware;md5=4ed7ea6b507ccc583b9d594417714118 \
+ file://LICENCE.via_vt6656;md5=e4159694cba42d4377a912e78a6e850f \
+ file://LICENCE.wl1251;md5=ad3f81922bb9e197014bb187289d3b5b \
+ file://LICENCE.xc4000;md5=0ff51d2dc49fce04814c9155081092f0 \
+ file://LICENCE.xc5000;md5=1e170c13175323c32c7f4d0998d53f66 \
+ file://LICENCE.xc5000c;md5=12b02efa3049db65d524aeb418dd87ca \
+ file://WHENCE;md5=b6e44adf71bc37e5f26ebfe5a08b5490 \
+ "
# These are not common licenses, set NO_GENERIC_LICENSE for them
# so that the license files will be copied from fetched source
@@ -132,6 +133,7 @@ NO_GENERIC_LICENSE[Firmware-adsp_sst] = "LICENCE.adsp_sst"
NO_GENERIC_LICENSE[Firmware-agere] = "LICENCE.agere"
NO_GENERIC_LICENSE[Firmware-amdgpu] = "LICENSE.amdgpu"
NO_GENERIC_LICENSE[Firmware-amd-ucode] = "LICENSE.amd-ucode"
+NO_GENERIC_LICENSE[Firmware-amlogic_vdec] = "LICENSE.amlogic_vdec"
NO_GENERIC_LICENSE[Firmware-atheros_firmware] = "LICENCE.atheros_firmware"
NO_GENERIC_LICENSE[Firmware-atmel] = "LICENSE.atmel"
NO_GENERIC_LICENSE[Firmware-broadcom_bcm43xx] = "LICENCE.broadcom_bcm43xx"
@@ -188,7 +190,7 @@ NO_GENERIC_LICENSE[Firmware-xc5000] = "LICENCE.xc5000"
NO_GENERIC_LICENSE[Firmware-xc5000c] = "LICENCE.xc5000c"
NO_GENERIC_LICENSE[WHENCE] = "WHENCE"
-SRCREV = "7bc246451318b3536d9bfd3c4e46d541a9831b33"
+SRCREV = "711d3297bac870af42088a467459a0634c1970ca"
PE = "1"
PV = "0.0+git${SRCPV}"
--
2.7.4
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [PATCH 04/21] python: update to 2.7.16
2019-06-03 15:06 [PATCH 00/21] Warrior-next patch review Armin Kuster
` (2 preceding siblings ...)
2019-06-03 15:06 ` [PATCH 03/21] linux-firmware: upgrade to latest revision Armin Kuster
@ 2019-06-03 15:06 ` Armin Kuster
2019-06-03 15:06 ` [PATCH 05/21] python: add a fix for CVE-2019-9948 and CVE-2019-9636 Armin Kuster
` (16 subsequent siblings)
20 siblings, 0 replies; 24+ messages in thread
From: Armin Kuster @ 2019-06-03 15:06 UTC (permalink / raw)
To: openembedded-core
From: Alexander Kanavin <alex.kanavin@gmail.com>
Drop backported patches
License-update: copyright years
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
...on-native_2.7.15.bb => python-native_2.7.16.bb} | 2 -
meta/recipes-devtools/python/python.inc | 11 +-
...23-Use-XML_SetHashSalt-in-_elementtree-GH.patch | 96 -----------------
...ix-test_ssl-when-a-filename-cannot-be-enc.patch | 55 ----------
...LS-1.3-ciphers-for-OpenSSL-1.1.1-GH-6976-.patch | 120 ---------------------
...34540-Convert-shutil._call_external_zip-t.patch | 67 ------------
...dd-missing-closing-wrapper-in-test_tls1_3.patch | 37 -------
...ix-test_ssl.test_options-to-account-for-O.patch | 37 -------
...ix-test_default_ecdh_curve-needs-no-tlsv1.patch | 34 ------
.../python/{python_2.7.15.bb => python_2.7.16.bb} | 56 +++++-----
10 files changed, 29 insertions(+), 486 deletions(-)
rename meta/recipes-devtools/python/{python-native_2.7.15.bb => python-native_2.7.16.bb} (96%)
delete mode 100644 meta/recipes-devtools/python/python/0001-2.7-bpo-34623-Use-XML_SetHashSalt-in-_elementtree-GH.patch
delete mode 100644 meta/recipes-devtools/python/python/0001-bpo-33354-Fix-test_ssl-when-a-filename-cannot-be-enc.patch
delete mode 100644 meta/recipes-devtools/python/python/0001-bpo-33570-TLS-1.3-ciphers-for-OpenSSL-1.1.1-GH-6976-.patch
delete mode 100644 meta/recipes-devtools/python/python/0001-closes-bpo-34540-Convert-shutil._call_external_zip-t.patch
delete mode 100644 meta/recipes-devtools/python/python/0002-bpo-34818-Add-missing-closing-wrapper-in-test_tls1_3.patch
delete mode 100644 meta/recipes-devtools/python/python/0003-bpo-34834-Fix-test_ssl.test_options-to-account-for-O.patch
delete mode 100644 meta/recipes-devtools/python/python/0004-bpo-34836-fix-test_default_ecdh_curve-needs-no-tlsv1.patch
rename meta/recipes-devtools/python/{python_2.7.15.bb => python_2.7.16.bb} (86%)
diff --git a/meta/recipes-devtools/python/python-native_2.7.15.bb b/meta/recipes-devtools/python/python-native_2.7.16.bb
similarity index 96%
rename from meta/recipes-devtools/python/python-native_2.7.15.bb
rename to meta/recipes-devtools/python/python-native_2.7.16.bb
index 26d67df..b744280 100644
--- a/meta/recipes-devtools/python/python-native_2.7.15.bb
+++ b/meta/recipes-devtools/python/python-native_2.7.16.bb
@@ -1,7 +1,6 @@
require python.inc
EXTRANATIVEPATH += "bzip2-native"
DEPENDS = "openssl-native bzip2-replacement-native zlib-native readline-native sqlite3-native expat-native gdbm-native db-native"
-PR = "${INC_PR}.1"
SRC_URI += "\
file://05-enable-ctypes-cross-build.patch \
@@ -17,7 +16,6 @@ SRC_URI += "\
file://parallel-makeinst-create-bindir.patch \
file://revert_use_of_sysconfigdata.patch \
file://0001-python-native-fix-one-do_populate_sysroot-warning.patch \
- file://0001-2.7-bpo-34623-Use-XML_SetHashSalt-in-_elementtree-GH.patch \
"
S = "${WORKDIR}/Python-${PV}"
diff --git a/meta/recipes-devtools/python/python.inc b/meta/recipes-devtools/python/python.inc
index 6692367..779df53 100644
--- a/meta/recipes-devtools/python/python.inc
+++ b/meta/recipes-devtools/python/python.inc
@@ -5,18 +5,13 @@ SECTION = "devel/python"
# bump this on every change in contrib/python/generate-manifest-2.7.py
INC_PR = "r1"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=f257cc14f81685691652a3d3e1b5d754"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=e466242989bd33c1bd2b6a526a742498"
SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \
- file://0001-bpo-33570-TLS-1.3-ciphers-for-OpenSSL-1.1.1-GH-6976-.patch \
- file://0002-bpo-34818-Add-missing-closing-wrapper-in-test_tls1_3.patch \
- file://0003-bpo-34834-Fix-test_ssl.test_options-to-account-for-O.patch \
- file://0004-bpo-34836-fix-test_default_ecdh_curve-needs-no-tlsv1.patch \
- file://0001-bpo-33354-Fix-test_ssl-when-a-filename-cannot-be-enc.patch \
"
-SRC_URI[md5sum] = "a80ae3cc478460b922242f43a1b4094d"
-SRC_URI[sha256sum] = "22d9b1ac5b26135ad2b8c2901a9413537e08749a753356ee913c84dbd2df5574"
+SRC_URI[md5sum] = "30157d85a2c0479c09ea2cbe61f2aaf5"
+SRC_URI[sha256sum] = "f222ef602647eecb6853681156d32de4450a2c39f4de93bd5b20235f2e660ed7"
# python recipe is actually python 2.x
# also, exclude pre-releases for both python 2.x and 3.x
diff --git a/meta/recipes-devtools/python/python/0001-2.7-bpo-34623-Use-XML_SetHashSalt-in-_elementtree-GH.patch b/meta/recipes-devtools/python/python/0001-2.7-bpo-34623-Use-XML_SetHashSalt-in-_elementtree-GH.patch
deleted file mode 100644
index 3c0d662..0000000
--- a/meta/recipes-devtools/python/python/0001-2.7-bpo-34623-Use-XML_SetHashSalt-in-_elementtree-GH.patch
+++ /dev/null
@@ -1,96 +0,0 @@
-From 3ffc80959f01f9fde548f1632694b9f950c2dd7c Mon Sep 17 00:00:00 2001
-From: Christian Heimes <christian@python.org>
-Date: Tue, 18 Sep 2018 15:13:09 +0200
-Subject: [PATCH] [2.7] bpo-34623: Use XML_SetHashSalt in _elementtree
- (GH-9146) (GH-9394)
-
-The C accelerated _elementtree module now initializes hash randomization
-salt from _Py_HashSecret instead of libexpat's default CPRNG.
-
-Signed-off-by: Christian Heimes <christian@python.org>
-
-https://bugs.python.org/issue34623.
-(cherry picked from commit cb5778f00ce48631c7140f33ba242496aaf7102b)
-
-Co-authored-by: Christian Heimes <christian@python.org>
-
-
-
-https://bugs.python.org/issue34623
-
-Upstream-Status: Backport
-CVE: CVE-2018-14647
-Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
----
- Include/pyexpat.h | 4 +++-
- Misc/NEWS.d/next/Security/2018-09-10-16-05-39.bpo-34623.Ua9jMv.rst | 2 ++
- Modules/_elementtree.c | 5 +++++
- Modules/pyexpat.c | 5 +++++
- 4 files changed, 15 insertions(+), 1 deletion(-)
- create mode 100644 Misc/NEWS.d/next/Security/2018-09-10-16-05-39.bpo-34623.Ua9jMv.rst
-
-diff --git a/Include/pyexpat.h b/Include/pyexpat.h
-index 5340ef5..3fc5fa5 100644
---- a/Include/pyexpat.h
-+++ b/Include/pyexpat.h
-@@ -3,7 +3,7 @@
-
- /* note: you must import expat.h before importing this module! */
-
--#define PyExpat_CAPI_MAGIC "pyexpat.expat_CAPI 1.0"
-+#define PyExpat_CAPI_MAGIC "pyexpat.expat_CAPI 1.1"
- #define PyExpat_CAPSULE_NAME "pyexpat.expat_CAPI"
-
- struct PyExpat_CAPI
-@@ -43,6 +43,8 @@ struct PyExpat_CAPI
- XML_Parser parser, XML_UnknownEncodingHandler handler,
- void *encodingHandlerData);
- void (*SetUserData)(XML_Parser parser, void *userData);
-+ /* might be none for expat < 2.1.0 */
-+ int (*SetHashSalt)(XML_Parser parser, unsigned long hash_salt);
- /* always add new stuff to the end! */
- };
-
-diff --git a/Misc/NEWS.d/next/Security/2018-09-10-16-05-39.bpo-34623.Ua9jMv.rst b/Misc/NEWS.d/next/Security/2018-09-10-16-05-39.bpo-34623.Ua9jMv.rst
-new file mode 100644
-index 0000000..31ad92e
---- /dev/null
-+++ b/Misc/NEWS.d/next/Security/2018-09-10-16-05-39.bpo-34623.Ua9jMv.rst
-@@ -0,0 +1,2 @@
-+The C accelerated _elementtree module now initializes hash randomization
-+salt from _Py_HashSecret instead of libexpat's default CSPRNG.
-diff --git a/Modules/_elementtree.c b/Modules/_elementtree.c
-index 1d316a1..a19cbf7 100644
---- a/Modules/_elementtree.c
-+++ b/Modules/_elementtree.c
-@@ -2574,6 +2574,11 @@ xmlparser(PyObject* self_, PyObject* args, PyObject* kw)
- PyErr_NoMemory();
- return NULL;
- }
-+ /* expat < 2.1.0 has no XML_SetHashSalt() */
-+ if (EXPAT(SetHashSalt) != NULL) {
-+ EXPAT(SetHashSalt)(self->parser,
-+ (unsigned long)_Py_HashSecret.prefix);
-+ }
-
- ALLOC(sizeof(XMLParserObject), "create expatparser");
-
-diff --git a/Modules/pyexpat.c b/Modules/pyexpat.c
-index 2b4d312..1f8c0d7 100644
---- a/Modules/pyexpat.c
-+++ b/Modules/pyexpat.c
-@@ -2042,6 +2042,11 @@ MODULE_INITFUNC(void)
- capi.SetProcessingInstructionHandler = XML_SetProcessingInstructionHandler;
- capi.SetUnknownEncodingHandler = XML_SetUnknownEncodingHandler;
- capi.SetUserData = XML_SetUserData;
-+#if XML_COMBINED_VERSION >= 20100
-+ capi.SetHashSalt = XML_SetHashSalt;
-+#else
-+ capi.SetHashSalt = NULL;
-+#endif
-
- /* export using capsule */
- capi_object = PyCapsule_New(&capi, PyExpat_CAPSULE_NAME, NULL);
---
-2.7.4
-
diff --git a/meta/recipes-devtools/python/python/0001-bpo-33354-Fix-test_ssl-when-a-filename-cannot-be-enc.patch b/meta/recipes-devtools/python/python/0001-bpo-33354-Fix-test_ssl-when-a-filename-cannot-be-enc.patch
deleted file mode 100644
index 4c0b357..0000000
--- a/meta/recipes-devtools/python/python/0001-bpo-33354-Fix-test_ssl-when-a-filename-cannot-be-enc.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-From 19f6bd06af3c7fc0db5f96878aaa68f5589ff13e Mon Sep 17 00:00:00 2001
-From: Pablo Galindo <Pablogsal@gmail.com>
-Date: Thu, 24 May 2018 23:20:44 +0100
-Subject: [PATCH] bpo-33354: Fix test_ssl when a filename cannot be encoded
- (GH-6613)
-
-Skip test_load_dh_params() of test_ssl when Python filesystem encoding
-cannot encode the provided path.
-
-Upstream-Status: Backport [https://github.com/python/cpython/commit/19f6bd06af3c7fc0db5f96878aaa68f5589ff13e]
-Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
----
- Lib/test/test_ssl.py | 9 ++++++++-
- .../next/Tests/2018-04-26-22-39-17.bpo-33354.g35-44.rst | 2 ++
- 2 files changed, 10 insertions(+), 1 deletion(-)
- create mode 100644 Misc/NEWS.d/next/Tests/2018-04-26-22-39-17.bpo-33354.g35-44.rst
-
-diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
-index b59fe73f04..7ced90fdf6 100644
---- a/Lib/test/test_ssl.py
-+++ b/Lib/test/test_ssl.py
-@@ -989,6 +989,13 @@ class ContextTests(unittest.TestCase):
-
-
- def test_load_dh_params(self):
-+ filename = u'dhpäräm.pem'
-+ fs_encoding = sys.getfilesystemencoding()
-+ try:
-+ filename.encode(fs_encoding)
-+ except UnicodeEncodeError:
-+ self.skipTest("filename %r cannot be encoded to the filesystem encoding %r" % (filename, fs_encoding))
-+
- ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
- ctx.load_dh_params(DHFILE)
- if os.name != 'nt':
-@@ -1001,7 +1008,7 @@ class ContextTests(unittest.TestCase):
- with self.assertRaises(ssl.SSLError) as cm:
- ctx.load_dh_params(CERTFILE)
- with support.temp_dir() as d:
-- fname = os.path.join(d, u'dhpäräm.pem')
-+ fname = os.path.join(d, filename)
- shutil.copy(DHFILE, fname)
- ctx.load_dh_params(fname)
-
-diff --git a/Misc/NEWS.d/next/Tests/2018-04-26-22-39-17.bpo-33354.g35-44.rst b/Misc/NEWS.d/next/Tests/2018-04-26-22-39-17.bpo-33354.g35-44.rst
-new file mode 100644
-index 0000000000..c66cecac32
---- /dev/null
-+++ b/Misc/NEWS.d/next/Tests/2018-04-26-22-39-17.bpo-33354.g35-44.rst
-@@ -0,0 +1,2 @@
-+Skip ``test_ssl.test_load_dh_params`` when Python filesystem encoding cannot encode the
-+provided path.
---
-2.17.1
-
diff --git a/meta/recipes-devtools/python/python/0001-bpo-33570-TLS-1.3-ciphers-for-OpenSSL-1.1.1-GH-6976-.patch b/meta/recipes-devtools/python/python/0001-bpo-33570-TLS-1.3-ciphers-for-OpenSSL-1.1.1-GH-6976-.patch
deleted file mode 100644
index 1f70562..0000000
--- a/meta/recipes-devtools/python/python/0001-bpo-33570-TLS-1.3-ciphers-for-OpenSSL-1.1.1-GH-6976-.patch
+++ /dev/null
@@ -1,120 +0,0 @@
-From a333351592f097220fc862911b34d3a300f0985e Mon Sep 17 00:00:00 2001
-From: Christian Heimes <christian@python.org>
-Date: Wed, 15 Aug 2018 09:07:28 +0200
-Subject: [PATCH 1/4] bpo-33570: TLS 1.3 ciphers for OpenSSL 1.1.1 (GH-6976)
- (GH-8760)
-
-Change TLS 1.3 cipher suite settings for compatibility with OpenSSL
-1.1.1-pre6 and newer. OpenSSL 1.1.1 will have TLS 1.3 cipers enabled by
-default.
-
-Also update multissltests to test with latest OpenSSL.
-
-Signed-off-by: Christian Heimes <christian@python.org>.
-(cherry picked from commit 3e630c541b35c96bfe5619165255e559f577ee71)
-
-Co-authored-by: Christian Heimes <christian@python.org>
-
-Upstream-Status: Accepted [https://github.com/python/cpython/pull/8771]
-
-Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
----
- Doc/library/ssl.rst | 8 ++--
- Lib/test/test_ssl.py | 37 +++++++++++--------
- .../2018-05-18-21-50-47.bpo-33570.7CZy4t.rst | 3 ++
- 3 files changed, 27 insertions(+), 21 deletions(-)
- create mode 100644 Misc/NEWS.d/next/Library/2018-05-18-21-50-47.bpo-33570.7CZy4t.rst
-
-diff --git a/Doc/library/ssl.rst b/Doc/library/ssl.rst
-index 0421031772..7c7c85b833 100644
---- a/Doc/library/ssl.rst
-+++ b/Doc/library/ssl.rst
-@@ -294,11 +294,6 @@ purposes.
-
- 3DES was dropped from the default cipher string.
-
-- .. versionchanged:: 2.7.15
--
-- TLS 1.3 cipher suites TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384,
-- and TLS_CHACHA20_POLY1305_SHA256 were added to the default cipher string.
--
- .. function:: _https_verify_certificates(enable=True)
-
- Specifies whether or not server certificates are verified when creating
-@@ -1179,6 +1174,9 @@ to speed up repeated connections from the same clients.
- when connected, the :meth:`SSLSocket.cipher` method of SSL sockets will
- give the currently selected cipher.
-
-+ OpenSSL 1.1.1 has TLS 1.3 cipher suites enabled by default. The suites
-+ cannot be disabled with :meth:`~SSLContext.set_ciphers`.
-+
- .. method:: SSLContext.set_alpn_protocols(protocols)
-
- Specify which protocols the socket should advertise during the SSL/TLS
-diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
-index dc14e22ad1..f51572e319 100644
---- a/Lib/test/test_ssl.py
-+++ b/Lib/test/test_ssl.py
-@@ -2772,19 +2772,24 @@ else:
- sock.do_handshake()
- self.assertEqual(cm.exception.errno, errno.ENOTCONN)
-
-- def test_default_ciphers(self):
-- context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
-- try:
-- # Force a set of weak ciphers on our client context
-- context.set_ciphers("DES")
-- except ssl.SSLError:
-- self.skipTest("no DES cipher available")
-- with ThreadedEchoServer(CERTFILE,
-- ssl_version=ssl.PROTOCOL_SSLv23,
-- chatty=False) as server:
-- with closing(context.wrap_socket(socket.socket())) as s:
-- with self.assertRaises(ssl.SSLError):
-- s.connect((HOST, server.port))
-+ def test_no_shared_ciphers(self):
-+ server_context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
-+ server_context.load_cert_chain(SIGNED_CERTFILE)
-+ client_context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
-+ client_context.verify_mode = ssl.CERT_REQUIRED
-+ client_context.check_hostname = True
-+
-+ # OpenSSL enables all TLS 1.3 ciphers, enforce TLS 1.2 for test
-+ client_context.options |= ssl.OP_NO_TLSv1_3
-+ # Force different suites on client and master
-+ client_context.set_ciphers("AES128")
-+ server_context.set_ciphers("AES256")
-+ with ThreadedEchoServer(context=server_context) as server:
-+ s = client_context.wrap_socket(
-+ socket.socket(),
-+ server_hostname="localhost")
-+ with self.assertRaises(ssl.SSLError):
-+ s.connect((HOST, server.port))
- self.assertIn("no shared cipher", str(server.conn_errors[0]))
-
- def test_version_basic(self):
-@@ -2815,9 +2820,9 @@ else:
- with context.wrap_socket(socket.socket()) as s:
- s.connect((HOST, server.port))
- self.assertIn(s.cipher()[0], [
-- 'TLS13-AES-256-GCM-SHA384',
-- 'TLS13-CHACHA20-POLY1305-SHA256',
-- 'TLS13-AES-128-GCM-SHA256',
-+ 'TLS_AES_256_GCM_SHA384',
-+ 'TLS_CHACHA20_POLY1305_SHA256',
-+ 'TLS_AES_128_GCM_SHA256',
- ])
-
- @unittest.skipUnless(ssl.HAS_ECDH, "test requires ECDH-enabled OpenSSL")
-diff --git a/Misc/NEWS.d/next/Library/2018-05-18-21-50-47.bpo-33570.7CZy4t.rst b/Misc/NEWS.d/next/Library/2018-05-18-21-50-47.bpo-33570.7CZy4t.rst
-new file mode 100644
-index 0000000000..bd719a47e8
---- /dev/null
-+++ b/Misc/NEWS.d/next/Library/2018-05-18-21-50-47.bpo-33570.7CZy4t.rst
-@@ -0,0 +1,3 @@
-+Change TLS 1.3 cipher suite settings for compatibility with OpenSSL
-+1.1.1-pre6 and newer. OpenSSL 1.1.1 will have TLS 1.3 cipers enabled by
-+default.
---
-2.17.1
-
diff --git a/meta/recipes-devtools/python/python/0001-closes-bpo-34540-Convert-shutil._call_external_zip-t.patch b/meta/recipes-devtools/python/python/0001-closes-bpo-34540-Convert-shutil._call_external_zip-t.patch
deleted file mode 100644
index 125db85..0000000
--- a/meta/recipes-devtools/python/python/0001-closes-bpo-34540-Convert-shutil._call_external_zip-t.patch
+++ /dev/null
@@ -1,67 +0,0 @@
-From c7e692c61dc091d07dee573f5f424b6b427ff056 Mon Sep 17 00:00:00 2001
-From: Benjamin Peterson <benjamin@python.org>
-Date: Wed, 29 Aug 2018 21:59:21 -0700
-Subject: [PATCH] closes bpo-34540: Convert shutil._call_external_zip to use
- subprocess rather than distutils.spawn. (GH-8985)
-
-Upstream-Status: Backport
-CVE: CVE-2018-1000802
-Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
----
- Lib/shutil.py | 16 ++++++++++------
- .../Security/2018-08-28-22-11-54.bpo-34540.gfQ0TM.rst | 3 +++
- 2 files changed, 13 insertions(+), 6 deletions(-)
- create mode 100644 Misc/NEWS.d/next/Security/2018-08-28-22-11-54.bpo-34540.gfQ0TM.rst
-
-diff --git a/Lib/shutil.py b/Lib/shutil.py
-index 3462f7c..0ab1a06 100644
---- a/Lib/shutil.py
-+++ b/Lib/shutil.py
-@@ -413,17 +413,21 @@ def _make_tarball(base_name, base_dir, compress="gzip", verbose=0, dry_run=0,
-
- return archive_name
-
--def _call_external_zip(base_dir, zip_filename, verbose=False, dry_run=False):
-+def _call_external_zip(base_dir, zip_filename, verbose, dry_run, logger):
- # XXX see if we want to keep an external call here
- if verbose:
- zipoptions = "-r"
- else:
- zipoptions = "-rq"
-- from distutils.errors import DistutilsExecError
-- from distutils.spawn import spawn
-+ cmd = ["zip", zipoptions, zip_filename, base_dir]
-+ if logger is not None:
-+ logger.info(' '.join(cmd))
-+ if dry_run:
-+ return
-+ import subprocess
- try:
-- spawn(["zip", zipoptions, zip_filename, base_dir], dry_run=dry_run)
-- except DistutilsExecError:
-+ subprocess.check_call(cmd)
-+ except subprocess.CalledProcessError:
- # XXX really should distinguish between "couldn't find
- # external 'zip' command" and "zip failed".
- raise ExecError, \
-@@ -458,7 +462,7 @@ def _make_zipfile(base_name, base_dir, verbose=0, dry_run=0, logger=None):
- zipfile = None
-
- if zipfile is None:
-- _call_external_zip(base_dir, zip_filename, verbose, dry_run)
-+ _call_external_zip(base_dir, zip_filename, verbose, dry_run, logger)
- else:
- if logger is not None:
- logger.info("creating '%s' and adding '%s' to it",
-diff --git a/Misc/NEWS.d/next/Security/2018-08-28-22-11-54.bpo-34540.gfQ0TM.rst b/Misc/NEWS.d/next/Security/2018-08-28-22-11-54.bpo-34540.gfQ0TM.rst
-new file mode 100644
-index 0000000..4f68696
---- /dev/null
-+++ b/Misc/NEWS.d/next/Security/2018-08-28-22-11-54.bpo-34540.gfQ0TM.rst
-@@ -0,0 +1,3 @@
-+When ``shutil.make_archive`` falls back to the external ``zip`` problem, it
-+uses :mod:`subprocess` to invoke it rather than :mod:`distutils.spawn`. This
-+closes a possible shell injection vector.
---
-2.7.4
-
diff --git a/meta/recipes-devtools/python/python/0002-bpo-34818-Add-missing-closing-wrapper-in-test_tls1_3.patch b/meta/recipes-devtools/python/python/0002-bpo-34818-Add-missing-closing-wrapper-in-test_tls1_3.patch
deleted file mode 100644
index 9688271..0000000
--- a/meta/recipes-devtools/python/python/0002-bpo-34818-Add-missing-closing-wrapper-in-test_tls1_3.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 0e1f3856a7e1511fb64d99646c54ddf3897cd444 Mon Sep 17 00:00:00 2001
-From: Dimitri John Ledkov <xnox@ubuntu.com>
-Date: Fri, 28 Sep 2018 14:15:52 +0100
-Subject: [PATCH 2/4] bpo-34818: Add missing closing() wrapper in test_tls1_3.
-
-Python 2.7 socket classes do not implement context manager protocol,
-hence closing() is required around it. Resolves testcase error
-traceback.
-
-Signed-off-by: Dimitri John Ledkov <xnox@ubuntu.com>
-
-https://bugs.python.org/issue34818
-
-Patch taken from Ubuntu.
-
-Upstream-Status: Submitted [https://github.com/python/cpython/pull/9622]
-Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
----
- Lib/test/test_ssl.py | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
-index f51572e319..7a14053cee 100644
---- a/Lib/test/test_ssl.py
-+++ b/Lib/test/test_ssl.py
-@@ -2817,7 +2817,7 @@ else:
- ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1 | ssl.OP_NO_TLSv1_2
- )
- with ThreadedEchoServer(context=context) as server:
-- with context.wrap_socket(socket.socket()) as s:
-+ with closing(context.wrap_socket(socket.socket())) as s:
- s.connect((HOST, server.port))
- self.assertIn(s.cipher()[0], [
- 'TLS_AES_256_GCM_SHA384',
---
-2.17.1
-
diff --git a/meta/recipes-devtools/python/python/0003-bpo-34834-Fix-test_ssl.test_options-to-account-for-O.patch b/meta/recipes-devtools/python/python/0003-bpo-34834-Fix-test_ssl.test_options-to-account-for-O.patch
deleted file mode 100644
index 77016cb..0000000
--- a/meta/recipes-devtools/python/python/0003-bpo-34834-Fix-test_ssl.test_options-to-account-for-O.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 8b06d56d26eee289fec22b9b72ab4c7cc3d6c482 Mon Sep 17 00:00:00 2001
-From: Dimitri John Ledkov <xnox@ubuntu.com>
-Date: Fri, 28 Sep 2018 16:34:16 +0100
-Subject: [PATCH 3/4] bpo-34834: Fix test_ssl.test_options to account for
- OP_ENABLE_MIDDLEBOX_COMPAT.
-
-Signed-off-by: Dimitri John Ledkov <xnox@ubuntu.com>
-
-https://bugs.python.org/issue34834
-
-Patch taken from Ubuntu.
-Upstream-Status: Submitted [https://github.com/python/cpython/pull/9624]
-
-Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
----
- Lib/test/test_ssl.py | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
-index 7a14053cee..efc906a5ba 100644
---- a/Lib/test/test_ssl.py
-+++ b/Lib/test/test_ssl.py
-@@ -777,6 +777,11 @@ class ContextTests(unittest.TestCase):
- default = (ssl.OP_ALL | ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3)
- if not IS_LIBRESSL and ssl.OPENSSL_VERSION_INFO >= (1, 1, 0):
- default |= ssl.OP_NO_COMPRESSION
-+ if not IS_LIBRESSL and ssl.OPENSSL_VERSION_INFO >= (1, 1, 1):
-+ # define MIDDLEBOX constant, as python2.7 does not know about it
-+ # but it is used by default.
-+ OP_ENABLE_MIDDLEBOX_COMPAT = 1048576L
-+ default |= OP_ENABLE_MIDDLEBOX_COMPAT
- self.assertEqual(default, ctx.options)
- ctx.options |= ssl.OP_NO_TLSv1
- self.assertEqual(default | ssl.OP_NO_TLSv1, ctx.options)
---
-2.17.1
-
diff --git a/meta/recipes-devtools/python/python/0004-bpo-34836-fix-test_default_ecdh_curve-needs-no-tlsv1.patch b/meta/recipes-devtools/python/python/0004-bpo-34836-fix-test_default_ecdh_curve-needs-no-tlsv1.patch
deleted file mode 100644
index 39e1bcf..0000000
--- a/meta/recipes-devtools/python/python/0004-bpo-34836-fix-test_default_ecdh_curve-needs-no-tlsv1.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 946a7969345c6697697effd226ec396d3fea05b7 Mon Sep 17 00:00:00 2001
-From: Dimitri John Ledkov <xnox@ubuntu.com>
-Date: Fri, 28 Sep 2018 17:30:19 +0100
-Subject: [PATCH 4/4] bpo-34836: fix test_default_ecdh_curve, needs no tlsv1.3.
-
-Signed-off-by: Dimitri John Ledkov <xnox@ubuntu.com>
-
-https://bugs.python.org/issue34836
-
-Patch taken from Ubuntu.
-Upstream-Status: Submitted [https://github.com/python/cpython/pull/9626]
-
-Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
----
- Lib/test/test_ssl.py | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
-index efc906a5ba..4a3286cd5f 100644
---- a/Lib/test/test_ssl.py
-+++ b/Lib/test/test_ssl.py
-@@ -2836,6 +2836,9 @@ else:
- # should be enabled by default on SSL contexts.
- context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
- context.load_cert_chain(CERTFILE)
-+ # TLSv1.3 defaults to PFS key agreement and no longer has KEA in
-+ # cipher name.
-+ context.options |= ssl.OP_NO_TLSv1_3
- # Prior to OpenSSL 1.0.0, ECDH ciphers have to be enabled
- # explicitly using the 'ECCdraft' cipher alias. Otherwise,
- # our default cipher list should prefer ECDH-based ciphers
---
-2.17.1
-
diff --git a/meta/recipes-devtools/python/python_2.7.15.bb b/meta/recipes-devtools/python/python_2.7.16.bb
similarity index 86%
rename from meta/recipes-devtools/python/python_2.7.15.bb
rename to meta/recipes-devtools/python/python_2.7.16.bb
index 62051a2..0e7dd2b 100644
--- a/meta/recipes-devtools/python/python_2.7.15.bb
+++ b/meta/recipes-devtools/python/python_2.7.16.bb
@@ -3,38 +3,34 @@ require python.inc
DEPENDS = "python-native libffi bzip2 gdbm openssl \
readline sqlite3 zlib virtual/crypt"
-PR = "${INC_PR}"
-
DISTRO_SRC_URI ?= "file://sitecustomize.py"
DISTRO_SRC_URI_linuxstdbase = ""
-SRC_URI += "\
- file://01-use-proper-tools-for-cross-build.patch \
- file://03-fix-tkinter-detection.patch \
- file://06-avoid_usr_lib_termcap_path_in_linking.patch \
- ${DISTRO_SRC_URI} \
- file://multilib.patch \
- file://cgi_py.patch \
- file://setup_py_skip_cross_import_check.patch \
- file://add-md5module-support.patch \
- file://host_include_contamination.patch \
- file://fix_for_using_different_libdir.patch \
- file://setuptweaks.patch \
- file://check-if-target-is-64b-not-host.patch \
- file://search_db_h_in_inc_dirs_and_avoid_warning.patch \
- ${@bb.utils.contains('PACKAGECONFIG', 'tk', '', 'file://avoid_warning_about_tkinter.patch', d)} \
- file://avoid_warning_for_sunos_specific_module.patch \
- file://python-2.7.3-remove-bsdb-rpath.patch \
- file://run-ptest \
- file://parallel-makeinst-create-bindir.patch \
- file://use_sysroot_ncurses_instead_of_host.patch \
- file://add-CROSSPYTHONPATH-for-PYTHON_FOR_BUILD.patch \
- file://pass-missing-libraries-to-Extension-for-mul.patch \
- file://support_SOURCE_DATE_EPOCH_in_py_compile_2.7.patch \
- file://float-endian.patch \
- file://0001-closes-bpo-34540-Convert-shutil._call_external_zip-t.patch \
- file://0001-2.7-bpo-34623-Use-XML_SetHashSalt-in-_elementtree-GH.patch \
- file://0001-python2-use-cc_basename-to-replace-CC-for-checking-c.patch \
-"
+SRC_URI += " \
+ file://01-use-proper-tools-for-cross-build.patch \
+ file://03-fix-tkinter-detection.patch \
+ file://06-avoid_usr_lib_termcap_path_in_linking.patch \
+ ${DISTRO_SRC_URI} \
+ file://multilib.patch \
+ file://cgi_py.patch \
+ file://setup_py_skip_cross_import_check.patch \
+ file://add-md5module-support.patch \
+ file://host_include_contamination.patch \
+ file://fix_for_using_different_libdir.patch \
+ file://setuptweaks.patch \
+ file://check-if-target-is-64b-not-host.patch \
+ file://search_db_h_in_inc_dirs_and_avoid_warning.patch \
+ ${@bb.utils.contains('PACKAGECONFIG', 'tk', '', 'file://avoid_warning_about_tkinter.patch', d)} \
+ file://avoid_warning_for_sunos_specific_module.patch \
+ file://python-2.7.3-remove-bsdb-rpath.patch \
+ file://run-ptest \
+ file://parallel-makeinst-create-bindir.patch \
+ file://use_sysroot_ncurses_instead_of_host.patch \
+ file://add-CROSSPYTHONPATH-for-PYTHON_FOR_BUILD.patch \
+ file://pass-missing-libraries-to-Extension-for-mul.patch \
+ file://support_SOURCE_DATE_EPOCH_in_py_compile_2.7.patch \
+ file://float-endian.patch \
+ file://0001-python2-use-cc_basename-to-replace-CC-for-checking-c.patch \
+ "
S = "${WORKDIR}/Python-${PV}"
--
2.7.4
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [PATCH 05/21] python: add a fix for CVE-2019-9948 and CVE-2019-9636
2019-06-03 15:06 [PATCH 00/21] Warrior-next patch review Armin Kuster
` (3 preceding siblings ...)
2019-06-03 15:06 ` [PATCH 04/21] python: update to 2.7.16 Armin Kuster
@ 2019-06-03 15:06 ` Armin Kuster
2019-06-03 15:06 ` [PATCH 06/21] openssh: Avoid PROVIDES warning from rng-tools dependency Armin Kuster
` (15 subsequent siblings)
20 siblings, 0 replies; 24+ messages in thread
From: Armin Kuster @ 2019-06-03 15:06 UTC (permalink / raw)
To: openembedded-core
From: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
.../python/bpo-35907-cve-2019-9948-fix.patch | 55 ++++++++++
.../python/python/bpo-35907-cve-2019-9948.patch | 55 ++++++++++
.../python/bpo-36216-cve-2019-9636-fix.patch | 28 ++++++
.../python/python/bpo-36216-cve-2019-9636.patch | 111 +++++++++++++++++++++
meta/recipes-devtools/python/python_2.7.16.bb | 6 +-
5 files changed, 254 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-devtools/python/python/bpo-35907-cve-2019-9948-fix.patch
create mode 100644 meta/recipes-devtools/python/python/bpo-35907-cve-2019-9948.patch
create mode 100644 meta/recipes-devtools/python/python/bpo-36216-cve-2019-9636-fix.patch
create mode 100644 meta/recipes-devtools/python/python/bpo-36216-cve-2019-9636.patch
diff --git a/meta/recipes-devtools/python/python/bpo-35907-cve-2019-9948-fix.patch b/meta/recipes-devtools/python/python/bpo-35907-cve-2019-9948-fix.patch
new file mode 100644
index 0000000..b267237
--- /dev/null
+++ b/meta/recipes-devtools/python/python/bpo-35907-cve-2019-9948-fix.patch
@@ -0,0 +1,55 @@
+From 179a5f75f1121dab271fe8f90eb35145f9dcbbda Mon Sep 17 00:00:00 2001
+From: Sihoon Lee <push0ebp@gmail.com>
+Date: Fri, 17 May 2019 02:41:06 +0900
+Subject: [PATCH] Update test_urllib.py and urllib.py\nchange assertEqual into
+ assertRasies in DummyURLopener test, and simplify mitigation
+
+Upstream-Status: Submitted https://github.com/python/cpython/pull/11842
+
+CVE: CVE-2019-9948
+
+Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
+---
+ Lib/test/test_urllib.py | 11 +++--------
+ Lib/urllib.py | 4 ++--
+ 2 files changed, 5 insertions(+), 10 deletions(-)
+
+diff --git a/Lib/test/test_urllib.py b/Lib/test/test_urllib.py
+index e5f210e62a18..1e23dfb0bb16 100644
+--- a/Lib/test/test_urllib.py
++++ b/Lib/test/test_urllib.py
+@@ -1027,14 +1027,9 @@ def test_local_file_open(self):
+ class DummyURLopener(urllib.URLopener):
+ def open_local_file(self, url):
+ return url
+- self.assertEqual(DummyURLopener().open(
+- 'local-file://example'), '//example')
+- self.assertEqual(DummyURLopener().open(
+- 'local_file://example'), '//example')
+- self.assertRaises(IOError, urllib.urlopen,
+- 'local-file://example')
+- self.assertRaises(IOError, urllib.urlopen,
+- 'local_file://example')
++ for url in ('local_file://example', 'local-file://example'):
++ self.assertRaises(IOError, DummyURLopener().open, url)
++ self.assertRaises(IOError, urllib.urlopen, url)
+
+ # Just commented them out.
+ # Can't really tell why keep failing in windows and sparc.
+diff --git a/Lib/urllib.py b/Lib/urllib.py
+index a24e9a5c68fb..39b834054e9e 100644
+--- a/Lib/urllib.py
++++ b/Lib/urllib.py
+@@ -203,10 +203,10 @@ def open(self, fullurl, data=None):
+ name = 'open_' + urltype
+ self.type = urltype
+ name = name.replace('-', '_')
+-
++
+ # bpo-35907: # disallow the file reading with the type not allowed
+ if not hasattr(self, name) or \
+- (self == _urlopener and name == 'open_local_file'):
++ getattr(self, name) == self.open_local_file:
+ if proxy:
+ return self.open_unknown_proxy(proxy, fullurl, data)
+ else:
diff --git a/meta/recipes-devtools/python/python/bpo-35907-cve-2019-9948.patch b/meta/recipes-devtools/python/python/bpo-35907-cve-2019-9948.patch
new file mode 100644
index 0000000..f4c225d
--- /dev/null
+++ b/meta/recipes-devtools/python/python/bpo-35907-cve-2019-9948.patch
@@ -0,0 +1,55 @@
+From 8f99cc799e4393bf1112b9395b2342f81b3f45ef Mon Sep 17 00:00:00 2001
+From: push0ebp <push0ebp@shl-MacBook-Pro.local>
+Date: Thu, 14 Feb 2019 02:05:46 +0900
+Subject: [PATCH] bpo-35907: Avoid file reading as disallowing the unnecessary
+ URL scheme in urllib
+
+Upstream-Status: Submitted https://github.com/python/cpython/pull/11842
+
+CVE: CVE-2019-9948
+
+Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
+---
+ Lib/test/test_urllib.py | 12 ++++++++++++
+ Lib/urllib.py | 5 ++++-
+ 2 files changed, 16 insertions(+), 1 deletion(-)
+
+diff --git a/Lib/test/test_urllib.py b/Lib/test/test_urllib.py
+index 1ce9201c0693..e5f210e62a18 100644
+--- a/Lib/test/test_urllib.py
++++ b/Lib/test/test_urllib.py
+@@ -1023,6 +1023,18 @@ def open_spam(self, url):
+ "spam://c:|windows%/:=&?~#+!$,;'@()*[]|/path/"),
+ "//c:|windows%/:=&?~#+!$,;'@()*[]|/path/")
+
++ def test_local_file_open(self):
++ class DummyURLopener(urllib.URLopener):
++ def open_local_file(self, url):
++ return url
++ self.assertEqual(DummyURLopener().open(
++ 'local-file://example'), '//example')
++ self.assertEqual(DummyURLopener().open(
++ 'local_file://example'), '//example')
++ self.assertRaises(IOError, urllib.urlopen,
++ 'local-file://example')
++ self.assertRaises(IOError, urllib.urlopen,
++ 'local_file://example')
+
+ # Just commented them out.
+ # Can't really tell why keep failing in windows and sparc.
+diff --git a/Lib/urllib.py b/Lib/urllib.py
+index d85504a5cb7e..a24e9a5c68fb 100644
+--- a/Lib/urllib.py
++++ b/Lib/urllib.py
+@@ -203,7 +203,10 @@ def open(self, fullurl, data=None):
+ name = 'open_' + urltype
+ self.type = urltype
+ name = name.replace('-', '_')
+- if not hasattr(self, name):
++
++ # bpo-35907: # disallow the file reading with the type not allowed
++ if not hasattr(self, name) or \
++ (self == _urlopener and name == 'open_local_file'):
+ if proxy:
+ return self.open_unknown_proxy(proxy, fullurl, data)
+ else:
diff --git a/meta/recipes-devtools/python/python/bpo-36216-cve-2019-9636-fix.patch b/meta/recipes-devtools/python/python/bpo-36216-cve-2019-9636-fix.patch
new file mode 100644
index 0000000..2ce4d2c
--- /dev/null
+++ b/meta/recipes-devtools/python/python/bpo-36216-cve-2019-9636-fix.patch
@@ -0,0 +1,28 @@
+From 06b5ee585d6e76bdbb4002f642d864d860cbbd2b Mon Sep 17 00:00:00 2001
+From: Steve Dower <steve.dower@python.org>
+Date: Tue, 12 Mar 2019 08:23:33 -0700
+Subject: [PATCH] bpo-36216: Only print test messages when verbose
+
+CVE: CVE-2019-9636
+
+Upstream-Status: Backport https://github.com/python/cpython/pull/12291/commits/06b5ee585d6e76bdbb4002f642d864d860cbbd2b
+
+Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
+---
+ Lib/test/test_urlparse.py | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/Lib/test/test_urlparse.py b/Lib/test/test_urlparse.py
+index 73b0228ea8e3..1830d0b28688 100644
+--- a/Lib/test/test_urlparse.py
++++ b/Lib/test/test_urlparse.py
+@@ -644,7 +644,8 @@ def test_urlsplit_normalization(self):
+ for scheme in [u"http", u"https", u"ftp"]:
+ for c in denorm_chars:
+ url = u"{}://netloc{}false.netloc/path".format(scheme, c)
+- print "Checking %r" % url
++ if test_support.verbose:
++ print "Checking %r" % url
+ with self.assertRaises(ValueError):
+ urlparse.urlsplit(url)
+
diff --git a/meta/recipes-devtools/python/python/bpo-36216-cve-2019-9636.patch b/meta/recipes-devtools/python/python/bpo-36216-cve-2019-9636.patch
new file mode 100644
index 0000000..352b13b
--- /dev/null
+++ b/meta/recipes-devtools/python/python/bpo-36216-cve-2019-9636.patch
@@ -0,0 +1,111 @@
+From 3e3669c9c41a27e1466e2c28b3906e3dd0ce3e7e Mon Sep 17 00:00:00 2001
+From: Steve Dower <steve.dower@python.org>
+Date: Thu, 7 Mar 2019 08:25:22 -0800
+Subject: [PATCH] bpo-36216: Add check for characters in netloc that normalize
+ to separators (GH-12201)
+
+CVE: CVE-2019-9636
+
+Upstream-Status: Backport https://github.com/python/cpython/pull/12216/commits/3e3669c9c41a27e1466e2c28b3906e3dd0ce3e7e
+
+Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
+---
+ Doc/library/urlparse.rst | 20 ++++++++++++++++
+ Lib/test/test_urlparse.py | 24 +++++++++++++++++++
+ Lib/urlparse.py | 17 +++++++++++++
+ .../2019-03-06-09-38-40.bpo-36216.6q1m4a.rst | 3 +++
+ 4 files changed, 64 insertions(+)
+ create mode 100644 Misc/NEWS.d/next/Security/2019-03-06-09-38-40.bpo-36216.6q1m4a.rst
+
+diff --git a/Lib/test/test_urlparse.py b/Lib/test/test_urlparse.py
+index 4e1ded73c266..73b0228ea8e3 100644
+--- a/Lib/test/test_urlparse.py
++++ b/Lib/test/test_urlparse.py
+@@ -1,4 +1,6 @@
+ from test import test_support
++import sys
++import unicodedata
+ import unittest
+ import urlparse
+
+@@ -624,6 +626,28 @@ def test_portseparator(self):
+ self.assertEqual(urlparse.urlparse("http://www.python.org:80"),
+ ('http','www.python.org:80','','','',''))
+
++ def test_urlsplit_normalization(self):
++ # Certain characters should never occur in the netloc,
++ # including under normalization.
++ # Ensure that ALL of them are detected and cause an error
++ illegal_chars = u'/:#?@'
++ hex_chars = {'{:04X}'.format(ord(c)) for c in illegal_chars}
++ denorm_chars = [
++ c for c in map(unichr, range(128, sys.maxunicode))
++ if (hex_chars & set(unicodedata.decomposition(c).split()))
++ and c not in illegal_chars
++ ]
++ # Sanity check that we found at least one such character
++ self.assertIn(u'\u2100', denorm_chars)
++ self.assertIn(u'\uFF03', denorm_chars)
++
++ for scheme in [u"http", u"https", u"ftp"]:
++ for c in denorm_chars:
++ url = u"{}://netloc{}false.netloc/path".format(scheme, c)
++ print "Checking %r" % url
++ with self.assertRaises(ValueError):
++ urlparse.urlsplit(url)
++
+ def test_main():
+ test_support.run_unittest(UrlParseTestCase)
+
+diff --git a/Lib/urlparse.py b/Lib/urlparse.py
+index f7c2b032b097..54eda08651ab 100644
+--- a/Lib/urlparse.py
++++ b/Lib/urlparse.py
+@@ -165,6 +165,21 @@ def _splitnetloc(url, start=0):
+ delim = min(delim, wdelim) # use earliest delim position
+ return url[start:delim], url[delim:] # return (domain, rest)
+
++def _checknetloc(netloc):
++ if not netloc or not isinstance(netloc, unicode):
++ return
++ # looking for characters like \u2100 that expand to 'a/c'
++ # IDNA uses NFKC equivalence, so normalize for this check
++ import unicodedata
++ netloc2 = unicodedata.normalize('NFKC', netloc)
++ if netloc == netloc2:
++ return
++ _, _, netloc = netloc.rpartition('@') # anything to the left of '@' is okay
++ for c in '/?#@:':
++ if c in netloc2:
++ raise ValueError("netloc '" + netloc2 + "' contains invalid " +
++ "characters under NFKC normalization")
++
+ def urlsplit(url, scheme='', allow_fragments=True):
+ """Parse a URL into 5 components:
+ <scheme>://<netloc>/<path>?<query>#<fragment>
+@@ -193,6 +208,7 @@ def urlsplit(url, scheme='', allow_fragments=True):
+ url, fragment = url.split('#', 1)
+ if '?' in url:
+ url, query = url.split('?', 1)
++ _checknetloc(netloc)
+ v = SplitResult(scheme, netloc, url, query, fragment)
+ _parse_cache[key] = v
+ return v
+@@ -216,6 +232,7 @@ def urlsplit(url, scheme='', allow_fragments=True):
+ url, fragment = url.split('#', 1)
+ if '?' in url:
+ url, query = url.split('?', 1)
++ _checknetloc(netloc)
+ v = SplitResult(scheme, netloc, url, query, fragment)
+ _parse_cache[key] = v
+ return v
+diff --git a/Misc/NEWS.d/next/Security/2019-03-06-09-38-40.bpo-36216.6q1m4a.rst b/Misc/NEWS.d/next/Security/2019-03-06-09-38-40.bpo-36216.6q1m4a.rst
+new file mode 100644
+index 000000000000..1e1ad92c6feb
+--- /dev/null
++++ b/Misc/NEWS.d/next/Security/2019-03-06-09-38-40.bpo-36216.6q1m4a.rst
+@@ -0,0 +1,3 @@
++Changes urlsplit() to raise ValueError when the URL contains characters that
++decompose under IDNA encoding (NFKC-normalization) into characters that
++affect how the URL is parsed.
+\ No newline at end of file
diff --git a/meta/recipes-devtools/python/python_2.7.16.bb b/meta/recipes-devtools/python/python_2.7.16.bb
index 0e7dd2b..d70342f 100644
--- a/meta/recipes-devtools/python/python_2.7.16.bb
+++ b/meta/recipes-devtools/python/python_2.7.16.bb
@@ -30,7 +30,11 @@ SRC_URI += " \
file://support_SOURCE_DATE_EPOCH_in_py_compile_2.7.patch \
file://float-endian.patch \
file://0001-python2-use-cc_basename-to-replace-CC-for-checking-c.patch \
- "
+ file://bpo-35907-cve-2019-9948.patch \
+ file://bpo-35907-cve-2019-9948-fix.patch \
+ file://bpo-36216-cve-2019-9636.patch \
+ file://bpo-36216-cve-2019-9636-fix.patch \
+"
S = "${WORKDIR}/Python-${PV}"
--
2.7.4
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [PATCH 06/21] openssh: Avoid PROVIDES warning from rng-tools dependency
2019-06-03 15:06 [PATCH 00/21] Warrior-next patch review Armin Kuster
` (4 preceding siblings ...)
2019-06-03 15:06 ` [PATCH 05/21] python: add a fix for CVE-2019-9948 and CVE-2019-9636 Armin Kuster
@ 2019-06-03 15:06 ` Armin Kuster
2019-06-10 19:17 ` Sylvain Lemieux
2019-06-03 15:06 ` [PATCH 07/21] ptest: Add RDEPENDS frpm PN-ptest to PN package Armin Kuster
` (14 subsequent siblings)
20 siblings, 1 reply; 24+ messages in thread
From: Armin Kuster @ 2019-06-03 15:06 UTC (permalink / raw)
To: openembedded-core
From: Richard Purdie <richard.purdie@linuxfoundation.org>
Avoid the warning:
WARNING: Nothing RPROVIDES 'nativesdk-rng-tools' (but virtual:nativesdk:/home/pokybuild/yocto-worker/build-appliance/build/meta/recipes-connectivity/openssh/openssh_7.9p1.bb RDEPENDS on or otherwise requires it)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
meta/recipes-connectivity/openssh/openssh_7.9p1.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-connectivity/openssh/openssh_7.9p1.bb b/meta/recipes-connectivity/openssh/openssh_7.9p1.bb
index 976bcc5..3b4ed72 100644
--- a/meta/recipes-connectivity/openssh/openssh_7.9p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_7.9p1.bb
@@ -148,7 +148,7 @@ FILES_${PN}-keygen = "${bindir}/ssh-keygen"
RDEPENDS_${PN} += "${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-keygen"
RDEPENDS_${PN}-sshd += "${PN}-keygen ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-keyinit pam-plugin-loginuid', '', d)}"
-RRECOMMENDS_${PN}-sshd += "rng-tools"
+RRECOMMENDS_${PN}-sshd_append_class-target = " rng-tools"
RDEPENDS_${PN}-ptest += "${PN}-sftp ${PN}-misc ${PN}-sftp-server make sed"
RPROVIDES_${PN}-ssh = "ssh"
--
2.7.4
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [PATCH 07/21] ptest: Add RDEPENDS frpm PN-ptest to PN package
2019-06-03 15:06 [PATCH 00/21] Warrior-next patch review Armin Kuster
` (5 preceding siblings ...)
2019-06-03 15:06 ` [PATCH 06/21] openssh: Avoid PROVIDES warning from rng-tools dependency Armin Kuster
@ 2019-06-03 15:06 ` Armin Kuster
2019-06-03 15:06 ` [PATCH 08/21] gettext/flex/m4/bzip2/gzip/parted/slang/attr: Add make to -ptest packages Armin Kuster
` (13 subsequent siblings)
20 siblings, 0 replies; 24+ messages in thread
From: Armin Kuster @ 2019-06-03 15:06 UTC (permalink / raw)
To: openembedded-core
From: Richard Purdie <richard.purdie@linuxfoundation.org>
Many different ptests are breaking as they assume that ${PN}-ptest
depends on ${PN}. It doesn't currently but should. If we fix this, many
different ptests start passing when they previously failed.
It does depend on fixing an issue in the dbus-test recipe which is done
in the preceeding patch (mentioned in case this gets backported).
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
meta/classes/ptest.bbclass | 1 +
1 file changed, 1 insertion(+)
diff --git a/meta/classes/ptest.bbclass b/meta/classes/ptest.bbclass
index 936bf82..fa4c36e 100644
--- a/meta/classes/ptest.bbclass
+++ b/meta/classes/ptest.bbclass
@@ -13,6 +13,7 @@ PTEST_ENABLED = "${@bb.utils.contains('DISTRO_FEATURES', 'ptest', '1', '0', d)}"
PTEST_ENABLED_class-native = ""
PTEST_ENABLED_class-nativesdk = ""
PTEST_ENABLED_class-cross-canadian = ""
+RDEPENDS_${PN}-ptest += "${PN}"
RDEPENDS_${PN}-ptest_class-native = ""
RDEPENDS_${PN}-ptest_class-nativesdk = ""
RRECOMMENDS_${PN}-ptest += "ptest-runner"
--
2.7.4
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [PATCH 08/21] gettext/flex/m4/bzip2/gzip/parted/slang/attr: Add make to -ptest packages
2019-06-03 15:06 [PATCH 00/21] Warrior-next patch review Armin Kuster
` (6 preceding siblings ...)
2019-06-03 15:06 ` [PATCH 07/21] ptest: Add RDEPENDS frpm PN-ptest to PN package Armin Kuster
@ 2019-06-03 15:06 ` Armin Kuster
2019-06-03 15:06 ` [PATCH 09/21] apr/apr-util: Add ptest dependency on libgcc Armin Kuster
` (12 subsequent siblings)
20 siblings, 0 replies; 24+ messages in thread
From: Armin Kuster @ 2019-06-03 15:06 UTC (permalink / raw)
To: openembedded-core
From: Richard Purdie <richard.purdie@linuxfoundation.org>
This solves ptest runtime errors where make was missing causing the ptests
to fail.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
[Fixup for warrior context]
[Dropped ptest fixes for pkg w/o ptests in warrior]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
meta/recipes-devtools/flex/flex_2.6.0.bb | 2 +-
meta/recipes-extended/gzip/gzip_1.10.bb | 2 ++
meta/recipes-extended/parted/parted_3.2.bb | 2 +-
meta/recipes-extended/slang/slang_2.3.2.bb | 2 ++
meta/recipes-support/attr/attr.inc | 2 +-
5 files changed, 7 insertions(+), 3 deletions(-)
diff --git a/meta/recipes-devtools/flex/flex_2.6.0.bb b/meta/recipes-devtools/flex/flex_2.6.0.bb
index b89b751..b477cd8 100644
--- a/meta/recipes-devtools/flex/flex_2.6.0.bb
+++ b/meta/recipes-devtools/flex/flex_2.6.0.bb
@@ -48,7 +48,7 @@ PACKAGES =+ "${PN}-libfl"
FILES_${PN}-libfl = "${libdir}/libfl.so.* ${libdir}/libfl_pic.so.*"
RDEPENDS_${PN} += "m4"
-RDEPENDS_${PN}-ptest += "bash gawk"
+RDEPENDS_${PN}-ptest += "bash gawk make"
do_compile_ptest() {
oe_runmake -C ${B}/tests -f ${B}/tests/Makefile top_builddir=${B} INCLUDES=-I${S}/src buildtests
diff --git a/meta/recipes-extended/gzip/gzip_1.10.bb b/meta/recipes-extended/gzip/gzip_1.10.bb
index 75de970..6a5b245 100644
--- a/meta/recipes-extended/gzip/gzip_1.10.bb
+++ b/meta/recipes-extended/gzip/gzip_1.10.bb
@@ -12,6 +12,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504 \
PROVIDES_append_class-native = " gzip-replacement-native"
+RDEPENDS_${PN}-ptest += "make"
+
BBCLASSEXTEND = "native"
inherit ptest
diff --git a/meta/recipes-extended/parted/parted_3.2.bb b/meta/recipes-extended/parted/parted_3.2.bb
index 6189fd2..ceac528 100644
--- a/meta/recipes-extended/parted/parted_3.2.bb
+++ b/meta/recipes-extended/parted/parted_3.2.bb
@@ -47,7 +47,7 @@ do_install_ptest() {
sed -e 's| ../parted||' -i $t/tests/*.sh
}
-RDEPENDS_${PN}-ptest = "bash coreutils perl util-linux-losetup python3"
+RDEPENDS_${PN}-ptest = "bash coreutils perl util-linux-losetup python3 make"
inherit update-alternatives
diff --git a/meta/recipes-extended/slang/slang_2.3.2.bb b/meta/recipes-extended/slang/slang_2.3.2.bb
index e53c432..e329310 100644
--- a/meta/recipes-extended/slang/slang_2.3.2.bb
+++ b/meta/recipes-extended/slang/slang_2.3.2.bb
@@ -75,6 +75,8 @@ do_install_ptest() {
FILES_${PN} += "${libdir}/${BPN}/v2/modules/ ${datadir}/slsh/"
+RDEPENDS_${PN}-ptest += "make"
+
PARALLEL_MAKE = ""
PARALLEL_MAKEINST = ""
diff --git a/meta/recipes-support/attr/attr.inc b/meta/recipes-support/attr/attr.inc
index cfa38a7..1a29eb3 100644
--- a/meta/recipes-support/attr/attr.inc
+++ b/meta/recipes-support/attr/attr.inc
@@ -41,6 +41,6 @@ do_install_ptest() {
sed -e 's|; @echo|; echo|' -i ${D}${PTEST_PATH}/test/Makefile
}
-RDEPENDS_${PN}-ptest = "attr coreutils perl-module-filehandle perl-module-getopt-std perl-module-posix"
+RDEPENDS_${PN}-ptest = "attr coreutils perl-module-filehandle perl-module-getopt-std perl-module-posix make"
BBCLASSEXTEND = "native nativesdk"
--
2.7.4
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [PATCH 09/21] apr/apr-util: Add ptest dependency on libgcc
2019-06-03 15:06 [PATCH 00/21] Warrior-next patch review Armin Kuster
` (7 preceding siblings ...)
2019-06-03 15:06 ` [PATCH 08/21] gettext/flex/m4/bzip2/gzip/parted/slang/attr: Add make to -ptest packages Armin Kuster
@ 2019-06-03 15:06 ` Armin Kuster
2019-06-03 15:06 ` [PATCH 10/21] glib-2.0: add missing libgcc dependency to glib-2.0-ptest Armin Kuster
` (11 subsequent siblings)
20 siblings, 0 replies; 24+ messages in thread
From: Armin Kuster @ 2019-06-03 15:06 UTC (permalink / raw)
To: openembedded-core
From: Richard Purdie <richard.purdie@linuxfoundation.org>
Avoid:
libgcc_s.so.1 must be installed for pthread_cancel to work
when running the ptest without libgcc.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
meta/recipes-support/apr/apr-util_1.6.1.bb | 1 +
meta/recipes-support/apr/apr_1.6.5.bb | 2 ++
2 files changed, 3 insertions(+)
diff --git a/meta/recipes-support/apr/apr-util_1.6.1.bb b/meta/recipes-support/apr/apr-util_1.6.1.bb
index 0c90f8d..1f9fea2 100644
--- a/meta/recipes-support/apr/apr-util_1.6.1.bb
+++ b/meta/recipes-support/apr/apr-util_1.6.1.bb
@@ -79,6 +79,7 @@ INSANE_SKIP_${PN} += "dev-so"
inherit ptest
RDEPENDS_${PN}-ptest_append_libc-glibc = " glibc-gconv-iso8859-1 glibc-gconv-iso8859-2 glibc-gconv-utf-7"
+RDEPENDS_${PN}-ptest += "libgcc"
do_compile_ptest() {
cd ${B}/test
diff --git a/meta/recipes-support/apr/apr_1.6.5.bb b/meta/recipes-support/apr/apr_1.6.5.bb
index 432e4ed..79879ff 100644
--- a/meta/recipes-support/apr/apr_1.6.5.bb
+++ b/meta/recipes-support/apr/apr_1.6.5.bb
@@ -53,6 +53,8 @@ do_configure_prepend() {
FILES_${PN}-dev += "${libdir}/apr.exp ${datadir}/build-1/*"
RDEPENDS_${PN}-dev += "bash"
+RDEPENDS_${PN}-ptest += "libgcc"
+
#for some reason, build/libtool.m4 handled by buildconf still be overwritten
#when autoconf, so handle it again.
do_configure_append() {
--
2.7.4
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [PATCH 10/21] glib-2.0: add missing libgcc dependency to glib-2.0-ptest
2019-06-03 15:06 [PATCH 00/21] Warrior-next patch review Armin Kuster
` (8 preceding siblings ...)
2019-06-03 15:06 ` [PATCH 09/21] apr/apr-util: Add ptest dependency on libgcc Armin Kuster
@ 2019-06-03 15:06 ` Armin Kuster
2019-06-03 15:06 ` [PATCH 11/21] npm: get npm package name from npm pack Armin Kuster
` (10 subsequent siblings)
20 siblings, 0 replies; 24+ messages in thread
From: Armin Kuster @ 2019-06-03 15:06 UTC (permalink / raw)
To: openembedded-core
From: Ross Burton <ross.burton@intel.com>
The thread tests need libgcc for pthread_cancel to work.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
meta/recipes-core/glib-2.0/glib.inc | 1 +
1 file changed, 1 insertion(+)
diff --git a/meta/recipes-core/glib-2.0/glib.inc b/meta/recipes-core/glib-2.0/glib.inc
index 574bb38..9ee0e63 100644
--- a/meta/recipes-core/glib-2.0/glib.inc
+++ b/meta/recipes-core/glib-2.0/glib.inc
@@ -144,6 +144,7 @@ CODEGEN_PYTHON_RDEPENDS_mingw32 = ""
RDEPENDS_${PN}-codegen += "${CODEGEN_PYTHON_RDEPENDS}"
RDEPENDS_${PN}-ptest += "\
+ libgcc \
dbus \
gnome-desktop-testing \
tzdata \
--
2.7.4
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [PATCH 11/21] npm: get npm package name from npm pack
2019-06-03 15:06 [PATCH 00/21] Warrior-next patch review Armin Kuster
` (9 preceding siblings ...)
2019-06-03 15:06 ` [PATCH 10/21] glib-2.0: add missing libgcc dependency to glib-2.0-ptest Armin Kuster
@ 2019-06-03 15:06 ` Armin Kuster
2019-06-03 15:06 ` [PATCH 12/21] npm: fix node and npm default directory conflict Armin Kuster
` (9 subsequent siblings)
20 siblings, 0 replies; 24+ messages in thread
From: Armin Kuster @ 2019-06-03 15:06 UTC (permalink / raw)
To: openembedded-core
From: Jean-Marie LEMETAYER <jean-marie.lemetayer@savoirfairelinux.com>
Fixes [YOCTO #12534]
When using npm packages with exotic names, like "JSONSelect" (with
uppercase) or "@angular/cli" (with at sign and slash), there are three
different names:
- the recipe name ("jsonselect" or "angular-cli")
- the npm module name ("JSONSelect" or "@angular/cli")
- the npm pack name ("JSONSelect" or "angular-cli")
The commit fa9c077068a2acea04389fa2b44eb2e93548fce2 allow to have
different recipe name and npm module name by setting the NPMPN variable.
This commit allows to have yet another npm pack name. The pack filename
is now dynamically retrieved from the 'npm pack' command.
Signed-off-by: Jean-Marie LEMETAYER <jean-marie.lemetayer@savoirfairelinux.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
meta/classes/npm.bbclass | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta/classes/npm.bbclass b/meta/classes/npm.bbclass
index 6dbae6b..3dd2d13 100644
--- a/meta/classes/npm.bbclass
+++ b/meta/classes/npm.bbclass
@@ -53,8 +53,8 @@ npm_do_install() {
# be created in this directory
export HOME=${WORKDIR}
mkdir -p ${D}${libdir}/node_modules
- npm pack .
- npm install --prefix ${D}${prefix} -g --arch=${NPM_ARCH} --target_arch=${NPM_ARCH} --production --no-registry ${NPMPN}-${PV}.tgz
+ local NPM_PACKFILE=$(npm pack .)
+ npm install --prefix ${D}${prefix} -g --arch=${NPM_ARCH} --target_arch=${NPM_ARCH} --production --no-registry ${NPM_PACKFILE}
mv ${D}${libdir}/node_modules ${D}${libdir}/node
if [ -d ${D}${prefix}/etc ] ; then
# This will be empty
--
2.7.4
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [PATCH 12/21] npm: fix node and npm default directory conflict
2019-06-03 15:06 [PATCH 00/21] Warrior-next patch review Armin Kuster
` (10 preceding siblings ...)
2019-06-03 15:06 ` [PATCH 11/21] npm: get npm package name from npm pack Armin Kuster
@ 2019-06-03 15:06 ` Armin Kuster
2019-06-03 15:06 ` [PATCH 13/21] npm: remove some temporary build files Armin Kuster
` (8 subsequent siblings)
20 siblings, 0 replies; 24+ messages in thread
From: Armin Kuster @ 2019-06-03 15:06 UTC (permalink / raw)
To: openembedded-core
From: Jean-Marie LEMETAYER <jean-marie.lemetayer@savoirfairelinux.com>
Fixes [YOCTO #13349]
When dealing with node modules which have declared "bin" files [1], npm
will create a link in '/usr/bin' with a relative link to
'../lib/node_modules/<module bin file>'.
The commits e9270af4296ce2af292059617a717e42fc17425c and
2713d9bcc39c712ef34003ce8424416441be558e explicitely use
'/usr/lib/node/' as install directory, but does not care about the "bin"
symbolic linked files.
In order to keep valid links, and to keep it as simple as possible, the
path '/usr/lib/node_modules/' is used as install directory for npm. And
a symbolic link is created to have a valid '/usr/lib/node/' path, needed
for node.
[1]: https://docs.npmjs.com/files/package.json#bin
Signed-off-by: Jean-Marie LEMETAYER <jean-marie.lemetayer@savoirfairelinux.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
meta/classes/npm.bbclass | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/meta/classes/npm.bbclass b/meta/classes/npm.bbclass
index 3dd2d13..9703f4c 100644
--- a/meta/classes/npm.bbclass
+++ b/meta/classes/npm.bbclass
@@ -10,7 +10,7 @@ def node_pkgname(d):
NPMPN ?= "${@node_pkgname(d)}"
-NPM_INSTALLDIR = "${libdir}/node/${NPMPN}"
+NPM_INSTALLDIR = "${libdir}/node_modules/${NPMPN}"
# function maps arch names to npm arch names
def npm_oe_arch_map(target_arch, d):
@@ -55,7 +55,7 @@ npm_do_install() {
mkdir -p ${D}${libdir}/node_modules
local NPM_PACKFILE=$(npm pack .)
npm install --prefix ${D}${prefix} -g --arch=${NPM_ARCH} --target_arch=${NPM_ARCH} --production --no-registry ${NPM_PACKFILE}
- mv ${D}${libdir}/node_modules ${D}${libdir}/node
+ ln -fs node_modules ${D}${libdir}/node
if [ -d ${D}${prefix}/etc ] ; then
# This will be empty
rmdir ${D}${prefix}/etc
@@ -85,6 +85,8 @@ python populate_packages_prepend () {
}
FILES_${PN} += " \
+ ${bindir} \
+ ${libdir}/node \
${NPM_INSTALLDIR} \
"
--
2.7.4
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [PATCH 13/21] npm: remove some temporary build files
2019-06-03 15:06 [PATCH 00/21] Warrior-next patch review Armin Kuster
` (11 preceding siblings ...)
2019-06-03 15:06 ` [PATCH 12/21] npm: fix node and npm default directory conflict Armin Kuster
@ 2019-06-03 15:06 ` Armin Kuster
2019-06-03 15:06 ` [PATCH 14/21] util-linux: Add missing ptest dependencies Armin Kuster
` (7 subsequent siblings)
20 siblings, 0 replies; 24+ messages in thread
From: Armin Kuster @ 2019-06-03 15:06 UTC (permalink / raw)
To: openembedded-core
From: Jean-Marie LEMETAYER <jean-marie.lemetayer@savoirfairelinux.com>
Fixes [YOCTO #11028]
When dealing with node modules which use "node-gyp" [1] to build native
addons to node. Some temporary build files stay in the image: object
files, static library files, dependency files, ...
This commit does not keep only the required files, but remove the files
which can leads to QA issues (staticdev with static library files).
[1]: https://github.com/nodejs/node-gyp
Signed-off-by: Jean-Marie LEMETAYER <jean-marie.lemetayer@savoirfairelinux.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
meta/classes/npm.bbclass | 1 +
1 file changed, 1 insertion(+)
diff --git a/meta/classes/npm.bbclass b/meta/classes/npm.bbclass
index 9703f4c..4b1f0a3 100644
--- a/meta/classes/npm.bbclass
+++ b/meta/classes/npm.bbclass
@@ -56,6 +56,7 @@ npm_do_install() {
local NPM_PACKFILE=$(npm pack .)
npm install --prefix ${D}${prefix} -g --arch=${NPM_ARCH} --target_arch=${NPM_ARCH} --production --no-registry ${NPM_PACKFILE}
ln -fs node_modules ${D}${libdir}/node
+ find ${D}${NPM_INSTALLDIR} -type f \( -name "*.a" -o -name "*.d" -o -name "*.o" \) -delete
if [ -d ${D}${prefix}/etc ] ; then
# This will be empty
rmdir ${D}${prefix}/etc
--
2.7.4
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [PATCH 14/21] util-linux: Add missing ptest dependencies
2019-06-03 15:06 [PATCH 00/21] Warrior-next patch review Armin Kuster
` (12 preceding siblings ...)
2019-06-03 15:06 ` [PATCH 13/21] npm: remove some temporary build files Armin Kuster
@ 2019-06-03 15:06 ` Armin Kuster
2019-06-03 15:06 ` [PATCH 15/21] perl-rdepends: Add missing module dependencies Armin Kuster
` (6 subsequent siblings)
20 siblings, 0 replies; 24+ messages in thread
From: Armin Kuster @ 2019-06-03 15:06 UTC (permalink / raw)
To: openembedded-core
From: Mariano López <just.another.mariano@gmail.com>
There are some missing dependencies for the util-linux-ptest package
that causes inconsistencies in the package tests run in different images.
The kernel module in RRECOMMENDS is not build at this time, it needs
more testing and check if the configuration change can be part of the
yocto-kernel-cache repository.
Signed-off-by: Mariano López <just.another.mariano@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
meta/recipes-core/util-linux/util-linux.inc | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/meta/recipes-core/util-linux/util-linux.inc b/meta/recipes-core/util-linux/util-linux.inc
index 34255a2..6dfbe0b 100644
--- a/meta/recipes-core/util-linux/util-linux.inc
+++ b/meta/recipes-core/util-linux/util-linux.inc
@@ -142,7 +142,8 @@ RDEPENDS_${PN}_class-nativesdk = ""
RPROVIDES_${PN}-dev = "${PN}-libblkid-dev ${PN}-libmount-dev ${PN}-libuuid-dev"
RDEPENDS_${PN}-bash-completion += "${PN}-lsblk"
-RDEPENDS_${PN}-ptest = "bash grep coreutils which btrfs-tools ${PN} sed"
+RDEPENDS_${PN}-ptest = "bash bc btrfs-tools coreutils e2fsprogs grep iproute2 kmod mdadm ${PN} procps sed socat which xz"
+RRECOMMENDS_${PN}-ptest = "kernel-module-scsi-debug"
RDEPENDS_${PN}-swaponoff = "${PN}-swapon ${PN}-swapoff"
ALLOW_EMPTY_${PN}-swaponoff = "1"
--
2.7.4
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [PATCH 15/21] perl-rdepends: Add missing module dependencies
2019-06-03 15:06 [PATCH 00/21] Warrior-next patch review Armin Kuster
` (13 preceding siblings ...)
2019-06-03 15:06 ` [PATCH 14/21] util-linux: Add missing ptest dependencies Armin Kuster
@ 2019-06-03 15:06 ` Armin Kuster
2019-06-03 15:06 ` [PATCH 16/21] bash: Fix bash-ptest dependencies Armin Kuster
` (5 subsequent siblings)
20 siblings, 0 replies; 24+ messages in thread
From: Armin Kuster @ 2019-06-03 15:06 UTC (permalink / raw)
To: openembedded-core
From: Richard Purdie <richard.purdie@linuxfoundation.org>
Adding these fixes the acl and attr ptests to work within minimal images.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
meta/recipes-devtools/perl-sanity/files/perl-rdepends.txt | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta/recipes-devtools/perl-sanity/files/perl-rdepends.txt b/meta/recipes-devtools/perl-sanity/files/perl-rdepends.txt
index f93bbc7..362d317 100644
--- a/meta/recipes-devtools/perl-sanity/files/perl-rdepends.txt
+++ b/meta/recipes-devtools/perl-sanity/files/perl-rdepends.txt
@@ -954,11 +954,13 @@ RDEPENDS_perl-module-io-dir += "perl-module-file-stat"
RDEPENDS_perl-module-io-dir += "perl-module-io-file"
RDEPENDS_perl-module-io-dir += "perl-module-strict"
RDEPENDS_perl-module-io-dir += "perl-module-tie-hash"
+RDEPENDS_perl-module-io-file += "perl-module-carp"
RDEPENDS_perl-module-io-file += "perl-module-exporter"
RDEPENDS_perl-module-io-file += "perl-module-fcntl"
RDEPENDS_perl-module-io-file += "perl-module-io-seekable"
RDEPENDS_perl-module-io-file += "perl-module-selectsaver"
RDEPENDS_perl-module-io-file += "perl-module-strict"
+RDEPENDS_perl-module-io-file += "perl-module-symbol"
RDEPENDS_perl-module-io-handle += "perl-module-exporter"
RDEPENDS_perl-module-io-handle += "perl-module-io"
RDEPENDS_perl-module-io-handle += "perl-module-io-file"
--
2.7.4
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [PATCH 16/21] bash: Fix bash-ptest dependencies
2019-06-03 15:06 [PATCH 00/21] Warrior-next patch review Armin Kuster
` (14 preceding siblings ...)
2019-06-03 15:06 ` [PATCH 15/21] perl-rdepends: Add missing module dependencies Armin Kuster
@ 2019-06-03 15:06 ` Armin Kuster
2019-06-03 15:07 ` [PATCH 17/21] openssh: Add sudo dependency for ptest Armin Kuster
` (4 subsequent siblings)
20 siblings, 0 replies; 24+ messages in thread
From: Armin Kuster @ 2019-06-03 15:06 UTC (permalink / raw)
To: openembedded-core
From: Richard Purdie <richard.purdie@linuxfoundation.org>
Bash's ptest needs glibc-utils (for locale), some extra locales for various tests
it uses options busybox doesn't support for some tools, hence coreutils and also runs
perl for some tests.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
meta/recipes-extended/bash/bash.inc | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-extended/bash/bash.inc b/meta/recipes-extended/bash/bash.inc
index 2e7f261..4b3692c 100644
--- a/meta/recipes-extended/bash/bash.inc
+++ b/meta/recipes-extended/bash/bash.inc
@@ -23,10 +23,10 @@ ALTERNATIVE_PRIORITY = "100"
RDEPENDS_${PN} += "base-files"
RDEPENDS_${PN}_class-nativesdk = ""
-RDEPENDS_${PN}-ptest += "make"
+RDEPENDS_${PN}-ptest += "make coreutils perl"
DEPENDS_append_libc-glibc = " virtual/libc-locale"
-RDEPENDS_${PN}-ptest_append_libc-glibc = " locale-base-fr-fr locale-base-de-de"
+RDEPENDS_${PN}-ptest_append_libc-glibc = " locale-base-en-us locale-base-fr-fr locale-base-fr-fr.iso-8859-1 locale-base-de-de locale-base-zh-hk.big5-hkscs glibc-utils"
USERADD_PACKAGES = "${PN}-ptest"
USERADD_PARAM_${PN}-ptest = "--create-home --user-group test"
--
2.7.4
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [PATCH 17/21] openssh: Add sudo dependency for ptest
2019-06-03 15:06 [PATCH 00/21] Warrior-next patch review Armin Kuster
` (15 preceding siblings ...)
2019-06-03 15:06 ` [PATCH 16/21] bash: Fix bash-ptest dependencies Armin Kuster
@ 2019-06-03 15:07 ` Armin Kuster
2019-06-03 15:07 ` [PATCH 18/21] libpcre: Add make " Armin Kuster
` (3 subsequent siblings)
20 siblings, 0 replies; 24+ messages in thread
From: Armin Kuster @ 2019-06-03 15:07 UTC (permalink / raw)
To: openembedded-core
From: Richard Purdie <richard.purdie@linuxfoundation.org>
Without this we see test failures due to the sudo binary being missing.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
meta/recipes-connectivity/openssh/openssh_7.9p1.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-connectivity/openssh/openssh_7.9p1.bb b/meta/recipes-connectivity/openssh/openssh_7.9p1.bb
index 3b4ed72..6c8f732 100644
--- a/meta/recipes-connectivity/openssh/openssh_7.9p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_7.9p1.bb
@@ -149,7 +149,7 @@ FILES_${PN}-keygen = "${bindir}/ssh-keygen"
RDEPENDS_${PN} += "${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-keygen"
RDEPENDS_${PN}-sshd += "${PN}-keygen ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-keyinit pam-plugin-loginuid', '', d)}"
RRECOMMENDS_${PN}-sshd_append_class-target = " rng-tools"
-RDEPENDS_${PN}-ptest += "${PN}-sftp ${PN}-misc ${PN}-sftp-server make sed"
+RDEPENDS_${PN}-ptest += "${PN}-sftp ${PN}-misc ${PN}-sftp-server make sed sudo"
RPROVIDES_${PN}-ssh = "ssh"
RPROVIDES_${PN}-sshd = "sshd"
--
2.7.4
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [PATCH 18/21] libpcre: Add make dependency for ptest
2019-06-03 15:06 [PATCH 00/21] Warrior-next patch review Armin Kuster
` (16 preceding siblings ...)
2019-06-03 15:07 ` [PATCH 17/21] openssh: Add sudo dependency for ptest Armin Kuster
@ 2019-06-03 15:07 ` Armin Kuster
2019-06-03 15:07 ` [PATCH 19/21] perl/modules: Add various missing ptest perl module dependencies Armin Kuster
` (2 subsequent siblings)
20 siblings, 0 replies; 24+ messages in thread
From: Armin Kuster @ 2019-06-03 15:07 UTC (permalink / raw)
To: openembedded-core
From: Richard Purdie <richard.purdie@linuxfoundation.org>
The tests are run from a makefile so this dependency is needed.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
meta/recipes-support/libpcre/libpcre_8.43.bb | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta/recipes-support/libpcre/libpcre_8.43.bb b/meta/recipes-support/libpcre/libpcre_8.43.bb
index 08314ef..b97af08 100644
--- a/meta/recipes-support/libpcre/libpcre_8.43.bb
+++ b/meta/recipes-support/libpcre/libpcre_8.43.bb
@@ -72,3 +72,5 @@ do_install_ptest() {
# locale so the test fails if fr_FR is UTF-8 locale.
sed -i -e 's:do3=yes:do3=no:g' ${D}${PTEST_PATH}/RunTest
}
+
+RDEPENDS_${PN}-ptest += "make"
--
2.7.4
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [PATCH 19/21] perl/modules: Add various missing ptest perl module dependencies
2019-06-03 15:06 [PATCH 00/21] Warrior-next patch review Armin Kuster
` (17 preceding siblings ...)
2019-06-03 15:07 ` [PATCH 18/21] libpcre: Add make " Armin Kuster
@ 2019-06-03 15:07 ` Armin Kuster
2019-06-03 15:07 ` [PATCH 20/21] strace: Tweak ptest disk space management Armin Kuster
2019-06-03 15:07 ` [PATCH 21/21] util-linux: Fix ptest dependencies Armin Kuster
20 siblings, 0 replies; 24+ messages in thread
From: Armin Kuster @ 2019-06-03 15:07 UTC (permalink / raw)
To: openembedded-core
From: Richard Purdie <richard.purdie@linuxfoundation.org>
Whilst not complete, this resolves some module dependency failures being seen
by various lib*-perl ptests and in quilt.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
meta/recipes-devtools/perl-sanity/files/perl-rdepends.txt | 5 +++++
meta/recipes-devtools/perl/liburi-perl_1.74.bb | 2 +-
meta/recipes-devtools/perl/libxml-parser-perl_2.44.bb | 2 ++
meta/recipes-devtools/perl/libxml-perl_0.08.bb | 1 +
meta/recipes-extended/perl/libtimedate-perl_2.30.bb | 1 +
meta/recipes-extended/perl/libxml-sax-base-perl_1.09.bb | 2 ++
meta/recipes-extended/perl/libxml-sax-perl_1.00.bb | 2 ++
7 files changed, 14 insertions(+), 1 deletion(-)
diff --git a/meta/recipes-devtools/perl-sanity/files/perl-rdepends.txt b/meta/recipes-devtools/perl-sanity/files/perl-rdepends.txt
index 362d317..3efc3f7 100644
--- a/meta/recipes-devtools/perl-sanity/files/perl-rdepends.txt
+++ b/meta/recipes-devtools/perl-sanity/files/perl-rdepends.txt
@@ -1484,6 +1484,7 @@ RDEPENDS_perl-module-overloading += "perl-module-overload-numbers"
RDEPENDS_perl-module-overloading += "perl-module-warnings"
RDEPENDS_perl-module-overload += "perl-module-mro"
RDEPENDS_perl-module-overload += "perl-module-warnings-register"
+RDEPENDS_perl-module-overload += "perl-module-overloading"
RDEPENDS_perl-module-params-check += "perl-module-exporter"
RDEPENDS_perl-module-params-check += "perl-module-locale-maketext-simple"
RDEPENDS_perl-module-params-check += "perl-module-strict"
@@ -1968,10 +1969,13 @@ RDEPENDS_perl-module-test-builder-module += "perl-module-exporter"
RDEPENDS_perl-module-test-builder-module += "perl-module-strict"
RDEPENDS_perl-module-test-builder-module += "perl-module-test-builder"
RDEPENDS_perl-module-test-builder += "perl-module-data-dumper"
+RDEPENDS_perl-module-test-builder += "perl-module-list-util"
RDEPENDS_perl-module-test-builder += "perl-module-overload"
RDEPENDS_perl-module-test-builder += "perl-module-strict"
+RDEPENDS_perl-module-test-builder += "perl-module-scalar-util"
RDEPENDS_perl-module-test-builder += "perl-module-test-builder-formatter"
RDEPENDS_perl-module-test-builder += "perl-module-test-builder-tododiag"
+RDEPENDS_perl-module-test-builder += "perl-module-test2-util"
RDEPENDS_perl-module-test-builder += "perl-module-warnings"
RDEPENDS_perl-module-test-builder-tester-color += "perl-module-strict"
RDEPENDS_perl-module-test-builder-tester-color += "perl-module-test-builder-tester"
@@ -2961,6 +2965,7 @@ RDEPENDS_perl-module-file-temp += "perl-module-io-seekable"
RDEPENDS_perl-module-file-temp += "perl-module-overload"
RDEPENDS_perl-module-file-temp += "perl-module-parent"
RDEPENDS_perl-module-file-temp += "perl-module-posix"
+RDEPENDS_perl-module-file-temp += "perl-module-file-spec"
RDEPENDS_perl-module-file-temp += "perl-module-strict"
RDEPENDS_perl-module-file-temp += "perl-module-vars"
RDEPENDS_perl-module-filter-simple += "perl-module-filter-util-call"
diff --git a/meta/recipes-devtools/perl/liburi-perl_1.74.bb b/meta/recipes-devtools/perl/liburi-perl_1.74.bb
index a7cfa0f..fea4d24 100644
--- a/meta/recipes-devtools/perl/liburi-perl_1.74.bb
+++ b/meta/recipes-devtools/perl/liburi-perl_1.74.bb
@@ -33,6 +33,6 @@ do_install_prepend() {
rm -rf ${B}/t/file.t
}
-RDEPENDS_${PN}-ptest += "libtest-needs-perl"
+RDEPENDS_${PN}-ptest += "libtest-needs-perl perl-module-test-more"
BBCLASSEXTEND = "native"
diff --git a/meta/recipes-devtools/perl/libxml-parser-perl_2.44.bb b/meta/recipes-devtools/perl/libxml-parser-perl_2.44.bb
index 95af4d1..4cfd28a 100644
--- a/meta/recipes-devtools/perl/libxml-parser-perl_2.44.bb
+++ b/meta/recipes-devtools/perl/libxml-parser-perl_2.44.bb
@@ -50,4 +50,6 @@ do_install_ptest() {
chown -R root:root ${D}${PTEST_PATH}/samples
}
+RDEPENDS_${PN}-ptest += "perl-module-test-more"
+
BBCLASSEXTEND="native nativesdk"
diff --git a/meta/recipes-devtools/perl/libxml-perl_0.08.bb b/meta/recipes-devtools/perl/libxml-perl_0.08.bb
index 0f60998..a2eee9a 100644
--- a/meta/recipes-devtools/perl/libxml-perl_0.08.bb
+++ b/meta/recipes-devtools/perl/libxml-perl_0.08.bb
@@ -26,3 +26,4 @@ do_compile() {
cpan_do_compile
}
+RDEPENDS_${PN}-ptest += "libxml-parser-perl"
diff --git a/meta/recipes-extended/perl/libtimedate-perl_2.30.bb b/meta/recipes-extended/perl/libtimedate-perl_2.30.bb
index 8e1461c..7129c64 100644
--- a/meta/recipes-extended/perl/libtimedate-perl_2.30.bb
+++ b/meta/recipes-extended/perl/libtimedate-perl_2.30.bb
@@ -15,6 +15,7 @@ BBCLASSEXTEND = "native"
RDEPENDS_${PN}_class-native = ""
RDEPENDS_${PN} += "perl-module-carp perl-module-exporter perl-module-strict perl-module-time-local"
+RDEPENDS_${PN}-ptest += "perl-module-test-more"
SRC_URI[md5sum] = "b1d91153ac971347aee84292ed886c1c"
SRC_URI[sha256sum] = "75bd254871cb5853a6aa0403ac0be270cdd75c9d1b6639f18ecba63c15298e86"
diff --git a/meta/recipes-extended/perl/libxml-sax-base-perl_1.09.bb b/meta/recipes-extended/perl/libxml-sax-base-perl_1.09.bb
index 373b522..2bff65a 100644
--- a/meta/recipes-extended/perl/libxml-sax-base-perl_1.09.bb
+++ b/meta/recipes-extended/perl/libxml-sax-base-perl_1.09.bb
@@ -21,4 +21,6 @@ S = "${WORKDIR}/XML-SAX-Base-${PV}"
inherit cpan ptest-perl
+RDEPENDS_${PN}-ptest += "perl-module-test perl-module-test-more"
+
BBCLASSEXTEND = "native nativesdk"
diff --git a/meta/recipes-extended/perl/libxml-sax-perl_1.00.bb b/meta/recipes-extended/perl/libxml-sax-perl_1.00.bb
index eccd0ad..fd3a2a0 100644
--- a/meta/recipes-extended/perl/libxml-sax-perl_1.00.bb
+++ b/meta/recipes-extended/perl/libxml-sax-perl_1.00.bb
@@ -29,4 +29,6 @@ do_install_ptest() {
chown -R root:root ${D}${PTEST_PATH}/testfiles
}
+RDEPENDS_${PN}-ptest += "perl-module-test"
+
BBCLASSEXTEND = "native nativesdk"
--
2.7.4
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [PATCH 20/21] strace: Tweak ptest disk space management
2019-06-03 15:06 [PATCH 00/21] Warrior-next patch review Armin Kuster
` (18 preceding siblings ...)
2019-06-03 15:07 ` [PATCH 19/21] perl/modules: Add various missing ptest perl module dependencies Armin Kuster
@ 2019-06-03 15:07 ` Armin Kuster
2019-06-03 15:07 ` [PATCH 21/21] util-linux: Fix ptest dependencies Armin Kuster
20 siblings, 0 replies; 24+ messages in thread
From: Armin Kuster @ 2019-06-03 15:07 UTC (permalink / raw)
To: openembedded-core
From: Richard Purdie <richard.purdie@linuxfoundation.org>
If the test is successful, remove the log and exp files. This stops strace
using around 600MB of disk space and running our ptest images out of space.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
.../strace/strace/ptest-spacesave.patch | 19 +++++++++++++++++++
meta/recipes-devtools/strace/strace_4.26.bb | 1 +
2 files changed, 20 insertions(+)
create mode 100644 meta/recipes-devtools/strace/strace/ptest-spacesave.patch
diff --git a/meta/recipes-devtools/strace/strace/ptest-spacesave.patch b/meta/recipes-devtools/strace/strace/ptest-spacesave.patch
new file mode 100644
index 0000000..3e32cc3
--- /dev/null
+++ b/meta/recipes-devtools/strace/strace/ptest-spacesave.patch
@@ -0,0 +1,19 @@
+If the test is successful, remove the log and exp files. This stops strace
+using around 600MB of disk space and running our ptest images out of space.
+
+RP 2019/5/29
+
+Upstream-Status: Inappropriate [specific to OE image space issues]
+
+Index: strace-4.26/tests/gen_tests.sh
+===================================================================
+--- strace-4.26.orig/tests/gen_tests.sh
++++ strace-4.26/tests/gen_tests.sh
+@@ -62,6 +62,7 @@ while read -r name arg0 args; do {
+ $hdr
+ . "\${srcdir=.}/init.sh"
+ run_strace_match_diff $arg0 $args
++ rm -rf log exp
+ EOF
+ ;;
+
diff --git a/meta/recipes-devtools/strace/strace_4.26.bb b/meta/recipes-devtools/strace/strace_4.26.bb
index 24f92c9..3b61fc3 100644
--- a/meta/recipes-devtools/strace/strace_4.26.bb
+++ b/meta/recipes-devtools/strace/strace_4.26.bb
@@ -15,6 +15,7 @@ SRC_URI = "https://strace.io/files/${PV}/strace-${PV}.tar.xz \
file://0001-caps-abbrev.awk-fix-gawk-s-path.patch \
file://0001-tests-sigaction-Check-for-mips-and-alpha-before-usin.patch \
file://0001-mips-o32-fix-build.patch \
+ file://ptest-spacesave.patch \
"
SRC_URI[md5sum] = "daa51acc0c7c696221ec03cf0b30a7af"
SRC_URI[sha256sum] = "7c4d2ffeef4f7d1cdc71062ca78d1130eb52f947c2fca82f59f6a1183bfa1e1c"
--
2.7.4
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [PATCH 21/21] util-linux: Fix ptest dependencies
2019-06-03 15:06 [PATCH 00/21] Warrior-next patch review Armin Kuster
` (19 preceding siblings ...)
2019-06-03 15:07 ` [PATCH 20/21] strace: Tweak ptest disk space management Armin Kuster
@ 2019-06-03 15:07 ` Armin Kuster
20 siblings, 0 replies; 24+ messages in thread
From: Armin Kuster @ 2019-06-03 15:07 UTC (permalink / raw)
To: openembedded-core
From: Richard Purdie <richard.purdie@linuxfoundation.org>
We should append to the ptest RDEPENDS and RRECOMMENDS otherwise the bbclass
defaults are overwritten. This leads to ptest-runner not being installed in
minimal images. Also drop the duplicate ${PN} value which is unneeded once
we do this.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
meta/recipes-core/util-linux/util-linux.inc | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-core/util-linux/util-linux.inc b/meta/recipes-core/util-linux/util-linux.inc
index 6dfbe0b..7b9b4d2 100644
--- a/meta/recipes-core/util-linux/util-linux.inc
+++ b/meta/recipes-core/util-linux/util-linux.inc
@@ -142,8 +142,8 @@ RDEPENDS_${PN}_class-nativesdk = ""
RPROVIDES_${PN}-dev = "${PN}-libblkid-dev ${PN}-libmount-dev ${PN}-libuuid-dev"
RDEPENDS_${PN}-bash-completion += "${PN}-lsblk"
-RDEPENDS_${PN}-ptest = "bash bc btrfs-tools coreutils e2fsprogs grep iproute2 kmod mdadm ${PN} procps sed socat which xz"
-RRECOMMENDS_${PN}-ptest = "kernel-module-scsi-debug"
+RDEPENDS_${PN}-ptest += "bash bc btrfs-tools coreutils e2fsprogs grep iproute2 kmod mdadm procps sed socat which xz"
+RRECOMMENDS_${PN}-ptest += "kernel-module-scsi-debug"
RDEPENDS_${PN}-swaponoff = "${PN}-swapon ${PN}-swapoff"
ALLOW_EMPTY_${PN}-swaponoff = "1"
--
2.7.4
^ permalink raw reply related [flat|nested] 24+ messages in thread
* Re: [PATCH 06/21] openssh: Avoid PROVIDES warning from rng-tools dependency
2019-06-03 15:06 ` [PATCH 06/21] openssh: Avoid PROVIDES warning from rng-tools dependency Armin Kuster
@ 2019-06-10 19:17 ` Sylvain Lemieux
2019-06-10 19:49 ` akuster808
0 siblings, 1 reply; 24+ messages in thread
From: Sylvain Lemieux @ 2019-06-10 19:17 UTC (permalink / raw)
To: Armin Kuster; +Cc: Patches and discussions about the oe-core layer
Is there any plan to add a revision of this patch (From OE-Core rev:
f93f026212ebc28fce66682cdb995e061586df45) and a revision of the patch
that fix the "sshd startup is delayed" issue (From OE-Core rev:
9b01375236e19e3366c58877c4154d7c71632984) into thud?
p.s. I already added the change into a bbappend and tested it.
Regards,
Sylvain Lemieux
On Mon, Jun 3, 2019 at 11:08 AM Armin Kuster <akuster808@gmail.com> wrote:
>
> From: Richard Purdie <richard.purdie@linuxfoundation.org>
>
> Avoid the warning:
>
> WARNING: Nothing RPROVIDES 'nativesdk-rng-tools' (but virtual:nativesdk:/home/pokybuild/yocto-worker/build-appliance/build/meta/recipes-connectivity/openssh/openssh_7.9p1.bb RDEPENDS on or otherwise requires it)
>
> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
> Signed-off-by: Armin Kuster <akuster808@gmail.com>
> ---
> meta/recipes-connectivity/openssh/openssh_7.9p1.bb | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/meta/recipes-connectivity/openssh/openssh_7.9p1.bb b/meta/recipes-connectivity/openssh/openssh_7.9p1.bb
> index 976bcc5..3b4ed72 100644
> --- a/meta/recipes-connectivity/openssh/openssh_7.9p1.bb
> +++ b/meta/recipes-connectivity/openssh/openssh_7.9p1.bb
> @@ -148,7 +148,7 @@ FILES_${PN}-keygen = "${bindir}/ssh-keygen"
>
> RDEPENDS_${PN} += "${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-keygen"
> RDEPENDS_${PN}-sshd += "${PN}-keygen ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-keyinit pam-plugin-loginuid', '', d)}"
> -RRECOMMENDS_${PN}-sshd += "rng-tools"
> +RRECOMMENDS_${PN}-sshd_append_class-target = " rng-tools"
> RDEPENDS_${PN}-ptest += "${PN}-sftp ${PN}-misc ${PN}-sftp-server make sed"
>
> RPROVIDES_${PN}-ssh = "ssh"
> --
> 2.7.4
>
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [PATCH 06/21] openssh: Avoid PROVIDES warning from rng-tools dependency
2019-06-10 19:17 ` Sylvain Lemieux
@ 2019-06-10 19:49 ` akuster808
0 siblings, 0 replies; 24+ messages in thread
From: akuster808 @ 2019-06-10 19:49 UTC (permalink / raw)
To: Sylvain Lemieux; +Cc: Patches and discussions about the oe-core layer
On 6/10/19 12:17 PM, Sylvain Lemieux wrote:
> Is there any plan to add a revision of this patch (From OE-Core rev:
> f93f026212ebc28fce66682cdb995e061586df45) and a revision of the patch
> that fix the "sshd startup is delayed" issue (From OE-Core rev:
> 9b01375236e19e3366c58877c4154d7c71632984) into thud?
Yeah, I don't see any reason why not. I will add it to my list.
thanks,
Armin
>
> p.s. I already added the change into a bbappend and tested it.
>
>
> Regards,
> Sylvain Lemieux
>
> On Mon, Jun 3, 2019 at 11:08 AM Armin Kuster <akuster808@gmail.com> wrote:
>> From: Richard Purdie <richard.purdie@linuxfoundation.org>
>>
>> Avoid the warning:
>>
>> WARNING: Nothing RPROVIDES 'nativesdk-rng-tools' (but virtual:nativesdk:/home/pokybuild/yocto-worker/build-appliance/build/meta/recipes-connectivity/openssh/openssh_7.9p1.bb RDEPENDS on or otherwise requires it)
>>
>> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
>> Signed-off-by: Armin Kuster <akuster808@gmail.com>
>> ---
>> meta/recipes-connectivity/openssh/openssh_7.9p1.bb | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/meta/recipes-connectivity/openssh/openssh_7.9p1.bb b/meta/recipes-connectivity/openssh/openssh_7.9p1.bb
>> index 976bcc5..3b4ed72 100644
>> --- a/meta/recipes-connectivity/openssh/openssh_7.9p1.bb
>> +++ b/meta/recipes-connectivity/openssh/openssh_7.9p1.bb
>> @@ -148,7 +148,7 @@ FILES_${PN}-keygen = "${bindir}/ssh-keygen"
>>
>> RDEPENDS_${PN} += "${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-keygen"
>> RDEPENDS_${PN}-sshd += "${PN}-keygen ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-keyinit pam-plugin-loginuid', '', d)}"
>> -RRECOMMENDS_${PN}-sshd += "rng-tools"
>> +RRECOMMENDS_${PN}-sshd_append_class-target = " rng-tools"
>> RDEPENDS_${PN}-ptest += "${PN}-sftp ${PN}-misc ${PN}-sftp-server make sed"
>>
>> RPROVIDES_${PN}-ssh = "ssh"
>> --
>> 2.7.4
>>
>> --
>> _______________________________________________
>> Openembedded-core mailing list
>> Openembedded-core@lists.openembedded.org
>> http://lists.openembedded.org/mailman/listinfo/openembedded-core
^ permalink raw reply [flat|nested] 24+ messages in thread
end of thread, other threads:[~2019-06-10 19:49 UTC | newest]
Thread overview: 24+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-06-03 15:06 [PATCH 00/21] Warrior-next patch review Armin Kuster
2019-06-03 15:06 ` [PATCH 01/21] dropbear: update to 2019.78 Armin Kuster
2019-06-03 15:06 ` [PATCH 02/21] Tar: Security fix CVE-2019-0023 Armin Kuster
2019-06-03 15:06 ` [PATCH 03/21] linux-firmware: upgrade to latest revision Armin Kuster
2019-06-03 15:06 ` [PATCH 04/21] python: update to 2.7.16 Armin Kuster
2019-06-03 15:06 ` [PATCH 05/21] python: add a fix for CVE-2019-9948 and CVE-2019-9636 Armin Kuster
2019-06-03 15:06 ` [PATCH 06/21] openssh: Avoid PROVIDES warning from rng-tools dependency Armin Kuster
2019-06-10 19:17 ` Sylvain Lemieux
2019-06-10 19:49 ` akuster808
2019-06-03 15:06 ` [PATCH 07/21] ptest: Add RDEPENDS frpm PN-ptest to PN package Armin Kuster
2019-06-03 15:06 ` [PATCH 08/21] gettext/flex/m4/bzip2/gzip/parted/slang/attr: Add make to -ptest packages Armin Kuster
2019-06-03 15:06 ` [PATCH 09/21] apr/apr-util: Add ptest dependency on libgcc Armin Kuster
2019-06-03 15:06 ` [PATCH 10/21] glib-2.0: add missing libgcc dependency to glib-2.0-ptest Armin Kuster
2019-06-03 15:06 ` [PATCH 11/21] npm: get npm package name from npm pack Armin Kuster
2019-06-03 15:06 ` [PATCH 12/21] npm: fix node and npm default directory conflict Armin Kuster
2019-06-03 15:06 ` [PATCH 13/21] npm: remove some temporary build files Armin Kuster
2019-06-03 15:06 ` [PATCH 14/21] util-linux: Add missing ptest dependencies Armin Kuster
2019-06-03 15:06 ` [PATCH 15/21] perl-rdepends: Add missing module dependencies Armin Kuster
2019-06-03 15:06 ` [PATCH 16/21] bash: Fix bash-ptest dependencies Armin Kuster
2019-06-03 15:07 ` [PATCH 17/21] openssh: Add sudo dependency for ptest Armin Kuster
2019-06-03 15:07 ` [PATCH 18/21] libpcre: Add make " Armin Kuster
2019-06-03 15:07 ` [PATCH 19/21] perl/modules: Add various missing ptest perl module dependencies Armin Kuster
2019-06-03 15:07 ` [PATCH 20/21] strace: Tweak ptest disk space management Armin Kuster
2019-06-03 15:07 ` [PATCH 21/21] util-linux: Fix ptest dependencies Armin Kuster
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.